721 sats \ 2 replies \ @turbolay 20 Nov 2023 \ on: Evaluating my bitcoin privacy techniques against three surveillance attacks bitcoin
Nice piece.
I'm interested into the overseer: up to which point does remixing solve it? it seems that after 2 consecutive coinjoins, the attack must be an amount analysis, where you analyze all coins going in and out coinjoin rounds from a same coordinator.
Wasabi already handles quite efficiently all 3 cases (even in the economic profile) because:
  1. it enforces 2 remixes as a minimum
  2. it never reuses addresses, and won't consider that you gained privacy if you did
  3. there is a configurable dust threshold, and if you receive UTXOs lower than this threshold on already used addresses, they're ignored.
But as you mentioned, correct usage of privacy software is primordial to stay private. For eg in Wasabi we see some user deanon themselves because they swept 100% of their funds, and didn't pay enough fees to avoid amount analysis. I've seen the same in Samourai rounds
write
preview
695 sats \ 1 reply \ @supertestnet OP 20 Nov 2023
based on the presenter's information I don't think the amount of remixes matters. Suppose a coin is mined directly into a coinjoin and spends its entire history in mixes and remixes with 30 participants apiece, except when it's held by an exchange. Suppose you buy it from kraken and do 2 remixes (in coinjoin 382 and coinjoin 4773) before sending it to bitrefill.
In such a case, bitrefill can still see kraken in its taint tree, because they can see (1) it came to them in coinjoin 4773 which had 30 possible "inputs i.e. senders (2) one of which was an "output" from coinjoin 382 which also had 30 possible "inputs" i.e. senders (3) one of which was from someone who got the coins from kraken. So it had at least 60 possible senders, 1 of which was kraken. Therefore kraken is in its taint tree.
If you send coins to bitrefill repeatedly and kraken always appears in all of your taint trees, then even if you do 2 remixes, 10 remixes, or 1000 remixes, bitrefill can conclusively infer you must be a customer of kraken, because it is statistically impossible for kraken to show up in all of your taint trees unless that is where you get your coins.
reply
4 sats \ 0 replies \ @netstatic 21 Nov 2023
So you're saying we should all use kraken so we stand out less :p (I'm joking lol)
reply