Researchers from Boston University, North Carolina State University, and George Mason University have created a new protocol called TumbleBit that they say can anonymize Bitcoin transactions better than any other previously developed Bitcoin mixing service.
Bitcoin mixing services, also known as mixers or tumblers, are services that offer to anonymize Bitcoin transactions. They usually realize this through various methods, such as breaking a large transaction into countless of smaller ones, or by delaying transactions and executing them at once, in smaller chunks.
Tumblers have a “trust” and “anonymity” problem
Tumblers are very popular with cyber-criminals and with other classes of users looking for anonymity online.
Their downside is that despite their best efforts, many still leave many clues in the public Bitcoin blockchain that can be put together to reconstruct the original transaction, albeit these operations require a large amount of time and effort.
Additionally, many tumblers rely on users trusting the service to hold their Bitcoin while the transaction is being processed, which has led to cases where some lesser known Bitcoin tumblers have stolen funds from users.
The three stages of a TumbleBit transaction
According to new research put together by the Boston University team and their colleagues from across the US, the new TumbleBit protocol takes a new approach to Bitcoin mixing operations. TumbleBit splits a Bitcoin transaction into three different phases.
In the first stage, called Escrow, User A tells the mixing service it intends to make a payment, but doesn’t include the recipient’s address. Similarly, User B tells the mixing service that it’s waiting for a payment, without mentioning from who.
In the second stage, called Payment, User A sends funds to the mixing service, without recording the transaction on the blockchain.
In the last stage, called Cash-out, both User A and User B solve a series of cryptographic puzzles, and User B receives his money, while the mixing service refunds unused funds to User A.
Only stage one and three are recorded on the public blockchain, while stage two is handled via the TumbleBit protocol.
The benefits of TumbleBit are tangible since not even the mixing service operator knows which user paid who, since stage two is handled off-blockchain.
Additionally, not all money sent to the mixing service are transferred to the recipient, confusing third-party observers, who see money going forward and backward between participating users.
Furthermore, TumbleBit delays stage three transactions and executes them all at once at regular intervals, making it impossible for observers to link Bitcoin transfers based on timestamps, as most TumbleBit operations would spend an unknown time in an on-hold state.
TumbleBit is not perfect
“We tested TumbleBit with 800 Bitcoin users, and found that the second phase only took seconds to complete,” says Alessandra Scafuro, a researcher from North Carolina State University, who contributed to the research.
“One limitation of TumbleBit is that, right now, the system is designed to work with a fixed denomination – so paying amounts larger than that denomination require making multiple payments,” the researcher added. “That’s something we’re working on.”
Despite the research team’s concern, this won’t be a big problem as they expect, as users would be willing to wait longer for transactions to go through if they can be sure they’ll remain anonymous.
The TumbleBit protocol is available on GitHub. A technical paper detailing its inner workings is available for download.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.