Bitcoin Mixing: A Brief Research into Centralized Vs. Decentralized

in bitcoin •  5 years ago 

In our previous blog, we spoke about how approximately 4,836 bitcoins stolen from Binance in May 2019, was laundered through the cryptocurrency mixing service, Chipmixer. Similarly, it is also likely for stolen digital assets to be mixed by other mixing services to reduce their traceability.
And it makes us think how widespread is the use of mixing services in money laundering?
According to Chainalysis, only a small percentage of coins sent to and from bitcoin mixers are used for illicit purposes — 8.1 percent of all mixed coins were stolen, while a meagre 2.7 percent had been used on darknet markets. Less than one in every nine coins sent to mixers could be identified as having been used for illicit purposes.
The data just goes on to prove that most people use mixers for the simple reason of ensuring anonymity in their transactions.
The paradox of cryptocurrency is that all transaction-related data creates a trail that can make your entire financial history public information. The past and current ownership of every digital asset, bitcoin included — down to a Satoshi — is diligently recorded on the blockchain. And that kind of vulnerability might not be everyone’s cup of tea!
There are various reasons why people would want to keep their transactions private, and most have nothing to do with illegal activities. People that prefer financial privacy can find it disturbing that buying a cup of coffee at Starbucks using bitcoin can actually reveal every single transaction that’s ever been made from that particular address. Also, most crypto owners might not want others to know where they spend their coins or how much they own, especially high net worth individuals and big companies that deal with large transactions. Some people might want to make an anonymous transaction to a charity they support.
And these are just a few examples….
Bitcoin Mixing services can be broadly categorized into centralized and decentralized.
In the centralized bitcoin mixing model, the user enters his address in a form available on the mixing service’s website to initiate the transaction. The service then matches different wallet addresses with different amounts, and sends random amounts of bitcoins to each address until the total amount requested by the sender is sent to the specified address. Users can receive funds from other users or from the reserve funds of the mixing service. All centralized services operate in this manner, with only slight variations in the source of funds they use, service fees, and additional features.
There are many Bitcoin Mixing services in the market, so how do you know which one to choose?
It’s essential to consider the following factors to avoid being ripped off.
Source of Funds
SmartMixer is a centralized mixing service that is very clear on the source of funds it uses to mix your coins, and offers three mixing options or pools unique to its service. Users get to choose the exact pool they would like to receive the coins from, depending on the service fee they’d like to pay.
The Standard Pool is the least expensive pool and consists of deposits from other users. When users opt to receive coins from this pool, they receive someone else’s coins. Given that a few users opt for mixing services to launder stolen funds, the probability of receiving tainted coins is 100%.

Standard Pool: For simplicity, we have depicted the funds in the standard pool to be 1 BTC
The Smart Pool is a volume-rich pool where the user’s coins are mixed with the standard pool, private reserves of the service, and coins from investors.
Considering the fact that investor funds and the reserve pool mostly comprise clean coins, chances of receiving tainted coins are minimized to a large degree. However, there is still a 33% probability of ending up with stolen funds.

The Stealth Pool does not contain coins from the standard pool. The user’s coins are mixed only with private reserves of the service and coins from investors making this the best option to receive coins from. It is also the most expensive; however, the probability of receiving tainted coins is nil, 0%

Reputation
It is important to look for a reliable mixing service to avoid losing your money. There have been instances of people not receiving the funds they send to mixing services. For example, some Bitcoin Fog users claim that their coins were stolen by the service.
Level of Anonymity
In this report that reviews multiple mixing services, an analysis of DarkLaunder revealed a “very high centralization of the service, which is a poor characteristic regarding anonymity.” This address used received coins from 4,277 addresses but sent money to only 1,327 addresses. Since the input and output transactions were almost equal, it left very few funds in reserve leading to a significant decrease in anonymity. It’s always best to use the services of a mixer that can guarantee a sufficiently large reserve pool, that way users will not end up receiving the same coins they sent across.

Features
Chipmixer offers a singularly unique feature. When users deposit bitcoin to the address given by this service, they receive its equivalent in chips, along with the private key to spend them at any time they want to. It’s unfortunate that its reserves now comprise funds stolen from Binance.
Smartmixer provides the option to prolong the transaction for up to 72 hours. The user sends coins to the indicated address and wait for their delivery to the specified address. Instant input-output transactions may be linked to each other in certain cases, and this can be avoided if you introduce a delay between the input and output. Another reason is if the mixing service generates output transactions as soon as the input is received, time-based attacks are possible. The delay can be set by the user or randomly selected by the mixer
Bitcoin Laundry is a good example of a mixing service that adds an extra layer of anonymity to its transactions. Users can send their coins to up to 5 payout addresses; they can also determine the percentage of payment going to each address. This makes it more difficult to link the output with the input.
Of note, SmartMixer provides this option too.

Fee
Service fee is an important point in considering which mixing service to use. Bitcoin Laundry does not charge any service fee; only a transaction fee of 0.0002 BTC with each payout address. Moreover, they support transactions from 0.0005 to 38 BTC. SmartMixer charges 0.00045529 BTC per address, while ChipMixer has a Pay As You Want strategy that doesn’t charge a specific fee, but allows the user to set a price depending on the service received.
We recommend using a mixing service only if you want to mix a small amount of coins. Since you need to trust the service provider with your funds, this is not a trustless transaction.
More information on the mixing process and service providers can be found here if you’re interested in exploring the topic in depth.
Decentralized or peer-to-peer mixing is an attempt to fix the disadvantages of the centralized model — popular protocols are TumbleBit and CoinJoin. There are several implementations of anonymous Bitcoin transactions inspired by CoinJoin: SharedCoin, Dark Wallet, DarkSend in the altcoin Dash, and JoinMarket.
Wasabi Desktop Wallet uses CoinJoin to combine multiple inputs into a single transaction with multiple outputs. This is a trustless process that can be used to obscure a transaction, making it very difficult to determine who paid whom.
After downloading the wallet, the user sends the coins to an address generated by the wallet. The user’s wallet is connected to other wasabi wallets through Tor (optional), making tracking IP addresses difficult. If the user wants to participate in a Coinjoin transaction with other Wasabi wallets that are currently online, they “queue” the coins they want to mix in the wallet and specify the anonymity set they prefer. An anonymity set is the number of UTXO’s that would participate in the CoinJoin. The default anonymity set is 50, but the user can enter the wallet’s GUI and change it to a number of their preference.
Once the required number of UTXOs have publicly queued for the Coinjoin, an unsigned bitcoin transaction is created.
After all the users have checked that their inputs and outputs are valid, the signing begins and all users sign off the transaction. Once all the signatures are collected, the transaction is broadcast to the network.
Let’s look at an example to analyse the outcome.
If you examine the first 50 outputs on the right in the transaction below, all the amounts are the same! Now, all we know is that each one of these outputs comes from 1 of the 50+ participants on the left. The anonymity set for this CoinJoin is 50.

In a Wasabi Wallet CoinJoin, you currently pay a fee of 0.003% per anonymity set. Therefore, if the coin anonymity set of a coin is 50 then you pay 0.003% * 50 which is 0.15%. Essentially, your privacy is the result of mixing your UTXO’s with those of others. You can mix multiple times until you are satisfied.
Another privacy-focussed wallet, which also uses CoinJoin to ensure the anonymity of its users, is the Samurai Wallet. Its Whirlpool feature (which is currently open to public beta testing) severs the link between the UTXOs you put in and get out.
Unlike the Wasabi wallet, you do not pay a volume based fee per anonymity set, instead you pay a one-time flat fee for an unlimited anonymity set.
Whether you want to mix 1 BTC or 5 BTC, it costs the same depending on the pool you opt for.

Once the pool fee is paid, it costs nothing to continue cycling your coins. With each cycle, you gain greater privacy, with a deeper anonymity set.
Tx0 is the starting point for all Whirlpool CoinJoin transactions. It basically splits any UTXO you wish to mix into the amount (0.01, 0.05, 0.5) selected from the different pools. Any UTXO that has been mixed at least once and has not left the Pool is a Postmix peer. These UTXOs can be mixed again.
A Whirlpool CoinJoin transaction has 5 total inputs. At least 3 inputs, but up to 4 are premix and at least 1 input, but up to 2, are remixes. Remixing is encouraged to ensure greater anonymity.

For example, after one round of mixing the probability of the anonymity of your coin is one-fifth; after the second round, the anonymity increases to one-ninth. The more you remix, the better the anonymity.
Samourai wallet has many privacy-enhancing features, such as Stonewall, which makes normal transactions look like CoinJoin transactions, PayNym codes that automatically generate stealth Bitcoin addresses, Stealth mode to prevent physical searches of your device, and a lot more.
Now that we’ve discussed the merits and demerits of both centralized and decentralized mixing, we’re left with one important question — which one is better?
While that’s subjective, let’s look at some statistics.
In this very interesting article, Chainalysis states that centralized mixers receive a lot more tainted coins than “decentralized” mixers. A good example is Bestmixer, a centralized service that was shut down in early 2019 because it was suspected of laundering a considerable amount of illegally obtained coins.
On the other hand, decentralized mixers like Wasabi Wallet have grown considerably: the wallet mixed $250 million worth of bitcoin between January and August 2019 according to Chainalysis. And in spite of still being in public beta, Whirlpool has had over 1400 mixes in October 2019 alone.
To conclude, we believe that bitcoin mixing is certainly a precaution that users and businesses concerned about anonymity should take. If you opt for centralized services, do your research and use the ones with the best reviews and highest levels of trust.
If you’re aware of anything else that can be done to ensure privacy and true anonymity of a transaction, do let us know. You can reach out to us on Twitter, Facebook, or Telegram.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!