There is a disconnect between privacy researchers and privacy implementers. For a few years now, the mission of my life was to close this gap and now I am in the finish line with Wasabi Wallet. And, if I am successful, this will be my last chance to write about this light and unchallenging, yet important topic.
The only Bitcoin anonymity techniques those came out of research and made their way to the Bitcoin main network are JoinMarket, ZeroLink/Chaumian CoinJoin (Hidden Wallet / Wasabi Wallet, Bob Wallet) and TumbleBit (Breeze Wallet,) however they did not gain much traction, compared to their centralized alternatives. Most users, in fact use centralized Bitcoin mixers to regain their privacy. This blog post is about them.
Thinking about it, isn’t it ironic that, over the past years I wrote about every Bitcoin privacy technique in existence, except the one that 99% of all users use?
Issue 1: They Steal Your Coins
BitcoinFog is the longest running, most established Bitcoin mixer, yet gossips are they are selectively scamming their users. If you send a high enough amount to them, you will not see it again. This is not unique, Bitcoin mixers, similarly to DarkNet markets and Bitcoin exchanges are, from time to time exit scamming. This is the most apparent architectural weakness these traditional Bitcoin mixers have.
Issue 2: You have no privacy against them
I have a friend who runs a VPN company and advertises on his website that he is not logging. He told me in private that he is logging. When I tried to point out the hypocrisy in this, he said: everyone else does.
Traditional Bitcoin mixers are likely also logging. Not only if they are malicious (meaning: set up by a government agency,) but they have an incentive to log. Imagine if LE finds them, how much better position they are to bargain if they have logs, than without them? Of course there is no way to know who logs and who doesn’t. This is the second most important architectural weakness of them.
This is the reason why researchers, like me are not talking about them at all. Every anonymity technique starts with a trustless architecture. No compromise here.
Issue 3: Mixing Unequal Inputs (The Wrong Way)
Update: This is not a theory anymore. Mixers have been deanonymized in practice like this: Felix Maduakor ‘s Bachelor’s Thesis— Anonymous Bitcoin Transactions
If you send 3.29372 Bitcoin to a mixer and receive 3.29372 Bitcoin from the mixer, then the flow of the coins is trivial.
While some of these mixers do some obfuscation regarding this issue, these attempts are weak. I have only seen one mixer so far that sufficiently addressed it, which is called ChipMixer. It is not an endorsement, I don’t know if they are even legit.
Wasabi/ZeroLink/TumbleBit/JoinMarket/CoinShuffle are all using equal outputs so the result of the mix is a pure, undeniable mix.
This of course comes with some usability issues, which only Confidential Transactions could solve perfectly. Considering that, this technology making itself into Bitcoin is lightyears away, I came up with Unequal Input Mixing, that provides significant improvements in a number of ways and can be implemented today. Unfortunately I am occupied by the release of Wasabi, so this work is a little more down the road, I didn’t even had the time to popularize this idea yet, however you should rightfully be excited about it. If you are interested, I would love to see some research on it.
Issue 4: Network Analysis
Network analysis is something that every Bitcoin privacy technique consider it out of its scope, except my ZeroLink. The fundamental issue is that all light wallet architecture is failing in privacy on the network level, except Wasabi and Neutrino, although the latter is not deployed to the mainnet.
It is easy to see why this is the case with most light wallets: you are querying all your wallet addresses from a third party, which can easily connect the dots IP addresses and timing analysis. Another light wallet architecture is Electrum’s, where the exact same thing is happening, with the difference is that your privacy fails against random Electrum servers, instead of your wallet provider’s server. With SPV wallets, the issue is more nuanced. In summary, in 2016, Nick Jonas deanonymized most SPV wallets by crawling SPV bloom filters. Luckily he was just a researcher. Unluckily nothing stops Blockchain Analysis companies to do the same.
With that in mind, what we must notice is that most traditional Bitcoin mixer users fail against network analysis before and after the mix. Therefore it doesn’t matter if you are doing it properly and you use a full node, you are the only one who does that, thus you will be deanonymized, too.
This is the reason why I had to build a fully functioning Bitcoin wallet: HiddenWallet, and later Wasabi Wallet, instead of just throwing some mixing code to a website.
Thought For Food
The above described weaknesses limited the user base of Bitcoin privacy techniques to a certain type of user, who is in desperate need of privacy and in order to get it, he is willing to risk losing money. This can also be illustrated by the terminology in use:
However, since coin loss, and other issues are architecturally impossible with Wasabi, our target user is not limited to them, the target user of Wasabi Wallet is everyone, because everyone needs privacy.
It may be worth to take a step back and examine a practical question. How effective are traditional Bitcoin mixers, today, in 2018? My guess is, Blockchain Analysis is most likely incapable to take full advantage of these weaknesses. Of course, since it is close to impossible to figure out what they can and cannot do, you have no choice but to rely on my expert intuition, which is based on some gossips I’ve heard here and there. What I suspect, how effective they are, can be summarized by a quote, from an interview with Jonathan Levin, the co-founder of Chainalysis:
When we encounter a Bitcoin mixer, our algorithm does not work anymore. In this case we have to manually look at the graphs to make sense of the flow of coins.