Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Merits 21 from 6 users
A blinded Chipmixer?
by
nullius
on 06/01/2020, 18:29:19 UTC
⭐ Merited by ChipMixer (5) ,LoyceV (4) ,Welsh (4) ,fillippone (3) ,Foxpup (3) ,hugeblack (2)
Quote from: o_e_l_e_o on January 06, 2020, 04:06:21 PM
blinded bearer certificates

If Chipmixer were interested in running such a service, I would be interested in implementing the code to turn Chipmixer into a Chaumian bank.  Trustless for privacy, though you must trust them to not steal your money (just as now).  I would use a protocol designed by cryptographers, not my own concoction; blinded signature schemes are hard to get right (plus there is some existing open-source code I may adapt).

I am not saying this off-the-cuff.  I have been toying with this for a few years; and it’s all meticulously planned, at least on paper.  (It may take me significant time to actually do all the necessary code).  I would ask for nothing upfront, but a percentage share of revenue from the blinded service; fair is fair, it’s a business, and it would be nice to actually make money improving privacy after the opportunity cost I paid by avoiding the global public ledger for years.  Risk to them is zero:  If I deliver nothing, or if they think my protocol is insecure, or if I write shitty code, then I get nothing.  Bonus:  I could be paid in blinded chips!

(I also picked a name, and worked out some excellent branding for a new, trustless mixer service.  I would be sad not to use it; but they already have an established, respected brand.  Well, maybe they would want it adapted to a new ad campaign...)

The reason why I never did it to run my own service is that I do not think I have the resources for that.  It is a high-threat business.  It also requires significant capital up-front, especially if you want an inventory of aged UTXOs to hand out.  Chipmixer has a demonstrated record.  They’ve been attacked, DDoSed, no doubt thoroughly scrutinized by those who hate privacy—they’re still there.  They can do it—and then, there would be no ongoing incentive for anybody to track me down and get rid of me.  If I were to drop dead, it would not take down the service; I like it that way.  (If they were to disappear, I could help somebody else duplicate the service; so it’s good for them, too.)

The blinded service would require code running on the client.  It is unavoidable:  The client needs to generate blinded tokens, unblind them, etc.  This in turn invokes other practical problems that I’ve spent a long time wrestling with.  I think it would work out best if they continued running the simple, easy, trusted no-Javascript service, but added the blinded service as another option.  I would design it so that clients (including robots) could use the blinded service through a JSON API, so people could even write their own clients for my protocol; but you know, 99% of people would just use the blob of code that automagically runs in the browser.

As an ancillary benefit, I think that the willingness to run a trustless service would strongly signal “not a honeypot”.  Of course, it would not prove it.  But it is quite doubtful that a honeypot operator would ever offer a blinded alternative!

I would strongly urge them to roll over their UTXO inventory to native Segwit (bech32), and use the same inventory for both services so they have a single, unpartitioned anonymity set (for any adversary except Chipmixer itself).  The next version would integrate Lightning.

FYI, by the way, segvan started as a trivial whimsy project to efficiently bulk-generate bech32 addresses with random private keys.  It still has that feature; it grew the vanity search code later.  The motive was my frustration with Chipmixer not doing Segwit—it made me feel better to bat out some code making bech32 “chips” at a speed limited by my /dev/random.  I watched the bech32 “chips” scroll up the screen in a blur, and wished that Chipmixer would do Segwit.  I’ve had my eye on Chipmixer for a long time.  I have always wanted to like them.

My PGP key is linked in my signature, in case Chipmixer is interested in taking “mixing reinvented for your privacy” to a new level!

(And no, I did not plan this when I started this thread.  A blinded mixer has been my secret dream for the past few years.  The above screenshot of a Stackexchange discussion is something I found while doing research for this—at which point, I had already been on-and-off planning it for a very long time.  I’ve spent endless hours working on the design details.  I did not intend to broach it publicly; to the contrary.  But when o_e_l_e_o mentioned the word “blinded”, I just cannot resist seizing the moment to maybe, just maybe see my dream come true via Chipmixer’s existing position as a well-known, well-advertised, widely-respected mixer...  Well, dice are a popular use of Bitcoin, alea iacta est.)