 Hello everyone, I am Madhya Thukta from Kualima and I will be talking about mixing based privacy mechanisms and why they are insufficient. So we have to go to the intro of what mixing based privacy mechanisms are just a few minutes ago but I will still go over them briefly. So there are two components to the mixers. One is masking the senders and receivers and the other component is hiding the amount done in the transaction. The second component is actually done nicely in zero knowledge based mixers so I will be talking more about the first concept. In how mixers work is basically they take different transactions and they put them in a tumbler that mixes them together and then releases the funds. So at the end of the transaction you can never know which transaction was sent by whom to whom. So like for example in this one you can see green is supposed to send the transaction to green, yellow to yellow, blue to you, blue to blue but after the mixer is done everyone will receive this one but the outside world will never be able to know that green sent the transaction to green, blue or yellow it could have been any one of those three. Now in this example the anonymity set is three that is basically the number of possibilities that a transaction can actually be. So the first disadvantage of such mixers is that the anonymity set is limited in size so it's quite easy to adapt and churning can help in applications like Monero it's just a pro tip I don't have time to talk about this but churning can help if you are doing private transactions do churning. Then the other thing is that analytic companies have more information than a normal user for a normal user mainly for me and you as well a monero transaction will probably be secure enough but when the analytic companies get involved they get they take the history of all the accounts they can get data from various changes and stuff like that so they have more data to be the anonymize your transaction. So in mixer based transactions if one transaction gets the anonymized the anonymity of other transactions is also reduced so as I said in the last example there were three people doing the transaction if the third party knows one of those three people even one of those then the anonymity of the other two is reduced because the anonymity set is then essentially reduced to two transactions rather than three. So when the big cops are involved they know about transactions run by different people they know the information about many transactions so the anonymity set is reduced for them like they know most of the transactions already they just need to figure out the remaining ones. Then the bad actors can poison the anonymity set so if I am a bad actor I can spam the network with my own fake transactions so in those transactions I obviously know the sender and the receiver so if the other party will use my transactions to mask their own transactions in an anonymity set then the anonymity will be reduced because they are actually using known information rather than private transactions. A big enough network now this one is actually not in on-chain exploitation but something that can happen and I've seen it being used so when in a system like Monero you can deploy 50 nodes and then you'll have a good view of the whole network and then you can start listening to transactions involving let's say Alice so you see Alice is involved in 100 transactions then to figure out which of the Monero nodes got those Alice transactions before others so with enough data you can figure out like if Alice is using only one of her private nodes you can figure out which node Alice is using it's not a proof method but it can be done with enough resources once you figure out which node is Alice's you can get more information using the IP address of that node and other stuff. Now some example of the previous attacks one was an attack done on Basavi just a few months back so one of the attackers started reusing addresses that is bad for everyone else because a reused address reduces anonymity of every transaction so yeah and you can read more about this in this tweet the other attack I want to talk about is more interesting flood xml so it is it was basically a similar attack in which the attacker flooded Monero with transactions over 12 months and by using only 1800 US dollars they were able to flood Monero with enough transactions to completely de-anonymize almost 50 percent of Monero transactions and they reduced anonymity of 90 percent of the transactions and Monero is right now the state of the art when it comes to like privacy mechanisms so I just want to say that it's not a foolproof method but you must know that mixing this privacy mechanisms are awesome but they are not a foolproof method don't blindly trust them especially when it comes to machine critical stuff you should know your risk and proceed according unfortunately I don't have time but feel free to catch me outside if you want to discuss me thank you