Coinjoin transactions create Bitcoin outputs that can’t be traced back to specific inputs, but it’s difficult to measure the exact amount of privacy gained by each coinjoin output. Most people think of privacy as an abstract property: Your information is either anonymous or public. However, your wallet software considers privacy as a numeric value instead: Your UTXOs have an anonymity score that is increased by coinjoining.

How much privacy should you gain before spending your coins?

Since each coinjoin transaction pays a fee to miners, users have to consider whether the marginal privacy gained from remixing in multiple coinjoins is worth the additional cost. Wasabi’s mission is to provide privacy by default, but users have a limited budget, so a careful balance is necessary.

Coinjoin trilemma concept art – A cost tradeoff is associated with maximizing privacy or speed.

Wasabi users are offered three coinjoin strategies when setting up their wallet: Minimize Costs, Maximize Speed, and Maximize Privacy. The cost and speed strategies will typically complete coinjoining after a single transaction while the privacy strategy will remix multiple times. The exact amount of remixing required before stopping may vary because the outcome of each coinjoin transaction is unique.

Safety for the Hasty

In v2.0.6, Wasabi now considers the abstract quality of privacy for your coinjoin outputs in addition to checking their anonymity score. “Safety coinjoins” are triggered by default to ensure a minimum amount of remixing for users who choose to minimize costs or maximize speed. This feature anticipates how coins might be spent in the future to prevent guesses from being made based on a specific user behaviour. The guessing scenario that safety coinjoins protect against is when a user makes a single deposit, a single coinjoin, and a full withdrawal. Wallets that already have private funds for remixing are already protected, so safety coinjoins only occur when users fund a new wallet.

WabiSabi coinjoins can break the links between your addresses in three different ways:

– Inputs are not linked to other inputs
– Inputs are not linked to outputs
– Outputs are not linked to other outputs

Outputs not being linked to each other can be temporary depending on how those outputs are spent. When outputs from coinjoin transactions are spent together as inputs in a future payment, a definitive link is created between them. However, when coinjoin outputs are spent together as inputs in a future coinjoin, no definitive link is created since coinjoin inputs cannot be linked to other inputs. In order to take advantage of this property, the first deposit made to an empty wallet can only achieve a maximum of 75% privacy progress from its first coinjoin, no matter how high your anonymity score is. Safety coinjoins remix the first set of semi-private outputs that were created from the initial coinjoin round to achieve 100% privacy.

Users sweeping their wallets benefit from the extra safety buffer between the transaction that funds their wallet and the transaction that empties it, preserving the initial privacy gained from splitting into multiple outputs. An observer of a safety coinjoin who is attempting to identify the source of incoming funds based on outgoing amounts is forced to expand their search to include previous coinjoin transactions. Any conclusion drawn by equating similar amounts to each other is broken since private coins exit from a different transaction than the non-private coins entered.

If you haven’t taken the chance to upgrade your privacy yet, download the new 2.0.6 version of Wasabi Wallet and see the safety coinjoin feature in action for your first deposit.