Making Bitcoin truly anonymous – TumbleBit explained Part 3

in #bitcoin7 years ago

Heard of TumbleBit but never really understood what it was?

This part 3 of the series will explain the way TumbleBit solves the problem of trust. In part 1 of the series I explained what traditional Tumblers are, their shortcomings, and why you need to watch the Stratis Breeze Wallet (beta is released) to keep up with the developments of privacy within Bitcoin. In part 2 I discussed how TumbleBit tackles the privacy problem- one of the two main problems for traditional Tumblers posed in part 1.

Privacy.jpg


Problem of Trust

What still remains is how Tumblebit can be prevented from stealing if malicious? This second main problem - the issue of trust - is what will be discussed in this part. First we have to have more info on TumbleBit as a payment hub. Still, only the basic idea of how a trustless payment hub works is explained. The complexity of TumbleBit is way beyond this, it however helps to understand how TumbleBit works.


The Payment Hub

Pica 1 Hub.jpg

To be able to explain how TumbleBit solves the trust issue, we first have to look at how a unidirectional payment hub works. It sounds more complex than it is, so just bear (or bull) with me. As an example we think about Alice wanting to send 1btc to Bob via the Hub.

Pica 2 Hub.jpg

As you can see, the set transactions are escrow transactions. That way the transactions must be signed by both Alice (or Bob) and the Hub.

Pica 3 Hub.jpg

If the Payment Hub doesn’t sign, the 1btc is refunded to Alice after 1 month. Giving us this picture:

Pica 4 Hub.jpg

So Alice wants to pay Bob 1btc with this setup. Alice creates a transaction claim, as does the Payment Hub (transaction Claim2).

Pica 5 Hub.jpg

To authorize the transaction, Alice signs Claim 1 and the Payment Hub similarly signs Claim 2.

Pica 6 Hub.jpg

When the Payment Hub signs Claim 1 – like illustrated below - and Bob signs Claim 2….

Pica 6,5 Hub.jpg

… a full transaction from Alice to Bob via the Payment Hub can be illustrated:

Pica 7 Hub.jpg

So what’s the problem?

Well.. what if the Payment Hub is malicious? How can we trust the Payment Hub not to take Alice’s bitcoin by not signing the claim transaction from Bob? Obviously there is a problem when Alice signs Claim1 before the Hub signs Claim2.

Pica 8 Hub.jpg

If the Hub signs Claim2 before Alice signs Claim1 the same problem is presented. Bob can claim his 1btc from the Hub while Alice refuses to sign Claim 1 - resulting in a refund of her 1btc.


Solution

One way to prevent theft from the Payment Hub is to make Claim1 and Claim2 happen atomically. That way they either both happen or don’t happen at all.

Pica 9 Hub.jpg

It is possible to do this with Hash locks.

Pica 10 Hub.jpg

Due to this hash lock, we can agree on the Payment Hub having to share ‘X’ with Alice in order to claim the 1btc. Bob also needs the same value ‘X’ in order to get his 1btc from the Hub. At the moment Alice receives X from the Hub, she shares it with Bob in order for him to conclude the transaction (and get his 1btc).

Pica 11 Hub.jpg

The result is a trustless system in which no one has to be afraid of malicious players.

Pica 13 Hub.jpg


A new occuring problem however is that when you have a bunch of people using this, the payment hub can link the hash locks that are used.

Pica 12 Hub.jpg

Solving the problem of trust therefore does not solve the problem of privacy. The main idea behind TumbleBit is a protocol which provides atomicity but is also unlinkable. Luckily we already discussed how to solve that problem in Making Bitcoin truly anonymous – Part 2.
In the next and final part (4) TumbleBit will be compared to privacy-centric coins such as Monero and Zcash. Why do we need TumbleBit when we have privacy-centric coins?


Something not clear in this part? Check out this presentation by Ethan Heilman and Leen AlShenibr


For more information on TumbleBit go to:
TumbleBit scientific paper

For more information on the Breeze Wallet from Stratis go to:
Stratis Website
Stratis Blog
Stratis Reddit

Thank you for reading