Mixers and Ring Signatures

Part 2 of a series on Privacy on the BlockchainIn the second part of this series, Ill focus on financial privacy, including mixers and ring signatures. Each of these topics could warrant their own full post, so Ill stick to the high-level capabilities of each rather than diving too deep.If youre looking for privacy in cryptocurrency today, there are a few practical options, including mixing services, often called mixers or tumblers, and privacy-centric cryptocurrencies, like Monero and Zcash.

Mixers and Ring Signatures 1

Lets discuss mixers and Monero, and save Zcash for a more detailed post on zero-knowledge proofs.MixersThe basic idea behind a mixing service is nearly as old as finance itself.A group of people want to keep their financial transactions private from some observer.

To do that, they combine their funds into one pool, keeping track of who is owed what on a private ledger. Think a second set of books. When those mixed funds are spent, the origin of a each payment is obscured observers see the amount paid and the recipient, but dont know which person or persons in the group authorized the payment.

Now, there are clearly some issues with a scheme like this. Who keeps the ledger? Who can be trusted with the pooled funds?

Lets take a closer look at how Bitcoin users have dealt with these issues.Centralized servicesBitMixer was a popular mixing service. Launched in 2014, it was a fairly literal implementation of the above scheme.

Mixers and Ring Signatures 2

Users would deposit funds directly with the service. BitMixer then broke deposits into smaller pieces, mixing them with other users funds, as well as BitMixers own reserves. Users could then withdraw new outputs, unconnected on the blockchain to their original deposits.

In the middle, of course, BitMixer took a significant fee.So, who held the funds, and who kept the ledger? Both were controlled by the same centralized party a disaster waiting to happen.

Exit scams are common in Bitcoin, with a rich history of exchanges and other service operators walking away with customer deposits. Even if an operator is honest, trusting a centralized party with your financial privacy means trusting them to defend your privacy from governments, hackers, and internal threats.Refreshingly, the owner of BitMixer opted for an orderly shutdown no hacks or funny business.

In a post on BitcoinTalk, he (she? they?) explained that he was shutting down the service because he no longer believed privacy on the Bitcoin blockchain was an achievable goal.

Coming from someone who ran a mixing service for 3 years, thats a pretty strange change of opinion. As youll see, though, strong privacy on the Bitcoin blockchain is more difficult than it appears.CoinJoinA decentralized approach to mixing, called CoinJoin, was proposed by Gregory Maxwell in 2013.

Heres the idea. When user A needs to make a transaction to user B for 10 BTC, and user C needs to send user D 10 BTC, they can combine their transactions with one merged signature. Each user can publish a piece of the transaction, but neither can be spent until both pieces are put together.

When they are, both B and D are paid 10 BTC each, though its not clear which sender paid which. Using CoinJoin, theres no longer a need for a third party to hold pooled funds. And because mixing happens each transaction, theres no need for a private ledger just a service to match users who want to create joint transactions.

Enter JoinMarket, a decentralized Bitcoin mixing service using CoinJoin. JoinMarket keeps an order book, similar to an exchange. Makers market participants who add liquidity to the exchange offer to act as CoinJoin participants for a fee.

Takers, looking to mix their coins, are paired with makers, who swap bitcoins. JoinMarket is a huge improvement over centralized mixers, but there are a number of issues with the approach in practice.De-anonymizationThe MIT Technology Review recently summarized an effort by researchers at Princeton to de-anonymize Bitcoin transactions online.

They found that if a user employs 3 rounds of CoinJoin, mixing their wallet, and makes two payments to popular merchants online, the user can still be de-anonymized with 98% accuracy. Modern surveillanceHow did this happen?Since the advent of the web, the lack of a sustainable revenue model has made profiting off content creation difficult.

Content creators need a way to fund their work. And while there have been attempts to provide alternative sources of revenue, the tried and true revenue model is third-party advertising. Because so many sites are powered by ads, an incredible amount of technical talent has been devoted to improving so-called ad-tech better ad delivery, tracking, and customization.

Each step has been reasonable, but in the pursuit of better advertising, the modern web has been turned into an effective global surveillance apparatus.So how did the team from Princeton get these results? Easily.

The team applied an existing blockchain analysis technique to identify CoinJoin transactions, and another, which they call a cluster intersection attack, to combine leaked payment details from ad trackers with blockchain information, unraveling the trail of mixed funds.In the face of cookies and trackers, privacy from mixing falls apart.Does privacy have a chance?

Im an optimist. Privacy advocates are working at a disadvantage both technologically, against the ad-powered web, and increasingly socially, as the public becomes accustomed to the new normal of social media.There are a few things we can learn from this de-anonymization effort.

First, users who werent mixing coins were immediately exposed. A 2% chance at privacy is better than nothing, and as they say in the lotto, you have to play to win. Few real-world users are aware of the risks of de-anonymization, and have taken steps to mitigate the threat.

Mixers as a solution are poor because they dont work by default. Second, the reason this effort was possible is because so few people are involved in a mixers pool. If three people are involved in a CoinJoin transaction, a particular output must have originated from one of those three.

Those are good odds for a blockchain analyst. Finally, the fact that CoinJoin transactions can be easily spotted on the blockchain is worrisome. If no one uses CoinJoin but those going out of their way to attain a higher degree of privacy, theyre a great target for hackers and blockchain analysts alike.

Hiding in a crowdBetween mid-2015 and mid-2017, there were 164 million transactions on the Bitcoin blockchain. Of those, 78,697 transactions used CoinJoin.If you only take away one idea from this post, remember this privacy works best when everyone is doing it.

The obvious reason is that an ideal private transaction doesnt look private. Announcing your desire for privacy, ironically, often draws attention. The best way to ensure that no transactions receive extra attention is to make sure all transactions are private a sort of inverse privacy herd immunity.

The more private transactions, the less out-of-place a new private transaction appears. Theres another reason privacy advocates want privacy by default.Anonymity setsIn our discussion of mixing, we talked about two weaknesses to the common mixing scheme.

Who can be trusted with pooled funds, and who keeps the private ledger orchestrating the scheme. CoinJoin and other decentralized mixing methods solve the first question, and services like JoinMarket aim to address the second.Unfortunately, theres another variable neither of these address the size of the pool.

If a pool of funds is composed of 2 depositors, very little privacy is afforded. The pool is sometimes called the the privacy set, traceability set, or anonymity set. This is an important idea that will come up again and again in our discussion of privacy, and its a major flaw in many opt-in privacy schemes, including those built atop the Bitcoin network.

Too small an anonymity set, and transactions can be easily unmasked using statistical analysis. Privacy by defaultTo solve these issues, we need a cryptocurrency thats private by default. Every transaction should be private, and the anonymity set of each transaction should be as large as is feasible ideally, the set would include every user of the currency.

Monero is one such candidate cryptocurrency. Unlike many altcoins, Monero isnt a fork of Bitcoin. Instead, Monero is based on an alternative heritage, CryptoNote.

There are a number of privacy improvements in Monero over Bitcoin and other cryptocurrencies, but well focus on the most notable an alternative signature scheme. Ring signaturesFor the longest time, whenever I heard a discussion about signature schemes, my eyes would gloss over. Theyre presented as a dry topic, and schemes are often introduced mathematically, burying the lede.

As one of the building blocks of todays cryptocurrencies, signature schemes are incredibly important to discussions around privacy and security. They dont need to be boring, and as a user, you dont need to understand the math. Instead, we can focus on what a particular scheme claims to do, how its different from others, and the functionality it can support.

Moneros privacy stems from ring signatures, which are used to sign all transactions. Ring signatures are a type of group signature, and a cousin of threshold signatures, which well discuss later in the series.Typically, a cryptographic signature proves the authenticity and integrity of a document from a single signer.

This follows our intuitive understanding of signatures in the same way you might sign a check, uniquely identifying that you approve an expenditure. Group signatures work a bit differently. Instead of showing that a document was approved by a single signer, a group signature proves that one signer of a fixed group approved a document.

Importantly, the scheme doesnt expose which member of the group signed.This should sound similar to CoinJoin. Instead of requiring multiple participants to sign pieces of a transaction, which can then be merged, ring signatures allow anyone in a fixed group to sign a transaction.

Both offer plausible deniability which participant signed the transaction?The number of participants in a ring signature group is called the ring size. Similar to the number of participants in a CoinJoin transaction, the ring size determines the anonymity set for a signature.

A small ring size means easier de-anonymization, as the team from Princeton leveraged against CoinJoin. So, is Monero the ideal private cryptocurrency? Its certainly close.

There are still a few issues the community is working though.Users often choose a small ring size, weakening the anonymity guarantees of the network. A planned hard fork will address this issue in September, enforcing a minimum ring size.

Ring signatures obscure the linkage between sender and recipient, but they dont obscure the amount sent. RingCT, based on Gregory Maxwells Confidential Transactions, was launched on Monero in January. Confidential Transactions obscure the amount of a transaction, replacing it with a bound range.

Over 95% of Monero transactions are now protected by RingCT, which will become mandatory for all Monero transactions in September.While Monero enforces privacy by default and is a huge improvement over using a mixing service in Bitcoin, transactions still suffer from a bound anonymity set. In the next post, well discuss Zcash, a new cryptocurrency that addresses this issue, as well as zero-knowledge proofs for non-financial uses.

Thanks to Laura Wallendal, Corbin Pon, Bedeho Mender, and Brayton Williams for reviewing early drafts of this story.Learn MoreFor more information about the Keep Network:Join us on Reddit. Check out our whitepaper.

Read our business primer. Subscribe for email updates. Follow us on Twitter.

Join our Slack. Join our Telegram. RELATED QUESTION What are some opportunities to innovate in healthcare from a technology perspective?

New Technologies and Innovations in Healthcare Industry:Over the past few decades there is a huge growth in healthcare industry. Explosion of innovations are improving the quality of life and it increasing the life expectancy. Innovations are becoming major focus to increase efficiency, improve access, lower cost, increasing the quality, etc.

Furthermore, Asia Pacific's (most) comprehensive industry platform serves the entire value chain for the medical devices market with a combined display of products and technological innovation, together with professional exchange, to serve the business, academic and scientific sectors.Chinas International Medical Equipment Fair has been keen in uniting various countries together in order to exchange innovative ideas in the health industry.The following are the equipment with technological advancement which is focused widely in the healthcare industry.

Imaging Equipment In-Vitro Diagnostic Equipment Surgery and Emergency Equipment Orthopedic Devices and Supplies Medical IT Products Electro-Medical Devices Hospital Equipment Rehabilitation Equipment and Home-care Equipment Medical Optical Equipment Medical Consumables.URL:

recommended articles
Case Info Center AI Blog
This article is part 4 of an ongoing series, catch up on Part 1, Part 2 and Part 3 hereUnderstanding depth and volume is crucial when designing for Augmented Reality...
Joseph Hellers seminal novel, Catch 22, has been adapted to the big screen before. This time around, George Clooney tries his hand at a mini series adaptation, focus...
Mixed methods research is a design for collecting, analyzing and mixing both quantitative and qualitative data in a single study or series of studies to understand a...
Qian ZhechengA popular Chinese streaming site premiered the first two episodes of an animated series based on the life of German socialist philosopher Karl Marx on M...
But I still highly recommend it for the entertainment value and thought-provoking moral questions.I have a lot to say about the new Amazon Prime series Hunters.First...
Leia este artigo em portugusAltered Carbon is one of the most innovative television series.With a good dose of technology, she still mixes up some suspense and polic...
In most cases, the human brain learns best with good old-fashioned hands-on training. Many of us can attest to the value of learning by doing from personal experienc...
This article is part four of the series that reviews the user testing conducted on Hubs by Mozilla, a social XR platform. Previous posts in this series have covered ...
  Author:MeCan Medical–ultrasound machine manufacturersThe hospital's modernization is inseparable from various advanced medical equipment, and the use of advanced m...
  Author:MeCan Medical–ultrasound machine manufacturersAt present, the epidemic is still spreading globally, and international trade and economic growth have stalled...
no data
One-stop medical & laboratory equipment supplier,focus on medical equipments over 10 years
Contact us

If you have a question, please contact at contact info@mecanmedical.com

+86 020 8483 5259
no data
Copyright © 2021 Guangzhou MeCan Medical Limited  | Sitemap
contact customer service