ValueShuffle: Mixing Confidential Transactions for Comprehensive Transaction Privacy in Bitcoin

  • Tim RuffingEmail author
  • Pedro Moreno-Sanchez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10323)


The public nature of the blockchain has been shown to be a severe threat for the privacy of Bitcoin users. Even worse, since funds can be tracked and tainted, no two coins are equal, and fungibility, a fundamental property required in every currency, is at risk. With these threats in mind, several privacy-enhancing technologies have been proposed to improve transaction privacy in Bitcoin. However, they either require a deep redesign of the currency, breaking many currently deployed features, or they address only specific privacy issues and consequently provide only very limited guarantees when deployed separately.

The goal of this work is to overcome this trade-off. Building on CoinJoin, we design ValueShuffle, the first coin mixing protocol compatible with Confidential Transactions, a proposed enhancement to the Bitcoin protocol to hide payment values in the blockchain. ValueShuffle ensures the anonymity of mixing participants as well as the confidentiality of their payment values even against other possibly malicious mixing participants. By combining CoinJoin with Confidential Transactions and additionally Stealth Addresses, ValueShuffle provides comprehensive privacy (payer anonymity, payee anonymity, and payment value privacy) without breaking with fundamental design principles or features of the current Bitcoin system. Assuming that Confidential Transactions will be integrated in the Bitcoin protocol, ValueShuffle makes it possible to mix funds of different value as well as to mix and spend funds in the same transaction, which overcomes the two main limitations of previous coin mixing protocols.



We thank Pieter Wuille for pointing out a mistake in a preprint, and we thank the anonymous reviewers for their very helpful comments. This work was supported by the German Ministry for Education and Research (BMBF) through funding for the German Universities Excellence Initiative.


  1. 1.
    Andresen, G.: Pay to script hash, BIP 16.
  2. 2.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  3. 3.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  4. 4.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from Bitcoin. In: S&P 2014 (2014)Google Scholar
  5. 5.
    Bissias, G., Ozisik, A.P., Levine, B.N., Liberatore, M.: Sybil-resistant mixing for Bitcoin. In: WPES 2014 (2014)Google Scholar
  6. 6.
    Bitcoin Core: Segregated witness: the next steps.
  7. 7.
    Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for Bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). Google Scholar
  8. 8.
    Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. J. Cryptol. 22(4), 470–504 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Corrigan-Gibbs, H., Ford, B.: Dissent: accountable anonymous group messaging. In: CCS 2010 (2010)Google Scholar
  11. 11.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security 2004 (2004)Google Scholar
  12. 12.
    Elements Project: Alpha sidechain.
  13. 13.
    Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254–271. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  14. 14.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC 2011 (2011)Google Scholar
  15. 15.
  16. 16.
    Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. In: NDSS 2017 (2017)Google Scholar
  17. 17.
    Heilman, E., Baldimtsi, F., Goldberg, S.: Blindly signed contracts: anonymous on-blockchain and off-blockchain Bitcoin transactions. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 43–60. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in Bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). Google Scholar
  20. 20.
    Lombrozo, E., Lau, J., Wuille, P.: Segregated witness (consensus layer), BIP 141.
  21. 21.
    Maxwell, G.: CoinJoin: Bitcoin privacy for the real world. Post on Bitcoin Forum (2013).
  22. 22.
    Maxwell, G.: Confidential transactions (2015).
  23. 23.
    Maxwell, G., Poelstra, A.: Borromean ring signatures (2015).
  24. 24.
    Meiklejohn, S., Orlandi, C.: Privacy-enhancing overlays in Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 127–141. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  25. 25.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: IMC 2013 (2013)Google Scholar
  26. 26.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: S&P 2013 (2013)Google Scholar
  27. 27.
    Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger (2016).
  28. 28.
    Noether, S.: Review of CryptoNote white paper.
  29. 29.
    OmegaStarScream: Bitcoin Core & pruning mode. Bitcoin Forum.
  30. 30.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Google Scholar
  31. 31.
  32. 32.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks. Springer, New York (2013). Google Scholar
  33. 33.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). Google Scholar
  34. 34.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: P2P mixing and unlinkable Bitcoin transactions. In: NDSS 2017 (2017)Google Scholar
  35. 35.
    van Saberhagen, N.: CryptoNote (2013).
  36. 36.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). Google Scholar
  38. 38.
    Todd, P.: Stealth addresses. Post on Bitcoin development mailing list.
  39. 39.
    Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  40. 40.
    Wuille, P.: Hierarchical deterministic wallets, BIP 32.
  41. 41.
  42. 42.
    Ziegeldorf, J.H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: Secure multi-party mixing of bitcoins. In: CODASPY 2015 (2015)Google Scholar

Copyright information

© International Financial Cryptography Association 2017

Authors and Affiliations

  1. 1.Saarland UniversitySaarbrückenGermany
  2. 2.Purdue UniversityWest LafayetteUSA

Personalised recommendations