BS3:3 – How to use CoinJoin and coin mixing 🌀

Wouldn’t it be great if there was some way to break all the links between the bitcoin you have and what you do with it? There is such a thing and it is called CoinJoin.

At the most basic level, CoinJoins work by combining input UTXOs from multiple different owners to create a transaction with multiple different output UTXOs. This breaks the common input ownership heuristic right off the bat, and leads to all sorts of confusion for people who are analyzing the blockchain.

A basic CoinJoin might look like this:

You want to pay 0.002BTC to your friend. You have a 0.003BTC UTXO in your wallet. The normal way to do this is to use your 0.003BTC UTXO to create a transaction with an output of 0.002BTC to your friend, a miner fee, and the change back to yourself.

A CoinJoin version might be that your friend includes a 0.004BTC UTXO in the transaction, and it pays out 0.006BTC to your friend, a miner fee, and the change to you.

The net result is the same: you move 0.002BTC from your wallet to your friend’s wallet. But this transaction is very confusing to someone analyzing the blockchain. (It’s actually a specific kind of CoinJoin called a PayJoin; there are many different ways to combine UTXOs from different owners in a privacy enhancing manner).

Remember, if they don’t have access to your public key, they don’t know if an address is yours or not. So the above transaction might look like you paid your friend much more than you actually did. And it will make them think that maybe one of your friend’s UTXOs belonged to you (even though we know it didn’t). The whole point of CoinJoin is to make it harder to guess what is happening with transactions.

Because CoinJoins involve more UTXO inputs to the transaction, they cost more in miner fees; however, this is a relatively small cost compared to the benefit you gain by confusing what is happening on the blockchain. Additionally, if enough people use CoinJoins, the whole process of chain analysis becomes less useful—even the common input ownership heuristic will lose some of its usefulness.

Coin mixing

Using a CoinJoin to send bitcoin to somebody else provides a little ambiguity to the transaction, but what if you want to make it dramatically more difficult to discern which bitcoin is yours on the blockchain? For this, there are a number of services that facilitate large CoinJoin transactions called coin mixing.

There are two kinds of coin mixing services: custodial (which you should not use) and real coin mixing (in which you never give up custody of your bitcoin).

Don’t mess with custodial mixing services

There are some coin mixing services that take custody of your bitcoin. These services are sketchy, and possibly illegal. Any time you have to give up custody of your bitcoin, it means you are giving up ownership of your private keys, and you should probably not do it.

These services are quite simple: you send them bitcoin and—for a fee—they send you different bitcoin. They are incredibly effective (if you can trust them not to cheat you or keep records): odds are that no one will be able to link your old bitcoin to the new bitcoin.

Nevertheless, remember the maxim: not your keys, not your coins. If you have to give up control of your bitcoin, it’s not your bitcoin anymore.

If the coin mixing service takes custody of your bitcoin you should not use it.

Real coin mixing

At the time of this writing, there are a three main implementations of coin mixing that do not require you to surrender custody of your bitcoin: Whirlpool, Wasabi, and JoinMarket. Each of these services charges a small fee for coordinating the CoinJoin transaction.

Most coin mixing services create transactions where all the outputs have the exact same value in bitcoin. Equal denomination outputs are what make coin mixing services work. An observer may know you own a UTXO participating in a CoinJoin, but if the CoinJoin transaction produces a series of UTXOs with the exact same denomination, the observer no longer is sure which one belongs to which owner.

Instead of certainty, the observer now only has a probability.

Whirlpool

Whirlpool is a coin mixing service created by Samourai Wallet. At the time of writing, you must use Samourai Wallet (Android only) or Sparrow Wallet (Linux, OSX, Windows) to access it. You do not need to run your own node to access Whirlpool, although running your own node is always a good idea. You need at least a little more than 0.001BTC use Whirlpool.

To begin a Whirlpool CoinJoin, you must first select the pool size. Whirlpool CoinJoins produce five equal denomination outputs. Selecting the pool size is selecting which size output you would like. At the time of writing, Whirlpool offers four pool sizes: 0.5BTC, 0.05BTC, 0.01BTC, and 0.001BTC. You can find more information about the minimum and maximums for each pool here.

If you are planning on mixing 0.1BTC, you may want to select the 0.05BTC pool or the 0.01BTC pool. If you select the 0.05BTC pool, you will end up with two 0.05BTC outputs. If you select the 0.01BTC pool, you will end up with ten 0.01BTC outputs.

Whirlpool charges a flat fee to coordinate the CoinJoin that is based on the size of the pool. The 0.5BTC pool charges a larger fee than the 0.01BTC pool. Only the pool size affects the fee. The amount of bitcoin does not change the fee; you pay the same amount to mix 10BTC in the 0.5BTC pool as you do to mix 1BTC.

You will also pay the miner fees to create the transaction.

After you select a pool, the bitcoin you want to mix will be included in a transaction that breaks it into equal denomination UTXOs and the fee UTXOs to pay the miners and coordinator.

Each of your UTXOs will be mixed separately. Likewise no other participant in that transaction will have been seen together in a previous transaction. All UTXOs in each transaction must never have been in a transaction together before.

Two or three of the five input UTXOs in a Whirlpool CoinJoin are UTXOs that are coming directly from another Whirlpool CoinJoin transaction. Once your UTXO has been through a Whirlpool CoinJoin, you can choose to let it go into another CoinJoin. This is called remixing.

Whirlpool is set up so you do not pay anything to remix (no miner fee, no coordinator fee). All fees in Whirlpool (both miner fees and coordinator fees) are paid by the new UTXOs coming into the CoinJoin transaction.

Because Whirlpool does not charge for remixes, you and everyone else who uses the service is incentivized to keep UTXOs remixing. This is a good thing. Every time a UTXO remixes, it increases the uncertainty for all outputs of that UTXO’s previous mixes.

The pool of other UTXOs that an observer might confuse for yours expands exponentially with each remix.

For instance, if you do a Whirlpool CoinJoin, your UTXO could be any one of five new UTXOs. If two of those UTXOs also remix, your original UTXO might now be any one of thirteen UTXOs that all look the same.

If you leave your UTXO to do a total of seven CoinJoins, and each of those CoinJoin transactions has an average of two outputs that remix at least once, your UTXO could be any one of 416 different UTXOs.

Samourai Wallet makes using Whirlpool very easy, and it is the most user friendly. In addition to Whirlpool, Samourai Wallet has a bunch of features for continuing to protect your privacy on the blockchain. It’s also the only CoinJoin implementation that is easy to use on mobile.

You can find the installation instructions here. The documentation for Whirlpool can be found here.

Wasabi

Wasabi Wallet also facilitates CoinJoin transactions. Wasabi is a desktop wallet and you can use the CoinJoin feature directly from inside the wallet. You do not need to run a node in order to use Wasabi (although running a node is always a good idea). At the time of writing, Wasabi requires at least 0.1BTC to begin a CoinJoin.

To begin a CoinJoin in the wallet, you must select the UTXOs you want to CoinJoin (maximum of seven UTXOs together equal to at least 0.1BTC). You should then select your target ‘anonymity set.’ This is essentially the number of other UTXOs you want yours to be mixed with. Wasabi’s default is 50. This usually means you will go through one or sometimes two CoinJoins.

Wasabi’s coordinator fees are based off the number of other inputs in the CoinJoin. If there are 50 inputs, the fee you pay is 0.003% * 50 (=0.15%) of your input UTXOs. If there are 100 inputs, the fee you pay is 0.3% of your input UTXOs.

Even though it will cost more, it is recommended that you increase the anonymity set target to at least 100. This can be done by changing the anonymity level defaults under the Settings tab.

You also pay a share of the miner fees to get the CoinJoin transaction included in a block.

Because Wasabi wallet conducts CoinJoins in rounds, you have to wait until the current registration period is over (each registration period is a maximum of one hour) before your CoinJoin will begin.

One of the best aspects of Wasabi Wallet is its emphasis on labeling. In order to generate a receiving address, Wasabi requires that you label the address. Labels help you remember where your UTXOs came from so that you can avoid merging coins from different sources. They also have great documentation about this on their website.

Wasabi Wallet’s installation instructions can be found here. Documentation about their implementation of CoinJoin can be found here.

JoinMarket

Currently, using JoinMarket is more technical than using Samourai Wallet or Wasabi Wallet. In order to install JoinMarket you will need to be able to follow instructions on the command line of your desktop, and you will need to already have installed BitcoinCore.

While Whirlpool and Wasabi are coin mixing services that rely on a centralized coordinator, JoinMarket is the only decentralized coin mixing service that I’m aware of.

As the name implies, JoinMarket is a market for CoinJoins. You can participate in JoinMarket as a maker or taker (or both).

Makers post offers of liquidity for CoinJoins and the fees they charge for their participation in the CoinJoin transaction. In general, the fees makers on JoinMarket charge are lower than bitcoin miner fees.

Takers initiate CoinJoins in JoinMarket by specifying the number of CoinJoins they want to achieve, the maximum maker fees they are willing to accept per CoinJoin and paying the miner fees.

Running the JoinMarket software creates a set of wallets for you. UTXOs in each of these wallets are never combined as inputs in the same CoinJoin transaction.

By default, JoinMarket CoinJoins have five to seven participant UTXOs. JoinMarket CoinJoins do produce equal denomination outputs, but the denomination is determined by the taker.

JoinMarket offers more flexibility than Whirlpool and Wasabi, and as a maker in JoinMarket you can make some small amount of bitcoin in fees (this is small, and only adds up if you have a lot of liquidity to provide).

All the JoinMarket files are available at their releases page on GitHub. The quickstart guide can be found here, and the usage guide is here. Additionally, there is a project called JoininBox which provides a more user friendly way to access JoinMarket.


Posted

in

by