CoinJoin is an anonymization method for bitcoin transactions proposed by Gregory Maxwell. It is based on the following idea: “When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together.”. When making a joint payment, there is no way to relate input and outputs in one bitcoin transaction and thus the exact direction of money movement remains unknown to third parties.
CoinJoin-based mixing methods increase privacy for all users – even those not using mixing – because it is no longer likely that all inputs to a transaction come from a single wallet, and hence can no longer be reliably associated with a single user.
CoinShuffle was proposed by researchers from Saarland University in 2014. It further develops the CoinJoin concept and increases privacy by not requiring any trusted third-party to be involved in the creation of mixed transactions. In the original research paper presented at the 19th European Symposium on Research in Computer Security, CoinShuffe is described as a completely decentralized coin-mixing protocol “inspired by CoinJoin to ensure security against theft and by the accountable anonymous group communication protocol Dissent to ensure anonymity as well as robustness against [DoS] attacks”.
Only a proof-of-concept implementation of CoinShuffle protocol was made available, written purely to evaluate the feasibility and performance. It was followed by further research leading to the CoinShuffle++, ValueShuffle and PathShuffle proposals. ValueShuffle was presented at Scaling Bitcoin 2017 by Tim Ruffing (Saarland University): video recording.
CoinJoin requires that users negotiate transactions they wish to join. The first services to handle this (such as blockchain.info's SharedCoin) used centralized servers and required users to trust the operator of the service not to steal the bitcoins or allow others to do so. Centralized services may also compromise participants' privacy by keeping logs of the transactions they negotiate. Decentralized implementations of CoinJoin such as JoinMarket attempt to circumvent various issues related to centralization.
The level of anonymity offered by CoinJoin can also be diminished if the protocol is implemented incorrectly. One such flaw was identified in blockchain.info's SharedCoin mixing service. Security consultant Kristov Atlas, author of the book Anonymous Bitcoin, detailed the flaw in an article entitled Weak Privacy Guarantees for SharedCoin Mixing Service. In this article he states “the SharedCoin service should be used only as a light protective measure for financial privacy”. As part of his research, the author developed a tool called 'CoinJoin Sudoku' that could identify SharedCoin transactions and detect relationships between specific payments and payees.
- Gregory Maxwell (2013-08-22). "CoinJoin: Bitcoin privacy for the real world". bitcointalk.org.
- "Shared Coin - Free Trustless Private Bitcoin Transactions". SharedCoin site.
- Andy Greenberg (2014-04-29). "'Dark Wallet' Is About to Make Bitcoin Money Laundering Easier Than Ever". wired.com.
- Kyle Torpey (2015-01-27). "CoinShuffle Aims to Improve Privacy in Bitcoin". Inside Bitcoins.
- "Joinmarket - Coinjoin that people will actually use". Bitcoin Talk. 2015-01-09.
- "Blockchain.info implements CoinJoin for free to fight CoinValidation". Reddit.com.
- Ruffing, Tim; Moreno-Sanchez, Pedro; Kate, Aniket (2014-08-14), CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin (PDF)
- "CoinShuffle project page at Saarland University (CoinShuffle: Practical Decentralized Bitcoin Mixing)". crypsys.mmci.uni-saarland.de.
- Jon Matonis (2014-03-17). "A Taxonomy of Bitcoin Mixing Services for Policymakers". CoinDesk.com.
- "Kristov Atlas at GitHub". GitHub.com.
- "About the Author – Anonymous Bitcoin Book". anonymousbitcoinbook.com.
- Kristov Atlas (2014-06-09). "Kristov Atlas Security Advisory <20140609-0>, Weak Privacy Guarantees for SharedCoin Mixing Service".
- "CoinJoin Sudoku - Weaknesses in SharedCoin, and CoinJoin research".
- Jon Southurst (2014-06-10). "Blockchain's SharedCoin Users Can Be Identified, Says Security Expert". CoinDesk.com.