S14 E8: Fadi Barbàra on DMix & Bitcoin Privacy

Fadi Barbàra is a cryptography researcher from the University of Turin who came up with the DMix protocol: an interesting combination between a Taproot multi-signature transaction and a CoinJoin which serves the purpose of obscuring the inputs and thus adding an aura of mystery around the generated outputs.

Traditionally, CoinJoins are shamelessly evident: by having multiple inputs and outputs, they signal to any vigilant eye observing the public blockchain that such a collaborative transaction has happened. However, the role of a CoinJoin is not to conceal its existence or to temporarily bury the coins into a dark pit.

The point of a CoinJoin is to create plausible deniability, as almost any input can be associated with almost any of the outputs. In the case of protocols such as Wasabi 1.0 and Whirlpool, there’s an equal number of inputs and outputs, while the bitcoin amounts in the output are equal. In the case of Wabisabi (Wasabi 2.0), you get an unequal number of inputs and outputs, with amounts that start at 0.0001 BTC and have no upper limit. The Wabisabi coordinator will perform divisions and consolidations for the given inputs, in a way that creates even more confusion. However, all of these privacy techniques are obvious to any blockchain analyst, and in many cases the inputs are known due to previous KYC/AML tracking.

Also, Taproot multisigs come with a great privacy benefit: they look just like any other transaction to other blockchain observer, thus providing a great amount of plausible deniability. Only the participants to this multi-signature transaction know what is really going on. So Fadi Barbàra thought about combining Taproot multisigs with the CoinJoin to create a new protocol named DMix.

However, DMix is not perfect: the participants to the multisig and CoinJoin transactions are aware who the other inputs are. So this operation must take place within a trusted setup in which all the participants know that nobody else will divulge information about what happened. Otherwise, the entire operation becomes no better than a regular CoinJoin.

Fadi’s Journey into Bitcoin Privacy

When we recorded this interview in August 2023, Fadi was still working for a state-funded university in Italy, and found it ironic that he’s researching Bitcoin privacy with funding from the government. While the university finances his research, the actual implementation of the protocol is done outside the halls of academia. Fadi Barbàra’s journey into Bitcoin began in 2013, and he was immediately intrigued by the concept of decentralized money. He also spent some time working on the trading side of Bitcoin during his PhD.

When I asked Fadi about how he convinced his supervisor to let him work on Bitcoin, he explained that he proposed it as a stepping stone to his PhD project on interoperability between blockchains. His research on Dmix, which is part of his work, started as a way to create privacy and increase the fungibility of Bitcoin.

DMix vs CoinJoin: The Differences

One of the main topics we discussed was the difference between DMix and CoinJoin. Fadi explained that DMix uses CoinJoin as part of its second transaction, but removes toxic outputs typically associated with CoinJoin. He provided a general overview of how DMix works, including information exchange, the mixer transaction, and achieving transaction threshold signature.

Unlike multisig, where each participant has their own signature, DMix uses an aggregated signature. This means that all participants sign the transaction together, creating just one signature regardless of the number of people involved. To achieve this, all parties must have the same message to sign, which is the transaction itself. However, in real life, they don’t know each other’s inputs, so they create multiple outputs in a deterministic way. They then go online to sign the transaction together and publish it on the blockchain.

The Privacy Aspects of DMix

Fadi and I delved into the privacy aspects of DMix and the potential for increased anonymity. We discussed how DMix offers a more private way to view transaction amounts compared to the current system. We also touched on the use of threshold signatures and the potential for fresher signatures with ECDSA. Fadi explained that the pool aspect of DMix is still being researched and they are exploring ways to incentivize users to keep their coins in the mixing system.

The Trustlessness of DMix

We also discussed the trustlessness of DMix and whether participants need to trust each other. Fadi explained that currently, participants exchange addresses in plaintext and recommends doing so with people they already know and trust. However, they are working on making this address exchange more private using multi-party computation, where participants exchange polynomials without knowing which address belongs to whom. This reduces the risk of malicious parties identifying specific addresses.

The Potential Use of DMix by Exchanges

We also touched on the potential use of DMix by exchanges and entities with high liquidity. Fadi agreed that exchanges could benefit from DMix’s privacy features and mentioned that they are working to make it more accessible.

Fadi’s Opinions on Bitcoin Privacy

When asked about his opinions on various topics related to Bitcoin privacy, Fadi admitted that he hasn’t looked into proposed soft forks or Drivechains extensively, as his focus has been on solving other problems. However, he acknowledged that these proposals may offer solutions to some of the existing issues.

Fadi Barbàra on The Future of DMix and Bitcoin Privacy

Fadi discussed the potential of DMix and its compatibility with other existing solutions. He agreed that using multiple solutions simultaneously may be the best approach to achieve optimal privacy and fungibility. He acknowledged that while DMix may have some limitations, it is important to consider the multi-dimensional nature of privacy and the difficulty in comparing different privacy solutions.

Wrapping Up

As we wrapped up our conversation, Fadi Barbàra shared his contact information for those who want to reach out to him privately. He can be found on Telegram with the nickname @fadibarbara and on Twitter with the handle @disnocen. He also mentioned having a YouTube channel, although he doesn’t publish content frequently.

I want to thank Fadi for his time and for sharing his insights on Bitcoin privacy. I look forward to continuing the conversation during a panel at the Baltic Honey Badger event. Until then, keep exploring the world of Bitcoin and stay tuned for more exciting discussions on the Bitcoin Takeover Podcast!

Listen to Fadi Barbàra talk about Dmix & Bitcoin privacy on Apple Podcasts, Spotify, YouTube & more!

Fadi’s background and introduction (00:02:11) Discussion about Fadi Barbara’s work on DMix and Bitcoin privacy, his research in Turin at a state-funded university, and his journey into Bitcoin.

Explanation of DMix and how it works (00:10:13) Overview of DMix as a two-transaction protocol, the use of CoinJoin in the second transaction, and the three-phase process of the mix.

The transaction threshold signature (00:14:40) Explanation of how transaction threshold signatures work and the difference between a multisig and an aggregated signature.

The goal of DMix (00:18:53) Comparison between DMix and other coinjoin protocols, with a focus on the goal of removing the need for a coordinator or centralization.

Scalability and the limit of mixes (00:26:49) Discussion on the technical limit of mixes based on transaction size, the trade-off between decentralization and popularity, and the potential for larger transaction sizes.

DMix as a privacy facilitator (00:29:44) Discussion on how the mix in DMix improves privacy by creating unlinkability and the trade-off between privacy and protocol rules.

Incentivizing participation in the mixing system (00:33:39) Exploration of the research phase regarding financial incentives for users to keep their coins in the mixing system and the importance of liquidity.

Toxic change and its elimination in DMix (00:38:23) Explanation of how DMix handles toxic change by creating a greatest common divisor of the coins being exchanged, ensuring no toxic output in the final mix transaction.

Address Reuse and Blockchain Privacy (00:43:18) Fadi Barbara discusses the importance of address reuse in blockchain privacy and the ongoing study of address reuse on the blockchain.

Trust in DMix and Anonymity Set (00:45:42) Fadi addresses the issue of trust in DMix and the potential risk of participants belonging to chain analysis. He also discusses the use of multi-party computation to enhance privacy.

DMix in Closed and Open Settings (00:50:57) The speaker discusses the suitability of DMix in closed settings, such as exchanges, and the ongoing efforts to make it suitable for open settings where anyone can participate.

The proposed soft forks and Drivechains (00:57:04) Discussion about the potential solutions to Bitcoin’s privacy problems through proposed soft forks and Drivechains.

Controversy between Wasabi and Samourai wallet (00:58:20) Exploration of the differences and opinions on Wasabi and Samourai, their strengths, weaknesses, and potential for improvement.

Statechains and coin swap idea (01:03:26) Evaluation of the concept of statechains and coin swap as a method of transferring ownership of coins without on-chain transactions, including the benefits and challenges associated with the approach.

Using DMix in conjunction with existing solutions like CoinJoin or CoinSwap (01:11:35) Vlad asks Fadi if DMix can be used alongside other privacy solutions or if it is meant to replace them.

Confidential transactions and the need for soft or hard forks (01:12:26) Fadi Barbara discusses how confidential transactions, which require changes at the protocol level, are necessary for achieving better privacy. He also mentions that the Elements project is currently testing these features.

How listeners can help and contribute to the development of DMix (01:20:08) Vlad asks Fadi Barbara how listeners can support the development of DMix, including spreading the word, donating, and providing criticism and feedback.

Contact information and online presence (01:24:18) Fadi shares his contact information, including his Telegram nickname, Twitter handle, and YouTube channel.

Let’s talk more at Baltic Honeybadger (01:25:00) Vlad mentions that he ran out of questions and they will continue the conversation during a panel at the Baltic Honey Badger event.

Appreciation for Fadi’s research (01:26:00) Vlad expresses gratitude for Fadi’s research and discusses the challenges of finding worthwhile academic papers on Bitcoin.

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me