Open main menu

Wikipedia β

CoinJoin is an anonymization method for bitcoin transactions proposed by Gregory Maxwell. It is based on the following idea: “When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together.”.[1] When making a joint payment, there is no way to relate input and outputs in one bitcoin transaction and thus the exact direction of money movement remains unknown to third parties.

CoinJoin basic idea example: two transactions are joined into one while inputs and outputs are unchanged.

There are several implementation of anonymous bitcoin transactions inspired by CoinJoin: SharedCoins,[2] Dark Wallet,[3] CoinShuffle,[4] PrivateSend feature of Dash and JoinMarket.[5]

CoinJoin-based mixing methods increase privacy for all users – even those not using mixing – because it is no longer likely that all inputs to a transaction come from a single wallet, and hence can no longer be reliably associated with a single user.[6]



CoinShuffle was proposed by researchers from Saarland University in 2014.[7] It further develops the CoinJoin concept and increases privacy by not requiring any trusted third-party to be involved in the creation of mixed transactions. In the original research paper presented at the 19th European Symposium on Research in Computer Security, CoinShuffe is described as a completely decentralized coin-mixing protocol “inspired by CoinJoin to ensure security against theft and by the accountable anonymous group communication protocol Dissent to ensure anonymity as well as robustness against [DoS] attacks”.[7]

Only a proof-of-concept implementation of CoinShuffle protocol was made available, written purely to evaluate the feasibility and performance.[8] It was followed by further research leading to the CoinShuffle++, ValueShuffle and PathShuffle proposals. ValueShuffle was presented at Scaling Bitcoin 2017 by Tim Ruffing (Saarland University): video recording.

Security issuesEdit

CoinJoin requires that users negotiate transactions they wish to join. The first services to handle this (such as's SharedCoin) used centralized servers and required users to trust the operator of the service not to steal the bitcoins or allow others to do so. Centralized services may also compromise participants' privacy by keeping logs of the transactions they negotiate.[9] Decentralized implementations of CoinJoin such as JoinMarket attempt to circumvent various issues related to centralization.[5]

The level of anonymity offered by CoinJoin can also be diminished if the protocol is implemented incorrectly. One such flaw was identified in's SharedCoin mixing service. Security consultant Kristov Atlas,[10] author of the book Anonymous Bitcoin,[11] detailed the flaw in an article entitled Weak Privacy Guarantees for SharedCoin Mixing Service.[12] In this article he states “the SharedCoin service should be used only as a light protective measure for financial privacy”. As part of his research, the author developed a tool called 'CoinJoin Sudoku'[13] that could identify SharedCoin transactions and detect relationships between specific payments and payees.[14]

See alsoEdit