Monero cryptographers recently discovered how to conduct “atomic swaps” between Bitcoin and Monero. This means that any two people can swap Bitcoin for Monero between them without relying on any third-party service, using only software they run themselves.
As Monero is the god of privacy coins (and the blockchain we develop products for), this naturally led to speculation that this innovation would enable Monero to become a layer-2 privacy solution for bitcoin, which is itself notoriously traceable.
Over the past week I have read all manner of incorrect information from uninformed commenters about if this is possible, how it will work, and what this means for Monero and Bitcoin.
Let me state clearly -
Yes - Bitcoin to Monero Atomic Swaps will Enable Privacy for Bitcoin Transactions
But it’s a Yes* (with an asterisk!). Let me explain:
Bitcoin is a public blockchain - the ledger is entirely open for analysis. This creates a perfect trail of transactions, allowing anyone to see the path of bitcoin from “freshly mined” to person A to B to C and so on. Bitcoin users who wish to maintain privacy have to do additional steps, such as using a mixing-wallet like Wasabi. Using Wasabi is an imperfect solution, has fees, and requires a relatively large amount of money to use. Another option is to trust a third-party like a centralized exchange. Either way, “breaking the chain” of bitcoin transactions to establish privacy is difficult, expensive, usually involves trusted third-parties, and is not guaranteed to maintain privacy forever as Chainalysis and similar firms become more sophisticated at tracing bitcoin transactions.
Bitcoin / Monero atomic swaps will establish privacy in a fully decentralized way - one that doesn’t rely on mixing technology or third-party trusted services. The way it will work is thus:
Alice currently owns bitcoin, but because of blockchain-analysis it’s trivial to know she purchased it at Coinbase. Fearing for her safety from an abusive ex-boyfriend, Chad, who works for the government and has access to Chainalysis software, it’s absolutely essential that Alice hides her bitcoin. Once Alice’s bitcoin is unlinked from her ownership, no one can prove she owns it, thus maintaining her personal safety.
Alice must do two trades - first, she swaps her bitcoin for an equivalent amount of Monero using an atomic swap and a counterparty she found in a decentralized exchange. She trades 1 BTC for 10 XMR.
Next, Alice swaps her XMR back to BTC. The market moved against her slightly - she now trades 10 XMR for 0.99 BTC, plus a small amount for network fees. Alice ends up with 0.9895 BTC.
Now, Alice has bitcoin that cannot be traced to her identity - she “broke the chain” that linked the purchase to her own identity. Alice never had to speak to anyone or trust any third-party service for doing so. She did work with two counterparties (trades from BTC to XMR and then XMR to BTC), but had no knowledge of who they were and never spoke with them, relying on software to conduct the swap peer-to-peer. She could not be scammed - provided she agreed with the trade amounts, it was mathematically impossible for her to lose her money at any step of the way - that’s why this is “trustless”.
Now, Alice has bitcoin she can save or spend anonymously. If she ever has a reason to anonymize more bitcoin, she can use the same steps to convert unsafe bitcoin to safe bitcoin, using the Monero blockchain as a privacy layer. Her wealth is now safe from Chad, the government rapist.
Risks of Bitcoin to Monero Atomic Swaps
As mentioned previously, Alice cannot be scammed using atomic swaps. Mathematics will perfectly protect her from a counterparty that tries to steal her money.
The biggest risk to Alice comes from time - the longer she waits, the less likely blockchain analysis will be able to track her, but the more likely the price will move against her.
Why is waiting important? Just like with tornado.cash, if Alice were to quickly swap into XMR and back out into BTC, there will likely be few or no swaps other than her’s. This would make it probabilistically quite likely that the second BTC output is Alice’s. Alice should wait for several other swaps to occur before she executes her swap back into BTC.
Another risk is in the size of outputs. If Alice swaps 9.347 BTC into XMR, then swaps 9.347 back out, it’s highly likely it’s her’s.
Therefore, Alice should 1) Wait a while holding XMR (hours or days), and 2) make several, staggered transactions back into BTC from XMR. The biggest danger here is the price of Monero moving against Bitcoin, but it will likely be worth it to maintain privacy.
I anticipate that services will be created that make anonymizing Bitcoin simple and safe using standard output amounts (0.1, 1.0, 10.0 BTC, etc.) similar to tornado.cash.
One final note - I assume that chain-analysis can determine which bitcoin outputs are used for Monero atomic swaps. Given that the Bitcoin script used for the 2-of-2 Bitcoin locks is extremely specific, I assume that all Bitcoin UTXOs used for Monero swaps will be tracked. If Monero researchers find a way to obfuscate all atomic swap transactions among normal transactions, privacy can be greatly increased. But given the amount of intense research this solution will inevitably attract, it is unlikely “hiding among the crowd” will be possible. This is also why waiting after a swap will be extremely important.
Monero can indeed be used as a layer-2 privacy solution for Bitcoin. It is not perfect, and risks with timing and transaction size can compromise privacy. But Monero is currently the only trustless, fully-decentralized solution for enhancing privacy on Bitcoin and I anticipate that it will become extremely popular.