Being trustless and privacy preserving

As Sjors Provoost notes in the introduction to Bitcoin: A Work in Progress, “keeping open-source software free of money-stealing bugs” is an exceedingly difficult task, especially when such software handles funds. Potential exploits in code are visible to all, as are patches awaiting deployment.

For Wasabi, the challenge extends further, as clients participating in coinjoin must follow a coordinator’s lead—a third party whose code cannot be verified. We rarely break compatibility or force updates, meaning users on vulnerable versions will always exist if an exploit is discovered.

Wasabi has consistently been designed to empower clients against potential bad actors:

• Reproducible builds
• Minimal information transmitted to third parties (backend, coordinator, fee providers, etc.)
• “Smart client, Dumb backend” architecture

The complexity involved in building a trustless system is both underappreciated and staggering. Trustlessness invariably comes at the cost of user experience, and these suboptimal workflows must be carefully refined to remain competitive against privacy-degrading or trust-based alternatives.

A prime example of this trade-off is block filters. While alternative wallets allow users to see their balance instantly by connecting to an Electrum server or similar backend solution, how do you retain users when your software first requires them to download 2.6 GB of filters, then download each relevant (or false-positive) block using the Bitcoin peer-to-peer network? To lighten this problem, significant resources have been invested in refining our synchronization process to optimize and ensure the privacy gain is worthwhile for most users.

Clients still need to receive some information from the coordinator: round start times, phase durations, mining fee rates, etc. This information is used to compute the round ID, which clients then use to build and verify everything happening in the round. Two clients receiving different parameters therefore cannot participate in the same round, ensuring a malicious actor cannot mine information by selectively sending different round parameters.

Why the coordination fee concept is not a fit here

The coordination fee rate is a field provided by the coordinator and included in the round parameters. However, this field is unique, as it involves a non-standard agreement: the client must pay this fee only once (concept of free remixes). This is central to how the wallet functions: the client automatically participates in rounds until reaching a certain privacy threshold. If the rounds don’t provide privacy, the client will continue to coinjoin indefinitely. Therefore a coordinator not offering free-remixes could create fast rounds not providing privacy and drain its users. We identified this problem, but the time it took to deploy a mitigation led to the only occurrence in our project’s history that some users funds have been exploited

Free remixes are not the only “workaround” implemented in our client to improve the coordination fee system. Another crucial case for proper user experience is the “1-hop doesn’t pay” rule. This means that if a payment is made using a coinjoin output and this payment produces change, the change doesn’t incur another coordination fee. This rule is essential because clients don’t control the size of their outputs. For instance, a user might receive only outputs of 1 BTC but need to make a payment of 0.1 BTC. The resulting change would not be private and would need to be remixed. Without the “1-hop doesn’t pay” concept, this would result in paying the coordination fee again. Like free remixes, this rule is not enforced by the WabiSabi protocol. To be protected against coordinators that might not offer this “fee grace,” clients would need to carefully select inputs for payments to minimize change value, sometimes at the cost of privacy.

In summary, the coordination fee relates to the implementation layer, and free remixes are not enforced by the WabiSabi CoinJoin Protocol. The protocol paper mentions it only as part of Wasabi’s implementation. The client must trust the coordinator to allow its inputs into rounds indefinitely after the initial payment. A coordinator could decide against offering free remixes, in which case the client must trust it to produce rounds that provide substantial privacy, at least worth the cost.

In other words, the coordination fee concept involves an element of trust. It creates an incentive for the coordinator to act maliciously and forces the client to be highly discerning in recognizing when the coordinator might be attempting to extract more money than it should.

Resources could have been invested during the zkSNACKs era to build a guaranteed risk-free implementation of the coordination fee rate and free remixes concept. However, because the only coordinator used at the time belonged to the same entity funding client development, this type of development was not prioritized, as we knew this coordinator would not breach trust.

This is no longer the case, and the project’s trajectory has changed significantly: resources are now extremely limited, and we prefer not to allocate precious developer hours to ensuring confidence in the coordination fee rate concept. Instead, we choose to allocate these resources to increasing software resilience, improving maintainability, and delivering impactful updates

The post Why are we killing the Coordination Fee? appeared first on Wasabi Wallet - Blog.

Custom Coordinator Selection

With the sunset of the default coinjoin coordinator managed by zkSNACKs, Wasabi Wallet users must now connect to different coordinators to continue using the coinjoin feature. This selection is now more visible directly from the wallet user interface and in the coinjoin settings. 

Tor Bridges Support

Tor bridges have been added to improve connectivity and privacy for users in restrictive environments where standard Tor usage might be blocked. Tor bridges act as alternative entry points to the Tor network, helping users circumvent censorship, ensuring that Wasabi Wallet remains accessible and reliable at all times.

Whonix & Tails OS Support

Full support for Whonix and Tails OS, two operating systems renowned for their focus on privacy and security, is now available. Whonix is designed to run inside a VM and uses Tor for all network connections, while Tails is a live operating system that routes all traffic through Tor. Toggle your Tor setting to Enabled (connect-only mode) in order to use these tools.

Exclude Coins from Coinjoins

Users can now exclude specific coins from participating in coinjoins. This provides greater control over which coins are selected to participate in coinjoin transactions, allowing users to manage their UTXOs with better flexibility.

GitHub Repository Transfer

The GitHub repository for the Wasabi Wallet has been successfully transferred to a new location. This transfer allows Wasabi Wallet to be maintained as a fully standalone project, independent from any organization and open to multiple different contributors and supporters. The new repository will continue to be the central place for all development activities, issues tracking, and community contributions.

Notable UI and Functional Updates

• UI Adjustments: Multiple user interface improvements, including margin adjustments for labels to prevent shifting, removal of unused XML namespaces, and enhanced styles for various components.
• macOS Specific Fixes: Improved handling of window states to prevent crashes and ensure smoother operation on macOS. 
• Backend Enhancements: Added more statistics to the backend, and updates to various dependencies to improve performance and security.

Additional Improvements

• Statistics and Logging: Added response times to logging, enhanced Statista performance, and included more detailed error handling for output registration. 
• Code and Dependency Updates: Cleaned up code, removed unused components, and updated tooling versions to streamline development and maintenance. 
• Error Handling: Improved handling of reorganization errors and handshake warnings, ensuring robust and resilient operation.

Download the Wasabi Wallet 2.0.8 release at wasabiwallet.io.

The post Wasabi Wallet 2.0.8 Release Post appeared first on Wasabi Wallet - Blog.

Wasabi Wallet will continue to function as a regular bitcoin wallet, users can generate private keys to receive and send bitcoin. Even without coinjoins, Wasabi’s client-side filtering architecture, Tor integration and custom coin selection make it the most private light wallet available. However, the nature of the bitcoin blockchain prevents users from obtaining complete privacy without coinjoins.

This also affects users of other wallet clients that connect to the zkSNACKs coordinator, like Trezor Suite and BTCPayServer.

Wasabi Wallet is a free and open-source software and will continue to be maintained. Anyone can contribute, open new issues, submit pull requests, or even fork it. zkSNACKs will fund the continuous maintenance of Wasabi Wallet’s basic features.

When Wasabi Wallet was launched back in 2018, privacy on bitcoin was only an idea, a dream of cypherpunks. After years of research, trial and error, we proved that bitcoin can be used as anonymous money in a fully sovereign way. Coinjoin allows for a peaceful, secure, and effective way to reclaim financial privacy. We succeeded.

The day will come when someone will write the code to perfect all the properties of good money. Until then, let us be grateful for what we have accomplished together and be mindful of the challenges ahead.

The post zkSNACKs is Discontinuing its Coinjoin Coordination Service 1st of June appeared first on Wasabi Wallet - Blog.

The way this randomness was implemented does not behave like a fair dice, instead, it gives users artificial luck. Random skips occur more frequently while fees are high, and skipping is less likely when fees are low.

How long your wallet waits when skipping rounds is influenced by the coinjoin strategy you choose. There is a different chance to participate in a coinjoin round depending on whether you select “minimize costs”, “maximize speed”, or “maximize privacy”.

The Participation Calculation

The median fee rate of the previous day, week, and month determines the chance of skipping a coinjoin round. This chart shows what percentage of rounds your client will join under each possible combination of fee conditions for each coinjoin strategy profile.

Since the minimize costs strategy uses “weeks” as the coinjoin time preference, there is zero chance of participating whenever fees are higher than the median of the previous day or week. Whenever fees are at the absolute cheapest levels, clients will never choose to gamble away that opportunity and will join 100% of coinjoin rounds.

An additional privacy benefit from random skips is that it staggers the crowd of remixers. Since some users stall in between coinjoins, it increases the likelihood of coinjoining with more unique users as opposed to coinjoining with the same participants of the previous round again.

The subtle privacy fortifications implemented in the Wasabi v2.0.6 release minimize the UX trade-offs with cost or speed that are associated with coinjoins. If you haven’t tried the newest version, don’t skip the upgrade, let the upgrade do the skipping for you!

The post Smart Randomness: Skipping Coinjoin Rounds Based On Fee Rate appeared first on Wasabi Wallet - Blog.

How much privacy should you gain before spending your coins?

Since each coinjoin transaction pays a fee to miners, users have to consider whether the marginal privacy gained from remixing in multiple coinjoins is worth the additional cost. Wasabi’s mission is to provide privacy by default, but users have a limited budget, so a careful balance is necessary.

Coinjoin trilemma concept art – A cost tradeoff is associated with maximizing privacy or speed.

Wasabi users are offered three coinjoin strategies when setting up their wallet: Minimize Costs, Maximize Speed, and Maximize Privacy. The cost and speed strategies will typically complete coinjoining after a single transaction while the privacy strategy will remix multiple times. The exact amount of remixing required before stopping may vary because the outcome of each coinjoin transaction is unique.

Safety for the Hasty

In v2.0.6, Wasabi now considers the abstract quality of privacy for your coinjoin outputs in addition to checking their anonymity score. “Safety coinjoins” are triggered by default to ensure a minimum amount of remixing for users who choose to minimize costs or maximize speed. This feature anticipates how coins might be spent in the future to prevent guesses from being made based on a specific user behaviour. The guessing scenario that safety coinjoins protect against is when a user makes a single deposit, a single coinjoin, and a full withdrawal. Wallets that already have private funds for remixing are already protected, so safety coinjoins only occur when users fund a new wallet.

WabiSabi coinjoins can break the links between your addresses in three different ways:

– Inputs are not linked to other inputs
– Inputs are not linked to outputs
– Outputs are not linked to other outputs

Outputs not being linked to each other can be temporary depending on how those outputs are spent. When outputs from coinjoin transactions are spent together as inputs in a future payment, a definitive link is created between them. However, when coinjoin outputs are spent together as inputs in a future coinjoin, no definitive link is created since coinjoin inputs cannot be linked to other inputs. In order to take advantage of this property, the first deposit made to an empty wallet can only achieve a maximum of 75% privacy progress from its first coinjoin, no matter how high your anonymity score is. Safety coinjoins remix the first set of semi-private outputs that were created from the initial coinjoin round to achieve 100% privacy.

Users sweeping their wallets benefit from the extra safety buffer between the transaction that funds their wallet and the transaction that empties it, preserving the initial privacy gained from splitting into multiple outputs. An observer of a safety coinjoin who is attempting to identify the source of incoming funds based on outgoing amounts is forced to expand their search to include previous coinjoin transactions. Any conclusion drawn by equating similar amounts to each other is broken since private coins exit from a different transaction than the non-private coins entered.

If you haven’t taken the chance to upgrade your privacy yet, download the new 2.0.6 version of Wasabi Wallet and see the safety coinjoin feature in action for your first deposit. 

The post Deeper Privacy with Safety Coinjoins appeared first on Wasabi Wallet - Blog.

Coinjoins are privacy-preserving transactions that contain funds from many users. This operation requires unanimous teamwork: Unless every user signs the transaction, Bitcoin nodes will reject it as invalid, and no privacy progress will be made. This poses a challenge to honest users since there is no cost to an attacker who continuously causes coinjoins to fail, resulting in a denial of service (DoS).

This is where the role of the centralized coinjoin coordinator comes into play. The coordinator acts as a bouncer to exclude known troublemakers, ensuring that honest users are not left waiting indefinitely. ZkSNACKs, which runs the default coordinator for Wasabi Wallet, uses various methods to identify and defeat DoS attacks to improve coinjoin success rates.

First, the economics of Denial of Service attacks are considered. The minimum value allowed to participate in a Wasabi coinjoin is 5000 sats (0.00005000 BTC). When disrupting a coinjoin round, the attack is equally effective whether the missing signature belongs to a low-value input or a high-value input. Due to this threat of an attacker splitting his coins into small pieces, low-value coins are subject to longer bans than high-value coins.

Second, Denial of Service penalty evasion is considered. If a particular address is banned for causing a coinjoin to fail, the attacker can move the coins from the banned address to a fresh address and attempt to register again. To combat this circumvention, bans from previously offending addresses are inherited by the coins they send. This prevents attackers from reusing the same funds for multiple disruptions.

Third, the nature of the offence is considered. There are 3 ways to cause trouble with a coinjoin transaction:

• Register inputs and fail to sign the final transaction
• Double spend a registered input before signing
• Double spend a registered input after signing

Failure to sign may not be intentionally malicious since it can occasionally occur due to limitations of the Tor network’s stability, or because a careless user closes his laptop after the input registration phase. Double spending is prevented by clients and is a clearer indicator of deliberate disruptive activity. The type of offence and the history of previous offences affect how long a coin is banned.

Stability Improvements

When Wasabi 2.0 was first released, Tor was under a network-wide attack that severely degraded its connection reliability. As a result, the coordinator cannot be too strict with bans to prevent Denial of Service since honest users may inadvertently disconnect without signing.

In November 2022, benchmark statistics were measured showing coinjoins would succeed only 10% of the time on the first attempt, and slightly less than 50% on subsequent attempts (known as “blame rounds”). With the v2.0.2.1 release in December, these metrics improved to 15% success on the first attempt.

As a result of months of hard work by the Wasabi and Tor developers, updated statistics from October 2023 show that the overall success rate has more than doubled since the previous year, with over 50% of new rounds and over 80% of blame rounds succeeding. This consistency makes privacy convenient for patience minimalists who quickly tire of the soothing glow of the countdown timer.

Entering the Fee Market

The fee rate of the coinjoin transaction is another variable to account for while waiting for full privacy. The coordinator chooses the mining fee for the coinjoin round before users join, however, fee estimation is not a simple task. On average, a new Bitcoin block is mined every 10 minutes, but there is no way to predict exactly when one will be found or how many new transactions will outbid you until then. 

There are special considerations when choosing the fee rate for coinjoin transactions. Participants often pay several times more in mining fees for a coinjoin transaction compared to a regular payment since they can register multiple inputs and outputs. This increases the marginal advantage for sniping the lowest possible fee rate. In addition, coinjoins are not considered urgent because users are often sending coins to themselves and not to others, so whether or not the transaction is confirmed quickly is not as important because there is no risk that incoming funds will be double spent and lost.

Allowing coinjoin transactions to wait in the mempool also has an unintended privacy benefit. Since unconfirmed coins cannot be registered for new rounds, users who remix their outputs must wait an additional time for their first coinjoin to be mined. By increasing the time period in between consecutive rounds, users are less likely to participate with the same users from their previous round.

Despite these advantages for choosing a low fee, there are also unique reasons for coinjoin transactions that would justify choosing a high fee as a precaution. Users who send a regular payment that gets stuck can easily use Replace By Fee (RBF) to increase its confirmation priority. However, since coinjoins require the cooperation of many users, the first fee is final. There is no way to replicate a higher fee replacement if even a single participant goes offline.

Another reason to prefer a higher fee for coinjoins is because they are disproportionately affected by transaction size limitations in Bitcoin Core’s mempool and block construction logic. Once a chain of transactions spending unconfirmed coins grows too large, nodes will ignore new transactions attempting to build on top of it.

Unfortunately, mining pools have not yet optimized to collect fees from coinjoin transactions. Miners only calculate the single highest-paying descendant transaction package, which may cause them to overlook the confirmation of an extra profitable coinjoin with many spent child outputs.

Patience Preferences

Since it’s impossible to choose a fee that satisfies both the impatient and the thrifty at the same time, Wasabi has a feature called “Coinjoin time preference” to ensure that you don’t get hit with higher than expected mining fees.

If a coinjoin round requires a higher fee than the median of the previous day, week, or month, your client can be configured to skip that round and wait until fees drop or stabilize. This customization gives both spenders and savers flexibility without compromising their preferences or splitting the liquidity pool.

Setting a long coinjoin time preference makes it easy to handle the small coins that accumulate in your wallet as you send and receive transactions. Whenever the best deal on fees becomes available, your wallet will privately consolidate your UTXOs so you can readily spend them when fees increase again.

In conclusion, the combined speed provided by Denial of Service fortification and smart savings from the coinjoin time preference feature has significantly improved Wasabi’s user experience. These advancements and tools have made privacy not only more convenient but also more cost-effective. Coinjoins have never been spicier, try Wasabi Wallet today and join the crowd.

The post Time is Money: DoS (Denial of Service) Fortification and Coinjoin Time Preference appeared first on Wasabi Wallet - Blog.

The question then becomes: How do coinjoin wallets compare on on-chain transaction fees?

Bitcoiners may find different protocols advantageous depending on the amount they are coinjoining, or how long they are willing to wait before spending. For example, if an input you want to coinjoin is of a ten million sats or less, WabiSabi wallets are ideal unless you’re willing to wait days or weeks coinjoining, which in that case Whirlpool would be better due to the free remixing policy. 

In cases where you are willing to provide liquidity and wait for others to coinjoin, you may prefer acting as a Joinmarket maker to passively earn sats. Finally, if you’re coinjoining more than 1 BTC, Joinmarket basically almost always wins in terms of fees. 

It’s also important to remember that this analysis was purely from the fees to be paid point of view, and didn’t take into account how strong each privacy guarantee is for each protocol. To learn more about the benefits and the tradeoffs of each coinjoin protocol and wallet, visit the open-source educational website Coinjoins.org. 

If you want to know how WabiSabi, Whirlpool and Joinmarket fee structures work, read on. We’ll define all the fees of a coinjoin transaction, the way fees are calculated for each protocol and finally, which one is better for many different user profiles. 

What are the Different Fees for Coinjoin Transactions?

To answer what are the different types of fees on a coinjoin transaction, we will explain how coordinator fees work for each protocol, and then how mining fees work for each protocol. 

What are Coinjoin Coordinator Fees?

Protocols like WabiSabi and Whirlpool use a centralized coordinator model to scale privacy, allowing multiple users to cooperate in a transaction without any participant knowing which coins belong to the others. Cryptography and discreet network communication are required in order to ensure that movements of funds are not revealed to the coinjoin coordinator. To learn more about how coinjoin protocols work, read more on Coinjoins.org.

Coordinator fees are what you pay the third-party in exchange for their services. The fee can be static (fixed amount) or dynamic (percentage). 

Coordinator Fees for WabiSabi Coinjoins

For example, in WabiSabi wallets like Wasabi Wallet, BTCPay Server or Trezor Suite, coordinator fees are 0.3% (dynamic) of what you’re mixing (for the zkSNACKs coordinator). You’re only charged on the first transaction so remixing is free of coordinator fees. Also, if someone sends you coinjoined bitcoin, your coordinator fees are waived too. This feature is called Friends don’t pay.

In addition, the Plebs don’t pay feature makes it that coordinator fees are waived for any coinjoin input less than 1,000,000 satoshis (0.01 BTC). This improves accessibility for users with low amounts of bitcoin. 

Coordinator Fees for Whirlpool Coinjoins

On the other hand, on Whirlpool wallets like Samourai, Sparrow, and Bitcoin Keeper, coordinator fees are of a fixed amount, depending on the liquidity pool you choose to be part of. Here’s the breakdown per pool:

• 100,000 satoshis pool: 5,000 sats of coordinator fees
• 1,000,000 satoshis pool: 50,000 sats of coordinator fees.
• 5,000,000 satoshis pool: 175,000 sats of coordinator fees.
• 50,000,000 satoshis pool: 1,750,000 sats of coordinator fees.

You might be wondering what a coinjoin pool is. In short, it’s the coinjoin output denomination amount. The 100,000 satoshis pool will result in coinjoined outputs of that precise size. Here’s a visual example for the 5,000,000 satoshis pool: 

As you can see, every output is of the same value. When you enter a pool, you pay the fixed fee amount. However, you can enter a pool with much more than the pool denomination, to be exact you can enter with up to 70 times the pool denomination, split across 70 outputs (for the 100k sats pool it’s only 25 times). 

Now on to Joinmarket, which doesn’t have coordinator fees but there are coinjoin fees.

Coinjoin Fees on Joinmarket

Joinmarket works differently than other coinjoin protocols because it doesn’t have a centralized individual entity coordinator, but rather two user roles in a P2P (peer-to-peer) environment: makers (who provide liquidity for a fee) and takers (who pay a fee for liquidity and coordinate the transaction). Any user can be a maker or a taker.

In short, instead of paying for coordination, you pay for liquidity. There’s an orderbook with all maker offers and at different price points. Some charge a static fee (fixed amount) but most charge a dynamic fee (a percentage of the liquidity used). 

When you’re a taker, you use the liquidity of many makers in a single transaction, usually 8, which makes 9 participants including you. You pay each maker what they ask for. For example, if there’s 8 makers and each charge a dynamic fee of 0.0001% BTC for the liquidity used, and you use 1 BTC of each, you pay a total of 10,000 sats * 8 = 80,000 sats.

This is the case for each Joinmarket transaction you’re the taker on. If you’re a maker, you enjoy privacy and you get paid for it: the best of both worlds.

How Mining Fees Work on Coinjoin Transactions?

Mining fees are part of every transaction on the bitcoin network, and coinjoins are no exception. It works differently for all three major protocols. Here’s a tool to calculate bitcoin transaction size. 

Mining Fees on WabiSabi Coinjoins

On WabiSabi coinjoin transactions, you only pay the fees associated with the blockspace your inputs and outputs take. For example, if you have a P2WPKH (segwit native) wallet and you have 3 inputs and 5 outputs in a coinjoin transaction, and the current fee is 50 sats/vbyte, you will pay:

Total blockspace: 3 * 68 vbytes + 5 * 31 vbytes = 359 vbytes

Total mining fees: 516.5 vbytes * 50 sats/vbytes = 17,950 sats

You pay exactly what you consume in blockspace, in every coinjoin transaction you participate in. 

Mining Fees on Whirlpool Coinjoins

The mining fee structure of Whirlpool coinjoins is a bit more complicated, but nothing that we can’t explain. Here it goes.

First off, it’s important to understand that before the coinjoin process begins, a premix transaction, also known as Tx0, takes place. The claimed purpose is to split your total input amount into the outputs to coinjoin, the non-private change output that goes into a separate wallet account called BadBank, and the coordinator fee to pay. 

For example, if you have a 1,500,000 sats UTXO for the 1,000,000 sats denomination pool, your premix transaction (Tx0) will have 1 input and three outputs: one output to coinjoin, a 50,000 sats output to pay the coordinator, and a non private change output that goes to the BadBank wallet account.

It’s important to understand that your premix can have many inputs and many outputs to coinjoin (up to 70), but the minimum number of inputs is 1 and outputs is 2 (if there’s no change). 

The first part of the mining fees for Whirlpool coinjoins is the fee you pay for the premix transaction. However, there’s a second part: you have to pay mining fees for the first coinjoin transaction, and not only for you, but for anyone remixing in it. You share that cost with at least one additional user out of 5, but it can be up to 4 out of 5 participants. When you remix and enter further coinjoins, you don’t pay any fees.

How to calculate Whirlpool Tx0 Mining Fees

The formula for the mining fees on Tx0 is as follows (assuming all are P2WPKH UTXOs): 

Total vbytes: Base transaction vbytes + input vbytes * number of inputs + output vbytes * 2 (for change and coordinator fee outputs) + output vbytes * number of coinjoin outputs

Which comes out to: 10.5 + 68 * inputs + 31 * (2 + cjOutputs)

For example, if there are 5 inputs and 10 cjOutputs, the total vbytes will be:

Total vbytes: 10.5 + 68 * 5 + 31 * (2 + 10) = 722.5 vybtes

Total fees (assuming 50 sats/vbyte): 722.5 * 50 = 36,125 sats

How to calculate Whirlpool Coinjoin Mining Fees

Regular Whirlpool coinjoin transactions have 5 inputs and 5 outputs, which comes out to a total of 505.5 vbytes. Considering that 2 new entrants are paying, this splits the duty in two. You’re then responsible for paying 202.75 vbytes, for each one of your 10 coinjoin outputs.

Total fees (assuming 50 sats/vbyte): 202.75 * 50 * 10 = 101,375 sats

This gives you a total of 36,125 + 101,375 = 137,500 sats to pay on mining fees. However, this is a one-time fee, and you will be able to remix for free, for as long as you want.

Now, let’s cover the remaining protocol, Joinmarket.

Mining Fees on Joinmarket Coinjoins

By default, a taker is in charge of paying all the mining fees for a Joinmarket coinjoin transaction. However, there’s a setting for makers to include a mining fee contribution in their offers. In practice, as of the 10th January 2024 at 6:00 AM UTC, there’s not a single offer that includes a mining fee contribution out of 65 offers.

This means that as a taker you will almost certainly pay the entirety of the mining fee required for the Joinmarket coinjoin. This means that for every input, there will be a coinjoin output and a change output. If there are 9 participants, there are at least 9 inputs (there can be more), and at least 18 outputs. It’s also not mandatory that everyone uses the same wallet standard, which means some inputs can cost more than others. Let’s assume every input and output is P2WPKH and that every participant only has 1 input.

Total vbytes: 9 * 68 + 18 * 31 = 1,170 vbytes

Total fees (assuming 50 sats / vbyte): 58,500 sats

In short, the formula to calculate the mining fees paid is (68 * number of inputs + 31 * number of outputs) * mining fee in sats / vbyte.

Now that we’ve broken down how exactly to calculate the fees for every coinjoin protocol, let’s examine which would be better for different profiles.

I have a 990,000 sats (0.099 BTC) UTXO to mix. Which protocol is better for fees?

If you have a million sats or less, here are the coordinator (liquidity for Joinmarket) fees paid for every different coinjoin protocol:

• You won’t pay any coordinator fees with WabiSabi.
• You can only enter the 100,000 sats pool on Whirlpool and you will pay 5,000 sats in coordinator fees.
• FOR TAKERS only: On Joinmarket, it depends on the orderbook: as of the 10th of January 2024, you will pay an average of 0.0007% for 8 makers, which would be a maximum of 56 sats (depending on the mining fee market to know how much you have left in sats). 

Here are the mining fees to pay for every different coinjoin protocol (assuming 50 sats/vbyte);

• WabiSabi: Assuming you have 1 input and 7 outputs (extremely high estimation) are created, you will pay 17,925 sats for the first coinjoin transaction. For each further coinjoin transaction, considering you will have 7 inputs now, you will pay 35,175 in sats.
• Samourai: assuming you have 1 input and 8 coinjoin UTXOs will be created, you will pay a total of 120,650 sats for the Tx0 and the coinjoin mining fee.
• Joinmarket (FOR TAKERS only): assuming you have to pay for a total of 9 inputs, and 18 outputs, you will pay a total of 62,150 sats for each coinjoin transaction. 

In total:

• WabiSabi: 17,925 sats for first, 35,175 sats for further transactions.
• Whirlpool: 125,650 sats in total.
• Joinmarket: 62,182 sats for each transaction.

The conclusion for this user profile is that WabiSabi is better if you’re doing 4 transactions or less, but Whirlpool will become more economical after that. It depends on whether you want to mix fast or slow, and also it’s important to consider that to gain the same level of privacy as with 4 WabiSabi transactions, you will need to make many more on Whirlpool.

Joinmarket is not worth it for this amount unless you’re a maker.

The winner for this user profile: WabiSabi Coinjoins.

I have 10,000,000 sats (0.1 BTC). Which wallet is better?

Now that we’ve broken down the first user profile, we can just jump straight to total fees for the next ones. We keep the same assumptions. 

Total fees for each coinjoin protocol:

• WabiSabi: 30,000 sats (coordinator fee) + 17,925 sats (mining fee) = 47,925 sats for first + 35,175 sats for further transactions.
• Samourai 1M sats pool: 50,000 sats (coordinator fee) + 134850 (total mining fee) = 184,850 sats (5M sats would be possible too but not as economical and with more change)
• Joinmarket (FOR TAKERS only): 317 (liquidity fee) + 62150 (mining fee) = 62467 sats for each transaction

Joinmarket is more competitive but the result remains the same. WabiSabi is better for 3 transactions or less, and Whirlpool for continuous remixing. However, 3 WabiSabi transactions gives you a sufficient level of plausible deniability that is enough to make tracking the transactions of most users super hard.

Winner: WabiSabi (unless you’re a Joinmarket maker)

I have 100,000,000 sats (1 BTC). Which wallet is better?

Total fees for each coinjoin protocol:

• WabiSabi: 300,000 sats (coordinator fee) + 17,925 sats (mining fee) = 317,925 sats for first + 35,175 sats for further transactions.
• Samourai 5M sats pool: 175,000 sats (coordinator fee) + 276850 (total mining fee) = 451,850 (50M sats would be possible too but not as economical and with more change)
• Joinmarket (FOR TAKERS only): 3168 (liquidity fee) + 62150 (mining fee) = 65,318 sats for each transaction

For this category, Joinmarket is the winner under 7 transactions, then Whirlpool is more economical. WabiSabi is better than Whirlpool for 3 transactions or less.

Winner: Joinmarket

I have 1,000,000,000 sats (10 BTC). Which wallet is better?

Total fees for each coinjoin protocol:

• WabiSabi: 3,000,000 sats (coordinator fee) + 17,925 sats (mining fee) = 3,017,925 sats for first + 35,175 sats for further transactions.
• Samourai 50M sats pool: 1,750,000 sats (coordinator fee) + 276850 (total mining fee) = 2,026,850 sats in total
• Joinmarket (FOR TAKERS only): 31680 (liquidity fee) + 62150 (mining fee) = 93,830 sats per transaction

For this category, Joinmarket is the winner under 20 transactions, which means it’s the winner hands down. 

Winner: Joinmarket

Conclusion

We explained how fees work on every major coinjoin protocol such as WabiSabi, Whirlpool and Joinmarket. We then compare them in different contexts ranging from a user that has less than a million sats to one that has a billion sats. Many assumptions are required to be made, but the formulas are shared so you can calculate it in other scenarios where variables such as the number of inputs, the number of outputs and the current mining fee, change. 

It’s also important to remember that this analysis was purely from the fees to be paid point of view, and didn’t consider how strong each privacy guarantee is for each protocol. To learn more about the benefits and the tradeoffs of each coinjoin protocol and wallet, visit the open-source educational website Coinjoins.org. 

The post How Coinjoin Wallets Compare on Fees appeared first on Wasabi Wallet - Blog.

In this article, we’ll explain how Wasabi coinjoin fees work, how it differs from Wasabi Wallet 1 with Free Remixing, what Friends don’t pay means, the importance of accessibility in coinjoin transactions, what Plebs don’t pay means, why mining fees are never waived, and finally how to minimize mining fees in a high-fee environment.

Basic Explainer of Wasabi Coinjoin Fees

There are two types of fees in a coinjoin transaction: coordinator fees and network mining fees.

As with all bitcoin on-chain transactions, there’s a network mining fee proportional to the amount of space your inputs and outputs consume. This is also true for Wasabi coinjoin transactions; you pay for the space you use. For example, if you have two P2WPKH inputs and two P2WPKH outputs, your transaction size is 209 virtual bytes. If the fees are 50 sats / vbyte, you will pay 10450 sats in mining fees. 

In a coinjoin transaction, a coordinator (default is zkSNACKs) takes care of the complex communication between all the participants and receives a fee for the hefty task. This allows users to gain privacy. This fee is 0.3% of the total bitcoin you bring to a coinjoin round, so if you bring 3,000,000 sats (0.03 BTC), you will pay 9000 sats in coordinator fees.

Unlike Wasabi Wallet 1.0, where you paid coordinator fees on every transaction, since the 2.0 release you pay upfront on your first coinjoin transaction and then enjoy free remixing.

Pay Coordinator Fees Upfront: Free Remixing

It doesn’t matter if you participate in 1 or 100 coinjoin transactions with the same bitcoin, you will only pay coordinator fees for the first one. This allows you to enjoy additional privacy at a massively reduced cost.

How is this possible?

Whenever you join a coinjoin round, the coordinator can detect that your UTXOs (unspent transaction outputs) are from a previous Wasabi coinjoin, and therefore waives the coordinator fees for those coins. 

But what if the ownership of coins changes hands between two coinjoin transactions? Would the same apply? Yes, and this is what we call Friends don’t pay.

Friends Don’t Pay

The “Friends Don’t Pay” feature allows users to coinjoin as many times as they want for as long as they want at no additional cost other than the mining fee. 

This is great for liquidity as users are incentivized to coinjoin many times to improve their own privacy, making coinjoins better, faster and stronger for everyone! Anyone can coinjoin multiple times for 0% coordinator fees. 

Just send some previously coinjoined bitcoin to your friends and family members and watch them enjoy the benefits of acquiring privacy without having to pay coordinator fees. That must feel pretty awesome.

But wait, there’s another way to avoid paying the coordinator fees.

The Importance of Accessibility in Coinjoin Transactions

Before we get into the Plebs don’t pay feature, we want to reiterate our commitment to the accessibility of coinjoin transactions. We’re always working to improve on this front, whether it’s making the software more performant for low-bandwidth users as we did with the 2.0.4 release, or by adding the “Buy Anything Button” to allow you to purchase literally anything with your coinjoined bitcoin. 

The most important way to improve accessibility is to lower fees, and we’re doing that with Plebs Don’t pay.

Plebs Don’t Pay

If you participate in a coinjoin transaction with less than 1,000,000 sats (0.01 BTC), you will never pay any coordinator fees. Not a single sat. 

Wasabi is the only coinjoin protocol that waives coinjoin coordinator fees for users with small amounts of bitcoin,  often referred to as the bitcoin plebs in various bitcoin community channels. 

I know what you’re thinking, you’re almost convinced to coinjoin, but the high network mining fee environment makes you doubt. Yes, you will pay zero in coordinator fees but you will end up paying more in mining fees. 

Well, read on to learn why mining fees are crucial and shouldn’t be waived, and how to minimize your coinjoin transaction mining fees.

Why Mining Fees Should Never Be Waived

By enforcing mining fees for all coinjoin participants, we ensure an economic cost for everyone and collapse the opportunity for sybil attackers.

What is a Sybil attack? 

The U.S. National Institute of Standards and Technology defines it as: “A cybersecurity attack wherein an attacker creates multiple accounts and pretends to be many persons at once.”

Coinjoins work because many participants join together to form collaborative bitcoin transactions. The privacy gain is strictly correlated to the diversity of participants, and a Sybil attack in this context means that an attacker can fool others into believing that they are many different people, when in fact they’re only one.

This could theoretically be taken to the point where you think you’re with dozens of participants, when in fact you’re with only one attacker. This could easily compromise your privacy.

By never waiving network mining fees, we ensure that Sybil attacks have a cost that will deter potential malicious attackers.

Now for something practical…

How to Minimize Mining Fees

When you set up a wallet on Wasabi, you will be asked to choose a coinjoin strategy between Minimize Costs, Maximize Speed, and Maximize Privacy. The first two strategies aim for an anonymity level of 5, and the last one is a random number between 50 and 100. You can also customize the parameters.

The Minimize Costs strategy will ensure that you only participate in coinjoins that take place at times of the week when there’s less pressure on the network mining fee market, so you can minimize the fees you pay.

You can change coinjoin strategies at any time in your coinjoin settings.

Conclusion

The next time a friend wants to coinjoin but is hesitant because of the fees involved, be sure to point them to this blog article so they can understand the many ways they can pay zero coordinator fees and minimize their mining fees. 

No doubt he’ll be grateful to you!

Download Wasabi Wallet.

The post Friends and Plebs Don’t Pay Wasabi Coinjoin Fees appeared first on Wasabi Wallet - Blog.

Coinjoins.org was announced earlier this year by Thibaud and Gustavo as a new public resource to discover and review bitcoin wallets with coinjoin features. Today, 3 new wallet reviews were released to help consumers discover the best bitcoin wallets for privacy. 

Trezor Suite and WabiSabi 

Trezor Suite is an easy-to-use bitcoin wallet desktop application with hardware wallet integration (Trezor T, One and Safe) and a built-in coinjoin feature using WabiSabi, the same coinjoin protocol used in Wasabi Wallet. 

One benefit is that Trezor Suite is the only wallet that allows you to coinjoin directly from a hardware wallet account, significantly increasing the security of your bitcoin. There is no need to use a hot wallet.

One limitation is that the process of coinjoining is somewhat manual. Users need to create a separate coinjoin wallet account, block filters have to be downloaded, and once the funds are deposited, a user need to manually click start to join a round.

The coinjoin integration was co-announced by Trezor and Wasabi Wallet back in April of this year. 

Find the full Trezor Suite review on Coinjoins.org. 

Jam and JoinMarket 

Jam is a web interface for JoinMarket focusing on user-friendliness and ease-of-use. It aims to provide sensible defaults and be easy to use for beginners while still having the features advanced users expect.

One benefit is that Jam significantly improves the user experience by abstracting away the complexity of Joinmarket. Joinmarket is the most censorship-resistant coinjoin on the market due to the competitive nature of a peer-to-peer free market with many takers and makers. There is no single coordinator in Joinmarket, but each round has a central coordinator (the taker).

One limitation is that Jam is not easy to install if you don’t have a full node system such as Umbrel, Citadel, Start9, Raspiblitz, MyNode and Raspibolt. Running Jam still requires technical skills. If a user doesn’t buy the pre-built node systems, it also requires technical skills to DIY (do it yourself).

Find the full Jam review on Coinjoins.org. 

BTCPay Coinjoin Plugin

BTCPay Server is a self-hosted, open-source bitcoin payment processor that includes a bitcoin wallet with a WabiSabi coinjoin plugin. 

One benefit of using BTCPay Server is that it is the most censorship-resistant WabiSabi bitcoin wallet because you can browse coordinators on Nostr (uncensored social media platform) and also run your own coordinator and publish it for discoverability.

One limitation is that it’s harder to run your own BTCPay server instance than it is to install a desktop or mobile wallet application. To use the WabiSabi coinjoin plugin, you need to install it after deploying BTCPay. It’s mandatory to use coinjoin on your own instance because you need to use a hot wallet.

Find the full BTCPay Server Coinjoin Plugin review on Coinjoins.org. 

Contribute 

Coinjoins.org is a free and open source project developed and maintained by Thibaud and Gustavo. If you would like to share suggestions, please open an issue on the GitHub repository, or even fork the project to show improvements. 

The post Coinjoins.org Presents 3 New Coinjoin Wallet Reviews appeared first on Wasabi Wallet - Blog.

As a coinjoin user, you’re not only looking for privacy for your coins but also efficiency in terms of fees and time. We could say that the perfect on-chain coinjoin would be one transaction, would cost very little, and would provide a lot of privacy for all your coins while leaving no toxic change. At Wasabi, we have always improved our software so that it becomes more efficient, because this increases the accessibility of privacy. With the 2.0.4 release, we have improved coinjoin efficiency in multiple ways so that you reach private status on all your coins faster and incur less cost. Our main goal is to even further reduce the occurrence of toxic change. 

How are we improving coinjoin efficiency on the 2.0.4 release?

First off, the maximum number of outputs per user per coinjoin transaction is no longer 8 but is now 10. Then, output decompositions that produce toxic change outputs are now rarely chosen. Additionally, we have slightly changed how the anonymity scoring is calculated, to reflect further the reality. Finally, Wasabi’s definition of private coins has changed to a random value of an anonymity score of 27 to 76, instead of 50 to 100 in the privacy profile.

If you want to understand the details of how this works, what the above numbers mean, and understand the motivation behind our update, read further. To better communicate this topic, we have to first take a look at Wasabi Wallet 1.0 and its flaws, then how Wasabi Wallet 2.0.0 fixed many of them, and finally, the improvements done on the 2.0.4 release, to bring us one step closer to providing the perfect coinjoin protocol and application. 

This article assumes you understand Bitcoin’s UTXO model and the lack of privacy it creates, read about it here if you don’t.

The Flaws of Wasabi Wallet 1.0 and Zerolink

Wasabi Wallet 1.0 was released on October 31st 2018. It was the first implementation of a Zerolink Chaumian coinjoin protocol, in which encrypted communication with the coordinator was introduced through blind signatures. 

Trustless coinjoin transactions at scale became a reality. However, nothing is perfect and this mechanism has inherent flaws. Let’s look at how Wasabi Wallet 1.0 works and where the issue relies, particularly around coinjoin efficiency. 

How does Wasabi Wallet 1.0 work?

When you use Wasabi 1.0, you have to manually select the inputs you wish to be part of the coinjoin transaction and queue them. Once enough participants had joined the current queue, the coordination process of the coinjoin transaction would begin, including the phases of input and output registration, and transaction signing. Once all coordination phases are completed, the coordinator broadcasts the coinjoin transaction to the bitcoin network. It confirms and the coinjoin is complete. To learn more about the details of the Zerolink protocol, read about it here.

This is what the Wasabi Wallet 1.0 interface of the registration process looks like. 

What are the Flaws of Wasabi Wallet 1.0? 

Due to the inherent nature of blind signatures, the private output values of a coinjoin transaction in Wasabi Wallet 1.0 are of a fixed set of multiples of a base denomination. This inherent design issue leads to coinjoin inefficiency.

Example of what a Wasabi Wallet 1.0 coinjoin transaction looks like, with a no fee assumption for simplification purposes.

Since it’s unlikely that a participant’s input will equal the sum of the fixed output value and the additional required fees, the coinjoin transaction creates toxic change outputs for almost every user. This means that a user will pay bitcoin mining fees to create outputs that are not even private, and will have to pay even more in the future to get those UTXOs private. 

An additional issue of a fixed set of multiples of a base denomination for private outputs is accessibility. Users with less bitcoin than the base denomination find themselves excluded from participating in Wasabi Wallet 1.0 coinjoin transactions. 

Fortunately, the flaws of Wasabi Wallet 1.0 motivated the team to research and develop a new system that would fix those caveats on the WabiSabi protocol. 

WabiSabi to the Rescue

As previously said, Zerolink’s usage of blind signatures restricted Wasabi Wallet 1,0 to a fixed set of multiples of a base denomination. On the other hand, WabiSabi introduces KVACs (keyed-verification anonymous credentials) to replace blind signatures’ standard denominations with homomorphic amount commitments. To learn more about KVACs, the WabiSabi academic paper explains well the technology behind it.

This allows the coordinator to verify that the sum of any participant’s outputs does not exceed that of their inputs while allowing the user to hide the underlying values from the coordinator. This innovation allows for Wasabi Wallet 2.0 to be more flexible on output decomposition for coinjoins, which means that users can now register inputs and outputs worth anywhere in between 5000 sats and 40000 bitcoin (find all the output denominations here). This greatly improves coinjoin efficiency, allowing most users to avoid toxic change outputs from the coinjoin transaction, and it drastically increases accessibility by lowering the minimum amount by 99%.

Example of what a Wasabi Wallet 2.0 coinjoin transaction looks like, with a no fee assumption for simplification purposes.

Now that we’ve explored the different approaches taken in Wasabi Wallet 1.0 and 2.0, let’s take a look at how coinjoin efficiency works. 

How is Coinjoin Efficiency Measured?

Briefly, the WabiSabi research paper defines coinjoin inefficiency “ to be the fraction of non-mixed change outputs and the total number of outputs in a CoinJoin transaction”. This means that a coinjoin transaction without any toxic change outputs has no coinjoin inefficiency. 

It’s also important to consider that a coinjoin participant wants to minimize the amount of fees he will pay and the amount of time he will spend to gain a sufficient level of privacy. 

Let’s complete this article by looking at the latest coinjoin efficiency improvements.  

Wasabi 2.0.4 Release Improvements on Coinjoin Efficiency

Wasabi Wallet’s 2.0.4 release introduces a few improvements to coinjoin efficiency by reducing further the occurrence of toxic change. It does so by introducing Naive Decomposition, an alternative way to decompose the input value sum into private outputs, which decreases the rate of decompositions that create toxic change outputs. 

Additionally, there is an adjustment to the anonymity score calculator, in which there’s now three types of anonymity score calculation for outputs instead of two. Also, the profile “Maximize Privacy” anonymity score target is now of a different value, from 50-100, to 27-76.

In this section, we’ll explain in detail what this means.

What is Wasabi Wallet’s Naive Decomposition?

Like previously mentioned when introducing Wasabi Wallet 2.0, coinjoin output decomposition happens freely, which means that amounts are no longer fixed, they’re way more flexible. However, it’s nowhere near perfect and some coinjoin transactions still have toxic change. This particularly affects whale users that bring high value UTXOs to the collaborative effort.

To partially solve this problem and reduce even further toxic change, we introduce Naive Decomposition. It’s a method that attempts to break down a larger amount of money into smaller denominations in a straightforward or ‘naive’ manner, while adhering to certain constraints such as maximum number of outputs and minimum allowed output amounts. Here’s the codebase section on the Naive decomposition.

How does Naive Decomposition Create Less Toxic Change?

The way it does this is fairly straightforward: it iterates over the provided denominations and continuously subtracts them from the total sum until it can’t anymore, respecting the constraints of maximum number of outputs and the available virtual size (vsize).

If there’s enough ‘remaining’ to create a change output (greater than the minimum allowed amount + change fee), it adds a change output.  If not, the ‘remaining’ amount is treated as a ‘loss’ that goes to the miners. 

It’s also important to note that on the Naive Decomposition the maximum number of outputs is 10, including a toxic change output. For regular previously used decomposition, the number remains at 8. Increasing this number helps in creating better decompositions, with less toxic change. However, we don’t want to increase this number too much because it could lead to  heavy computer resource consumption and then to software crashes. Also, it’s important to avoid creating too many outputs, to reduce the future fees the user will have to pay to spend each one of them.

Now that we’ve understood the gains of coinjoin efficiency of the Naive Decomposition on the 2.0.4 release, let’s finish up the blog post by describing the motivations behind the changes on the anonymity score calculator and the profile “Maximize Privacy” anonymity score target value. 

The Anonymity Score Calculator Becomes More Accurate

Every coinjoin protocol has its own way to calculate anonymity gain, and on Wasabi Wallet 2 it’s called anonymity score. This term is different from anonymity set used in Wasabi Wallet 1.0, and to know more about the difference between these two terms and how the anonymity score calculator works in detail, read this previous blog post. 

Here’s a brief but exact description of the anonymity score calculator for coinjoin transaction outputs. 

Before the 2.0.4 Release

There are two different anonymity scores possible to inherit for a coinjoin transaction output, they are as follows:

1. Non-Sanctioned: When the output is of standard denomination AND it’s not one of the two biggest output amounts in the transaction. It’s uniqueness doesn’t matter, it is a private output.
   1. Anonymity score is calculated as the sum of the weighted average of the anonymity scores of a user’s own inputs part of the coinjoin transaction, and the total number of outputs of the same denomination divided by the number of a user’s own inputs of that denomination.
2. Sanctioned: When it’s not non-sanctioned, so it’s either not of a standard denomination OR it’s one of the two biggest output amounts in the transaction.
   1. Anonymity score is calculated as the minimum anonymity score of a user’s own inputs part of the transaction. 

Since the 2.0.4 Release 

There’s now three different anonymity scores possible to inherit for a coinjoin transaction output. The changes will be highlighted. They are as follows:

1. Non-Sanctioned : When the output is of standard denomination (uniqueness doesn’t matter) AND it’s smaller than the biggest pair of foreign equal outputs(in other words, my output is smaller than the biggest foreign denomination that has at least two outputs)
   1. The anonymity score calculation doesn’t change for Non-Sanctioned outputs.
2. Sanctioned: When it’s not a standard denomination only (so it won’t be applied anymore for big standard denominations outputs, this is the main goal of the change)
   1. The anonymity score calculation doesn’t change for Sanctioned outputs.
3. Half-Sanctioned (new): When we are not a Non-Sanctioned or a Sanctioned output (is of a Standard denomination AND is bigger than the biggest pair of foreign equal outputs)
   1. The anonymity score is calculated as the minimum anonymity score of our own inputs part of this transaction that are bigger than the biggest foreign output. 

Why did we change this? 

We would previously lower the anonymity score of what is now a half-sanctioned output to the minimum anonymity score of a user’s own input part of the transaction. This calculation is done client-side so the software knows which inputs are yours. 

However, anonymity score should be a measurement of what can be perceived from analyzing the blockchain, so if an input is not in the penalty, well we can’t know it’s yours from a blockchain analytics perspective. It made little sense to penalize a half-sanctioned output to that level, instead we penalize it to the minimum anonymity score of our own inputs that are part of this transaction and are bigger than the biggest foreign output.  

Let’s conclude by explaining the profile “Maximize Privacy” change.

Why Has the Anonymity Score Target of Maximize Privacy Changed?

When you initialize Wasabi Wallet 2.0, you can choose your wallet profile either to “Minimize Cost”, “Maximize Speed” or “Maximize Privacy”. The first two will give the target an anonymity score superior to 5, but differ because the first one will wait for bitcoin network fees to be low to coinjoin. Maximizing privacy used to target a random number between 50 to 100, but that’s now 27 to 76. Why?

Based on our goal to prioritize efficiency for our users, we always want to offer the most economical solution available. We believe that an anonymity score of 100 is currently probably an overkill to recommend as a default setting, and we’ve lowered it because of that reason.

We’ve calculated that an output can never gain more than 26 anonymity scores from 1 coinjoin transaction, so a minimum of 27 enforces at least two coinjoin transactions. We kept the same spread which gives us 27 to 76. 

It’s important to know that this is just a default setting and you can always change your anonymity score target to a maximum of 300. 

Conclusion

This article explains the mechanism behind Wasabi Wallet 1.0 (and the Zerolink protocol), its inherent flaw of coinjoin inefficiency, how Wasabi Wallet 2.0 (and the WabiSabi protocol) improved efficiency and fixed many of the resulting caveats. This part introduces the goal of this article, which is to explain the improvements made on Wasabi Wallet’s latest release (2.0.4) on coinjoin efficiency through the introduction of the Naive Decomposition, and the further changes to the anonymity score calculator and the anonymity score target value of the profile “Maximize Privacy”. 

The post Wasabi’s Latest Release (2.0.4) Improves Coinjoin Efficiency appeared first on Wasabi Wallet - Blog.