Why Bitcoin Needs Trust (for Now)

Bitcoin was originally designed to maximize sovereignty and minimize trust. In the conclusion of the original whitepaper, where Nakamoto summarizes what bitcoin is, s/he states:

We have proposed a system for electronic transactions without relying on trust. (p. 8)

Sovereignty usually pertains to states, which makes sense because states usually have control over individuals, so sovereignty usually resides with them. Bitcoin gives sovereignty to individuals because giving people control over their money is the whole point.

The best scenario for each individual user and for bitcoin as a whole would be for everyone to run a full node. That would maximize sovereignty and eliminate trust, as it should be. However, a full node requires a desktop/laptop because the amount of storage space, RAM, connectivity, and power that the chain demands is too much for mobile devices.

First and foremost, though, bitcoin is “a system for electronic transactions.” It just happens to be a very good one designed to work without trust. But as ever more people use their mobile devices as the primary or only device, full nodes are an obstacle to adoption. If the technology is preventing adoption, it will probably be easier to adapt that technology to fit existing habits than vice versa.

If bitcoin is to work as a system for electronic transactions — everyday transactions, not just transfers of investment capital — it has to go mobile. And the current state of mobile technology doesn’t allow mobile devices to run full nodes. So in order to make bitcoin suitable for electronic transactions, which was the whole point to begin with, a little bit of trust is necessary to make it work on mobile (for now).

Mass adoption is the cure; mobile is the medicine; trust is the side-effect. But there are different ways to make bitcoin work on mobile with different implications for trust and user sovereignty.

Mobile Bitcoin, Trust, and Sovereignty

Jim Posen gives an excellent, if slightly dated, overview of bitcoin wallets, covering full nodes; SPV wallets; Electrum; client-side filtering wallets (Neutrino); trusted server, local key wallets; and custodial wallets. He also (helpfully!) rates them in terms of their resource use, privacy, security, cost, and the amount of trust they demand from users.

When it comes to trust, everyone agrees that full nodes are best, but they are disqualified because they are incompatible with mobile and deny bitcoin its purpose. As services that require a trusted intermediary, custodial wallets and trusted server, local key wallets offer the least sovereignty and demand the greatest trust. Since three mobile options remain that offer users more sovereignty for mobile bitcoin, let’s forget about these two as well.

That leaves: SPV (BIP 37), Neutrino (BIP 157, the client-side filtering wallets), and Electrum.

Nicolas Dorier cogently analyzes these different kinds of wallets in terms of user sovereignty. He points out that, whereas wallets that rely on third-party servers (like Electrum) at least connect to the operator’s full node, SPV and Neutrino wallets both delegate important tasks to whomever is running the full node between the clients and the chain. They force individual users to trust the full node for an accurate chain status. And collectively, they concentrate power over the entire chain in the hands of miners, who would be the only ones left with an incentive to run a full node.

So according to Nicolas (and Jim), Neutrino is better than SPV because it avoids Bloom filters and protects user privacy, but wallets using third-party servers are better still because they preserve the decentralized integrity of the whole network.

Nicolas is absolutely right that any part of the process that occurs inside a black box requires trust. Whenever users lose control, they must extend trust. However, he seems to assume that Neutrino wallets black box the choice of which full node will verify the users’ transactions.

But what if that were not the case? What if a Neutrino-based light client gave users control over the choice of node, keeping sovereignty on their side rather than the miners’?

Nicolas hints at this possibility himself: “If you connect to a specific third-party server and use BIP 37 or BIP 157, I define it as an Explorer [i.e. as good as Electrum] wallet, not as an SPV [the worst kind of] wallet.” If a Neutrino wallet can do that — provide better privacy than SPV, let users choose their full node for validation, and do that without tying them to a specific third-party — it would be the next best thing to a full node. It would let bitcoin work on mobile, making it useful for everyday transactions, without compromising users’ privacy or sovereignty.

Breez: Minimizing Trust and Making It Transparent

Breez is a payment service, a great payment service that lets you pay with bitcoin over the Lightning Network. It’s faster and cheaper than using the mainnet, it’s easier than any other non-custodial wallet, and it lets you maintain possession of your own money — unlike custodial wallets.

Breez runs Neutrino, so it’s already better than SPV. But what about third-party servers, like Electrum?

Breez (Neutrino) vs. Electrum (3rd-party server)

Electrum is a great solution as far as it goes. It protects users’ sovereignty by protecting the overall integrity of bitcoin and letting them keep their keys. But there remain two potential problems: 1) Electrum is not part of the core stack, so it creates dependency on a third-party; 2) it’s not private in that the server can track user queries to the chain. The former further removes users from the trust-free bitcoin design. And since giving others access to private information always involves trust, the second problem also potentially compromises users’ sovereignty.

Breez is different in that the connection between the app and the chain is transparent and under the users’ control. Users benefit from the improved privacy BIP 157 offers, and once BIP 157 becomes universal, they will be able to select practically any node. While we can’t give users their own full node (yet ;)), the next best thing is to let them control which nodes their client uses. With current technology, this is the most sovereignty and least trust available in any mobile client.

In-app node selection (Advanced -> Network screen in Breez)

The next step (coming soon) is to give user the choice of a default routing node — either their own full node, Breez, or another vendor if they prefer.

The Background Watcher (sounds like a superhero, but it’s better)

Breez also includes another feature to help users control the state of their channel: a background watcher. This process will notify users of cheating attempts even when the app is closed and give them the chance to retrieve their money. The refund period is 1080 blocks, so users are automatically protected by simply using their phones at least once a week. The Breez app doesn’t even need to be open, since the watcher runs periodically in the background without any further demands on the user.

Breez gives users the benefits of bitcoin on their mobile devices, with additional safety measures, in a relationship of minimal trust and maximal sovereignty. Cure, medicine, minimal side effects, no fine print.