No one should know how many bitcoins you have. The best way to ensure this is to make regular coinjoins.
Bitcoin Coinjoin
Bitcoin transactions are public. It is therefore possible to analyze them in order to discover all the addresses of the same person.
A coinjoin is a transaction that mixes the bitcoins of three to several hundred people. The goal is to send the bitcoins back to yourself while hiding in a crowd of participants.
Typically, at the exit of a coinjoin transaction, participants receive equal amounts of bitcoins on new addresses. It is then impossible for a monitoring firm like Chainalysis to know who is who.
The tunnel analogy summarizes the principle of a coinjoin well. Imagine a helicopter shadowing three red cars driving in a specific order. And they change order using a tunnel, out of sight. At the exit of the tunnel, the helicopter no longer knows who is who.
And like a picture is worth a thousand words:
The first person to see the possibility of carrying out transactions bringing together several participants in order to cover their tracks was Greg Maxwell. It was he who launched the Coinjoin Bounty topic on the BitcoinTalk forum in 2013.
The first proposal proposed by developer genjix on Github was simply called “Coinjoin”. The second “Bitprivacy”. Find the whole list HERE.
Today, three robust solutions remain. The Wabisabi protocol developed by the Wasabi wallet. Whirlpool by Samourai and JoinMarket. Everyone has their own way of doing things, which also causes tensions between Wasabi and Samourai…
Bitcoin Coinjoin: different approaches
The principle of operation of a coinjoin is not complicated. It’s just a transaction with many participants. But as always, the devil is in the details.
The first thing to talk about is the entity responsible for organizing the coinjoin, the “coordinator”. Ideally, this conductor should not be able to deanonymize a coinjoin after the fact.
It must therefore not be possible to make a link between the different addresses provided by the participants.
With Wasabi, the coordinator zkSNACKs assigns a new Tor identity for each utxo brought in to be mixed into coinjoin.
Same thing when recording the signatures allowing UTXOs (bitcoins) to be unlocked and the addresses which will be used to recover them at the end of transactions. The goal is that the coordinator cannot make the link between inputs and outputs.
[Tor est un navigateur internet libre et gratuit qui permet d’anonymiser du trafic internet en l’acheminant via un réseau de serveurs qui offusquent l’origine ou la destination des données.]
Another very important thing is that participants must never lose control of their bitcoins. The construction of a coinjoin must be done using partial signatures. We are talking about Partially Signed Bitcoin Transaction (PSBT) in English.
In short, a good bitcoin coordinator must not be able to undo a coinjoin after the fact (zero-knowledge proof), nor take control of the participants’ bitcoins.
Doxxing changes
Before going any further, we absolutely must talk about the change given (“change” in English). The reason being that these bitcoins can completely ruin the anonymity gained during a coinjoin.
Let us first remember that a wallet contains pairs of private/public keys corresponding to as many utxos. These are scripts (pieces of code) that the nodes of the Bitcoin network keep in memory.
The addition of all these utxos corresponds to the total balance of the wallet. Their function is to link an amount of BTC (a number) to a private/public key pair.
Carrying out a bitcoin transaction means signing a utxo using the private key. This unlocks the BTC and binds it to a new key pair. This results in a new utxo which overwrites the old one.
Actually, we should say “new utxos”. And in particular the one which corresponds to this currency returned which poses a problem. During a lambda transaction, at least three utxos are created:
-Amount sent to recipient
-Transaction fees paid to miners
-Currency returned
The change given is due to the fact that we never have a UTXO corresponding exactly to the desired amount. So much so that one (or more UTXOs) of a higher amount must be used.
Hence the change given to an address belonging to the sender. Unfortunately, this UTXO is problematic. For what ?
Because the surveillance firm knows it still belongs to you. Therefore, if you are unfortunate enough to combine it in a future transaction with the utxos obtained after coinjoin, Chainalysis will know that they belong to you.
Hence the expression “doxxic change” which must be isolated to ensure that they are never mixed with the utxo obtained at the coinjoin output.
Wasabi vs Samurai
This introduction to the utxo corresponding to the currency given was necessary to understand the Samurai way of doing things.
While Wasabi chose to create coinjoins with a very large number of participants, Samourai’s are smaller transactions (five participants). You must therefore keep your BTC in Whirlpool and let the coinjoins follow one another to obtain equivalent anonymity.
Note that chaining coinjoins is free. The transaction fees of those who remain in Whirlpool are paid by the new entrants. In other words, there needs to be a perpetual growth of newcomers for the system to stand up.
Wasabi’s massive coinjoin technique (hundreds of participants) therefore appears more advantageous in terms of speed of execution and, above all, the block space consumed for a similar result.
Especially since at Samourai, a zero transaction (Tx0) of preparation is necessary before the coinjoin. And that’s what we wanted to get to.
This Tx0 is used on the one hand to divide the original utxo into several utxos of the same amount. And secondly to send the “doxxic change” to an “isolated” section of the wallet. [Ce qui requiert de révéler sa xpub si l’on passe par le dojo (noeud) de Samourai. Dit autrement, Samourai a accès à toutes les adresses du wallet].
Conversely, in the new Wabisabi protocol, this utxo is “eliminated” directly in the coinjoin. There is no need for Tx0. The utxos contributed can be of any amount.
The output result may be a consolidation into larger utxos, or a fragmentation into smaller utxos. The infinite variety of groups of utxos of similar amounts (output) prevents us from doing a kind of sudoku to try to find out which utxos belong to whom.
Concerning the remaining utxo corresponding to the exchange, the latter can be used in a new coinjoin.
For information, the zkSNACKs coordinator commission is 0.3% for any utxo greater than 0.01 bitcoin. Below, no fees are charged (PlebsDontPay). Samurai takes its share of fixed costs.
Let’s finish by saying that at Wasabi, the utxo provided as input are filtered in order to avoid the risk of ending up with the BTC of criminals which could be refused by the exchanges.
Receive a summary of the news in the world of cryptocurrencies by subscribing to our new service daily and weekly so you don’t miss anything of the Tremplin.io essentials!
