[2019-06-11] 100 Bitcoin Users Perform The Largest "CoinJoin" Transaction

[D1v4c]

https://www.coindesk.com/bitcoin-users-perform-what-might-be-the-largest-coinjoin-ever

The community behind the privacy-centric bitcoin app Wasabi Wallet recently brought together 100 people to collectively execute a "CoinJoin" transaction on bitcoin in what might be the biggest event of its kind.

Bitcoin itself is far from private, as users can, via the blockchain, see where coins are being transferred to and from. One effort to afford greater privacy to transactions is CoinJoin, a long-standing technology first proposed in 2013 by long-time bitcoin idea man and cryptographer Greg Maxwell.

The idea is that transactions can be made more private by jumbling a number of different transactions together and then redistributing them.

[Kakmakr]

I am curious to know if forensic analysis tools, used by Surveillance companies can put Humpty Dumpty together again, after it has exited a CoinJoin process like this? Blockchain analysis companies like "Chainalysis" might have the capability to dissect this transaction and to find the source of the input addresses. 

Companies like Neutrino says it can even follow the flow of coins through some Mixer services, but I do not know if this is true or not. I think the first court case where data from these companies are used to trace the origin of illegal Bitcoin, would clear that up for us. 

[squatter]

I am curious to know if forensic analysis tools, used by Surveillance companies can put Humpty Dumpty together again, after it has exited a CoinJoin process like this? Blockchain analysis companies like "Chainalysis" might have the capability to dissect this transaction and to find the source of the input addresses.

I'm sure they are actively working on it. There are certainly no guarantees. We should probably assume that any obfuscation method -- if it can't be completely broken -- will leak extant data that can be used to de-anonymize you later. TOR has vulnerabilities and is always under active attack. There may be ways of analyzing Coinjoin transactions (or Wasabi's implementation of them) that haven't been discovered yet. And of course, we are limited by the anonymity set -- the number of parties in the transaction. How many Coinjoin transactions you cascade will affect how strong the privacy will be.

[buwaytress]

Ah cool, I saw the last update a week ago when they tried and only 99 people could do it.

I am curious to know if forensic analysis tools, used by Surveillance companies can put Humpty Dumpty together again, after it has exited a CoinJoin process like this? Blockchain analysis companies like "Chainalysis" might have the capability to dissect this transaction and to find the source of the input addresses.

I'm sure they are actively working on it. There are certainly no guarantees. We should probably assume that any obfuscation method -- if it can't be completely broken -- will leak extant data that can be used to de-anonymize you later. TOR has vulnerabilities and is always under active attack. There may be ways of analyzing Coinjoin transactions (or Wasabi's implementation of them) that haven't been discovered yet. And of course, we are limited by the anonymity set -- the number of parties in the transaction. How many Coinjoin transactions you cascade will affect how strong the privacy will be.

Definitely trying. If not companies then at least individuals and researchers. It's almost like mini holy grails for them, and a branch of reverse engineering in crypto now it seems. And don't be surprised to learn later if state resources have been put into this. They've broken traditional mixing already, I don't see why more advanced manoeuvers shouldn't be next in their line of sight!

[Carlton Banks]

And of course, we are limited by the anonymity set -- the number of parties in the transaction. How many Coinjoin transactions you cascade will affect how strong the privacy will be.

large numbers of people in a Coinjoin are actually also leaking information, as it's somewhat unlikely that a regular batched transaction would use dozens (or hundreds) of equal amounts in it's inputs. It's not impossible, but it's a massive arrow pointing at the transaction, saying "this is a probable coinjoin". Then you're in possession of 'coinjoin tainted' BTC, which brings attention in and of itself.

So it's actually much better to use small numbers of people, with input amounts that differ. These are indistinguishable from regular wallet transactions, as it's common to use 3 or 4 inputs of different amounts. This has the advantage of overt coinjoins that not only is the ownership blurred, but there is no obvious way of identifying that ownership was blurred in the first instance. It appears that one person made a transaction, so long as there's no extra information available other than what's on the blockchain.

The above technique has another big advantage: if you do this when you pay someone for something, they can use the transaction to consolidate their dusty inputs from other customer payments.

[Vladdirescu87]

The community behind the privacy-centric bitcoin app Wasabi Wallet recently brought together 100 people to collectively execute a “CoinJoin” transaction on bitcoin in what might be the biggest event of its kind.

Some context: bitcoin itself is far from private, as users can, via the blockchain, see where coins are being transferred to and from. One effort to afford greater privacy to transactions is CoinJoin, a long-standing technology first proposed in 2013 by long-time bitcoin idea man and cryptographer Greg Maxwell. The idea is that transactions can be made more private by jumbling a number of different transactions together and then redistributing them.

At 100 transactions, Wasabi Wallet’s effort might be the biggest, but it’s certainly an advancement for the privacy tech as a whole.

"There wasn't any service created to do such large CoinJoins"

zkSNACKS CTO Adam Fiscor told CoinDesk, which launched Wasabi Wallet last year to make CoinJoin transactions easier to use. Fiscor did add one small caveat that it’s "possible" that Blockchain's SharedCoin has done one as large, "but I’m not sure if it’s relevant."

100 Bitcoin Users Perform What Might Be Largest ‘CoinJoin’ Transaction Ever

Your link doesn't work.

[BitHodler]

They've broken traditional mixing already, I don't see why more advanced manoeuvers shouldn't be next in their line of sight!

I don't think they've broken traditional mixing yet, but exposed some weak points that will help existing mixers to improve their way of operating in order to reduce the odds of a shutdown similar to the one of BestMixer.

We only know how vulnerable mixers are to governments trying to shut them down when they're actively trying to do so. Result is that we get the more reliable mixers to become even better and outlast the weaker ones.

Overall you do have a point that the more advanced mixing methods logically will also be subjected to their tyranny. They'll keep trying as long as they consider it worthwhile and at this early stage it has been proven to be so in some cases.

[Kakmakr]

Ah cool, I saw the last update a week ago when they tried and only 99 people could do it.

I am curious to know if forensic analysis tools, used by Surveillance companies can put Humpty Dumpty together again, after it has exited a CoinJoin process like this? Blockchain analysis companies like "Chainalysis" might have the capability to dissect this transaction and to find the source of the input addresses.

I'm sure they are actively working on it. There are certainly no guarantees. We should probably assume that any obfuscation method -- if it can't be completely broken -- will leak extant data that can be used to de-anonymize you later. TOR has vulnerabilities and is always under active attack. There may be ways of analyzing Coinjoin transactions (or Wasabi's implementation of them) that haven't been discovered yet. And of course, we are limited by the anonymity set -- the number of parties in the transaction. How many Coinjoin transactions you cascade will affect how strong the privacy will be.

Definitely trying. If not companies then at least individuals and researchers. It's almost like mini holy grails for them, and a branch of reverse engineering in crypto now it seems. And don't be surprised to learn later if state resources have been put into this. They've broken traditional mixing already, I don't see why more advanced manoeuvers shouldn't be next in their line of sight!

I am not sure if they actually broke the mixing process, they might have found mixer services with exploitable code or mixer services that did not implement mixing technology correctly. 

I think the shift is more to finding where these services are hosted and stopping people from accessing these services on the hosting side.  We desperately need other alternative ways in decentralising these services and running this on a Peer2Peer basis. 

[Carlton Banks]

We desperately need other alternative ways in decentralising these services and running this on a Peer2Peer basis. 

payjoin