And The Mistakes You Should Avoid After Doing Them
CoinJoins are excellent for increasing your Bitcoin transaction privacy. Through them, your traceable BTC UTXOs become a lot more difficult to observe and follow on the public blockchain. Consequently, it becomes nearly impossible to tie a certain transaction to one of the users’ identity and the bitcoins become equally tainted – and therefore, equally clean.
These CoinJoins employ a cryptographic technique that’s called Chaumian mixing, which very much resembles the voluntary placement of multiple fingerprints on paper money bills. Without these multiple fingerprints, it would have been easier to identify the previous owners of the banknotes. But with a multiplicity of suspects, any investigation becomes difficult while all the participants benefit from the same amount of plausible deniability.
But just like every other privacy tool, CoinJoins are not perfect. Not because they are not effective at serving their purpose or because of some hypothetical cryptographic vulnerability. The issue is that users must still trust the CoinJoin coordinator with their UTXOs and their subsequent transaction history and a lot of data still appears on the public blockchain. While this data is pseudonymous and the transactions contained are indistinguishable from one another, it’s still important to know that outside observers can see that you have participated in a CoinJoin.
The philosophy of CoinJoins is that you hide in a crowd in order to hide your face from an outside lurker. The more people gather around you, the harder it is for the outsider to identify you. And if everyone in this crowd wears the same Guy Fawkes mask, has the same hair color, height, and moves the same way, then you have a better picture of what CoinJoins look like.
This is where we need to talk about the two versions of the world in which CoinJoins are being used. In the first one, everybody CoinJoins their BTC after making exchange withdrawals and before fleeing authoritarian governments. Privacy has crushed the ambitions of Big Brother and, just like the late Tim May explained in his cypherpunk encyclopedia “The Cyphernomicon: Cypherpunks FAQ and More”, we resort more to sovereignty and self-protection (as opposed to more government control).
But we still have a long way to go and a lot of education to spread until we get to this point where the individual is this empowered. So now let’s look at the other extreme where government control wins and CoinJoins become the rare exception to the rule. If the anonymity set is small and the privacy advocates are partially known, then it’s fairly easy to figure out who gets involved in these transactions. You can’t really be safe from the external scrutiny of Big Brother if you are only covered by a couple of people whose identities might be known.
But even if we assume that everybody CoinJoins and privacy becomes part of the norm, we must still take into account the post-mix transaction behavior. If a certain amount of BTC gets mixed with other coins, only to get moved to one output of the same original size minus the fee, then all the effort has been in vain. For example, if you have 1 BTC and you run a CoinJoin during a round when UTXOs of 0.1 BTC get created, you should avoid taking your newly-generated and private 0.1 BTC UTXOs to put them back together into the same output. It defeats the purpose of the CoinJoin and might turn into a costly mistake. It’s basically like shredding a confidential document into hundreds of pieces (a good privacy practice), only to throw it all together in the same bin (a bad privacy practice) – someone with enough patience and resources will figure out how to backtrack and reproduce the paper you wanted to destroy.
CoinJoined outputs should be spent directly to the party against which you are trying to keep privacy. It’s that first step that really matters, as the privacy gets further diluted after each subsequent Bitcoin transaction. However, there are businesses and exchanges that don’t accept CoinJoined transactions – BottlePay and Coinbase being only two of the most popular ones. This means that they flag CoinJoins and refuse to do business with anyone who uses them. Of course, after a few steps and enough time, it’s assumed that the coins have changed hands enough to no longer be associated with the previous owners. But if you’re planning to use certain centralized services that take KYC/AML practices overzealously, then it’s better to not do CoinJoins on the outputs that you’re planning to transact with them.
Ultimately, CoinJoins are a privacy tool that anyone can wield to make previous transactions a lot more difficult to track. But to some, the fact that the history is unclear might be an issue. You must always assess the requirements and determine your threat model.
To find out more about the limitations of CoinJoins, listen to this interview with Wasabi Wallet creator Adam Ficsor (from 16:30 onwards).