Wasabi Wallet

Wasabi Wallet's avatar
Wasabi Wallet
npub167hm...schc
Open-source, non-custodial Bitcoin Wallet with built-in coinjoin for desktop.
Bitcoin transactions reveal the origin and destination addresses of every unit spent. Bitcoin’s privacy problem can be solved by a special type of transaction called a “coinjoin” which includes coins from multiple users that are reorganized into matching amounts. All Bitcoin transactions show where the coins that are being spent came from (known as inputs) and where the coins are being sent to (known as outputs). Each input and output has an address, and an amount. When a payment creates two outputs, the receiver can track the leftover change that belongs to the sender when it is spent in a future transaction. When a payment consumes more than one input, an observer can link multiple payment addresses used by the sender together. These kinds of transactions are easy to trace, revealing a chain of information about a wallet’s balance and transaction history to anyone who looks for it. Coinjoin transactions are different: There are more than two outputs and the inputs are consumed by multiple senders. Coinjoins allow you to privately shift your coins from the original addresses known by previous senders or receivers into new addresses that are not deterministically linked to your previous transactions, even if you are not making an immediate payment. In order to organize all the inputs and outputs into a coinjoin transaction, a central coordinator is used to relay all the transaction information to participants. This process is non custodial, so the coordinator and the other participants cannot steal your funds. A minimum of 150 inputs is required for the coinjoin to proceed, but up to 400 inputs are allowed in a single round. Once enough inputs are ready, users choose outputs that are the exact same size as other users, creating a crowd of identical matches to hide in. A new unique Tor identity is used any time an input is registered or an output is claimed by a client so that the coordinator is not able to link any coins together by matching the IP address to the same owner. Each consecutive coinjoin your coins participate in increases the size of the crowd they are hiding in, allowing users to boost their privacy as much as they want before sending or storing their coins.
Bitcoin 101: What is fungibility? Fungibility is a desirable property of anything used for trade such as a commodity or currency. Items can be considered fungible if any single unit has the same value as any other unit without further inquiry about its origin, destination, or unique attributes. Several variables have the potential to affect the fungibility of bitcoin units despite there being a commonly discovered price displayed across many exchanges. Privacy and divisibility greatly contribute to the fungibility of bitcoin, but unique differences still exist. A factor that makes a certain amount of bitcoin have a different value than the same amount in another wallet is the number of UTXOs the balance is split into. Since transaction fees are required to spend each additional input, low value inputs are disproportionally economically penalized compared to high value inputs. Another factor that makes satoshis worth ever so slightly more or less is their position within lightning network channels. Every lightning channel has a fee rate set by each peer, effectively assigning certain bitcoin units a positive or negative cost to move. Subjective value assigned by the market may also affect the fungibility of bitcoin units. Much like a guitar signed by Elvis has a premium market value in the eyes of some fanatics, a coin that was “signed” when spent by a Bitcoin celebrity may have sentimental appeal.
Primitive coinjoin designs isolate change, creating a definite trail. Efficient coinjoin designs include change, creating probable links. Both strategies fall short of user expectations, so there’s only one option left: getting rid of toxic change in coinjoins. Since we cannot spend toxic change from coinjoins privately, we must eliminate it. No more change. Having one standard denomination per pool seems inflexible since inputs under the denomination require consolidation and inputs over the denomination create change. With single-value coinjoins in Wasabi 1.0, JoinMarket & Whirlpool, the problem of toxic change cannot be eradicated. The ZeroLink protocol developed by cryptographers such as #[0] , founder of Wasabi Wallet, was not made for multiple values: a redesign was required. Enter the WabiSabi protocol with arbitrary-amount coinjoins, allowing multiple denominations, which successfully gets rid of the problematic change outputs in single denomination coinjoins. After almost three years of research, the Wasabi team invented a novel way of doing coinjoins by using key-verified anonymous credentials (KVACs) and a specific type of amount organization; maximizing privacy and efficiency while eliminating change outputs. The new cryptographic protocol was named WabiSabi, which is a Japanese word for finding beauty in imperfection. The complete redesign of the Wasabi Wallet that utilizes WabiSabi was named Wasabi 2.0. With WabiSabi, instead of having to consolidate inputs to meet a minimum denomination, each input gets registered separately, resulting in no connection between different inputs registered in a coinjoin round. The minimum denomination in the WabiSabi protocol that Wasabi 2.0 uses is only 0.00005000 BTC (5,000 sats), which means that now everyone is able to reclaim their privacy and participate in coinjoins. The user can register up to 10 inputs and get up to 8 outputs, with randomization. Inputs may be broken down into multiple smaller outputs or consolidated into fewer large outputs, or both. A large list of 79 predetermined output amounts enables having multiple equal amount outputs of different denominations, without creating a change output. Even if there is an unequal amount output whose value is close to the other outputs, it is practically impossible to know which input or output it is linked to due to the vast number of possibilities. Try it yourself:
Wasabi Wallet: The Privacy focused Bitcoin Wallet
Wasabi is an open-source, non-custodial, privacy-focused Bitcoin wallet for desktop, that implements trustless multi-party transactions over the To...
 A user may decide to coinjoin multiple times to get better plausible deniability, but one tx can already provide good privacy. No matter how much bitcoin a Wasabi 2.0 user has, they may coinjoin all of their UTXOs into one single tx, often without creating toxic change. With Wasabi 2.0 coinjoins, there are no deterministic links between input and outputs with the exception of whales, who have much larger inputs than all the other participants’. Additional rounds of coinjoins will easily and entirely reclaim their privacy. With the WabiSabi coinjoin protocol used in Wasabi Wallet 2.0 a new era of digital privacy has begun. A major design tradeoff of the Bitcoin UTXO model was fixed and fungibility is finally here with interchangeable bitcoin transaction histories. Change outputs can now be eliminated from coinjoin transactions, which has huge implications for bitcoin wallets in terms of privacy and usability. Bitcoiners using coinjoins don't need to worry about change outputs being a privacy leak or outright liability anymore. “Toxic change?” you ask. What toxic change? There is no toxic change. Bitcoin is finally fungible and you can reclaim your privacy today with state of the art coinjoins.
Including toxic change in coinjoins has efficiency and UX tradeoffs, making it hard for users to handle. Not ideal. Isolating this change before the coinjoin is another option presented by Whirlpool. How does it work and is it a good idea? Whirlpool relies on 4 pools, namely 0.5 BTC, 0.05 BTC, 0.01 BTC & 0.001 BTC. Multiple pools carries the inherent issue of splitting liquidity which can lead to delays + lower privacy. If a user has one 0.17 BTC coin, they have to do a “Tx0”: a way to exclude the change before a Whirlpool coinjoin. Here’s how it works. Assume the user chooses the 0.05 BTC pool to coinjoin. Before the user gets into the coinjoin, they break the 0.17 BTC input into 3 standard ~0.05 BTC outputs and a ~0.02 BTC change output, plus pay the coordinator fee. The three ~0.05 BTC outputs are then expected to coinjoin in the 0.05 BTC pool, while the remaining ~0.02 BTC is sent to a different, automatically-generated sub-wallet to hold the “doxxic change.” It is technically accurate that Whirlpool coinjoins do not have toxic change, but change is still created and can be followed. It's just in the Tx0 before the coinjoin. Tx0 isolating the toxic change output in a self spend transaction before a coinjoin is worse for privacy than having it included in the coinjoin since there are no other potential owners of the change output created. The user’s change is alone and traceable. Wait, really? Isolating toxic change from private coinjoin outputs may initially sound good, but it comes with inherent downsides regarding cost and UX. So, how does a user manage their isolated toxic change outputs? Change may be a lot of money, such as ~0.02 BTC above. The user can send the toxic change to a smaller pool, pay new coordinator fees, but there would still be leftovers. This would link 2 Tx0s, which connects the user to these 2 seemingly unrelated txs. Using a sub wallet for change hinders legitimate edge cases in which a user could be willing to consolidate a UTXO from a coinjoin with a change output, like when a new user realizes with surprise that the wallet has sent his XPUB to the wallet servers by default. Change output isolation also creates a burden on the user as they have to deal with another non-standard sub-wallet. Creating a separate sub-wallet to isolate change outputs from coinjoin transactions is, at best, an experiment or a total privacy sacrifice that has proven quite blockspace inefficient, and therefore expensive for users. While some vocal proponents praise it, Tx0 seems to be a naive attempt at handling toxic change in coinjoins. Wasabi 1.0 & JoinMarket, where change is included in coinjoins, are better at protecting user privacy in terms of usability, blockspace efficiency and fees. On KYCP & OXT websites, 2 closed-source chain analysis tools, Whirlpool coinjoins look "prettier" than JoinMarket & Wasabi coinjoins since the change output is created in the previous transaction. However, doing this offers no privacy advantage & is blockspace inefficient. In Wasabi 1.0 & JoinMarket, change is in the coinjoin, making it blockspace efficient but “ugly” since not all outputs are equal. In the inclusion strategy with multiple users, even the change may not be clearly connected to its input. In Tx0, change is 100% clear. Whirlpool users have to choose which pool they want to participate in and have to take part in at least two transactions, which is a Tx0 to isolate the change, followed by an equal output coinjoin transaction. Not ideal. The design of Whirlpool limits the number of inputs & outputs to five each, so a user looking to hide in a large crowd must coinjoin quite a few times due to their small size, adding further delays. Is there a better way to manage toxic change in coinjoins apart from isolation or inclusion? One strategy is to flip the problem on its head: Instead of trying to manage toxic change by isolating or including it in coinjoins, why not just get rid of it? Eliminating toxic change from coinjoins is the next evolution in bitcoin privacy. Next, we will analyze how Wasabi 2.0 and its new coinjoin protocol, WabiSabi, works to eradicate this privacy concern in the Zerolink protocol. OHint: it’s about arbitrary-amount coinjoins) If you want to read more on the full topic, #[0] has the full article available here:
Bitcoin Magazine
How To Deal With Toxic Change In CoinJoins
Wasabi Wallet’s WabiSabi protocol is designed to eliminate change outputs from CoinJoins, better protecting Bitcoin users’ privacy.
Among strategies to deal with toxic change in coinjoins, inclusion is one of them. Wasabi 1.0 and JoinMarket include toxic change in coinjoins. What does this mean for users and their privacy? Let’s dive in: Wasabi 1.0 requires around 0.1 BTC to participate in coinjoins, while many different amounts are available on JoinMarket. In JoinMarket, you have to find or become a maker who provides liquidity & decides the values for a coinjoin. This creates toxic change as takers will likely have input amounts that differ. With Wasabi 1.0, toxic change is also present in the coinjoin transaction, making it sometimes possible for an outside observer to link the change output to the input. If a user has one 0.17 BTC coin, they can participate in a coinjoin round to get a ~0.1 BTC private coin and a ~0.07 BTC change output. Is the 0.07 BTC change toxic!? Let’s see… Even if the coinjoin participant did not intend to make the ~0.07 BTC change output private, there is an opportunity for the change output to inherit some privacy due to the presence of inputs from other users in the same round. For example, if another user in the round had registered both a 0.08 BTC coin and 0.09 BTC coin, they also get a ~0.1 BTC private coin and a ~0.07 BTC change output. The larger the coinjoin, the more difficult it becomes to link a change output to an input. In the Wasabi 1.0 interface, private coins are labeled with a green shield, while the non-private change coins have a clearly-visible red shield. If a user tries to consolidate by spending them together, they will see a warning discouraging the consolidation. In many cases, it is still possible to link a change output in Wasabi 1.0 and in JoinMarket to other inputs, which makes the change inclusion strategy in these coinjoins not as robust over time. Pushing this burden on the user is not optimal. What are the other options? In the next post, we will explore the other strategies to deal with toxic change in coinjoins, namely change isolation and elimination. Follow the full discussion in the Bitcoin Magazine article here:
Bitcoin Magazine
How To Deal With Toxic Change In CoinJoins
Wasabi Wallet’s WabiSabi protocol is designed to eliminate change outputs from CoinJoins, better protecting Bitcoin users’ privacy.
Change in Bitcoin is toxic. Even in coinjoins! 💀 Different coinjoin implementations have unique ways of dealing with toxic change. Should change be included, isolated, or outright eliminated in coinjoins? Let’s explore: Among all coinjoin designs, there are three major implementations: JoinMarket, Whirlpool and us, Wasabi. All have different ways of dealing with toxic change. The ultimate goal is to help users protect their privacy with ease. Summarized briefly: Wasabi 1.0 and JoinMarket include toxic change in coinjoins. Whirlpool isolates toxic change from coinjoins. Wasabi 2.0 (WabiSabi) eliminates toxic change from coinjoins. What are these different strategies all about? Which one is better? We’ll try our best to sum it all up. You can also read the full article on this topic below. (Hint: getting rid of change sounds like a great plan.)
Bitcoin Magazine
How To Deal With Toxic Change In CoinJoins
Wasabi Wallet’s WabiSabi protocol is designed to eliminate change outputs from CoinJoins, better protecting Bitcoin users’ privacy.
 In Wasabi 1.0 and JoinMarket, coinjoins have single fixed denominations. A user will most likely generate change as they don’t have the exact same value as the one required by the coinjoin. Read more about this here:
Change Coins | Wasabi Docs
Details about the privacy of different types of change and strategies for using them. This is the Wasabi documentation, an archive of knowledge abo...
 Including toxic change in coinjoins is fee and block space efficient, but toxic change still burdens the user when spending their balance in the future. If toxic change and private outputs from coinjoins are consolidated, the privacy gained is undone. What about isolating toxic change before the coinjoin happens? This is what Whirlpool’s coinjoin implementation does with Tx0, a self spend transaction that peels the change into another sub-wallet. This sounds good on the surface, right? Think again. Isolating change from coinjoins has lots of issues. It’s inefficient as it requires at least 2 txs with Whirlpool (Tx0 + coinjoin tx). Typically, more than 2 txs are needed due to the small size of coinjoins, but that’s a topic for another time. Users should also be careful not to consolidate different toxic changes. Each toxic change in Whirlpool is isolated in the same sub-wallet, which puts the burden back on the user. Change can be a meaningful amount of money. So, what to do with it? Unknown. Registering toxic change in other coinjoins is bad in Whirlpool as it connects multiple Tx0s together. So how does one manage toxic change in coinjoins? What if there is no change? Make change disappear from coinjoins so that users don’t have to deal with it while wallet developers can sleep better at night knowing users don’t make errors that could ruin their privacy. Say hello to WabiSabi and arbitrary amount coinjoins.
Wasabi Wallet: The Privacy focused Bitcoin Wallet
Wasabi is an open-source, non-custodial, privacy-focused Bitcoin wallet for desktop, that implements trustless multi-party transactions over the To...
 With fixed denomination coinjoins, Wasabi 1.0, JoinMarket and Whirlpool generate change outputs most of the time. JoinMarket has more edge cases that can be discussed in another thread. With arbitrary amount coinjoins, change is almost always eliminated. Lonely whales may be the exception. In one single coinjoin transaction, a user can get not only a reasonably good anon set (more on that later) but also get rid of his toxic change outputs. Good UX. Good privacy. Good efficiency. Best of both worlds? Yup. Eliminating toxic change outputs in coinjoins has major implications for privacy and is only made possible thanks to arbitrary amount coinjoins. With WabiSabi, there are 79 denominations for a given output, which provides lots of possibilities and usually result in no non-standard denominations. Yes, lonely whales may receive change outputs with non-standard denominations, which can be considered toxic. Then what? Coinjoin again, for free. Just pay mining fees and get good privacy. That's it.
Don’t miss the Twitter Space on Toxic Change in Coinjoin hosted by #[0] ! https://twitter.com/i/spaces/1BRKjZymNBaKw Join us today at 18:00 UTC to ask all your toxic questions with #[1] #[2] #[3] #[4] npub1cq6t0sz84xm5zasmtzmwskjn6e55hc2xe78fzy4jjju25w69zj2q8ttsu7 UTXOs can be confusing, so we’ve broken down the details of how each coinjoin implementation works under the hood. Check our latest threads to learn more before the show starts!
For long, Coin Control has been seen as the pinnacle of Bitcoin privacy – Why is Coin Control important, how does it work, and what are potential risks when coinjoining? Bitcoin transactions work just like cash. When buying a bag of groceries for $25, we can combine any number of bills to add up to the desired amount, such as $10 + $10 + $5. While many wallets only show your full Bitcoin balance, your balance is likely made up of several “bitcoins”, or Unspent Transaction Outputs (UTXOs). UXTOs can be thought of as bills and coins in your physical wallet. Unlike cash, each UTXO has a history. Due to the public nature of the blockchain, anyone is able to see where a UTXO comes from and where a UTXO is going. This creates an issue for users who may not want a recipient to know the origin of a particular UTXO used for payment. Coin Control was first introduced to the Bitcoin Core GUI in 2013, allowing users to pick and choose certain UTXOs to spend. For example, you may have received a UTXO from a KYC exchange and are making a transaction you don’t want associated with your identity. With Coin Control, you can exclude the KYC UTXO from the transaction. Similarly, if a friend paid you 0.2 BTC in the past and you want to send him 0.1 BTC back, Coin Control allows you to choose the UTXO you’ve previously received, minimizing the correlation of your transactions on the blockchain. Coin Control is a great tool to manage what information you reveal about your transactions on the blockchain. In addition, Coin Control can be applied to minimize fees or optimize for speed. When paired with coinjoin, however, Coin Control can become a lot more complicated. All coinjoined UTXOs receive a so-called anonymity set that is dependent upon how many coinjoin rounds your transaction participated in. Imagine you need to send 0.25 BTC to a friend. You have three UTXOs of 0.1 BTC with an anonymity set of 30 and one UTXO of 0.2 BTC with an anonymity set of 10. When optimizing for fees, it is obvious to send the UTXOs of 0.1 BTC and 0.2 BTC. But this reduces the anonymity set of your transaction to 10, inherent to the 0.2 BTC. While you’ve made a smart choice for fee optimization, you have not made a smart choice for your privacy. Coin Control has been a long standing feature of Wasabi Wallet, but the degradation of privacy after coinjoining had been frequently observed. Users consistently chose a suboptimal combination of UTXOs to spend. This is why Wasabi Wallet 2.0 launched with the smart coin selection feature, also known as privacy control. With smart coin selection, the software chooses the most private coins to spend for you. Non-advanced users no longer have to worry about controlling their coins manually, reducing UX friction for Bitcoin privacy beginners. With Wasabi Wallet 2.0.3, Coin Control is back allowing advanced users to gain optional insight and control over the automated feature’s selection by holding the ‘Alt’ or ‘Option’ key in the transaction preview to optimize transactions based on personal preference. Learn all about Wasabi Wallet 2.0.3 and all the other added features in the release notes:
GitHub
Release Wasabi Wallet v2.0.3 · WalletWasabi/WalletWasabi
Wasabi is an easy to use, privacy-focused, open-source, non-custodial, Bitcoin wallet Download 🪟 Windows 🍏 Apple M1/M2 🍎 Apple Intel 🐧 ...