Möbius: Trustless Tumbling for Transaction Privacy

Abstract Cryptocurrencies allow users to securely transfer money without relying on a trusted intermediary, and the transparency of their underlying ledgers also enables public verifiability. This openness, however, comes at a cost to privacy, as even though the pseudonyms users go by are not linked to their real-world identities, all movement of money among these pseudonyms is traceable. In this paper, we present Möbius, an Ethereum-based tumbler or mixing service. Möbius achieves strong notions of anonymity, as even malicious senders cannot identify which pseudonyms belong to the recipients to whom they sent money, and is able to resist denial-of-service attacks. It also achieves a much lower off-chain communication complexity than all existing tumblers, with senders and recipients needing to send only two initial messages in order to engage in an arbitrary number of transactions.

[1]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[2]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[4]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[5]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[6]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[7]  Luke Valenta,et al.  Blindcoin: Blinded, Accountable Mixes for Bitcoin , 2015, Financial Cryptography Workshops.

[8]  Brian Neil Levine,et al.  Sybil-Resistant Mixing for Bitcoin , 2014, WPES.

[9]  Matthew K. Franklin,et al.  Unique Ring Signatures: A Practical Construction , 2013, Financial Cryptography.

[10]  Nicolas van Saberhagen CryptoNote v 2.0 , 2013 .

[11]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[12]  Ethan Heilman,et al.  TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub , 2017, NDSS.

[13]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[14]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[15]  Matthew K. Franklin,et al.  A Framework for Unique Ring Signatures , 2012, IACR Cryptol. ePrint Arch..

[16]  Malte Möser,et al.  An inquiry into money laundering tools in the Bitcoin ecosystem , 2013, 2013 APWG eCrime Researchers Summit.

[17]  Gus Gutoski,et al.  Hierarchical Deterministic Bitcoin Wallets that Tolerate Key Leakage , 2015, Financial Cryptography.

[18]  Stefano Zanero,et al.  BitIodine: Extracting Intelligence from the Bitcoin Network , 2014, Financial Cryptography.

[19]  George Danezis,et al.  Statistical Disclosure or Intersection Attacks on Anonymity Systems , 2004, Information Hiding.

[20]  Sarah Meiklejohn,et al.  Privacy-Enhancing Overlays in Bitcoin , 2015, Financial Cryptography Workshops.

[21]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[22]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[23]  Victor K.-W. Wei,et al.  Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation , 2005, ISPEC.

[24]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[25]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[26]  Eli Ben-Sasson,et al.  Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs , 2015, 2015 IEEE Symposium on Security and Privacy.

[27]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[28]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[29]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[30]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[31]  Fergal Reid,et al.  An Analysis of Anonymity in the Bitcoin System , 2011, PASSAT 2011.

[32]  Kevin Lee,et al.  An Empirical Analysis of Linkability in the Monero Blockchain , 2017, ArXiv.

[33]  Pedro Moreno-Sanchez,et al.  Listening to Whispers of Ripple: Linking Wallets and Deanonymizing Transactions in the Ripple Network , 2016, Proc. Priv. Enhancing Technol..

[34]  Bruce M. Kapron,et al.  On Generic Constructions of Circularly-Secure, Leakage-Resilient Public-Key Encryption Schemes , 2016, IACR Cryptol. ePrint Arch..