Bitcoin Forum
November 13, 2019, 12:10:58 AM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Breaking Mixing Services  (Read 1220 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
PrimeNumber7
Sr. Member
****
Offline Offline

Activity: 266
Merit: 310



View Profile
March 13, 2019, 05:41:13 AM
Merited by Welsh (2), LoyceV (2), ETFbitcoin (1)
 #21


3. On 2.3 Privacy in Bitcoin. You should take not that :
  • Few wallet such as Electrum now randomize output order
  • Few wallet have multiple change address feature
  • Few wallet such as Samourai wallet have advance transaction generation to improve user's privacy. It's called Stonewall

None of these have any impact on privacy if users of Bitcoin are not using these features. When he wrote his paper, transaction fees were >$20, and using multiple change addresses would be very expensive for a business that processes many transactions. The same is true if a business generates transaction inputs in not the most efficient way.

Above all, the most effective way to maximize privacy when using Bitcoin is to abstain from address reuse, and to only conduct business with those who abstain from address reuse. This would be very effective in making "mixers" obsolete, and unnecessary in most cases.

smartmixer.io▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
Make your Cryptos untraceable!
(( ███████ ((    TELEGRAM    )) ███████ ))
▄▄███████▄▄
▄███████▀███████▄
▄███▀▀▀ ▄▄▄ ▀▀▀███▄
▄███ ▄▀▀▀   ▀▀▀▄ ███▄
████ █  ▄   ▄█ █ ████
████▌▐▌ ▀█▄█▀ ▐▌▐████
▀████ ▀▄  ▀  ▄▀ ████▀
▀████▄ ▀▄▄▄▀ ▄████▀
▀█████▄▄ ▄▄█████▀
▀▀███████▀▀
.

NO LOGS
▄▄███████▄▄
▄██████▀▀▀██████▄
▄█████▀ ▄▄▄ ▀█████▄
▄██████ ▀   █ ██████▄
███████   █▀  ███████
████████▄ ▄ ▄████████
▀████▀         ▀████▀
▀███   ▄   ▄   ███▀
▀███████████████▀
▀▀███████▀▀
.

NO SIGN-UP
▄▄███████▄▄
▄███████████████▄
▄███████▀   ▀█████▄
▄████▀  ▀      █████▄
████     ▄▀▄  ▀ ▀████
███    ▄▀▄ ▄▀▄    ███
▀███▄▄  ▀█ █▀   ▄███▀
▀████████ ████████▀
▀███████████████▀
▀▀███████▀▀
.

70% COMSN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MIX NOW!
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
▄  ▄  ▄  ▄  ▄

▀  ▀  ▀  ▀  ▀
1573603858
Hero Member
*
Offline Offline

Posts: 1573603858

View Profile Personal Message (Offline)

Ignore
1573603858
Reply with quote  #2

1573603858
Report to moderator
1573603858
Hero Member
*
Offline Offline

Posts: 1573603858

View Profile Personal Message (Offline)

Ignore
1573603858
Reply with quote  #2

1573603858
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573603858
Hero Member
*
Offline Offline

Posts: 1573603858

View Profile Personal Message (Offline)

Ignore
1573603858
Reply with quote  #2

1573603858
Report to moderator
1573603858
Hero Member
*
Offline Offline

Posts: 1573603858

View Profile Personal Message (Offline)

Ignore
1573603858
Reply with quote  #2

1573603858
Report to moderator
1573603858
Hero Member
*
Offline Offline

Posts: 1573603858

View Profile Personal Message (Offline)

Ignore
1573603858
Reply with quote  #2

1573603858
Report to moderator
LoyceV
Legendary
*
Offline Offline

Activity: 1666
Merit: 5029


Largest Merit Circle on BPIP!


View Profile WWW
March 13, 2019, 09:03:28 AM
Merited by madu (3)
 #22

chipmixer.wrong
Although I think .io is owned by ChipMixer too, .com is the official domain: Please use the correct URL in all your posts:
USE ONLY BELOW DOMAINS:
ChipMixer.com
ChipMixerwzxtzbw.onion

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1820
Merit: 2079

Use SegWit and enjoy lower fees.


View Profile WWW
March 13, 2019, 09:11:29 AM
 #23

None of these have any impact on privacy if users of Bitcoin are not using these features.

Obviously

When he wrote his paper, transaction fees were >$20, and using multiple change addresses would be very expensive for a business that processes many transactions. The same is true if a business generates transaction inputs in not the most efficient way.

You're right, even the paper mention high fees when he wrote his thesis (see 4.4.2)

But what i implicate/empathize is default privacy on Bitcoin (without CoinJoin, mixers or any method which require another people) is more complex/private that what's written on his thesis.

Above all, the most effective way to maximize privacy when using Bitcoin is to abstain from address reuse, and to only conduct business with those who abstain from address reuse. This would be very effective in making "mixers" obsolete, and unnecessary in most cases.

Prevent address usage/one-time address is what everyone should do, but it's not easy task to find business who use one-time address.

But mixers won't be obsolete since there are scenario when people want to spend his Bitcoin from multiple UTXO/input where he'd lose his privacy if he simply make a transaction with those UTXO/input.
Mixer would help him if he make an transaction for each UTXO/input, even though Schnorr MuSig will solve this privacy problem.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2548
Merit: 2039



View Profile
March 13, 2019, 09:58:27 AM
Last edit: March 13, 2019, 01:58:00 PM by Carlton Banks
Merited by Welsh (3), LoyceV (2), ETFbitcoin (1)
 #24

Finally i have free time to read your thesis. My comment, thoughts & question :
1. On 1 - Introduction. You forget to mention 2 proposals (which published before date before of your thesis) which aim to improve anonymity which are BIP 151 and 156, even though it's not anonymization by modify transaction.

Remember that these are confined to the network layer of Bitcoin:

1. With BIP156, your IP address will no longer be tied to your personal transactions from the perspective of connected Bitcoin nodes.
2. With BIP151, all relayed transaction data will be encrypted from the perspective of someone analysing internet traffic (but connected Bitcoin nodes will still see the transactions unencrypted).


Neither of those BIPs will change the ability to analyse transactions on the blockchain


2. Upcoming bitcoin proposal, Schnorr MuSig could improve privacy on transaction with multiple input, you might be interested.

No, Musig Schnorr makes using multiple inputs less expensive. This only incentivises coinjoins, it does not make them any more private.

edit: Musig is for threshold based multisig that is safe to use with signature aggregation (without Musig, the last person adding their sig to an n of n aggregated public key could cheat by throwing out all the previous keys and replacing them with 1 key that belongs to them, and pretend that all the previous people's keys are aggregated together into it, so they can steal everyone's money). And so Musig doesn't have anything to do with privacy or anonymity on the blockchain either

Vires in numeris
nopara73
Jr. Member
*
Offline Offline

Activity: 46
Merit: 198


View Profile
March 13, 2019, 12:30:05 PM
Merited by madu (10), ETFbitcoin (1)
 #25

Thank you for the reply Felix! I added your thesis to my article on Traditional Bitcoin mixers: https://medium.com/@nopara73/traditional-bitcoin-mixers-6a092e59d8c2

I've been long theoretizing this happening, but I never found a concrete example of anyone doing this.

Creator of Wasabi Wallet: An open-source, non-custodial, privacy focused Bitcoin wallet - https://wasabiwallet.io
jojo69
Legendary
*
Offline Offline

Activity: 1568
Merit: 1952


no FOMO


View Profile
March 13, 2019, 02:56:25 PM
Merited by madu (1)
 #26

Yeah, I always suspected that these mixing services wouldn't stand up to a concerted traffic analysis.

Top notch work, I bet some folks are sweating a bit right now...these tracks never fade.

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1820
Merit: 2079

Use SegWit and enjoy lower fees.


View Profile WWW
March 13, 2019, 05:39:59 PM
Merited by Carlton Banks (1)
 #27

Finally i have free time to read your thesis. My comment, thoughts & question :
1. On 1 - Introduction. You forget to mention 2 proposals (which published before date before of your thesis) which aim to improve anonymity which are BIP 151 and 156, even though it's not anonymization by modify transaction.
Remember that these are confined to the network layer of Bitcoin:

1. With BIP156, your IP address will no longer be tied to your personal transactions from the perspective of connected Bitcoin nodes.
2. With BIP151, all relayed transaction data will be encrypted from the perspective of someone analysing internet traffic (but connected Bitcoin nodes will still see the transactions unencrypted).


Neither of those BIPs will change the ability to analyse transactions on the blockchain

OP's thesis describe sybil attack, so IMO it's worth to mention those BIP which have few/some correlation.

2. Upcoming bitcoin proposal, Schnorr MuSig could improve privacy on transaction with multiple input, you might be interested.
No, Musig Schnorr makes using multiple inputs less expensive. This only incentivises coinjoins, it does not make them any more private.

edit: Musig is for threshold based multisig that is safe to use with signature aggregation (without Musig, the last person adding their sig to an n of n aggregated public key could cheat by throwing out all the previous keys and replacing them with 1 key that belongs to them, and pretend that all the previous people's keys are aggregated together into it, so they can steal everyone's money). And so Musig doesn't have anything to do with privacy or anonymity on the blockchain either

I've seen some sources (including it's paper and Core's developer commentary) mention MuSig improve privacy since outsider can verify signature validity without see used public key.

Do i interpret it wrong or they're talking privacy on different aspect?

Carlton Banks
Legendary
*
Offline Offline

Activity: 2548
Merit: 2039



View Profile
March 13, 2019, 06:24:26 PM
 #28

OP's thesis describe sybil attack, so IMO it's worth to mention those BIP which have few/some correlation.

You're right, I don't know how I skipped over that


I've seen some sources (including it's paper and Core's developer commentary) mention MuSig improve privacy since outsider can verify signature validity without see used public key.

Do i interpret it wrong or they're talking privacy on different aspect?

I see your point: multi-sig using Musig looks like a 1 input transaction when spending from a Musig address, regardless of how many signers are needed to pass the threshold. But the way I understand it, it's Schnorr's additive keys property that confers that quality, and not Musig per se.

Certainly, Musig is designed at least in part to prevent the attack I described in my previous post, an attack which is a consequence of using additive public keys to generate the public key for a multisig address. So it seems logical that it's Schnorr that's improving multisig privacy, and Musig that mitigates the risks of using Schnorr signing for a multisig address.

Vires in numeris
madu
Newbie
*
Offline Offline

Activity: 11
Merit: 128


View Profile
March 16, 2019, 03:12:45 PM
Merited by DarkStar_ (4), Welsh (2), ETFbitcoin (1)
 #29

Finally i have free time to read your thesis. My comment, thoughts & question :
1. On 1 - Introduction. You forget to mention 2 proposals (which published before date before of your thesis) which aim to improve anonymity which are BIP 151 and 156, even though it's not anonymization by modify transaction.
2. Upcoming bitcoin proposal, Schnorr MuSig could improve privacy on transaction with multiple input, you might be interested.
3. On 2.3 Privacy in Bitcoin. You should take not that :
  • Few wallet such as Electrum now randomize output order
  • Few wallet have multiple change address feature
  • Few wallet such as Samourai wallet have advance transaction generation to improve user's privacy. It's called Stonewall
4. Your attempt to de-anonymize coinmixer.se is great, especially distinguish customer/coinmixer address by "Following transaction fulfills fee indicator", "Received an uncommon value" and "Tx fee based on partitions correct"
5. Why did you use blockchain.info rather than use Bitcoin Core RPC-JSON?

More info :
1. BIP 151 : Peer-to-Peer Communication Encryption
2. BIP 156 : Dandelion - Privacy Enhancing Routing
3. Dandelion: Redesigning the Bitcoin Network for Anonymity
4. Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees
5. MuSig: Schnorr Multisig and signature aggregation
5. Samourai Wallet : Stonewall
Thanks for your feedback and remarks.
5) Bitcoin qt was my first choice, however I didnt have much time for coding and blockchain.info had some speed and filtering advantages. So I talked to my supervisor and decided to use blockchain.info api. However, if I would implement this in a more serious fashion, I definitely would only use original bitcoin data to be sure of their integrity.

chipmixer.wrong
Although I think .io is owned by ChipMixer too, .com is the official domain: Please use the correct URL in all your posts:
USE ONLY BELOW DOMAINS:
ChipMixer.com
ChipMixerwzxtzbw.onion
Thank you. Its updated.

For everyone who is interested in Bitcoin privacy:
Recently the bitcoin.it privacy page (https://en.bitcoin.it/wiki/Privacy) has been updated by Chris Belcher (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016698.html).



buwaytress
Legendary
*
Offline Offline

Activity: 1162
Merit: 1038


https://bitcoin.watfordfc.com


View Profile
March 21, 2019, 04:38:46 PM
Merited by madu (5)
 #30

Hi madu, thanks again for giving us the time and patience to work out an article on your thesis and findings. It's published now as a feature here and I'm glad to see it's also mentioned on Wasabi Wallet's succinct article on centralised mixing services.

Like others, though, I'm still keen to see if your same techniques would have worked for ChipMixer. I believe it's been one of the few centralised mixers to have innovated on the techniques. Any success breaking it would prompt even more innovations (in fact, happy to provide test samples if you need!).

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!