Pages:
Author

Topic: [Education] Bitcoin Privacy and Anonymity - page 2. (Read 1375 times)

legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
10. Mixing Service
back to table of contents
There are other methods to deal with privacy issues in Bitcoin transactions, namely, by using a mixing service (randomization).


Bitcoin Mixing20

These services have different methods for mixing users' Bitcoin. However, the methods they use can be classified into two groups 21.

In the first group, the service asks users to send bitcoin into a virtual wallet that is controlled by the service, so users can retrieve their bitcoin to sent to another Bitcoin address. The service provider will exchange the user's Bitcoin for another bitcoin that has no connection with his previous bitcoin. If the user wants to pay a coin to another party, they can enter the destination address to be paid by the service provider.

The second group is a service that combines several transactions into a significant transaction using a concept like CoinJoin (the mechanism combines several similar transactions into a transaction that consists of many inputs and outputs).

When users use services like this, they have to pay a bitcoin service fee to the service manager in the amount between 0.5% to 3%. Although services like this might increase anonymity, there are also risks borne by users, because they cannot control their bitcoin when they have sent the bitcoin to the manager's bitcoin address. It means that when the service manager acts fraudulently by stealing the user's bitcoin, the user cannot do anything else because all bitcoin transactions cannot be canceled.

In the thesis of Felix Maduakor 20 on Mixing Services / Anonymous Bitcoin Transactions, pages 18-20, the Mixing Method divided into three categories
https://www.dropbox.com/s/3yapwyfz72tvswh/BA_mixing_services.pdf?dl=0
The following is a summary of these categories:

1. Decentralized Mixing (P2P Mixing)


A figure of P2P Mixing Service

Several scientific papers, such as or about algorithms, which allow the transfer of bitcoin anonymously, have been published. Some of these algorithms have been implemented in different cryptocurrency by default (example: Zerocash22), but at the time of writing [-thesis-], no approach has been widely adopted in the Bitcoin network. Unlike Centralized Mixing Services (CMS), P2P Mixing must be implemented in Bitcoin wallet software so that users can access it.

2. Centralized Mixing Services (CMS)


A figure of Centralized Mixing Services

Centralized Mixing Services (CMS) are usually run by commercial website providers who advertise that their services can anonymize Bitcoin transactions. CMS usually charges fees up to 3% of the initial amount of coins that have not been sold. Often the P2P mixing algorithm is used internally by CMS.

3. Off Chain Mixing

The public can access every transaction sent through the Bitcoin network through the Bitcoin blockchain. However, recently there have been many scientific efforts to find solutions to send and receive Bitcoin transactions without the need to publish them on the blockchain.
Among the implementation solutions for this problem include Lightning Network.
Lightning Network leads to transactions that are almost instant and may eliminate transaction costs.

-snip- Anonymity is very difficult, especially with blockchain-based systems where so much data has to be public, but also in other areas (eg. there are several known weaknesses with Tor). You should always operate with the expectation that any anonymity system you use will eventually fail you. If you're ever confident in your anonymity, then you're wrong. ...
-snip- that even though a mixing service/a mixing algorithm might seem to be reliable at the moment, through a single leak/implementation fault, an attacker could be able to deanonymize any past transaction which has been processed by the mixing services. Even though the leak/implementation fault gets fixed by the service, every transaction which has been processed prior to the fix is irreversible vulnerable. -snip-

Comparison between Bitcoin Mixer and CoinJoin23:
Quote
#MixerCoinJoin
1Closed-source and the system cannot be verified.Open-source and can't be verified by the system (in general).
2A mixer controls the coin.The user controls the coin
3Privacy is lost if the mixer keeps the mixing activity or the mixing method is wrong.[24]Privacy is lost if CoinJoin's implementation is incorrect.
Some Bitcoin Mixers Bitcoin Tumblers website links compiled by LeGaulois25:
https://bitcointalksearch.org/topic/m.28964833

Reference:
20. Anonymous Bitcoin Transactions. Felix Maduakor
     https://www.dropbox.com/s/3yapwyfz72tvswh/BA_mixing_services.pdf?dl=0
21. Dimaz A.W. & Oscar D., Blockchain dari Bitcoin untuk Dunia, pages 109-110, 2017: Jasakom
22. Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza.
      Zerocash: Decentralized anonymous payments from bitcoin.
      In Security and Privacy (SP, 2014 IEEE Symposium on, pages 459-474. IEEE, 2014
23. https://bitcointalksearch.org/topic/edu-bitcoin-mixing-service-5125545 - ETFbitcoin
24. Breaking Mixing Services - madu
25. 2019 List Bitcoin Mixers Bitcoin Tumblers Websites - LeGaulois
-    [Guide] Decent mixing methods - theymos
-    What is Bitcoin Mixer? - RapTarX
-    Anonymous Bitcoin Transactions. P. Martin and A. Taaki. (2013, August 25, 2015/0)
-    CoinJoin: Bitcoin privacy for the real world by gmaxwell
 -   Other references look at post #1

legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
9. Merge Avoidance
back to table of contents
Merge avoidance is a term introduced by Mike Hearn in the concept he put forward to identify bitcoin privacy issues.
Merge avoidance is the idea of ​​breaking a certain number of bitcoin transactions into several transactions to avoid identifying the user of the specific amount sent from one user to another19.
By solving transactions with a small amount of bitcoin, then the identification of these transactions will be more difficult.

Merge avoidance is useful in some instances; for example, Alice and Bob work in the same company and are paid in the form of bitcoin by the company. Bob suspected that he got a smaller salary from Alice, so he could have asked Alice to send a small amount of bitcoin. From there, Bob can analyze which transactions become salary payments to Alice and prove Bob's suspicions.

Implementation properties

This scheme has several things that make it nice to implement:
  • It can be written incrementally — a simple and not very smart algorithm can nevertheless still improve someone’s privacy. Later, a better algorithm can be developed and deployed, but it doesn’t require any complicated global upgrades. This is a good fit for the volunteer driven fits-and-spurts, competing-wallets development model that Bitcoin has.
  • It is very simple and has no moving parts or big state machines. You don’t have to worry about a random mobile phone the other side of the world driving into a tunnel at the wrong moment, or running a buggy reimplementation of the software.
  • There is no centralisation, not even any transient rendezvous servers.
  • There are no legal risks, because you’re not relying on any services that could be considered money laundering tools.
  • It is robust. Above, I gave examples of how CoinJoin can appear to work but still leak in the presence of very little additional information. Merge avoidance doesn’t have that problem.

There are also some downsides:
  • How good your privacy is depends heavily on how smartly the people sending you money craft transactions. Thus your privacy relies on people who may not have much incentive to do anything about it. Hopefully common wallet software would do the right thing by default.
  • It increases the number of transactions, although the overhead is not as high as you might think — a transaction is merely a list of inputs, outputs and a two-field header (version and lock time). Inputs and outputs are not really changed over a good CoinJoin implementation, and version/locktime could easily be compressed/varint encoded to save space. The difference would be on the order of bytes rather than kilobytes.
  • It relies on the payment protocol. But many things rely on that, and the payment protocol is critical to cracking down on address reuse, which is needed for all proposed privacy schemes to work anyway. It’s important that we make BIP70 as easy and widespread as possible.


Reference:
19. M. Hearn. (Dec 11, 2013). Merge avoidance A note on privacy-enhancing techniques in the Bitcoin protocol.
     https://medium.com/@octskyward/merge-avoidance-7f95a386692f
 -   https://bitcoinfoundation.org/forum/index.php?/topic/572-merge-avoidance/
 -   Proposal to add Merge Avoidance extension to Payment Protocol - amincd
     https://bitcointalksearch.org/topic/proposal-to-add-merge-avoidance-extension-to-payment-protocol-1120137
 -   Dimaz A.W. & Oscar D., Blockchain dari Bitcoin untuk Dunia, page 109, 2017: Jasakom
 -   Other references look at post #1
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
8. MixCoin
back to table of contents
MixCoin is a concept that creates accountability for mixing services18. MixCoin implementation does not require changes to the Bitcoin protocol so that it can be implemented easily by users.
In MixCoin, there are two parties involved. The first party is the party that wants to do bitcoin randomization, and the second party is the party that provides randomization services.
MixCoin's accountability made as proof of transaction. If the service provider cheats by stealing the user's bitcoin, the user will expose evidence of the deal, thereby destroying the reputation of the service provider.

The following is a diagram illustrating the MixCoin Protocol18:



Several steps must take by user A and service provider M. User A makes a service request to M to create a bitcoin transaction. If M agrees, then M signs information on the transaction requested by A using M.'s private key. The signed data is evidence that will be stored by A that can be verified by anyone using M.'s public key. Next, A pays an amount bitcoin that has approved to M, including transaction fees paid to M. If M is acting honestly by sending bitcoin as agreed, then the evidence can remove. But if M is cheating, then A can publish proof that states that M did not honest.

Reference:
18. J. Bonneau, A. Narayanan, A. Miller, J. Clark, J.A. Kroll, and E.W. Felten,
     "Mixcoin: Anonymity for Bitcoin with accountable mixes," in Financial Cryptography and Data Security, ed: Springer,
     2014, pp. 486-504.
     Link to download (PDF): http://www.jbonneau.com/doc/BNMCKF14-FC-mixcoin_proceedings.pdf
 -   Dimaz A.W. & Oscar D., Blockchain dari Bitcoin untuk Dunia, page 107-109, 2017: Jasakom
 -   Other references look at post #1

legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
February 28, 2020, 08:20:47 AM
#2
6. CoinJoin
back to table of contents
Gregory Maxwell introduces an alternative solution to increase the level of privacy of Bitcoin users, called CoinJoin13, which is a development of the ideas previously presented about Taint14, CoinJoin is a mechanism that combines several similar transactions into a transaction that consists of many inputs and outputs. The CoinJoin concept then implemented into an application called CoinJoin15.

-snip-
CoinJoin Transactions13

The picture above explains how CoinJoin works and how it compares to Bitcoin transactions.

In transaction 1, a 1FF address that has 50 BTC wants to send 0.5 BTC to another address, 1A1, with a return address of 1FF. At the end of the transaction, the 1FF address will have 49.5 BTC bitcoin.

In transaction 2, there are many input and output addresses. Although this scheme looks like an ordinary Bitcoin transaction, it can be used to protect the identity of the user associated with the transaction. For example, the owner of address 1A1 wants to send 0.8 BTC to 1E5 and does not want anyone else to know of this transaction, so he combines the transaction with another transaction of the same size, for example, from address 1C3 to 1D4. It means that by looking at the transaction, the observer cannot determine which address receives the 1A1 address, because the bitcoin could have originated from 1D4 or 1E5.

UPDATE
Among the applications that are pioneers in the implementation of the CoinJoin concept:

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy), while Wasabi is the first wallet that implements CoinJoin in both a highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!

For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers". -snip-

Note:

-snip- Wasabi is not our friend any more.  They joined the enemy's boat.  So I think it is important to either remove them from OP or add a very prominent note about them not supporting Privacy and Anonimity any more but the opposite.  This is a very disappointing move on Wasabi side and it disgusts me but it is what it is. -snip-

See also this link: https://blog.wasabiwallet.io/zksnacks-blacklisting-update/

> They still didn't explain how exactly is zkSNACKs Ltd going to blacklist certain unspent transaction outputs if they are not monitoring and collecting user data

We didn't explain, because it's trivial. By architecture, the Wasabi coordinator cannot breach the privacy of its users. It does not mean the coordinator chooses to not collect data, but it means it couldn't collect even if it wanted to. The coordinator only knows of the UTXOs to take part in coinjoins - so does the public - and that's not a privacy leak.


Reference:
13. gmaxwell, CoinJoin: Bitcoin privacy for the real world
14. gmaxwell, I taint rich! (Raw txn fun and disrupting 'taint' analysis; >51kBTC linked!)
15. P. Martin & A. Taaki. (2013, August 25, 2015) Anonymous Bitcoin Transactions.
 -   Dimaz A.W. & Oscar D., Blockchain dari Bitcoin untuk Dunia, pages 104-105, 2017: Jasakom
 -   Other references look at post #1

legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
February 28, 2020, 06:04:40 AM
#1
This thread is a translated version of a topic that I created in a local board Bahasa Indonesia: [Edukasi] Privasi dan Anonimitas Bitcoin

Privacy and Anonymity
Privacy is a big problem in the Bitcoin system. Although Bitcoin offers pseudonymous, several techniques have developed to open relationships between Bitcoin addresses, transaction patterns, and the original identity of the owner of the Bitcoin address.

Table of contents:
1. Privacy Issues
2. KYC and AML principles
3. Taint
4. Greenlist
5. Geolocation
6. CoinJoin
7. CoinSwap
8. MixCoin
9. Merge Avoidance
10. Mixing Service
11. Schnorr Signature
12. MAST (Merklized Abstract Syntax Tree)
13. Taproot by DroomieChikito
14. Bitcoin Anonymity Analysis
15. Coin Control by DroomieChikito
16. Circuit of Transactions
Reference


1. Privacy Issues
back to table of contents
Bitcoin designed with a privacy model where transactions made and addresses owned by a user do not have a direct relationship with the real identity of the owner. The Bitcoin privacy model and its comparison with the traditional privacy model can describe as follows:


Bitcoin Privacy Model 1

Anyone can join the Bitcoin system without having to register first because there is no centralized control organization in the bitcoin system that controls users or transactions that occur within the system.
Although everyone can see these transactions, the identity associated with the purchase remains hidden.

However, this privacy model does not mean that the user's identity remains hidden. Many rules are set and also the characteristics of Bitcoin that can use to analyze the relationship between bitcoin transactions and the user's real identity. They are what then causes the Bitcoin community to tend to refer to Bitcoin as pseudo-anonym.

2. KYC and AML principles
back to table of contents
Governments in the world are starting to become aware of money laundering schemes that can implement using digital currencies such as Liberty Reserve, which then forces financial institutions to apply the principles of Know Your Customer (KYC) and Anti Money Laundering (AML). By using the KYC principle, no one can create a bank account without an identity card. The same law imposed on financial institutions related to the Bitcoin system, such as the Bitcoin trading company that allows users to sell or buy Bitcoin and convert local currencies into Bitcoin or vice versa.3

In Indonesia, one of the exchangers for exchanging Bitcoin / Cryptocurrency with Rupiah, namely Indodax, adopted the same mechanism by requiring its users to submit copies of their identities to be validated manually by the company.
It means that Bitcoin trading services have a connection record between the Bitcoin address and the user's real identity.

Because anyone can see every transaction in the Bitcoin system, Bitcoin purchased from the Bitcoin Exchanger can be tracked easily. Therefore, if the transaction is suspected to be related to illegal activities, the identity of the user involved can be identified if the user transacts directly from the exchanger.

3. Taint
back to table of contents
Taint is a transaction trace that can use to measure connectivity between a Bitcoin address and another Bitcoin address that connected to transactions between these addresses.5

This is the best I could explain the taint analysis you see on blockchain.info but i'm not sure it is very clear: (fictional example for address 1MtPYAjqohLH5gMq3PH5xKVFWWDxrRQEbh)



All addresses which have received a payment are "tainted" and it in no way effects the value of the coins.

Addresses that transact with each other tend to have something related, for example, owned by the same user, or have a seller-buyer relationship in the transaction scheme of buying and selling goods or services.

There used to be a Taint Analysis tool on Blockchain.info (https://www.blockchain.com/)
but at this time, the feature is removed6. (CMIIW)

-snip-
I am also incensed frankly that someone would step into the market with such a muddle-headed thinking, and attempt to sabotage or destroy the core bitcoin feature that gives its value, where the value has been created by Satoshi and a cast of millions of man-hours of contributions of the community and technical wizards developing it mostly on volunteer time.  I am not someone prone to swearing, but this is astonishingly stupid and dangerous.   Please stop now.  In the article it is claimed they sought advice from the Winklevoss twins, if the twins value their estimated $30million bitcoin holding they should advise them to stop: if fungibility is destroyed bitcoins value as a transaction currency is impacted.  
-snip-
Greenlist will eliminate the concept of functionality, which is a concept where any bitcoin with the same amount should have equal value regardless of where the bitcoin originated.
This greenlist scheme will create different bitcoin valuations depending on whether the bitcoin comes from an integrated address.
Greenlist policies can be a starting point for government agents who have database access to track the identity of anyone who transacts with a specific bitcoin address8.

5. Geolocation
back to table of contents
Geolocation analysis can understand as a method for mapping Bitcoin users based on their location on the surface of the earth. The report can do by mapping the locations of vendors who accept bitcoin as a means of payment.
Every time a user makes a payment in the form of bitcoin, it can estimate that the user is in the same location as the vendor, of course assuming that the vendor sells goods offline in the physical stores they have. Thus, analysts can track transaction details, including if necessary, checking CCTV cameras when searching for the user's presence.


Heatmap of retailers which accept cryptocurrency as payment.12

By combining geolocation techniques and taint analysis techniques, every bitcoin user who shops at a vendor's shop can be tracked. Therefore, without further security, the identity of Bitcoin users can be known.

Reference:
back to table of contents
-   https://en.bitcoin.it/wiki/Privacy
1. Satoshi, Bitcoin: A Peer-to-Peer Electronic Cash System
2. Dimaz A.W. & Oscar D., Blockchain dari Bitcoin untuk Dunia, pages 100-104, 2017: Jasakom
    [email protected] ; @kriptologi
3. M. Moser, R. Bohme, and D. Breuker, "An inquiry into money laundering tools in the Bitcoin ecosystem,"
    in eCrime Researchers Summit (eCRS)
, 2013, pp. 1-14.
4. Kaisa, Menata Legalitas Cryptocurrency di Indonesia
5. What is Taint?
6. Was Blockchain.info taint analysis function removed?
7. Any Other Taint Analysis Tools (other than blockchain.info's)?
8. Vitalik Buterin, Why The Bitcoin Greenlist is Structurally Dangerous to the Bitcoin Ecosystem
9. Kashmir Hill, Sanitizing Bitcoin: This Company Wants To Track 'Clean' Bitcoin Accounts
10. adam3us, Coin Validation misunderstands fungibility and could destroy bitcoin
11. https://www.reddit.com/r/Bitcoin/comments/1qj7sw/sanitizing_bitcoin_this_company_wants_to_track/
12. https://coinmap.org/ ; https://academy.binance.com/en/articles/what-is-bitcoin



I am not a native speaker of English and please correct if there is incorrect grammar.
Pages:
Jump to: