Du kannst diesen Artikel auch auf Deutsch lesen.
Recent developments surrounding the two popular CoinJoin implementations Samourai Whirlpool and Wasabi Wallet have been quite intense, to say the least. The seizure of the official Samourai Wallet website and subsequent arrest of the two founders caught most of the Bitcoin community by surprise. The charges for money laundering and “unlicensed money transmitting” led to uncertainty in the industry, with some services quickly reacting by announcing to block US based users in the future.
Just a week after the indictment, zkSNACKs, the company behind Wasabi Wallet, notified users they will be shutting down their CoinJoin coordination service by the end of this month as well.
Putting the events of the past weeks aside for a moment, let’s take a closer look at how CoinJoin transactions actually work, how they’re different from regular “mixing” services and why users may want to use them in the first place.
Bitcoin is not anonymous
Against popular belief and media reports, users of the Bitcoin network are not anonymous. In most cases, it’s actually the opposite way around: With every transaction publicly available forever, it is relatively easy to track a user’s payments and wealth if their transactions can be tied to their identity at least once.
The reason for this is twofold: For one, there are technical details in how the Bitcoin network works, that ultimately lead to privacy deficits if not actively monitored and protected against. The transaction model used in Bitcoin works similar to regular cash wallets, as explained in our more detailed article about UTXOs.
In the example below, Alice pays her friend Bob 0.25 BTC. To cover the costs, she needs to spend from two different addresses, connecting them with each other and also create a new change output, hinting at another address belonging to her.
In short, this means that even if good practices like not reusing bitcoin addresses are enforced by wallets like the BitBoxApp, it is still possible that these addresses can be connected to each other anyway, because multiple UTXO might be selected and spent together in future transactions. This makes it possible to theoretically track the trail of “a coin” forever.
The second reason is more user related: Most people use regulated exchanges and brokers for buying and selling bitcoin, allowing the service to learn about their addresses and to tie them to their identity. This is not a problem, of course, if the user is okay with it. However, should you ever want to improve your privacy, this is not something that can be easily “undone”, as the transaction history is set in stone for eternity.
Bitcoin privacy is not a lost cause, though. While you can’t change the past, you can change the future trackability of your bitcoin by participating in CoinJoin transactions.
CoinJoin
The technical details of CoinJoin implementations can get complex fairly quickly, but the underlying principle is actually relatively simple. Every bitcoin transaction consists of, in most cases, several inputs and outputs. In our suboptimal privacy example from above (an exchange knowing a user’s addresses), these inputs and outputs can be analysed and tracked quite easily, since usually all of them can be tied to the same identity.
In a CoinJoin, multiple users join together to spend their coins in a single bitcoin transaction. At first, you may be able to track who enters the CoinJoin because of the initially bad level of privacy. But if you look at the state after the transaction, things get more difficult, as all the newly created outputs look the same, or in other words: They all have similar values.
As an example, you might be able to spot Alice and Bob entering a CoinJoin with 0.12 BTC and 0.13 BTC respectively. Looking at the outputs, two of them will have a value of exactly 0.1 BTC. Now, there is no way of knowing which of these outputs belong to whom, other than taking a guess. Alice and Bob have used a property of bitcoin transactions, that initially lead to a privacy disadvantage, to improve it!
You may have spotted the two additional outputs of 0.02 BTC and 0.03 BTC at the bottom right. These values were too small for 0.1 BTC sized outputs and therefore can’t benefit from the CoinJoin. They are sometimes called “doxxic change”, which is a fun way of saying they still have the same bad privacy properties from before and might “dox” the user if improperly used in the future. In this example, chances are very high the 0.02 BTC output belongs to Alice, while the 0.03 BTC output belongs to Bob.
Beautiful transactions
In reality, it’s not just Alice and Bob who participate in a CoinJoin, but hundreds if not thousands of users at the same time – over and over again in subsequent transactions. From a mathematical perspective, at some point the level of privacy becomes almost “perfect”, or in other words: It gets impossibly difficult to track or guess, which outputs belong to which initial participant.
These equally sized inputs and outputs have the neat side effect of looking quite cool if visualized as a flow chart like on popular Bitcoin explorer mempool.space:
Self-custody preserved
One of the main benefits of a CoinJoin compared to centralized mixing services are the trust requirements. Users keep custody of their keys and therefore their bitcoin during the entire CoinJoin, as all the transactions are effectively just self-transfers – payments to their own addresses. While coordination services such as the now shutdown Samourai Whirlpool coordinator are used to enable the messaging and signing process with hundreds of users in real time, they do not have to be trusted in any way.
It’s over now, right?
Not necessarily. While the sudden shut down of not just one but both of two major CoinJoin coordination services is a hard blow for everyone who seeks to improve their financial privacy, CoinJoins as a technology are not going anywhere.
Both the implementation by zkSNACKs and Samourai Wallet are open source and – in theory – can be used and hosted by others. Furthermore, there are decentralized approaches such as JoinMarket which do not rely on a central coordination service and might attract more attention from both users and developers, now that the demand for CoinJoins will shift away from Samourai and Wasabi.
Conclusion
CoinJoins offer an effective and trustless way for regaining or maintaining privacy in the bitcoin network. While privacy mishaps from transactions in the past cannot be undone and even after a CoinJoin, users should continue to closely monitor their coin selection, they’re an important tool for financial sovereignty and worth fighting for.
Don’t own a BitBox yet?
Keeping your crypto secure doesn't have to be hard. The BitBox02 hardware wallet stores the private keys for your cryptocurrencies offline. So you can manage your coins safely.
The BitBox02 also comes in a Bitcoin-only version, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing Bitcoin.
Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease - along with its software companion, the BitBoxApp.