Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: vess on September 01, 2010, 05:52:25 AM



Title: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on September 01, 2010, 05:52:25 AM
Hi all,

I got interested in the idea of decorrelating senders and receivers of payments recently, so I created bitlaundry: https://bitlaundry.appspot.com/

It's in open beta right now, and works well (I'm currently laundering some bitcoins myself). I'm interested in all feedback and thoughts.

This is a pay service, it's priced at roughly 0.5% of the transaction. Eventually it will have a minimum 1BTC price for laundering, but right now while it's being tested, the minimum is 0.02.

From the FAQ as to why it exists:

   1. Imagine that Alice wishes to send BitCoins to Bob.
   2. Bob, sadly, is not well liked. Alice would rather not have anyone know that she sent Bob BitCoins.
   3. So, Alice puts Bob's address in the form at BitLaundry.
   4. Alice gets a one-time-use address from BitLaundry.
   5. Alice sends the money to that address.
   6. BitLaundry sends money out to recipients every 30 minutes.
   7. (But, it doesn't send out Alice's money immediately, that might be suspicious..)
   8. So, a random number of 30 minute segments later, BitLaundry sends the money out to Bob.
   9. BitLaundry then deletes the database link between the one-time-use address and Bob.
  10. Alice has sent money to BitLaundry, but people do this all the time. She's one of many.
  11. BitLaundry has sent money to Bob, but BitLaundry has sent money out to a whole bunch of other people as well.
  12. Alice and Bob are much less linked than they would have been otherwise.

There are also obvious benefits for Russian botnet owners, and possibly others. Let me know your thoughts!



Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: mizerydearia on September 01, 2010, 08:07:07 AM
Quote
0.5% of the total + 0.01% per recipient (minimum 1 BTC per recipient.)
Quote
Example: 1,000 BTC to 4 recipients would generate a fee of: .0054 * 1000 = 5.4 BTC and 994.6 BTC would be sent out to recipients.
1000 * 0.005 (0.5%) == 5
1000 * 0.0001 (0.01%) * 4 == 0.4
Fee == 5btc + 0.4btc == 5.4btc
This is correct.

However, I am confused by the next example.
Quote
Example: 50 BTC spread out to 10 recipients would cost .060% * 50 = < 10. The fee would be 10 BTC, and 4BTC would go to each recipient.
50 * 0.005 (0.5%) == 0.25
50 * 0.0001 (0.01%) * 10 == 0.05
Fee == 0.25btc + 0.05btc == 0.3btc

Where do you get a fee of 10btc?

I guess the fee for sending 1000btc is less than the fee for sending 50btc. :p


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: bencoder on September 01, 2010, 08:27:21 AM
Where do you get a fee of 10btc?

Quote from: vess
0.5% of the total + 0.01% per recipient (minimum 1 BTC per recipient.)

Emphasis added :)


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: FreeMoney on September 01, 2010, 09:19:02 AM
I was just thinking that this was something I could do!

How necessary is it though? What happens when you send yourself coins? Do they end up in a different address or not? I have two machines so I think I can do it for myself that way no matter what.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on September 01, 2010, 03:14:41 PM
Yep, typo at the minimum calculation explanation. The calculator does the math right, though: for now to make it cheaper for people to try out with small amounts, I set the minimum at .02 BTC.

Regarding doing it yourself: This provides better decorrelation because your payments are getting mixed in with other people's. If you send a payment to address a, then to address b, then on to where you buy from, you have something very different than we have now with BitLaundry:

Address A-> B
B -> C, E (C is not related to you at all)
E -> over time F, G, H (all you)
I (Not related to you originally ) -> J (You).

This is better.




Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on September 01, 2010, 03:21:40 PM
p.s., yes, the example about 10 people was designed to help you understand the different parameters of the pay system, so splitting to more recipients costs a little more than sending to just one.



Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 01, 2010, 06:25:16 PM
It's better to use MyBitcoin for this. MyBitcoin has more bitcoins "in circulation", so you are much more likely to send coins that didn't belong to you. With BitLaundry, you'll probably end up sending mostly your own coins. Also, unless you've modified Bitcoin, logs of every transaction are still kept.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on September 01, 2010, 07:44:44 PM
Re: mybitcoin, possibly, BUT:

Do they delete all logs on send?

BitLaundry keeps no login or other account information, tracks no IP addresses, and only stores send information until a payment goes out successfully.

My original use case for BitLaundry was for a botnet owner. I think that it fills that need (however small) better.

Regarding more BTC in circulation, this is undoubtedly true, but one has to start somewhere.

Peter


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 01, 2010, 08:16:01 PM
Do they delete all logs on send?

You're not actually deleting logs unless you've modified Bitcoin. Bitcoin keeps logs of every transaction in wallet.dat.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: mizerydearia on September 01, 2010, 08:25:58 PM
Where do you get a fee of 10btc?

Quote from: vess
0.5% of the total + 0.01% per recipient (minimum 1 BTC per recipient.)

Emphasis added :)

Ah, thanks! I read that, but it didn't sink in.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: Anonymous on September 02, 2010, 03:10:17 AM
It's better to use MyBitcoin for this. MyBitcoin has more bitcoins "in circulation", so you are much more likely to send coins that didn't belong to you. With BitLaundry, you'll probably end up sending mostly your own coins. Also, unless you've modified Bitcoin, logs of every transaction are still kept.

What if you set up a separate laundry node behind tor and sent all the coins to it from the public laundry service? Would your coins be traceable when sent to someone else ?

Bitcoin needs its own onion routing scheme  :)





Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 02, 2010, 04:19:22 AM
What if you set up a separate laundry node behind tor and sent all the coins to it from the public laundry service? Would your coins be traceable when sent to someone else ?

Bitcoin needs its own onion routing scheme  :)

With Bitcoin, Tor doesn't help much. Read this:
http://www.bitcoin.org/wiki/doku.php?id=anonymity

At the end of that article I described a somewhat easy-to-implement "Bitcoin laundering" service:
Quote
- Set up two Bitcoin installations.
- Put some amount of BTC in installation B. This is the maximum amount of BTC you can deal with at once (for all customers).
- Customers send BTC to installation A. You send them an equal number of coins (or minus a fee) from installation B. Send as 10-50 BTC increments.
- Send all coins from A to B when all orders are satisfied. You can't send coins from A to B if you have any orders that have not been satisfied from B.
- This can be automated, or you can do everything manually.

This still keeps logs (unavoidable without modifying Bitcoin), but it ensures that you never get back your own coins.

The log situation can be helped by periodically moving your bitcoins and deleting the empty wallet.dat file (this deletes all of your receiving addresses, so be careful).


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: Anonymous on September 03, 2010, 04:38:59 AM
What if you set up a separate laundry node behind tor and sent all the coins to it from the public laundry service? Would your coins be traceable when sent to someone else ?

Bitcoin needs its own onion routing scheme  :)

With Bitcoin, Tor doesn't help much. Read this:
http://www.bitcoin.org/wiki/doku.php?id=anonymity

At the end of that article I described a somewhat easy-to-implement "Bitcoin laundering" service:
Quote
- Set up two Bitcoin installations.
- Put some amount of BTC in installation B. This is the maximum amount of BTC you can deal with at once (for all customers).
- Customers send BTC to installation A. You send them an equal number of coins (or minus a fee) from installation B. Send as 10-50 BTC increments.
- Send all coins from A to B when all orders are satisfied. You can't send coins from A to B if you have any orders that have not been satisfied from B.
- This can be automated, or you can do everything manually.

This still keeps logs (unavoidable without modifying Bitcoin), but it ensures that you never get back your own coins.

The log situation can be helped by periodically moving your bitcoins and deleting the empty wallet.dat file (this deletes all of your receiving addresses, so be careful).

Could this be distributed somehow? You could jumble the coins into different sized chunks and recall them as needed in some randomn way?


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 03, 2010, 05:23:15 AM
Quote
Could this be distributed somehow? You could jumble the coins into different sized chunks and recall them as needed in some randomn way?

I can't think of any way to remain strongly anonymous in any e-currency system and not trust someone.

You can send bitcoins to new addresses owned by yourself in random intervals and amounts. This frustrates attempts to identify you, but I don't think it'd be sufficient to stop a determined attacker. Using the current code to send bitcoins to yourself (the same client) is useless, though, because Bitcoin makes a special, obvious transaction when you do that.

There are some interesting things you can do with the "external mixing service" concept. You can probably chain multiple mixers while only trusting one of them not to steal your bitcoins. You still need to trust one person, though.

Bitcoin-backed "bank notes" transmitted with a strongly anonymous but centralized system like Open Transactions (http://bitcointalk.org/index.php?topic=847.0) is probably the best solution.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on September 10, 2010, 06:48:14 PM
I'm working on running the transactions through Mt. Gox, although slowly, since there doesn't seem to be a large felt need for anonymizing right now.

Any votes on the next project? On my list is

1) Payment spreading -- essentially set up an address and a split, and the service will send out payments automatically on the split. As an add-on, people could update their destination address and keep the sender semi-ignorant of the final destination (subject to the correlation issues we've been talking about)

2) A digital escrow service -- would probably be buyer-friendly, require proof of shipping / then proof of mediation if dispute. This seems to be communicated as a large felt need for people who wish to buy with bitcoins.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: gumtree on September 12, 2010, 05:06:44 PM
Could a built-in anonymizing function for Bitcoin enable each transaction to pass through a public pool of Bitcoins - with Bitcoins from address and Bitcoins to address (same transaction) to be a different set?


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 12, 2010, 07:00:21 PM
gumtree:

How do people who collect from the pool prove to the network that they have the right to do so? The sender will need to say to the network, "This person can remove x coins," but this is equivalent to a normal transaction.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: theymos on September 12, 2010, 11:25:13 PM
If you don't use the block chain, then you eliminate double-spending protection. A could make two pooled transactions to himself using the same coins.

Also:
- Why couldn't an attacker just insert 10,000 nodes into the network and record all messages? It's pretty easy to do.
- What stops whoever signs the outgoing pool transactions from just sending them to an address he controls? The network can't verify that he's sending to the correct addresses unless they've seen the transaction that A made, which removes the anonymity aspect.

If you don't think I understand your system, explain exactly what every member of the network would be doing in this system. For example:
1. A creates a transaction like this: "txIn: previousTransaction; txOut: SEND_POOLED B_PubKey amount".
2. A transmits the transaction to his peers.
3. His peers do ???


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: gumtree on September 16, 2010, 07:54:12 AM
In mybitcoin.com 's terms of service agreement, it is stated that a historical transaction record of an account is kept.  This information combined with the Bitcoin block chain, may provide a complete transaction path of a Bitcoin passing through mybitcoin.com - maybe even if you do not even spend your own Bitcoin from mybitcoin.com (that was originally sent to mybitcoin.com).

See:  mybitcoin.com Terms of Service Agreement when signing up:  

"9.2 Unless ordered by a Court of competent jurisdiction, MYBITCOIN LLC shall not reveal User's contact or identifying information or transaction history to any third party."

It becomes clear that whenever something is centralized, anonymity is lost.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: em3rgentOrdr on September 16, 2010, 10:39:53 AM
In mybitcoin.com 's terms of service agreement, it is stated that a historical transaction record of an account is kept.  This information combined with the Bitcoin block chain, may provide a complete transaction path of a Bitcoin passing through mybitcoin.com - maybe even if you do not even spend your own Bitcoin from mybitcoin.com (that was originally sent to mybitcoin.com).

See:  mybitcoin.com Terms of Service Agreement when signing up: 

"9.2 Unless ordered by a Court of competent jurisdiction, MYBITCOIN LLC shall not reveal User's contact or identifying information or transaction history to any third party."

It becomes clear that whenever something is centralized, anonymity is lost.

EEEEK!!!!  So it turns out mybitcoin.com is just another corporation!!!  [sighs]

I'm at the point in my life now that I'm very distrustful of:
  • incorporated companies (why did you file paperwork with the government?  Corporations are just creatures of The State)
  • closed source implementations (what are you hiding in your code?)
  • centralized servers/domains (can be broken into, are easy targets, governments can disconnect easily) instead of p2p
  • banking schemes where it might be possible to engage in fractional reserve banking (so I have this money stored at mybitcoin.com, but how do I know you are not lending it out behind my back?)
  • transaction schemes where there is no recourse if the transaction is violated
  • low reputation
  • not mathematically/logially/cryptographically proven

So, yeah, how do I know mybitcoin.com isn't engaging in Fractional Reserve Banking with my stored money?


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: SmokeTooMuch on February 27, 2011, 02:23:27 PM
From: https://www.bitcoin.org/smf/index.php?topic=3927.msg56043#msg56043 (https://www.bitcoin.org/smf/index.php?topic=3927.msg56043#msg56043)

Hmm, it comes pretty close to BitLaundry (https://bitlaundry.appspot.com/explanation)

Quote
BitLaundry Explanation
BitLaundry is designed to help unlink accounts from each other. It does that by providing a well-known, and hopefully popular service. Here's how it works:

   1. Imagine that Alice wishes to send BitCoins to Bob.
   2. Bob, sadly, is not well liked. Alice would rather not have anyone know that she sent Bob BitCoins.
   3. So, Alice puts Bob's address in the form at BitLaundry.
   4. Alice gets a one-time-use address from BitLaundry.
   5. Alice sends the money to that address.
   6. BitLaundry sends money out to recipients every 30 minutes.
   7. (But, it doesn't send out Alice's money immediately, that might be suspicious..)
   8. So, a random number of 30 minute segments later, BitLaundry sends the money out to Bob.
   9. BitLaundry then deletes the database link between the one-time-use address and Bob.
  10. Alice has sent money to BitLaundry, but people do this all the time. She's one of many.
  11. BitLaundry has sent money to Bob, but BitLaundry has sent money out to a whole bunch of other people as well.
  12. Alice and Bob are much less linked than they would have been otherwise.

But as I understand it, you can track Alice by looking at the block chain and look for the amount that Bob received by BitLaundry.
Then you check which address sent this amount to BitLaundry (probably one of the one-time-use addresses from step 4) and then check which address sended that amount to the one-time-use address.
Is that correct ?


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: BCEmporium on February 27, 2011, 02:54:47 PM
Alice? Bob? Alice and Bob are out for holidays!

ĞDon Giovaniğ wants to pay of his drug stash from ĞEl Diabloğ...  ;D

But that still misses the "mule" to be a "complete pack".


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on May 10, 2011, 10:01:14 PM
An update to this thread: BitLaundry and it's code are for sale. Check here: http://bitcointalk.org/index.php?topic=6939.0


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: forgotmypassword6x on May 11, 2011, 03:24:45 AM
This is the wrong way to do things.  The right way is to do it P2P, TOR-style.  Have n people rendezvous via TOR and together construct a transaction that takes as input, $X from each of them, and outputs $X-trans fee to n fresh bitcoin addresses.  To do this naiively, the n people would each tell each other their pairs (old addr, freshaddr), put them together in a transaction (randomize the order of outputs relative to order of inputs), and then all sign.  However, this is bad because you have told the other people that your new addr is linked to your old one.  The correct way is to use secure multiparty computation to generate the transaction in such a way that, in the end, all parties only learn the entire transaction (NOT which new addr corresponds to which old one).
Furthermore, if any subset of k the n people collude to break the others' anonymity, the best they can do is know that
the n-k output addresses not owned by them came from the n-k input addresses not known by them, but nothing more.


Title: Re: Announcing: BitLaundry -- decorrelated payment service
Post by: vess on May 15, 2011, 11:32:09 PM
Final update: I sold BitLaundry to Mike Gogulski. He's in charge now.