Coinjoins are privacy-preserving transactions that contain funds from many users. This operation requires unanimous teamwork: Unless every user signs the transaction, Bitcoin nodes will reject it as invalid, and no privacy progress will be made. This poses a challenge to honest users since there is no cost to an attacker who continuously causes coinjoins to fail, resulting in a denial of service (DoS).

This is where the role of the centralized coinjoin coordinator comes into play. The coordinator acts as a bouncer to exclude known troublemakers, ensuring that honest users are not left waiting indefinitely. ZkSNACKs, which runs the default coordinator for Wasabi Wallet, uses a handful of methods to identify and defeat DoS attacks to improve coinjoin success rates.

First, the economics of DoS attacks are considered. The minimum value allowed to participate in a Wasabi coinjoin is 5000 sats (0.00005000 BTC). When disrupting a coinjoin round, the attack is equally effective whether the missing signature belongs to a low-value input or a high-value input. Due to this threat of an attacker splitting his coins into small pieces, low-value coins are subject to longer bans than high-value coins.

Second, DoS penalty evasion is considered. If a particular address is banned for causing a coinjoin to fail, the attacker can move the coins from the banned address to a fresh address and attempt to register again. To combat this circumvention, bans from previously offending addresses are inherited by the coins they send. This prevents attackers from reusing the same funds for multiple disruptions.

Third, the nature of the offense is considered. There are 3 ways to cause trouble with a coinjoin transaction:

• Register inputs and fail to sign the final transaction
• Double spend a registered input before signing
• Double spend a registered input after signing

Failure to sign may not be intentionally malicious since it can occasionally occur due to limitations of the Tor network’s stability, or because a careless user closes his laptop after the input registration phase. Double spending is prevented by clients and is a clearer indicator of deliberate disruptive activity. The type of offense and the history of previous offenses affect how long a coin is banned.

Stability Improvements

When Wasabi 2.0 was first released, Tor was under a network-wide attack that severely degraded its connection reliability. As a result, the coordinator cannot be too strict with bans to prevent DoS since honest users may inadvertently disconnect without signing.

In November 2022, benchmark statistics were measured showing coinjoins would succeed only 10% of the time on the first attempt, and slightly less than 50% of the time on subsequent attempts (known as “blame rounds”). With the release of v2.0.2.1 in December, these metrics improved to 15% success on the first attempt.

As a result of months of hard work by the Wasabi and Tor developers, updated statistics from October 2023 show that the overall success rate has more than doubled since the previous year, with over 50% of new rounds and over 80% of blame rounds succeeding. This consistency makes privacy convenient for patience minimalists who quickly tire of the soothing glow of the countdown timer.

Entering the Fee Market

The fee rate of the coinjoin transaction is another variable to account for while waiting for full privacy. The coordinator chooses the mining fee for the coinjoin round before users join, however, fee estimation is not a simple task. On average, a new Bitcoin block is mined every 10 minutes, but there is no way to predict exactly when one will be found or how many new transactions will outbid you until then. 

There are special considerations when choosing the fee rate for coinjoin transactions. Participants often pay several times more in mining fees for a coinjoin transaction compared to a regular payment since they can register multiple inputs and outputs. This increases the marginal advantage for sniping the lowest possible fee rate. In addition, coinjoins are not considered urgent because users are often sending coins to themselves and not to others, so whether or not the transaction is confirmed quickly is not as important because there is no risk that incoming funds will be double spent and lost.

Allowing coinjoin transactions to wait in the mempool also has an unintended privacy benefit. Since unconfirmed coins cannot be registered for new rounds, users who remix their outputs must wait additional time for their first coinjoin to be mined. By increasing the time period in between consecutive rounds, users are less likely to participate with the same users from their previous round.

Despite these advantages for choosing a low fee, there are also unique reasons for coinjoin transactions that would justify choosing a high fee as a precaution. Users who send a regular payment that gets stuck can easily use Replace By Fee (RBF) to increase its confirmation priority. However, since coinjoins require the cooperation of many users, the first fee is final. There is no way to replicate a higher fee replacement if even a single participant goes offline.

Another reason to prefer a higher fee for coinjoins is because they are disproportionately affected by transaction size limitations in Bitcoin Core’s mempool and block construction logic. Once a chain of transactions spending unconfirmed coins grows too large, nodes will ignore new transactions attempting to build on top of it.

Unfortunately, mining pools have not yet optimized to collect fees from coinjoin transactions. Miners only calculate the single highest paying descendant transaction package, which may cause them to overlook the confirmation of an extra profitable coinjoin with many spent child outputs.

Patience Preferences

Since it’s impossible to choose a fee that satisfies both the impatient and the thrifty at the same time, Wasabi has a feature called “Coinjoin time preference” to ensure that you don’t get hit with higher than expected mining fees.

If a coinjoin round requires a higher fee than the median of the previous day, week, or month, your client can be configured to skip that round and wait until fees drop or stabilize. This customization gives both spenders and savers flexibility without compromising their preferences or splitting the liquidity pool.

Setting a long coinjoin time preference makes it easy to handle the small coins that accumulate in your wallet as you send and receive transactions. Whenever the best deal on fees becomes available, your wallet will privately consolidate your UTXOs so you can readily spend them when fees increase again.

In conclusion, the combined speed provided by DoS fortification and smart savings from the coinjoin time preference feature has significantly improved Wasabi’s user experience. These advancements and tools have made privacy not only more convenient but also more cost-effective. Coinjoins have never been spicier, try Wasabi Wallet today and join the crowd.

The post Time is Money: DoS (Denial of Service) Fortification and Coinjoin Time Preference appeared first on Wasabi Wallet - Blog.

If you’re like me, you want to know in advance how much it’s going to cost you to use a privacy wallet. Coinjoins require on-chain transaction fees, which are collected by miners, and often involve coordination fees, which are collected by the coinjoin transaction coordinator (or in Joinmarket’s case, providers of coinjoin liquidity). 

The question then becomes: How do coinjoin wallets compare on fees?

Bitcoiners may find different protocols advantageous depending on the amount they are coinjoining, or how long they are willing to wait before spending. For example, if an input you want to coinjoin is of a ten million sats or less, WabiSabi wallets are ideal unless you’re willing to wait days or weeks coinjoining, which in that case Whirlpool would be better due to the free remixing policy. 

In cases where you are willing to provide liquidity and wait for others to coinjoin, you may prefer acting as a Joinmarket maker to passively earn sats. Finally, if you’re coinjoining more than 1 BTC, Joinmarket basically almost always wins in terms of fees. 

It’s also important to remember that this analysis was purely from the fees to be paid point of view, and didn’t take into account how strong each privacy guarantee is for each protocol. To learn more about the benefits and the tradeoffs of each coinjoin protocol and wallet, visit the open-source educational website Coinjoins.org. 

If you want to know how WabiSabi, Whirlpool and Joinmarket fee structures work, read on. We’ll define all the fees of a coinjoin transaction, the way fees are calculated for each protocol and finally, which one is better for many different user profiles. 

What are the Different Fees for Coinjoin Transactions?

To answer what are the different types of fees on a coinjoin transaction, we will explain how coordinator fees work for each protocol, and then how mining fees work for each protocol. 

What are Coinjoin Coordinator Fees?

Protocols like WabiSabi and Whirlpool use a centralized coordinator model to scale privacy, allowing multiple users to cooperate in a transaction without any participant knowing which coins belong to the others. Cryptography and discreet network communication are required in order to ensure that movements of funds are not revealed to the coinjoin coordinator. To learn more about how coinjoin protocols work, read more on Coinjoins.org.

Coordinator fees are what you pay the third-party in exchange for their services. The fee can be static (fixed amount) or dynamic (percentage). 

Coordinator Fees for WabiSabi Coinjoins

For example, in WabiSabi wallets like Wasabi Wallet, BTCPay Server or Trezor Suite, coordinator fees are 0.3% (dynamic) of what you’re mixing (for the zkSNACKs coordinator). You’re only charged on the first transaction so remixing is free of coordinator fees. Also, if someone sends you coinjoined bitcoin, your coordinator fees are waived too. This feature is called Friends don’t pay.

In addition, the Plebs don’t pay feature makes it that coordinator fees are waived for any coinjoin input less than 1,000,000 satoshis (0.01 BTC). This improves accessibility for users with low amounts of bitcoin. 

Coordinator Fees for Whirlpool Coinjoins

On the other hand, on Whirlpool wallets like Samourai, Sparrow, and Bitcoin Keeper, coordinator fees are of a fixed amount, depending on the liquidity pool you choose to be part of. Here’s the breakdown per pool:

• 100,000 satoshis pool: 5,000 sats of coordinator fees
• 1,000,000 satoshis pool: 50,000 sats of coordinator fees.
• 5,000,000 satoshis pool: 175,000 sats of coordinator fees.
• 50,000,000 satoshis pool: 1,750,000 sats of coordinator fees.

You might be wondering what a coinjoin pool is. In short, it’s the coinjoin output denomination amount. The 100,000 satoshis pool will result in coinjoined outputs of that precise size. Here’s a visual example for the 5,000,000 satoshis pool: 

As you can see, every output is of the same value. When you enter a pool, you pay the fixed fee amount. However, you can enter a pool with much more than the pool denomination, to be exact you can enter with up to 70 times the pool denomination, split across 70 outputs (for the 100k sats pool it’s only 25 times). 

Now on to Joinmarket, which doesn’t have coordinator fees but there are coinjoin fees.

Coinjoin Fees on Joinmarket

Joinmarket works differently than other coinjoin protocols because it doesn’t have a centralized individual entity coordinator, but rather two user roles in a P2P (peer-to-peer) environment: makers (who provide liquidity for a fee) and takers (who pay a fee for liquidity and coordinate the transaction). Any user can be a maker or a taker.

In short, instead of paying for coordination, you pay for liquidity. There’s an orderbook with all maker offers and at different price points. Some charge a static fee (fixed amount) but most charge a dynamic fee (a percentage of the liquidity used). 

When you’re a taker, you use the liquidity of many makers in a single transaction, usually 8, which makes 9 participants including you. You pay each maker what they ask for. For example, if there’s 8 makers and each charge a dynamic fee of 0.0001% BTC for the liquidity used, and you use 1 BTC of each, you pay a total of 10,000 sats * 8 = 80,000 sats.

This is the case for each Joinmarket transaction you’re the taker on. If you’re a maker, you enjoy privacy and you get paid for it: the best of both worlds.

How Mining Fees Work on Coinjoin Transactions?

Mining fees are part of every transaction on the bitcoin network, and coinjoins are no exception. It works differently for all three major protocols. Here’s a tool to calculate bitcoin transaction size. 

Mining Fees on WabiSabi Coinjoins

On WabiSabi coinjoin transactions, you only pay the fees associated with the blockspace your inputs and outputs take. For example, if you have a P2WPKH (segwit native) wallet and you have 3 inputs and 5 outputs in a coinjoin transaction, and the current fee is 50 sats/vbyte, you will pay:

Total blockspace: 3 * 68 vbytes + 5 * 31 vbytes = 359 vbytes

Total mining fees: 516.5 vbytes * 50 sats/vbytes = 17,950 sats

You pay exactly what you consume in blockspace, in every coinjoin transaction you participate in. 

Mining Fees on Whirlpool Coinjoins

The mining fee structure of Whirlpool coinjoins is a bit more complicated, but nothing that we can’t explain. Here it goes.

First off, it’s important to understand that before the coinjoin process begins, a premix transaction, also known as Tx0, takes place. The claimed purpose is to split your total input amount into the outputs to coinjoin, the non-private change output that goes into a separate wallet account called BadBank, and the coordinator fee to pay. 

For example, if you have a 1,500,000 sats UTXO for the 1,000,000 sats denomination pool, your premix transaction (Tx0) will have 1 input and three outputs: one output to coinjoin, a 50,000 sats output to pay the coordinator, and a non private change output that goes to the BadBank wallet account.

It’s important to understand that your premix can have many inputs and many outputs to coinjoin (up to 70), but the minimum number of inputs is 1 and outputs is 2 (if there’s no change). 

The first part of the mining fees for Whirlpool coinjoins is the fee you pay for the premix transaction. However, there’s a second part: you have to pay mining fees for the first coinjoin transaction, and not only for you, but for anyone remixing in it. You share that cost with at least one additional user out of 5, but it can be up to 4 out of 5 participants. When you remix and enter further coinjoins, you don’t pay any fees.

How to calculate Whirlpool Tx0 Mining Fees

The formula for the mining fees on Tx0 is as follows (assuming all are P2WPKH UTXOs): 

Total vbytes: Base transaction vbytes + input vbytes * number of inputs + output vbytes * 2 (for change and coordinator fee outputs) + output vbytes * number of coinjoin outputs

Which comes out to: 10.5 + 68 * inputs + 31 * (2 + cjOutputs)

For example, if there are 5 inputs and 10 cjOutputs, the total vbytes will be:

Total vbytes: 10.5 + 68 * 5 + 31 * (2 + 10) = 722.5 vybtes

Total fees (assuming 50 sats/vbyte): 722.5 * 50 = 36,125 sats

How to calculate Whirlpool Coinjoin Mining Fees

Regular Whirlpool coinjoin transactions have 5 inputs and 5 outputs, which comes out to a total of 505.5 vbytes. Considering that 2 new entrants are paying, this splits the duty in two. You’re then responsible for paying 202.75 vbytes, for each one of your 10 coinjoin outputs.

Total fees (assuming 50 sats/vbyte): 202.75 * 50 * 10 = 101,375 sats

This gives you a total of 36,125 + 101,375 = 137,500 sats to pay on mining fees. However, this is a one-time fee, and you will be able to remix for free, for as long as you want.

Now, let’s cover the remaining protocol, Joinmarket.

Mining Fees on Joinmarket Coinjoins

By default, a taker is in charge of paying all the mining fees for a Joinmarket coinjoin transaction. However, there’s a setting for makers to include a mining fee contribution in their offers. In practice, as of the 10th January 2024 at 6:00 AM UTC, there’s not a single offer that includes a mining fee contribution out of 65 offers.

This means that as a taker you will almost certainly pay the entirety of the mining fee required for the Joinmarket coinjoin. This means that for every input, there will be a coinjoin output and a change output. If there are 9 participants, there are at least 9 inputs (there can be more), and at least 18 outputs. It’s also not mandatory that everyone uses the same wallet standard, which means some inputs can cost more than others. Let’s assume every input and output is P2WPKH and that every participant only has 1 input.

Total vbytes: 9 * 68 + 18 * 31 = 1,170 vbytes

Total fees (assuming 50 sats / vbyte): 58,500 sats

In short, the formula to calculate the mining fees paid is (68 * number of inputs + 31 * number of outputs) * mining fee in sats / vbyte.

Now that we’ve broken down how exactly to calculate the fees for every coinjoin protocol, let’s examine which would be better for different profiles.

I have a 990,000 sats (0.099 BTC) UTXO to mix. Which protocol is better for fees?

If you have a million sats or less, here are the coordinator (liquidity for Joinmarket) fees paid for every different coinjoin protocol:

• You won’t pay any coordinator fees with WabiSabi.
• You can only enter the 100,000 sats pool on Whirlpool and you will pay 5,000 sats in coordinator fees.
• FOR TAKERS only: On Joinmarket, it depends on the orderbook: as of the 10th of January 2024, you will pay an average of 0.0007% for 8 makers, which would be a maximum of 56 sats (depending on the mining fee market to know how much you have left in sats). 

Here are the mining fees to pay for every different coinjoin protocol (assuming 50 sats/vbyte);

• WabiSabi: Assuming you have 1 input and 7 outputs (extremely high estimation) are created, you will pay 17,925 sats for the first coinjoin transaction. For each further coinjoin transaction, considering you will have 7 inputs now, you will pay 35,175 in sats.
• Samourai: assuming you have 1 input and 8 coinjoin UTXOs will be created, you will pay a total of 120,650 sats for the Tx0 and the coinjoin mining fee.
• Joinmarket (FOR TAKERS only): assuming you have to pay for a total of 9 inputs, and 18 outputs, you will pay a total of 62,150 sats for each coinjoin transaction. 

In total:

• WabiSabi: 17,925 sats for first, 35,175 sats for further transactions.
• Whirlpool: 125,650 sats in total.
• Joinmarket: 62,182 sats for each transaction.

The conclusion for this user profile is that WabiSabi is better if you’re doing 4 transactions or less, but Whirlpool will become more economical after that. It depends on whether you want to mix fast or slow, and also it’s important to consider that to gain the same level of privacy as with 4 WabiSabi transactions, you will need to make many more on Whirlpool.

Joinmarket is not worth it for this amount unless you’re a maker.

The winner for this user profile: WabiSabi Coinjoins.

I have 10,000,000 sats (0.1 BTC). Which wallet is better?

Now that we’ve broken down the first user profile, we can just jump straight to total fees for the next ones. We keep the same assumptions. 

Total fees for each coinjoin protocol:

• WabiSabi: 30,000 sats (coordinator fee) + 17,925 sats (mining fee) = 47,925 sats for first + 35,175 sats for further transactions.
• Samourai 1M sats pool: 50,000 sats (coordinator fee) + 134850 (total mining fee) = 184,850 sats (5M sats would be possible too but not as economical and with more change)
• Joinmarket (FOR TAKERS only): 317 (liquidity fee) + 62150 (mining fee) = 62467 sats for each transaction

Joinmarket is more competitive but the result remains the same. WabiSabi is better for 3 transactions or less, and Whirlpool for continuous remixing. However, 3 WabiSabi transactions gives you a sufficient level of plausible deniability that is enough to make tracking the transactions of most users super hard.

Winner: WabiSabi (unless you’re a Joinmarket maker)

I have 100,000,000 sats (1 BTC). Which wallet is better?

Total fees for each coinjoin protocol:

• WabiSabi: 300,000 sats (coordinator fee) + 17,925 sats (mining fee) = 317,925 sats for first + 35,175 sats for further transactions.
• Samourai 5M sats pool: 175,000 sats (coordinator fee) + 276850 (total mining fee) = 451,850 (50M sats would be possible too but not as economical and with more change)
• Joinmarket (FOR TAKERS only): 3168 (liquidity fee) + 62150 (mining fee) = 65,318 sats for each transaction

For this category, Joinmarket is the winner under 7 transactions, then Whirlpool is more economical. WabiSabi is better than Whirlpool for 3 transactions or less.

Winner: Joinmarket

I have 1,000,000,000 sats (10 BTC). Which wallet is better?

Total fees for each coinjoin protocol:

• WabiSabi: 3,000,000 sats (coordinator fee) + 17,925 sats (mining fee) = 3,017,925 sats for first + 35,175 sats for further transactions.
• Samourai 50M sats pool: 1,750,000 sats (coordinator fee) + 276850 (total mining fee) = 2,026,850 sats in total
• Joinmarket (FOR TAKERS only): 31680 (liquidity fee) + 62150 (mining fee) = 93,830 sats per transaction

For this category, Joinmarket is the winner under 20 transactions, which just means it’s the winner hands down. 

Winner: Joinmarket

Conclusion

In this article, we explained how fees work on every major coinjoin protocol such as WabiSabi, Whirlpool and Joinmarket. We then compare them in different contexts ranging from a user that has less than a million sats to one that has a billion sats. Many assumptions are required to be made, but the formulas are shared so you can calculate it in other scenarios where variables such as the number of inputs, the number of outputs and the current mining fee, change. 

It’s also important to remember that this analysis was purely from the fees to be paid point of view, and didn’t take into account how strong each privacy guarantee is for each protocol. To learn more about the benefits and the tradeoffs of each coinjoin protocol and wallet, visit the open-source educational website Coinjoins.org. 

The post How Coinjoin Wallets Compare on Fees appeared first on Wasabi Wallet - Blog.

You can buy anything (legal) you want through the Wasabi Wallet interface with the Buy Anything feature in partnership with ShopInBit. The argument that using coinjoin makes your coins unspendable is no longer valid. To learn more about this release, read the blog post here.

You’ve downloaded the new version and now you’re ready to give it a try. You want to treat yourself and your loved ones to some nice gifts, but you feel uninspired and don’t know what to get. If that’s the case, this article is for you. 

We asked ourselves: “What are 10 crazy things you can buy with Wasabi Wallet’s Buy Anything feature?” Let’s push the boundaries of your imagination. Expect to be surprised, even shocked for some.

1. Garden with 50 Bonsai Trees

Are you a fan of the Japanese art of growing and training miniature trees? How about going all out and creating a bonsai garden with up to 50 trees? 

This is what your backyard could look like (if you have a yard the size of a downtown area).

Not a Bonsai fan? On to the next one. 

2. Pay for a Funeral Bill

Things got dark pretty quickly, but the point is that we’re here for you in the good times and the not-so-good times. Whether the funeral home accepts credit card payments or only bank transfers, ShopInBit’s support agents can take care of it for you.

Let’s go back to something happier.

3. A Harp

The Buy Anything feature is also geared toward musicians, and there’s no discrimination based on the size of the instrument. Just make sure you have enough storage space for your harp. 

You + A brand new harp + the Scottish Highlands? 

But how are you going to get your harp there? You’re going to need a car, and while you’re at it, you might as well forget about the harp and just get a very cool car.

4. A Mercedes GLE 63 S AMG

Imagine it’s the middle of 2025 and Bitcoin is now at $300,000, wouldn’t you dare to buy your dream car? I know the most frugal of you will still have only one chair in your house, but the rest of us deserve to live a little!

Of course, you will be sure to print your favorite wallet’s logo on your brand-new Chad car.

Enough with the jokes and the luxury, let’s talk practicality.  

5. 1 Year Rent for your New Apartment

You just found a great new place in your town. The only problem is, they want you to do an extensive credit check investigation, but that goes against your principles. You’d rather pay a year’s rent in advance so they’ll respect your privacy. 

Wherever you are in the world (except Iran, North Korea, Ukraine, and Russia), you can pay your rent using the Buy Anything feature in Wasabi Wallet. 

You have the apartment and a floor mattress. Try to guess what’s next.

6. Completely Furnish your Apartment

For the interior designers out there, Wasabi and ShopInBit have got you covered. We already know you love bitcoin, so we took the liberty of imagining a living room with an orange touch.

We know you do a better job of designing than we do, and whatever you choose to furnish and decorate your home, you’ll be able to have it shipped to you directly from your Wasabi Wallet.

7.A 3m² Swimming Pool

We imagine that after all that hard work decorating your home, you are hot and ready for a dip in the pool, but where can you get one? 

Open up Wasabi Wallet, click Buy Anything, and order the outdoor pool of your dreams. Or pay a pool contractor to build you an indoor pool.

Bitcoin or Swimming Pool? Why not both? 

8. An 85″ TV

After a long day of swimming, why not end it by watching the bitcoin price rise on an 85 inch TV you just got delivered from ShopInBit? Might as well bring the family together for that.

Ok, enough with the fun, let’s get serious.

9. 2x Server Rack R182-Z93, Dual Epyc

We know that you value privacy and self-custody, not just for bitcoin, but for your entire digital life. 

You live by two mottos: “Not your keys, not your coins” and “Not your metal, not your computer”.

You want to take things to the next level and build a server room at home. There you’ll be able to run open-source software to replace cloud-based systems, and also run your own open source LLM (Large Language Model) to train your AI models without the censorship of Big Tech.

Okay, it may not look like that, but it will feel like it, and you will feel like a real cyborg.

10. A Fully Customizable Adult Sex Doll

Now that you’re a cyborg, you might want a cyborg companion. I won’t post any images here, I’ll let your imagination run wild. As crazy as this sounds, it will be possible to buy anything, even this, directly from your Wasabi Wallet.

What are you waiting for? Download Wasabi Wallet’s new version.

The post 10 Crazy Christmas Gifts You Can Buy Through Wasabi Wallet appeared first on Wasabi Wallet - Blog.

Coinjoins.org was announced earlier this year by Thibaud and Gustavo as a new public resource to discover and review bitcoin wallets with coinjoin features. Today, 3 new wallet reviews were released to help consumers discover the best bitcoin wallets for privacy. 

Trezor Suite and WabiSabi 

Trezor Suite is an easy-to-use bitcoin wallet desktop application with hardware wallet integration (Trezor T, One and Safe) and a built-in coinjoin feature using WabiSabi, the same coinjoin protocol used in Wasabi Wallet. 

One benefit is that Trezor Suite is the only wallet that allows you to coinjoin directly from a hardware wallet account, significantly increasing the security of your bitcoin. There is no need to use a hot wallet.

One limitation is that the process of coinjoining is somewhat manual. Users need to create a separate coinjoin wallet account, block filters have to be downloaded, and once the funds are deposited, a user need to manually click start to join a round.

The coinjoin integration was co-announced by Trezor and Wasabi Wallet back in April of this year. 

Find the full Trezor Suite review on Coinjoins.org. 

Jam and JoinMarket 

Jam is a web interface for JoinMarket focusing on user-friendliness and ease-of-use. It aims to provide sensible defaults and be easy to use for beginners while still having the features advanced users expect.

One benefit is that Jam significantly improves the user experience by abstracting away the complexity of Joinmarket. Joinmarket is the most censorship-resistant coinjoin on the market due to the competitive nature of a peer-to-peer free market with many takers and makers. There is no single coordinator in Joinmarket, but each round has a central coordinator (the taker).

One limitation is that Jam is not easy to install if you don’t have a full node system such as Umbrel, Citadel, Start9, Raspiblitz, MyNode and Raspibolt. Running Jam still requires technical skills. If a user doesn’t buy the pre-built node systems, it also requires technical skills to DIY (do it yourself).

Find the full Jam review on Coinjoins.org. 

BTCPay Coinjoin Plugin

BTCPay Server is a self-hosted, open-source bitcoin payment processor that includes a bitcoin wallet with a WabiSabi coinjoin plugin. 

One benefit of using BTCPay Server is that it is the most censorship-resistant WabiSabi bitcoin wallet because you can browse coordinators on Nostr (uncensored social media platform) and also run your own coordinator and publish it for discoverability.

One limitation is that it’s harder to run your own BTCPay server instance than it is to install a desktop or mobile wallet application. To use the WabiSabi coinjoin plugin, you need to install it after deploying BTCPay. It’s mandatory to use coinjoin on your own instance because you need to use a hot wallet.

Find the full BTCPay Server Coinjoin Plugin review on Coinjoins.org. 

Contribute 

Coinjoins.org is a free and open source project developed and maintained by Thibaud and Gustavo. If you would like to share suggestions, please open an issue on the GitHub repository, or even fork the project to show improvements. 

The post Coinjoins.org Presents 3 New Coinjoin Wallet Reviews appeared first on Wasabi Wallet - Blog.

As software, Bitcoin is programmable, and its transactions can be made collaborative to protect users from leaking sensitive transaction details. Coinjoins are bulk bitcoin transactions that do just that. Coinjoins allow users to prevent personal information leaks on the public Bitcoin network, reclaiming their privacy. Users can protect their transaction history while retaining the ability to choose who to share confidential financial information with.

Coinjoins for Everyone, Anywhere

For a long time, coinjoin protocols have been difficult to develop and implementations have been difficult to deploy and maintain, with many performance, reliability and efficiency quirks. 

Now, with a simple Coinjoin API recently announced, collaborative bitcoin transactions are accessible to anyone, including companies that want to add powerful and robust privacy features to their bitcoin products, such as wallets, brokers, custodians and more. Over the past five years, Wasabi Wallet has shown that coinjoins can bring privacy to a large number of consumers without any tradeoffs on security or sovereignty. With an ever-growing interest in recording and analyzing public bitcoin transactions, bitcoin companies must now find new ways to protect the privacy of their customers as they move to a Bitcoin standard. The Coinjoin API makes this available to the enterprise market and increases the value proposition for Bitcoin itself. 

“Anonymity loves company, and that’s why we love that anyone can use our Coinjoin API to join the privacy party of our existing users. WabiSabi is efficient, fast, and flexible, where alternative clients can pioneer cutting-edge features. BTCPayServer users can efficiently batch multiple payments in a single coinjoin, and Trezor Suite users are the first to enjoy hardware wallet security of their private keys in coinjoins. This freedom to innovate on the edges will let a thousand flowers bloom” – Max Hillebrand, CEO at zkSNACKs and Wasabi Wallet contributor. 

With over a million devices sold, Trezor, one of the world’s most popular bitcoin hardware wallet manufacturers, has already integrated the Coinjoin API developed by zkSNACKs earlier in 2023. 

“Our mission is strengthening the power and independence of the individual. Coinjoin is an essential piece in the privacy puzzle and we try to make it as simple as possible. Now anyone can reclaim their privacy without compromise on security.” – Hynek Jína, Head of Development at Trezor

As a self-hosted bitcoin payment processor, BTCPay Server has integrated the WabiSabi coinjoin protocol into a plug-in, making this feature available to all of its merchants, who can now even run their own coinjoin coordinator infrastructure. 

“BTCPay Server has always championed privacy-centric solutions. When the WabiSabi protocol became production-ready, it was a no-brainer for me to build an option to incorporate it. The flexibility of WabiSabi is astounding, allowing me to innovate by using a privacy solution as a scaling solution. Now, merchants can schedule and batch their bitcoin payments to be broadcast through coinjoins, hitting two birds with one stone. BTCPay Server even allows you to effortlessly integrate WabiSabi coinjoins into your operations through its extensive API. And with the upcoming payment protocol, a service provider will be able to offer the most private financial settlement experience possible to its customers, at no extra cost.” – Kukks, BTCPayServer

In the early Wasabi Wallet 1.0 version, Cyphernode and Chaincase had already successfully integrated the API to build clients with new functionalities such as multi-wallet management for the former and deploying on the iOS platform for the latter. Even with these early innovations, we’re still at the beginning of scaling accessible Bitcoin privacy to millions of users, and the Coinjoin API is a new product to help bitcoin businesses on that path forward. As new partners integrate with the zkSNACKs Coinjoin API, liquidity improves, which provides better service to all existing users. In other words, coinjoins are social and benefit from network effects to improve the level of privacy for all users with an optimal level of speed, cost and ease of use. 

Existing bitcoin companies can leverage new opportunities to monetize a high-traffic wallet or broker through an affiliate program with revenue sharing. Offering an additional feature to existing users creates new income diversifying revenue streams, while potentially attracting new users by providing state-of-the-art Bitcoin privacy features. With regular user data breaches targeting bitcoin exchanges, brokers and lenders, companies can now mitigate the impact on their customers by preventing address clustering and transaction tracking. Companies can also fully comply with local and regional consumer privacy laws by protecting users’ personally identifiable information, preventing non-consensual sharing of user data on the public Bitcoin network. 

If you are a Bitcoin company interested in joining the affiliate program and learning more about the Coinjoin API, please get in touch with zkSNACKs at [email protected]. 

The post Announcing Private Bitcoin for Enterprises with a New Coinjoin API appeared first on Wasabi Wallet - Blog.

Hunting Sats at Bitcoin Amsterdam is sponsored by Wasabi Wallet and 8 partners including BTCPay Server, BTCTKVR, Bull Bitcoin, Coinkite, Cryptosteel, Trezor, Vexl, and Wizardsardine. Read this article to understand how it works, why Bitcoin Amsterdam is the place to be, and to read additional information on all partners involved.

How Hunting Sats at Bitcoin Amsterdam Works

A bitcoin wallet was created and backed up with a standard 12-word recovery phrase with over $1,500 of bitcoin. All the words from the recovery phrase are hidden in the Bitcoin Amsterdam venue, as seen in the map below.

Together, these words make up the recovery seed of the wallet which is securing the prize money. Find the words, place them in the right order and get over $1,500 of bitcoin rewards. First come, first served! Placing them in the right order requires brute forcing software. 

You have all the words but can’t find the correct order? Find @thibm_ at the Bitcoin Amsterdam venue to win 4 Coldcard MK4s, 2 Cryptosteel Capsules and some Bitcoin merch. Hurry before it runs out!

For More Information, Visit HuntingSats.com 

For all the general information regarding the contest, including updates about this contest’s edition!

Additional Information on Bitcoin Amsterdam 2023

On top of hosting Hunting Sats’ latest edition, Bitcoin Amsterdam is a festival for financial freedom. If you want to learn the basics of Bitcoin or go deep, this conference will be great to push further your educational objectives. 

Don’t forget that it’s all about networking here, and you can do so talking not only about bitcoin but art and culture as well. Amsterdam is one of the greatest cities on earth. Visit huntingsats.com/amsterdam for more information. 

Official Hunting Sats Amsterdam Partners 

There are 9 partner projects and companies who each have contributed to this Hunting Sats edition along with our team at Wasabi Wallet. All partners have bitcoin-only products and care deeply about security, privacy and Bitcoin education. 

BTCPay – A self-hosted, open-source bitcoin payment processor. It’s secure, private, censorship-resistant and free. 

BTCTKVR – The home of insightful Bitcoin articles, podcasts, videos & music.

Bull Bitcoin – The World’s best non-custodial Bitcoin company. Buy, sell and pay bills with Bitcoin. Our Mission: Destroy Fiat.

Coinkite – A leader in security and hardware manufacturer. Maker of some of the most iconic Bitcoin products, such as OPENDIME, COLDCARD, BLOCKCLOCK and more.

Cryptosteel – The mother of all backups. A fireproof, shockproof and waterproof offline tool that you own to backup your bitcoin and passwords. 

Trezor – A hardware wallet providing advanced security for handling bitcoin.

Vexl – Vexl is a mobile app giving its users a simple, accessible and safe way to trade bitcoin as it was intended – peer-to-peer and without KYC. 

Wizardsardine – A team of bitcoiners with a passion for security. Our mission is to make bitcoiners sleep better at night. We focus on safety: preventing both theft and loss.

The post Hunting Sats is Back at Bitcoin Amsterdam 2023 appeared first on Wasabi Wallet - Blog.

Tired of waiting for transaction confirmations? So are we! Much time has been spent trying to solve this ubiquitous issue. As a result, we’ve packed Wasabi Wallet version 2.0.4 with highly requested features and a bundle of performance optimizations that drastically speeds up wallet load time, frees transactions from getting stuck in the mempool and make life easier than ever for privacy-conscious Bitcoiners. 

Key upgrades include transaction speedup with RBF and CPFP, privacy warnings when sending transactions, and a headless daemon for advanced users who prefer using their keyboard instead of their mouse. Tasks running in the background now take even less time with improvements made to coinjoin output efficiency and wallet synchronization speed.

“Since the last release four months ago, the amount of progress is mind-blowing. Now Wasabi is even faster, more private, and easier to use. The contributors have really outdone themselves this time.” ~ Max Hillebrand, CEO at zkSNACKs and Contributor to Wasabi Wallet 

Don’t Float in the Mempool

Unpredictable gaps of time between blocks often lead to users overpaying on fees for urgent transactions to avoid getting stuck in the mempool below competing bids. Wasabi’s new transaction speedup feature eliminates this risky gamble so users always win. Incoming funds can now be secured quickly with Child Pays For Parent (CPFP) to self-spend an unconfirmed UTXO, and outgoing transactions can use Replace By Fee (RBF) to increase confirmation priority or cancel the payment entirely. In addition to these flexible new features, clients now adapt to high mempool fees and never create small value coinjoin outputs that would be uneconomical to spend. Coinjoin reliability was reinforced further on the coordinator side with more accurate fee rate measurements and a robust transaction broadcasting process.

Turbosync Drastically Reduces Wallet Load Times

Wasabi clients use compact block filters to privately synchronize a wallet’s balance with the Bitcoin network. Block filters allow light clients to download only the blocks that contain their transactions instead of downloading every block like a fully validating node. This release optimizes the filter-checking process to reduce wallet loading times by 90% thanks to code cleanup and a clever key prioritization process dubbed “Turbosync”. With Turbosync, internal addresses that have already been used are not checked for coins in new blocks until after unused addresses have been checked first. Filter performance improved even more by storing them in an SQLite database instead of a plaintext file, reducing disk space requirements by about 1 GB and increasing resilience against file corruption.

Privacy Warnings and Spending Suggestions

New Privacy Warnings present users with one-click fixes if they are attempting to construct a transaction that spends nonprivate funds or creates change. Notifications are provided when consolidating more than 10 UTXOs or spending unconfirmed funds, allowing users to avoid potential mistakes without restricting intentional usage.

More Privacy, Less Blockspace

The amount decomposer was refined to make the most effective use of scarce block space so that whales who set a high anonymity score target now need fewer coinjoin rounds to reach 100% privacy. The amount of outputs a client can create in a round has been increased from 8 to 10, and decompositions that produce change outputs are now rarely chosen. The occurrence of non-private coinjoin “toxic” outputs is reduced even further to improve coinjoin efficiency. Adjustments to the anonymity score calculator and default settings additionally reduce the amount of coinjoining required before all coins are considered private. The anonymity score target of the “Maximize Privacy” coinjoin strategy setting was reduced from a random value between 50-100 to a less conservative range of 27-76, which brings the behavior closer in line with the two efficiency-based strategies.

Headless Daemon

More experienced users can directly interact with the core features of the wallet through an RPC (Remote Procedure Call) interface making it easy for developers to customize their experience and build features that are not available in the GUI version. This release bundles the Daemon, an executable called ‘wassabeed’ that runs the wallet without the graphical interface. The wallet can be run in the background by using the RPC interface allowing users to coinjoin, see their balance, and perform every other function of the wallet without the resource consumption of the graphical interface.

Other Features

• QR code scanning for Linux to copy payment addresses
• Improved Tor behavior
• Hardware Wallet Interface updated to v2.2.1
• Decoupling of the user interface for better testing and alternate client support
• Separation of WabiSabi cryptography library for compatibility with other projects
• Sunset of Wasabi Wallet 1.0 zerolink coinjoin coordination

About Wasabi Wallet

Reclaim your privacy with Wasabi Wallet, a free and open-source bitcoin wallet with built-in coinjoins. Coinjoins are collaborative bitcoin transactions that enable cash-like privacy features for bitcoin.

Download Wasabi Wallet here .

The post Free Transactions from Being Stuck in the Mempool appeared first on Wasabi Wallet - Blog.

These Know Your Customer (KYC) requirements are meant to validate customers’ identities, but this collection is often involuntary, and they also hold significant ramifications for your privacy.

The best way to know how much KYC affects your privacy is to ask: What could happen to your KYC data behind closed doors?

A little digging can reveal that a lot more goes on with your data; some of which you would never willingly consent to. Among other things:

• Your KYC data is shared with other parties
• Your KYC data enables the monitoring of your behavior
• Your KYC data is sometimes leaked in data breaches

Why The Name KYC Is Misleading

Going by definition, the KYC process exists to identify you as a customer. But the name makes it easy to overlook what happens after the customer is known. How?

When it comes to the traditional KYC processes, the following three steps will be involved:

• Identification –  You offer personally identifiable information to the service provider, i.e. name, date of birth, address, or even tax id numbers issued by a government
• Verification – The information is checked for validity
• Monitoring and due diligence – Activity tied to the identity is tracked for any misconduct

Visibly, the name KYC barely hints at the existence of the third step where your activity utilizing the service is tracked alongside your verified identity. It’s the third step that consequently holds the most implications on your privacy in the following ways:

1.  KYC Makes Money The Perfect Surveillance Tool

Before money became all bits, having an identity was a necessary part of enabling banks to function. It was only in this way that money could be accounted for. Without an identity, chances are that money could often end up in the wrong hands. Furthermore, only having a verifiable identity would allow for responsible action in the case of liabilities or misconduct.

Although all money existed in the form of paper and balance books as large physical books, financial institutions could still know financial information about their customers. But unlike before, tracing users’ transactions was greatly limited for one key reason. It was an extremely labor-intensive task. The challenge posed meant that tracking users’ transactions only had to be viable when there were strong motivations to do so.

Fast forward to today and even the weakest motivation to trace and track user activity is backed by computers that can store huge amounts of data and retrieve it quickly. The result is that encroaching on users’ privacy is easier than ever before.

With a mouse click, one person can have an entire list of all your transactions throughout your lifetime, down to a single cent. Even further, your transactions can be tracked as you make them in real-time.

How Much Data Do You Give Away?

Using the data tied to your KYC, a lot more information can be gleaned from your transactions. For example, a coffee charge on your card lets someone know your addictions, or your donation to a cause reveals your political standing.

Furthermore, the use of KYC means that users end up being categorized based on their identities and activities in the real world. These categories are created based on your activities within the service you signed up for or from perceived opinions you may keep.

For example, frequent travel overseas can put you on a travel risk list, or close association with a government faction can make you labeled as a politically exposed person. It is for these reasons that KYC is the easiest way for someone to encroach upon your private life.

2. Your Data Is Shared And Sold

Your KYC information and data generated from it has immense value because it is an extension of your real life. Selling your data often happens because you likely signed away some rights in a complex terms of use that is not read 99% of the time.

When it comes to KYC, the personally identifiable information fetches a higher price, creating a stronger incentive to sell your data for profit.

The data is used in marketing campaigns, promotions, and even more recently, to train commercial AI models. This reinforces the paradigm that data is the new oil and users are the new oil wells.

Additionally, users’ information is shared with other parties to meet compliance mechanisms put in place. For example, data relating to your trading activities is shared with tax authorities, or data from your medical facility is shared with insurance.

The sum result is that the user’s KYC information ends up in more hands than what would be acceptable, compounding to a situation where users’ privacy is habitually out of their control.

3. Your KYC Data is a Hacker’s Dream

The personally identifiable information held in KYC is the most valuable information a hacker could get their hands on.

What aggravates this further is the fact that KYC information is handled by third parties. These third parties act as verifiers and also tend to keep the data for much longer than they are obligated to.

Understandingly, keeping a huge amount of sensitive data puts a target on their back by hackers. What’s more, providing KYC data to multiple services results in your data being exposed across multiple locations. Recent data breaches reveal that even the biggest companies get hacked.

When cyber attacks are successful, hackers get away with valuable user information. The private information collected is the biggest catalyst for identity theft and encourages other cyber threats such as phishing.

And while measures are often put in place to protect user data, often the best solution would have been if such personally revealing information was never collected in the first place.

The KYC Dilemma: Trust or Privacy

The idea behind KYC is that for you to be trusted, you need to reveal as much personally identifiable information as possible. This is the only way you can be accountable as a user.

From a regulatory point of view, tracking and invading the privacy of all is taken as the right way to prevent the misdoings of a few bad actors.

But how much privacy should be traded away for trust to exist?

The solution lies in applying more privacy-focused trust technologies or even yet, switching to trustless systems, like Bitcoin. Trust doesn’t always have to be dependent on vulnerability, especially when the vulnerability predisposes you to manipulation.

The post How KYC Affects Your Privacy appeared first on Wasabi Wallet - Blog.

Most Bitcoin users don’t run a node, which means they are relying on someone else’s. What this means is that someone else’s computer is trusted to propagate their outgoing transactions to miners, validate incoming transactions as legitimate, and store a copy of the blockchain. In this regard, running your own node is incredibly beneficial. You put into practice one of the most important principles of Bitcoin; one that has become a mantra in the Bitcoin community: Don’t trust; verify. Unless you run your own node, you’re relying on third parties to validate transactions, including your own. Running a node enables you – on your computer – to validate transactions on a completely equal level to everyone else on the Bitcoin network.

Transaction validation occurs in two separate instances. Validity is first checked when your node is listening for transactions relayed to its mempool that are not already in a block, and validation is done again after a block is mined to check transactions that your node’s mempool was not already not aware of. Before your node propagates transactions across the Bitcoin network, it checks that they are valid against a long set of criteria. The most important criterion for validity is that the sum of input values must be greater than the sum of outputs. In other words, your computer checks that all Bitcoin transactions are actually requesting to spend money that exists rather than counterfeiting new money. A host of other things are checked by your node when building a mempool including the transaction size, the fee, the locking and unlocking scripts, and much more. The second stage of node validation occurs after a new block has been found by a miner. Only valid blocks are propagated across the network, as each node independently ensures they are valid before forwarding them to their peers. This brings us to an important point: miners are not trusted parties. For example, nodes will reject a block if the Proof of Work is insufficient, or if the miner rewards themselves with a million new bitcoins. By running a full node, you quite literally trust no one. Instead of trusting, you verify.

In addition to benefiting you individually, running a node is a voluntary way to contribute to the entire Bitcoin project. Just by running the Bitcoin software on your computer, you are helping make Bitcoin more robust and decentralised. We said at the beginning that all Bitcoin needs to exist is two nodes – which is true. But when there are more nodes in different geographic locations, it becomes increasingly complex to coordinate a simultaneous physical attack on the Bitcoin network. It is this distribution that makes it possible for there to be rules without rulers. Decentralisation is not only the key philosophy of Bitcoin from an ideological standpoint, but necessary for its survival. Previous forms of electronic money failed because their dependence was concentrated in one physical location. Bitcoin, in contrast, has no single point of failure. Bitcoin can’t be externally stopped because there’s no headquarters to bomb, raid, or shut-down. The more people run nodes, the more this statement holds true.

Thousands of computers running the Bitcoin software produce the blockchain, which is an immutable record of every transaction in Bitcoin’s history. Bitcoin’s immutability is enforced physically since an infeasible amount of Proof of Work would be required to change transaction history. Bitcoin’s immutability is also enforced socially since everyone must agree on the same rules for transactions, not just the order of transactions. Any user who changes the rules in their favor does not derail or destroy the software for everyone else, the cheating node merely creates an invalid fork that no other nodes besides its creator recognize as legitimate. The Bitcoin blockchain is a record of historical truth that cannot be deleted. It is not stored centrally or changed easily. By running your own node, you make the Bitcoin blockchain that much more indestructible.

Thus, Bitcoin’s success has necessitated the collective impact of thousands of volunteers running nodes. This small action makes Bitcoin that much stronger and decentralised. But perhaps more importantly, it means that you are in complete control. You are verifying that everyone else is playing by the rules, that no one cheats in the monetary system you are a part of. You are doing your part creating an “electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party”. Running a Bitcoin node is the wonderful intersection of individualism and altruism. You should give it a try.

The post The Benefits of Running a Full Bitcoin Node appeared first on Wasabi Wallet - Blog.

There’s three so-called privacy guarantees of Wasabi 2.0. One is that the more inputs there are, there is the likelihood that there’s gonna be multiple equal denominations. It gets higher and higher, and like Max said, when it gets to 150 inputs or 300 or something like that, it’s gonna be very, very likely, that there’s gonna be multiple equal amounts for all of the denominations. Now that is good. That provides us anon set. That is one privacy guarantee. Now, there’s also the fact that now in Wasabi, you cannot really know how many inputs this user has, how many outputs did he break the amount into. And you know, all of these kinds of nuances, it makes it really, really difficult to try to analyze Wasabi coinjoin transactions because there’s kind of this possibility of you breaking down your amounts in many different ways, so you don’t really know it. It’s kind of another way of making it difficult for any analyzer to figure out what really happened over here.

Now the third one, which is not really a guarantee, you know, it’s just a practical thing that we’ve noticed that it is very difficult to try to even create a probability table for a coinjoin transaction as large as Wasabi 2.0 coinjoin. If you have 300 inputs and 300 outputs, just trying to calculate some kind of a, you know, doing coinjoin Sudoku and trying to figure out which inputs could have gone or broken down into which outputs or consolidate into, you know, all of the possibilities.

That is just something that we have not with our hardware been able to even do.

Well K Y C P doesn’t either on large transactions, they just go “run it yourself” because it’s so computationally expensive.

Yep. So even if you have these amounts, as long as you are not the big whale and a lonely whale in Wasabi 2.0, coinjoin transaction, it is gonna be very crazy hard to figure out the input-input linkage, input-output linkage or output- output linkage.

Now in the Wasabi Wallet 2.0 coinjoins, there is a bunch of these so-called privacy guarantees. So we have the traditional anon set, but we have much more things on top of it.

I think when we want to focus on change in coinjoins, it’s important to look at the entire user journey and Rafe you just hinted it in some regards.What about post links? So the entire user journey is arbitrary amount input value. Maybe that’s not gonna be enough as the minimum denomination that the coordinator dictates in Whirlpool or Wasabi 1.0, for example. So then you have a problem and you’re excluded. And so you have to consolidate multiple input coins in the same joint transaction or TX zero transaction, which reveals common input ownership, at least to the coordinator with Wasabi 1.0 and to the entire blockchain with TX zero in Whirlpool, which isn’t great, right? But you’re now in the coinjoin. You get your private output amount of a standard denomination, but now you want to make a payment. And the big problem is, well, the payment, the merchant wants an arbitrary amount, and it’s very likely not that standard denomination that you have.

So you have to consolidate multiple inputs to make a payment. Also, you are gonna have to create a change output because the merchant’s payment output is, is not the value of your inputs. Then if the coordinator dictates certain input and output values in the coinjoin, this means that you cannot do the payment inside the coinjoin. Like for example, in Wasabi 1.0, no merchant wants to get exactly 0.1123, or something. In Whirlpool you couldn’t even collect multiple inputs, the coordinator says you can only have one input, and no merchant wants to get the exact pool denomination. So this means in Wasabi 1.0 and in Samourai, you would have to make single-user payment transactions, but single-user transactions are horrible because we reveal common input ownership. And so now if you need to consolidate multiple standard denomination coinjoin outputs in your single-user payment transaction, you just revealed common input ownership.

Then you have the merchant’s payment output and your change output. Well, now the merchant knows that this is your change output and an outside observer knows that this is the change output to a payment that was done by a coinjoin user, and then you will most likely want to get privacy back on that change output, right? It’s toxic after all. So you want to put it into a coinjoin. The problem is, The problem is, you just commissioned a payment with a standard denomination. So the change output is gonna be less than that, meaning you cannot go back into the same denomination coinjoin pool, right? Let’s say in Wasabi 1.0 you get a 0.1 output, you make a 0.03 payment and you get your 0.07 change. Well, the 0.07 change cannot be registered in the 0.1 pool, meaning you have to consolidate to get into the coinjoin again, and that sucks for privacy. The change output is such a huge problem, not just inside coinjoin, but also inside payments, which cannot be made inside the coinjoin, but because of the entire idea of trying to prevent change. But here is where Wasabi 2.0 really comes in to shine.

It just shows the incredible benefit of having arbitrary amount coinjoins. You can come in with any amount that you just put through from an exchange or whatnot and get only private outputs on the output side, and now you have a multitude of different standard denominations in your wallet after a couple rounds of coinjoin. And now if you want to make a single-user payment transaction, you can combine these standard denominations very efficiently to reach any arbitrary payment output value with only a handful of inputs.

These standard denominations are good for decomposing, like breaking down a certain large amount into many smaller amounts, but they’re equally as efficient in taking a bunch of small amounts and adding them up to a precise large amount. So with very few inputs, you can make any value payment, but still, let’s assume that you still get a change output back. Well, the change output is gonna be lower than the standard denomination on your input side. But in 2.0 it doesn’t matter because you can register as low as 5,000 satoshis on the input side, regardless of what amount it is. So a payment change output can directly be registered in the coinjoin and it can be registered together with private outputs that you have. So you can combine one or two non-private change outputs together with three or four private coinjoin outputs, which means now even though one or two coins of yours are revealed on the input side, all of your other coins that you have on the input side are private. And so, even an outside observer who might know that this specific change coin belongs to you,  does not know which other inputs you have and therefore the value of the inputs that you have. And if you don’t know the value of the inputs that you have, it’s gonna be even more difficult to find out which output values do you actually have.

Ultimately with 2.0, we have a much smoother user experience that is faster and especially cheaper and more private.You can get any arbitrary input value, and even after making a payment, you can register the change without any issue in the next coinjoin.

Just to kind of explain a little bit of what is anon score.

Imagine that you have a coinjoin round where you have one of the outputs of one Bitcoin and there are nine other outputs that are also one Bitcoin. Normally we would consider that this, your coin has anon set of 10. The thing is, we could previously say that with all of the three old implementations, because we had this idea that the user will have only one of those equal denomination outputs. That was the guarantee that enabled all of these implementations to somewhat of at least use anon set as an estimation of how private did their output get. There is nine other outputs that are equal amount, and each of the outputs are owned by different people. Now with 2.0, that is not true anymore.

So there can be that you might have, let’s say two of those, one Bitcoin outputs instead of just one. What would be then your anon set? Well, it is again, for each of the outputs that we have, like this one bitcoin output, the anon set is 10. But because we cannot know, if all of the other eight outputs are also coming from different people, we have to be conservative.

So there is certain calculation of how anon score is a conservative version of anon set. Instead of you having one of those one Bitcoin outputs, we don’t give an anon set of 10. We give, let’s say, as an example, an anon score of 4. Because we assume that multiple of these outputs might be actually from the same user, not all from different individuals.

That is kind of like anon score. So whenever, like we have in the wallet now ‘Anon Score Targets’, when the user starts a wallet, he has to choose from different profiles. And those profiles have a certain amount of Anon score that they are targeting. And automatically, whenever the conjoin rounds succeed in a way that they actually do get this traditional anon set, we make a conservative calculation from that and then we show it for the user that, hey, you got privacy. So we are not even calculating or counting into our privacy calculation the fact that it’s computationally just hard to figure out all the possibilities of how the linkages could go in this coinjoin. We are not counting on this being able to break down the amounts into multiple different ways.

We are being ultimately very, very conservative. Even more conservative with the anon set in the calculation of privacy.

Check out the full recording, if you haven’t already: https://youtu.be/Zu-bT9XojYk

The post Twitter Spaces Highlights – Toxic Change in CoinJoins appeared first on Wasabi Wallet - Blog.