Obscuro: A Bitcoin Mixer using Trusted Execution Environments

Bitcoin provides only pseudo-anonymous transactions, which can be exploited to link payers and payees – defeating the goal of anonymous payments. To thwart such attacks, several Bitcoin mixers have been proposed, with the objective of providing unlinkability between payers and payees. However, existing Bitcoin mixers are not under widespread use, and can be regarded as either insecure or inefficient. We present Obscuro, a highly efficient and secure Bitcoin mixer that utilizes trusted execution environments (TEEs). With the TEE’s confidentiality and integrity guarantees for code and data, our mixer design ensures the correct mixing operations and the protection of sensitive data (i.e., private keys and mixing logs), ruling out coin theft and de-anonymization attacks by a malicious operator. TEE-based implementation does not necessarily prevent the manipulation of inputs (e.g., deposit submissions, blockchain feeds, TEE’s execution states) to the mixer, hence Obscuro is designed to overcome such limitations: it (1) offers an indirect deposit mechanism to prevent a malicious operator from rejecting benign user deposits; and (2) removes the need for storing any operation states outside of the TEE, thereby denying the possibility of state-rewind in conjunction with eclipse attacks. Obscuro provides several unique anonymity features (e.g., minimum mixing set size guarantee, resistant to dropping user deposits) that are not available in existing centralized and decentralized mixers. Our prototype of Obscuro is built using Intel SGX, and we demonstrate its effectiveness in the Bitcoin Testnet. Our implementation mixes 1000 inputs in just 6.49 seconds, which vastly outperforms all of the existing decentralized mixers.