Author

Topic: Fungible Shuffler- decentralized and secure mixing- workable? (Read 2258 times)

hero member
Activity: 994
Merit: 507
how is this better than coinjoin?
You can have outputs be any value and the mixing is done with ring signatures so even if someone is monitoring and archiving everything you can't follow the coins in the ring signature pool....I think.
legendary
Activity: 2058
Merit: 1452
how is this better than coinjoin?
hero member
Activity: 994
Merit: 507
-as far as I know, it requires no change to the bitcoin protocol?

-uses multisig, timelock, and cryptonote type ring signatures with a transaction chain that doesn’t need to be stored

Pseudo-code steps

1. A group of people communicate to shuffle coins. They would create a multisig address such as a 7 of 7 multisig. The multisig address would also contain a timelock so that if something along the line doesn’t work you can refuse to sign the multisig and funds will be returned back to the sender for everyone.

2. Each person creates a private key for a cryptonote type ring signature and calculates the address that would be associated with it.

3. Each person sends BTC to the multisig address. Attached to each transaction is extra data specifying the address they created in step 2.

4. Once everyone has sent their payments, the multisig address would have multiple payments with each transaction specifying an address.

5. The group now works together on a special ad-hoc ledger using ring signatures. The ledger system would work similar to cryptonote type currencies but would involve no mining. The initial state of what address contains what would derive from the multisig address correlating 1:1 with the ad-hoc “shuffle coins”. No new coins are ever created and coins only move. The group then starts moving the coins around to themselves and shuffles it around using ring signatures.

The ledger’s main goal is privacy so the group could in theory create a very large ledger with lots of movements as the whole thing is thrown out afterwards. To prevent flooding each “shuffle coin” transaction may have a super tiny fee so that when the system is done the total fees in the whole system are equivalent to one small BTC fee. And since the ledger is discarded, the latest ledger systems that mix the best will used and can evolve.

6. To set where the BTC end up, an un-spendable transaction is created with "shuffle coins" with attached data containing a BTC address. Each end transaction will have an amount of “shuffle coins” and associated address. Once all “shuffle coins” are un-spendable the group can begin constructing the end transaction.

7. A transaction is created that uses the multisig funds and sends them to all the addresses listed in step 6 with the exact same value. The fees used up in the system are added to the transaction too. After each party has confirmed that the funds they have deposited are being transferred to their new addresses they will sign the transaction.  Each person can only verify themselves as they won’t be able to follow other people’s “shuffle coins”. You will see your coins and the rest will all add up to the initial multisig address amount.

8. If at any time a double spend is detected in step 5 the process quits and all members wait for time lock.

9. TOR used to protect IP correlations.


The end result is BTC into a single address that gets split up into many outputs with no way of knowing who got what because it is all obscured with ring signatures.


My crypto knowledge is pretty limited so I have no idea if something like this would work.
Jump to: