How The Freedom Convoy Could Have Protected Donation Privacy With Whirlpool

All Bitcoin transactions are public, anyone tin look astatine them. There is thing peculiar required to presumption each Bitcoin transaction that has ever occured — they are each publically disposable connected the blockchain. You don't request a node, conscionable a elemental artifact explorer website volition do, specified arsenic Mempool.space, KYCP.org oregon Blockstream Explorer. You tin presume that your adversaries are watching.

What isn't stored connected the blockchain are your personally-identifying details specified arsenic your name, address, telephone number, etc. That accusation is cataloged externally by 3rd parties specified arsenic your employer, your brokerage/exchange oregon perchance a fundraiser that you donated to and volunteered that accusation to. If your leader paid you successful bitcoin, past they would beryllium capable to travel your nationalist transactions and spot that you made a donation to a fundraiser, for example. Likewise, the organizer of the fundraiser would beryllium capable to spot the past of your Bitcoin transactions and they would cognize however overmuch bitcoin you had going into the transaction wherever you sliced disconnected a tiny information to donate.

Furthermore, immoderate outer perceiver who knew what the Bitcoin donation code was, would beryllium capable to show each incoming donations and past spot wherever the remaining alteration from those donations was sent. These outer observers could besides spot wherever the donations went aft the archetypal deposit. If determination was immoderate personally-identifying accusation held by a trusted 3rd enactment wherever fiat was traded for bitcoin oregon wherever bitcoin was traded for fiat, past the custodian of that accusation volition beryllium compelled to crook implicit those details that personally place an individual.

"The existing [legacy financial] strategy has respective legislative mechanisms built successful that guarantee basal privateness (your slope doesn’t stock your relationship equilibrium and transaction past with the barista astatine the java store for example). The blockchain doesn’t person the luxury of legislative powerfulness to lick these problems, truthful bundle solutions specified arsenic CoinJoin are utilized to get these basal protections." 

–Samourai Wallet blog post, March 15, 2022 

A Real-World Example Of The Need For Bitcoin Mixing

Let’s dive successful and larn to recognize the implications of a fully-transparent transaction ledger successful the look of an ever-increasingly adversarial environment. This conception volition supply that inheritance with a real-world illustration and an mentation of however Bitcoin transactions are scrutinized successful specified a scenario.

After establishing that, successful this existent satellite example, the tracing of Bitcoin transactions could let authorities opposed to these transactions to ace down connected them, this nonfiction volition explicate however Whirlpool, a CoinJoin implementation built by the developers of Samourai Wallet, could person breached the deterministic links betwixt the transactions and could person provided forward-looking anonymity.

Timeline

Here is simply a timeline of the caller Canadian Freedom Convoy with notable events arsenic they subordinate to Bitcoin:

• January 28, 2022: Truckers commencement arriving successful Ottawa
• February 1, 2022: @HonkHonkHodl receives archetypal bitcoin donation via @tallycoinapp. Not galore radical were utilizing Bitcoin to donate to the Freedom Convoy, galore much donations were being made with accepted crowdfunding platforms. This would soon change.

• February 5, 2022: GoFundMe announces that each donations to the Freedom Convoy would beryllium refunded to the donors, banning immoderate further engagement betwixt the crowdfunding level and the Freedom Convoy. This was fundamentally an advertisement for unstoppable wealth similar bitcoin. Donations to the @HonkHonkHodl fundraising run done @tallycoinapp commencement to ramp up.

• February 7, 2022: Under an order issued by the Ontario Superior Court of Justice, different crowdfunding platform, @GiveSendGo, is compelled to frost entree to millions of dollars donated to the Freedom Convoy. This further escalated fundraising via Bitcoin done the @HonkHonkHodl fundraising campaign.
• February 11, 2022: Ontario declares a authorities of emergency. This declaration explicitly made it "illegal and punishable to artifact and impede the question of goods, radical and services on captious infrastructure." Ontario Premier Doug Ford further clarifies that, "Fines for non-compliance volition beryllium severe, with a maximum punishment of $100,000 and up to a twelvemonth imprisonment. We volition besides supply further authorization to see taking distant the idiosyncratic and commercialized licenses of anyone who doesn't comply with these orders.”
• February 14, 2022: Canadian Prime Minister Justin Trudeau invoked the Emergencies Act. Among expanding the powers and scope of the Canadian authorities beyond that which whitethorn beryllium due successful mean times, the Emergencies Act has 2 circumstantial and sweeping fiscal implications: First, it would seizure crowdfunding platforms and outgo work providers nether the Proceeds of Crime and Terrorist Financing Act. Second, crowdfunding platforms and the outgo work providers they usage person to registry with and study ample and/or suspicious transactions to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), the nationalist fiscal quality agency. Financial accounts would beryllium frozen without tribunal bid for individuals identified arsenic being associated with the Freedom Convoy.
• February 14, 2022: On the aforesaid time that the Canadian authorities invokes the Emergencies Act, @HonkHonkHodl closes retired the fundraising run connected @tallycoinapp, having exceeded the archetypal goal, reaching astir 21 bitcoin successful full donations. 

• February 15, 2022: The Ontario Superior Court of Justice enacted the Mareva Injunction, a $306,000,000 people enactment lawsuit. This injunction names 17 individuals, 2 organizations and 62 anonymous entities arsenic defendants further stipulating that "Any different idiosyncratic who knows of this bid and does thing which helps oregon permits the Defendant to breach the presumption of this Order whitethorn besides beryllium held to beryllium successful contempt of tribunal and whitethorn beryllium fined oregon imprisoned." Essentially, anyone who did truthful overmuch arsenic serve coffee to a Freedom Convoy fishy volition present look fines and imprisonment. This injunction goes arsenic acold arsenic to see respective Bitcoin addresses, truthful if 1 of these ends up successful transportation with your identity, past you would beryllium successful usurpation of this injunction.
• February 16, 2022: News breaks that the Royal Canadian Mounted Police (RCMP) published a blacklist of cryptocurrency addresses related to the Freedom Convoy donations. Essentially, this means that immoderate funds connected to immoderate of these addresses hitting a bitcoin-to-fiat disconnected ramp would trigger seizure and contiguous reporting to authorities based connected the exigency measures enactment successful spot conscionable days prior. 

Summary

Essentially, what transpired successful the timeline supra is that successful little than 2 weeks, the Canadian authorities managed to crook a swath of the colonisation into criminals and past determination was thing stopping the authorities from disregarding the rights of this monolithic radical of people.

This is what this writer refers to arsenic the "pendulum swinging." One day, you are starring a perfectly mean and ineligible life, the adjacent you are a transgression and look terrible consequences for doing what was erstwhile inconsequential. If you worth being capable to pass with your friends and family, the state of question and being capable to entree fiscal services oregon walk your wealth connected the things you choose, past it would payment you to commencement taking small, incremental steps to defender these freedoms.

There are galore resources disposable to those who privation to larn much astir the tools disposable to you successful this fight:

• Bitcoiner.Guide
• Diverter.HostYourOwn.Tools
• K3tan.com
• x21.tools

Follow The Money

This conception volition travel the travel of a donation connected the Bitcoin blockchain to the Freedom Convoy Bitcoin address, past beyond to the disbursed payments to the truckers. At points on this path, it volition beryllium pointed retired wherever Whirlpool could person been utilized and however it would person helped forestall the targeting of circumstantial individuals who allowed their identities to beryllium linked with their on-chain activity. The transaction IDs (txids), bitcoin addresses and dates person been obfuscated, but these are existent transactions surrounding the @HonkHonkHodl donations.

This objection follows the transactions of an entity named Alice. Alice has astir 28 bitcoin successful her wallet, successful a azygous unspent transaction output (UTXO). One day, Alice decides to usage the UTXO to marque a 0.3 BTC deposit to a Coinbase account. On-chain heuristics would marque the tenable presumption that the Coinbase relationship is owned by Alice. In that transaction, the 28 BTC is utilized arsenic the lone input and determination are 2 outputs. The archetypal output is the 0.3 BTC to her assumed Coinbase account. The 2nd output is her remaining 28 BTC.

As clip goes on, Alice makes 3 much transactions with this 28 BTC, each clip providing the 28 BTC arsenic an input with a tiny magnitude being spent and the remainder being returned to her arsenic change. This benignant of spending signifier on-chain is known arsenic a "peel chain," and Whirlpool helps interruption this rhythm by breaking the deterministic links.

On the 4th transaction, Alice made a donation to the Freedom Convoy.

Each clip Alice made a transaction, the 28 BTC UTXO was utilized arsenic an input and a small spot was spent, returning the bulk of that 28 BTC to Alice arsenic the change. Then that alteration was spent arsenic an input to the adjacent transaction with a small spot peeled disconnected arsenic the walk and the remainder returned to Alice again. Because of this peel concatenation signifier of elemental transactions, the 0.3 BTC spent to Coinbase successful the archetypal transaction makes the presumption that Coinbase is alert of Alice's existent individuality and alert that she owns the 28 BTC that she continued spending downstream. Coinbase tin besides spot each transaction related to that bitcoin.

By the clip Alice made a donation to the Freedom Convoy, she utilized what was near of that archetypal 28 BTC. In the donation transaction, Alice provided a 24.07 BTC input. The transaction had 2 outputs, a 0.25 BTC donation to the known Freedom Convoy Bitcoin donation code hosted connected the Tallycoin website. The different output was 23.82 BTC being returned to Alice arsenic change.

Assuming Coinbase knows Alice's existent individuality and her on-chain enactment is straight linked to her Coinbase account, her existent individuality tin beryllium revealed arsenic a donor to the Freedom Convoy if authorities analyse the matter. After Alice made her donation, much bitcoin was consolidated and moved downstream by the Freedom Convoy Bitcoin donation organizer(s). 

The entity successful power of the Freedom Convoy donations makes respective transactions that consolidate bitcoin and determination the caller balances to caller addresses. Throughout the entirety of the Tallycoin fundraising campaign, the aforesaid Bitcoin donation code was used.

In bid to disburse donations to Freedom Convoy truckers, the entity successful power of the bitcoin established 100 antithetic wallets for the truckers. They made 3 deposits to each wallet. Unfortunately, they utilized the aforesaid code successful each wallet for each of the 3 deposits alternatively of utilizing a caller code each time. Address reuse is atrocious for privateness due to the fact that past each transactions involving that 1 code are known to beryllium controlled by the entity that possesses the signing cardinal for that address. The Whirlpool coordinator enforces strict rules that bash not let code reuse successful CoinJoin transactions.

This graph shows galore donations being made to the known Tallycoin Bitcoin donation address. Then those donations are consolidated and moved to caller addresses successful 3 transactions starring up to the transaction wherever the bitcoin was disbursed to 100 wallets successful what seems to beryllium a trial transaction. Each deposit was lone 4,800 sats.

A fewer blocks later, different deposit was made to the 100 wallets for the truckers. This transaction was funded by a 14.67 BTC consolidation of the Freedom Convoy donations. There were 100 equal-sized outputs of 0.004 BTC, each going to the aforesaid code arsenic the 4,800 sat deposit successful each of the 100 wallets. There was a 14.27 BTC output from this transaction arsenic well.

The 14.27 BTC output was utilized a fewer blocks aboriginal arsenic an input to the 3rd trucker wallet deposit. This transaction deposited 100 equal-sized outputs of 0.14 BTC, each going to the aforesaid code arsenic the 4,800 sat deposit and the 0.004 BTC deposit successful each of the 100 wallets.

The bulk of the trucker deposits person remained unspent. The ones that person been spent person gone to KYC exchanges similar Coinbase, Crypto.com and Kraken.

Unfortunately, the Canadian authorities has blacklisted respective if not each of these addresses, acceptable to enforce strict penalties connected anyone who is associated with these donations. For the trucker who sent their deposits to Coinbase, this means that they volition beryllium identified arsenic blameworthy parties. The exchanges volition prehend and study immoderate enactment connected their platforms related to immoderate of these donations. For Alice, it is present imaginable to straight necktie her individuality to immoderate of the donated bitcoin, due to the fact that of her deposit to her Coinbase relationship respective transactions anterior to the donation. This means that Alice volition beryllium reported and perchance look penalties successful narration to supporting the Freedom Convoy.

How Whirlpool Fixes This

To recognize however the Whirlpool CoinJoin implementation tin beryllium utilized arsenic a instrumentality for breaking on-chain heuristics and gaining forward-looking anonymity, it is important to archetypal recognize the issues with elemental Bitcoin transactions that person 1 input and 2 outputs. In the real-world illustration above, you tin spot however an idiosyncratic making these kinds of elemental transactions tin permission traces connected concatenation that irrevocably link them to enactment which authorities are actively trying to punish. Here is simply a ocular illustration to assistance elaborate the point, this is Alice's transaction that spent 1 output to her assumed Coinbase account.

You tin spot that determination is lone 1 mode to construe this transaction, Alice owned the full 28.49 BTC input, sent 0.3 BTC to Coinbase and received 28.18 BTC backmost successful change. Then, further heuristics tin beryllium made to extrapolate accusation that is not embedded successful the transaction, specified arsenic it being much apt than not that Alice owns the Coinbase relationship that the 0.3 BTC were deposited to. Going further then, it is imaginable to reasonably connect Alice's existent individuality with the 28.18 BTC alteration from the KYC records kept by Coinbase.

This is what a Whirlpool transaction looks similar on-chain. There are ever 5 inputs and 5 outputs. All of the outputs are the aforesaid denomination, 0.05 BTC successful this case. You tin presumption this transaction connected the KYCP.org website for yourself here.

There are strict rules determined by the ZeroLink CoinJoin implementation successful Whirlpool that are enforced by the coordinator. The coordinator is simply a blinded server that facilitates the CoinJoin transactions. Some of the rules that the coordinator enforces are:

• Each CoinJoin transaction volition person 5 inputs.
• Each CoinJoin transaction volition person 5 outputs.
• No code reuse.
• All of the outputs from a CoinJoin transaction volition beryllium the aforesaid denomination.
• UTXOs bash not transverse from 1 excavation to different — 0.05 BTC UTXOs bash not get utilized arsenic inputs successful 0.01-BTC-sized Whirlpool CoinJoin transactions, for example.
• No azygous wallet whitethorn person much than 1 input to a transaction. So each 5 inputs indispensable travel from antithetic wallets.
• No 2 outputs from a CoinJoin transaction whitethorn beryllium utilized unneurotic successful a aboriginal CoinJoin transaction.
• Every CoinJoin transaction volition person a minimum of 2 caller participants to the liquidity excavation and a maximum of three.
• Every CoinJoin transaction volition person a minimum of 2 re-mixing participants and a maximum of three. These participants whitethorn beryllium referred to arsenic "free riders."
• Fresh participants screen the miners fee.
• Re-mixing participants proceed mixing for nary further fee.
• Only UTXOs from a erstwhile CoinJoin transaction (free riders) oregon UTXOs from a transaction zero (TX0) (fresh participants) volition beryllium allowed arsenic inputs.

These rules are however Whirlpool breaks deterministic links and provides forward-looking anonymity. There is thing astir immoderate azygous Whirlpool CoinJoin transaction output that distinguishes it from immoderate of the different 4 outputs. Every output has an adjacent likelihood of being linked to immoderate fixed input, truthful nary definite conclusions tin beryllium drawn astir the ownership of immoderate fixed output.

Another important diagnostic of Whirlpool is this TX0 conception mentioned above. TX0 is what creates the UTXOs that tin beryllium utilized arsenic caller participants to a Whirlpool CoinJoin transaction. Every UTXO utilized arsenic an input to a Whirlpool CoinJoin transaction indispensable archetypal travel from a TX0. Very simply, TX0 volition instrumentality for an input immoderate bitcoin from your deposit wallet. This tin beryllium a azygous input oregon it tin beryllium respective inputs. In the illustration below, the TX0 input was 0.81 BTC.

In this peculiar example, the selected excavation size was 0.05 BTC, meaning that each UTXOs from this excavation volition beryllium 0.05 BTC. You tin spot that the azygous 0.81 BTC input was utilized to make the pursuing outputs:

• 18 0.0501 BTC outputs: These volition beryllium caller participants disposable for caller Whirlpool CoinJoin transactions. They transportation a small other bitcoin truthful that they tin screen the miners interest of the Whirlpool CoinJoin transaction that they volition enactment in.
• One 0.0134 BTC output: This is called “Doxxic Change,” it is separated from the different UTXOs and the Samourai Wallet exertion volition punctual you to statement this UTXO arsenic Doxxic Change and to alteration the spending presumption of this UTXO to "un-spendable." More details astir Doxxic Change volition follow.
• One 0.0025 BTC output: This is the interest paid to the Samourai Wallet developers for this service. 

At this stage, immoderate on-chain past tied to the 0.81 BTC input is inactive linkable to each of the outputs mentioned above. However, arsenic each of the 0.0501 BTC UTXOs gets included successful a caller Whirlpool CoinJoin transaction, the deterministic nexus to that past gets broken. After that, the on-chain heuristics cannot beryllium utilized to marque assumptions astir the ownership of the Whirlpool CoinJoin UTXOs. This is however forward-looking anonymity is achieved, each of the UTXOs are the aforesaid size and person the aforesaid likelihood of being linked to immoderate peculiar input. These UTXOs blend into a crowd, truthful to speak.

To show this blending into a assemblage effect, the adjacent respective pictures exemplify however galore possibilities determination are erstwhile trying to nexus 1 of the inputs from this archetypal transaction to 1 of the outputs. If 1 of the outputs of immoderate proceeding transaction is utilized arsenic an input to different Whirlpool CoinJoin transaction, past those outputs are marked successful reddish and the paths expanded, again and again. By the end, immoderate bluish dot oregon un-expanded reddish dot represents a transaction that the fishy entity could beryllium the proprietor of.

Five inputs were utilized successful this transaction, trying to travel the imaginable way of a fishy entity, immoderate output could beryllium to them. Three of the outputs were utilized successful different Whirlpool CoinJoin. There are 1 of 5 possibilities.

Two of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 16 imaginable transactions to follow.

Three of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 24 imaginable transactions to follow.

Six of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 34 imaginable transactions to follow.

Ten of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 55 imaginable transactions to follow.

Nineteen of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 87 imaginable transactions and 1 unspent output to follow.

Forty 2 of the outputs pb to further Whirlpool CoinJoin transactions. There are 1 of 133 imaginable transactions and 2 unspent outputs to follow.

At this constituent it is becoming excessively hard to manually number and the thought is good illustrated by now. Each reddish dot represents different Whirlpool CoinJoin transaction that volition pb to 5 further outputs that could beryllium to the entity who owned the archetypal input. Each bluish dot represents a transaction that is not a Whirlpool CoinJoin but could incorporate the output of interest.

This conscionable keeps going and going. This is the asymmetric vantage that breaking deterministic links has erstwhile an extracurricular perceiver views the blockchain transaction information successful an effort to travel someone.

If Alice had donated to the Canadian Freedom Convoy with bitcoin from a Whirlpool output, past determination would person been nary deterministic mode to nexus that donation backmost to Alice's anterior transaction history. Any probe of the substance going backwards done the transaction past would person led to a cloud-looking transaction graph, arsenic demonstrated above.

Likewise, if immoderate of the Canadian Freedom Convoy donation recipients would usage Whirlpool to CoinJoin their bitcoin, past determination would not beryllium a deterministic mode for a KYC speech to nexus their deposit to the donations successful question. Also, if the organizer of the donations had been Whirlpooling donations arsenic they came in, past the way of those funds connected concatenation would person been obfuscated. Additionally, deposits to the truckers' 100 wallets could person been made utilizing privacy-preserving collaborative transactions alternatively of batch spends.

To larn much astir Whirlpool anonymity, work this article. Read this article to larn much astir the blockchain explorer utilized successful this demonstration, KYCP.org. Check retired this Stephan Livera podcast with @ErgoBTC connected the taxable of unwinding CoinJoins, tumblers, Wasabi and JoinMarket.

This is simply a impermanent station by Econoalchemist. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.