GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → seresistvanandras → MixEth

seresistvanandras / MixEth

Licence: GPL-3.0 License
MixEth: efficient, trustless coin mixing service for Ethereum

Programming Languages

TeX
3793 projects
javascript
184084 projects - #8 most used programming language
solidity
1140 projects
matlab
3953 projects

Labels

ethereumblockchaincryptocurrencystate-channelsprivacy-enhancing-technologiesprivacy-preservingcounterfactualstate-channelcoinshuffle

Projects that are alternatives of or similar to MixEth

cuda-fixnum
Extended-precision modular arithmetic library that targets CUDA.
Stars: ✭ 39 (-20.41%)
Mutual labels:  privacy-enhancing-technologies
decentralized-ml
Full stack service enabling decentralized machine learning on private data
Stars: ✭ 50 (+2.04%)
Mutual labels:  privacy-enhancing-technologies
CARLA
CARLA: A Python Library to Benchmark Algorithmic Recourse and Counterfactual Explanation Algorithms
Stars: ✭ 166 (+238.78%)
Mutual labels:  counterfactual
SDK-Privacy-Report
Privacy details of SDKs for Apple Privacy Nutrition & Google Safety Section disclosure.
Stars: ✭ 219 (+346.94%)
Mutual labels:  privacy-enhancing-technologies
go-perun
🌔 Perun's Blockchain-Agnostic State Channels Framework in Go.
Stars: ✭ 31 (-36.73%)
Mutual labels:  state-channels
PS-Signature-and-EL-PASSO
A C++ Implementation of Short Randomizable Signatures (PS Signatures) and EL PASSO (Privacy-preserving, Asynchronous Single Sign-On)
Stars: ✭ 21 (-57.14%)
Mutual labels:  privacy-preserving
SyntheticControlMethods
A Python package for causal inference using Synthetic Controls
Stars: ✭ 90 (+83.67%)
Mutual labels:  counterfactual
privacy-preserving-primitives
primitives and protocols for implementing privacy preserving networks
Stars: ✭ 14 (-71.43%)
Mutual labels:  privacy-enhancing-technologies
SafePad
SafePad : Encrypted Text Editor. This text editor uses very strong encryption to let you protect your secrets. Great for storing passwords, credit card details or any else that you want to keep safe.
Stars: ✭ 32 (-34.69%)
Mutual labels:  privacy-enhancing-technologies
Windows-On-Reins
Wor is a Powershell script to harden, debloat, optimize, enhance privacy, avoid fingerprinting and improve performance on Windows 10 and 11.
Stars: ✭ 170 (+246.94%)
Mutual labels:  privacy-enhancing-technologies
matrix
mirror of https://mypdns.org/my-privacy-dns/matrix as it is obviously no longer safe to do Girhub nor have we no longer any trust in them. See https://mypdns.org/my-privacy-dns/porn-records/-/issues/1347
Stars: ✭ 32 (-34.69%)
Mutual labels:  privacy-preserving
easylist-pac-privoxy
EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File and Privoxy Actions and Filters
Stars: ✭ 99 (+102.04%)
Mutual labels:  privacy-enhancing-technologies
BMW-Anonymization-API
This repository allows you to anonymize sensitive information in images/videos. The solution is fully compatible with the DL-based training/inference solutions that we already published/will publish for Object Detection and Semantic Segmentation.
Stars: ✭ 121 (+146.94%)
Mutual labels:  privacy-enhancing-technologies
protect-your-privacy
Privacy resources for the layperson. Highlights resources, tools, VPNs, search engines, articles, books, and dark patterns.
Stars: ✭ 33 (-32.65%)
Mutual labels:  privacy-enhancing-technologies
swarm-learning
A simplified library for decentralized, privacy preserving machine learning
Stars: ✭ 142 (+189.8%)
Mutual labels:  privacy-enhancing-technologies
minionn
Privacy -preserving Neural Networks
Stars: ✭ 58 (+18.37%)
Mutual labels:  privacy-preserving
adblock2privoxy
Convert adblock config files to privoxy format
Stars: ✭ 78 (+59.18%)
Mutual labels:  privacy-enhancing-technologies
ml-fairness-framework
FairPut - Machine Learning Fairness Framework with LightGBM — Explainability, Robustness, Fairness (by @firmai)
Stars: ✭ 59 (+20.41%)
Mutual labels:  counterfactual
autohosts
Automate hosts file updates on Linux and MacOS. Block Firefox telemetry, Google snooping and web trackers at the root.
Stars: ✭ 69 (+40.82%)
Mutual labels:  privacy-enhancing-technologies
covid-alert
A privacy-preserving app for comparing last-known locations of coronavirus patients
Stars: ✭ 43 (-12.24%)
Mutual labels:  privacy-preserving
View All Similar Projects ➔

MixEth: efficient, trustless coin mixing service for Ethereum

Note: this is a proof-of-concept implementation of the MixEth protocol. The protocol is also implemented in a state channel. Expect further improvements and soon more tests are going to be added.

Rinkeby POC deployment: 0xece3820c8781374aa0f6a4868baf749c523d7f46.

If you'd like to play with MixEth on Rinkeby, you can do so at the address above or just click here.

Introduction

The basic idea is that unlike previous proposals (Möbius and Miximus by barryWhiteHat) which used linkable ring signatures and zkSNARKS respectively for coin mixing, we propose using verifiable shuffles. Möbius supports only small anonymity sets (max 25 participants) and withdrawal transactions are frontrunnable in their implementation, meaning that anyone could steal funds from the Möbius mixer. On the other hand Miximus would require a trusted setup for the zkSNARK proving-key generation, however this could be somewhat alleviated by deploying a multi-party computation, which is not quite ideal.

Verifiable shuffles for mixing purposes are less computationally heavy. Additionally we retain all the strong notions of anonymity and security achieved by previous proposals consuming way less gas which is crucial for the scalability of Ethereum. Efficiency could further be improved to deploy MixEth inside a state channel application.

The protocol in a nutshell: senders need to deposit certain amount of ether to ECDSA public keys. These public keys can be shuffled off-chain by anyone using a verifiable shuffle protocol and depositting some "shuffling deposit". The shuffle is sent to the MixEth contract and anyone can check whether their own public key is shuffled correctly (i.e. it is included in the shuffle). If one creates an incorrect shuffle then it can be challenged and malicious shufflers’ deposits are slashed if challenge is verified. If there are at least 2 honest receivers then we achieve the same nice security properties achieved by Möbius and Miximus. Receivers are allowed to wihdraw funds after as much shuffling rounds as they like and they can withdraw funds corresponding to a certain shuffled public key which are public keys with respect to a modified version of ECDSA.

Vision

Our vision for this project is that in a few months, after thorough auditing and testing, there will be deployed a single MixEth contract on-chain and anyone will be able to mix their ether and/or ERC20 compatible tokens. They can freely deposit to MixEth ether/tokens anytime and whenever they feel like they can shuffle and withdraw their mixed assets. Obviously there will be no mixing fees, we intend this work to be one of the first steps towards a more private Ethereum.

We are also going to release a state channelised MixEth, where shuffling happens inside a state channel. The upside of this approach is efficiency, through conducting all shuffles off-chain, however in certain cases participants need to go back on-chain and continue the protocol on-chain. In an optimistic protocol run the state channel approach gives enormous efficiency gains.

One of the limitations we see with the state channel approach is that once you open the channel and go off-chain, no other participant can join to your anonymity set, meaning that you need to work with a constant size anonymity set. In contrast, if you do the whole process on-chain, participants could join and leave freely, this way you could have a much larger, dynamic anonymity set. Solely from a privacy perspective the fully on-chain approach seems more suitable.

  • In the long term we are considering 2 options regarding MixEth:
    • Standalone DApp: MixEth might operate as an independent privacy overlay for Ethereum.
    • Integrated into some wallet: a more stealthier way from a UX perspective would be to integrate MixEth into some wallets. We could have a send mixed coins or receive mixed coins checkbox where one could get higher anonimity guarantees directly from their already accustomed and beloved wallets.

We are seeking to have community feedback on this so if you have any thoughts on how you'd like to use MixEth, please share it with us!

MixEth

Command line tools are available to generate a shuffle or to generate and verify a Chaum-Pedersen Proof and a generalized ECDSA.

Shuffling

You can generate your shuffles off-chain using the following nodeJS script:

node shuffle_generation.js shuffleGenerator <toBeShuffledPubKeyArray> <previousShufflingAccumulatedConstant>

In case if you do not have your own public keys to play with, you can generate shuffles of random public keys to start playing around with MixEth.

node shuffle_generation.js shuffleGeneratorWithRandKeys <previousShufflingAccumulatedConstant>

Chaum-Pedersen Proof (ChP)

ChP gives a zero-knowledge-proof about privKey=log G(A)=log B(C) without disclosing privKey.

node chaum_pedersen_generator.js <G> <A> <B> <C> <privKey> <s> proofGenerator

Outputs: proof=(G,A,B,C,s,y1,y2,z)

One can also verify a ChP proof from the command line:

node chaum_pedersen_verifier.js <G> <A> <B> <C> <s> <y1> <y2> <z>  proofVerifier

Outputs: true/false

ECDSA with arbitrary generator elements

Sign a message with arbitrary generator element. Here G is not necessarily the standardized generator element of the secp256k1 curve.

node sign.js sign <G> <privKey> <msgHash>

Outputs: (r,s)

Verifing the signature:

node sign.js verify <G> <pubKey> <msgHash> <r> <s>

Outputs: true/false

Preliminary performance analysis

Expect further improvements! (n denotes the number of participants in the mixer)

  • On-chain costs measured in gas

    • Möbius:

      • Deposit tx: 76,123 gas
      • Withdraw tx: 335,714*n gas

    • Miximus: Note that in case of Miximus gas costs are independent of n!

      • Deposit tx: 732,815 gas
      • Withdraw tx: 1,903,305 gas

    • MixEth

      • Deposit tx: sending one secp256k1 public key to the MixEth contract: cca. 97,000 gas.
      • Shuffle tx: (2*(n+1)*SSTORE)=44,000*n. Shufflers need to send n shuffled public keys and the shuffling accumulated constant to MixEth.
      • Challenging a shuffle: it requires a Chaum-Pedersen proof: cca. 227,429 gas

      (One could save the gas costs of shuffling and challenging periods by doing these operations in a state channel. We are going to implement a state channel version of MixEth as well. This would further decrease the number of on-chain transactions to 2 (deposit and withdraw))

      • Withdraw tx: Sending a tx to MixEth signed using a modified ECDSA: cca. 113,000 gas.

Deployment and testing

We recommend using ganache-cli with the Truffle development framework. But it will also work well with Parity or Geth nodes. Note, that withdraw and challenge test cases will only pass if you use the deterministic addresses of ganache-cli. Therefore you might want to start by firing up ganache:

ganache-cli --deterministic

You can easily deploy the necessary contracts to your Ethereum node via Truffle:

truffle migrate

Once contracts are successfully deployed you can play with them or test them with the few test cases writtent in the test folder.

truffle test

or

truffle test test/TestMixEth.js

If you just want to test the MixEth contract. More test cases will be added soon. Moreover you can confront the gas costs outputted by the test cases with the ones stated in the paper.

Contributing and contact

PRs, issues are welcome. You can reach me out on Twitter or ethresear.ch.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].