# DMix Summary ## Index [TOC] ## What threhsold signatures are - A signature in the blockchain is like a digital signature used to prove ownership or authorization of a transaction. - Multi-signatures in blockchain allow for more than one person or entity to authorize a transaction, providing an extra layer of security. - Threshold signatures are a type of multi-signature that require a certain number of authorized signatures to reach a threshold before a transaction can be executed. - They offer increased security and privacy as they only use one aggregated public key and address, making them easier to manage. - However, they require more coordination among signatories to reach the threshold, which can be both a strength and a weakness depending on the use case. ## What it is DMix is a protocol acting as a decentralized mixer that allows participants to exchange coins in the Bitcoin blockchain. The protocol leverages threshold signatures to aggregate signatures and ensures both **unlinkability** and **atomicity** properties. Definition below: - **Unlinkability**: The unlinkability property of blockchain transactions refers to the *inability to link one transaction to another*, ensuring that each transaction remains private and independent. - This means that the *transaction history of a user cannot be easily traced or connected to other transactions* they have made, providing greater anonymity and privacy. - The **atomicity** property of blockchain transactions refers to the indivisibility of a transaction, which means that it is executed as a whole or not at all. - for us that basically means "either the protocol ends well, or participants get their coins back": even if the majority of participants is malicious, nobody will never loose funds ## How it works Normally a (centralized) mixer is a "black box": Alice, Bob and Carol put money in, they hope to get money out (see below for a diagram) The problems: since the mixer is a central party, then: - it can steal - it can censor - it can report to authorities - it can keep logs - ...  On the other hand, a decentralized mixer is an instance of a mixer with no central party. In practice Alice, Bob and Carol "are their own mixer" together. Dmix in particular is a three steps process (see figure below):  in the following we explain the three steps ### 1. info exchange parties Alice, Bob and Carol do exchange some info, such as the amount of coins they want to exchange, their new addresses, the `max_fee` they want to pay ... they also create an *aggregate public key* together, which is the address of *this particular* DMix (remember: there is no "one" DMix, since it is not centralized: each group of participants creates its own DMix instance) ### 2. InDMix Transactions parties Alice, Bob and Carol send their coins to this aggregate public key/address ### 3. OutDMix Transaction from the input transactions of step 2, the parties sign *together* a new transaction toward their own *new* addresses ### Bonus: malicious parties Assume Alice is malicious. she performs step2, but she does not perform step 3. This is not a problem: each InDMix transaction (step 2) is time-locked (details in the paper): if step3 is not done in a suitable amount of time (e.g. 3 hours) then Bob and Carol can get their fund back ## What it solves in practice, parties Alice, Bob and Carol *un-link* the old addresses from the new ones by going through DM. Participants gain privacy since external observers aren't able to follow the flow of funds ## Future works - put DMix into wallets - create a people-matching platform - improve output decomposition (many outputs means too much fees) ## More Resources - paper: <https://fadibarbara.it/papers/dmix.pdf> - repository github: <https://github.com/disnocen/dmix2> - youtube video with demo explanation: <https://www.youtube.com/watch?v=Awcf-7G5vn8> - post telegram by nobullshitbitcoin: <https://t.me/nobullshitbitcoin/2803> - the output decomposition problem: <https://fadibarbara.it/output-decomp-problem.html>