Bitcoin Mixers 101

Everything You Ever Wanted to Know About Bitcoin Mixers
(But Were Afraid to Ask)

January, 2022

Bitcoin mixers, or tumblers, are services offering the ability to obfuscate user’s funds. Figure 3.1 depicts the general functionality of a mixer with three users and the mixing operator. Each user sends their Bitcoin into the service and is returned another user’s input to a different address. This output has a completely different transaction history associated with it. The mixer operator runs the service and is aware of all permutations between inputs and outputs. Although this high-level view may seem easily traceable, mixers use techniques that make it difficult to trace transactions and identify mixing service use on the blockchain.

 

Obfuscation Techniques

Since their inception, mixing services have adapted to threats stemming from transactional analysis. In this section, we outline potential characteristics used to trace transactions and the techniques implemented to eliminate traceability. The inclusion of obfuscation techniques varies between mixing services.
 
 
The mixer input address is presented to the user to send their funds to the service. If kept consistent for all users, it would be simple for anyone to identify mixing participants and the amount of Bitcoin the mixer has in its pool. To avoid this, mixers generate new input addresses for each user. Additionally, the user’s address could be traceable if kept consistent throughout the mixing interaction. In turn, mixers allow their participants to specify multiple output addresses. Patterns in amounts and timestamps of transactions could also indicate mixer use. Since network fees are public information, mixers add mixing fees to each transaction. In addition, mixing delays are used to make blockchain analysis more difficult. According to [12], there are more than 300,000 Bitcoin transactions every 24 hours. Thus, it is in mixing participants’ best interest that delays are maximized. While the majority of services randomize fees and delays, some allow users to customize these features.
 

Threats

Trust is incredibly important for the success of a Bitcoin mixer. As third-party services, they must convince users that funds will be properly mixed and returned. Thus, mixers often offer features for users to check the status of their mix or proudly promote their forum posts. Still, Bitcoin mixers are continuously accused of scams and poor implementation.

While mixers may pose threats to their participant’s funds and anonymity, users and external attackers also contribute to the threat landscape. Some of the threats posed by users and external attackers, like tracing transactions, are mitigated with obfuscation features. Others, like coin theft, can be mitigated by the proposed mixer implementations discussed in Chapter 5.

The majority of current mixing implementations involve a centralized third-party run by an all-powerful operator. The threats posed by a this mixer operator are much more difficult to detect. In this paper, we focus our security analysis on the following threats presented by Tran et al. in [13]: Permutation Leak : An adversary is able to access mixing logs or a database pertaining to the permutation between input and output addresses. Coin Theft : An adversary steals the inputted coins by providing users with an alternative address or by compromising the mixer’s address.

The mixer operator can also steal user funds. Dropping of Participants : A malicious mixer operator can deny participation to selected benign users to reduce the anonymity set. Small Mixing Set Size : The mixing set size during each round is directly indicative of the quality of the mix. A large mixing set ensures anonymity and protection against blockchain analysis. 9 Join-then-abort : An adversarial participant disrupts the mix by aborting the mixing protocol before its execution.

 

Leave a Comment

Your email address will not be published. Required fields are marked *