Crypto
How To Maintain Privacy When Spending Mixed Bitcoin
Published
2 years agoon
Considerations should be made when spending Whirlpool unspent transaction outputs (UTXOs) so that the anonymity benefits of mixing your bitcoin are kept intact. There are transaction tools that help you spend your post-mix bitcoin in a way that maintains anonymity, each tool offers different techniques and it’s important to understand the differences so that you can always use the right tool for the job.
This article will explore some basic concepts related to the wallet structure around Whirlpool and demonstrate the post-mix spending tools built into Samourai Wallet and Sparrow Wallet.
Although this article focuses on using these tools from the post-mix wallet, they can be used from the other wallets as well.
Basic Bitcoin Wallet Structure
In both Samourai Wallet and Sparrow Wallet, the Whirlpool implementation is such that there is a four wallet structure used. These four wallets are all managed by your wallet software in the background, and from the user’s perspective, you can navigate between wallets seamlessly.
Structuring the wallets in such a way is important so that your UTXOs remain sequestered from each other, this way your UTXOs follow a logical path through the different stages along their way to the post-mix stage and arrive there without any deterministic links to prior transaction history.
Both Samourai Wallet and Sparrow Wallet have support for the following address formats:
- Pay-to-Public-Key-Hash (P2PKH) addresses that look like “17SkEw2md5avVNyYgj6RiXuQKNwkXaxFyQ,” also referred to as “legacy.”
- Pay-to-Script-Hash (P2SH) addresses that look like “3EEJFjZURxShNr2AoJtbfcvCB749yzP7LP,” also referred to as “nested SegWit.”
- Pay-to-Witness-Public-Key-Hash (P2WPKH) addresses that look like “bc1qqmmc3s46efrdq0jglhf8l8jg0xw37exgne6q3k,” also referred to as “native SegWit” or “Bech32.”
- Pay-to-Taproot (P2TR) addresses that look like “bc1p0004nx9sh2qkvd7nzrkffx4xe5wacl8ya9yv5gtqkasatqrtgpaqrrcdg7,” also referred to as “Taproot.” Samourai Wallet has support to spend to these addresses, Sparrow Wallet has support to spend to and receive to these addresses.
- Testnet Pay-to-Witness-Public-Key-Hash (P2WPKH) addresses that look like “tb1qqakszcjex7zvjg7slarps5mpdngwlwsc5ll8v7,” these are only for testing and retain no value.
Having support for all of these address types does not mean that they all work with Whirlpool. Whirlpool only works with P2WPKH addresses on both Bitcoin’s mainnet and testnet. Therefore the pre-mix, post-mix and bad-bank wallets described below all handle receiving P2WPKH addresses only and can spend to P2PKH, P2SH, P2WPKH or P2TR addresses.
The wallet software uses different derivation paths to achieve the separate wallets. Derivation paths use different numbers to represent different details about the key path: “m / purpose’ / coin_type’ / identity’.” In the example below, the deposit wallet can handle a variety of address types, hence the “m/44’|m/49’|m/84’|m/47’” for each of the different purposes. The pre-mix, post-mix and bad bank wallets only handle the “m/84’” purpose.
- Deposit Wallet: This is the wallet you would make your deposits to. UTXOs in this wallet can be used to create inputs for Whirlpool CoinJoins through what is called a “Transaction Zero” (tx0). You can also just spend from this wallet like any other Bitcoin wallet.
- Pre-Mix Wallet: This is where UTXOs go once they leave the deposit wallet through a tx0. UTXOs do not reside here for long, this is just a pass through where UTXOs are registered as available inputs for Whirlpool CoinJoins. You do not want to deposit directly to this wallet or spend directly from this wallet, your software interface makes this very easy to manage.
- Post-Mix Wallet: This is where your UTXOs go once they have been through a Whirlpool CoinJoin. These UTXOs can reside here for as long as you would like them to continue being randomly selected as free-riders to additional Whirlpool CoinJoins for free.
- Bad Bank Wallet: This is where your toxic change goes from your tx0s.
In Samourai Wallet, you can toggle from your deposit wallet to your post-mix wallet by pressing the Samourai icon in the upper left-hand corner.
In Sparrow Wallet, you can toggle between the four wallets using the tabs on the far left-hand side of the interface.
Pools And tx0
There are four pool sizes in Whirlpool: 0.5, 0.05, 0.01 and 0.001 BTC. This means that each Whirlpool output will be the same as the pool size. When you select UTXOs from your deposit wallet for Whirlpool CoinJoins, they go through a tx0 first. The results of this tx0 vary based on which pool size you select. For example, if you want to Whirlpool 10 bitcoin, the different pool sizes would produce these results through tx0:
0.5 Pool
- 10.00000000 BTC in
- 1 x 0.01750000 BTC UTXO for the Whirlpool coordinator fee
- 19 x 0.50001000 BTC UTXOs for Whirlpool inputs carrying a small extra amount for the miners fee. 1,000 sat miner fee was used in this example but this changes based on mempool congestion and desired urgency.
- 1 x 0.48231000 BTC UTXO as toxic change
0.05 Pool
- 10.00000000 BTC in
- 1 x 0.00175000 BTC UTXO for the Whirlpool coordinator fee
- 199 x 0.05001000 BTC UTXOs for Whirlpool inputs carrying a small extra amount for the miners fee. Again, 1,000 sats used as an example here.
- 1 x 0.04626000 BTC UTXO as toxic change
0.01 Pool
- 10.00000000 BTC in
- 1 x 0.00050000 BTC UTXO for the Whirlpool coordinator fee
- 998 x 0.01001000 BTC UTXOs for Whirlpool inputs carrying a small extra amount for the miners fee. Again, 1,000 sats used as an example here.
- 1 x 0.00952000 BTC UTXO as toxic change
0.001 Pool
- 10.00000000 BTC in
- 1 x 0.00005000 BTC UTXO for the Whirlpool coordinator fee
- 9,900 x 0.00101000 BTC UTXOs for Whirlpool inputs carrying a small extra amount for the miners fee. Again, 1,000 sats used as an example here.
- 1 x 0.00095000 BTC UTXO as toxic change
Note that the Whirlpool coordinator fee remains the same regardless of how much bitcoin you are mixing. If you mix 1 BTC or 100 BTC in the 0.5 pool as an example, you will pay 0.0175 BTC for the coordinator fee either way.
Also note that the miner fee included with each pre-mix UTXO can accumulate to a large amount in miner fees as the number of pre-mix UTXOs increases. In the 0.001 pool example above, the total in miner fees is 0.099 BTC.
tx0 applies in both Samourai Wallet and Sparrow Wallet. A tx0 is always constructed in such a way that one or more inputs from your deposit wallet are divided into:
- Several like-sized outputs, these are the pre-mix UTXOs that will go into Whirlpool CoinJoins later.
- One output for the Whirlpool coordinator fee.
- One output for the remaining change, this is called “toxic change.”
Here is an actual tx0 example, you can see that there was:
- One input of 0.81804189 BTC
- 16 equal-sized outputs of 0.0501 BTC
- One Whirlpool coordinator fee output of 0.0025 BTC (current fee has been reduced to 0.00175 BTC)
- One toxic change output of 0.0136981 BTC
You can view this transaction on KYCP.org.
Each of the 16 equal-sized outputs will be individually selected for inputs to downstream Whirlpool CoinJoins. These outputs reside in the pre-mix wallet temporarily as available inputs to Whirlpool CoinJoins. As new Whirlpool transactions are initiated, the coordinator will look for available inputs such as these. The Whirlpool coordinator enforces strict rules that ensure no two outputs from the same tx0 or same wallet wind up in the same Whirlpool CoinJoin transaction. Each of these 16 outputs carries a small amount of extra bitcoin so that once they are selected as inputs, they can help cover the miners fee for the Whirlpool CoinJoin transaction.
The coordinator will randomly switch between creating transactions that have either two fresh participant UTXOs and three re-mix UTXOs or three fresh participant UTXOs and two re-mix UTXOs. The fresh participant UTXOs always cover the miner fee and the “free-rider” UTXOs always get to re-mix for free. This way, you only pay the Whirlpool coordinator fee once and then your UTXOs can remain in your post-mix wallet remixing for free for as long as you want to keep them there.
Toxic Change
Special considerations should be given to toxic change from the tx0. By default, Samourai Wallet will prompt you to mark the toxic change UTXO as “unspendable” during the tx0 initiation. Marking this UTXO in such a way prevents your wallet from displaying it as an available UTXO and excludes it from your displayed balance.
You can always navigate to the three-dot menu in the upper right-hand corner of the Samourai Wallet application and select “Show unspent outputs,” scroll to the bottom of the list and you will see your toxic change listed under “Do Not Spend.” Select the UTXO of interest and then you can update the spending status to “Spendable” if you want to. Then it will be displayed as part of your deposit wallet balance and spendable again.
In Sparrow Wallet, the toxic change is automatically sent to your bad bank wallet after the tx0. You can go to the bad bank wallet tab and spend that UTXO from there at any time.
The issue with toxic change is that on-chain, it is still linked with the tx0 it came from. This means that it is also linked to all the previous transaction history of all the inputs to that tx0. So if an external observer was tracking the movement of bitcoin belonging to a known entity, then they would know that this toxic change output belongs to that entity. Therefore, using on-chain heuristics, the external observer could reasonably assume that any bitcoin combined with the toxic change in a future transaction also belongs to the known entity.
Using that logic, combining a toxic change UTXO with a post-mix UTXO would undo the anonymity benefits gained in Whirlpool. However, because of the wallet structure, you would really need to go out of your way and do something weird to commingle a toxic change UTXO and a Whirlpool output.
The “waterfall technique” is where you start with the largest pool size you can given your available UTXOs in the deposit wallet. Then you take that toxic change output and use it alone in the next largest pool size you can, then repeat this process until you are left with the smallest possible toxic change amount.
Another technique that is currently in development with Samourai Wallet is doing an atomic swap with Monero. This would require you to have a separate Monero wallet like Monerujo because Monero will not be implemented in Samourai Wallet. But basically you could construct the Bitcoin transaction that trustlessly swaps your bitcoin with a peer for their XMR to your Monero wallet and your toxic change goes to their Bitcoin wallet. Then at a later time you could swap back for bitcoin or you could spend that XMR, the options are wide open for you.
Whirlpool UTXOs
After moving from your deposit wallet to your pre-mix wallet through a tx0, your pre-mix UTXOs are ready to be included in Whirlpool CoinJoins. Your wallet and the Whirlpool coordinator automatically take care of this in the background after you initiate your tx0. Each output from a Whirlpool CoinJoin is one-of-five equal-sized outputs. To an external observer looking at a block explorer, they have no way to make a determination with certainty that a particular output belongs to a particular input. All of the five outputs have an equal probability of belonging to any of the five inputs. This concept is illustrated well with KYCP.org.
Here is another way to look at the same Whirlpool CoinJoin transaction, as a table listing the likelihood of value transfer between input and output.
Because all of the outputs are the same size and have the same likelihood of belonging to any given input, there is no distinguishing characteristic about them. This is anonymity, the quality or state of being indistinguishable from a crowd. Once this anonymity is achieved, you want to ensure you preserve it so that you can continue spending bitcoin on a public blockchain without revealing details that would reveal prior on-chain transaction history that exposes further details about you as an entity.
To learn more about anonymity sets in relation to Whirlpool CoinJoins, read this article.
BIP47 And PayNyms
BIP47 enables reusable payment codes that can be displayed like a static Bitcoin address on a website or a shop window, for example. The advantage with the payment code is that external observers cannot see any transaction history or balances from the payment code like they can with a Bitcoin address.
At a high level, details are combined from the payment codes belonging to both transaction participants, resulting in an index of addresses that is only known to the two participants. This way, anyone who approaches a publicly-displayed payment code and connects to it with the on-chain notification transaction will be able to send payments to the resulting addresses that are unique to that particular connection. There is no need for an active server to deliver a fresh address each time, as is the case with a payment server like BTCPay Server.
This is an example of a BIP47 payment code:
“PM8TJK7rnkDXabzmo4ZyxX49JxdLWhbFANDr4eBCwk1shDEs1qDysW5hFCFr6hschwJe4ny7C7GcSnsNPzBYvE6giabxfJyNSrAWRJYCoHMo7iveHned”
This can also be displayed as a QR code:
PayNyms on the other hand, are an implementation of BIP47 used in Samourai Wallet and Sparrow Wallet. PayNyms are derived from hashing your payment code to generate a unique robot avatar and a unique name. The avatar and name make it easier for humans to interpret and handle. Samourai Wallet maintains a directory of PayNyms if you want to explore, search and connect with others: https://paynym.is/. This is an opt-in directory that you can use to register your PayNym if you choose to do so from the app while initializing.
PayNyms can be used in a couple of different ways.
For one, you can use them to make direct payments to someone else’s PayNym by making the on-chain connection and generating the index of secret addresses. When speaking specifically about non-collaborative PayNym payments, if you don’t make the on-chain notification transaction, then the receiver will not know the addresses to observe between your wallets.
This should not be confused with collaborative transactions using PayNyms which only require that the PayNyms follow each other and not the on-chain notification transaction. In other words, if you import someone else’s payment code to your wallet and start calculating address to send them bitcoin, unless the on-chain notification transaction is made, the receiver will not know which addresses to observe for those payments; in that scenario, you would want to communicate your payment code to them so they know how to derive those address and observe them. Once a payment code is scanned and the on-chain notification transaction is made, there is no need for collaboration from the receiver; you can just start sending payments to them.
The other way to use PayNyms is through collaborative transactions like Stowaway and StonewallX2, which will be covered in later sections.
Samourai Wallet
First, making the on-chain connection will be demonstrated:
- Find the payment code you are interested in, paynym.is was used in this example
- In Samourai Wallet, press the blue “+” sign, then the “PayNym icon”
- Once on the PayNym screen, press the blue “+” sign again
- Press “SCAN QR CODE,” alternatively you can paste a copied payment code if you have it on your clipboard
- Scan the QR code for the payment code you want to establish a connection with
- The PayNym details will populate on your screen, press “FOLLOW”
- Confirm that you want to follow this PayNym
- Once followed, then you can connect, press “CONNECT”
- A dialog will appear telling you the total amount for the connection, 15,000 sats and miners’ fee. Press “OK, FOLLOW.”
- The PayNym contact status will change to display both “Following” and “Connected,” you will also see the pending confirmations.
Once your on-chain connection has been confirmed, you can navigate back to your PayNym and press the paper airplane icon to initiate a payment to your contact from your deposit wallet. Simply enter the amount, review the transaction and broadcast.
Alternatively, you can spend from your post-mix wallet directly to your PayNym contact.
- Navigate to your post-mix wallet, press the blue “+” sign and select “Send.”
- Press the avatar icon in the upper right-hand corner
- Select your contact from the list that pops up
- Enter your amount, review the transaction and broadcast.
Sparrow Wallet
Sparrow Wallet also has all the same features as just described with sending direct PayNym payments with Samourai Wallet. The layout of the interface is just a little different.
- In Sparrow Wallet, navigate to “Tools” then “Show PayNym”
- Copy a payment code and paste it in the “Find Contact” dialog box
- Then click on “Add Contact”
- Once the PayNym is added, you will have the option to make the on-chain connection by clicking “Link Contact.”
- A dialog box will appear informing you that this notification transaction will cost 546 sats. Click “Send” to initiate.
- You can send directly from your deposit wallet by navigating to the “Deposit” tab and then the “Send” tab
- Click on the drop-down menu from the “Pay To” dialog box and select “PayNym or Payment Code.”
- Select your connected PayNym contact then click on “Send Directly.”
Collaborative Post-Mix Spending Tools: Stowaway
Stowaway is a collaborative post-mix spending tool that obfuscates the amount being spent. The person you collaborate with will be the one receiving the spend. You provide some inputs, the receiver provides some inputs, you receive your change output, the receiver gets their change plus the amount you sent them, thus the actual amount spent is hidden in that total. The sender pays the full miner fee.
- The above image illustrates a Stowaway transaction on-chain.
- You can see that the three inputs were 0.01, 0.00993439, and 0.01644414 for a total of 0.03637853 input.
- The two outputs were 0.00484087 and 0.03144414 (and 0.00009352 for a miners’ fee).
- The spender sent 0.015 to the receiver in this transaction, but that amount does not match any inputs or outputs as it is obfuscated.
- The receiver collaborated by providing the 0.01644414 input and received this amount back plus the 0.015 payment for the total 0.03144414 output.
- The 0.00484087 output was the spender’s change.
An external observer would have no way of knowing this transaction is anything different than what is presented at face value. The common input ownership heuristics are broken because of the multiple inputs and outputs, the consideration must be made that multiple people contributed to the inputs.
Anyone you are sending a Stowaway transaction to will need to be using Samourai Wallet or Sparrow Wallet with their PayNym. At a minimum, the PayNyms should be following each other but it is not necessary to make the on-chain notification transaction to “connect” the PayNyms.
Collaborators will need to have a way of communicating with each other out of band, like with a messaging app, phone call, etc.
Samourai Wallet
To create a collaborative Stowaway transaction in Samourai Wallet, make sure you and your collaborator are following each other’s PayNyms, it is not necessary to make the on-chain connection though.
- Navigate to your post-mix wallet.
- Select the blue “+” sign then “Send.”
- Toggle on “Cahoots.”
- Select “Stowaway.”
- Select “Online.”
- Select your collaborator from your contact list
- Enter the amount you would like to send. Select “Review Transaction” when finished.
- Set your miner fee amount
- Contact your collaborating peer and let them know to listen for your transaction from their wallet
- Select “Begin Stowaway”
- Details of the transaction will be communicated between peers encrypted over Tor on the Soroban communication layer.
- You will see the progress of the transaction build progress through five steps in less than 10 seconds.
- Once finished, review the details and select “Send.”
- A pop-up dialog will ask you if you are sure you want to broadcast this transaction, select “Yes.”
The collaborating peer will receive their input to the transaction back with the amount you sent them added to the new output. The actual amount sent is obfuscated.
Sparrow Wallet
To create a collaborative Stowaway transaction in Sparrow Wallet, make sure you and your collaborator are following each other’s PayNyms, it is not necessary to make the on-chain connection though.
- Navigate to your “Postmix” wallet tab, then the “Send” tab.
- Select the drop-down option on the right-hand side of the “Pay to” field.
- Select “PayNym or Payment code.”
- In the pop-up window, scroll down your contact list to your collaborator’s PayNym and click on it.
- Then select the option to “Send Collaboratively.”
- Enter a label for your transaction, enter the amount to send and set the miner fee rate.
- Then select the blue “Mix Partner” icon in the lower left-hand corner of the transaction graph.
- On the pop-up screen, you will see that your selected PayNym collaborator is already selected.
- Select “Next” to initiate the transaction.
- This is when you want to inform your collaborating partner that it is time for them to listen from their wallet. This is an out of band communication.
- Once your mix partner accepts the request, the transaction will be built.
- It takes some inputs from both parties returning the appropriate change to each.
- The receiver’s change includes the amount you sent them.
- If everything looks good, select “Sign & Broadcast.”
- Once the transaction is broadcast, you will receive a confirmation.
You can review this transaction on your favorite Bitcoin testnet explorer, for example on mempool.space.
The amount sent was 69 sats, but you would never know that as an external observer to this transaction.
Collaborative Post-Mix Spending Tools: StonewallX2
StonewallX2 is another collaborative spending tool that helps break on-chain heuristics and maintain anonymity. StonewallX2 transactions always have four outputs. The number of inputs can vary. At least two of those outputs are identical in size, this creates a decoy output the same size as the spend. The other two outputs are the change being returned to both collaborators. Unlike Stowaway transactions, StonewallX2 transactions can be spent to a third party — the spend does not have to be made to the collaborating partner. The collaborating peers in a StonewallX2 transaction split the miners’ fee 50/50. The input selection algorithm enforces that no UTXOs that share the same previous transaction will be used as inputs together in a new transaction.
Here is how a StonewallX2 (and a Stonewall) will look on-chain:
Samourai Wallet
To create a StonewallX2 transaction in Samourai Wallet, make sure you and your collaborator are following each other’s PayNyms, it is not necessary to make the on-chain connection though. However, if the receiver of this collaborative spend is a PayNym then you need to make the on-chain connection with them.
- Navigate to your post-mix wallet.
- Press the blue “+” sign and select “Send”.
- Paste or scan the receiving address, or if sending to a PayNym select them from your contact list by pressing the person icon.
- Select “STONEWALLX2.”
- Select “Online.”
- Select your collaborating peer from your contact list once it populates.
- Enter an amount to send.
- Then press “REVIEW TRANSACTION.”
- Set the miners fee rate.
- Double check the details.
- Use your preferred out of band communication method to alert your collaborating peer to start listening for your request from their wallet.
- Press “BEGIN STONEWALLX2.”
- You will see the request being sent.
- You will see the progress of the five steps.
- Then you will have a chance to review the transaction before broadcasting, you will also receive a prompt asking you if you are sure you want to broadcast the transaction.
Sparrow Wallet
To create a StonewallX2 transaction in Sparrow Wallet, make sure you and your collaborator are following each other’s PayNyms, it is not necessary to make the on-chain connection though. However, if the receiver of this collaborative spend is a PayNym then you need to make the on-chain connection with them.
- Navigate to the “Postmix” tab then “Send.”
- Enter the address you want to spend to.
- Add a label.
- Enter an amount.
- Set the miners’ fee rate.
- Click on the blue coin stack in the lower left-hand corner of the transaction graph and you will notice that it changes to a person icon.
- In the pop-up window, select your collaborating peer from the drop-down list of contacts.
- Then select “Next” to initiate the StonewallX2 transaction.
- This is when you will want to notify your collaborating peer to listen for your transaction request from their wallet, this is done with an out of band communication method of your choice.
You will wait a moment while your collaborating peer accepts the request and the transaction is built. Both peers are providing inputs to the transaction.
After a moment, you will be presented with a summary of the transaction that has been created. If everything looks good then select “Sign & Broadcast.”
Once the transaction is broadcast, you will receive a green check mark.
You can review this transaction on your favorite Bitcoin testnet explorer, for example on mempool.space.
The transaction has four outputs and two of them are the same size, one 25,000 sat spend and one 25,000 sat decoy. To an external observer they can not tell which outputs belong to the entity in control of any of the inputs.
Non-Collaborative Post-Mix Spending Tools: Stonewall
Here is how a Stonewall (and a StonewallX2) will look on-chain. Stonewall is a non-collaborative spending tool that helps break on-chain heuristics and maintain anonymity. On-chain, Stonewall and StonewallX2 transactions are indistinguishable; they both always have four outputs. The number of inputs can vary. At least two of those outputs are identical in size, this creates a decoy output the same size as the spend. The other two outputs are the change being returned.
In the case of a Stonewall transaction, the wallet will build the transaction using multiple inputs and four outputs, only one is the spend and the other three are all sent back to the sender’s wallet with one of them being the same size as the spend. Both Samourai Wallet and Sparrow Wallet will attempt to compose a Stonewall transaction by default when spending.
Samourai Wallet
To make a Stonewall transaction with Samourai Wallet:
- Navigate to your post-mix wallet and press the blue “+” sign.
- Select “Send.”
- Paste or scan the address that you want to spend to.
- Enter the amount to spend and press on “REVIEW TRANSACTION.”
- Set the miner fee rate.
- By default, Stonewall protection will be enabled if the wallet has the necessary UTXOs to create one. You will notice the entropy bits at the bottom, this can change if you slide the miner fee rate to different amounts. The wallet is trying different UTXOs for inputs as you do this.
- If everything looks good, press “SEND.”
- Confirm that you want to spend when prompted.
- Then you will get the green confirmation screen that the transaction has been broadcast.
You can review this transaction on your favorite Bitcoin testnet explorer, for example on mempool.space.
The transaction has four outputs and two of them are the same size, one 42,000 sat spend and one 42,000 sat decoy. To an external observer they can not tell which outputs belong to the entity in control of any of the inputs. Three out of the four outputs are being returned to the sender’s post-mix wallet.
Sparrow Wallet
To make a Stonewall spend with Sparrow Wallet:
- Enter the address that you wish to spend to.
- Add a label.
- Enter the amount to spend.
- Set the miner fee rate.
Notice the difference in how the transaction is constructed when selecting the “Efficiency” setting; there are two outputs, the spend and the change:
Contrast that with selecting the “Privacy” setting; this builds a Stonewall transaction where there are four outputs including a decoy spend:
- Click on “Create Transaction.”
- Then on the next screen, click on “Finalize Transaction for Signing.”
If everything looks good on the next screen, select “Sign.”
Once signed, you can broadcast the transaction.
You can review this transaction on your favorite Bitcoin testnet explorer, for example on mempool.space.
mempool_stonewall.png
The transaction has four outputs and two of them are the same size, one 690,000 sat spend and one 690,000 sat decoy. To an external observer they can not tell which outputs belong to the entity in control of any of the inputs.
Post-Mix Spending Tools: Ricochet
Ricochet is a post-mix spending tool that creates multiple hops between the initial sending transaction and the final destination. This technique can be useful when sending bitcoin to a destination where the receiver will snoop back through your transaction history to determine if there is something about your UTXO they don’t like.
Oftentimes this type of behavior is carried out by exchanges or some merchants; read this article by 6102 for more details on CoinJoin flagging. There is no industry standard that these flagging companies adhere to, they will arbitrarily decide how many hops back is within their own risk tolerance. But the five hops that Ricochet provides seems to be doing the job. Sparrow Wallet does not support Ricochet transactions. Samourai Wallet collects a 100,000 sat fee for this service.
To compose a Ricochet transaction in Samourai Wallet:
- Navigate to your post-mix wallet and press the blue “+” sign.
- Then select “Send.”
- Toggle on the “Ricochet” option.
- Then toggle on the “Staggered delivery” option if you want each hop to be in a separate block.
Otherwise, all five hops will occur in the same block, which may be preferable to you if time is of the essence.
- Then paste or scan the address you would like to spend to.
- Enter the amount to spend (the amount you want deposited to the final destination).
- Then press “REVIEW TRANSACTION.”
- Set the miner fee rate (the miner fee for all five hops is figured in).
- Review the transaction details.
- If everything looks good, press “SEND” and then confirm the spend to broadcast the transaction to the network.
Here is how this Ricochet transaction looks on testnet. You can follow the hops along the way.
Conclusion
This article explained how the wallet structure works in the Whirlpool-enabled wallets, Samourai Wallet and Sparrow Wallet.
By understanding the anonymity benefits achieved through Whirlpool, you can then better understand which post-mix spending tool is right for the job. Each post-mix spending tool was explained in detail with step-by-step instructions on how to use them and the additional anonymity preservation benefits they offer.
To learn more, join the communities on the Samourai Wallet Telegram channel or the Sparrow Wallet Telegram channel, where you will find several other users helping each other out on a variety of topics.
This is a guest post by Econoalchemist. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
Crypto
El Salvador Takes First Step To Issue Bitcoin Volcano Bonds
Published
2 years agoon
November 22, 2022
El Salvador’s Minister of the Economy Maria Luisa Hayem Brevé submitted a digital assets issuance bill to the country’s legislative assembly, paving the way for the launch of its bitcoin-backed “volcano” bonds.
First announced one year ago today, the pioneering initiative seeks to attract capital and investors to El Salvador. It was revealed at the time the plans to issue $1 billion in bonds on the Liquid Network, a federated Bitcoin sidechain, with the proceedings of the bonds being split between a $500 million direct allocation to bitcoin and an investment of the same amount in building out energy and bitcoin mining infrastructure in the region.
A sidechain is an independent blockchain that runs parallel to another blockchain, allowing for tokens from that blockchain to be used securely in the sidechain while abiding by a different set of rules, performance requirements, and security mechanisms. Liquid is a sidechain of Bitcoin that allows bitcoin to flow between the Liquid and Bitcoin networks with a two-way peg. A representation of bitcoin used in the Liquid network is referred to as L-BTC. Its verifiably equivalent amount of BTC is managed and secured by the network’s members, called functionaries.
“Digital securities law will enable El Salvador to be the financial center of central and south America,” wrote Paolo Ardoino, CTO of cryptocurrency exchange Bitfinex, on Twitter.
Bitfinex is set to be granted a license in order to be able to process and list the bond issuance in El Salvador.
The bonds will pay a 6.5% yield and enable fast-tracked citizenship for investors. The government will share half the additional gains with investors as a Bitcoin Dividend once the original $500 million has been monetized. These dividends will be dispersed annually using Blockstream’s asset management platform.
The act of submitting the bill, which was hinted at earlier this year, kickstarts the first major milestone before the bonds can see the light of day. The next is getting it approved, which is expected to happen before Christmas, a source close to President Nayib Bukele told Bitcoin Magazine. The bill was submitted on November 17 and presented to the country’s Congress today. It is embedded in full below.
Crypto
How I’ll Talk To Family Members About Bitcoin This Thanksgiving
Published
2 years agoon
November 22, 2022
This is an opinion editorial by Joakim Book, a Research Fellow at the American Institute for Economic Research, contributor and copy editor for Bitcoin Magazine and a writer on all things money and financial history.
I don’t.
That’s it. That’s the article.
In all sincerity, that is the full message: Just don’t do it. It’s not worth it.
You’re not an excited teenager anymore, in desperate need of bragging credits or trying out your newfound wisdom. You’re not a preaching priestess with lost souls to save right before some imminent arrival of the day of reckoning. We have time.
Instead: just leave people alone. Seriously. They came to Thanksgiving dinner to relax and rejoice with family, laugh, tell stories and zone out for a day — not to be ambushed with what to them will sound like a deranged rant in some obscure topic they couldn’t care less about. Even if it’s the monetary system, which nobody understands anyway.
Get real.
If you’re not convinced of this Dale Carnegie-esque social approach, and you still naively think that your meager words in between bites can change anybody’s view on anything, here are some more serious reasons for why you don’t talk to friends and family about Bitcoin the protocol — but most certainly not bitcoin, the asset:
- Your family and friends don’t want to hear it. Move on.
- For op-sec reasons, you don’t want to draw unnecessary attention to the fact that you probably have a decent bitcoin stack. Hopefully, family and close friends should be safe enough to confide in, but people talk and that gossip can only hurt you.
- People find bitcoin interesting only when they’re ready to; everyone gets the price they deserve. Like Gigi says in “21 Lessons:”
“Bitcoin will be understood by you as soon as you are ready, and I also believe that the first fractions of a bitcoin will find you as soon as you are ready to receive them. In essence, everyone will get ₿itcoin at exactly the right time.”
It’s highly unlikely that your uncle or mother-in-law just happens to be at that stage, just when you’re about to sit down for dinner.
- Unless you can claim youth, old age or extreme poverty, there are very few people who genuinely haven’t heard of bitcoin. That means your evangelizing wouldn’t be preaching to lost, ignorant souls ready to be saved but the tired, huddled and jaded masses who could care less about the discovery that will change their societies more than the internal combustion engine, internet and Big Government combined. Big deal.
- What is the case, however, is that everyone in your prospective audience has already had a couple of touchpoints and rejected bitcoin for this or that standard FUD. It’s a scam; seems weird; it’s dead; let’s trust the central bankers, who have our best interest at heart.
No amount of FUD busting changes that impression, because nobody holds uninformed and fringe convictions for rational reasons, reasons that can be flipped by your enthusiastic arguments in-between wiping off cranberry sauce and grabbing another turkey slice. - It really is bad form to talk about money — and bitcoin is the best money there is. Be classy.
Now, I’m not saying to never ever talk about Bitcoin. We love to talk Bitcoin — that’s why we go to meetups, join Twitter Spaces, write, code, run nodes, listen to podcasts, attend conferences. People there get something about this monetary rebellion and have opted in to be part of it. Your unsuspecting family members have not; ambushing them with the wonders of multisig, the magically fast Lightning transactions or how they too really need to get on this hype train, like, yesterday, is unlikely to go down well.
However, if in the post-dinner lull on the porch someone comes to you one-on-one, whisky in hand and of an inquisitive mind, that’s a very different story. That’s personal rather than public, and it’s without the time constraints that so usually trouble us. It involves clarifying questions or doubts for somebody who is both expressively curious about the topic and available for the talk. That’s rare — cherish it, and nurture it.
Last year I wrote something about the proper role of political conversations in social settings. Since November was also election month, it’s appropriate to cite here:
“Politics, I’m starting to believe, best belongs in the closet — rebranded and brought out for the specific occasion. Or perhaps the bedroom, with those you most trust, love, and respect. Not in public, not with strangers, not with friends, and most certainly not with other people in your community. Purge it from your being as much as you possibly could, and refuse to let political issues invade the areas of our lives that we cherish; politics and political disagreements don’t belong there, and our lives are too important to let them be ruled by (mostly contrived) political disagreements.”
If anything, those words seem more true today than they even did then. And I posit to you that the same applies for bitcoin.
Everyone has some sort of impression or opinion of bitcoin — and most of them are plain wrong. But there’s nothing people love more than a savior in white armor, riding in to dispel their errors about some thing they are freshly out of fucks for. Just like politics, nobody really cares.
Leave them alone. They will find bitcoin in their own time, just like all of us did.
This is a guest post by Joakim Book. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
This is an opinion editorial by Federico Tenga, a long time contributor to Bitcoin projects with experience as start-up founder, consultant and educator.
The term “smart contracts” predates the invention of the blockchain and Bitcoin itself. Its first mention is in a 1994 article by Nick Szabo, who defined smart contracts as a “computerized transaction protocol that executes the terms of a contract.” While by this definition Bitcoin, thanks to its scripting language, supported smart contracts from the very first block, the term was popularized only later by Ethereum promoters, who twisted the original definition as “code that is redundantly executed by all nodes in a global consensus network”
While delegating code execution to a global consensus network has advantages (e.g. it is easy to deploy unowed contracts, such as the popularly automated market makers), this design has one major flaw: lack of scalability (and privacy). If every node in a network must redundantly run the same code, the amount of code that can actually be executed without excessively increasing the cost of running a node (and thus preserving decentralization) remains scarce, meaning that only a small number of contracts can be executed.
But what if we could design a system where the terms of the contract are executed and validated only by the parties involved, rather than by all members of the network? Let us imagine the example of a company that wants to issue shares. Instead of publishing the issuance contract publicly on a global ledger and using that ledger to track all future transfers of ownership, it could simply issue the shares privately and pass to the buyers the right to further transfer them. Then, the right to transfer ownership can be passed on to each new owner as if it were an amendment to the original issuance contract. In this way, each owner can independently verify that the shares he or she received are genuine by reading the original contract and validating that all the history of amendments that moved the shares conform to the rules set forth in the original contract.
This is actually nothing new, it is indeed the same mechanism that was used to transfer property before public registers became popular. In the U.K., for example, it was not compulsory to register a property when its ownership was transferred until the ‘90s. This means that still today over 15% of land in England and Wales is unregistered. If you are buying an unregistered property, instead of checking on a registry if the seller is the true owner, you would have to verify an unbroken chain of ownership going back at least 15 years (a period considered long enough to assume that the seller has sufficient title to the property). In doing so, you must ensure that any transfer of ownership has been carried out correctly and that any mortgages used for previous transactions have been paid off in full. This model has the advantage of improved privacy over ownership, and you do not have to rely on the maintainer of the public land register. On the other hand, it makes the verification of the seller’s ownership much more complicated for the buyer.
How can the transfer of unregistered properties be improved? First of all, by making it a digitized process. If there is code that can be run by a computer to verify that all the history of ownership transfers is in compliance with the original contract rules, buying and selling becomes much faster and cheaper.
Secondly, to avoid the risk of the seller double-spending their asset, a system of proof of publication must be implemented. For example, we could implement a rule that every transfer of ownership must be committed on a predefined spot of a well-known newspaper (e.g. put the hash of the transfer of ownership in the upper-right corner of the first page of the New York Times). Since you cannot place the hash of a transfer in the same place twice, this prevents double-spending attempts. However, using a famous newspaper for this purpose has some disadvantages:
- You have to buy a lot of newspapers for the verification process. Not very practical.
- Each contract needs its own space in the newspaper. Not very scalable.
- The newspaper editor can easily censor or, even worse, simulate double-spending by putting a random hash in your slot, making any potential buyer of your asset think it has been sold before, and discouraging them from buying it. Not very trustless.
For these reasons, a better place to post proof of ownership transfers needs to be found. And what better option than the Bitcoin blockchain, an already established trusted public ledger with strong incentives to keep it censorship-resistant and decentralized?
If we use Bitcoin, we should not specify a fixed place in the block where the commitment to transfer ownership must occur (e.g. in the first transaction) because, just like with the editor of the New York Times, the miner could mess with it. A better approach is to place the commitment in a predefined Bitcoin transaction, more specifically in a transaction that originates from an unspent transaction output (UTXO) to which the ownership of the asset to be issued is linked. The link between an asset and a bitcoin UTXO can occur either in the contract that issues the asset or in a subsequent transfer of ownership, each time making the target UTXO the controller of the transferred asset. In this way, we have clearly defined where the obligation to transfer ownership should be (i.e in the Bitcoin transaction originating from a particular UTXO). Anyone running a Bitcoin node can independently verify the commitments and neither the miners nor any other entity are able to censor or interfere with the asset transfer in any way.
Since on the Bitcoin blockchain we only publish a commitment of an ownership transfer, not the content of the transfer itself, the seller needs a dedicated communication channel to provide the buyer with all the proofs that the ownership transfer is valid. This could be done in a number of ways, potentially even by printing out the proofs and shipping them with a carrier pigeon, which, while a bit impractical, would still do the job. But the best option to avoid the censorship and privacy violations is establish a direct peer-to-peer encrypted communication, which compared to the pigeons also has the advantage of being easy to integrate with a software to verify the proofs received from the counterparty.
This model just described for client-side validated contracts and ownership transfers is exactly what has been implemented with the RGB protocol. With RGB, it is possible to create a contract that defines rights, assigns them to one or more existing bitcoin UTXO and specifies how their ownership can be transferred. The contract can be created starting from a template, called a “schema,” in which the creator of the contract only adjusts the parameters and ownership rights, as is done with traditional legal contracts. Currently, there are two types of schemas in RGB: one for issuing fungible tokens (RGB20) and a second for issuing collectibles (RGB21), but in the future, more schemas can be developed by anyone in a permissionless fashion without requiring changes at the protocol level.
To use a more practical example, an issuer of fungible assets (e.g. company shares, stablecoins, etc.) can use the RGB20 schema template and create a contract defining how many tokens it will issue, the name of the asset and some additional metadata associated with it. It can then define which bitcoin UTXO has the right to transfer ownership of the created tokens and assign other rights to other UTXOs, such as the right to make a secondary issuance or to renominate the asset. Each client receiving tokens created by this contract will be able to verify the content of the Genesis contract and validate that any transfer of ownership in the history of the token received has complied with the rules set out therein.
So what can we do with RGB in practice today? First and foremost, it enables the issuance and the transfer of tokenized assets with better scalability and privacy compared to any existing alternative. On the privacy side, RGB benefits from the fact that all transfer-related data is kept client-side, so a blockchain observer cannot extract any information about the user’s financial activities (it is not even possible to distinguish a bitcoin transaction containing an RGB commitment from a regular one), moreover, the receiver shares with the sender only blinded UTXO (i. e. the hash of the concatenation between the UTXO in which she wish to receive the assets and a random number) instead of the UTXO itself, so it is not possible for the payer to monitor future activities of the receiver. To further increase the privacy of users, RGB also adopts the bulletproof cryptographic mechanism to hide the amounts in the history of asset transfers, so that even future owners of assets have an obfuscated view of the financial behavior of previous holders.
In terms of scalability, RGB offers some advantages as well. First of all, most of the data is kept off-chain, as the blockchain is only used as a commitment layer, reducing the fees that need to be paid and meaning that each client only validates the transfers it is interested in instead of all the activity of a global network. Since an RGB transfer still requires a Bitcoin transaction, the fee saving may seem minimal, but when you start introducing transaction batching they can quickly become massive. Indeed, it is possible to transfer all the tokens (or, more generally, “rights”) associated with a UTXO towards an arbitrary amount of recipients with a single commitment in a single bitcoin transaction. Let’s assume you are a service provider making payouts to several users at once. With RGB, you can commit in a single Bitcoin transaction thousands of transfers to thousands of users requesting different types of assets, making the marginal cost of each single payout absolutely negligible.
Another fee-saving mechanism for issuers of low value assets is that in RGB the issuance of an asset does not require paying fees. This happens because the creation of an issuance contract does not need to be committed on the blockchain. A contract simply defines to which already existing UTXO the newly issued assets will be allocated to. So if you are an artist interested in creating collectible tokens, you can issue as many as you want for free and then only pay the bitcoin transaction fee when a buyer shows up and requests the token to be assigned to their UTXO.
Furthermore, because RGB is built on top of bitcoin transactions, it is also compatible with the Lightning Network. While it is not yet implemented at the time of writing, it will be possible to create asset-specific Lightning channels and route payments through them, similar to how it works with normal Lightning transactions.
Conclusion
RGB is a groundbreaking innovation that opens up to new use cases using a completely new paradigm, but which tools are available to use it? If you want to experiment with the core of the technology itself, you should directly try out the RGB node. If you want to build applications on top of RGB without having to deep dive into the complexity of the protocol, you can use the rgb-lib library, which provides a simple interface for developers. If you just want to try to issue and transfer assets, you can play with Iris Wallet for Android, whose code is also open source on GitHub. If you just want to learn more about RGB you can check out this list of resources.
This is a guest post by Federico Tenga. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.