O

Onion '78 - Mobile Wallet Tor Based PayJoin

Increase your privacy and security with Onion '78. A mobile wallet with TOR and Payjoin technology, designed to protect YOU and YOUR funds.

240
Built at 2021 MIT Bitcoin Expo Hackathon - The New Normal
Carousel Gallery Item: 1
Carousel Gallery Item: 2
Carousel Gallery Item: 3
Carousel Gallery Item: 4

The problem Onion '78 - Mobile Wallet Tor Based PayJoin solves

Mobile bitcoin wallet applications are NOT private enough for both the sender as well as the receiver. A common-input-ownership heuristic exists which states that if a transaction has more than one input then all those inputs are owned by the same entity.

This is one of the core heuristics used by chain analysis companies to determine the owner of specific unspent transaction outputs (UTXOs). UTXOs can be attributed ownership based on economic activity patterns, lack of privacy controls, and a false understanding of how UTXOs are processed in a bitcoin transaction.

For those that wish to retain a higher level of privacy, solutions such as multisignature, CoinSwap, CoinJoin, and Payjoin exist -- but are not easily accessible to the common user, as most of these solutions require in-depth technical knowledge of the Bitcoin protocol and administration of infrastructure that can sync and store and maintain chain data. An additional knowledge set of how to construct, parse, and sign partially signed bitcoin transaction (PSBT) data is required for enhanced privacy features. Most end users without this level of technical acumen will fail at implementing the specification properly, and will ultimately sacrifice security and privacy of their funds and transactions for the sake of conveinence.

Challenges we ran into

Problems Faced

  1. Signing Coordination - Transactions that require additional privacy tended to require lots of coordination between the transaction participants.

  2. Signer & Receiver Communication - Transmitting this information in a private and secure manner has traditionally been a challenge for bitcoin transactions.

  3. Transaction Confidentiality - Out-of-band communications and broadcasting of data can be noisy and raise flags when once is trying to transact privately.

  4. Tor Control We had a hard time running the hidden service because there isn't a proper Tor controller out of the box. We had to marshall RPC methods somewhat manually.

  5. iOS Limits iOS Only gives 3 minutes of background time to an app. Tor also typically expects in its own process address space. iOS doesn't allow forked app processes.

  6. Hackathon Team [META] - How can we work remotely as a team on the same project and meet our deliverables within 24 hours?

Solution(s)

  1. Onion '78

    • Sender and Receiver functionality

  2. Tor Hidden Services

    • Removes the need for OOB channels

  3. Payjoin

    • Many spends to one transaction
    • Extra data means more privacy

  4. Tor Control

    • read the source code
    • looked at how the library did authentication

  5. iOS Limits

    • while chaincase already runs Tor on its own thread we had to extend that to the hidden service and HTTP server.
    • For now the server listens only while the app is in the foreground
    • later, we can ask for background time with a BackgroundProcessingTask

  6. Project Management

    • Lots of impromptu check-in calls
    • Scheduled status checks
    • Delegation of responsibilities
    • Knowing when to "call it" on a feature or enhancement

We're missing one teammate from devfolio who only registered on EventBrite. Please add Armin 👍

Technologies used

Tor

Chaincase

BTCPay

Segwit

Wasabi

CoinJoin

PayJoin

PSBT

BIP78

Discussion