Oleg Andreev



Software designer with focus on user experience and security.

Author of Gitbox version control app.

Author of CoreBitcoin, an implementation of Bitcoin in Objective-C.

Lead developer of FunGolf GPS, golfer's personal assistant on iOS.

If you want to learn about Bitcoin, start with my Bitcoin FAQ or guide for journalists. I can give you an interview or provide technical and long-term economical consulting.
I am not interested in trading, mining or building fiat-to-btc exchanges.

If you like my articles, send some love here: 1TipsuQ7CSqfQsjA9KU5jarSB1AnrVLLo

How to launder bitcoins perfectly

People often talk about privacy problems with Bitcoin: all transactions are public and every move is watched by millions of eyes. Where’s a problem, there’s a solution.

Lets first define the problem more rigorously. There are two situations (ok, three) when you want to launder your coins.

First: you receive monthly salary on a single address and then want to do regular purchases with it. When buying a cup of coffee, shop owner will see how much money do you have which might be unsafe.

Second: you want to buy something expensive, so you have to combine “change” from various addresses in a single transaction. This may link many of your private payment histories in one. Someone may connect the dots and make a full profile of a single person: what he eats, where he travels and so on. It’s being done with credit cards already and people seem not to like it very much.

Third: you sold something anonymously and your payment is being watched. If you later spend that money in the open, your identity may be revealed.

Bonus track: some people think that “money laundering” is not sinful enough, so they invented “structuring laws”, that is laws that forbid not only buying bad things, but also to hide the monetary trails even if you don’t do anything illegal at all. If your method to launder bitcoins is screaming “LAUNDERING” on the blockchain (like with Zerocoin, using shared addresses or CoinJoin transactions), it’s not good for you. You may get your privacy, but you also go to jail for “structuring”. To be a law-abiding citizen you should not hide your financial history. The rest of this article is for pure entertainment only.

To address all of these issues we need to disperse and mix the funds in way that their source or destination becomes statistically indistinguishable form any ordinary transaction.

You might do that with these ingredients: discover, insurance, split and swap.

Disclaimer: this is not an advice, it’s a technological overview for all those who are interested in privacy aspects of Bitcoin. Anyone can implement this or come with even a better idea. This is not even my original idea. I recommend governments to shut down the entire network to prevent people from doing nasty things with Bitcoin. At the same time, there’s an opportunity to use this scheme by undercover FBI agents to detect anyone mixing their bitcoins. Dear reader, please obey the laws and be good, socially responsible person.

Step 1: Your wallet app discovers random nodes on the P2P network (other instances of the same app) and posts a request to launder some bitcoins. When two wallets meet with similarly sized requests, they exchange information about some of the available coins. Each of them does statistical analysis of those coins and decides if the coin is “good enough”. For instance, if this coin’s history correlates as little as possible with the histories of the coins already owned.

Step 2. When both nodes like each other’s coins, they enter an insurance contract. Each party locks up equal amount of coins in a single special transaction where coins can only be unlocked atomically and by mutual agreement. At the same time, each party can destroy both deposits (e.g. in case of timeout or misbehaviour of another node). Amount of each deposit should be 200-300% of the amount to be exchanged. I wrote about such contract here: http://blog.oleganza.com/post/58240549599/contracts-without-trust-or-third-parties

Step 3: Each node splits their coin in two parts. One part is to be exchanged now, another part is to be exchanged with some other node later. Parts of the coins should be equal. (This produces some correlation detectable on blockchain, but that’s easy to fix with multiple independent transactions instead of just one.)

Step 4: Each node tells another one an address on which to send a part of the coin. Each of them does that transaction. All the other nodes don’t know about this swap of coins and therefore cannot link them together. If your coin was “tainted” (watched by adversary), half of it anonymously goes to someone else and in return you get some absolutely different coin. Insurance contract prevents a node from receiving a payment, but not making a payment back. Since there is no human supervision, anyone trying to cheat the scheme will get punished by an automatic destruction of his deposit (which is worth much more than just received money).

During one session (one insurance contract), nodes can swap more coins until they run out of coins or cannot provide each other with a statistically good ones. When the session is over, insurance deposits are unlocked and nodes go talk to other nodes.

Think about it this way: you split all your money in 1000 pieces and send them to 1000 different random strangers via regular, statistically innocent transactions. In return you get 1000 pieces from all around the world, that are not connected to each other in any meaningful way. 10 rounds splits money into 1024 portions, 20 rounds into over a million. In a short period of time you never expose more than a fraction of your funds and never receive more than a fraction of someone else’s history.

How does this address our examples?

When you receive a monthly salary payment, you mix it with 1000 random users and in return get 1000 smaller pieces. It’s like exchanging one $1000 bill for a thousand $1 bills. Then, you can go buy your coffee and no one will know how much money do you have.

When you need to spend a lot of money at once, you do the same: take all your small coins, swap anonymously for other small coins and make a single payment. Your individual spending histories will be dispersed among thousands of random people. And the recipient of your payment will link together totally uncorrelated histories having nothing to do with you personally.

Finally, if some of your money is being watched (“tainted”), it will be moved to someone else completely. You yourself has little risk of getting someone else’s tainted history because you never get more than 0.1% of it due to multiple rounds of splitting.

The UI for this can be quite simple. You install a special kind of wallet, load it with bitcoins, connect to the internet and click “Mix coins”. Next morning all your coins are perfectly mixed with thousands of random strangers.

Again, this is not a ready solution, but a theoretical possibility for those who are interested in solving puzzles. Don’t use this if the law forbids it. The law is very important.

See more questions and answers in this discussion on HN: https://news.ycombinator.com/item?id=6787603