Author

Topic: Mixing Services: Linking Inputs to Outputs? (Read 880 times)

legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
August 20, 2014, 04:37:35 AM
#4

Not a mixing user myself, but one of the recommendations I heard (with relation to coinjoin though) is to use two or more exact same output amounts.
legendary
Activity: 1330
Merit: 1003
I never used a mixer either, but according to https://bitmixer.io you can put 1) several "forward addresses" 2) put different time-delays for each of them. So yeh, pretty much what you said Wink

Perhaps not all mixers offer this though (and perhaps there are better alternative than bitmixer)

Looking at Bitcoin Fog I did seem to get some of it right. They use random time delays, multiple withdrawal addresses and randomized fees.
legendary
Activity: 1876
Merit: 1295
DiceSites.com owner
I never used a mixer either, but according to https://bitmixer.io you can put 1) several "forward addresses" 2) put different time-delays for each of them. So yeh, pretty much what you said Wink

Perhaps not all mixers offer this though (and perhaps there are better alternatives than bitmixer)
legendary
Activity: 1330
Merit: 1003
I'm not very familiar with Bitcoin mixing services because I've never felt the need to use one, but I am interested in mixing my coins at some point in the future. If I understand correctly, a mixing service will generally take Alice's coins, give them to Bob, and replace Alice's coins with Carol's.

However, my concern with a service such as this is that Alice is going to get back the same amount, minus fees, as she put in, right? So if an attacker wanted to track Alice's Bitcoins as they move through a mixing service, he could study the transactions moving in and compare them to those moving out.

Now, one way to reduce that risk might be to use many addresses for the service and never move coins between them, so I might send 1BTC to address A, and then address A will send those coins to someone else. I then receive my coins from address H or U for example.

But what if the attacker ignored the addresses involved in the mixing service altogether and simply looked at the amounts. For example, if Alice has 1.212435 BTC and wants to mix them on a mixer with a 0.5% fee, the attacker could just watch transactions for a few hours after the coins leave Alice's wallet and look for a transaction totaling 1.206372825 BTC. That's a pretty unique number that is very unlikely to be duplicated.

Am I right about this being possible or are there already solutions in place to avoid this? If not, I have some ideas that might help:

Potential ways for services to mitigate this risk:

  • Delay the repayment by a random amount of time less than X (maybe ~3 hours).
  • Make the fee slightly random, for example between -.7% and 1% or round the amount payed in order to reduce the uniqueness of the transaction.
  • Divide the outgoing payment among a list of several addresses owned by the user.

Potential ways for users to mitigate this risk:

  • Only use round numbers to avoid making a unique-looking transaction. Instead of 1.212435 BTC only mix 1.21 BTC.
  • If a user has inputs on several addresses, send them separately instead of joining them. Of course, this only slightly increases privacy if it's the only method used.

I may have completely missed the target here because like I said, I'm not very familiar with mixing services. Hopefully though, I've raised some good questions and some of you can enlighten me to how mixing services work and how best to take advantage of them.
Jump to: