George Mason University
George Mason University Mason
George Mason University

Volgenau professor addresses user privacy in bitcoin transactions through new cyber tool, TumbleBit

April 17, 2017

The digital currency "Bitcoin" is a payment option for consumers in some online transactions, but one that does not always offer sufficient user privacy. Foteini Baldimtsi, an associate professor in Mason's computer science department, and researchers at Boston University and North Carolina State University have been working to change that via an online payment hub called TumbleBit—a tool they now think will also solve a second problem.

TumbleBit improves bitcoin users' privacy by adding a third party—called a tumbler—to transactions. By doing so, TumbleBit makes it more difficult for those outside the transaction to determine which two parties are involved. 

It also increases the number of transactions per second bitcoin can support.

"If you look at, if you check the numbers of the Visa and MasterCard network, what's the upward bound, the bandwidth of how many transactions they can support, you will see that they have a pretty large upper bound. So, they can support maybe 30-to-40000 transactions per second in the whole world," Baldimtsi said. 

By comparison, bitcoin currently only supports five to seven transactions per second. 

TumbleBit can help increase the number of transactions bitcoin can support by moving some transactions off the bitcoin blockchain—the public record of all bitcoin transactions—so that they happen through TumbleBit's tumbler, through a third party, Baldimtsi said.  

The researchers would be happy if they could reach a speed of "a couple thousand transactions per second," Baldimtsi said, and added that she thinks they will achieve that goal. 

"[T]he first step of the project however, the first goal we're trying to attain is anonymity, of course," she said.

While that might scare people who think making transactions anonymous will encourage criminal activity, Baldimtsi said that possibility does not justify stripping legitimate users of privacy.

Baldimtsi and her co-authors presented their research at the Network and Distributed System Security (NDSS) 2017 Symposium in San Diego in February.

Read more about Baldimtsi's research here: http://www.baldimtsi.com

Expertise