Introduction
Bitcoin is often viewed as digital cash, but this is debatable. If Alice pays Bob $10 in cash, Bob has no way of knowing where the cash came from. When Bob transfers the $10 to Carol, Carol has no way of knowing that the $10 originally came from Alice.
However, the inherent public nature of Bitcoin means that the situation is different. The history of a given coin (or, more precisely, its unspent transaction output, or UTXO) is available for everyone to see. This is much like writing the transaction amounts and the names of the participants in a ledger.
However, public addresses can be anonymous, so users can easily hide their identities. However, Bitcoin cannot completely hide its traces. Blockchain analysis technology is becoming more and more mature, and it can effectively match addresses with identities. In addition to other surveillance technologies, dedicated entities can also deanonymize cryptocurrency users. In order to solve this problem, a variety of technologies for unbinding transactions have emerged in the market.
What is Token Mixing?
In a broad sense, coin mixing refers to any operation that confuses funds by exchanging them. However, in the cryptocurrency space, coin mixing is provided by a third party service. The service provider usually takes the user's coins (and a small fee) and then returns some coins that have nothing to do with the coins sent. Such services are also called tumblers or mixers.
Of course, the security and anonymity of such centralized services are questionable. Users cannot guarantee that the mixer will return the funds, or that the returned tokens are not contaminated to some extent. In addition, when using a mixer, the IP and Bitcoin address may also be recorded by a third party. The result of token mixing is that users give up control of their funds in the hope of receiving unrelated tokens.
There is a new scheme called "CoinJoin transactions" that gives users a great deal of deniability. That is, after using CoinJoin, the exact evidence of the user's connection to previous transactions is erased. Many CoinJoin solutions have become decentralized alternatives to mixers. Although coordinators may intervene, users do not need to give up the right to manage their funds.
What is CoinJoin?
CoinJion transactions were first proposed by Bitcoin developer Gregory Maxwell in 2013. In his post, he briefly introduced the structure of such transactions and how to obtain high privacy benefits without modifying the protocol.
Essentially, a CoinJoin transaction combines inputs from multiple users. Before we explain how this technology works, let’s first understand the structure of a basic transaction.
Bitcoin transactions consist of inputs and outputs. When a user wishes to transact, they pass in a UTXO as input, specify an output, and sign the input. Note that each input is signed independently, but users can set up multiple outputs (with different destinations).
Let's take a given transaction consisting of four inputs (0.2 BTC each) and two outputs (0.7 BTC and 0.09 BTC) and make a series of assumptions about it. First, watch the payment happen - the sender sends one of the outputs to someone and then receives change. This transaction uses four inputs, so the larger output should go to the receiver. Note that we need to pay the miner's fee, and the output loses 0.01 BTC.
The sender may also want to create a large UTXO, so merge the small inputs to get the target output of 0.7 BTC.
We can also assume that each input is independently signed. This transaction can have at most four parties signing the inputs. This is exactly how CoinJoin works.
How does CoinJoin work?
The core idea is that multiple parties collaborate to create a transaction, with each party providing input and expected output. Once all inputs are combined, others cannot identify the corresponding relationship between output and user. Let's look at the following diagram:
As shown in the diagram, four participants wish to decouple transactions. They coordinate with each other (or through a dedicated coordinator) to announce the inputs and outputs they wish to count.
The coordinator takes all this information and draws it up into a transaction, having each participant sign it before broadcasting it to the network. Once the user signs, the transaction cannot be changed before it becomes invalid. Therefore, the coordinator cannot steal funds.
This transaction acts as a black box for token mixing. Remember, we are destroying the initial UTXO to create the new UTXO. The only connection between the old and new UTXO is the transaction itself, and of course we cannot distinguish the participants. The best case scenario is that we only know that there are participants who provide inputs and may be the owners of the output results.
Even so, we can’t be 100% sure. Looking at the transaction described above, who can be sure that there are four participants? Or is there only one person sending funds to his four addresses? Or two people buying twice, each receiving 0.2 BTC to their respective addresses? It is also possible that four people sent funds to new participants, or that the funds flowed back to themselves. We can’t be sure of the specific situation.
Protecting privacy through deniability
The advent of CoinJoin implementations is enough to cast doubt on transaction analysis methods. In many cases, you may be able to infer that a CoinJoin occurred, but you cannot determine the output owner. As this technology becomes more common, the assumption that all inputs are owned by the same user gradually weakens. Privacy in a broad and comprehensive ecosystem has been greatly improved.
In the above example, we assume that the anonymous set of transactions has 4 input owners, and the output owner can be any of these 4 people. The larger the anonymity set, the lower the probability of finding a correspondence between the transaction and the original owner. Fortunately, the recent CoinJoin scheme allows dozens of users to fuse inputs in a trustless manner, significantly improving "deniability." Recently, CoinJoin successfully executed hundreds of trades.
Summarize
For users who value privacy, coin mixing is a very effective supplement. Unlike proposed privacy upgrades (such as confidential transactions), this technology is compatible with existing protocols.
For users who trust the integrity of a third party and an effective method, mixing services are simple and convenient. For users who prefer verifiable or non-custodial solutions, CoinJoin is the perfect choice. Tech-savvy users can extract more complex mechanisms manually or use software tools. Today, with the increasing demand for privacy, such tools in the market will become more popular.
