
Bitcoin Mixing: economic analysis and design guidelines - deepblueocean
https://bitcointalk.org/index.php?topic=423596.msg4610089#msg4610089
======
dmix
> This means any anonymity service requires a large population of
> participating users, ideally with different adversaries, so that one can’t
> simply assume all coins passing out of the mixing service are “tainted”

This is why something like DarkWallet [1] is so important. We need a wallet
that automatically and trustlessly mixes your coins in the background (via
CoinJoin [2]), when you're not using them.

The wallet needs a very user friendly UI and solid integration to reach a wide
and disparate audience. With mass adoption of wallets like these, it will add
anonymity for everyone. With very little work on the users end.

[http://www.indiegogo.com/at/darkwallet](http://www.indiegogo.com/at/darkwallet)

[https://bitcointalk.org/index.php?topic=279249.0](https://bitcointalk.org/index.php?topic=279249.0)

------
sliverstorm
Can anyone explain on a conceptual level how mixing can possibly work? I'm not
thinking about implementation details, but more like boot prints in the snow.
You can stamp a big mess in the snow, but no matter how much you stamp about,
there is still one set of your tracks entering and one set leaving. When all
the transactions are clear to see in the blockchain, all the boot prints are
right there.

~~~
ohazi
Imagine a bunch of people traveling in different directions in the snow.
Rather than going directly towards their intended destination, everybody goes
first to one particular spot, where there is one pair of boot imprints.

You walk toward the bootprint, step into it, step out of it, and then continue
on your merry way.

When lots of people do the same, you see a bunch of tracks going into one
bootprint, and a bunch of tracks going out. But because everybody was careful
to place their feet into the one bootprint indentation, the person following
your tracks won't know which of the many forward paths you took after you
stepped out.

~~~
sliverstorm
But what about the part where every boot has a distinct print? Or is that
where the metaphor breaks down.

~~~
21echoes
they trade/change boots at that convergent stomping point (i.e., use a new
wallet address)

------
goodside
I don't understand the practical need for Bitcoin mixers vs. simply mixing via
existing exchanges. If Bitcoin goes into an exchange and Litecoin leaves a
week later, nothing in either the Bitcoin or Litecoin blockchain would link
the transactions together, especially if the funds are chopped up and sent to
multiple wallets so the totals are never comparable. If the worry is that the
exchange itself might be subpoenaed, one can just hop through many exchanges
in many different countries. It's only necessary that one exchange be opaque
for the mix to be secure.

~~~
MichaelGG
If you're moving a unique sum of money, then it's not too hard to see X BTC
in, Y LTC out, L YTC in X BTC out.

Additionally, you must trust the exchanges. Leaving your coins in a 3rd party
for a week means at any point during that weak, a hack or other problem might
mean you lose all your money. Needing to fully trust a third party is a
failure.

On top of that, as you note, you'd need to use multiple exchanges, with
significant time delays. This is not user-friendly, and will lead to people
making mistakes. Not to mention, it's hard to verify if a given exchange is
_really_ operating under certain law, and not compromised. I'd be surprised if
various LEAs haven't or aren't considering opening exchanges pretending to be
safe havens.

~~~
goodside
"If you're moving a unique sum of money, then it's not too hard to see X BTC
in, Y LTC out, L YTC in X BTC out."

Really? If I were to deposit BTC into BTC-e, send you the blockchain.info link
for the deposit, and then in the next hour withdraw it to 5 separate wallets
in any of the half-dozen altcoins they trade, how would you identify even one
of those altcoin transactions as mine?

~~~
MichaelGG
It'd depend on the volumes involved. I don't think it's out of the question to
look for any grouping of outbound transfers around the amount in question and
follow them as possibilities. This assumes you eventually want to do something
with the mass of money. If you've got 10000 BTC and only want to cash out 100,
yeah I suppose that's nearly untraceable.

