An Investigation into Privacy Preserving Transactions II

An Investigation into Privacy Preserving Transactions II

Disclaimer: Your capital is at risk. This is not investment advice.

Exploring CoinJoin from an on-chain perspective

CoinJoin is a privacy-preserving protocol, which aggregates users’ transactions in order to mask their destination. Through identifying the on-chain signature of a CoinJoin transaction, we are able to measure the volume and value of the traffic relating to it.

This article begins with a brief history of CoinJoin transactions, before a more technical investigation into how they manifest themselves on-chain, and what impact it has on our on-chain data.

What are CoinJoin Transactions?

CoinJoin is an identity obfuscation method, meaning that its primary purpose is to protect the identity of its users. CoinJoin was initially proposed by cryptographer Greg Maxwell in 2013. It aims to protect the identity of users by pooling transactions together and redistributing funds to separate entities, limiting the effectiveness of heuristic-based forensics by companies like Chainalysis. An example of on-chain heuristics in action can be found here.

How do users apply CoinJoin to their transactions?

The leading provider of CoinJoin transaction services is Wasabi Wallet. It was created in late 2018 by experienced blockchain privacy figure, Nopara73.

Wasabi is one of the first wallets to implement Schnorr technology, a system for participating in CoinJoin transactions with lower fees. As we will explore shortly, the standard structure of CoinJoin transactions leads to a large number of outputs to be included in a transaction, increasing the size of the transaction and vis-à-vis the fee paid. Schnorr has made CoinJoin transactions more affordable.

What are Schnorr signatures and why have they lead to an increase in CoinJoin transactions?

Before a user can spend bitcoin, the sender must prove that they are the owner. Ownership can be proved through either; revealing your private key or providing a cryptographic signature. Since revealing the sender’s private key compromises the security of the wallet, the standard protocol is to cryptographically sign a transaction.

Standard cryptographic signatures are created every time a user sends bitcoin, which leaves a fingerprint linking the transaction to the user’s wallet. For users that value their privacy, it is preferable to pool cryptographic signatures, merging the fingerprints and thereby obfuscating the wallet relating to each transaction.

Schnorr does exactly this. It provides a solution for users’ privacy through aggregating signatures, or MA. MA combines all sending addresses into one signature, providing greater privacy for the users. It has the added benefit of reducing the space that transactions occupy within a block, reducing the fees and increasing the overall scale of the blockchain. It enables users to ‘hide in the masses’.

Source: ByteTree. A diagram showing the difference between standard bitcoin signatures (left) and Schnorr signatures (right).
Source: ByteTree. A diagram showing the difference between standard bitcoin signatures (left) and Schnorr signatures (right).

The diagram above demonstrates how Schnorr signatures allow users to virtually ‘pool’ their transactions and signatures into one and therefore only pay a single fee, as opposed to multiple fees relating to each fraction of the Coin Join transaction. It is worth noting that Schnorr and standard signature CoinJoin do not create any not-economically-useful-transactions, or NEUF.

How does ByteTree identify CoinJoin transactions?

At ByteTree, we identified that Coinjoin transactions have two definitive fingerprints; firstly, they have more than three inputs and outputs; secondly, the value of all the outputs relating to one CoinJoin transaction are similar, if not the same.

How does this look on the blockchain?

Source: Blockstream. Example of a large scale CoinJoin transaction.
Source: Blockstream. Example of a large scale CoinJoin transaction.

From the example above you can see that the value of the outputs is identical, creating a deterrent to any surveillance software tracking these transactions. The identical value of the outputs makes it unclear to investigators how an input value has been split. It is almost impossible to figure out the end destination of a user’s funds.

Source: ByteTree. A simple view of a CoinJoin transaction: inputs (left), and outputs (right).
Source: ByteTree. A simple view of a CoinJoin transaction: inputs (left), and outputs (right).

At ByteTree, we are not concerned with the identity of PPP users and therefore do not attempt to track the flow of inputs and outputs by address. Instead, we are focused on the economically-useful data related to these transactions. Identifying CoinJoin transactions has helped us to provide users with greater visibility on the types of traffic apparent on the Bitcoin Network, as well as calculating the value relating to them.

How do I interpret the new data on the ByteTree Terminal?

As a result of the scheduled maintenance last week, we have included three new types of transaction value metrics to provide more comprehensive, relevant data to our community; an updated general spend algorithm; a complex spend field; and a batched spend field.

What is Complex Spend?

The complex spend is the name we have given to CoinJoin transactions. Tracking complex traffic gives us greater visibility on users’ preferences when using the Bitcoin Network. For example, we are able to track the changing popularity of privacy protocols over time and much more.

For more information on privacy-preserving protocols, please see the resource list below.

Part I of this series covered CoinMixers - you can find the article here.

Further Resources