What is coinjoin?
Coinjoin is a form of collaborative Bitcoin transaction where two or more users create a transaction that provides ambiguity about the ownership of the transaction outputs. This takes place without a user needing to trust any other user participating in the transaction.
Imagine you and nine friends all throw a $10 note into a box, shake the box around, and then each pick out a note at random. Nobody would know who ended up with whose original $10 bill!
Coinjoins can take many different shapes and sizes but are always performed in a non-custodial fashion, meaning that you never lose control of your bitcoin when participating. Anytime you’re participating in a ‘coinjoin’ that asks you to send all your Bitcoin to an address not under your control, beware. So called ‘Mixers‘ like this operate in a custodial fashion and have been known to steal people’s bitcoin. Tread extremely carefully and only use tools that are well vetted.
The most common type of Coinjoin is known as an ‘Centrally Coordinated’ one, where there are often many participants in each transaction. An example of this is the Samourai Wallet Whirlpool implementation. In this type of setup, multiple users connect to a central coordinator which acts as a the central authority between all participants. The coordinator never gains control of any funds or learns anything about the participants. Its main functions are to coordinate the transaction (which becomes difficult to do purely in a peer-to-peer fashion as more participants are added) and collect a fee for maintaining the service.
Why coinjoin?
Traditional finance offers fairly good levels of privacy from certain parties. For example, your employer doesn’t get to see how you spend your paycheck, and the Barista at Starbucks doesn’t get to see how you spend the change from the $20 bill you used for your morning latte.
Due to Bitcoin’s completely transparent ledger, it’s more challenging to maintain your privacy in the above examples – unless you embrace basic privacy practices when interacting with Bitcoin! In addition to being transparent, the Bitcoin blockchain is also permanent. Every transaction you make is copied to thousands of nodes (or computers) around the world to be stored indefinitely.
These two properties of Bitcoin (transparency and permanency) make it trivial for even semi-sophisticated actors with time and resources to track the flow of funds across the blockchain, at any time they like. The mistakes you make today could easily be used against you in the coming years by anyone with the ability and desire to interpret this public information.
Coinjoins provide Bitcoiners with a way to prevent against such attacks and regain some privacy. Coinjoins allow you to prevent your employer, Starbucks Barista, or even worse – a chain surveillance firm (whose job it is to track entities on the blockchain) – from tracking your spending habits. This gives you the ability to spend or save in the same way you would with physical cash, without fear of retribution at some arbitrary point in the future.
what is a payjoin?
Aside from the commonly used ‘centrally coordinated’ coinjoins, consisting of a larger number of users that each receive back the same amount they put in (less any fees), there is also Payjoin. Payjoins are peer-to-peer coinjoins, generally between just two parties. Payjoins are more commonly used when transferring value from one person to another, like buying a new hardware wallet!
Payjoins enable Bitcoin value transfer between two parties, whilst breaking something called the ‘Common Input Ownership Heuristic’ (CIOH). This heuristic used by chain surveillance firms to try and interpret the flow of funds across the blockchain. These firms do this by assuming that all of the inputs to a transaction belong to the same entity, which is true of most typical Bitcoin spends, but not with Payjoin!
As with any normal bitcoin transaction where value is being transferred from one person to another, during a Payjoin transaction the recipient gains the desired amount of Bitcoin from the sender, receiving at least one transaction output (the payment). Where a Payjoin differs is that the recipient also provides an input to the transaction, completely undermining the CIOH and casting doubt over the true flow of funds. The resulting transaction looks no different to any other typical spend, with only the two participants knowing they just completed a coinjoin whilst also transferring value from one to the other.
The other beautiful part about Payjoin is that due to the nature of how these transactions are constructed, the actual value transacted between the two parties is not visible to anyone looking at the blockchain. We’ll demonstrate this in the steps that follow.
buying passport with a payjoin
Currently there are only a few wallets able to send and receive Payjoins that adhere to the BIP78 standard. Sparrow Wallet is a great example, and will be used to demonstrate how you can purchase a Passport with a Payjoin. The receiver side of this transaction will be the Payjoin compatible BTCPay Server, which operates as our in-house Bitcoin payment processor.
First off: head to our website, add Passport to your cart, and then head to the checkout to provide contact and shipping information. Once that’s complete, choose Bitcoin as your payment option and click ‘Proceed To BTCPay’.
Next you’ll be greeted with an invoice which you can choose to pay using the Lightning Network, or in this case, regular ‘on-chain’ Bitcoin. The QR code shown is an encoded version of the receive address for sending using a standard transaction. For Payjoin, navigate to the ‘Copy’ tab and copy the Payment Link provided.
Using a hot wallet in Sparrow, open the Send tab and paste the payment link into the ‘Pay to’ field. Sparrow will then populate the recipient address and amount, and will store the remaining info for a following step in the process. Give the transaction a label, adjust your miner fee and click Create Transaction.
On the next screen you can review the transaction details. Note the blank ‘Payjoin input’? We’ll get to that next.
Click ‘Sign’ to authorize the first part of the transaction.
Now we have the option to Get Payjoin Transaction. This uses the information provided from the payment link copied earlier to contact the Foundation Devices BTCPay Server to obtain the details of the UTXO to be used as the missing input in our Payjoin.
Recipient Payjoin input obtained and the final transaction is ready to sign.
Payjoin signed and ready to be broadcast to the network.
The BTCPay Server will automatically detect the incoming payment and mark your order as confirmed!
transaction analysis
This image is a block explorer view of the transaction demonstrated above, with added annotations to explain the makeup of the transaction. Some key things to note:
- Both sender and recipient have one input and one output each
- The actual value transferred for the purchase during the transaction was 0.00511928 BTC (see the invoice above), this amount is not visible
- The transaction has cast doubt over the true flow of funds and improved the privacy of both participants
The receiver has contributed a UTXO of 0.00583881 BTC to the transaction and finished up with a UTXO of 0.01095809 BTC. Subtract one from the other and you get the exact value of the invoice 0.00511928 BTC.
other privacy considerations
Spending via Payjoins or by using the outputs from larger coordinated coinjoins is a fantastic way to preserve your privacy at the Bitcoin network level. It’s also worth noting that those two options can be combined for even greater effect – Coinjoin with Whirlpool, then use those mixed outputs to create a Payjoin spend!
There are unfortunately many other things to consider when attempting to spend Bitcoin privately, or when ordering Bitcoin related items online. We plan to cover these in future articles, but will summarize them below for awareness.
(1) Purchasing using Bitcoin directly from an exchange
Are you comfortable with the exchange (or trading partner if using a peer-to-peer method) knowing you’re spending to a Bitcoin related company? If not, make use of the Coinjoin tools outlined in this article.
(2) Purchasing using a credit card
Are you comfortable with your bank knowing you’re spending to a Bitcoin related company? If not, purchase using Bitcoin that has been obtained in a private manner or has been coinjoined.
(3) Getting items shipped to your home address
Are you comfortable with the company you’re purchasing from knowing your home address? Are you aware of their data retention policies? How about a curious courier that might see a Bitcoin logo on one of your packages? If not, opt to get the items delivered to a PO box, re-mailer or similar service. The options available to you will depend on your jurisdiction.
(4) Getting items shipped using your real name and telephone number
Once again, are you aware of the company’s data retention policies? Do they have a good track record for keeping customer data secure? You could use a pseudonym and a phone number that is not tied to your personal identity.
The holistic approach
Bitcoin privacy is a multifaceted beast with many things to consider, nobody gets it perfect first time. The key thing to remember is that there’s never a bad time to start improving your privacy. Pick one aspect, make a change, then move on to the next to ensure you don’t get overwhelmed. Stay tuned for more articles on the subject, and if you need personalized support consider checking out our Concierge service.
