Author

Topic: Privacy, Anonymity & Fungibility with ValueShuffle (Read 964 times)

newbie
Activity: 14
Merit: 10
Let me clarify some things.

It's true that all solutions with a limited anonymity set somehow suffer from sybil attacks. However, if the possible anonymity set is large enough, and the system is indeed used regugarly, then it's quite probably that there will be some honest users in it. If you ask me, both ValueShuffle and TumbleBit provide reasonable anonymity sets; however TumbleBit scales a little better.

Regarding fees:
Yes, fees make sybil attacks harder, because the attacker has to pay them as well. But fees are not specific to TumbleBit. Both ValueShuffle and TumbleBit (and basically all other mixing solutions) require normal transactions fees, because they rely on some kind of Bitcoin transaction. If desired, you can artificially increase the fees to make sybil attacks more expensive (at the cost of higher fees for honest users).

Centralization:
That's right, both TumbleBit and ValueShuffle require some form of central point. (In theory, you can do ValueShuffle without central point. That would then use P2P connections between the nodes, so I would not call it "on-chain". However, then you need techniques that make the protocol quite slow and this is not what you use in practice.) Everybody can set up such a central point and people can chose which one they would like to use. In both TumbleBit and ValueShuffle, users do not need to trust the central point except for the fact that it does not help sybil attacks by excluding honest users. However, honest users could publicly complain about that, and then it's possible to switch to a new central point.

A difference between TumleBit and ValueShuffle is that the central point in TumbleBit is a "tumbler", which is a server specificially designed for running TumbleBit. ValueShuffle just requires some form of broadcast communication, e.g., a modern IRC server supporting timestamps. That may make a difference in legal terms: Maybe you don't want to run a server made for anonymizing money, but running an IRC server should not get you in trouble in reasonable jurisdictions.
staff
Activity: 3500
Merit: 6152
I see now that both systems are vulnerable to sybil attacks. :ĺ

I can't tell you whats the differences between both of them since I don't have a lot of info but from the whitepaper , TumeBit shouldn't be vulnerable against sybil attacks as stated here https://eprint.iacr.org/2016/575.pdf

"DoS  and  Sybil  protection. TumbleBit  uses  transaction fees  to  resist  DoS  and  Sybil  attacks.  Every  Bitcoin transaction  can  include  a transaction  fee that  is  paid to  the  Bitcoin  miner  who  confirms  the  transaction  on
the  blockchain  as  an  incentive  to  confirm  transactions"
legendary
Activity: 1937
Merit: 1001
I see now that both systems are vulnerable to sybil attacks. :ĺ
legendary
Activity: 1937
Merit: 1001
The way TumbleBit works essentially requires a 3rd party service for an essential part of its function.

I think it would be way better if everything could be done on-chain 100% within the bitcoin protocol itself.

I know ValueShuffle also has some form of centralization for easy inplementation but it can work 100% on-chain if implemented.

Am i missing something about TumbleBit?
staff
Activity: 3500
Merit: 6152
There is already TumbleBit[1] which is being developed at the moment to provide both privacy and anonymity and I'm not sure on what criteria the developers will choose which one to implement . SegWit is however not yet ready when It comes to the miners acceptance , we are 26% while we need 95% at least.
As for what it comes to the priority then I doubt any of them will be added first  , Lightning Network is probably whats going to be implemented first and before anything else.

[1] https://github.com/BUSEC/TumbleBit
legendary
Activity: 1937
Merit: 1001
I'm surprised this hasn't been talked about here.

At the end of last year a paper was published building on Bitcoins current protocol with SegWit activated.
Resolving what i consider to be Bitcoins biggests shortcomming/flaw, its complete lack of privacy anonymity, and with that even more importantly, fungibility.

I've been rambling on about this for years now, mostly being ignored and made fun of.

Here are people that do consider it an issue and actually found a working solution:

https://bitcoinmagazine.com/articles/valueshuffle-brings-together-the-best-of-both-worlds-for-privacy-1483557170

What would the drawbacks be to implement this?

Does the core-dev team have any plans to prepare Bitcoin for a strong future with this?

Next to SegWit i feel this should be top priority for Bitcoin to stay strong and actually become what many of us wanted it to be right from the start.
Jump to: