How Coinjoin Works

This is an article about the mechanics of Coinjoin. It’s not about how to use the service providers – that’s another article.

First Understand UTXO Basics

What is a UTXO? It’s important to understand this for this article to make sense. See question 9 in the Q&A.

Blockchain is Pseudonymous

A pseudonym is a fake name. But there are no names on the blockchain. Your “name” is your address. Your real name gets linked to an address by the exchange.

The only people who know the owner of an address are the people who have access your KYC data AND your withdrawal data, now or in the future.

Bitcoin going from an exchange to your private wallet’s address links you identity to the address in your private wallet – again, only those people with access to the KYC data can make that link.

From that “private” address, every payment can get linked back to the original – from assumptions which can be made, with varying amounts of certainty.

These assumptions can be obfuscated with coinjoining.

A Normal Transaction

This is a random transaction I took from the blockchain:

The “3QfGmDY…fRm” address is psyeudonymous from MY viewpoint. However, it may be linked to this person’s real identity, known to a surveillance company or the government.

I know by looking at this transaction, with fairly high certainty, that 0.00195 bitcoin was paid to “3BMEX…xUJ” which could be owned the same person or another person. I also can deduce that address “33AJZ…7xm” is the address owned by the same person, and he/she is sending change back to him/herself.

Wallets tend to return change to the same address type. Without going into detail here about address types, lets describe Legacy and Segwit addresses (type 1… and type bcq1…). Take an example of a Legacy address with 3 bitcoin. In a transaction it pays 2 bitcoin to a Segwit address, and 1 bitcoin to a Legacy address. It can be deduced that the Legacy address is change, most likely, and is linked to the input UTXO. The other output could be the same person or another person.

Using analysis like this, a surveillance company can deduce which coins are yours. In addition, much more sophisticated statistical analysis an be done with powerful computers to make probabilistic conclusions beyond what you are capable of doing with your brain, or even what you can imagine is possible.

We can fight this invasion of privacy by various techniques. One of them is coinjoin. But there is something much more basic you should do before even considering coinjoin: You should run and use your own node. I explain why in this article, which also contains links to other articles on how to set up a node of various types for a Raspberry Pi (Linux), Mac, and Windows.

Basics of Coinjoin

It’s easiest to start with an example coinjoin, and I’ll show you the things to notice:

This is ONE Bitcoin transaction where many UTXOs make up the input (left column), and become many different UTXOs in the output (right column).

Examine the left side closely. Each input UTXO can belong to a different person, but one person may own more than one input UTXO. That is not clear to us, but it may be to surveillance companies. Some of these UTXOs may be KYC tainted, and some may be untainted, or mixed previously. Notice they are all different amounts. Notice also there are some very small UTXOs; that’s probably because several small UTXOs by the same person is being merged into this transaction.

Now, look at the right side. Notice there are several transactions of exactly the same size: 0.01169890 bitcoin each. These are the mixed coins. There is no way of knowing which address they came from with certainty because they are all the same, just going to different addresses – the more participants, the more the uncertainty. Any of these mixed coins has an equal chance of belonging to any party taking part in the transaction.

Separate to the mixed coins on the right, there are various other amounts. These are the change amounts and are not considered mixed. Taking one of these amounts, and adding the coinjoin UTXO amount, and factoring in fees, one can deduce which party it belongs to by matching the calculated amount with an input UTXO amount.

Don’t merge UTXOs

Merging of UTXOs suggest with high probability that there is one owner of the two merged UTXOs. It must be, the entire merged UTXO is controlled by the same key holder.

If both UTXOs are linked to your KYC information, it is not so damaging, but it does reduce any uncertainty to zero.

If you merge a mixed coin with a KYC coin, you completely lose the anonymity of the mixed coin. Not only do you hurt your own privacy, you hurt the privacy of the other participants in the coinjoin transaction that the mixed coin was created in – you are effectively removing yourself from the coinjoin mix, and narrowing down the choices of who owns what UTXO in that coinjoin transaction.

If you have two mixed UTXOs, and merge them, you also hurt your privacy, but it’s a bit harder to explain and understand. I’ll try:

Suppose there are 9 other people in coinjoin 1, and your UTXO1 participated. And assume that a surveillance company has the ID of all 10 participants.

Also imagine there are an additional 9 different people in coinjoin 2, and your UTXO2 participated. Again, IDs all known.

The important thing to note is that you are the only person that participated in both coinjoins, and this is known to the surveillance company. It also knows there are 19 different people across both coinjoins and which inputs belong to who.

If you mix UTXO1 and UTXO2, it can be deduced that one owner owns both mixed coins, AND, that owner participated in BOTH coinjoins. A surveillance company can see that it was only you that participated in both coinjoins, so the merged mixed coins MUST be yours. You effectively coinjoined for nothing.

If however there was another person who participated in both coinjoins, then you have a 50% chance of being identified, because you and only one other person could own these coins.

Why desire to merge mixed UTXOs? because each time you mix a UTXO, it gets smaller and smaller due to: mining fees; fees to the coinjoin organiser; and imperfect amounts resulting in change. Many, many small UTXOs can be undesirable because it can get a bit messy, and also it increases your mining costs to move them all – fees increase per size of transaction (directly increased by signatures required), nothing to do with the number of bitcoins in a UTXO. Long term when fees are higher, having many UTXOs of small amounts could be a problem.

The good news is that the more times you have mixed a UTXO (and hence it tends to be smaller), the less damaging it is to merge them with other well mixed coins. The combinatorics to calculate just how much privacy you have lost is not easy, is time consuming, and not necessary now. It’s unlikely you are going to run into this problem anyway, but if you’ve mixed a UTXO 5 times, It wouldn’t be that damaging to merge it with another such well mixed coin. Just don’t do it too much, and not too many at a time – 2 maximum.

How to mix?

Samourai with Whirlpool offers a good mixing service. It requires a single signature hot wallet which I don’t feel safe about, personally. On the big plus side, once you submit a coin for mixing, it continues to be mixed with new entrants for ever, without additional charge – not even mining fees. Only new coins initially entering pay fees.

JoinMarket is another option. This is, as the name suggests, a market. You can offer liquidity for mixing, and earn tiny fees – you have to leave your offer open, and your bitcoin in a single signature hot wallet, and wait for takers. Or you can accept offers on the market and immediately mix your coins, and pay all the fees. It works well, but you need to be very technical, and there is a bit learning curve. It’s not for most people.

Finally there is Wasabi. I have used it once a long time ago before I knew much about Bitcoin and didn’t have a good experience. It could have been my fault. I have not heard great things about Wasabi, but don’t recall what I heard.

Conclusion

Coinjoin takes a bit of effort to understand and execute. It’s one of the last things on the Bitcoin storage journey, but an important one. Privacy is a right! It is important, but you have to claim it. Happy mixing.

%d bloggers like this: