Evaluation Public Mixing Services
We provide an overview of experiments conducted on ChipMixer,MixTum, Bitcoin Mixer, CryptoMixer, and Sudoku Wallet. We first describe themethodology, followed by the setup required for the experiments. Then, we outlinethe interactions made with each of the five services. Finally, we provide both animplementation and security analysis comparing the five selected services with theproposed mixing protocols discussed before.
- 1 Evaluation Public Mixing Services
- 1.1 Methodology
- 1.2 Setup
- 1.2.1 ChipMixer
- 1.2.2 MixTum
- 1.2.3 Bitcoin Mixer
- 1.2.4 CryptoMixer
- 1.2.5 Sudoku Wallet
The experiments are based on real-world interactions with the five Trusted public mixing services: ChipMixer, MixTum, Bitcoin Mixer, CryptoMixer, and SudokuWallet. These five services were chosen based off of the popularity analysis conducted in Chapter 6. Our goal was to identify if these mixers have adopted implementation and security solutions provided by academic literature discussed in before. During each interaction, we focused on the identification of behaviors indicative of the mixer’s implementation. While doing so, we were also able to identify each service’s resistance to the common mixing-related security threats discussed before. Our security analysis expands on the work of Tranetal. In which does not include public mixing services in its study. Overall, we use data from Table and our experiments to compare implementation and security of the five services with the proposed mixing protocols from before.
We conducted three trials of experiments. Each trial consisted of one transaction with each of five mixing services. We ensured that all five interactions during a trial were finished before moving onto the next. To estimate the necessary amount of funds to execute all 15 mixer interactions, we set a constant network fee of 0.50 USD and calculated the worst-case mixing fees for each service. The total fees were estimated to be 57.25 USD. To account for changing network fees, unexpected mixer fees, orco in theft, we determined 100 USD would be sufficient to execute all three trials.During the first trial, input amounts were set to the minimum required by each service. Inputs were gradually raised in the second and third trials. We heightened the intensity of the obfuscation techniques from trial to trial when customizable. This included longer delays, a higher number of output addresses, and higher fees. Changing these parameters and having multiple trials gave us the opportunity to explore a larger breadth of features for each service.
The public nature of the blockchain allowed for comparison between interactions with a single service to identify unexpected behavior.We specify the exact parameters, input, and output values for each trial in Section. It was used to calculate the mixing fees for on-blockchain transactions. Total In put and Total Out put refer to the total BTC sent to and from the mixing service including network fees. Input Network Fees and Output Network Fees are the network fees associated with Total Input and Total Output.
Since all five mixers offer a Tor mirror, we used Tor Browser to interact with each service. This is the most popular method of using mixing services since it offers more privacy for users. To store, receive, and send Bitcoin, we used the desktop wallet Electrum. We maintained two separate wallets for legacy and SegWit functionality.Compatibility with SegWit results in lower transaction fees and provides insight in to the mixer’s implementation. All transactions were labeled according to their cor-responding mixer and trial number. In addition to collecting screenshots of every mixing interaction, the data described in Table 7.1 was recorded. The obfuscation parameter was manually changed for each trial and varies from mixer to mixer. Next,we will discuss the general steps taken and any special data collected for each service.
There are five general steps in interactions with ChipMixer. During Step 1, usersare given their session token and told to save it permanently to access their session for the next seven days. Step 2 is the Deposit step. Users are told to send at least 0.001BTC in one transaction to a given input address, wait for one network confirmation on this transaction, and then refresh the page. During this step, users are also able to enter voucher codes from previous interactions to use funds that have not been withdrawn. At Step 3, users have a full view of their current chips grouped by value and have the ability to split, merge, commonize, bet and donate. On this page,they are also given the option to withdraw or receive a voucher for chips. These two options directly lead to Step 4, the withdrawal. Users are given the private key to their withdrawn chips and steps on how to import this key to Electrum, Bitcoin Core,or to a JSON file. As another option, they can sweep the chips to a desired output address. Before the final step, a signed receipt is offered for download. In Step 5,sessions can be destroyed.We created a new session for each trial with ChipMixer. The session token was recorded to test its validity after the seven day period or after sessions were manually deleted. The given input address and the input transaction ID was noted to identify patterns in the movement of funds. Chipmixer’s method of returning funds does not involve output addresses, so we used the SegWit wallet for all three trials. We considered the obfuscation parameters for ChipMixer to be the set of features used (split,merge, and donate) as well as the method of withdrawal. Commonize and betting were not given as options in all three trials. We attempted both sweep and private key transfer withdrawals to identify effects on traceability. Before destroying each session, we attempted to access each session’s signed receipt to verify the signature.
Interactions with MixTum consist of two steps. In Step 1, users enter up to two output addresses. In Step 2, users are given an input address along with its corresponding QR code. In addition, a signed letter of guarantee is provided for download. Trials for MixTum were attempted with both legacy and SegWit addresses. The only customizable obfuscation parameter was the number of output addresses. OnStep 2, all letters of guarantee were downloaded and signatures were verified using GnuPG. Transactions from MixTum were analyzed for their distribution and randomized delay. Mixing fees were also checked to see if they were accurately calculated.Input and Output transaction IDs were used to gain insight about the movement of funds.
There are three steps in interactions with Bitcoin Mixer. In Step 1, users specifyu p to seven output addresses along with distribution (%) and delay (rapid to 12 hours) for each. In Step 2, the service provides a Mix ID and an input address. After delays have been reached, output transactions are executed. In Step 3, users are able to review their mix information and are given the option to delete their mix.In Step 1, we attempted specifying both legacy and SegWit addresses to BitcoinMixer. The main obfuscation parameters for this service were the number of output addresses, the percentage distribution, and the delay. We heightened the intensity of these parameters from trial to trial and verified the accuracy of distributions and delays. Mix IDs for each session were noted to check their validity after deletion of the mix. After outputs were received, we calculated the mixing fees to identify unexpected behavior. In all three trials, we deleted our mix information.
Interactions with CryptoMixer require two steps. In Step 1, users specify up to 10 output addresses and set the delay and distribution for each. Users can then specify their preferred service fee. The combination of these three obfuscation parameters determines the security level of the mix. On the same page, CryptoMixer’s calculator displays the expected amount that each output address will receive. Before continuing to Step 2, the CryptoMixer code can be entered. In Step 2, a downloadable letter of guarantee is presented along with an input address. As input transactions are made the service displays the received amounts and their confirmations. If the amount is not sufficient, the service specifies the expected output as a negative value. Finally,users are also provided with a CryptoMixer code to use with future transactions.Trials with CryptoMixer were conducted with both legacy and SegWit addresses.The customizable obfuscation parameters for this service include the number of input and output addresses, delay, distribution, and service fee. We originally set up our trials to test each security level. Due to lack of response from the service, we conducted Trial 2 and 3 with similar parameters and Silver security level. We recorded the outpu tvalues displayed from the service’s calculator to check for accuracy. The CryptoMixercode from Trial 1 was used in Trial 2 to test its effectiveness against receiving previous inputs. Finally, the letter of guarantee was downloaded for each input address in all three trials and both the signature and contents were verified.
Four steps are involved with Sudoku Wallet interactions. In Step 1, users are presented with a wallet key. In Step 2, an input address is presented along with its corresponding private key. After three confirmations on the input transaction(s), the‘Mix my coins!’ button can be pressed to proceed to the next step. In Step 3, two to four addresses with balances adding up to the user’s input amount minus mixing fees are presented along with their corresponding private keys. The user then has the option to sweep these funds or import the private keys to their wallet. In Step 4,users are urged to delete their wallet and generate a new one to mix more funds.We created a new wallet for each of our transactions and recorded the wallet key to check its validity after deletion. In Step 2, we noted the given input address and its private key. The obfuscation parameter for Sudoku Wallet is limited to the method of withdrawing the funds. In Step 3, we recorded the given output addresses and calculated the mixing fee to identify unexpected behavior. We also studied the history of these output addresses to ensure they were involved with CoinJoin transactions.
Before beginning the first trial, we obtained 100 USD worth of Bitcoin from the cryptocurrency exchange Coinbase. At the time, this equated to 0.01788742 BTC. Then, we created two separate Electrum wallets: Legacy and SegWit. The funds were then sent from Coinbase to the SegWit wallet to begin the first trial. In th enext section, we outline the details of all three trials for each mixing service.
The results from each ChipMixer trial are displayed in Table . The fields include obfuscation parameters, total input, total output, output network fees, and mixer fees. For the sake of simplicity, transaction IDs, input addresses, output addresses, timestamps, and session tokens have been omitted from the given data.
In Trial 1, 0.001 BTC was sent in one transaction from the SegWit wallet. Within 30 seconds of the first confirmation on this input, we received one chip of 0.001 BTC. In Step 3, we were given the option to donate, withdraw, or receive a voucher. Options to split or merge were unavailable. We chose to withdraw our chips and proceeded to Step 4. We attempted to download the signed receipt but received an internal server error. Next, we chose to sweep the chip to the SegWit wallet with a network fee of 0.000079 BTC. The interaction resulted in 0 BTC mixing fees and our final output was 0.000921 BTC.
In Trial 2, 0.003 BTC was sent to ChipMixer in two separate transactions from the SegWit wallet. These transactions were 0.002 BTC and 0.001 BTC. The servicep rovided one chip of 0.002 BTC (chip 1) and one of 0.001 BTC (chip 2). We split chip1 into two chips of 0.001 BTC. Then, we donated one of these chips to ChipMixer and did not identify any movement of funds from the input address. Next, we merged the two remaining 0.001 BTC chips into one 0.002 BTC chip. On Step 4, we attempted to access the signed receipt but received an internal server error. We chose to with draw our final chip by importing the private key into a new wallet. Importing resulted in BTC network fees and 0 BTC mixer fees. The output to our wallet was 0.002 BTC.
In Trial 3, two separate sessions were created. In the first session, one transaction of0.001 BTC was sent to ChipMixer and withdrawn for a voucher. The service provided a 53 character alphanumeric code. In the second session, one transaction of 0.003BTC was sent to the given input address. The voucher code from the first session was also redeemed. In total, the service provided two 0.001 BTC and one 0.002 BTC chips. On withdrawal, the chips were swept into the SegWit wallet. This resulted in two onblockchain transactions with outputs of 0.00190361 BTC and 0.00190834BTC. The network fees associated with these transactions were 0.00009639 BTC and0.00009166 BTC respectively. The total mixer fee was 0 BTC.
Table displays the obfuscation parameters, total input, total output, out put network fees, and mixing fees pertaining to each trial with MixTum. To keep the data concise, transaction IDs, input addresses, output addresses, and timestamps havebeen omitted from the given data. For all three trials, signed letters of guaranteewere successfully downloaded and verified. MixTum’s calculator output displayed asmaller value than received on all three trials. In Trials 2 and 3, mixing fees were upto 5% plus 0.00015 BTC as advertised. However, Trial 1 charged a mixing fee of 0BTC.
In Trial 1, one legacy output address,O1, was specified. A SegWit output address was attempted but was not accepted by the service. One transaction of 0.001 BTCwas sent to a compatibility format input address provided by MixTum. Within five minutes, an output of 0.001 BTC was received byO1. The network fee on the output was 0.00024227 BTC and mixing fees were 0 BTC.
In Trial 2, two legacy output addresses,O1 and O2, were specified. One input trans-action of 0.002 BTC was sent to a compatibility format input address provided by MixTum. The first output of 0.001 BTC was received byO1in one hour and 14 minutes. The network fee on this transaction was 0.00024227 BTC. A second output of 0.000762 BTC was received byO2in four hours and 55 minutes with a network fee of 0.00022843. The overall mixing fee for this interaction was equal to 4.4% of the input plus 0.00015 BTC.
In Trial 3, two legacy output addresses,O1andO2, were specified. Two input trans-actions were sent to a compatibility format input address provided by MixTum. Thefirst transaction was 0.002 BTC and the second was 0.001 BTC. O1 received two output transactions of 0.0004 BTC and 0.001 BTC 47 minutes after the input. O2 received 0.00136 BTC in 52 minutes. The network fees for these output transactions were 0.00017997 BTC, 0.00017305 BTC, and 0.00014536 BTC respectively. The over-all mixing fee for this trial was 3% of the input amount plus 0.00015 BTC.
Table outlines the obfuscation parameters, input, output, and mixer fees associated with each Bitcoin Mixer trial. For the sake of simplicity, transaction IDs,input and output network fees, input addresses, output addresses, timestamps, and Mix IDs have been omitted. The distributions, mixing fees, and outputs associated with each trial were accurately calculated. Outputs were generally received 20 to 30 minutes early, indicating randomization of delays.
In Trial 1, one SegWit address ,O1 was specified with rapid delay. The service provided a compatibility format input address and a mix ID. One transaction of 0.0002 BTCwas sent to this address. Within 30 seconds of the first network confirmation, a transaction of 0.0001985 BTC was sent to O1. Overall, the interaction had a mixing fee of 0.0000015 BTC.
In Trial 2, three legacy output addresses O1, O2, and O3 were specified. Delay and distribution among these addresses was set to be 1 hour with 35%, 2 hours with 35%,and 2 hours with 30% respectively. The service provided one compatibility format input address. One transaction of 0.0004 BTC was sent to this address .O1 received 0.0001386 BTC in 43 minutes. O2received 0.0001386 BTC in 1 hour and 44 minutes. O3r eceived 0.0001188 BTC in 1 hour and 44 minutes. The overall mixing fee for thistrial was 0.000004 BTC.
In Trial 3, five SegWit output addresses O1, O2, O3, O4, and O 5were specified. Delay and distribution was set to be 1 hour with 13.3%, 2 hours with 5.36%, 5 hours with21.98%, 10 hours with 30.72%, and 12 hours with 28.64% respectively. The service provided one compatibility format input address. One transaction of 0.0006 BTC was sent to this address. O1 received 0.00007894 BTC in 31 minutes. O2 received 0.00003181 BTC in 1 hour and 26 minutes. O3 received 0.00013045 BTC in 4 hours and 26 minutes. O4 received 0.00018232 BTC in 9 hours and 26 minutes. Finally,O5received 0.00016998 BTC in 11 hours and 26 minutes. The overall mixing fee for this trial was 0.0000065 BTC.
Table displays the obfuscation parameters, input, output, and mixer fees associated with each CryptoMixer trial. Transaction IDs, input and output network fees,input addresses, output addresses, timestamps, and CryptoMixer codes have been omitted for simplicity. the service’s calculator displayed accurate outputs based onthe set mixing fee for each trial. Overall, CryptoMixer displayed poor implementation and a lack of documentation, while providing the most user control of obfuscation parameters.
In Trial 1, one SegWit output address ,O1 was specified. Additionally, the mixing service fee and delay were set to 0.5060% and 1 hour and 15 minutes respectively.This qualified for a Standard security level. The service provided a five character alphanumeric CryptoMixer code and one legacy format input address with its corresponding letter of guarantee. One transaction of 0.001 BTC was sent to this address.The service’s calculator stated that the output would be 0.00049494 BTC. However,After one confirmation the service displayed an error stating the “amount is less thanr equired.” The error did not disappear and the number of confirmations on our original input did not update after the first detected confirmation. Assumin, the servicee xpected an additional payment of 0.00049494 BTC, we generated a second input address and executed another input transaction. However, this was ignored by the service. After 1 hour and 21 minutes of the first input, O1 received 0.00049494 BTCwith a network fee 0.00007749 BTC. The overall mixing fee for this interaction was 0.00050506 BTC.
In Trial 2, the CryptoMixer code from Trial 1 was used and three legacy output addresses O1, O2, and O3 were specified. Delay and distribution for these output addresses was 3 hours and 7 minutes with 20.05%, 9 hours and 1 minute with 19.96%,and 15 hours and 2 minutes with 59.99% respectively. The mixing fee was set to 1.0176%. These parameters qualified the interaction for a Silver security level. The service provided the same CryptoMixer code from Trial 1 and we manually generated four legacy format input addresses, I1, I2, I3, and I4. The letter of guarantee for each of these addresses was successfully downloaded. I1, I2, I3, and I4 were sent 0.0015 BTC, 0.001 BTC, 0.0005 BTC, and 0.001 BTC respectively. The service’s calculator stated that 0.00039386 BTC, 0.00039209 BTC, and 0.001178 BTC would be deposited to O1, O2, and O3. However, no outputs were received.
In Trial 3, no CryptoMixer code was used and three legacy output addresses, O1, O2, and O3, were specified. Delay and distribution for these output addresses was 3 hours and 3 minutes with 20.43%, 9 hours and 8 minute with 19.85%, and 15 hours and 4 minutes with 59.72% respectively. The mixing service fee was set to 1.0820%. These parameters qualified this trial for Silver security level. We received a new five character CryptoMixer code and manually generated two legacy format input addresses I1 and I2. The letter of guarantee for each of these addresses was successfully downloaded. I1 and I2 were each sent 0.001 BTC. However, we received the same error from Trial 1 stating “amount is less than required.” For both inputs the service stated 0.00051082 BTC was pending. Thus, two transactions of 0.0005BTC and 0.00001082 BTC were sent each input I1 and I2. However, the service did not identify these transactions and no outputs were received by O1, O2, andO 3.
Table displays the obfuscation parameters, input, output, output network fees, and mixer fees associated with each Sudoku Wallet trial. Transaction IDs,input network fees, input addresses, output addresses, timestamps, and wallet key shave been omitted for simplicity. Mixing fees for each trial were inconsistent and unverifiable with any CoinJoin transactions.
In Trial 1, Sudoku Wallet provided a 25 character alphanumeric wallet key. The service then presented an input address with its corresponding private key. We sent one transaction of 0.001 BTC to this input address. After the service detected three confirmations on this input, we were able to view two output addresses funded with 0.00059025 BTC and 0.00040975 BTC along with their private keys. These funds were then swept to our SegWit wallet through an on-blockchain transaction. Thenet work fee for this transaction was 0.00012739 BTC and 0.00087261 BTC was the final output. The overall mixing fee for this interaction was 0 BTC.
In Trial 2, Sudoku Wallet provided a new 25 character alphanumeric wallet key.The service presented an input address with its corresponding private key. We sent one transaction of 0.002 BTC to this address. After three confirmations, we were presented three output addresses with 0.00066667 BTC, 0.00064667 BTC, and 0.00064667 BTC. These funds were then swept to our legacy wallet through an on-blockchain transaction. The network fee for this transaction was 0.00024839 BTC and 0.00171162 BTC was the final output. The overall mixing fee for this interaction was 0.00003999 BTC.
In Trial 3, we received a new 25 character alphanumeric wallet key. We sent one transaction of 0.003 BTC to the given input address. After three confirmations,we were presented three output addresses of 0.0001 BTC each with corresponding private keys. These funds were swept to our SegWit wallet through an on-blockchain transaction. The network fee for this transaction was 0.00022310 BTC and 0.0000769BTC was the final output. The overall mixing fee for this interaction was 0.0027BTC.