Who would have published such an example? When we deal with opsec, we have to consider what is possible, rather than what has been done in the past. We have to do better than merely "locking the house after the thief has gone".
Typically that would be either the academic researcher attempting to prove that their investigation technique works, or the prosecutor looking to use the results of such an investigation as evidence in a trial.
> When we deal with opsec, we have to consider what is possible...
Anything is possible. Even ideal encryption algorithms—other than one-time pads—have some non-zero probability of being broken within a reasonable timeframe by a brute-force search, but that doesn't make them useless. As long as it's not cost-effective to trace the transfer, that's enough. It doesn't need to be mathematically impossible.
> or the prosecutor looking to use the results of such an investigation as evidence in a trial
I'm inclined to believe in the possibility of parallel constructions being used to cover up the best sources of intel.
> Anything is possible.[...] As long as it's not cost-effective to trace the transfer, that's enough. It doesn't need to be mathematically impossible.
And here, I think it is probably cost-effective to come up with that technology, because it would allow tracing people and transactions that might otherwise be impenetrable. And, if that were the case, I don't have a hard time imagining that it would be of utmost importance to keep such technology under wraps.
But again, at this point it seems like we're comparing pessimism to optimism.
> I'm inclined to believe in the possibility of parallel constructions being used to cover up the best sources of intel.
So am I, to a point, but even if they prefer not to disclose their actual methods (and are willing to commit perjury) they can't exactly hide the results. And others wouldn't have any incentive to keep their successes hidden.
> ...I think it is probably cost-effective to come up with that technology...
This isn't a matter of "technology" where some R&D spending up front is likely to lead to a method of cheaply tracing funds. If such a method existed then the system would indeed be broken; it would be akin to finding a critical weakness in an encryption scheme. Barring design flaws, however, the idea is to make all the transactions look the same so that even using your best graph theory tools you can't narrow down the possibilities enough to reasonably investigate all of them. That's what I meant by "not cost-effective": When there are 50 transfers that fit the parameters then you can investigate them all, but if there are 50,000 plausible trails to investigate then that effort would only be worthwhile in very high-profile cases.
> If such a method existed then the system would indeed be broken
Yes, I think that is the fundamental problem with depending on 'mixers' against state-level actors. We both agreed earlier that the tech is theoretically possible. It seems like we're disagreeing about whether someone exists who is motivated enough to build the tech, and whether that person is also motivated to keep their tech under wraps.
> the idea is to make all the transactions look the same so that even using your best graph theory tools you can't narrow down the possibilities enough to reasonably investigate all of them
I just don't get the impression that it's successful. There's a lot of 'metadata' that could be used to narrow the candidates down: geography, time, transaction amount, method of accessing the exchange (API / browser / desktop app ), age of wallets - I don't know which is specifically relevant here, but there's a lot of similar information which could be used to narrow the possibilities down, and most of it could probably involve 'fuzzy logic'. I just don't think that a threat model which includes state-level actors should ignore the possibility that transactions could be traced through mixers.
By the way, I'm really enjoying this discussion. Thanks for playing. :)
