Contemplating about payments to third parties during a coinjoin
2213 sats \ 12 comments \ @pycan 15h bitcoin
This is a thinking out loud post. It might be totally unfeasible and I’d like to know if that’s the case.
In a traditional coinjoin, participants mix their coins with coins of others and get back the same amount (minus fees) they entered with. The outputs are of equal size which easily identifies the coinjoin transaction.
What if coinjoin participants were to make a payment to a third party (or to themselves, it doesn’t matter) during the coinjoin, i.e. they would be providing a typical combination of receiver’s address (or multiple) + change address. The following example illustrates the concept:
Inputs: User A: 0.7 BTC User B: 0.5 BTC User C: 0.9 BTC
Total: 2.1 BTC
Outputs:
  1. 0.2 BTC User B paying
  2. 0.3 BTC User A paying
  3. 0.4 BTC User C paying
  4. 0.4 BTC User A change
  5. 0.2 BTC User C paying
  6. 0.3 BTC User B change
  7. 0.1 BTC User C paying
  8. 0.2 BTC User C change
Total: 2.1 BTC
Obviously, the inputs and outputs must make sense from the privacy standpoint in terms of amounts - there can’t be 0.8 BTC output which would be easily linked to User C. The coordinator’s task would be to identify such cases and reject them.
The anonymity set grows exponentially with number of participants and/or number of inputs/outputs. Technologically, it shouldn't differ much from the traditional coinjoin.
The privacy benefit should be clear, less block space would be used and less fees would be paid. Why not make most of the transactions collaborative in a similar fashion?
write
preview
related posts
84 sats \ 3 replies \ @kruw 14h
This is a thinking out loud post. It might be totally unfeasible and I’d like to know if that’s the case.
I have good news for you: Not only is it feasible, it's already implemented in multiple wallets! You can send payments directly in a coinjoin with BTCPay Server's coinjoin plugin or with Wasabi Wallet's RPC.
I demonstrated how you can make completely anonymous on chain Bitcoin payments by sending 100k sats to Vlad in this coinjoin transaction: https://mempool.space/tx/52a1f40b1d1dae560c02f0bb65304172d936e01d67ee633c2f846c139fef8c0b
This doesn't require the recipient to provide multiple addresses or accept specific sized amounts, you can send arbitrarily sized payments to a single address. It's extremely block space efficient because there's no premix transaction or postmix transaction required - you can consolidate UTXOs, batch payments, and anonymize any leftover change all in a single coinjoin transaction.
reply
0 sats \ 2 replies \ @pycan OP 13h
This looks great, I'll explore more for sure. Thanks.
It seems much simpler than the traditional coinjoin. Makes one wonder why isn't it the default way to spend coins. What do you think is the reason this isn't a standard in majority of wallets yet?
reply
0 sats \ 1 reply \ @kruw 13h
The reason it isn't the default way to spend coins is because you would have to wait up to 1 hour for the other participants to join and build the transaction, which introduces the chance for prices to change in the meantime. Also, the coordinator chooses the fee rate for all participants, so if the fee for the round is higher than you are willing to pay then you would have to wait for the coordinator to create a round with a lower fee. Unfortunately, most wallets simply don't care about any privacy feature that would introduce UX tradeoffs.
reply
21 sats \ 0 replies \ @pycan OP 13h
With enough adoption, I imagine the wait time would be negligible. Same for the fees, if you don't go too low.
Anyway, this is the way I want to spend my coins. I'll explore the existing options and see if there's anything I can do to help with the adoption.
reply
21 sats \ 2 replies \ @028559d218 8h
This is already how Joinmarket works. You can make payments using joinmarket... to 3rd parties. In other words a 'coinjoin' of sorts happens except the utxo goes to a third party and you still receive the change.
Joinmarket - learn it and love it
reply
0 sats \ 0 replies \ @kruw 4h
Paying third parties using a JoinMarket coinjoin doesn't add privacy because an observer can still calculate which inputs belong to the taker and their change.
To use JoinMarket privately, you pay your own wallet with a coinjoin sweep for any incoming UTXO or any change UTXO created from a payment. Then you wait as a maker in between your own transactions to get paid for contributing remixing liquidity.
reply
0 sats \ 0 replies \ @pycan OP 6h
You're the second one pointing me to joinmarket. I'll explore it deeper, thank you!
reply
0 sats \ 0 replies \ @1440000bytes 5h
Obviously, the inputs and outputs must make sense from the privacy standpoint in terms of amounts - there can’t be 0.8 BTC output which would be easily linked to User C. The coordinator’s task would be to identify such cases and reject them.
It is even possible to do it with equal size outputs. No change amounts involved in the coinjoin transaction. No coordinator required.
Joinstr protocol allows users to create pools with custom denominations and number of peers.
In some cases it's better to avoid paying third parties in coinjoin transactions. Payjoin or Octojoin works better in such situations because less or no coordination and transactions look normal.
reply
0 sats \ 3 replies \ @Satosora 14h
Why would you want to "wash" your bitcoin? Any specific reason?
reply
42 sats \ 0 replies \ @pycan OP 14h
I'm not thinking in terms of washing. I simply don't want my counterparty to know where my bitcoin is coming from, i.e. what UTXO(s) I'm spending.
reply
20 sats \ 1 reply \ @siggy47 13h
You know you deserve a nice big NICE TRY FED! for that one!
reply
43 sats \ 0 replies \ @Satosora 13h
Haha That is true. I dont think I have heard that in a while.
reply