CoinJoin is a protocol that enhances the confidentiality of bitcoin transactions. With it, multiple parties can send funds in a single transaction without the risk of theft. It was first proposed in 2013.
The essence of the protocol
The CoinJoin protocol allows several Bitcoin customers to create a jointly signed transaction after agreeing with each other: it will contain funds from the wallets of these customers. This action allows you to mix balances into one common. This allows you to obtain anonymity, but not to send your money to other services, that is to reduce the risk of theft. Anonymity is achieved by carefully selecting input and/or output values.
Cryptgraph researchers have proposed various additions to the concept of protocol:
Matching Orders (JoinMarket)
blinding (a term from cryptography) to improve privacy (CoinShuffle, Chaumian Blinded Signatures),
denial of service (CoinShuffle).
The offer appeared on bitcointalk from Gregory Maxwell (nick - gmaxwell).
The reason for the creation
BTC is promoted as a tool that is opposed to the banking system. And many are confused about his anonymity. It seems that once you don't need a passport when creating a wallet, you can generate open keys as much as you need (which you won't do with cards), it's a good tool to maintain your privacy.
In fact, bitcoin is pseudo-anonymous: you can track the transaction and connect with the real person through the reuse of the address, network analysis, payment tracking, site monitoring and many other mechanisms. Also, all transfers from the bitcoin address are reflected in the public book: how much you received and how much you spent.
In the case of traditional banks, there is a greater default privacy. No outsider can take your account and learn the entire history of operations without any tricks. No one will look at where you spend money, which sites you sponsor and how many are transferred to other accounts (well, unless we're talking about authorized bodies that have access to your transfers).
And openness in bitcoin can become a serious practical disadvantage for both individuals and businesses. That is, knowing two addresses, an inquisitive mind can draw far-reaching conclusions: for example, if from the wallet of one company was a transfer to the wallet of another. Everyone with whom the company trades, in one way or another lose confidentiality.
Solution
Then the author put forward a proposal CoinJoin, which includes a special execution of the transaction. The protocol does not make any changes to the bitcoin itself.
A passive observer will not distinguish between a transaction sent by multiple people, a multi-component transaction, and a regular transaction. This gives an incentive for the ecosystem to spread the protocol and makes transactions that are not performed with CoinJoin indistinguishable when possible.
CoinJoin's original protocol does not offer some design solutions, such as the introduction of rules, what amounts can be combined, how self-configuration occurs, and how participants exchange information before signing a transaction.
The simplest example. There are two CoinJoin members, each entering 1 BTC and getting an exit at 1 BTC. For simplicity, let's assume that there is no transaction fee.
The operation uses one or more inputs and creates one or more exits with specified values.
Each entry is the result of a past transaction. Each entry has a separate signature (scriptsig), which is created in accordance with the rules specified in the last exit (scriptpubkey).
The bitcoin system needs to make sure that the signatures are correct, that the inputs exist, and the amount of output values is less or equal to the amount of inputs (any excess becomes a commission to miners).
There is no requirement that money on the exit be used the same: you do not need to transfer BTC to the same address.
Signatures, one per entry, inside the transaction are completely independent of each other. This means that users can agree on a set of inputs, as well as the number of exits to pay. The transaction is invalid and will not be accepted by the network until all signatures are provided.
Most transactions in the bitcoin network are still conducted with the commission of miners. In this case, its payment can be decided in this way:
to be evenly divided by the number of participants
alternate if a number of joint transactions are expected.
The idea can be used in a more general way: to make joint payments to reduce weight.
There are several implementations of anonymous bictoin transactions inspired by CoinJoin: SharedCoin, Dark Wallet, DarkSend in Altcoin Dash and JoinMarket.
There is also CoinShuffle, an extension for the CoinJoin protocol. It is based on the dissent group protocol. This corrects one flaw of the previous protocol - the moment when the parties have to agree: where and how, a third party is needed. In this case, the feasts are connected directly, and using ephemeral open key encryption and random shuffling, participants are "blinded." In the case of a DDOS attack, the protocol can identify the attackers and remove them.
The protocol does not charge for mixing, but requires additional time to perform.
CoinShuffle was proposed by a group from Cluster of Excellence Multimodal Computing and Interaction (MMCI) at the University of Saarland. Tim Ruff, Pedro Moreno-Sanchez and Aniket Kate were named as authors of the article. The original version was published at the 19th European Symposium on Computer Security Research (ESORICS'14).