t-->Z-->t "mixer"

I know that there is a tool to move, in a clean way, coins from z sprout to z sapling passing through a transparent addres(s).

I was just wondering if there is a tool that somehow ‘mixes’ coins in a clever way t–>z–>t.
Maybe in a randomized way:

N Addresses —> Z —> M Addresses (with N and M being two different sets of addresses)

I can definitely do that manually, but it’s a long and boring operation that, if it is not properly executed, it is pretty useless.

Is there something out there that can perform that?

1 Like

ZECwallet does that right now, I think the proper tool will be in zcashd 2.0.5.

the 0.6.8 ?

I only see a tool to move from sprout to sapling…
https://docs.zecwallet.co/turnstile-migration/

Oops, yup, you’re right, it does (z-t-z)

It would be a great tool for people wanting to mix their funds (we are many).
I was wondering how long it would take to create an alpha in my spare time.

2 Likes

Don’t try and use t -> Z -> t as a mixer. Coin mixers like this do not work. There are already several academic papers in which Zcash is tracked between transparent addresses separated by a short period of time into the shielded pool, and additionally there is a wealth of the literature about how easily Bitcoin users are tracked that applies here as well.

4 Likes

I know that there are heuristic ways of tracking these transactions, but these papers pointed out that typically they were easy to track for 2 main factors:
-The operation took less than a few hours
-The transactions were split in N<10 chunks and were easily distinguishable.

Both issues can be fixed with a clever software that splits them on 24/48 hours and maybe 500+ transactions of random value.

And therein lies another problem. Mixing techniques require significant overhead to have any chance of being effective (thus impairing their usability), and are still only effective if everyone is using them in the same way. Otherwise, the mechanism used by the “clever software” itself becomes a fingerprint, leading to sharding of the anonymity set. This is why the Sprout-to-Sapling migration tool’s process is specified the way it is (requiring potentially weeks or months to complete), with the caveats it has (only trying to blend in with other migration transactions), and that’s for a process that only leaks value, not the transaction graph (like mixing involving transparent addresses does).

2 Likes

I fully agree on this point and on the fact that this tool should be used by multiple agents to enhance it’s efficacy. The final goal is to be able to reduce the probability of defining a link between a new address and the old one(s) < 5%. It would be enough.

Keeping coins in a Z pool is pretty unpractical for people using ledgers (for now none of them support z addresses), this tool might be a pretty good compromise in term of security and anonymity. 100% anonymity was not on the table from the beginning.

Thanks for your point of view.

More context on t->z->t blockchain analysis: https://z.cash/blog/maintaining-privacy/