The developers of Samourai Wallet have published the public beta version of Whirlpool, a Chaumian CoinJoin implementation that consists of a framework supported by various privacy-enhancing software tools.
What Is Chaumian CoinJoin?
CoinJoin is an anonymization technique first proposed by Gregory Maxwell in 2013. A “Chaumian CoinJoin” integrates chaum blind signatures — a scheme that provides a cryptographically blinded version of a receiving address. As described by ZeroLink, a bitcoin fungibility framework:
“The users connect and provide inputs (and change addresses) and a cryptographically-blinded version of the address they want their private coins to go to; the server signs the tokens and returns them. The users anonymously reconnect, unblind their output addresses, and return them to the server. The server can see that all the outputs were signed by it and so all the outputs had to come from valid participants. Later people reconnect and sign.”
This is seen as a relatively fast and cheap way to add anonymity to CoinJoin transactions. With Samourai adding this feature to its wallet, it could provide a significant and easy-to-adopt layer of privacy for mainstream bitcoin users.
As detailed by its developers, the Whirlpool framework is a fully modular CoinJoin implementation that has been developed through a “heavily modified” fork of the ZeroLink theory.
According to its official Github page, Whirlpool’s open-source software is able to “mathematically disassociate” the ownership of inputs (“sending addresses”) to outputs (“receiving addresses”) that are included in a bitcoin transaction. The disassociation between a given set of inputs and their corresponding outputs allows for greater financial privacy when making bitcoin transactions. In other words, bitcoin transfers become difficult to track because the origin (or sender) of a transaction and its recipient(s) cannot be traced due to the disassociation.
Whirlpool’s privacy features also enhance the overall fungibility of the Bitcoin network. Fungibility refers to an attribute of a token (in this case BTC) whose individual units are interchangeable while each unit is indistinguishable from the others. Security analysts have argued that the traceable nature of bitcoin transactions (transfers viewable through public block explorers) may reduce the fungibility of the flagship cryptocurrency. This could happen if merchants refuse to accept “tainted” bitcoin, which might have been used to finance illicit activities such as drug trafficking or money laundering.
It is not immediately clear how the feature will garner the necessary participants to conduct CoinJoin transactions quickly. Enabling instant payments would require dozens of participants to immediately be available. With the CoinJoin-enabled Wasabi Wallet, for instance, it can take hours to garner the necessary 50 to 100 participants.
The available documentation also leaves unclear how Samourai would deal with amount matching — the need to link matching inputs and outputs to properly mask them.
Whirlpool’s Theoretical Anonymity Set
Whirlpool includes the implementation of a theoretical anonymity set which has the potential to grow exponentially “in minutes” instead of taking several hours. Put simply, the theory is that all sending and receiving addresses are mixed together in a set, the size of which is continuously increasing. If it works in practice, the idea is that this set becomes larger at a faster rate when using Whirlpool and it becomes practically impossible to determine the sender and recipients of bitcoin transfers. In its technical documentation, Samourai Wallet’s developers indicated that this would be achieved by focusing on relatively smaller CoinJoin cycles as opposed to working with a single large cycle, Samourai Wallet’s developers explained. Presumably, it is simpler to work with several smaller and simpler CoinJoin cycles rather than focusing on a single large and complex CoinJoin cycle.
The Samourai team also noted that Whirlpool’s modular architecture — the separation of code into smaller sections that allows each piece of code to accomplish simple tasks — should enable its framework to be embedded into almost any type of development environment, including the framework used on smartphones and desktop computers.
Generally speaking, it is best programming practice to write modular code, meaning the source code should be divided into logical functions that can be invoked as needed to accomplish specific tasks in computer programs. For example, a modular program could consist of modules of code for different tasks such as a module for deleting transactions from memory and another module for writing transactions to memory.
Moreover, Whirlpool’s open-source software has been developed in order to create a system that can operate within the “limitations of a mobile environment.” Most smartphones have limited hardware and software resources (compared to desktop computers), so Whirlpool has been optimized to function effectively, even when operating in these types of limitations.
This approach to software design has helped in creating a robust protocol that can be implemented “under most conditions,” meaning that the protocol will work as intended on most operating systems, including Windows, Linux and Android systems.
Developed on a “Strong Mathematical Foundation”
Samourai’s team added that another major design consideration for Whirlpool is usability. To this end, it “focus[ed] on the spending” and ensured that they followed best practices to automatically avoid actions that would compromise user privacy. Additionally, the Whirlpool framework offers an intuitive UX that most users should already be comfortable with.
As noted by its development team, the privacy-focused protocol is based on a “strong mathematical foundation.” Each Whirlpool cycle maximizes randomness by using various mathematical functions and techniques. In addition, the Whirlpool framework ensures that users never cycle with themselves.
The protocol also does not allow deterministic links between inputs and their associated outputs. By preventing deterministic links from being formed, it becomes practically impossible to determine the source or origin of funds and where they might have been transferred (i.e., the recipient addresses linked to the transaction).
Whirlpool cycles have also been implemented in a manner that prevents them from cycling with coins found in a previous cycle.
Using a “Blinded” Coordinator Server
As written above, the Whirlpool framework uses a Samourai-operated, “blinded” coordinator server to relay messages between clients. While the coordinator server is able to facilitate communication between different clients, it “crucially” cannot know what’s being conveyed through messages that are shared among network participants. That means that the Samourai server cannot read the contents of the messages — a critical feature for users who prioritize privacy and don’t want the Samourai server to be able to link inputs and outputs.
Windows, OSX, Linux, Android Clients
Notably, Samourai Wallet’s developers have built several open-source clients which reportedly provide unrestricted access to the coordinator server.
There’s currently a client available for Windows, OS X and Linux operating system users. As noted by the Samourai team, the newly developed software consists of an electron/react GUI desktop client that is compatible with most Linux operating systems and it can also run on standard Windows and OS X systems. Android users may also use the Whirlpool framework features.
However, it should be noted that the Samourai Wallet software for desktop is in its public beta and the version for mobile is currently in development, so both versions could be unstable.For developers, there’s a REST API that can be used to bootstrap additional applications on top of the Whirlpool framework. There are also Android and Java software libraries and a command line (CLI) client that are available in the Whirlpool-client repository.