By Aaron van
TumbleBit is probably one of the most promising technological advancements built on top of Bitcoin to date. Not only does it offer one of the best – if not the best – privacy related innovations so far, it can also provide significant scaling benefits as a payment hub. The solution is also fully compatible with the current Bitcoin protocol and, most important, it is in an advanced stage of development.
“The prospect is good that before summer we will have software that regular users can safely use,” one of TumbleBit’s inventors, Ethan Heilman, told Bitcoin Magazine .
TumbleBit has made a good deal of progress in little time. The idea was first proposed last summer by Heilman, Leen AlShenibr, Foteini Baldimtsi, Alessandra Scafuro and Sharon Goldberg. The group of university researchers also coded up a proof of concept and even made successful test transactions on Bitcoin’s blockchain. Shortly after, in September, Heilman and AlShenibr presented their proposal at Scaling Bitcoin Milan , where it was very well received: enthusiasts even made two different trailers celebrating the innovation.
Inspired by its potential, author of the book “Programming The Blockchain in C# ” and NBitcoin developer Nicolas Dorier started working on his own implementation of TumbleBit in the C# programming language , called NTumbleBit.
“His work is very impressive, so we decided to move over to it, and NTumbleBit is now the official TumbleBit implementation,” Heilman explained. “Much progress has been made over the past months, and we are now working to ensure that the software is as secure as it can be, and as tested as it can be. We are also building the operational tools necessary for it to be deployed in production.”
TumbleBit merges several cryptographic tricks to allow for a completely trustless coin mixing service. In “Classic Tumbler mode,” all users connect through a central TumbleBit server and send coins to one another in such a way that everyone receives as much as they sent. Using a series of clever cryptographic tricks, this is done so no one can steal coins and no one knows who’s sending bitcoins to whom, not even the central server. Hundreds of users can participate at the same time, thereby obfuscating blockchain trails and, in turn, vastly improving Bitcoin privacy for everyone involved.
Speaking to Bitcoin Magazine , Dorier explained how this is done with his NTumbleBit implementation.
“Users will need to use a Bitcoin Core full node as a wallet; pruning mode is fine, so they don’t need to store the entire blockchain,” he said. “Then, the NTumbleBit client slowly drains all the coins from the wallet, and connects to the NTumbleBit server to mix them. Completely different coins are returned to the user, preferably to an HD public key for light wallets, though the Bitcoin Core wallet is an option too. The whole process can take a couple of hours depending on the amount to mix, but then everyone will have a completely different batch of coins.”
Dorier completed a first iteration of the NBitcoin software and has stepped back from active development.
Now, others are picking up where Dorier left off.
As an important next step, the co-author of Dorier’s C# Bitcoin book, Ficsór Ádám, traveled to Tokyo – where Dorier lives – to help with Tor integration.
Anonymizing through Tor may be needed to ensure that the NTumbleBit server can operate as a hidden service. Not all regulators will be very happy with the existence of such a coin mixing tool, and it is possible TumbleBit server operators may encounter trouble when providing the service. (This is also one of the reasons Dorier hasn’t tested the implementation on main net himself, and is instead sticking to testnet.)
But Tor integration is also very much required for TumbleBit to work as advertised, at least in Classic Tumbler mode, Ádám explained.
“In Classic Tumbler mode, everyone is effectively sending bitcoins to themselves,” he said. “Everyone receives new bitcoins, so it breaks the blockchain links. But if everyone communicates with the TumbleBit server through their own IP addresses, that server can easily re-establish the link: it can simply link the IP addresses of sending and receiving Bitcoin addresses and conclude it’s the same person. That’s solved with Tor.”
And then, of course, TumbleBit must actually be made usable – and not only usable for command-line techies, but for regular users as well. After all, the greater the number of people who use TumbleBit, the greater the number of Bitcoin addresses that get mixed together. This increases the anonymity set and therefore benefits everyone’s privacy, including that of command-line techies.
This step is being realized by Dan Gould. An undergraduate at Boston University, Gould is working on a graphic user interface for NTumbleBit. This user interface should make mixing coins with TumbleBit as easy as clicking a button.
All in all, Heilman expects that the first working and usable release of NTumbleBit may be available within months.
“It’s hard to say with certainty, but many of the pieces are in place, and there should be even more people working on NTumbleBit in March, including myself and Leen,” he said.
Finally, TumbleBit is capable of more than just increasing privacy.
TumbleBit in Classic Tumbler mode may be the best mixing solution for Bitcoin so far ( ValueShuffle is another candidate). But in “Payment Hub mode,” a TumbleBit server can, indeed, act as a payment hub. Not unlike the lightning network , this allows users to transact with other users “off-chain” for an extended period of time. If both a customer and a merchant are connected to the TumbleBit server, for example, the customer can make a payment in bitcoin, while neither the customer nor the merchant (nor the tumbler) learn anything about each other’s Bitcoin addresses.
“While we have no timelines yet, we are definitely building Payment Hub mode as well,” Heilman acknowledged. “But our first goal is Classic Tumbler mode; that is 95 percent of the work from a coding perspective.”
And, as with so many of Bitcoin’s tech innovations, TumbleBit could also benefit from Segregated Witness (“SegWit”). The protocol upgrade proposed by the Bitcoin Core development team would solve Bitcoin’s long-standing malleability bug; however, adoption of the proposal currently seems uncertain.
“SegWit is an across-the-board win for anything doing anything with payment channels,” Heilman said. “The biggest advantages are for TumbleBit in Payment Hub mode, as it would allow for more flexibility in payments and an overall smoother user experience. If SegWit happens, then some of the research I’m working on now to improve TumbleBit will happen on Bitcoin. If SegWit doesn’t happen, TumbleBit will still happen exactly as we planned, but my further research will probably target Litecoin or other coins with malleability fixes.”