We Need More CoinJoin · eordano's garden

Privacy in Bitcoin is not improving as fast as it should — advocating for CoinJoin and transaction privacy

Originally published on Medium.

Privacy-preserving payment strategies in Bitcoin deserve greater discussion. Notably, custodial services like exchanges maintain better privacy than self-custody wallets, though they require trust. CoinJoin technology can improve Bitcoin transaction anonymity.

Deanonymization Threats

Current blockchain analysis identifies users through change address detection and clustering of inputs spending from multiple public keys. While users could split transactions across addresses, clustering techniques using timing and amounts still enable identification. I created a proof-of-concept tool demonstrating how addresses can be linked to the same entity through blockchain analysis.

Understanding CoinJoin

CoinJoin is a mixing protocol that breaks the “same transaction, same user” heuristic. Multiple parties combine transactions with randomized output ordering, obscuring which inputs correspond to which outputs. This requires finding peers sending identical amounts — making power-of-two-valued outputs valuable for easier participation.

The technology masks whether outputs represent change or payments to third parties. For example, a transaction splitting funds into round and irregular amounts can be analyzed to identify the likely change address.

Implementation Challenges

Rendezvous Servers: Participants need coordination outside the blockchain. Servers potentially know input-output mappings, though secure multiparty computation can obscure this. Risk remains if other participants collude.

Denial of Service: Participants could refuse signing, forcing restarts. Solutions include blacklisting dropped inputs or requiring fidelity bonds.

Fees: A participant can pay fees, or a server can charge users externally — though this requires trusting the intermediary.

Conclusion

CoinJoin isn’t a complete solution but represents an important step toward privacy. This isn’t a criminal tool — individuals deserve financial privacy, and businesses need to protect supplier relationships from competitors.