Topic: Ultimate Bitcoin Privacy - Discussion - page 4. (Read 1648 times)

The blind certificates are certainly causing a lot of confusion since it's a relatively novel idea put into practice. Perhaps you all could create a graphic that would explain it clearly and in an illustrative manner? That would help a lot vs. reading paragraphs of text about it, and then it'd be easy to repost to answer this question moving forward.

Everyone has the right to rush to fill the big gap left by Chipmixer, but on the other hand, it has become very difficult for any mixer to gain the trust of the community because of this incident, which showed that the mixer was keeping user data.

I, as many here, do not know how blind certificates work completely, but what I do know is that it has become very difficult to trust any third-party services. I personally do not trust that any third-party service fully maintains privacy.

You need to decentralize the service almost completely to gain trust.

That makes sense. My assumption was the multisig is meant to protect against losing access, but it's against someone else gaining access. Unless someone skips the servers ans gains access to your backups directly.

Correct, the multi-sig's purpose in the current setup is not to protect against us acting maliciously, but against external actors.

Correct again, in this form users funds will be protected against external actors and us acting maliciously. I believe it could work well enough even with less than 9 other people, but the flow remains the same.

Nothing to correct. It was clear to us from the beginning that requiring trust from the end user would be the biggest issue, but until we find reputable users to add to the multi-sig there really is no way around it. We will try our best to migrate to the trustless version as soon as possible, it all depends on how fast we'll be able to find the right users for the multi-sig. Until then as you said funds are safe from external actors but we could scam anytime if we wanted.

I think maybe it would be worth clarifying the difference between the current set up and your future plans.

At the moment, with whirlwindmoney being the sole operator of the site, then they are in control of all 3 keys in a 3-of-3 multi-sig. This provides additional security against a single server being seized or infiltrated, but it still requires complete trust from the end user that whirlwindmoney won't scam them, as it would in a normal single-sig set up.

In the future with blinded bearer certificates and the involvement of other third parties, then presumably the best option in that scenario would be to migrate to a different multi-sig. Let's say they recruit nine other people to be signers for the blinded certificates. Maybe something like a 7-of-10 multi-sig would be the best in that case, which provides a good mix of security against some of the signers being dishonest as well as redundancy against some of the signers being taken offline, seized, infiltrated, etc.

CMIIW.

We are the only ones who hold the backup (offline) for all 3 signers and the only ones who have access to the servers. One of the servers belongs to us, the other 2 are rented. The difference that we care about between the physical and rented ones is that for the physical one we are 100% sure it is not tampered with in any way. (can't disclose how for security reasons so you'll have to take my word on this) And if something were to ever happen we would find out with enough time in advance that we could just migrate to a new setup instantly.

It is a 3/3 multisig setup, 1/3 would defeat the purpose. The reasoning behind it is that if one signer will ever be seized or it stops for any reason there is no damage that can be done. Like I said the only real bad scenario is if all of them get hacked at the same time without us knowing. If we ever feel that something is not right with any one of the signers we can migrate to a new multi-sig with new signers and new servers in under an hour, in fact we were planning to do this once in a while by default just in case. Most if not all other services store their keys on a single server that may be infiltrated from day 1, there is just no way to be sure but we don't want to take any chances ourselves.

Where's the redundancy in this setup? Who holds for instance the backup to the keys used on the physical server? And doesn't the fact that someone has access increase the risk of losing funds?

If just 1 out of 3 is unavailable, the multisig transaction can't be signed anymore. Unless you mean a 1/3 multisig setup, but that creates other risks.

First of all the frontend will be open source very soon, so if the service gets seized/shutdown anyone can use that to withdraw assuming the multi-sig signers are still online. The only really bad scenario is if all 3 signer servers get seized at the same time. Chances of that happening are very slim since we would know about at least 1 of them with enough time in advance and no single server out of the whole infrastructure is exposed so even finding one of them would be quite challenging, let alone the signers.

If there was a 5/10 multi-sig for example, if only 5 of those signers are still running then anyone can use the open source frontend to withdraw. You don't have to contact anyone, theoretically even the signers don't have to know who the other ones are. As long as the required amount of multi-sig signers are still online then the service is online regardless if we the creators are around anymore or not.

EDIT: The only disadvantage to keep in mind for when there'll be more signers is that the "Fast" mode will be deprecated and we need Blind Certificates because all signers will know what happens on the platform and could keep logs so we can't take that risk.

I understand that, but my concerns was more about how users would be able to redeem their certificates should your service be seized or shutdown. It doesn't really matter that the funds are secure and cannot be stolen by third parties if the real owners cannot access them either.

And if you have a solution to this problem, how would that change if you move to multiple third party signers as you have mentioned above? Would I have to go to each signer individually and have them validate my certificate and approve my withdrawal? How would I even track down the signers in your absence?

Thanks, the privacy set will only grow stronger the longer the service will be running so I hope that once it gets traction we can find a solution to split the "ownership" of the platform with more users in order to minimize risks on all fronts.

You are correct, the notes are not blinded certificates as in we could keep logs if we chose to. We are not, but there is no way for me to prove this so this is why I want to implement the blinded certificates, after that the user won't have to trust us anymore.

Regarding the service getting shutdown, blinded certificates and notes hold the same risk as you store your BTC in our multi-sig until you decide to withdraw. I could give more technical details about our security, but all I will say for now is that we took the most extreme security precautions possible. Our "hot wallet" is a 3/3 multi-sig with one of the signers being a physical server, so funds are safe. The infrastructure looks like a mini blockchain (with only 3 validators or signers which are all run by us for now), so even if the frontend or backend servers would get hacked, no funds could be stolen since faking guarantee letters using the backend server doesen't do anything as the signers would also have to verify. It's complicated, but like I said before if I'll find willing trusted members to run signers with us I am willing to do it.

Having said all of the above as far as I'm concerned I am not doing anything illegal. I don't encourage illegal activity and will never promote the service on the darknet or for any illegal purposes, I'm a simple provider of privacy services. There are no statistics regarding % of CEX funds coming from illicit sources so we can't compare to what we know about mixers, but my guess is that the number is very similar if not higher for centralized exchanges. There are bad actors in every industry, you can't just shut down all businesses of one type because of a few bad apples. If the service will start to get seriously abused by bad actors and big pressure will be put on us then I'd much rather shut down the service early and honorably than put users funds and privacy at risk, but for now I still believe there has to be a way to run everything legally. This is not because I don't believe Bitcoin is fungible or anything of this sort, but regardless if the service gets seized or sanctioned, the end result is the same as in it can't really be used anymore, so everyone loses. Having great security is a must, but relying on this by itself doesen't generate any value for the long term. I'd much rather try to find a way in which everyone is happy, or at the very least not too unhappy, while users enjoy full privacy. This is what they pay for and nothing less is acceptable

With the Blind Certificates I talked about in my previous posts it may be possible for users to prove their funds don't come from specific addresses linked to hacks/ransom/etc., so if that is possible then honest users have a way to prove they are not thieves while retaining privacy, and bad actors are isolated so sending the BTC to whirlwind is pretty much useless if they plan to use centralized services afterwards since they couldn't prove they are not one of the bad actors. It's too early to talk about this since we need to get some users first and get some actual demand for something like I outlined above.

A few questions:

Am I correct in saying the notes you talk about on the Tor site are not blinded bearer certificates? Rather, they function similarly to ChipMixer chips, in that I can combine or split them and redeem them later, but they are not blinded to you?

Once blinded bearer certificates are operational, how does the end user protect against your service/website being seized/shutdown? How could they redeem their certificates in such a case? How would they be able contact the threshold number of signers in order to redeem their certificate and receive the corresponding bitcoin from your multi-sig wallet?

The site looks great! It's very accessible with a lot of the mixing inputs on the first page. Being able to mix coins in just a few minutes with above average anonymity is a great feature. Of course, everything relies on the trust of the provider, it's all a spectrum, and it's going to be great to see you all develop as time goes on. Improve and innovate quickly, there is a big gap to fill right now with Chipmixer gone!

I want to share some updates until we start our ANN thread and Signature campaign later this week, hope this category is fine.

The service is accessible using the following link:
whirlwct7ertqae6i7ivsm475kgia6v67zzxevgzkilykknrjke33cqd.onion

The fees range between 0.25%-4% depending on the user's choice. BTC will be continously added to the reserve during the next days.

The discussion around Blind Certificates remains open, we will develop the final system after more talks with the community since we feel like this could be a huge step forward for privacy if executed correctly, it's just too early for that.

I'll gladly move the topic to another category but I am not sure which one fits this discussion better. I will create an ANN thread and signature campaign so I will lock this once I start those.


3 people is by no means decentralized, but it's definitely better compared to only us while we're new and not trusted.  This number could easily grow to 100 assuming we have the right candidates and this is the right way to go, but I'm not sure it makes monetary sense. Anyways as you said it's too early for this kind of discussion, we'll come back to it once we're established.

The product is finished since more than 1 month, we just took the time to extensively test every feature since it's something new. We will launch the V1 in the first half of the upcoming week, start a review and signature campaign and see how things evolve from there. We will also deposit some BTC in escrow so users trust at least trying out the service as I'm sure once they do they won't look back

I think it's going to be pretty tough or nearly impossible to find three trusted people who would be willing to be signers right now, both because of Chipmixer getting shut down and because you're still very new. I also think we could have a discussion/debate about if a set of 3 people as signers is decentralized. What number is sufficient? 5? 10? 100? I wonder if there's some sort of situation where this would be more decentralized than 3 people. Anyways though, as stated before, creating the centralized model first is the right path to test the waters and to gain trust in yourself. Are we any closer to seeing the first test version or anything like that?

From what i can sense in your post and your copper membership purchase is that you're giving a brief overview of what is expected from you in the proposed service you want to render which sounds to be a mixing service, well this could actually be a prelaunch advert on what you've got to offer and i will will further advise you try create a discussion thread on it under services development and technical discussion and appear the normal way and possibly create an ANN thread as well for your discussion, lastly you can as well advertise yourself by creating a signature campaign.

Everything is automated so any new signer would only have to set everything up once.

Someone that is trusted and anonymous would be a great candidate, but I agree that finding this will be very challenging. I will probably launch it by myself and then look into this again once we got some traction. Given the rewards signers would get it will hopefully become attractive enough to make it worth it for some to join us. Everything will be upgradeable so when we find the right people the whole transition process will take a few hours at most.

Would that mean manually approving every withdrawal?

There's a complication: considering recent events, being directly involved in any form of coin mixing could mean legal problems. Since you're looking for trusted and thus well-known people, I doubt they'd want to risk that.

I am open and would actually prefer to start the service in a decentralized manner, I just think it's difficult to find at least 3 trusted members of the community willing to be part of the multi-sig and run a signer. If anyone has ideas how this could be achieved then we just solved one of the 2 big issues as funds wouldn't be at risk anymore. The only issue left would be to ensure that the no-logs policy is enforced, and that will be achieved through the Blind Certificates. Even if we assume that logs are kept for fast and slow methods, if Blind Certificates are used then there is no way for us to log anything as we don't know the information in the first place.

Note: Infrastructure is created in such a way that the signers wouldn't know the rest of the signers/servers IP's so even if one would want to act maliciously and disclose all IP's from the rest of the infrastructure he couldn't

I'm looking forward to helping test and review this. The trust is a big challenge, but I'm willing to be open-minded and allow Whirlwind the opportunity to prove that this can work, which we will all see in the testing/review period.

I was right there when the idea was first floated (https://bitcointalksearch.org/topic/m.61883998), and Whirlwind wants to eventually evolve into a decentralized version. That's the ultimate final goal here, and as far as I can tell, it's never really been accomplished in a version of what was described. If we want that goal, I think we need to support this venture as best we can through the less trustworthy, centralized version with an understanding that in the end, a decentralized model will be delivered.