In the second part of this series, I’ll focus on financial privacy, including “mixers” and ring signatures. Each of these topics could warrant their own full post, so I’ll stick to the high-level capabilities of each rather than diving too deep.

If you’re looking for privacy in cryptocurrency today, there are a few practical options, including mixing services, often called “mixers” or “tumblers”, and privacy-centric cryptocurrencies, like Monero and Zcash. Let’s discuss mixers and Monero, and save Zcash for a more detailed post on zero-knowledge proofs.

Mixers

The basic idea behind a mixing service is nearly as old as finance itself.

A group of people want to keep their financial transactions private from some observer. To do that, they combine their funds into one pool, keeping track of who is owed what on a private ledger. Think “a second set of books”. When those mixed funds are spent, the origin of a each payment is obscured — observers see the amount paid and the recipient, but don’t know which person or persons in the group authorized the payment.

Now, there are clearly some issues with a scheme like this. Who keeps the ledger? Who can be trusted with the pooled funds?

Let’s take a closer look at how Bitcoin users have dealt with these issues.

Centralized services

BitMixer was a popular mixing service. Launched in 2014, it was a fairly literal implementation of the above scheme.

Users would deposit funds directly with the service. BitMixer then broke deposits into smaller pieces, mixing them with other users’ funds, as well as BitMixer’s own reserves. Users could then withdraw “new” outputs, unconnected on the blockchain to their original deposits. In the middle, of course, BitMixer took a significant fee.

So, who held the funds, and who kept the ledger? Both were controlled by the same centralized party — a disaster waiting to happen. Exit scams are common in Bitcoin, with a rich history of exchanges and other service operators walking away with customer deposits. Even if an operator is honest, trusting a centralized party with your financial privacy means trusting them to defend your privacy from governments, hackers, and internal threats.

Refreshingly, the owner of BitMixer opted for an orderly shutdown — no hacks or funny business. In a post on BitcoinTalk, he (she? they?) explained that he was shutting down the service because he no longer believed privacy on the Bitcoin blockchain was an achievable goal. Coming from someone who ran a mixing service for 3 years, that’s a pretty strange change of opinion. As you’ll see, though, strong privacy on the Bitcoin blockchain is more difficult than it appears.

CoinJoin

A decentralized approach to mixing, called CoinJoin, was proposed by Gregory Maxwell in 2013.

Here’s the idea. When user A needs to make a transaction to user B for 10 BTC, and user C needs to send user D 10 BTC, they can combine their transactions with one merged signature. Each user can publish a piece of the transaction, but neither can be spent until both pieces are put together. When they are, both B and D are paid 10 BTC each, though it’s not clear which sender paid which.

Using CoinJoin, there’s no longer a need for a third party to hold pooled funds. And because mixing happens each transaction, there’s no need for a private ledger — just a service to match users who want to create joint transactions.

Enter JoinMarket, a decentralized Bitcoin mixing service using CoinJoin. JoinMarket keeps an order book, similar to an exchange. “Makers” — market participants who add liquidity to the exchange — offer to act as CoinJoin participants for a fee. “Takers”, looking to mix their coins, are paired with makers, who swap bitcoins.

JoinMarket is a huge improvement over centralized mixers, but there are a number of issues with the approach in practice.

De-anonymization