Bitcoin Cash has a privacy tech called cash fusion. It is available on the desktop BCH Electron wallet. I’ve never used it and the only information I’ve read was on their website: https://cashfusion.org/
This appears to just be another form of mixing though with claims it is better than a coin mixing service. Does anyone have experience with fusion vs coin mixing?
It definitely is not protected with encryption and does not compare to Zcash. Is fusing and mixing the same thing?
From their website:
CoinJoin is the simple, but effective idea of combining inputs and outputs from what would otherwise be separate transactions, into one jumbo transaction. This makes it extremely difficult to know which outputs correspond to which inputs. CashFusion is a specific implementation of the more general CoinJoin building block.
Coinjoin services are known to provide weak privacy and have been unmixed by chain analysis companies in the past:
Cash Fusion transaction’s anonymity set is limited to the transactions broadcast via the BCH electron server only, while still being superior to CoinJoin, it is no match to zk-SNARKs encrypted transactions that Zcash offers. Both Coin Join & Cash Fusion suffer from the “change” problem, there will be a small remnant value in your wallet after spending all the UTXOs, it is generally recommended to donate this amount to some cause or the developers to avoid linkability.
Per the Cash Fusion site:
What is the difference between coin mixing and CashFusion?
“Coin mixing” commonly refers to the use of services that allow a user to replace his or her coins with a different set of coins. CashFusion is different. It allows users to combine their transactions with others, creating obfuscation.
The disadvantages of coin mixing is that the user must trust the mixing service, and usually has to pay a fee. But with CashFusion, there is no risk of lost funds, and no additional fees.
I was funded by the BCH community to create and maintain CashFusion Stats, which will hopefully lead to research on any privacy weaknesses it may have. I also performed some basic chain analysis of BCH’s transaction graph that revealed that 94% of BCH’s “active addresses” are a descendant of a CashFusion transaction.
Overall the privacy offered by CashFusion is not as strong as Zcash’s shielded transactions (assuming Zcash’s cryptographic assumptions hold up). However, IMHO it has a few advantages over some CoinJoin implementations on the BTC chain:
CashFusion uses arbitrary input and output amounts. If I am not mistaken, most BTC CoinJoin protocols require round number outputs. It looks like Samourai is fixed input-output from their graphic. And it seems like Wasabi has “change”, which means probably still fixed output amounts. With CashFusion the whole wallet is fused. No fixed input or output amounts. You need several fusions to cover all coins, though. No “leftover” non-CoinJoined UTXO. @aiyadt doesn’t have it quite right – there is no “remnant” value unless the user spends coins in quick succession and doesn’t wait for fusions to occur. Furthermore, Electron Cash wallet allows users to prevent spending of non-fusioned funds. The full protocol specification is here. You can find all of the CashFusion transactions at my CashFusion Stats web app linked above and see that there are no round-number inputs or outputs.
The CashFusion developers seem to have made some innovations in the server aspect of the protocol. I don’t fully understand how it works yet. But they somehow made advances in how to have the wallets negotiate anonymously over TOR. Plus, the server itself charges no fee to users for its coordination service, unlike Wasabi and Samourai. Fitting for BCH, of course. However, the server still experiences issues with DDOS-like behavior.
Each CashFusion transaction costs a user only about one USD cent. That’s not a result of the CashFusion protocol design by itself, of course, but it’s worth mentioning. BTC transaction fees are high. Why does that matter from a privacy perspective? It puts CoinJoins in reach for people who don’t have a lot of money to burn. And because it’s so cheap, users can do many, many CashFusion transactions, increasing the anonymity set. If there is some yet-to-be-found weakness with the CoinJoin idea, then having lots of them will probably provide better privacy than just one.
CashFusion does not conceal the amounts being spent nor the timing of a transaction. If an investigator has access to information about the approximate amount and timing of a transaction, then CashFusioned coins are still quite vulnerable to discoverability.
Great information. Thanks!