The Koala exchange: Unstoppable anonymous cash-to-crypto exchanges using one-time dead drops

A few days before Edcon 2019, on the way to Sydney’s zoo , I came up with a new design for cash-to-crypto exchange.

The design is based on “dead drops” (see description below). Since I was near the zoo, in Australia no less(!), I called it The Koala exchange. Because of drop bears, get it?

The Koala exchange is a decentralized cash-to-crypto exchange. It is designed to be secure (in a way defined later) and capable of functioning in a regulatory environment that is hostile to cryptocurrencies.

Dead drops

Dead drop is an espionage-tradecraft technique for passing items or information securely between two parties. Traditionally the parties are an illegal agent and its handler. The technique involves a secret location known to both parties.

Usually one party leaves an item in the secret location. Then this party sends a signal to other party to collect the item. Parties can use the same location as long as its security is not compromised. If a location is used only once, it is called a one-time dead drop.

The rest of the components are more well-known:

  • An escrow account (for cryptocurrencies).
  • Security deposits (in cryptocurrency).
  • Stablecoins. A stablecoin is a cryptocurrency with low volatility in price. Using it avoids the regular issue of high price volatility of crypto.
  • Secure anonymous communication channel between both parties.

Why to implement decentralized cash-to-crypto exchanges?

Centralized cash-to-crypto exchanges are nowadays regulated entities. Because of this they are required to implement AML/KYC requirements.

We realized that AML/KYC requirements are meant as tools against tax evasion, but we claim that in the case of cryptocurrencies it has dangerous side effects to consider. Especially those regarding security of the traders.

If data of a fiat exchange leaks, it may offend the traders privacy, but will not put them in any physical risk. Big amounts of fiat are being held in banks nowadays, not in cash at home. Banks do not agree to perform fast remote transfer of big sums. This means that there is hardly any reason to physically threat or attack holders of big amount of fiat money.

Cryptocurrencies, on the opposite, are mostly held directly on a person’s device. If it becomes known that someone holds a significant amount of crypto, even a few thousands of euros, he or she become a direct target for attackers. This put the person safety in risk.

AML/KYC practices jeopardize peoples privacy, in both fiat and fiat-to-crypto exchanges, if their data gets leaked. But in the case of exchanges involving crypto, they also jeopardize a person’s physical safety.

We feel that AML/KTY practices were enforced in centralized crypto-to-cash exchanges without having this discussion, which puts traders safety at risk.

Why to implement Koala exchange with one-time dead drops?

One way to implement decetralized exchanges is using a P2P network and over the counter (OTC) trades. This is what the project Bisq does: it is a P2P software, helping traders find each other without any third-party involved.

This method is private: only the two parties involved in the trade know about it. However, it is not anonymous, since each of the parties know the identity of the other. This puts them at risk, for the reasons mentioned above.

Using our proposal of a one-time dead drops with cash makes those trades both private and anonymous. While the method may seem sketchy, it is also be the most secure one to use. This method will maximize your safety.

Our proposal eliminates almost every single-point-of-failure for the traders safety. In addition, it eliminates human contact from the equation, and that’s a nice bonus for us, as nerds.

We point out that dead drops are not perfect! a dedicated attacker can still stalk the location and identifying the cash buyer. But cash sellers are always safe.

Koala exchange: process description

Settings. Alice wants to sell Bob 1X stablecoin for 1X USD. We assume both Alice and Bob already hold enough stablecoin to be used in the process.

We first describe the exchange process, and only later explain it.

  1. Bob places 1X of stablecoin into the escrow. At the same time Alice places 2X stablecoin into the escrow.
  2. Bob chooses a place for a dead drop and leaves 1X USD there. He photographs the place and saves the coordinates.
  3. Bob discloses the location to Alice.
  4. When Alice finds the cash, she releases the escrow.
  5. Alice gets back 1X of stablecoin.
  6. Bob gets 2X of stablecoin.

This is the happy path, where both parties collaborate. But what happen if they don’t?

If things do not go well

We analyze the possible problems in each step.

Step 1. If one of the parties does not place the deposit, the other party deposit is unlocked after a short time window.

Step 2 and 3. If Bob doesn’t do these steps, Alice will not do step 4, and Bob’s deposit will be locked and lost for him.

Step 4. If Alice doesn’t do this step, her deposit remains locked and lost for her.

Step 5 and 6. If Steps 1-4 happened succesfully, then steps 5 and 6 happen automatically via the smart contract of the exchange.

Explanation

Let’s answer some common questions.

Why stablecoin?

Dead drops are slow, but prices changes are rapid. In slow trades, like those in the Koala exchange, there is a risk that one side will regret doing the trade, before the trade process is over.

Using a volatile cryptocurrent would complicate the exhcange. We would have to treat the cases where price changed while a trade is in process. To avoid those issues, we choose an implementation with a stablescoin.

Why wouldn’t Alice choose to cut her losses?

Famous MAD doctrine is credited to be a thing that prevented world annihilation during the Cold War. Lets analyze possibilities from point of view of rational decision maker.

When USSR launches preemptive strike, USA has two possibilities - to retaliate and burn the globe into ashes, or to take losses and possibly receive some humanitarian relief from the victors.

Since total destruction of country is inevitable regardless if nuclear button will be used, the second option sounds like a sane solution, isn’t it?

The mechanism proposed in this article is just as MAD - it is not subgame perfect. So, how the world survived the Cold War? Because people are not rational decision makers, really!

By releasing the deposits, Alice can choose to cut her losses, but she would also let a cheater go unpunished and introduce perverse incentives into the system.

This construction relies on people wanting to punish the cheater. I encourage implementer to place a nice alluring button on Alice’s screen that would allow angry Alice to burn both her and Bob’s deposits :-)

Few words on implementation

Just some notes regarding implementation.

  • Information about communication channels and dead drops areas is compact enough to be stored directly on blockchains.
  • Communication channels can be organized around Tor (or Ricochet, whisper etc.).
  • Dead drop information needs to be communicated to the person who buys the cash only after deposits are locked in. It can be done directly via communication channel, no need to involve any distributed storage mechanism.

Last, a quick dirty implementation can involve Bisq. We simply need to add an payment method to Bisq, “cash in a dead drop”.