Bitcoin Mixers 101
Everything You Ever Wanted to Know About Bitcoin Mixers
(But Were Afraid to Ask)
Bitcoin mixers, or tumblers, are services offering the ability to obfuscate user’s funds. Figure 3.1 depicts the general functionality of a mixer with three users and the mixing operator. Each user sends their Bitcoin into the service and is returned another user’s input to a different address. This output has a completely different transaction history associated with it. The mixer operator runs the service and is aware of all permutations between inputs and outputs. Although this high-level view may seem easily traceable, mixers use techniques that make it difficult to trace transactions and identify mixing service use on the blockchain.
Trust is incredibly important for the success of a Bitcoin mixer. As third-party services, they must convince users that funds will be properly mixed and returned. Thus, mixers often offer features for users to check the status of their mix or proudly promote their forum posts. Still, Bitcoin mixers are continuously accused of scams and poor implementation.
While mixers may pose threats to their participant’s funds and anonymity, users and external attackers also contribute to the threat landscape. Some of the threats posed by users and external attackers, like tracing transactions, are mitigated with obfuscation features. Others, like coin theft, can be mitigated by the proposed mixer implementations discussed in Chapter 5.
The majority of current mixing implementations involve a centralized third-party run by an all-powerful operator. The threats posed by a this mixer operator are much more difficult to detect. In this paper, we focus our security analysis on the following threats presented by Tran et al. in : Permutation Leak : An adversary is able to access mixing logs or a database pertaining to the permutation between input and output addresses. Coin Theft : An adversary steals the inputted coins by providing users with an alternative address or by compromising the mixer’s address.
The mixer operator can also steal user funds. Dropping of Participants : A malicious mixer operator can deny participation to selected benign users to reduce the anonymity set. Small Mixing Set Size : The mixing set size during each round is directly indicative of the quality of the mix. A large mixing set ensures anonymity and protection against blockchain analysis. 9 Join-then-abort : An adversarial participant disrupts the mix by aborting the mixing protocol before its execution.