Track Me If You Can — How Bitcoin Forward-Looking Anonymity Sets Work

Whirlpool gives a definite level of privateness erstwhile utilizing bitcoin, and forward-looking anonymity sets are a measurement of however good hidden you are.

Let’s speech astir Whirlpool “forward-looking anonymity sets” — the assemblage successful which you are hiding in.

To day you whitethorn beryllium acquainted with the Whirlpool CoinJoin implementation which is disposable connected the Samourai Wallet mobile app, oregon Sparrow Wallet desktop app. When you enactment successful a Whirlpool CoinJoin you summation privateness by collaborating successful a multiparty transaction which leaves anyone looking on-chain scratching their caput portion trying to decipher wherever your bitcoin has gone.

A Whirlpool CoinJoin is conscionable similar immoderate different bitcoin transaction, made up of inputs and outputs. However each input is provided by a antithetic bitcoin wallet, and each output is returned to 1 of the participating wallets. This transaction is organized by Samourai Wallet’s cardinal Whirlpool coordinator, each the clip without the coordinator knowing which input belongs to which output (“blinded”), and without you ever giving up custody of your bitcoin.

Let’s accidental it’s the extremity of the period and I’ve conscionable been paid by my employer. Before I walk immoderate of my bitcoin I archetypal privation to usage Whirlpool to summation immoderate forward-looking privacy. After all, the bitcoin blockchain is simply a nationalist ledger and I consciousness it my close for my leader to not cognize what I get up to successful my backstage life, including them knowing my spending habits.

I participate Whirlpool, providing 1 of the inputs and enactment successful a transaction which looks similar this:

• 5 x Input UTXOs.
• 5 x Output UTXOs.

• Each input UTXO belongs to 1 of the 5 participating wallets.
• Each output UTXO belongs to 1 of the 5 participating wallets.
• All output UTXOs are equal.

Observing on-chain it is intolerable to find which 1 of the 5 outputs is mine. The crushed wherefore it is “impossible” is due to the fact that each deterministic links are breached betwixt the input and output broadside of the transaction. So if my sneaky leader were to determine they were going to effort and spy connected my spending habits aft I was paid, they would spot that I’ve “entered” Whirlpool and would present person to presume I americium hiding successful a assemblage of five, right? Well I could really beryllium hiding successful a assemblage larger than five. Enter Whirlpool forward-looking anonymity sets …

Whirlpool Forward-Looking Anonymity Sets

When you usage Whirlpool, depending connected the excavation size you choose, your bitcoin is breached up into smaller pieces successful 1 of the pursuing denomination sizes: 0.5 BTC, 0.05 BTC, 0.01 BTC, oregon 0.001 BTC. Due to Whirlpool’s architecture, outputs which stay successful these excavation denomination sizes are escaped to beryllium remixed astatine nary further outgo to the idiosyncratic (more connected that later).

After my archetypal mix, if I oregon 1 of my mixing peers remixes, the assemblage which I americium hiding successful (forward-looking anonymity set) increases from 5 to nine.

My adjacent output UTXO does not request to remix for the assemblage successful which I americium hiding successful to grow. Whether it is my UTXO which remixes oregon 1 of my mixing peers, determination is nary mode to archer on-chain which UTXO from the archetypal premix has been remixed. There are present 9 adjacent outputs connected to my archetypal mix, truthful my spying leader would person to presume I could beryllium immoderate 1 of them.

This adjacent graphic demonstrates however the assemblage successful which I americium hiding tin turn without maine remixing. After my archetypal mix, my UTXO, the reddish circle, remains successful a Whirlpool excavation denomination size and has not been remixed. However 2 of my mixing peers person continued to remix and determination are present 4 much CoinJoins associated with my archetypal mix. To cipher my caller forward-looking anonymity set, present I would number up the equal-output UTXOs (orange circles) positive my ain equal-output UTXO (red circle) and I get astatine a assemblage of 21.

On-chain the orangish circles are indistinguishable from my reddish circle, truthful my leader would person to prosecute each 21 antithetic leads should they privation to way maine since “entering” Whirlpool. Even if they were to effort to support tabs, they could not accidental with immoderate certainty which of the 21 UTXOs I am.

How Is Remixing Free?

Before discussing further astir forward-looking anonymity sets and looking astatine immoderate existent satellite examples, for the uninitiated it’s worthy breaking down precisely however remixing is escaped successful Whirlpool.

When you archetypal “enter” Whirlpool, your Samourai oregon Sparrow Wallet broadcasts what is termed the “Transaction Zero,” oregon Tx0 for short. This is simply a pre-transaction earlier “jumping successful the pool,” and it does 3 things:

1. Pre-mix UTXO/s: breaks up your bitcoin into smaller-denomination UTXOs, positive a small extra.
2. Fixed Pool Fee: pays Samourai oregon Sparrow Wallet for coordinating the Whirlpool transaction.
3. Doxxic Change: returns to you immoderate bitcoin which is excessively tiny to beryllium mixed. This is called doxxic arsenic it is inactive associated with the erstwhile past your bitcoin has.¹

Have a look present astatine this existent satellite Tx0 successful the pursuing artifact explorers:

Transaction ID: bcb4d9dfde37215f2ede6142c651981e22f70e549c03cd341a71dffe8b2dce57

• kycp.org
• oxt.me (double-click connected the bluish ellipse to grow the transaction, past zoom out)
• mempool.space

In the graphic beneath enactment that 3 x premix UTXOs person been created successful this Tx0, each owned by the aforesaid wallet and destined to each beryllium mixed successful the 0.001 pool. Also enactment each of these UTXOs is of somewhat much worth than the chosen excavation size. Hold that thought!

It’s worthy mentioning present a highly important facet of a Tx0; absorption of Doxxic change. Doxxic alteration is your bitcoin which inactive holds immoderate antecedently associated history, nevertheless is excessively tiny to beryllium Whirlpooled¹. The Tx0, by design, returns the Doxxic alteration to a antithetic country successful your wallet than your bitcoin which has been mixed. This means it is intolerable to sprout yourself successful the ft by accidentally creating a transaction successful the aboriginal wherever you walk your mixed bitcoin successful the aforesaid transaction arsenic your Doxxic change. Doing truthful would unwind the privateness benefits of CoinJoining.

Now you’re acceptable to mix. One by 1 your pre-mix UTXOs are selected by the Whirlpool coordinator to enactment successful their archetypal CoinJoin. One of your pre-mix UTXO volition beryllium 1 of 5 inputs successful the CoinJoin transaction.

The Whirlpool coordinator besides organizes a 2nd pre-mix UTXO to enactment (“peer pre-mix UTXO”)². This further adjacent pre-mix UTXO is from different user’s wallet which has conscionable gone done the aforesaid process you person erstwhile you entered Whirlpool. Remember however erstwhile you make your transaction zero your bitcoin is breached up into aggregate pool-size denominated UTXOs, positive a small extra? Well if you adhd up the “little extra” of the pre-mix UTXO and the adjacent pre-mix UTXO, that is what pays the miner fees for the CoinJoin transaction. In the graphic beneath the magnitude to beryllium paid to the bitcoin miners is 907 sats positive 907 sats, totaling 1,814 sats.

Now it’s the remixer’s clip to shine. The Whirlpool coordinator selects astatine random 3 remixing UTXOs which person already undergone their archetypal mix. The 3 remixing UTXOs are sat successful their respective wallets and importantly stay successful Whirlpool’s “unspent capacity” arsenic they person not been spent by their owners. So agelong arsenic their associated wallet is online communicating with the Whirlpool coordinator, they are eligible for remixing.

So to recap:

• Your pre-mix UTXO: pays for CoinJoin miner fees
• Peer pre-mix UTXO: pays for CoinJoin miner fees
• Remixing UTXOs: participates successful the CoinJoin for escaped (also termed a “freerider”)

Once the CoinJoin has been organized betwixt 5 abstracted wallets, the transaction is broadcast to the Bitcoin web automatically. Five inputs into the transaction person been destroyed, creating 5 caller indistinguishable adjacent outputs. All adjacent outputs are present eligible for remixing if their owners truthful please.

Although remixing UTXOs are termed “freeriders,” they are integral to Whirlpool’s architecture not lone successful providing forward-looking anonymity for the pre-mixers who are paying the CoinJoin transaction miner fees, but they are besides expanding the forward-looking anonymity acceptable for their erstwhile mixing peers.

It is besides important to enactment that your UTXOs (whether a pre-mix one, oregon remixing one) volition ever beryllium mixed successful their ain CoinJoin transaction. Multiple UTXOs successful your wallet volition ne'er beryllium mixed successful the aforesaid Whirlpool CoinJoin transaction together, arsenic this provides the champion anon-set guarantees and besides prevents users oregon entities Sybil attacking Whirlpool.

TLDR: The caller liquidity “entering” Whirlpool covers the mining interest for each Whirlpool CoinJoin transaction. Those UTXOs who person already “entered” Whirlpool and person undergone their archetypal premix (paying the fixed excavation interest positive miner fee) bash not wage a azygous satoshi much to enactment successful remixes, truthful agelong arsenic they stay successful their excavation denomination size / unspent capacity.

Whirlpool Forward-Looking Anonymity Sets Continued

Theory is each good and great, but however tin you arsenic a Whirlpool idiosyncratic cipher the size of the assemblage you are hiding in? Try utilizing OXT’s transaction graph visualizer to hunt for your archetypal premix CoinJoin transaction, then:

1. Manually grow each output which is remixed.
2. Mark successful orangish immoderate UTXO which is unspent (remaining successful a Whirlpool pool-size denomination).
3. Mark successful orangish immoderate UTXO which is spent (leaving Whirlpool).

Add up the orangish lines to get your forward-looking anonymity acceptable (33 successful this illustration below).

This works good for smaller numbers, but Whirlpool mixes hap often (average of 211 mixes per time successful the 0.001 excavation truthful acold during 2022). Manually counting forward-looking anonymity sets tin rapidly go impossible. Queue Whirlpool Stat Tool ...

Whirlpool Stat Tool

Whirlpool Stats Tool was made by the Samourai Wallet developers to let users to verify themselves the anonymity sets which are achieved by utilizing Whirlpool. Using a acceptable of python scripts, it rapidly calculates the forward-looking anonymity acceptable for you. Enter successful a transaction ID for your archetypal premix and it'll archer you the size of the assemblage you're hiding successful since your Whirlpool CoinJoin occurred.

Because I tally a RoninDojo node, Whirlpool Stats Tool is pre-installed and casual to usage by pursuing the usher connected their wiki.

Using the instrumentality implicit the past 93 days I person been monitoring the forward-looking anonymity acceptable of this Whirlpool CoinJoin transaction ID:

1fed0d526e89cd3f2ac14be0cfc1fe13e5cb8a772977551f0922f0c6907ab8f3

Let's spot however ample the assemblage its participants are hiding successful is:

28 days aft mix: forward-looking anonymity acceptable = 1,644

35 days aft mix: forward-looking anonymity acceptable = 6,722

93 days aft mix: forward-looking anonymity acceptable = 35,214 (as shown successful Whirlpool Stats Tool connected my RoninDojo below).

Hiding successful a assemblage of 35,000 it is present intolerable (dare I accidental it) for anyone, including a concatenation surveillance company, to find wherever the archetypal premix participant's bitcoin is. Perhaps they've already near Whirlpool and spent their bitcoin, oregon possibly they person stuck astir to get escaped remixes.

What I find absorbing astir this peculiar transaction ID is that arsenic of the clip of penning this article, one of the outputs remains unspent (just similar the reddish ellipse of the earlier graphic). This unspent output has remained this mode since the transaction was confirmed into artifact 728,735 connected March 24, 2022.

Even though this UTXO has not moved, it has benefited from Whirlpool's architecture arsenic 3 of the different participants went connected to remix. This allowed this unspent output of 0.001 BTC to summation a larger forward-looking anonymity acceptable without remixing itself. If nary of the outputs from this transaction went connected to remix, the forward-looking anonymity acceptable would stay astatine five.

It's important to retrieve that each deterministic links are breached aft 1 mix, but you get greater privateness benefits if you, oregon different peers remix. Let’s look astatine immoderate much forward-looking anonymity acceptable stats from immoderate CoinJoins ...

More Whirlpool Forward-Looking Anonymity Set Examples

Transaction ID:
c0f11a33a3f2470bb4252c155ced5eb670aaf0ed2f0eef8674dc90c52905860d
Two days aft mix: forward-looking anonymity acceptable = 77

Transaction ID:

5f5631356692b4744413a61b4e91c41c3df5ae376b66990052a8628b570e8353
Seven days aft mix: forward-looking anonymity acceptable = 380

Transaction ID:

901f20a383189c496a8774eb8cafeaa956f8c3393ee41701f163c0c2acf54286

Ten days aft mix: forward-looking anonymity acceptable = 1,466

Privacy Farming

After entering Whirlpool your archetypal premix is quick, and the CoinJoin you person participated successful has worked arsenic designed by breaking each deterministic links. Now you’re itching to get immoderate escaped remixes but wondering “How galore remixes tin I expect successful 1 week?” This is simply a communal question asked by caller Whirlpool users who naively lone number their privateness gains successful presumption of however galore premix cycles each of their UTXOs has participated in.

Remixing does of people summation your ain forward-looking anonymity set, but don’t hide that different mixing peers who remix summation your forward-looking privateness too.

“But however galore remixes tin I expect successful 1 week?!” Before answering we request to see the following:

1. New users who participate Whirlpool wage for the CoinJoin cycle. So lone erstwhile caller liquidity comes into Whirlpool bash you person a accidental astatine remixing.
2. Other users (“freeriders”) are besides waiting to get escaped remixes. The Whirlpool coordinator selects freeriders astatine random to enactment successful remixes, truthful determination is somewhat of a contention arsenic everybody wants to beryllium picked.
3. Each Whirlpool excavation size has antithetic behaviour characteristics.

Let’s research these 1 by one.

Here are the play CoinJoin rhythm frequencies per excavation size for 2022.

Unsurprisingly the 0.001 BTC excavation is the astir progressive excavation successful presumption of rhythm count.

How overmuch freerider contention is determination successful each pool? To get this stat (and galore others including rhythm frequencies) you tin usage the Telegram Whirlbot.

For each CoinJoin the Whirlpool coordinator picks 3 freeriders astatine random to participate.²

As a freerider determination is much contention successful the smaller pools, with much predominant CoinJoin cycles. The larger pools person the opposite, little freerider competition, with little predominant CoinJoin cycles.

Finally let’s crook our thoughts to the behaviour characteristics of each excavation based connected humanities Whirlpool usage. If you person been a Whirlpool idiosyncratic for immoderate clip you’ll person apt noticed the smaller pools are astir consistently utilized connected a regular ground with a dependable watercourse of liquidity. If I were to guess, this is due to the fact that they are the lowest obstruction to introduction and astir apt to beryllium utilized for mundane spending. The larger pools connected the different hand, though astir ne'er quiet, spot larger peaks and troughs of caller liquidity — and erstwhile it rains, it pours.

So present you recognize that the remixes you’d spot successful 1 week beryllium connected caller liquidity entering Whirlpool, random enactment by the coordinator, and characteristics of which excavation size you are using. Based connected mean Whirlpool usage to day during 2022 your wallet volition apt get thing from 5-25 remixes per week. Though coordinator enactment is random, truthful you could successful mentation get little oregon more, and that would inactive beryllium classified arsenic normal.

One mode to see each of this is that awaiting remixes is similar output farming for bitcoin privacy, and those who are diligent and proceed to support their bitcoin remixing until they request to walk successful the aboriginal are being paid involvement successful the signifier of accrued anonymity. Patience pays.

Be Eligible To Remix 24/7

To beryllium a freerider you’ll privation your wallet to beryllium successful connection with the Whirlpool coordinator 24/7. That mode erstwhile a premix is astir to occur, you person a accidental astatine being picked by the coordinator for inclusion arsenic a remixer. You’ll truthful privation to bash 1 of the following:

1. Leave the Whirlpool work surface unfastened and progressive connected your Samourai Wallet mobile app. This is the slightest applicable and immoderate Android devices tin termination inheritance services, truthful immoderate but not each users person affirmative results achieving remixes this way.
2. Run the Whirlpool GUI desktop application connected your machine (linked to your Samourai Wallet). This is by acold the lowest obstruction to introduction enactment for Samourai users, and has greater reliability for connections implicit the Tor network. By leaving your machine turned on, with the Whirlpool GUI desktop exertion running, you’re eligible for remixing.
3. Run a RoninDojo node. After linking your Samourai Wallet to your node’s backend, you tin crook disconnected your telephone oregon machine and you’ll ever beryllium eligible for remixing. A somewhat larger obstruction to entry, but the benefits acold outweigh the hurdles.
4. Mix connected the Sparrow Wallet desktop application. Sparrow integrated Whirlpool into their wallet bundle successful September 2021, sharing the aforesaid liquidity excavation arsenic Samourai Wallet users. Sparrow has a wealthiness of different features and besides allows you to premix to acold storage. For remixing eligibility, guarantee your machine remains connected with the Sparrow exertion running.

Whirlpool Unspent Capacity: A True Measure Of Whirlpool’s Success?

Whirlpool unspent capableness is the existent magnitude of bitcoin which has mixed, not been spent and is eligible for remixing. You tin show this metric successful Clark Moody’s dashboard:

You tin besides get a breakdown of the unspent capableness per excavation size utilizing the Bitcoin KPIs website. To maine the Whirlpool unspent bitcoin worth is interesting, and with it remaining supra 4,000 BTC for the past 7 months shows a level of assurance successful Whirlpool and Samourai/Sparrow’s wallet software. What I find much absorbing is the measurement coming successful and retired of Whirlpool implicit the past 30 days (shown successful Clark Moody’s dashboard arsenic “Tx0 Volume” and “Spent Cycle Output” respectively). This is what feeds the privateness gains that Whirlpool provides, for some the caller liquidity entering, and the freeriders remixing, adjacent if determination is simply a shortage betwixt the 2 values. Samourai Wallet is branded “a bitcoin wallet for the streets,” and their founders are advocates of really utilizing bitcoin alternatively than “HODLing to the grave.” Monitoring these ample flows of bitcoin spell successful and retired of Whirlpool shows determination is request for forward-looking privateness erstwhile making on-chain transactions, of which Whirlpool is palmy successful achieving for its users.

Care About Your Bitcoin Privacy? Read More

The Easiest Way To Whirlpool Your Bitcoin And Preserve Privacy – Bitcoin Magazine nonfiction by Econoalchemist.

Bitcoin Privacy Series – 7 abbreviated introductory videos.

Understanding Bitcoin Privacy with OXT – a four-part nonfiction series.

Endnotes:

1. for the purposes of describing the Whirlpool travel successful this article, this constituent has been simplified. Change whitethorn besides beryllium returned to you if the magnitude which you are attempting to nonstop into Whirlpool goes supra the maximum bounds enforced by the Whirlpool coordinator. Discounting the coordinator excavation interest output, the 0.001 BTC excavation has a 25 x UTXO maximum Tx0 limit, and the 0.01 BTC / 0.05 BTC / 0.5 BTC excavation has a 70 x UTXO maximum Tx0 limit.

2. for the purposes of describing the Whirlpool travel successful this article, this constituent has been simplified. While it is astir communal for a Whirlpool CoinJoin transaction to beryllium made up of 2 pre-mix UTXOs, it is besides imaginable for a Whirlpool CoinJoin transaction to represent 3 pre-mix UTXOs.

This is simply a impermanent station by Brother Rabbit. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc. oregon Bitcoin Magazine.