1. What is CoinJoin?
CoinJoin is a technology for anonymizing bitcoin transactions.
2. Who created CoinJoin and when?
The CoinJoin protocol was introduced in 2013 by Bitcoin Core and Blockstream developer Gregory Maxwell.
3. What problem does CoinJoin solve?
Contrary to the oft-repeated thesis, bitcoin does not offer complete anonymity. With public blockchain analysis, transactions can be linked to a specific person.
Bitcoin transactions consist of inputs (sending addresses) and outputs (receiving addresses). When a user wants to execute a transaction, he chooses unspent incoming transaction balances (UTXOs) as inputs, designates the outputs and signs the inputs. Each input is signed independently, and users can set multiple outputs.
Example of a transaction with four inputs and two outputs:
This transaction consists of four inputs (0.2 BTC each) and two outputs (0.7 BTC and 0.09 BTC). It is obvious to the observer that a payment is taking place – the sender sends one of the outputs to someone and gets his change back. Since four inputs were used, the larger output is most likely intended for the recipient. The 0.01 BTC deducted from the outputs is a commission that goes to the miner.
Also, an observer may assume that the sender wants to create a larger UTXO from smaller ones, so it combines the smaller inputs in order to get the desired output (0.7 BTC).
Another assumption that can be made by seeing the transaction is that each input is signed independently.
CoinJoin is designed to address the lack of true anonymity in bitcoin.
4. How does CoinJoin work?
An analogy to the CoinJoin model is when a group of people pool their cash into a single amount, put it in a wallet, and go shopping. Everyone in the group can make sure that no one spends more than they should, but they don’t necessarily use the same bills they themselves put in the shared wallet when making purchases.
In the case of CoinJoin, multiple parties jointly create a transaction; each party provides inputs and desired outputs. When all the inputs are combined, it becomes impossible to say with certainty which user owns which output.
Four participants want to break the link between the transactions. They agree among themselves (or through a dedicated coordinator) and announce which inputs and outputs they want to include.
The coordinator embeds the information in the transaction, and each participant signs, then the transaction is sent to the network. Once participants have signed, the transaction cannot be modified; otherwise, it becomes invalid. Thus, there is no risk of funds being stolen by the coordinator.
The transaction serves as a kind of black box in which coins are mixed. The old UTXOs have been destroyed and new ones created. The only connection between the old and new UTXOs is the transaction itself, but it is impossible to identify its participants. At most, one can know that a participant has provided one of the inputs and may be the new owner of the final output.
5. Does CoinJoin have any weaknesses?
- CoinJoin does not provide complete anonymity: senders and recipients are displayed in the blockchain. In addition, transactions can be identified through the CoinJoin Sudoku analysis tool. This problem can be solved by using only certain amounts for transaction outputs (0.1 VTS, 1 VTS, 10 VTS, etc.), but this creates additional complications and limitations.
- For the formation of a transaction it is necessary to create groups and to organize the interaction between the participants.
6. How is CoinJoin evolving?
Improving CoinJoin, the developers offered a number of extensions and improvements to the protocol: JoinMarket, CoinShuffle and Chaumian CoinJoin technologies.
7. Where and how is CoinJoin used?
As of April 2020, CoinJoin technology is supported by two wallets – the mobile Samourai Wallet with its associated Whirlpool technology and the desktop Wasabi Wallet.
On April 5, 2020, the supposed birthday of Satoshi Nakamoto, the bitcoin community first celebrated CoinJoin Day, a day of mixing transactions. In honor of that day, Wasabi developers unveiled a new release.
CoinJoin is also used in MimbleWimble, a PoW protocol with extensive scalability and increased privacy.
8. What is ZeroLink?
ZeroLink is a protocol that enables the anonymous use of bitcoin.
9. Who created ZeroLink and when?
ZeroLink was created and introduced in August 2017 by the developers of Samourai Wallet and Hidden Wallet.
10. How does ZeroLink work?
ZeroLink solves a key problem that arises in the CoinJoin mixing process, which is that a third party (individual, server, wallet) knows the source and destination of each bitcoin. Thus, a single point of failure occurs.
ZeroLink operates on the basis of two types of wallets: pre-mixing and post-mixing. The first type wallet stores initial funds; the user sends them to a switch (tumbler), which distributes the mixed bitcoins to the wallets with post-mixing.
ZeroLink users provide inputs and outputs (“from” and “to” addresses) from the wallet for pre-mixing; the outputs are encrypted so that the switch does not know the final recipients of the coins it receives. Encryption is also known as “blinding.”
Further, the switch cryptographically signs the “blinded” output by means of a cryptographic “blind signature”. In this way, the transaction data can be verified at each step, confirming that the “blinded” data matches what was originally sent.
Users then connect to the ZeroLink switch via Tor or a similar network, and provide the switch with unblinded outputs. They are signed via the same blind signature and compared to the initial blinded outputs, confirming their legitimacy.
After confirming legitimacy, the switch adds the outputs to the larger CoinJoin transaction and sends them to users, who confirm the transaction with their private keys.
Once confirmed, the switch publishes the transaction, which the miners add to the block. In this way, all bitcoins are “cleared” and become interchangeable again.
11. Where does the ZeroLink protocol apply?
ZeroLink is used in Wasabi and Samourai wallets, and was also the basis of the now-closed HiddenWallet project.
12. What is Stonewall?
Stonewall is a transaction privacy protection technology from cluster analysis.
13. Who developed Stonewall and when?
Stonewall technology was introduced by the developers of Samourai Wallet in May 2018. Stonewall was developed as a replacement for BIP126 in the initial implementation of Samourai Wallet after vulnerabilities were identified that could lead to less entropy in transactions.
14. What are the features of Stonewall?
Stonewall does not use CoinJoin technology, but gives the appearance of doing so. In essence, Stonewall transactions are regular transactions: one user uses them to send bitcoins to another. The trick is that users combine their transactions into one, adding any number of outputs and outputs to a standard bitcoin transaction. To an outsider, the transaction looks like a CoinJoin transaction, making standard blockchain analysis less efficient.
Stonewall transactions have greater entropy than standard bitcoin transactions, which increases the cost of automated chain analysis and makes transaction graph analysis more difficult. Stonewall transactions are executed in such a way that they receive a Boltzmann score greater than zero (a Boltzmann is a script that returns transactions to entropy by providing a system of input-output connectivity metrics through blockchain analysis mapping technologies).
Stonewall is not as efficient as other technologies such as Confidential Transactions (CTs), but it reduces the amount of information available to blockchain analysts.
15. Where does Stonewall apply?
Stonewall is built into Samourai Wallet as a default feature, but is not necessarily involved in every transaction.