A college researcher has claimed to have successfully cracked the algorithm behind most centralized Bitcoin mixing services. Using his methods, he says he can backtrack all transaction history done by the service providers.
In an interview with Bitcoin News, Ruhr-Universität Bochum researcher Felix Maduakor explained how he carried out a study to assess the privacy levels of Bitcoin mixing services. In doing so, he discovered vulnerabilities in the algorithms used by centralized Bitcoin mixing services such that transactions supposedly thought to have become anonymized through the mixing algorithms of such platforms can be traced back to the source. He says that this proves the algorithms being used by centralized mixing services are inefficient in terms of security when compared to either decentralized mixing services or privacy-centric cryptocurrencies.
His study proves that the major mixing services tested at the time contained “trivial bugs” such as timing attacks and leakages that, attackers could manipulate to deanonymize past transactions processed by these services. He further claims that even if these implementation faults were fixed, every transaction processed prior to the fix is “irreversibly vulnerable”.
Bitcoin mixing or tumbling
Bitcoin has been described as a pseudonymous cryptocurrency since the transactions conducted on the blockchain are open to the public, and perhaps with a skilled programmer, such digital transactions can be traced back to the source. In an attempt to provide more privacy to the nature of Bitcoin transfers over the blockchain, a technique called Bitcoin mixing has often been used, which basically swaps user bitcoins with each other with the aim of reducing traceability.
However, as Maduakor notes, while the implementation of P2P mixing algorithms in Bitcoin clients could enhance privacy in Bitcoin, most of these algorithms based on the decentralized architecture such as Coinshuffle ++ introduced by Tim Ruffing, Pedro Moreno-Sanchez and Aniket Kate are not widely adopted.
In his opinion, the algorithms should be implemented in the wallet software, and if it were to be added to the Bitcoin core, it would have made a huge difference. However, according to Madu, the Bitcoin core developers do not yet see the need for such a feature, citing concerns that it could hinder the growth of Bitcoin.
To date, most Bitcoin users who want additional privacy for their transactions have resorted to using commercially-driven centralized mixing — also known as tumbling — services, which according to Maduakor, aren’t so effective after all.
Why privacy matters
Contrary to popular opinions about privacy-centric cryptocurrencies, in the digital world, privacy is of utmost importance because a leak in a string of information can lead to a cascade of misuse. Maduakor’s opinion about Bitcoin’s privacy provides a rather balanced approach to the concept:
“If Bitcoin is [to be] used as a [global] currency/payment token, it has to provide some sort of privacy. Otherwise, everyone could check the exact salary, production costs, etc. on the blockchain. The leakage of cash flow [information] can have a huge impact on a company, its partners and customers.”
Many governments have expressed their concerns about privacy-centric cryptocurrencies and for good cause, as cryptocurrencies from the get-go have been unfairly associated with unlawful activities such as money laundering and terrorist financing. Moreover, anonymizing transactions through Bitcoin mixing services could conceal the real origins of Bitcoins and make it hard to detect if it were from the darknet or stolen from a cryptocurrency exchange. Other strong proponents of decentralization have suggested cryptocurrency privacy to be a fundamental human right.
Should cryptocurrencies gain mainstream advantage and anonymity features, it could complicate the jobs of law enforcement agencies. While it does seem to be a dilemma, a middle ground would be certainly hard to come by. However, the option of having privacy features remains a top priority for internet-based activities, as security and data protection are important commodities in the ecosystem.
Are centralized mixing services doomed?
Maduakor’s approach involved identifying the characteristics of the transactions such as version, fee, timing, lock-time, sequence number as well as transaction signing and how the signing was done by a major mixer at the time, Coinmixer.se, followed by filtering of more than 99% of the blockchain data which were not connected to the mixing process. From the data obtained, he was able to detect the input transactions (source of funds) and the output transactions (anonymized coins).
His findings bore significant peculiarity because while Coinmixer.se is currently offline, the historic transactions done by the mixing service could still be traced. Moreover, with modifications on the approach, nearly all centralized mixing service out there could be deanonymized, as he was able to break the transactions done by bitmixer.io, bitblender, and helix using a similar approach.
The interesting conclusion isn’t just about the mapping of transactions, which invariably may be of interest to law enforcement, but the nature of the mixing as regards the provider. In the near future, it would be easy to associate a transaction log to a mixing service provider.
Alternate privacy solutions
Knowing that centralized Bitcoin mixing services have a loophole in their algorithms, alternatively, privacy-centric cryptocurrencies may be the best option for users of cryptocurrency. Even though Zcash and Monero have different approaches to achieving privacy, still their algorithms are superior to those of centralized mixing services.
Maduakor noted that a decentralized mixing service would have also been a good alternative, as they not only remove centralized entities who “steal your coins” but also have “higher levels of security since their implementation requires no black boxes”. He also thinks that bitmixer.io would have been more secure if it were open source.
Follow BitcoinNews.com on Twitter: @BitcoinNewsCom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Bitcoin News