Trustless Tumbling for Transaction Privacy
Möbius is a Smart Contract that runs on Ethereum that offers trustless autonomous tumbling using linkable ring signatures.
This proof of concept is still evolving and comes with the caveat that it should not be used for anything other than a technology demonstration.
Möbius supports ether and ERC20 compatible token transactions.
In order to use the Mixer with ERC20 compatible tokens, the
WithdrawERC20Compatible functions must be used.
However, in order to do an ether transaction, one has to use the
To tumble a token it is deposited into the Mixer smart contract by sending the token and the stealth public key of the receiver to the
The Mixer contract places the token into an unfilled Ring specific to that token and denomination and provides the GUID of the Ring. The current ring size is 4, so when 3 other people deposit the same denomination of token into the Mixer the Ring will have filled. Tokens can only be withdrawn when the Ring is full.
The receiver then generates a linkable ring signature using their stealth private key, this signature and the Ring GUID is provided to the
Withdraw method in exchange for the token.
The lifecycle and state of the Mixer and Rings is monitored using the following Events:
LogMixerDeposit- Tokens have been deposited into a Ring, includes: Ring GUID, Receiver Public Key, Token, Value
LogMixerReady- Withdrawals can be now me made, includes: Ring GUID, Signing Message
LogMixerWithdraw- Tokens have been withdrawn from a Ring, includes: Ring GUID, Tag, Token, Value
LogMixerDead- All tokens have been withdrawn from a Ring, includes: Ring GUID
- #34 - Gas payer exposes sender/receiver
- #22 - Only Ether is presently supported
- #32 - Tokens are locked into the Ring until it's filled
- #12 - Withdraw messages can be replayed
Despite being an improvement over the previous iteration which used a Solidity P256k1 implementation, the new alt_bn128 opcodes are still expensive and there are many improvements which can be made to reduce these costs further. If you have any interesting optimisations or solutions to remove storage and memory operations please open an issue.
Currently the Gas usage is:
This will install all the required packages.
testrpc in a separate terminal tab or window.
yarn testrpc # in separate window or tab yarn test
This will compile the contract, deploy to the Ganache instance and run the tests.
git clone email@example.com:clearmatics/mobius.git sudo apt remove cmdtest # remove cmdtest as it may cause errors when installing/using yarn # install yarn curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list sudo apt-get update && sudo apt-get install yarn # install all required packages with yarn yarn install # start up testrpc yarn testrpc # in a separate window or tab, run tests yarn test
Testing with Orbital
The Orbital tool is needed to generate the signatures and random keys for some of the tests. If
orbital is in
yarn test command will run additional tests which verify the functionality of the Mixer contract using randomly generated keys instead of the fixed test cases.