[ANN] andytoshi's coinjoin client

[andytoshi]

Hey everybody,

Preamble
I have written a simple coinjoin client which does peer-discovery via a central server (my own) and speaks with bitcoin-qt/bitcoind over RPC to construct transactions. The server opens a join session as soon as it receives an unsigned transaction. Then over the next 20 minutes it accepts more unsigned transactions, then closes the join session. At that point all the transactions are merged, the merged transaction is passed back to the clients, and they submit signatures. When all the signatures are in, the merged transaction is submitted to the network.

(If you don't use bitcoin-qt, it is possible to give txids and privkeys directly to the client, so our brainwallet-using friends are supported.)

Downloads
The download links are:
Source: https://github.com/apoelstra/cj-client
Windows binary: https://wpsoftware.net/coinjoin/dload/cj-windows.zip

More information, as well as a link to the web interface (for those who would rather deal with raw transactions than use a point-and-click client) is available at https://wpsoftware.net/coinjoin/client.php

When do the joins happen?

You can use the joiner any time. However, to get people on the same page during these early days of few users, we will have scheduled joins starting at 7PM PST and 7PM GMT on Monday, Thursday and Saturday. The recommended output size for these scheduled joins will be 0.5 BTC.

How do I use it?

First, start bitcoin-qt with the -server option. I think on Windows you can do this by Right-clicking on the program icon and going into `Properties'.

Even if you do not use bitcoin-qt, you will need bitcoin-qt or bitcoind to be running in other to do the transaction construction. I'm sorry for the inconvenience.

Next, start the joiner. It will communicate with bitcoin-qt to get a list of your coins. Choose the ones you want to join, and a target output size. When you are satisfied, click "View Transaction" to see the transaction that will get joined. You will see the inputs you selected, and several output addresses. These are new output addresses given to the joiner by bitcoin-qt.

(If you'd rather specify output addresses manually, click Advanced->Add Outputs... and type them in.)

If you are happy with this transaction, click 'Submit Transaction'. After a minute or so, the client will ask for your wallet passphrase. This is needed so that the client can sign the joined transaction. (The passphrase will not be sent over the network under any circumstances.)

That's it! Leave the client running, and when the session ends, it will sign a merged transaction and submit it to the network.
Good luck!

[1714947502]

1714947502

[1714947502]

1714947502

[1714947502]

1714947502

[andytoshi]

I should probably add a link to the original thread in which gmaxwell explains the justification and technical details of coinjoin: https://bitcointalk.org/index.php?topic=279249.0

Note that the centralization here is of a fairly benign sort: by being the server operator I know the original input transactions and can in principle publish these to undo the privacy-enhancing effects of the join. But then you are reduced to the position you were in just by using ordinary transactions. So there is no harm. (Also you have my word that I will not publish any of the original transactions I have access to.) In particular, my server never sees any private keys or anything, and has no ability to steal money.

Further, the client does many checks for funny business on the part of the server or other participants, and refuses to sign any transaction which spends money it is not authorized to. So not only is the server unable to spend your money, it is unable to trick you into doing so.

I hope this alleviates some of the concerns and confusion I have seen about this on IRC.

This will be the only time that I bump my thread. If people are not interested I suppose they are not interested.

[anti-scam]

I'd wait for a decentralized implementation myself for serious transactions but any tinkering that works toward more functional privacy is worthwhile in my book. Good work! I hope people join your joins.

[wumpus]

Nice work!

[ShadowOfHarbringer]

* ShadowOfHarbringer is watching this.

[kcirazy]

Interesting!
If somebody is interested, could the source perhaps be adapted to use BitMessage instead of a centralized server?

For example:
- User sends message with requested CoinJoin transaction to a BitMessage channel or mailing list
- Others that are listening to the list and willing to join the transaction

This way, the IP address wouldn't be releaved.

[dserrano5]

Code:

$ ./configure
[…]
checking for git... /usr/bin/git
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
./configure: line 10910: syntax error near unexpected token `[-static-libgcc],LDFLAGS="$LDFLAGS -static-libgcc"'
./configure: line 10910: `    AX_CHECK_LINK_FLAG([-static-libgcc],LDFLAGS="$LDFLAGS -static-libgcc")'

Line 10910 is:

Code:

AX_CHECK_LINK_FLAG([-static-libgcc],LDFLAGS="$LDFLAGS -static-libgcc")

Do I need a newer version of something?

Code:

$ dpkg -l "auto*" |grep ^ii
ii  autoconf                          2.65-3ubuntu1                     automatic configure script builder
ii  automake                          1:1.11.1-1                        A tool for generating GNU Standards-compliant Makefiles
ii  autotools-dev                     20090611.1                        Update infrastructure for config.{guess,sub} files

[andytoshi]

Thanks dserrano5, I see the error too on my old computer. I'll look into it, it's silly to require new dev tools for something this simple.

In the meantime you can find the line

Code:

AX_CHECK_LINK_FLAG([-static-libgcc],LDFLAGS="$LDFLAGS -static-libgcc")

in configure.ac and comment it out by prefixing with #.

[Peter Todd]

Given the recent debacle about that 'StealthBit' trojan, please sign your code with your PGP key. Git now has per-commit signatures, which is what I recommend: git commit -S

I notice your PGP key, 0x7ad0a91c40bd0091, isn't in the web-of-trust, but signing the code is at least a good start.

[andytoshi]

dserrano5, I have fixed the autotools files in git HEAD. It should build now without any hackery.

Peter Todd, very good advice. I'll bug you on IRC if I have any trouble with this, and see if I can find my way into the wot.

Edit:
For web-of-trust purposes, here is a signed PGP statement:

Code:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This is Andrew Poelstra, author of the coinjoin software written
in Rust in 2013/2014, as well as the cj-client software hosted on
wpsoftware.net.

My IRC handle is andytoshi.

My email address is apoelstra@wpsoftware.net.

My website is https://www.wpsoftware.net/andrew/


Andrew


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBAgAGBQJS+YbPAAoJEHrQqRxAvQCRry4IAJljvTO1cSm6j4E5QEQDSkBg
sOcYRk6ldp9sKzvhfxCV1IFbr0NX5keaI6r/Zj9CVpGHadBbS/7gWaxQzsDoBJhL
o2q9Nkv7klyuY9c7ts60nLkzxpj5me8QBE6PsyiPuCHm3iAXYOHEoXbcztMTyoKq
PH6h1r5m0bXzhE+fuQ0K3nfI+alI2CsLpYjHDYWcYYJvV6cJ/i0Lf3Os8L3ruymj
ZFFvHQKM6xpTBSaiFFwigKynRyUFjuB4m1Ga5ysoBs90tl3g1SkEy3J0vYGkecOl
AuUkSl++BGfrm8eRrmoEQagxrOKYgAi9NA7o1cq6J16sf5YlMyJ/k8qscLzVG4k=
=DRbP
-----END PGP SIGNATURE-----

It is also available on my website here: https://www.wpsoftware.net/andrew/pgp-statement.asc

I will tag the latest cj-client HEAD with this signature shortly.

Edit2: On github there should now be a tag "v0.1" which matches the commit in which I fixed the autotools stuff.

[dserrano5]

Bump.

Is anyone using this? Could we schedule a join today or tomorrow at 19:00 GMT? (just proposing something, not that I have an interest in mixing my funds right now).