t-->Z-->t "mixer"

Cris83 · April 26, 2019, 1:18am

I know that there is a tool to move, in a clean way, coins from z sprout to z sapling passing through a transparent addres(s).

I was just wondering if there is a tool that somehow ‘mixes’ coins in a clever way t–>z–>t.
Maybe in a randomized way:

N Addresses —> Z —> M Addresses (with N and M being two different sets of addresses)

I can definitely do that manually, but it’s a long and boring operation that, if it is not properly executed, it is pretty useless.

Is there something out there that can perform that?

ChileBob · April 26, 2019, 1:33am

ZECwallet does that right now, I think the proper tool will be in zcashd 2.0.5.

Cris83 · April 26, 2019, 1:46am

the 0.6.8 ?

I only see a tool to move from sprout to sapling…

ChileBob · April 26, 2019, 1:53am

Oops, yup, you’re right, it does (z-t-z)

Cris83 · April 26, 2019, 1:55am

It would be a great tool for people wanting to mix their funds (we are many).
I was wondering how long it would take to create an alpha in my spare time.

str4d · April 26, 2019, 8:09am

Don’t try and use t -> Z -> t as a mixer. Coin mixers like this do not work. There are already several academic papers in which Zcash is tracked between transparent addresses separated by a short period of time into the shielded pool, and additionally there is a wealth of the literature about how easily Bitcoin users are tracked that applies here as well.

Cris83 · April 26, 2019, 8:55am

I know that there are heuristic ways of tracking these transactions, but these papers pointed out that typically they were easy to track for 2 main factors:
-The operation took less than a few hours
-The transactions were split in N<10 chunks and were easily distinguishable.

Both issues can be fixed with a clever software that splits them on 24/48 hours and maybe 500+ transactions of random value.

str4d · April 26, 2019, 9:06am

And therein lies another problem. Mixing techniques require significant overhead to have any chance of being effective (thus impairing their usability), and are still only effective if everyone is using them in the same way. Otherwise, the mechanism used by the “clever software” itself becomes a fingerprint, leading to sharding of the anonymity set. This is why the Sprout-to-Sapling migration tool’s process is specified the way it is (requiring potentially weeks or months to complete), with the caveats it has (only trying to blend in with other migration transactions), and that’s for a process that only leaks value, not the transaction graph (like mixing involving transparent addresses does).

Cris83 · April 26, 2019, 9:14am

I fully agree on this point and on the fact that this tool should be used by multiple agents to enhance it’s efficacy. The final goal is to be able to reduce the probability of defining a link between a new address and the old one(s) < 5%. It would be enough.

Keeping coins in a Z pool is pretty unpractical for people using ledgers (for now none of them support z addresses), this tool might be a pretty good compromise in term of security and anonymity. 100% anonymity was not on the table from the beginning.

Thanks for your point of view.

paige · April 26, 2019, 4:35pm

More context on t->z->t blockchain analysis: Maintaining Privacy - Electric Coin Company

Topic		Replies	Views
1-click Sapling turnstile migration proposal for zcash-qt-wallet ZecWallet	11	2328	October 29, 2018
ZecWallet Lite How-to ZecWallet	31	3805	February 4, 2021
How can I be truly anonymous Technology	3	2121	February 13, 2021
Opinion on a service that does tAddr -> zAddr General	8	1182	July 12, 2019
Deincentivize t-t transactions idea General	6	1208	July 9, 2018

t-->Z-->t "mixer"

Related topics