- Turning public payments into private ones? Check out the Bitcoin whitepaper.
The Bitcoin blockchain isn’t exactly known for its privacy features. Every single transaction is publicly logged forever, linking the public keys of inputs and outputs. Satoshi pointed this out in section 10 of the whitepaper titled Privacy:
When you spend your coins alone, consolidating inputs can hint at shared ownership, but it doesn't have to expose anything since you can create a multiparty transaction with inputs (and outputs) from others. This is what we call a Coinjoin.
There are various kinds of coinjoins that offer different levels of privacy, but they all operate on a non-custodial basis. There are a bunch of protocols and standards made to support coinjoins depending on the situation. Just keep in mind that these descriptions focus on the protocol side; wallet-specific details aren't part of this explanation:
- Payjoin
A payjoin is a Coinjoin created together by both the sender and the recipient. This gives a slight privacy boost for both parties by mixing their transaction histories while also cutting down the receiver’s future block space costs. Since an output is already being made for the merchant getting the money, the receiver can conveniently combine their inputs at the same time. One great thing about payjoins is that they blend in with regular on-chain transactions, unlike equal output coinjoins that leave a clear trace.
Look man, I don't know what you're trying to do here. Don't you have enough with 15 neutral color tags but basically saying you're a piece of shit? Now you want to open a rational debate by quoting someone who is going to die? If it's because Wasabi pays you to represent them on the forum, the best thing you can do is stop doing it. Otherwise you're just going to inspire more hate.
I'm educating people about Bitcoin privacy, just like I always have. Anonymous money is quite literally the most important thing in the entire world, don't you agree?
Lol, you didn't fall for that did you? The scammers who promote custodial "Mixer Sites" formed a mob to leave false accusations against anyone who tells the truth that Bitcoin is untraceable.
Everyone is going to die, why do you think that fact means we shouldn't have rationale debates?
The truth about Bitcoin privacy has always inspired hate because the promoters of "Mixing Site" scams don't want their source of income cut off.
I somewhat agree. People will just assume you shill Wasabi.
Have you checked WabiSabi paper from https://github.com/zkSNACKs/WabiSabi/releases/latest/download/WabiSabi.pdf and read section 7?
To be specific, what do you think about sentences i quoted above?
Look. I agree you believe you educate people about Bitcoin privacy, but we have repeated this conversation around solutions for privacy quite a lot of times. The fact that you still quote these whirlpool messages, as if they even mean something substantial, shows with what tenacity you're trying to sabotage Samourai. I agree with Poker Player that the more you talk, the more you ruin Wasabi's reputation.
Quite literally not. There are far more important things in this world.
Except that in your last 13 feedback of your Trust summary, people have accused you of being a horrible human being, regardless. People with no relations with mixers wrote these. Even Poker Player, who carries a Wasabi signature, and could have been considered in disadvantageous position. You cannot keep wandering around with that soundbite. Nobody buys it.
Acknowledging that everyone is going to die versus wishing and praising for someone's death are two separate things. I'm quite struggling to think what else there is to say.
There are no more mixer services here, stop trying to die on that hill. Or maybe you forgot to teleport your account to Altcoinstalks?
More on topic:
If there is a service coordinating payjoins between different wallets, which is ultimately what all of these methods boil down to, whose going to be interested in collecting the UTXO history of all the people who participate? Same with CoinJoins and coordinators. Let's say the Fed was running a coordinator, and recorded every UTXO going inside it. Where's the privacy now?
Nope, these descriptions are agnostic of the wallet implementation. There's multiple wallets that use each of the coinjoin methods I listed above, I'm not getting specific.
As noted, you can register multiple inputs with WabiSabi to verify that the parameters match each other.
As noted, clients would be able to detect this and defeat it by disallowing arbitrary timeouts.
If I understand it correctly, this is handled by using a different Tor identity for listening to round updates than the Tor identities you register inputs with. Because the coordinator does not know which Tor identity is listening for which inputs, they do not know who to target with this delay.
Clients abandon rounds after multiple successive failures as a basic way to prevent this.
_____________________________
I know you didn't mention it, but I disagree with this conclusion in section 7 of the WabiSabi paper:
This is incomplete because the marginal cost of a DoS attack is zero if you are going to spend your UTXO anyways.
What do you mean "as if they even mean something substantial"? These Whirlpool addresses are linked to each other.
I clicked on the link in your signature, it says "Jambler.io mixing platform". Did you know this is custodial?
I believe the functionality you're describing is "GroupHug" - https://peachbitcoin.com/blog/group-hug/index.html
However, as the article mentions, this does not provide privacy like WabiSabi and Whirlpool do. gmaxwell explains the difference here:
Takers in JoinMarket are the coordinator of their own coinjoin, so their threat is reversed (e.g. Feds running multiple maker identities to spy).
Privacy with WabiSabi is guaranteed by your client, it doesn't matter if the coordinator you connect to is a Fed or not because you do not reveal UTXO links to the coordinator or trust them with any data.
If a Fed was running a Whirlpool coordinator, they could perform a targeted attack where they only choose you to mix in rounds with 4 decoys so you gain a false sense of privacy. Or, they could just rug pull you by not mixing your funds after you pay the coordinator fee.
No one sells coins to "mixers": A "mixer" is someone who gets others to deposit coins into their wallet by telling them they will keep their data secret. Eventually, the "mixer" takes all the coins from the depositers and turns their data over to the government. We've seen this happen many times before on Bitcointalk:
Should read:
ANYONE can run a Whirlpool coordinator, and they CAN perform a targeted attack where they only choose you to mix in rounds with 4 (or more) decoys so you gain a false sense of privacy. Or, they could just rug pull you by not mixing your funds after you pay the coordinator fee.
There are probably more then a few people on this board sitting with 50+BTC from the early days who could setup a coordinator
Once again, if I setup a CoinJoin Coordinator for Wasabi users with a bit of tweaking it's not impossible. Getting people to use it would be the issue. But if I am charging no fees I can see where every TX came from and where they went.
The right tool for the right job. Hammering together something to make your BTC private will always have flaws / vulnerabilities.
It was not made to be private. Same way a VW Bug was not made to haul lumber. You can do it but why. Rent a pickup truck or a van.
Same here, want more private BTC there are enough BTC -> XRM or other privacy coins -> BTC and done.
Not kicking any of the people working hard to do this, but it really seems to be more effort then it's worth.
-Dave
Setting up a coordinator doesn't cost any BTC, a coordinator just sends messages back and forth to coinjoin participants.
How would you be able to see where every tx came from or where they went? Did you read gmaxwell's explanation about Chaumian blind signatures?
1) Because all the other coins in the coinjoin would be that persons. That is the point.
2) Later people reconnect and sign is the problem. It's usually (not always) not later, it's then and there. a->b->c tend to happen in somewhat real time. So now I know what to look for. And with blocks being full with ordinals at the moment you can probably eliminate 80+% of the TX, take out what are other known addresses and transactions. And the few dozen or hundred at the most can be sorted through at the governments leisure.
-Dave
Ah, I misunderstood: You meant this cost is to set up the attack, not to set up the coordinator itself.
A is the input registration phase, B is the output registration phase, and C is the signing of the complete transaction. Phase A always ends before phase B begins, which always ends before phase C begins. Where's the problem?
Ordinals has absolutely nothing to do with coinjoins.
This is my last post to you since you don't seem to care and I am tired of wasting my time.
You are 100% correct ordinals has absolutely nothing to do with coinjoins.
Ordinals are filling blocks with transactions that are obviously not coinjoins. And the rest is Crateology.
https://en.wikipedia.org/wiki/Crateology
As I said take out ordinals, take out known TXs, take out what else they know from other services and you have a very small pool of txs moving at the moment.
Keeping an eye on all of them and figuring out what is going on where is a lot less difficult then if all the txs in blocks were 'real' transactions.
Could 1 person do it looking at a list? Probably not. Can a lot of people with a lot of computing power and resources following all transactions do it. Probably yes.
You also seem to think that there are not a ton of tor nodes that are not run by and fully monitored by the government too.
-Dave
I care deeply about Bitcoin privacy, that's why I spend so much time to educate people about it.
You don't seem to understand: Equal output coinjoins from JoinMarket, Whirlpool, and WabiSabi have a distinct on chain footprint that distinguish them from all other transactions regardless of whether those transactions are ordinals or not.
You can easily scan the blockchain yourself to identify any equal output transaction (including coinjoins) using this tool: https://supertestnet.github.io/coinjoin-explorer/
Here's what the footprints of each coinjoin protocol look like:
-JoinMarket - https://mempool.space/tx/c270b84767431eae0aabcd4f99f93f1d299518aebb7529650dbbf41815561d03
-WabiSabi - https://mempool.space/tx/d465033214fd2309dcce5a90c45fcaa788aa4394ee36debe07aad8d8a37907d2
-Whirlpool - https://mempool.space/tx/3cef999a3c006be772f7f63fc87b718cd01146ab593644e0eeb3d61e753f02b8
Merely knowing a coinjoin transaction has occurred does not actually make it any easier to determine what happened within the coinjoin transaction.
The saddest thing of all is that you don't even recognize your mistake, let alone show any remorse. It is pathetic.
But, I still wish for someone to stand by you in your time of need, someone who will love you no matter what.
That makes sense. But it heavily depends on whether client or software you use have ability to mitigate those attack. At very least, BTCPay doesn't use Tor by default and in certain cases i expect to detect whether it's deanonymization attempt or network problem.
Is that from section 7.1.2? What exactly do you mean by marginal cost?
Yep, I'm excluding any wallet level implementation details and focusing on the protocols. As you indicated further on, the most trivial way to forfeit privacy in this process is reuse the same IP address for each "identity" you assume:
Tor is used by default for the WabiSabi coinjoin plugin in BTCPay Server.
Yes, that's the section. There's 0 marginal cost for an attacker to DoS a WabiSabi coinjoin round just like there's 0 marginal cost to get another plate of food at an all-you-can-eat buffet. Since you will pay to transfer any UTXO you own at some point anyways, there's no disincentive for attacking with it before giving up ownership in the future.
In the JoinMarket framework, this 0 cost attack applies to malicious takers who propose offers to makers without ever intending to complete them. Makers will reveal common ownership of their unspent coins to the taker, who never ends up paying the mining fees to mix that maker's coins. See https://reyify.com/blog/poodle and https://github.com/JoinMarket-Org/joinmarket/issues/156 for the defense against this attack.
There's 0 mention of keyword "tor" or "onion" on it's documentation though https://docs.btcpayserver.org/Wabisabi/. Although i didn't watch included youtube video.