Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Razick on August 20, 2014, 03:45:07 AM


Title: Mixing Services: Linking Inputs to Outputs?
Post by: Razick on August 20, 2014, 03:45:07 AM
I'm not very familiar with Bitcoin mixing services because I've never felt the need to use one, but I am interested in mixing my coins at some point in the future. If I understand correctly, a mixing service will generally take Alice's coins, give them to Bob, and replace Alice's coins with Carol's.

However, my concern with a service such as this is that Alice is going to get back the same amount, minus fees, as she put in, right? So if an attacker wanted to track Alice's Bitcoins as they move through a mixing service, he could study the transactions moving in and compare them to those moving out.

Now, one way to reduce that risk might be to use many addresses for the service and never move coins between them, so I might send 1BTC to address A, and then address A will send those coins to someone else. I then receive my coins from address H or U for example.

But what if the attacker ignored the addresses involved in the mixing service altogether and simply looked at the amounts. For example, if Alice has 1.212435 BTC and wants to mix them on a mixer with a 0.5% fee, the attacker could just watch transactions for a few hours after the coins leave Alice's wallet and look for a transaction totaling 1.206372825 BTC. That's a pretty unique number that is very unlikely to be duplicated.

Am I right about this being possible or are there already solutions in place to avoid this? If not, I have some ideas that might help:

Potential ways for services to mitigate this risk:

  • Delay the repayment by a random amount of time less than X (maybe ~3 hours).
  • Make the fee slightly random, for example between -.7% and 1% or round the amount payed in order to reduce the uniqueness of the transaction.
  • Divide the outgoing payment among a list of several addresses owned by the user.

Potential ways for users to mitigate this risk:

  • Only use round numbers to avoid making a unique-looking transaction. Instead of 1.212435 BTC only mix 1.21 BTC.
  • If a user has inputs on several addresses, send them separately instead of joining them. Of course, this only slightly increases privacy if it's the only method used.

I may have completely missed the target here because like I said, I'm not very familiar with mixing services. Hopefully though, I've raised some good questions and some of you can enlighten me to how mixing services work and how best to take advantage of them.

Title: Re: Mixing Services: Linking Inputs to Outputs?
Post by: NLNico on August 20, 2014, 04:00:12 AM
I never used a mixer either, but according to https://bitmixer.io you can put 1) several "forward addresses" 2) put different time-delays for each of them. So yeh, pretty much what you said ;)

Perhaps not all mixers offer this though (and perhaps there are better alternatives than bitmixer)

Title: Re: Mixing Services: Linking Inputs to Outputs?
Post by: Razick on August 20, 2014, 04:01:48 AM
Quote from: NLNico on August 20, 2014, 04:00:12 AM
I never used a mixer either, but according to https://bitmixer.io you can put 1) several "forward addresses" 2) put different time-delays for each of them. So yeh, pretty much what you said ;)

Perhaps not all mixers offer this though (and perhaps there are better alternative than bitmixer)

Looking at Bitcoin Fog I did seem to get some of it right. They use random time delays, multiple withdrawal addresses and randomized fees.

Title: Re: Mixing Services: Linking Inputs to Outputs?
Post by: Newar on August 20, 2014, 09:37:35 AM

Not a mixing user myself, but one of the recommendations I heard (with relation to coinjoin though) is to use two or more exact same output amounts.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines