CoinJoin - Reading Assignment

Read the legendary gmaxwell’s Bitcointalk post about CoinJoin. Answer the questions and post your answers below:

https://bitcointalk.org/?topic=279249

Questions:

  1. What is the benefit of CoinJoin over BitLaundry, if any?
  2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
  3. How can anonymity set be increased while keeping small transaction sizes?
  4. What is the main benefit of CoinJoin over Zerocoin?
  1. What is the benefit of CoinJoin over BitLaundry, if any?
    BitLaundry was a centralized service where you sent your transaction amount request to them, waited for them to coordinate a transaction with the amount you requested to your intended recipient. CoinJoin just need users to agree on a set of inputs to spend and a set of outputs to pay, and then to individually and separately sign a transaction and later merge their signatures.
  2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions could not be wise.” Explain failure (rety) risk.
    Failure Risk is when one party doesn’t want to sign a transaction as valid. Meaning the individual making the transaction would have to retry again
  3. How can anonymity set be increased while keeping small transaction sizes?
    Because the transactions are cheap when using the CoinJoin method, there is no limit to the number of transactions you can cascade.
  4. What is the main benefit of CoinJoin over Zerocoin?
    You don’t have to soft-fork the bitcoin protocol as compared to the Zerocoin Protocol.
4 Likes

Good! Check out other answers for #2 and #3 :wink:

  1. What is the benefit of CoinJoin over BitLaundry, if any?
    Coinjoin is design “per se” to get privacy for the users, for example “utxos” are of the same ammount (in order not to know who is the receiver) or take into consideration the share of the neccessary keys for the transactions (encryption, “onion opening”,…) and the anonimity set is much bigger.

  2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
    The risk of some participants “going down” during the proccess of Coinjoin or the possibility of DOS attack.

  3. How can anonymity set be increased while keeping small transaction sizes?
    Increasing the number of transactions of the Coinjoin proccess.

  4. What is the main benefit of CoinJoin over Zerocoin?
    No need for a “soft fork” and proven and known cryptography, “lighter” signatures, no central “accummulator” needed, and less time (with privacy implications) and computational requirements.

3 Likes
  1. BitLaundry is centralized. You have to trust them to do according to your order (pretty much like a bank transfer). BitJoin is by default decentralized. Both ends have to agree on a number of inputs and outputs to pay and spend. They have to be signed individually and joined at the end.
    2.It means that one of the two partes finally refuses to continue in the process and it means that the transaction in not executed properly.
  2. By increasing the number of small transactions.
  3. BitJoin does not require soft forks.
2 Likes
  1. While BitLaundry is a centralized third party working as an intermediary in the transaction between two users, the use of CoinJoin happens voluntarily between users that can choose to use this mechanism. Also, CoinJoin transactions are “externally indistinguishable from a transaction created through conventional use”, while transactions that rely on BitLaundrey will be easily recognized.
  2. Failure risk is related to the risk that the CoinJoin transaction fails, either because of a DOS attack or because a member of the transaction is not able/willing to perform its part of signature. It is an increased risk when it comes to huge transactions because it would put at risk all other parties involved.
  3. By increasing the number of transactions happening within the process.
  4. CoinJoin already works on Bitcoin and it does not require any relevant change (even considering further developments) to its structure and protocol, while Zerocoin would require a Soft Fork to be implemented. It would also mean that members of the network could not agree with it and it could endanger the stability of the community. Also, CoinJoin is less demanding in terms of computing power and other technical aspects which are heavier on Zerocoin.
2 Likes
  1. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
    The risk of some participants “going down” during the proccess of Coinjoin or the possibility of DOS attack.
    3.You dont have to soft fork CoinJoin, but Zerocoin have to soft fork implemented.
2 Likes
  • What is the benefit of CoinJoin over BitLaundry, if any?
    Bitlaundry is a centralized entity while CoinJoin is a decentralized p2p between users that agrees on inputs and outputs, while the signatures, one per input, inside a transaction remain completely independent from each other, will be merged after with the signed Tx.

  • About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
    If a participant doesn’t sign a Tx or in the eventuality of DOS attack the process fail and needs to be retried leaving out the party that failed to provide the signature.

  • How can anonymity set be increased while keeping small transaction sizes?
    because these transactions are cheap, there is no limit to the number of transactions you can cascade, so you can increase the anonymity set simply increasing participation.

  • What is the main benefit of CoinJoin over Zerocoin?
    there is no need to softfork on the bitcoin network for it to work, and practically the anonymity set (because of the fact CJ Tx are really small) can be the same or really similar.

2 Likes
  1. CoinJoin just need users to agree on a set of inputs to spend and a set of outputs to pay, and then to individually and separately sign a transaction and later merge their signatures.
  2. Failure risk is related to the risk that the CoinJoin transaction fails, either because of a DOS attack or because a member of the transaction is not able/willing to perform its part of signature. It is an increased risk when it comes to huge transactions because it would put at risk all other parties involved.
  3. By increasing the number of transactions even further.
  4. CoinJoin doesn’t require soft fork.
2 Likes

To anybody who wants a more readable version of the same CoinJoin article, instead of reading it from the bitcointalk forum, check the version in the bitcoin wiki: https://en.bitcoin.it/wiki/CoinJoin

  1. What is the benefit of CoinJoin over BitLaundry, if any?

Bitlaundry is a website controlled by someone and subject to be closed, raided, hacked or the owner could run away with some funds.

CoinJoin is more “decentralized” as it requires a set of people to agree to mix their inputs and intended outputs into a single transaction.

  1. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.

The risk is of the transaction to fail because of a DOS attack or because a participant of the transaction doesn’t sign his part.

  1. How can anonymity set be increased while keeping small transaction sizes?

Anonymity can be increased by increasing the number of transactions included in the process.

  1. What is the main benefit of CoinJoin over Zerocoin?

CoinJoin does not require any change in the network: no protocol (and political) change, no soft fork.

2 Likes
  1. Non custodial, using the bitcoin blockchain…

  2. Failure retry is when a transaction fails. For various reasons. In this case the threat of someone not signing. I believe by cascading he is referring to this transaction being repeatedly attempted. Would there not be risk that that large UTXO get locked up as older attempted TX has president over never TX to avoid double spend. So since you signed that TX. You can’t spend it in a newer TX unless the TX fails without retrying and goes into a block before the old TX is tried again? Or am I missing something?

  3. The best way for this to happen is all inputs and outputs being exact same value. So 10 inputs of 0.1 BTC and 10 outputs of 0.1 BTC would obscure sender and receive much better then random amounts.

  4. Data size of the blockchain can stay smaller with CoinJoin vs Zerocoin. Data size is a centralization risk for the Bitcoin network. To anyone reading this I recommend taking the Bitcoin Programming course in Academy and trying to run your own Bitcoin full node. Softfork of network is also a risk though it would only be a questions who did and did not use it. Rather then an actual hardfork of the network.

1 Like

The idea of retry risk is:

‘failure’ is when an input/output pair aren’t valid, for some reason. Could be an invalid signature, amounts don’t balance, inputs are not unspent, could be an attacker… any number of reasons why one input/output pair might fail.

For a CoinJoin transaction to be valid, ALL input/output pairs must be valid. If every user (input/output pair) has a 1% chance of making a mistake or being malicious, more users = higher risk.

@Baidis: I think your question #2 is about an individual pair being invalid, and what happens there. In that case, if someone tries to double-spend a UTXO, the blockchain should always ‘choose’ the older one. Does that answer your question?

1 Like

1.bitlaundry is much more centralized , no time locks and depnds of trust of person running bit laundry. coinjoin users agree on a set of inputs and set of outputs and sign them individually to be merged later.
2, if one person spends their transaction before it completes or if there is dos attack during transaction
3.by increasing the number of transactions in the coinjoin transaction
4.cutting edge crptography not understood by everyone, requires large memory, and hard fork

1 Like

Still bit confused. So the transaction is fully constructed and broadcast to Bitcoin network by one node. Is there a delay in the network verifying the TX of any substantial time? Do users have to re-sign each time the UTXO’s in the TX change. Or is the chaining of attempts created because each signature is only allocated to it’s corresponding UTXO? Does that allow the broadcaster of the TX to keep changing the combination of UTXO’s in the TX till one is approved? Can that cause each UTXO in the TX to be locked up till transaction approves if the node were to constantly be rebroadcasting this CoinJoin TX?

1 Like
1. CoinJoin transactions don’t rely on a trusted entity and are indistinguishable from normal Bitcoin transactions. 
2. It is about DOS attacks. In his post GMaxwell writes: “Someone can refuse to sign a valid joint transaction, or someone can spend their input out from under the joint transaction before it completes”.
3. By cascading small transactions.
4. It already works on Bitcoin and doesn’t requre a soft fork.
1 Like
1. CoinJoin transactions don’t rely on a trusted entity and are indistinguishable from normal Bitcoin transactions. 
2. It is about DOS attacks. In his post GMaxwell writes: “Someone can refuse to sign a valid joint transaction, or someone can spend their input out from under the joint transaction before it completes”.
3. By cascading small transactions.
4. It already works on Bitcoin and doesn’t requre a soft fork.
1 Like
  • What is the benefit of CoinJoin over BitLaundry, if any?
    I have full control of my balances. dont need third party.

  • About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
    The risk of some participants “going down” during the process of Coinjoin or the possibility of DOS attack.

  • How can anonymity set be increased while keeping small transaction sizes?
    because these transactions are cheap, there is no limit to the number of transactions you can cascade, so you can increase the anonymity set simply increasing participation.

  • What is the main benefit of CoinJoin over Zerocoin?
    Zerocoin requires a soft-forking change to the Bitcoin protocol , CoinJoin transactions work today

1 Like

First we should remember things might differ between implementations. But in the version described here,

The signatures, one per input, inside a transaction are completely independent of each other. This means that it’s possible for Bitcoin users to agree on a set of inputs to spend, and a set of outputs to pay to, and then to individually and separately sign a transaction and later merge their signatures. The transaction is not valid and won’t be accepted by the network until all signatures are provided, and no one will sign a transaction which is not to their liking.

So to your questions,

So the transaction is fully constructed and broadcast to Bitcoin network by one node. Is there a delay in the network verifying the TX of any substantial time?

The transaction is constructed by a user, and then sent to all nodes they’re connected to. Nodes try to validate and, if it’s correct, they add it to their chain and rebroadcast.

Do users have to re-sign each time the UTXO’s in the TX change.

Correct. That’s the ‘failure risk’. If one input/output pair is rejected, everyone needs to update their signature.

Can that cause each UTXO in the TX to be locked up till transaction approves if the node were to constantly be rebroadcasting this CoinJoin TX?

Each tx has an identifier from the creator, so nodes don’t need to worry about duplicates.

If the same UTXO is included in two otherwise ‘valid’ transactions, a node will keep the older transaction (and rebroadcast) and reject the newer one (and stop rebroadcasting).

1 Like

Awesome so the failure risk is that every transaction like this has to be confirmed by the user that it actually sent. Other wise if Bob is sending Alice funds he might later find she is angry she never got her money because TX failed. Also the assumed annoyance of repeatedly signing TX till network approves it. Probably also a factor of time out on the TX also I assume so if one of 100 goes for lunch everyone else gets a failed TX. Meaning the larger the pool size the more people are required to coordinate signing at same time.

1 Like
  1. CoinJoin is more decentralized as it requires a set of people to agree to mix their inputs and intended outputs into a single transaction.
  2. Failure risk is related to the risk that the CoinJoin transaction fails, either because of a DOS attack or because a member of the transaction is not performing its part of signature. It is an increased risk when it comes to huge transactions because it would put at risk all other parties involved.
  3. By increasing the number of transactions in the transaction
  4. No soft fork required.
1 Like