4 min read

A holistic approach to CoinJoin

Earlier this week I was asked the differences between Wasabi and Whirlpool by a user in our Whirlpool telegram channel. Of course, both implementations are based on ZeroLink, and both implementations generally do the same thing. I believe I gave a fair comparison between the two tools. My original comments can be found here.

Samourai Wallet in Whirlpool CoinJoin by Samourai Wallet
Long story short, the major difference is the Tx0. With Wasabi if you are mixing 10 BTC, I can trivially track that 10 BTC as it is peeled down into smaller utxos. The left over change is part of the mix tx, and thus creates a determinstic link that follows it until completion. You literally leave c…

As I mentioned in my original comments, all CoinJoin transactions are affected by merging inputs if proper precautions are not taken by the wallet software. You have to think of “mixing” in a holistic way, it isn’t a single process that affords bulletproof privacy. Certainly anyone claiming they have solved privacy concerns in Bitcoin is a liar.

As we see it, there are two main aspects of “mixing”, the actual CoinJoining of UTXOs between participants, which both Samourai and Wasabi provide implementations of, and secondly the actual spending of those UTXOs by the user in a way that doesn’t compromise their privacy, what we like to call PostMix Strategy, which only Samourai provides currently.

In the CoinJoin protocol itself there are some key differences in the quality of the mixes that each implementation creates. For example: In Samourai Whirlpool, each mix is “theoretically perfect” - What this means in practice is each mix has the maximum amount of entropy possible for a transaction of that composition - For a 5 input / 5 output Whirlpool transaction this means there are 1496 possible interpretations and no possible deterministic links between any of the inputs and outputs (See: KYCP.org Example ) . Additionally as we do not have a concept of “unmixed change” within the mix you do not see the distinct “peeling chain” pattern on the blockchain. Instead you see more of a fractal tree branch cloud emerge. (See: OXT Whirlpool Explorer )

Alternatively in Wasabi’s implementation of ZeroLink there is routinely 30-60% of inputs issued from the same previous transaction, visually identifiable deterministic links between inputs and outputs, and multiple outputs belonging to a single participant in a given transaction, essentially mixing with yourself. These factors in combination with the fact unmixed change is part of the actual transaction as well as the static address used to collect the coordinator fee would disqualify these are transactions as “Theoretically Perfect”.

When viewed in isolation these differences are not serious issues. The peeling chain and unmixed change can be mitigated against by the user staying around until their entire amount has been mixed for example, but when viewed holistically and crucially with lack of a PostMix spending strategy these architectural differences have serious consequences when common user behavior intervenes.

This was demonstrated by the trivial de-anonymization of Wasabi’s own donation to The Tor Project which carelessly merged an input in a transaction with a 100% deterministic links (See: KYCP) that revealed not only a Wirex account address, but also 38 fully mixed inputs as their own (See: KYCP)

My point is not to kick a competitor when they are down, my point is, if this can happen to the experts who run Wasabi then this is absolutely happening on a broader scale with less sophisticated users, and they likely have no idea it is happening, let alone what steps they need to make to prevent it.

How to prevent these issues

A well thought out PostMix strategy in combination with a well defined CoinJoin protocol is essential and must work in conjunction with each other.

We disagree strongly with the approach taken by Wasabi in response to these raised concerns - which seem to be well intended but utterly naive - that users should read long Medium articles and learn the finer details of proper Coin Control techniques before spending.

This is a dangerous burden to put on users and an arrogant position to take by the developers. Samourai has instead developed multiple PostMix spending tools that by default will apply advanced coin selection rules to help make sure that the transactions you make after mixing are not leaking unwanted meta data on the block chain as you spend and guaranteeing healthy amounts of entropy as a cloak of plausible deniability.

We have spent years developing and fine tuning our coin selection algorithms, testing them against tools we have developed and Open Sourced to score the transactions. We have invited Wasabi to use these tools to help strengthen their postmix spending proposition (See: 1 2) which was unfortunately rebuffed.

We have innovated on Peer2Peer CoinJoin transactions between you and a friend designed to mix as you spend. And we have implemented PayJoin which is a type of transaction that appears to be a normal “simple” transaction with 2 outputs, but is in fact another Mini CoinJoin where even the amount displayed on the blockchain is misleading.

This type of transaction is especially subversive as it successfully tricks analysis platforms to incorrectly cluster the inputs - creating a cloud of false positives.

I knew that it was likely that Wasabi would respond negatively to these comments, but I would suggest to fix the underlying issues that are putting users are risk instead of choosing to Doxx or launch personal attacks against Samourai or our staff.

Thank You

Join our Telegram and Follow Us on Twitter to keep up to date on development and to receive help from the very helpful community.

Please be aware there are numerous scam/impersonator accounts claiming to be Samourai Wallet support. We do not provide support anywhere but the samourai.support platform.