How would you position Whirlwind regarding those position advantages/disadvantages?
It's a great question, apologies in advance for the lengthy response. We were planning to publish a detailed comparison between Whirlwind and other Bitcoin privacy solutions, but another user recommended that we look for a 3rd party to do it instead and we will follow that advice so we avoid any biases.
With that said I will do my best to answer your question only using facts, but keep in mind that you should do your own research and verify my claims independently. If anyone thinks I intentionally suppressed important details please point it out and I will edit the post and include it.
There are 3 main types of privacy solutions/techniques available today on Bitcoin, each one having its own advantages/disadvantages:
1.Decentralized (Coinjoin): Wasabi, Samourai, Joinmarket
2.Centralized 'traditional': Coinomize, YoMix, Sinbad, etc.
3.Centralized: Whirlwind
It's important to start by mentioning that you should never use a centralized solution over a decentralized alternative unless the centralized one offers exponentially better privacy or unique features that you can't get in a trustless manner. No matter how trusted the operator is what's the point in risking loss of funds when you could achieve the same goal without taking any risks?
For simplicity I will use Samourai and YoMix in my examples, but the same applies to all other alternatives from the same category.
| | | | | | | | | | | | | | | | | | | | | |
| | | Service | | | Decentralized | | | Multiple (Unlimited) Output Addr | | | Multiple (Unlimited) Input Addr | | | Customizable (Unlimited) Delay | | | Customizable (Unlimited) Fee | | | Off-chain Transactions | | | Mixing Code | | |
| | | Samourai | | | YES | | | YES(NO) | | | NO(NO) | | | NO(NO) | | | NO(NO) | | | NO | | | NO | | |
| | | YoMix | | | NO | | | YES(NO) | | | NO(NO) | | | YES(NO) | | | YES(NO) | | | NO | | | YES | | |
| | | Whirlwind | | | NO | | | YES(YES) | | | YES(YES) | | | YES(YES) | | | YES(YES) | | | YES | | | NO | | |
Decentralized solutions biggest advantage over all other alternatives including Whirlwind is that there is no risk of loss of funds. The process is trustless so you have nothing to worry about in this regard. On the other hand they have some disadvantages, the following example is from Samourai's website:
For every Whirlpool cycle with 5 input-5 output transactions there are 1496 possible intepretations because you can assume that each of the 5 inputs belong to a different user, or 3 belong to different users while 2 are from the same one, or 2 belong to different users and 3 to the same one, etc.
While it's true that there are 1496 interpretations, the 'real' Anonymity Set for this transaction, or at least how we calculate it, is 5, since any of the outputs could have only originated from one of the 5 inputs.
To deal with this issue and the fact that you can't set a delay you can 'mix' your coins through multiple cycles as Samourai recommends to increase the Anonymity Set, but that doesen't change the fact that your output is still a few hops away from your deposit and you depend on other users in your Whirlpool cycles to not deanonymize themselves.
Just to be clear I'm not saying Coinjoins are flawed, they are definitely not. It's the best you can do with the current technology in a completely trustless manner and we highly appreciate anyone working on these protocols. The point of this message is simply to show that you can do better privacy-wise if you go down the centralized route, and there is no point to do it if you don't improve upon what decentralized solutions offer.
All centralized traditional solutions suffer from the same disadvantages. Considering Bitcoin's technical limitations a 'perfect' solution is impossible to implement today, but as an operator in this field you should be transparent about all aspects of your business, otherwise you are putting your customers at risk without them being aware and this IMO is unacceptable under any circumstances. Let me explain my point using YoMix as an example:
For each deposit there are a maximum of 5 output addresses, the maximum delay time is 72 hours, the fee can be adjusted between 0.7% and 5% and there is no possibility to combine multiple deposits into a bigger output. Mixing codes are used and that means some logs are also being stored. Anonymity Set is unknown
No matter how big YoMix's Bitcoin reserve is, all you need to do in order to deanonymize a user is to analyze YoMix's clusters/addresses and follow the transactions that happened during the 72 hours after that specific deposit. Considering that you also know the min-max fee and the max number of output addresses, you have all the info you need to link the transactions together. Also ask yourself why would a service ever need to use 'mixing codes' if their system does what it's supposed to do? Receiving 'your own coins' back shouldn't be an issue as long as the process was done correctly.
This brings us to Whirlwind, our only disadvantage being that it's a centralized service so by using it you are entrusting us with your Bitcoin. On the bright side we offer something you cannot get anywhere else, not in a decentralized way nor with another centralized competitor.
Our approach is to consolidate all deposits into our multi-sig where all the outputs come from. There are no limits imposed on delay time, number of input addresses, number of output addresses, donation is completely customizable 0%-100% and you can make off-chain transactions through the Pay to Note feature. We also have fungible on-chain outputs, so all withdraws look the same.
Thanks to these properties and the full control we offer our users over the process it's impossible for anyone to tell when you withrew your deposit, to how many addresses or what % of the deposit was withdrawn up until a certain point. As a matter of fact once you deposit it's impossible to tell if you even made a withdraw, no matter how small it is. Any output could originate from any deposit since the start of the service.
If we use the same calculation method as Samourai for our Anonymity Set, any output from our multi-sig would have way over billions of possible intepretations even with the current 322 Anonymity Set. Imagine how the stats will look like once we get to our 10,000 deposits goal through the Anonymity Mining campaign.
Once we see more volume passing through Whirlwind our multi-sig transaction history will look similar to this:
https://mempool.space/address/bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvzIf we manage to solve the centralization issue then Whirlwind is quite literally the perfect system privacy-wise.
Don't hesitate to ask if you have any questions and don't forget to do your own research!
I don't get what it would do. Say Bob sends Alice money to a Note. Bob gets a LoG to prove it, and Alice withdraws her money to her on-chain Bitcoin address. What would Alice need a LoG for?
Not much, that's why we didn't implement it already. We thought maybe if you are a business accepting payments through Whirlwind you'd want to have a history of payments received without the sender himself having to send you the LoG. If people will ask for it in the future we will implement it.
