Author

Topic: [Guide] Decent mixing methods (Read 1638 times)

legendary
Activity: 2212
Merit: 7064
December 18, 2022, 04:44:52 PM
#25
We do not have a smart contract here to automate the whole process. No?
There are no smart contracts in Bitcoin but in future maybe Taproot scripts could be used or some second layer solution would be alternative option.
I don't know how this would work with ChipMixer, but we can use Bisq exchange without trusting any escrow so it's not impossible.
legendary
Activity: 1662
Merit: 1050
December 18, 2022, 04:17:30 PM
#24
P.S.
If services like ChipMixer operated based on blinded bearer certificates, then they'd be in many ways superior to both of the above mixing methods. Someone should work on this.
How exactly is it possible to obfuscate the connection between i/p & o/p for Mixer operator using blinded bearer certificate?
With other mixer it would be hard.
With ChipMixer it is possible. We already remove onchain connection between inputs and outputs. Blinded bearer certificates would hide it from us. For example you deposit and instead of chip you get voucher. You swap voucher for blinded bearer certificate. After some time you redeem blinded bearer certificate for chip. ChipMixer cannot link certificate they give you with certificate you redeem because it is blinded.
How to exchange Chips as Blinded Bearer Certificates without trusting a third party for escrow? Also, vouchers need to be validated as honest one by some trusted third party too. We do not have a smart contract here to automate the whole process. No?
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
December 14, 2022, 07:21:29 PM
#23
ChipMixer cannot link certificate they give you with certificate you redeem because it is blinded.
Doesn't that require ChipMixer to operate as a bank, and have users exchange those certificates, like money?
Bitcoin wiki solution is based on on-chain contract and tries to solve many problems. If you use centralized off-chain "chip bank" and accept you do not want to solve all problems then only problem to solve is how to hide it from "chip bank". Blinding solves that.
Here's an even better idea: Lightning. Users hold similar to these certificates (commitment transactions), which they can exchange with the entire lightning network. Not only do they get better privacy (since lightning has more activity than ChipMixer), but the users also maintain self-custody. Alice sends you 1mBTC and gets 1mBTC via LN (the "voucher" essentially). Blinded paths (which are soon to be implemented) can protect Alice from doxxing her node's public key to you. Once she's ready to spend the chip on-chain, she just sends you the bitcoin via lightning, and takes the chip traditionally.
This may be good idea.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
December 13, 2022, 04:05:16 PM
#22
ChipMixer cannot link certificate they give you with certificate you redeem because it is blinded.
Doesn't that require ChipMixer to operate as a bank, and have users exchange those certificates, like money? That's what I understand from the wiki. Here's an even better idea: Lightning. Users hold similar to these certificates (commitment transactions), which they can exchange with the entire lightning network. Not only do they get better privacy (since lightning has more activity than ChipMixer), but the users also maintain self-custody. Alice sends you 1mBTC and gets 1mBTC via LN (the "voucher" essentially). Blinded paths (which are soon to be implemented) can protect Alice from doxxing her node's public key to you. Once she's ready to spend the chip on-chain, she just sends you the bitcoin via lightning, and takes the chip traditionally.

Good luck on chain analyzing after that.
sr. member
Activity: 456
Merit: 956
https://bitcointalk.org/index.php?topic=1935098
December 11, 2022, 06:26:10 PM
#21
P.S.
If services like ChipMixer operated based on blinded bearer certificates, then they'd be in many ways superior to both of the above mixing methods. Someone should work on this.
How exactly is it possible to obfuscate the connection between i/p & o/p for Mixer operator using blinded bearer certificate?
With other mixer it would be hard.
With ChipMixer it is possible. We already remove onchain connection between inputs and outputs. Blinded bearer certificates would hide it from us. For example you deposit and instead of chip you get voucher. You swap voucher for blinded bearer certificate. After some time you redeem blinded bearer certificate for chip. ChipMixer cannot link certificate they give you with certificate you redeem because it is blinded.
legendary
Activity: 1662
Merit: 1050
December 10, 2022, 01:30:09 PM
#20
P.S.
If services like ChipMixer operated based on blinded bearer certificates, then they'd be in many ways superior to both of the above mixing methods. Someone should work on this.
How exactly is it possible to obfuscate the connection between i/p & o/p for Mixer operator using blinded bearer certificate? I mean, how can the final design of a transaction be done without the address that is going to have the spending right? And as soon as that address is included, connection between i/p & o/p gets revealed to the Mixer operator. No?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
May 27, 2019, 04:57:38 PM
#19
This is probably from the FUD surrounding the closure of 'best mixer' by the Dutch authorities.
Maybe after the Silk Road, crypto has witness another wave of shutdowns by governments. I just read about Silk Road, and did not experience it, but mixer is the first one I witness strict managements of governments on crypto services with mixing industry, that has not been here for too long.
The operators of the dark net markets all though they could keep their identities entirely secret, along with the locations of their servers, with the use of TOR.

The operators of clearnet facing mixers cannot as easily remain anonymous, and the location of their servers can be easily found with a court order. A mixer operator might be able to use fake information when signing up for hosting service, and registering a domain, and could use a VPN or tor when signing up, and pay with bitcoin (that cannot be traced back to his identity), but the hosting provider and domain registrar might not like the fake information and could shut down services if they detect this, such as after receiving a court order.

I don't think we will see a lot of government seizures of mixers, but we could see more voluntary closures of these services because the operators are afraid of being caught by their government.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
May 27, 2019, 04:39:51 PM
#18
This is probably from the FUD surrounding the closure of 'best mixer' by the Dutch authorities.
Maybe after the Silk Road, crypto has witness another wave of shutdowns by governments. I just read about Silk Road, and did not experience it, but mixer is the first one I witness strict managements of governments on crypto services with mixing industry, that has not been here for too long.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
May 27, 2019, 04:12:34 PM
#17
Another famous mixer takes the hit...

Bitcoin Blender is shutting down. Please withdraw.
This is probably from the FUD surrounding the closure of 'best mixer' by the Dutch authorities.

I can't see many centralized mixing services willingly staying in business after what happened. My prediction is that the future of mixing will be embedded in some kind of protocol such as CoinJoin (even if CJ is somewhat flawed), or the currency itself, such as XMR.   
legendary
Activity: 2758
Merit: 6830
May 27, 2019, 03:39:51 PM
#16
Another famous mixer takes the hit...

Bitcoin Blender is shutting down. Please withdraw.



Btw @theymos, ChipMixer isn’t needlessly expensive because it is actually free (PWYW). Cheesy

legendary
Activity: 1512
Merit: 1442
thefuzzstone.github.io
May 24, 2019, 03:14:54 PM
#15
- Cons: You should use Tor with Monero, but you have to set this up manually; it's all more difficult;
Or you can use Monero wallet with Tails, which isn't very complicated.

Monero has an anonymity set of 11 per transaction.
But with three important things:


hosted wallets
... like FreeWallet, are scams. Check this for more info.

using your own Monero wallet, not a hosted wallet
Yeah, of course it's better to run your own node, but it could take a long time. You can connect you GUI/CLI wallet to the remote node. The list can be founded here or you can use our XMR.RU-node (bitmonero.log is 'set_log 0')

 - Pros: You synchronize your wallet pretty fast.
 - Cons: see this.
 
Also there is another option, you can download the blockchain via Torrent from here (The language of the page is Russian. Use a translator  Smiley).

Any guides on how to do this?
Without KYC:


Mixers represent a good privacy preservation tool for many users.
That's a big misconception. Using the mixer, you're already drawing attention to yourself. There are also services that don't want to accept mixed BTC or will require 100,500 documents from you. The message from our local chat.

It will be different when Kovri (I2P modification) is integrated with Monero.
Or this.

Binance should also work fine, right? Even though they require registration, I think you could easily use fake information and just create multiple free emails through email services like ProtonMail[1]. As far as I know they don't lock suspicious accounts, though I'm really not sure.
Uniquely wrong opinion! See this.
Then do not be surprised when the exchange will block your account due to violation of the rules of use of the service.

xmr.to
Which is integrated in Monerujo and works just awesome.
administrator
Activity: 5222
Merit: 13032
May 23, 2019, 03:46:07 PM
#14
(Talking about blinded bearer certificates:)

I'm just curious how this would work exactly in practice though. - Every time someone tries to cash out their shares, 80% needs to agree manually? Wouldn't that be/become a hassle?

In that system there'd be an expectation that people would usually keep their BTC in the bb-cert system, so redemptions could be batched and only occur once per week or month. If you needed the BTC faster, you could sell the cert on the market; it's sort of like how fiat-backed stablecoins are supposed to work.

Quote
How exactly does this prevent the original owner of the shares from spending the shares back to the bank? Is there some mechanism in place that "changes" the certificates upon transfer to another person?

Every time you transfer it, you have to register it with the bank. The bank:
 1. Checks that it previously blind-signed the cert (but doesn't know when/where it blind-signed it, making it anonymous).
 2. Checks that it hasn't already been spent by checking a database that it maintains.
 3. Adds it to its spent database so it can't be double-spent.
 4. Blind-signs a new cert for the recipient. When they want to spend it, they'll start at step 1 again, but it won't be linked to this event due to the blind signing.

Quote
It'd be cool maybe to build this ontop of bitcointalk somehow

Doing it in usable-currency form has too many risks/challenges. It's way out-of-scope for the forum. I have thought about doing it as a purely-for-fun demo system, but it's extremely low on my to-do list.

Someone's working on a usable version here, but it's very early:
https://www.hookedin.com/
https://github.com/hookedin
legendary
Activity: 1946
Merit: 1427
May 23, 2019, 02:47:01 PM
#13
Quote
N people who are independent and widely considered trustworthy come together to create a multisig address. You need 80% (or whatever) of the N people to agree in order to send money secured by the multisig address. This multisig group is called "the bank", though it ideally should not actually be a single monolithic organization, but rather a more decentralized selection of independent entities.

I'm just curious how this would work exactly in practice though. - Every time someone tries to cash out their shares, 80% needs to agree manually? Wouldn't that be/become a hassle?

Quote
People with the initial certificates can now send them to others. Simply giving someone the signed certificate is all the sender needs to do to transfer it. (Therefore, transacting over a secure channel is important.)
How exactly does this prevent the original owner of the shares from spending the shares back to the bank? Is there some mechanism in place that "changes" the certificates upon transfer to another person?
(I'm assuming there is, otherwise it'd be extremely easy to scam other users..?)

This sounds really interesting! (It'd be cool maybe to build this ontop of bitcointalk somehow, include DT1 in the multisig etc. (Although i can already imagine the drama ensuing from that.))
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
May 23, 2019, 02:09:18 PM
#12
If ChipMixer keeps logs (which you can't possibly know for sure), then they know exactly where the coins are coming from and going.
Does there any way to check if it really does?
This is not possible. You must trust the operator. If the operators servers are compromised, a third party may create logs without the operators knowledge.


Binance should also work fine, right? Even though they require registration, I think you could easily use fake information and just create multiple free emails through email services like ProtonMail[1]. As far as I know they don't lock suspicious accounts, though I'm really not sure.


[1] https://protonmail.com/
Dont try this. I can assure you binance looks at much more than your email address. Doing what you describe is a good way to be required to provide a lot of KYC information that will probably be passed along to your government in the form of a SAR report, in order to access your coins.
administrator
Activity: 5222
Merit: 13032
May 23, 2019, 01:51:49 PM
#11
Binance should also work fine, right? Even though they require registration, I think you could easily use fake information and just create multiple free emails through email services like ProtonMail[1]. As far as I know they don't lock suspicious accounts, though I'm really not sure.

Then binance can link together all of your outgoing BTC, which serious hurts privacy. Also, as mentioned, these exchanges all seem to randomly hold users' BTC hostage. It's best to use no-registration changers like flyp.me or xmr.to.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
May 23, 2019, 01:24:36 PM
#10
What would you do if they randomly ask you for your KYC info? For example, if any government agency tracks the coins back to Binance and they want to know who owned them. It happened already. Even if you decide to do the KYC to get your coins back, all the info is fake, so you can’t verify them.

That pretty much. It could potentially work well if you end up undetected, though the risk definitely doesn't outweigh the benefits of using Binance(liquidity). Haven't really heard of account locks on any community though. But I definitely see the number to increase as regulations increases.
legendary
Activity: 2758
Merit: 6830
May 23, 2019, 01:12:06 PM
#9
Binance should also work fine, right? Even though they require registration, I think you could easily use fake information and just create multiple free emails through email services like ProtonMail[1]. As far as I know they don't lock suspicious accounts, though I'm really not
What would you do if they randomly ask you for your KYC info? For example, if any government agency tracks the coins back to Binance and they want to know who owned them. It happened already. Even if you decide to do the KYC to get your coins back, all the info is fake, so you can’t verify them.

Quote
[...]

Binance’s customer support was quick to respond to the post, stating that the platform’s Terms of Use clearly allow the company to request personal identity information in certain scenarios. Since the user agreed to the company’s terms while setting up his or her account, they have no choice but to reveal their identity in order to lift the withdrawal freeze.
https://beincrypto.com/binance-user-expresses-outrage-over-forced-identity-verification/
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
May 23, 2019, 12:29:00 PM
#8
Any guides on how to do this?

You want to use a KYC-free, no-registration coin changer. flyp.me seems the best right now, but these services tend not to last long KYC-free.

Note that although bisq is decentralized and therefore more likely to survive long-term, it's pseudonymous, so an observer can link together all of your bisq transactions. This is very bad for privacy.

Binance should also work fine, right? Even though they require registration, I think you could easily use fake information and just create multiple free emails through email services like ProtonMail[1]. As far as I know they don't lock suspicious accounts, though I'm really not sure.


[1] https://protonmail.com/
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
May 23, 2019, 11:08:02 AM
#7
Mixers represent a good privacy preservation tool for many users. However, it always remains risky to rely on a centrally-operated service that can be compromised. And even they claim not to store details of opened sessions for more than 24h, it still poses a risk of being found out.
Unlikely, the best options mentioned by Theymos are not available for all of us. How many used the swap XMR/BTC to hide traces? Don't expected many!

If ChipMixer keeps logs (which you can't possibly know for sure), then they know exactly where the coins are coming from and going.
Does there any way to check if it really does?
administrator
Activity: 5222
Merit: 13032
May 23, 2019, 10:39:59 AM
#6
Any guides on how to do this?

You want to use a KYC-free, no-registration coin changer. flyp.me seems the best right now, but these services tend not to last long KYC-free.

Note that although bisq is decentralized and therefore more likely to survive long-term, it's pseudonymous, so an observer can link together all of your bisq transactions. This is very bad for privacy.

ChipMixer follows a completely different approach which isnt bad at all.

If ChipMixer keeps logs (which you can't possibly know for sure), then they know exactly where the coins are coming from and going.
sr. member
Activity: 518
Merit: 250
May 23, 2019, 09:31:18 AM
#5
Most "tumblers", like the now-defunct bestmixer.io or even ChipMixer, aren't great because they are needlessly expensive, you're trusting the service not to run away with your coins, and you're trusting the service not to keep logs. Maybe they're the best current solution for small amounts where lasting anonymity isn't mission-critical, but in most cases you shouldn't use them.

Anonymity is very difficult, especially with blockchain-based systems where so much data has to be public, but also in other areas (eg. there are several known weaknesses with Tor). You should always operate with the expectation that any anonymity system you use will eventually fail you. If you're ever confident in your anonymity, then you're wrong.

That said, there are two halfway-decent mixing methods currently:

#1 - Wasabi wallet

The Wasabi wallet uses CoinJoin in order to anonymize BTC.

 - Pros: Easy to use; fairly cheap ~0.15% fee; pretty good privacy; automatically uses Tor
 - Cons: ~0.1BTC minimum; with a great deal of effort and investigation, transaction analysis may still be possible, especially if you leave other traces; the coordinator could possibly do an active sybil attack against specific coins

#2 - Monero

Monero is not a magic black box which provides perfect anonymity! If you use eg. flyp.me to buy XMR and then quickly sell this XMR on flyp.me again, it is blatantly obvious to flyp.me what you've done (if they keep logs), both due to the amounts and the specific Monero inputs used. In order to get decent privacy, you have to do something like this:
 1. Convert BTC to XMR (using your own Monero wallet, not a hosted wallet).
 2. In two or more transactions of random amounts, move XMR from that wallet to a different wallet/account.
 3. Optionally, you can repeat the above step with additional wallets/accounts for greater anonymity.
 4. Preferably in two or more transactions of random amounts, convert the XMR in your last wallet in the chain to BTC.
 
Ideally, all of the above should be performed over as long a period of time as you can tolerate.

 - Pros: Possibly the best anonymity, especially if you're able to stay within the XMR ecosystem to some extent
 - Cons: You should use Tor with Monero, but you have to set this up manually; it's all more difficult; you're exposed to exchange rate risk; transaction fees may be significant

Anonymity comparison between the two

Both Wasabi and Monero can be thought of in terms of "anonymity sets". If you're spending some BTC with an anonymity set of 50, this means that an observer can see that the sender is one of 50 people, but they can't tell which. So someone investigating a particular transaction you sent would have you "in their sights" to a certain extent from the start since you're among the 50, but in order to prove that you sent it, they'd have to either eliminate 49 other people from consideration or find some other evidence linking you to it.

Wasabi always aims for an anonymity set of 50 when mixing. Monero has an anonymity set of 11 per transaction. If you cascade transactions as I suggest above, then this multiplies, so after two transactions you have an anonymity set of 11*11=121, and after a cascade of three you'd have an anonymity set of 1331.

The quality of each member in the anonymity set isn't quite comparable, though. Monero is able to hide transaction amounts, which is helpful, but I tend to consider the quality of Monero anonymity-set-members to be lower on average, since many are probably owned by hosted wallets or other possible global adversaries.

See also

https://en.bitcoin.it/wiki/Privacy

P.S.
If services like ChipMixer operated based on blinded bearer certificates, then they'd be in many ways superior to both of the above mixing methods. Someone should work on this.

Chipmixer isnt expensive. Well BitMixer has just been shutdown, so no need to discuss about it.
ChipMixer follows a completely different approach which isnt bad at all.
Tumble with Monero isn't for beginners and it requires sometimes or I would say most time to go through some exchanges a.ka. "centralized exchanges". But with some effort, you can achieve it.
I would say, cascade your transactions by not trusting just 1 "person".
And it's possible to achieve some degree of anonymity with your habits and without using a single mixer.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
May 23, 2019, 09:14:35 AM
#4
1. Convert BTC to XMR (using your own Monero wallet, not a hosted wallet).

Any guides on how to do this?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
May 23, 2019, 02:19:17 AM
#3
If you are using XMR, if you can, you should not convert back into bitcoin. This will expose you to greater exchange rate risk, but will increase your privacy. There are a limited number of services that can exchange btc <--> xmr anonymously, and a small number of additional services that will exchange this pair after verifying your KYC. An adversary could look at btc transaction flows to/from the various xmr/btc sites and draw some conclusions based on transaction sizes.

If you do not trade your XMR back to btc, you will also have much fewer payment options because much fewer merchants accept xmr. If need be, you can also only convert your XMR back to btc as you need to spend the btc.   
full member
Activity: 428
Merit: 172
chenille!
May 22, 2019, 07:13:01 PM
#2
you're trusting the service not to run away with your coins, and you're trusting the service not to keep logs.
A very important advice. That's always at risk if we give our coins to a third party = use a centralized service, not matter if it's a mixer, a gambling site or an exchange. Technically, the NSA can set up a mixing service and all of us would be mixing our coins by the NSA.  Cheesy
And if someone wants to protect his privacy but the BTC are stolen by the mixer he won't have to worry much about it if the BTC are tainted or not because they are gone.

I may recommend to continue also reading here (Breaking Mixing Services), the user tried to break a mixing-service (coinmixer.se) and it was successful. ChipMixer is also a centralized mixing service but using a new, different method to protect the privacy (chips (private keys) and they are funded before you make your deposit there). So, the method of breaking the service like it was performed to break coinmixer.se won't work. However, it could still be possible to break it otherwise like if logs are kept.

Some more links to add:
Wasabi wallet: https://bitcointalksearch.org/topic/wasabi-wallet-making-bitcoin-transactions-untraceable-5037094
Monero (ANN): https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449
ChipMixer: https://bitcointalksearch.org/topic/ann-chipmixercom-bitcoin-mixer-bitcoin-tumbler-mixing-reinvented-1935098

The best measure is to protect your personal data by yourself. The number of sites fishing for it is amazing and avoiding unnecessary KYC or submitting other details like a phone number should be rule number one to protect our privacy.
administrator
Activity: 5222
Merit: 13032
May 22, 2019, 05:18:50 PM
#1
Most "tumblers", like the now-defunct bestmixer.io or even ChipMixer, aren't great because they are needlessly expensive, you're trusting the service not to run away with your coins, and you're trusting the service not to keep logs. Maybe they're the best current solution for small amounts where lasting anonymity isn't mission-critical, but in most cases you shouldn't use them.

Anonymity is very difficult, especially with blockchain-based systems where so much data has to be public, but also in other areas (eg. there are several known weaknesses with Tor). You should always operate with the expectation that any anonymity system you use will eventually fail you. If you're ever confident in your anonymity, then you're wrong.

That said, there are two halfway-decent mixing methods currently:

#1 - Wasabi wallet

The Wasabi wallet uses CoinJoin in order to anonymize BTC.

 - Pros: Easy to use; fairly cheap ~0.15% fee; pretty good privacy; automatically uses Tor
 - Cons: ~0.1BTC minimum; with a great deal of effort and investigation, transaction analysis may still be possible, especially if you leave other traces; the coordinator could possibly do an active sybil attack against specific coins

#2 - Monero

Monero is not a magic black box which provides perfect anonymity! If you use eg. flyp.me to buy XMR and then quickly sell this XMR on flyp.me again, it is blatantly obvious to flyp.me what you've done (if they keep logs), both due to the amounts and the specific Monero inputs used. In order to get decent privacy, you have to do something like this:
 1. Convert BTC to XMR (using your own Monero wallet, not a hosted wallet).
 2. In two or more transactions of random amounts, move XMR from that wallet to a different wallet/account.
 3. Optionally, you can repeat the above step with additional wallets/accounts for greater anonymity.
 4. Preferably in two or more transactions of random amounts, convert the XMR in your last wallet in the chain to BTC.
 
Ideally, all of the above should be performed over as long a period of time as you can tolerate.

 - Pros: Possibly the best anonymity, especially if you're able to stay within the XMR ecosystem to some extent
 - Cons: You should use Tor with Monero, but you have to set this up manually; it's all more difficult; you're exposed to exchange rate risk; transaction fees may be significant

Anonymity comparison between the two

Both Wasabi and Monero can be thought of in terms of "anonymity sets". If you're spending some BTC with an anonymity set of 50, this means that an observer can see that the sender is one of 50 people, but they can't tell which. So someone investigating a particular transaction you sent would have you "in their sights" to a certain extent from the start since you're among the 50, but in order to prove that you sent it, they'd have to either eliminate 49 other people from consideration or find some other evidence linking you to it.

Wasabi always aims for an anonymity set of 50 when mixing. Monero has an anonymity set of 11 per transaction. If you cascade transactions as I suggest above, then this multiplies, so after two transactions you have an anonymity set of 11*11=121, and after a cascade of three you'd have an anonymity set of 1331.

The quality of each member in the anonymity set isn't quite comparable, though. Monero is able to hide transaction amounts, which is helpful, but I tend to consider the quality of Monero anonymity-set-members to be lower on average, since many are probably owned by hosted wallets or other possible global adversaries.

See also

https://en.bitcoin.it/wiki/Privacy

P.S.
If services like ChipMixer operated based on blinded bearer certificates, then they'd be in many ways superior to both of the above mixing methods. Someone should work on this.
Jump to: