As we explained in our prior guide, maintaining privacy while using bitcoin can be a challenge. Ideal privacy in bitcoin requires you to take responsibility—you have to select addresses and UTXOs, keep track of the addresses you’ve used before, and even note senders who might connect those addresses to your identity. Luckily, a technique called a CoinJoin allows you to simplify privacy and potentially stop those who might want to track you… in their tracks.

Why would you need to CoinJoin?

To understand why you would need the CoinJoin technique, you first need to understand what information is publicly available for everyone to see on the bitcoin blockchain. Bitcoin is a transparent system, but that transparency has tradeoffs. Everyone can verify all the protocol rules and confirm the receipt of a payment trustlessly, but this also means anyone can use this publicly-available information to try and learn things about your bitcoin usage.

The privacy implications of receiving and sending bitcoin

You may have heard that it’s best practice to use a new address every time you receive bitcoin. This is true; if you provide an address to Sender A and receive 0.2 BTC, and then provide the same address to Sender B and receive 0.3 BTC, both senders can see that you have received 0.5 BTC from multiple different sources. Because you provided this address to both senders, they also both know that this particular address belongs to you going forward.

When sending bitcoin, the recipient can see which address(es) the bitcoin came from—this is another way that addresses can permanently become associated with your identity. When you spend from a bitcoin address, you reveal publicly how the address was constructed and the individual public keys used to build that address. You also have to be careful about combining addresses as the inputs to a single transaction (which publicly associates them with each other), and using a large UTXO to send someone a small amount of bitcoin (which can reveal details about larger bitcoin holdings you may control).

You can read more about all of these circumstances in our prior guide to bitcoin privacy, but for the purposes of this article, you just need to know that the way bitcoin addresses and UTXOs function means that, by default, you are constantly revealing information that may tie your bitcoin activity to you. CoinJoins can reintroduce anonymization to your bitcoin, effectively breaking any direct link between your bitcoin and your identity.

What is a CoinJoin?

The concept is fairly simple: a CoinJoin is a collaboration among several people to create a bitcoin transaction—you can imagine that they are joining their coins together temporarily.

For example, each person involved could contribute an equal amount of bitcoin as the inputs to a single transaction, and then each person would receive back that amount of bitcoin as an output. This is the simplest structure to understand, although there are other possible structures where different people contribute different amounts.

CoinJoins allow you to reclaim lost privacy by “scrambling” the path that leads back to you, making it very difficult for anyone to continue associating UTXOs with your identity. To an extent, this can undo some privacy mistakes that you may have made in the past and provide you peace of mind to start your bitcoin privacy journey over again.

How do CoinJoins work?

As mentioned, CoinJoins work by multiple people anonymously and trustlessly collaborating to create a bitcoin transaction.

Suppose you take 0.05 BTC (plus fees) from an address linked to your identity and contribute it to a CoinJoin transaction, and four other participants do the same. As the transaction finalizes, each person receives 0.05 BTC back to a brand new wallet address they control, as shown in the visualization below.

The five new addresses acquiring the UTXOs should be anonymous, and therefore any observer looking at the blockchain will have no idea which of the receiving addresses belongs to you. After completing the transaction, each receiving address only has a 20% chance of being yours. However, you should know that CoinJoins do not create perfect privacy:

  • If the other four participants eventually expose which addresses are theirs in future transactions, the address belonging to you can become less obfuscated by process of elimination.
  • After putting bitcoin through a CoinJoin, the bitcoin can once again become associated with your identity by your own subsequent actions.

Both of these scenarios can be combated by doing multiple CoinJoins, or performing CoinJoins with a much larger number of participants.

How can I perform a CoinJoin?

If you’ve been keeping your bitcoin in self-custody for a while, it might feel disconcerting knowing that a malicious actor could possibly learn things about you just from your past bitcoin activity—especially if you know you’ve received bitcoin from various people and can’t recall who they all are. This may cause you to want to move forward with performing a CoinJoin!

Choose an implementation

There are several different CoinJoin implementations commonly used by people around the world to come together anonymously and coordinate this maneuver. The most well-known options are:

Each implementation works differently and has its own tradeoffs, so conduct further research before deciding which method to use. You can follow the above links to each wallet above to learn more, or follow the below links for full guides on how to use the most popular implementations:

CoinJoins can also be done manually, but doing so requires the technical knowledge to verify that your funds and privacy are protected throughout the process.

Some considerations before you CoinJoin

Before conducting a CoinJoin, it is important to check your local laws and regulations. While designed to enhance the privacy of regular people, there are suspected instances of CoinJoins being used to launder money, which is illegal. Such suspicions may dampen the enthusiasm of regulators toward this otherwise benign tool.

It is also worth noting that some financial services may refuse to accept bitcoin that has been involved in a CoinJoin. There are documented instances of cryptocurrency businesses flagging user accounts because of a presumed connection to “mixing” activity. Such business practices are likely due to a lack of legal clarity in certain jurisdictions.

Other privacy transaction types

PayJoins

A PayJoin (or P2EP, pay-to-endpoint) is a special type of transaction, involving two participants. A PayJoin is similar to a CoinJoin, except that the transaction output amounts do not match up with the inputs, because one participant is intending to make a payment to the other participant. For example, a merchant could contribute 0.2 BTC as an input, and a customer could contribute 0.5 BTC as an input. The outputs could then be 0.4 BTC to one person and 0.3 BTC to the other, implying that the customer paid the merchant either 0.1 or 0.2 BTC.

Although PayJoin collaborations between two participants do not create anonymity for the resulting UTXOs any more than a common bitcoin transaction, if popularized they could reduce the effectiveness of blockchain surveillance, improving the privacy of all users. This is because surveillants tend to assume that transaction inputs belong to the same owner, unless the transaction is a CoinJoin (which stands out as obvious). Common-input-ownership is not the case for PayJoins, which look the same as common bitcoin transactions, therefore decreasing the reliability of that assumption.

Deniability Splits

Another transaction type that is rarely discussed provides a fairly simple method to move your bitcoin around in a manner that makes it hard for anyone to confidently attach any particular UTXO to your identity. By creating a transaction with two outputs that are both directed to unused addresses you control, it would appear like you are paying someone else and receiving change back. Which output is coming back to you is typically unknown to anyone other than the payee, but in this case they both are both coming back to you (and there is no payee).

If you do this carefully, perhaps multiple times and several days apart, you could make it hard for a blockchain analyst to guess which UTXOs still belong to you, and how much bitcoin you still own.

Similar to PayJoins, a deniability split can look like normal bitcoin transactions that would not stand out as “mixing” like a CoinJoin would. Uniquely, deniability splits can also be performed without having to coordinate with any other people at all. On the other hand, deniability splits do not scramble paths like a CoinJoin, and so all resulting UTXOs may be able to be traced back to you as a prior owner of the bitcoin. Also, if you ever recombined some of the split UTXOs, it could cause all of the deniability you gained to immediately unravel. In general, inexperienced bitcoiners shouldn’t attempt this.

Side note: This technique doesn’t yet have a formal name; may I propose “PayFake”?

CoinJoins are just one facet of bitcoin privacy

CoinJoins are a powerful tool to reintroduce lost privacy to your bitcoin, but with just a little more knowledge, you can minimize your need for them in the first place. There are also more factors to consider: dust attacks, running your own bitcoin node, and the Lightning Network to name a few. To learn more about bitcoin privacy, read our full article on the subject more generally.



Sign up to get notified for future blog articles.