Wasabi — a wallet for anonymizing Bitcoin via trustless CoinJoin.

and some insights about it

Alex Lebed
Mar 12, 2019 · 7 min read

Open blockchain of Bitcoin makes it traceable

The question of anonymity in the Bitcoin network is one that has had a variety of opinions. Many people believe that Bitcoin is anonymous, in the same way, that cash is anonymous as a payment system. The reality, however, is that anonymity on a public network is complicated. There is no part of the Bitcoin protocol that demands users to provide their name, address, country of residence or really any piece of private information — but this doesn’t mean that a user has privacy. Rather, privacy is degraded with the addition of digital “fingerprints” that are immutably stored on the public blockchain which keeps this information readily available to any forensics company or government — forever. Even if it’s not clear who is who right now — a very large number of transactions — likely the majority of transactions — will eventually be tracked down to the people retrospectively. This fact makes achieving privacy a particularly challenging task.

Governments are able to make Bitcoin not fungible

Furthermore, the challenges in private or anonymous transactions are further worsened by the growing close attention of governments to the Bitcoin network and jeopardize the essential property that makes Bitcoin sound digital money — fungibility. If a forensics company can link behavior in the real world to some Bitcoin address, and then a government can claim these coins as “bad” now any wallet which will contain the trace of these addresses might be considered black-listed. This blacklisting of addresses has already been done by companies like coinsquare with the help of forensics companies — namely Chainalysis. This growing trend further makes Bitcoin non-fungible. Apart from that people don’t always want to flash their money for the rest of the world. So there’s clearly a demand of bitcoin users to have better privacy. If there’s a demand there should be supply.

Making Bitcoin fungible again

And there’s such supply. Despite fundamental traceability, in practice, it possible to use anonymity services such as Bitcoin mixers, conjoin and other obfuscation methods combined with Tor. For better privacy, it’s possible to use specialize currencies such as Zcash, Monero or MimbleWimble. However, this makes Bitcoin usage very complex and theoretical anonymity often doesn’t justify the significant loss in usability.

Also, in practice, the Tor with coin mixer are often sufficiently private unless you’re some sort of John Snowden or Julian Assange. This makes coin mixers a popular chose and many people use it.

Trustless mixers

However, there’s little problem. How can we do coin mixers in a trustless way? Majority of mixers are a centralized website where you deposit your Bitcoin and hope that owner won’t cheat you and get your mixed coins back. A good example of one such mixer is BestMixer.io, which allows users to send anything from 0.001 Bitcoin to nearly 500 Bitcoins through their service, at a fee of 1–5%.

“Not your Keys, not your bitcoin” — is still very true.

Another problem, even it’s it you get coins back there’s no guarantee that it doesn’t run by a malicious actor who sells this info without disclosing.

Trustless CoinJoin

So in this article, I would like to write about an interesting project called Wasabi wallet.

It’s an open-source wallet which basically helps to mix your coins using purely trustless approach without relying on any trusted party. For the better obscurity, it works via Tor by default.

It helps to solve several problems. Bitcoin wallet almost generates keys from the single seed using so-called HD-wallet technique. They share lots of wallets address which make it possible to connect to each other you-you make the transition. So instead of this, Wasabi just mixes coins on all wallets users between each other and does it using the multisig script to completely eliminate the trust on the other party.

The best part of this wallet that it is not just a concept but actually works and it has decent UI. This is important because the more people participate — for the anonymous CoinJoin techniques are. You can try it here https://www.wasabiwallet.io/

Chat with founder

I wanted to learn more about it so I wrote the founder of the wallet (nopara73) on telegram and asked a couple of questions:

> What’s the ownership structure of the project? I heard originally that it’s an indy project made by one cryptographer (presumably by you) but on the news, I’ve read that there’s a whole company behind it?

I started working on the project in 2016. Originally I called it HiddenWallet and it was going to be a JoinMarket wallet. Then long story short, I found Lucas with who we rewrote the wallet and called it Wasabi Wallet, and teamed up with two lawyers and founded the company: zkSNACKs.

We are not cryptographers.

Just code monkeys.

> Also, could you please comment on the belt system https://github.com/zkSNACKs/WalletWasabi/blob/master/WalletWasabi.Community/Dojo.md — why did you choose it that way? how is it better than other types of inceptive management?

Wasabi users are creating useful content to Wasabi and I felt bad that these valuable pieces are falling into oblivion and I don’t properly show my appreciation for their hard work. Thus we came up with the Dojo. I don’t know if it’s better or worse than other systems. It does its job today and may grow itself out later.

Sybil attack

I originally thought that despite all advantages of trustless implementation it is still CoinJoin and therefore very often criticized for being vulnerable to a Sybil attack. Because I don’t have sufficient expertise in these types of attack, I asked Aviv Milner to explain how does it work and by it’s private:

(1) Users download the wallet, for the purpose of running their “tainted” coins through the wallet, to create “unlinkable” UTXOs.

** Sybil attack is not a problem because there is a cost to running your coins through the mixer, so if you Sybil the wallet, you are funding the wallet and making it more usable.

(1*) So once a user has downloaded the wallet, they will send their dirty coins to a Bech32 address that the wallet generates. This address belongs to the user, and only to that user, who has all of the private keys.

(1**) Let’s pretend the user has 1.7 BTC and it has been “traced”.

(2) The user’s wasabi wallet is connected to the other wasabi wallets via Tor, this makes tracking IP addresses much, much harder.

So the user decides if they are ready to participate in a Chaumian Coinjoin Transaction with all of the other Wasabi wallets that are currently online — if so, they “queue” their coins within the wallet, and the wallet signals to other wallets “I am ready to Coinjoin”.

(3) Once the requisite number (currently 50+) wallets have publicly queued for the next coinjoin, an unsigned bitcoin transaction is created. It looks like this, but unsigned:


Once all users have checked that their inputs and outputs are valid, the signing begins and all users sign off on the transaction. Once all signatures are collected — the transaction is broadcasted to the network.

Note: A user cannot lose all of their money, because they are submitting their input and outputs addresses before they sign off.

If you look at this transaction, examine the first 50 outputs on the right

50 outputs, all of the amounts are the same!

0.09973946 BTC!

These are the clean coins because it is very hard to link them to the “tainted” addresses on the left.

All we know is that each of the 50 clean outputs comes from 1 of the 50+ participants on the left. This means that the anonymity set is 50 because you can only say “this bitcoin comes from one of these 50 potential histories”

This anonymity set is much higher than Monero’s, which I believe is currently around 8–12 for the ring signatures.

Some Insights

Here’s some an interesting insight which Aviv shared with me.

The business model of this wallet is very simple. When you do conjoin the authors receive about 0.3% from the transaction. And because all Bitcoin transaction are public and the fees address is static — it’s possible to check it. So here it is:


As we can see, all transaction fees are there.

Tadam! As we can see that about 11 BTC transaction happens so far. So we can divide this sum on the fee value and get the total mixed volume. But there is another tab which is more interesting for me: stats of the transaction.

See dynamic of Net Change

You can see here transaction and volumes distributed over time. It’s actually growing very fast!

I hope that you found this article useful. Consider to clap and let me know if you have any questions or topics you are interested in, for example how CoinJoin actually works.

I’ll write an overview of Avalanche, Coda, Algorand, Near protocol and other cool crypto topics. You can subscribe here or follow me on twitter. Thanks!

originally posted on reliable.cash

Alex Lebed

Written by

Developer and entrepreneur. ex Amazon, Facebook, Genotek. Math degree in logic and algorithms. Stablecoins|privacy|singularity

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade