In Part 1: Making the Case I talked about the importance of privacy in general, the state of privacy in Bitcoin and compared TumbleBit with other alternatives. In Part 2 I outlined the endgame, highlighting the potential of what can TumbleBit eventually achieve, a trustless, instant, free, anonymous, scalable payment system on top of Bitcoin. You do not need to read them in order to understand this article.
In Part 2 I have likewise outlined the two main problems that TumbleBit solves:
In this article I will address and make you understand the basic idea behind TumbleBit’s solution to the first problem. Why can the Tumbler not link your bitcoins together?
While my previous articles were hopefully exciting and a lot of fun to read, this one will be another kind of fun. This one aims to give you an “aha” moment. A technological epiphany. If it fails, feel free to comment “you suck.”
Firstly, I would like to quickly recap what traditional mixers are. If you are an expert or have already read Part 1 feel free to skip this section.
The usage of centralized Bitcoin mixers is heavily discouraged on “mainstream” Bitcoin forums because of their ability to steal your bitcoins and the frequent exit scams. Ironically on the deep web they are the most popular options, because if they happened not to be malicious, they provide the strongest and easiest privacy achievable today. Simply put, they are practical.
You send them some bitcoins and they send back completely unrelated ones.
The problem is that the mixer can easily steal your money or worse, deanonymize you.
Now this is where it gets interesting. TumbleBit provides a fascinating solution. It is based on David Chaum’s blind signatures from 1999.
How does Chaum style e-cash work? (all the Wiki links are broken)_Here's the basic idea of blind signing in Chaumian e-cash: Let's suppose that a central issuer (Chaumian e-cash is…_bitcoin.stackexchange.com
Do not run away just yet, I will not go into the math. If you are not willing to go through the above links, and I would say 99% of you are not, I expect you to believe me. The math is there and it is right!
Now let us get down to business and examine how Roger donates 1 bitcoin to Gregory through TumbleBit.
I want to play a game. I created a bunch of puzzles. I pay 1 bitcoin for every solution. Additionally, I solve any puzzle for 1 bitcoin.
So far it does not make much sense, right? Notice that the Tumbler said it solves any puzzle, not just the puzzles it created. This will be important, keep on reading.
Awesome, I can use this game, to pay anonymously to Greg. I choose a puzzle and blind it. Then I make the Tumbler solve this blinded puzzle for 1 bitcoin.
After the Tumbler solved it, I unblind this blinded solution.
Finally, I give this solution and the original puzzle to Greg.
Starting to understand it?
Roger says, I can redeem this solution for 1 bitcoin from the Tumbler. And indeed. Thanks Roger!
If you have not understood it yet, do not worry, I hired the best illustrator to make it easier for you:
p: puzzles: solutionp’ : blinded puzzles’: blinded solution
Roger blinds a puzzle, makes the Tumbler solve this blinded puzzle for 1 bitcoin, unblinds the blinded solution. He then gives the original puzzle and the solution to Greg, and he redeems 1 bitcoin from the Tumbler with them.
The key insight is when Greg and the other 800 payees come to redeem a bitcoin with their own solutions, the Tumbler cannot link the blinded puzzles and the blinded solutions together, which it previously solved for Roger and the other 800 payers, with the real ones.
This is the main idea behind TumbleBit’s anonymization technique. Of course, the final algorithm differs a lot since TumbleBit furthermore solves the issue of trust what complicates this scheme.
What do you think? Are David Chaum, who introduced blind signatures, and Ethan Heilman, who applied them to Bitcoin, amongst the coolest cryptographers in the world? Would you like to know how TumbleBit tackles the coin stealing issue? Find out in the next Understanding TumbleBit episode!