What is Coin Mixing and CoinJoin?

Bitcoin is often referred to as a digital currency, but this is a controversial comparison. If Alice makes a $10 cash payment to Bob, Bob won't know where the money came from. If Bob gives the money to Carol later, Carol cannot infer that Alice had the money first.

Bitcoin is different due to its open nature. The history of a given coin (i.e. unspent transaction output or UTXO) can be easily reviewed by anyone. The process is more like writing down the transaction amount and recipient names on an invoice each time a bitcoin is used.

However, the absence of names in public addresses prevents easy disclosure of user identities. However, Bitcoin is not completely private. Blockchain analytics is becoming more and more sophisticated, linking addresses and identities even more successfully. In addition to monitoring techniques, a unit working specifically for this purpose can also reveal the identities of crypto money users. To prevent this, techniques to disconnect transaction connections have emerged over the years.

What is coin mixing?

Generally speaking, coin mixing represents transactions intended to hide funds by exchanging them with other funds. But in the cryptocurrency world, coin mixing is often used when referring to services offered by third parties. The service providers take the users' coins (and a low transaction fee) and return any other coins that have no connection to the sent ones to the user. These services are also known as tumblers or mixers.

Of course, there are some questions about the security and privacy of such centralized services. There is no guarantee that mixers will refund users or that the returned coins do not have any troublesome transaction history. Another thing to consider when using a mixer is that IPs and Bitcoin addresses can be registered by a third party. Ultimately, users entrust their funds to someone else in the hope that they will receive disconnected coins.

A more interesting approach is CoinJoin transactions, which create a significant degree of reasonable deniability. That is, after a CoinJoin transaction has been made, no evidence can be produced that definitively establishes a connection between the user and that user's previous transactions. Many CoinJoin solutions offer a more decentralized alternative to mixers. Users are not required to waive custody of their funds, although a coordinator may be involved in the process.

What is CoinJoin?

CoinJoin transactions were first introduced by Bitcoin developer Gregory Maxwell in 2013. In his article, he briefly mentioned how these processes are structured and how a large-scale increase in privacy can be benefited without a change in the protocol.

At its core, CoinJoin is to include a combination of inputs from different users into a single transaction. Before explaining how (and why) it's done, let's talk about the basic transaction structure.

Bitcoin transactions consist of inputs and outputs. When the user wants to take action, he uses their UTXO as inputs, sets the outputs and signs the inputs. It is important to note that each input is signed independently and users can create multiple outputs (outgoing to different addresses).

When we examine a transaction consisting of four inputs (0.2 BTC each) and two outputs (0.7 BTC and 0.09 BTC), we can make some assumptions. The first is that a payment is made – the sender sends one of the printouts to a person and the change to himself. Since it uses four inputs, the highest consistent output probably goes to the receiver. If the output is missing 0.01 BTC, it is the transaction fee paid to the miner.

It's also possible that the sender wants to create a large UTXO from smaller UTXOs, so he combines the smaller inputs to achieve the desired 0.7 BTC figure.

Another assumption we can make is based on the fact that each entry is signed independently. The transaction may also have been executed in such a way that the entries were signed by four different parties. This is the principle that makes the CoinJoin process effective.

How does CoinJoin work?

The main idea is that multiple parties coordinate to create a transaction by revealing the inputs and the requested outputs. When all inputs are combined, it is not possible to say with certainty which output belongs to which user. You can see the process in the diagram below:

Here are four users who want to break the link between processes. They coordinate among themselves (or through a coordinator) to communicate the inputs and outputs they want to include.

The coordinator takes all the information, creates a transaction with it, and has each participant sign the transaction before broadcasting it to the network. After users sign it, it becomes impossible to modify this transaction without invalidating it. Thus, the risk of the coordinator stealing the funds is eliminated.

The transaction serves like a black box to mix coins. Old UTXOs must be destroyed to create new ones. The only link between the old and new UTXOs is the transaction itself, but at this point it is not possible to separate the participants from each other. At best, it can be said that one of the inputs was added by a participant and this participant could be the new owner of the resulting output.

But even this is not a complete guarantee. Can it be concluded from the above transaction that there are four participants? Does a person send funds to four different addresses of their own? Two people make two different purchases and send 0.2 BTC back to their address? Are four people sending funds to new people or to themselves? It is not possible for us to give precise answers to these questions.

Privacy through deniability

The very fact that CoinJoin apps exist is enough to make us doubt the methods used to analyze transactions. You can conclude that CoinJoin is used in many transactions, but you still cannot know who owns the printouts. As the popularity of these apps grew, the assumption that all inputs belonged to the same user weakened, making it a major step towards privacy within the wider ecosystem.

In the previous example, the transaction has an anonymity set of 4, so the owner of the output can be one of the four users involved in the transaction. The larger the anonymity set, the harder it is to link the transaction and its original owner. Fortunately, thanks to the latest CoinJoin implementations, users can combine their input with dozens of other users without the need for trust, ensuring a high level of deniability. In the recent past, a transaction of 100 people was successfully carried out.

Final Thoughts

Tools for mixing coins are important tools available to all privacy-conscious users. Unlike other privacy updates (for example, Confidential Transactions), it is possible to benefit from these tools while preserving the current state of the protocol.

For users who believe in the integrity and methods of third parties, mixing services offer an easy solution. For those who prefer verifiable and non-escrow-based alternatives, the CoinJoin alternatives are also superior. These operations can be done manually by technically savvy users or with software tools that eliminate the need to deal with complex mechanisms. Several of these types of tools already exist, and their popularity is growing as users seek greater privacy.