Trustless Tumbling for Transaction Privacy
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 2 commits ahead, 74 commits behind clearmatics:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
contracts
migrations
test
.gitignore Updated truffle tests to run test contracts (using ganache-cli) Dec 5, 2017
CONTRIBUTING.md
LICENSE
README.md
package.json
truffle.js
yarn.lock

README.md

Möbius

Trustless Tumbling for Transaction Privacy

Introduction

Möbius is a Smart Contract that runs on Ethereum that offers trustless autonomous tumbling using linkable ring signatures.

This proof of concept is still evolving and comes with the caveat that it should not be used for anything other than a technology demonstration.

White Paper

S. Meiklejon, R. Mercer. Möbius: Trustless Tumbling for Transaction Privacy

Using Möbius

To tumble a token it is deposited into the Mixer smart contract by sending the token and the stealth public key of the receiver to the Deposit method.

The Mixer contract places the token into an unfilled Ring specific to that token and denomination and provides the GUID of the Ring. The current ring size is 4, so when 3 other people deposit the same denomination of token into the Mixer the Ring will have filled. Tokens can only be withdrawn when the Ring is full.

The receiver then generates a linkable ring signature using their stealth private key, this signature and the Ring GUID is provided to the Withdraw method in exchange for the token.

The lifecycle and state of the Mixer and Rings is monitored using the following Events:

  • MixerDeposit - Tokens have been deposited into a Ring, includes: Ring GUID, Receiver Public Key, Token, Value
  • MixerReady - Withdrawals can be now me made, includes: Ring GUID, Signing Message
  • MixerWithdraw - Tokens have been withdrawn from a Ring, includes: Ring GUID, Tag, Token, Value
  • MixerDead - All tokens have been withdrawn from a Ring, includes: Ring GUID

The Orbital tool can be used to create the necessary keys and to create and verify compatible ring signatures, for details see the Orbital Integration Tests.

Caveats

  • #34 - Gas payer exposes sender/receiver
  • #22 - Only Ether is presently supported
  • #32 - Tokens are locked into the Ring until it's filled
  • #12 - Withdraw messages can be replayed

Gas Usage

Despite being an improvement over the previous iteration which used a Solidity P256k1 implementation, the new alt_bn128 opcodes are still expensive and there are many improvements which can be made to reduce these costs further. If you have any interesting optimisations or solutions to remove storage and memory operations please open an issue.

Currently the Gas usage is:

Function Avg
Deposit 150k
Withdraw 725k

Developing

Truffle is used to develop and test the Möbius Smart Contract. This has a dependency of Node.js. solidity-coverage provides code coverage metrics.

Prerequisites:

yarn needs to be installed (but npm should work just as well).

yarn install

This will install all the required packages.

Start testrpc in a separate terminal tab or window.

yarn testrpc

# in separate window or tab
yarn test

This will compile the contract, deploy to the Ganache instance and run the tests.

git clone git@github.com:clearmatics/mobius.git

sudo apt remove cmdtest # remove cmdtest as it may cause errors when installing/using yarn

# install yarn
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update && sudo apt-get install yarn

# install all required packages with yarn
yarn install

# start up testrpc
yarn testrpc

# in a separate window or tab, run tests
yarn test

Testing with Orbital

The Orbital tool is needed to generate the signatures and random keys for some of the tests. If orbital is in $PATH the yarn test command will run additional tests which verify the functionality of the Mixer contract using randomly generated keys instead of the fixed test cases.