Abstract Coin mixing is an efficient anonymization technology of cryptocurrency used to eliminate the linkability of transaction parties by hiding their addresses in an anonymous set. However, a common weakness with most existing coin mixing schemes is that the amount of mixed coins must be the same for all requests within a mixing cycle, otherwise it is easy for an attacker to restore the linkability of transaction parties. In this paper, we design a stage-payable puzzle solution mechanism, named CoinFA, which reverses the control of the requesting amounts to the users for flexible mixing amounts. In our design, the payee (with an output address) first requests a puzzle from the mixers and the latter are the only ones who know the solution of the puzzle. If the payee solves the puzzle successfully, he can be rewarded with the corresponding Bitcoins. The payer (allowed to have multiple input addresses) then requests the solution by paying in installments. We achieve better security by weakening the rights of the involved third parties, while the hierarchical structure allows our solution to have better efficiency and robustness. We perform a security analysis on CoinFA based on the standard Rivest-Shamir-Adleman (RSA) assumption and Elliptic Curve Digital Signature Algorithm unforgeability. We also analyze the performance of CoinFA by comparing it with two related schemes, and the results show that our CoinFA scheme has a greater advantage when the mixing amount is relatively small.
Read full abstract