CashShuffle protocol, ELI freshman in college

layeredEncryption.md

Here's how the layered encryption portion of the CashShuffle protocol rounds work like this.

Assuming 5 players: Alice, Bob, Carol, Dingus, Emily

TODO

words.md

The CashShuffle protocol describes a way that people can work together in building a bitcoin transaction that makes it difficult for others to spy on their past transaction histories using the knowledge that they own a particular bitcoin address. It uses an intentionally unintelligent server to match compatible players and facilitate communication between them.

These transactions are built during CashShuffle protocol rounds. Here's how it works.

1. Each player tells the server roughly how big the coin is that they wish to shuffle
2. When enough players have showed up, the server tells all of them to get started.
3. Each player announces to the group the coin they wish to shuffle as well as a public key that can be used by the other players to verify that messages sent by them truly are from them and haven't been tampered with (the verification key).
4. After all coins and verification keys have been announced, the players send out another message announcing the bitcoin address they want their change sent to as well as a second private key that other players can use to encrypt secret messages which only they can read by them (encryption key).
5. Each player uses the other players encryption keys to encrypt the bitcoin address they want their shuffled coin sent to. They are each encrypted then randomized so that only the last player in the round can read them and when they do, it's impossible to know which player's shuffled coin is going into which address. See the explanation at the bottom for more details on how this is done.
6. Once the final player receives the full and randomized list of addresses, she announces the list for all the players to see.
7. Each player checks and makes sure their address has been included in the list and that no two addresses are the same.
8. Then each player arranges all the components that will be used to build the shuffle transaction in a particular way as instructed by the cashshuffle spec. Since the method is known by all the players, it should result in each player independently creating an ordered list of components that is exactly the same.
9. Each player runs the list through a cryptographic hashing function and announces the results to all the players.
10. If any player announces a different result from the rest then they all abandon the round and blame the player who got it wrong. This means that either that player is doing something wrong or somebody is being malicious.
11. If all the players announced the same hash then it means everyone has the same correct data and they all know how to build the shuffle transaction.
12. Next, the first player constructs the actual shuffle transaction that will eventually be signed and broadcast to the network. She signs it herself then broadcasts her input's signature to all the other players. Those other plays do exactly the same thing.
13. Once the final player has received all the other player's signatures and has verified that the signature properly signs the shuffle transaction, the final player applies all the signatures and announces the fully signed transaction to the network.

New short script for animated video:

---

CashShuffle brings privacy to Bitcoin Cash!

Using CashShuffle, participants cooperatively build a Bitcoin transaction that mixes up, or "shuffles" their coins, making it harder to determine your transaction history using Blockchain Analysis. Not even the other participants in the shuffle know which of the shuffled coins is yours!

Wallets with CashShuffle built in will do everything for you automatically, but here’s how it works under the hood:

Let’s say that Alice, Bob, Carol, Dave, and Erin are shuffling their coins together.

The first shuffler, Alice, encrypts her secret bitcoin address using encryption keys provided by all of the other shufflers: First Erin's, then Dave's, then Carol's, and finally Bob's. This multi-layered encryption of her address is then sent as a message to the user who can decrypt the top layer, Bob.

Bob decrypts the message, which leaves Alice's secret address still encrypted by Carol's, Daves, and Erin's keys, and then encrypts his own secret address using those same keys: Erin's, then Dave’s, and then Carol's. He sends both encrypted addresses in random order along to Carol, who can now decrypt their top layers, but can't tell whose is whose.

That process is repeated for each remaining participant. Each time, a shuffler removes a layer of encryption from the messages they receive, and add a new message to the group, encrypted by only the remaining shufflers' keys.

The last shuffler, Erin, will receive every other participant’s address, encrypted with only her key. She then decrypts all the addresses, adds hers to the list, randomizes their order one more time, and announces the list of addresses for all other shufflers to see.

The shuffle transaction can now be constructed without anyone knowing which addresses belong to which other participants!

Increasing your privacy on Bitcoin Cash with CashShuffle is Safe, Easy, and costs less than a penny. Visit CashShuffle.org and start shuffling today!