{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T05:55:47Z","timestamp":1776837347309,"version":"3.51.2"},"reference-count":36,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"2","license":[{"start":{"date-parts":[[2018,2,20]],"date-time":"2018-02-20T00:00:00Z","timestamp":1519084800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,4,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Cryptocurrencies allow users to securely transfer money without relying on a trusted intermediary, and the transparency of their underlying ledgers also enables public verifiability. This openness, however, comes at a cost to privacy, as even though the pseudonyms users go by are not linked to their real-world identities, all movement of money among these pseudonyms is traceable. In this paper, we present M\u00f6bius, an Ethereum-based<jats:italic>tumbler<\/jats:italic>or<jats:italic>mixing service<\/jats:italic>. M\u00f6bius achieves strong notions of anonymity, as even malicious senders cannot identify which pseudonyms belong to the recipients to whom they sent money, and is able to resist denial-of-service attacks. It also achieves a much lower off-chain communication complexity than all existing tumblers, with senders and recipients needing to send only two initial messages in order to engage in an arbitrary number of transactions.<\/jats:p>","DOI":"10.1515\/popets-2018-0015","type":"journal-article","created":{"date-parts":[[2018,2,27]],"date-time":"2018-02-27T10:49:28Z","timestamp":1519728568000},"page":"105-121","source":"Crossref","is-referenced-by-count":54,"title":["M\u00f6bius: Trustless Tumbling for Transaction Privacy"],"prefix":"10.56553","volume":"2018","author":[{"given":"Sarah","family":"Meiklejohn","sequence":"first","affiliation":[{"name":"University College London"}]},{"given":"Rebekah","family":"Mercer","sequence":"additional","affiliation":[{"name":"Aarhus University"}]}],"member":"35752","published-online":{"date-parts":[[2018,2,20]]},"reference":[{"key":"2021040906160767953_j_popets-2018-0015_ref_001_w2aab3b7b7b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] E. Androulaki, G. Karame, M. Roeschlin, T. Scherer, and S. Capkun. Evaluating user privacy in Bitcoin. In A.-R. Sadeghi, editor, FC 2013, volume 7859 of LNCS, pages 34\u201351, Okinawa, Japan, Apr. 1\u20135, 2013. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-642-39884-1_4"},{"key":"2021040906160767953_j_popets-2018-0015_ref_002_w2aab3b7b7b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] M. Bellare, D. Micciancio, and B. Warinschi. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In E. Biham, editor, EUROCRYPT 2003, volume 2656 of LNCS, pages 614\u2013629, Warsaw, Poland, May 4\u20138, 2003. Springer, Heidelberg, Germany.","DOI":"10.1007\/3-540-39200-9_38"},{"key":"2021040906160767953_j_popets-2018-0015_ref_003_w2aab3b7b7b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from Bitcoin. In 2014 IEEE Symposium on Security and Privacy, pages 459\u2013474, Berkeley, CA, USA, May 18\u201321, 2014. IEEE Computer Society Press.","DOI":"10.1109\/SP.2014.36"},{"key":"2021040906160767953_j_popets-2018-0015_ref_004_w2aab3b7b7b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] E. Ben-Sasson, A. Chiesa, D. Genkin, E. Tromer, and M. Virza. SNARKs for C: Verifying program executions succinctly and in zero knowledge. In R. Canetti and J. A. Garay, editors, CRYPTO 2013, Part II, volume 8043 of LNCS, pages 90\u2013108, Santa Barbara, CA, USA, Aug. 18\u201322, 2013. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-642-40084-1_6"},{"key":"2021040906160767953_j_popets-2018-0015_ref_005_w2aab3b7b7b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] E. Ben-Sasson, A. Chiesa, M. Green, E. Tromer, and M. Virza. Secure sampling of public parameters for succinct zero knowledge proofs. In 2015 IEEE Symposium on Security and Privacy, pages 287\u2013304, San Jose, CA, USA, May 17\u201321, 2015. IEEE Computer Society Press.","DOI":"10.1109\/SP.2015.25"},{"key":"2021040906160767953_j_popets-2018-0015_ref_006_w2aab3b7b7b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] G. Bissias, A. P. Ozisik, B. N. Levine, and M. Liberatore. Sybil-resistant mixing for Bitcoin. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, pages 149\u2013158. ACM, 2014.","DOI":"10.1145\/2665943.2665955"},{"key":"2021040906160767953_j_popets-2018-0015_ref_007_w2aab3b7b7b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] J. Bonneau, A. Narayanan, A. Miller, J. Clark, J. A. Kroll, and E. W. Felten. Mixcoin: Anonymity for Bitcoin with accountable mixes. In N. Christin and R. Safavi-Naini, editors, FC 2014, volume 8437 of LNCS, pages 486\u2013504, Christ Church, Barbados, Mar. 3\u20137, 2014. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-45472-5_31"},{"key":"2021040906160767953_j_popets-2018-0015_ref_008_w2aab3b7b7b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] X. Boyen and B. Waters. Full-domain subgroup hiding and constant-size group signatures. In T. Okamoto and X. Wang, editors, PKC 2007, volume 4450 of LNCS, pages 1\u201315, Beijing, China, Apr. 16\u201320, 2007. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-540-71677-8_1"},{"key":"2021040906160767953_j_popets-2018-0015_ref_009_w2aab3b7b7b1b6b1ab1ab9Aa","doi-asserted-by":"crossref","unstructured":"[9] D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, editor, EUROCRYPT\u201991, volume 547 of LNCS, pages 257\u2013265, Brighton, UK, Apr. 8\u201311, 1991. Springer, Heidelberg, Germany.","DOI":"10.1007\/3-540-46416-6_22"},{"key":"2021040906160767953_j_popets-2018-0015_ref_010_w2aab3b7b7b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] G. Danezis and A. Serjantov. Statistical disclosure or intersection attacks on anonymity systems. In International Workshop on Information Hiding, pages 293\u2013308. Springer, 2004.","DOI":"10.1007\/978-3-540-30114-1_21"},{"key":"2021040906160767953_j_popets-2018-0015_ref_011_w2aab3b7b7b1b6b1ab1ac11Aa","unstructured":"[11] J. Edwards. Two guys on Reddit are chasing a thief who has $220 million in bitcoins, Dec. 2013. www.businessinsider.com\/220-million-sheep-marketplace-bitcoin-theft-chase-2013-12."},{"key":"2021040906160767953_j_popets-2018-0015_ref_012_w2aab3b7b7b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] M. Franklin and H. Zhang. A framework for unique ring signatures. Cryptology ePrint Archive, Report 2012\/577, 2012. http:\/\/eprint.iacr.org\/2012\/577.","DOI":"10.1007\/978-3-642-33167-1_37"},{"key":"2021040906160767953_j_popets-2018-0015_ref_013_w2aab3b7b7b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] M. K. Franklin and H. Zhang. Unique ring signatures: A practical construction. In A.-R. Sadeghi, editor, FC 2013, volume 7859 of LNCS, pages 162\u2013170, Okinawa, Japan, Apr. 1\u20135, 2013. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-642-39884-1_13"},{"key":"2021040906160767953_j_popets-2018-0015_ref_014_w2aab3b7b7b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] J. Groth and M. Kohlweiss. One-out-of-many proofs: Or how to leak a secret and spend a coin. In E. Oswald and M. Fischlin, editors, EUROCRYPT 2015, Part II, volume 9057 of LNCS, pages 253\u2013280, Sofia, Bulgaria, Apr. 26\u201330, 2015. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-46803-6_9"},{"key":"2021040906160767953_j_popets-2018-0015_ref_015_w2aab3b7b7b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] G. Gutoski and D. Stebila. Hierarchical deterministic bitcoin wallets that tolerate key leakage. In R. B\u00f6hme and T. Okamoto, editors, FC 2015, volume 8975 of LNCS, pages 497\u2013504, San Juan, Puerto Rico, Jan. 26\u201330, 2015. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-47854-7_31"},{"key":"2021040906160767953_j_popets-2018-0015_ref_016_w2aab3b7b7b1b6b1ab1ac16Aa","doi-asserted-by":"crossref","unstructured":"[16] E. Heilman, L. Alshenibr, F. Baldimtsi, A. Scafuro, and S. Goldberg. TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. In Proceedings of NDSS 2017, 2017.","DOI":"10.14722\/ndss.2017.23086"},{"key":"2021040906160767953_j_popets-2018-0015_ref_017_w2aab3b7b7b1b6b1ab1ac17Aa","unstructured":"[17] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on Bitcoin\u2019s peer-to-peer network. In Proceedings of USENIX Security 2015, 2015."},{"key":"2021040906160767953_j_popets-2018-0015_ref_018_w2aab3b7b7b1b6b1ab1ac18Aa","unstructured":"[18] D. Hopwood, S. Bowe, T. Hornby, and N. Wilcox. Zcash Protocol Specification, Version 2016.0-alpha-3.1, May 2016. Accessed at: https:\/\/github.com\/zcash\/zips\/blob\/master\/protocol\/protocol.pdf."},{"key":"2021040906160767953_j_popets-2018-0015_ref_019_w2aab3b7b7b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] A. E. Kosba, A. Miller, E. Shi, Z. Wen, and C. Papamanthou. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In 2016 IEEE Symposium on Security and Privacy, pages 839\u2013858, San Jose, CA, USA, May 22\u201326, 2016. IEEE Computer Society Press.","DOI":"10.1109\/SP.2016.55"},{"key":"2021040906160767953_j_popets-2018-0015_ref_020_w2aab3b7b7b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] J. K. Liu, V. K. Wei, and D. S. Wong. Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, ACISP 04, volume 3108 of LNCS, pages 325\u2013335, Sydney, NSW, Australia, July 13\u201315, 2004. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-540-27800-9_28"},{"key":"2021040906160767953_j_popets-2018-0015_ref_021_w2aab3b7b7b1b6b1ab1ac21Aa","unstructured":"[21] G. Maxwell. CoinJoin: Bitcoin privacy for the real world. bitcointalk.org\/index.php?topic=279249, Aug. 2013."},{"key":"2021040906160767953_j_popets-2018-0015_ref_022_w2aab3b7b7b1b6b1ab1ac22Aa","unstructured":"[22] S. Meiklejohn and R. Mercer. M\u00f6bius: Trustless tumbling for transaction privacy. IACR Cryptology ePrint Archive, Report 2017\/881, 2017. http:\/\/eprint.iacr.org\/2017\/881.pdf."},{"key":"2021040906160767953_j_popets-2018-0015_ref_023_w2aab3b7b7b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] S. Meiklejohn and C. Orlandi. Privacy-enhancing overlays in Bitcoin. In M. Brenner, N. Christin, B. Johnson, and K. Rohloff, editors, FC 2015 Workshops, volume 8976 of LNCS, pages 127\u2013141, San Juan, Puerto Rico, Jan. 30, 2015. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-48051-9_10"},{"key":"2021040906160767953_j_popets-2018-0015_ref_024_w2aab3b7b7b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 Internet Measurement Conference, pages 127\u2013140. ACM, 2013.","DOI":"10.1145\/2504730.2504747"},{"key":"2021040906160767953_j_popets-2018-0015_ref_025_w2aab3b7b7b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] I. Miers, C. Garman, M. Green, and A. D. Rubin. Zerocoin: Anonymous distributed E-cash from Bitcoin. In 2013 IEEE Symposium on Security and Privacy, pages 397\u2013411, Berkeley, CA, USA, May 19\u201322, 2013. IEEE Computer Society Press.","DOI":"10.1109\/SP.2013.34"},{"key":"2021040906160767953_j_popets-2018-0015_ref_026_w2aab3b7b7b1b6b1ab1ac26Aa","unstructured":"[26] A. Miller, M. M\u00f6ser, K. Lee, and A. Narayanan. An empirical analysis of linkability in the Monero blockchain. arXiv preprint arXiv:1704.04299, 2017."},{"key":"2021040906160767953_j_popets-2018-0015_ref_027_w2aab3b7b7b1b6b1ab1ac27Aa","unstructured":"[27] P. Moreno-Sanchez, M. B. Zafar, and A. Kate. Listening to whispers of Ripple: Linking wallets and deanonymizing transactions in the Ripple network. Proceedings on Privacy Enhancing Technologies, 2016(4):436\u2013453, 2016."},{"key":"2021040906160767953_j_popets-2018-0015_ref_028_w2aab3b7b7b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] M. M\u00f6ser, R. B\u00f6hme, and D. Breuker. An inquiry into money laundering tools in the Bitcoin ecosystem. In Proceedings of the APWG E-Crime Researchers Summit, 2013.","DOI":"10.1109\/eCRS.2013.6805780"},{"key":"2021040906160767953_j_popets-2018-0015_ref_029_w2aab3b7b7b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] F. Reid and M. Harrigan. An analysis of anonymity in the Bitcoin system. In Security and privacy in social networks, pages 197\u2013223. Springer, 2013.","DOI":"10.1007\/978-1-4614-4139-7_10"},{"key":"2021040906160767953_j_popets-2018-0015_ref_030_w2aab3b7b7b1b6b1ab1ac30Aa","doi-asserted-by":"crossref","unstructured":"[30] R. L. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In C. Boyd, editor, ASIACRYPT 2001, volume 2248 of LNCS, pages 552\u2013565, Gold Coast, Australia, Dec. 9\u201313, 2001. Springer, Heidelberg, Germany.","DOI":"10.1007\/3-540-45682-1_32"},{"key":"2021040906160767953_j_popets-2018-0015_ref_031_w2aab3b7b7b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] D. Ron and A. Shamir. Quantitative analysis of the full Bitcoin transaction graph. In A.-R. Sadeghi, editor, FC 2013, volume 7859 of LNCS, pages 6\u201324, Okinawa, Japan, Apr. 1\u20135, 2013. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-642-39884-1_2"},{"key":"2021040906160767953_j_popets-2018-0015_ref_032_w2aab3b7b7b1b6b1ab1ac32Aa","doi-asserted-by":"crossref","unstructured":"[32] T. Ruffing, P. Moreno-Sanchez, and A. Kate. CoinShuffle: Practical decentralized coin mixing for Bitcoin. In M. Kutylowski and J. Vaidya, editors, ESORICS 2014, Part II, volume 8713 of LNCS, pages 345\u2013364, Wroclaw, Poland, Sept. 7\u201311, 2014. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-319-11212-1_20"},{"key":"2021040906160767953_j_popets-2018-0015_ref_033_w2aab3b7b7b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] M. Spagnuolo, F. Maggi, and S. Zanero. BitIodine: Extracting intelligence from the Bitcoin network. In N. Christin and R. Safavi-Naini, editors, FC 2014, volume 8437 of LNCS, pages 457\u2013468, Christ Church, Barbados, Mar. 3\u20137, 2014. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-45472-5_29"},{"key":"2021040906160767953_j_popets-2018-0015_ref_034_w2aab3b7b7b1b6b1ab1ac34Aa","doi-asserted-by":"crossref","unstructured":"[34] L. Valenta and B. Rowan. Blindcoin: Blinded, accountable mixes for Bitcoin. In M. Brenner, N. Christin, B. Johnson, and K. Rohloff, editors, FC 2015 Workshops, volume 8976 of LNCS, pages 112\u2013126, San Juan, Puerto Rico, Jan. 30, 2015. Springer, Heidelberg, Germany.","DOI":"10.1007\/978-3-662-48051-9_9"},{"key":"2021040906160767953_j_popets-2018-0015_ref_035_w2aab3b7b7b1b6b1ab1ac35Aa","unstructured":"[35] N. van Saberhagen. Cryptonote v 2.0. Published at https:\/\/cryptonote.org\/whitepaper.pdf, 2013."},{"key":"2021040906160767953_j_popets-2018-0015_ref_036_w2aab3b7b7b1b6b1ab1ac36Aa","unstructured":"[36] G. Wood. Ethereum: A Secure Decentralised Generalised Transaction Ledger \u2013 Homestead Revision, Jan. 2016. gavwood.com\/paper.pdf."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2018\/2\/article-p105.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2018-0015","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,14]],"date-time":"2022-08-14T23:04:44Z","timestamp":1660518284000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2018\/popets-2018-0015.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,2,20]]},"references-count":36,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2018,2,20]]},"published-print":{"date-parts":[[2018,4,1]]}},"alternative-id":["10.1515\/popets-2018-0015"],"URL":"https:\/\/doi.org\/10.1515\/popets-2018-0015","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,2,20]]}}}