There has been much confusion recently around Anonymity Sets in relation to CoinJoin transactions. While there is no universally agreed upon definition, the generally agreed upon concept is, the size of the crowd, that your mixed UTXOs can hide in.
Unfortunately, some other mixing platforms promote very vague — and often totally inflated — Anon Set numbers that users cannot verify for themselves. These users even pay a mixing fee that increases based on the Anon Set number they “choose”. Effectively these users are paying a hefty premium for something they can’t even verify they are getting.
We think users deserve better than that. Today we are releasing an open source, free command line tool that will allow Whirlpool users to determine Anon Set scores from their Whirlpool transactions, as well as observe the overall scores of the entire pool.
These numbers will make their way into both Samourai Wallet and Whirlpool over the coming releases, and we believe if users cannot verify these numbers, then they are meaningless.
We aim to provide a well explained technical definition of what an Anon Set is in the context of a Whirlpool CoinJoin and most importantly we aim to define a reproducible and deterministic method to score Whirlpool CoinJoin transactions.
Basic Whirlpool Concepts
In order to understand the Anon Set calculations and resulting scores you need to understand a few concepts surrounding Whirlpool.
The Tx0 is the starting point for all Whirlpool CoinJoin transactions. In the Tx0, housekeeping that needs to be taken care of is handled before the mix takes place. The UTXO(s) you wish to mix (on the input side) are automatically split into like-amounts based on the Pool chosen by the user (on the output side) and registered with the Coordinator to begin mixing.
The like amount UTXOs that are created in the Tx0 transaction (described above) are known as Premix. Premix UTXOs have not yet mixed, but they are ready, and once registered with the coordinator they are given priority to be selected in the next mix transaction.
Any UTXO that has mixed at least one time and has not left the Pool, is considered a Postmix peer. These UTXOs have been mixed already, but can be mixed again. As long as the Whirlpool client is running these UTXOs will randomly be selected as peers in subsequent mix transactions.
In Whirlpool, you are encouraged to perform additional CoinJoin transactions with your Postmix UTXOs. This is known as Remixing, and is extremely beneficial for yourself and other peers in the pool. To encourage users to engage in Remixing, there is no additional cost incurred by the user, they simply need to leave their UTXOs in the pool and their Whirlpool clients running.
In an actual Whirlpool CoinJoin transaction there are 5 total inputs. At least 3 inputs — but up to 4 — are Premix and at least 1 input — but up to 2 — are Remixers. All Whirlpool transactions that have occurred after the Genesis mix have this composition.
Backward-looking Anon Set
Backward-looking anonymity set is defined as the number of Tx0 ancestors that are related to the transaction being scored, going all the way back to the first mix of the pool, the genesis mix.
Every UTXO that has completed one Whirlpool transaction can trace a lineage back to the genesis mix. This ensures that the anonymity set for any pool goes back to the pool’s inception.
To calculate the Backward-looking Anon Set for a given transaction you must first count each Premix UTXO in the transaction you wish to score.
Then, you must look at each of the the Remixing UTXO(s) in the transaction you are scoring, and count the Premix UTXO(s) associated with that transaction. This counting repeats for every Remixer all the way back to the genesis mix.
This Backward-looking score does not change. It is frozen based on the ancestral Premix UTXOs that have entered the pool prior to your joining. This is primarily driven by the age of the associated Postmix UTXO(s) in the transactions. Younger Postmix — meaning mixed recently — provide more ancestors between itself and the genesis mix than older Postmix that were created closer in proximity to the genesis mix. More ancestors means a higher Backward-looking score.
Forward-looking Anon Set
Forward-looking anonymity set is defined as the number of Postmix UTXOs that descended from your transaction that have not yet been Remixed.
Immediately after a mix transaction the Forward-looking score would be 5 since there are 5 Postmix UTXOs created on the output side of every Whirlpool transaction. Assuming none of the Postmix peers remix these UTXOs ever again, the Forward-looking score would remain at 5.
Now, imagine one of these Postmix remixes in the next transaction. The Forward-looking score would change to 9.
One output would be deducted from the original five since it has now Remixed, leaving a score of 4. At the same time, an additional 5 Postmix UTXOs that are descended (by relation of the Remixer) will be created in the Remix transaction. This would make the Forward-looking score of your initial transaction 9.
The Forward-looking score is not frozen. The behavior of yourself and the other peers in your CoinJoin transaction will have an impact on the Forward-looking score over time. As you and other peers that descend from your initial transaction engage in Remixing, the score will continue to grow.
Understanding the scores
Since every Whirlpool mix transaction contains a pathway to the genesis mix of that pool, let us continue with the family metaphor when diving deeper into understanding what these scores are telling us.
The Backward-looking score can be thought of as the legacy that is inherited when the Pool is entered. Based on the behavior of your ancestors (peers that came before you) the Backward-looking score tells you how many potential Tx0’s you could claim be your own. As a user this means a higher score means more deniability, as there are more potential pathways to the genesis mix, thus more potential entrants to the Pool that you could claim to be.
The Forward-looking score is the current size of the crowd from the selected transaction. Where the Backward-looking score is concerned with the behavior of your ancestors (peers who came before you), the Forward-looking score is concerned with the behavior of your descendants (peers who will come after you). This score will tend to trend upwards over time provided your descendants properly look after the legacy they have inherited by Remixing.
It becomes obvious that Remixing Postmix not only increase the Backward-looking score of your own UTXOs, but even if your UTXOs aren’t selected for Remixing, the Remixing of others improves your Forward-looking score.
Remixing UTXOs is helpful for increasing the overall scores of everyone in the pool. It is so important we have made it free in an effort to encourage users to Remix as often as possible.
Calculate it yourself with WST
We have created an Open Source command line tool that can be run locally to obtain these scores for any Whirlpool transaction. You can download the Whirlpool Stats Tool (WST) from Github and run it locally.
WST automates the process of downloading snapshots of the transaction graph and performing the computation described in this article to derive the scores for any given transaction. Additionally Pool level metrics are provided and plotted in an attractive graph format for unprecedented transparency into the overall health of the Anon Set of a given pool.
Auditing the tracks you leave behind
Once you leave a Whirlpool Pool by spending your Postmix, these scores are no longer applicable. It is important to use a wallet — such as Samourai — that puts a strong emphasis on Postmix spending privacy in order to maintain the privacy benefits that have been achieved.
In order to help users understand the impact their transactions make on their privacy, we have made additional tools available.
OXT.me — Blockchain analysis tool and explorer made available to the public. Attempts to cluster addresses into entities using common heuristics.
KYCP.org — Know Your Coin Privacy is a visual tool built on top of OXT data that allows a quick look up of any transaction. Deterministic links and other privacy gotcha’s will be called out for review.