CoinJoin - Reading Assignment

1. CoinJoin enables you to maintain the principles of Bitcoin using inputs and outputs, while BitLaundry was centralized and required trust.
   2.Failure risk is the risk thst a transaction fails, due to DOS attack or if a participant is not willing to sign.
   3.The transactions are cheap, so you can cascade a myriad of transactions.
2. There is no soft fork in Coinjoin.

Hi there!
1.What is the benefit of CoinJoin over BitLaundry, if any?
1.1 BitLaundry is centralized and CoinJoin is not.
2.About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
2.1 Risk of failure, one party signs TX and other does not, in this case TX should be retried again.
3.How can anonymity set be increased while keeping small transaction sizes?
3.1Adding more TX.
4.What is the main benefit of CoinJoin over Zerocoin?
4.1 ZC need softfork and CoinJoin doesn’t.

1. What is the benefit of CoinJoin over BitLaundry, if any?
   BitLaundry is centralized while CoinJoin is decentralized and relies on the two parties to agree on certain inputs.

2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
   It is a failed transaction and can put other users at risk.

3. How can anonymity set be increased while keeping small transaction sizes?
   The more transactions used in coinjoin the more anonymity

4. What is the main benefit of CoinJoin over Zerocoin?
   Zerocoin is a soft-fork of BTC needing to change all the nodes to the Zerocoin protocol but we have Coinjoin which works today.

Doesn’t really put anyone at risk, it merely prevents others by completing the tx.

1. What is the benefit of CoinJoin over BitLaundry, if any?
   You don’t need to trust BitLaundry.
2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
   The risk that one of the CoinJoin transaction members doesn’t sign, not allowing to perform the transaction.
3. How can anonymity set be increased while keeping small transaction sizes?
   By doing more transactions, splitting the total amount accross them.
4. What is the main benefit of CoinJoin over Zerocoin?
   It needs no fork.

1.- It is descentralized.

2.- The possibility of a DOS attack or simply when a transaction fails, having to retry.

3.- Increasing participation, the more transactions, the harder the search.

4.- There is no soft fork.

What is the benefit of CoinJoin over BitLaundry, if any?

BitLaundry was a centralized service where you sent your transaction amount to them, and they would payout to the Bitcoin address you’d like. CoinJoin just needs users to agree on a set of inputs to spend and a set of outputs to pay, and then to individually and separately sign a transaction and later merge their signatures.

About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions could not be wise.” Explain failure (rety) risk.

Failure Risk is when one party doesn’t want to sign a transaction as valid. Meaning the individual making the transaction would have to retry again

How can anonymity set be increased while keeping small transaction sizes?

Because the transactions are cheap when using the CoinJoin method, there is no limit to the number of transactions you can cascade.

What is the main benefit of CoinJoin over Zerocoin?

You don’t have to soft-fork the bitcoin protocol as compared to the Zerocoin Protocol.

1. coinjoin is decentralized
2. any party that doesn’t sign would cause the entire transaction to fail. The parts would need to be reassembled and retried, eliminating the unsigned ones. Increasing the size would likely cause the failures more often
3. by adding more transactions
4. ZC requires changes to the protocol, where CJ doesn’t

1. What is the benefit of CoinJoin over BitLaundry, if any?
   With CoinJoin the funds go directly from one wallet to the other, there is no intermediary. There’s no risk of being scammed. And it’s not clear that you used CoinJoin, the transaction looks just like any other on the blockchain.
2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
   The CoinJoin transaction would fail if one participant doesn’t sign it. The more participants there are, the more likely that this would happen.
3. How can anonymity set be increased while keeping small transaction sizes?
   Maxwell suggests to do a series of CoinJoin transactions with various partners to increase the anonymity set without needing to set up a huge transaction.
4. What is the main benefit of CoinJoin over Zerocoin?
   CoinJoin is already possible on Bitcoin, it requires minimal new technology. Zerocoin would require a soft fork and would require years to achieve adoption. Zerocoin would also be highly contentious.

Bit laundry is centralized. CoinJoin decentralized and more p2p
Where other party wont sign tx
More tx quantity to obfuscate
No soft fork

1. What is the benefit of CoinJoin over BitLaundry, if any?
   Coinjoin is decentralized. It solves the send size issue by using an agreed upon amount of bitcoin to send which removes identification of a transactions trail of a unique amount of bitcoin.

2. About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
   I think it can make large transactions more obvious to link than smaller sizes because large transactions are rarer and decreases the anonymity set. It also depends on all participants to sign the returned transaction, the larger the number of signatures required, the greater the chance of failure (retry) which may introduce risk of incompletion or reduces anonymity set.

3. How can anonymity set be increased while keeping small transaction sizes?
   By increasing the number of sequences of transactions prior to its output…the example was making the transactions pass through x 3 which squares the number of possible outcomes. Thus the greater the number of participants, the exponentially greater the size of the anonymity set.

4. What is the main benefit of CoinJoin over Zerocoin?
   Coinjoin uses existing and thus battle tested cryptography ECC which produces transaction sizes that are smaller in size than Zerocoin’s newer cryptographic algorithm. This means Coinjoin won’t bloat the transaction ledger and so it’s fees will remain lower than the ever growing Zerocoin’s. Also because of different cryptography requires a soft fork on the bitcoin network. The main benefit is that coinjoin doesn’t introduce a fork and doesn’t use a trusted third party stage as does Zerocoin’s to initiate an accumulator which introduces risk of theft.

1. The major benefit of CoinJoin is that it does not require a trusted (centralized) party that could steal your coin during the process such as in the case of BitLaundry.
2. Failure (retry) risk means that most of the time transactions go through just fine, but every once in a while you get a Bitcoin transaction that gets stuck in the system, fails, or seems lost. So sending really huge joint transactions would certainly not be wise as any permanent losses would be devastating for all joint parties involved.
3. Anonymity set can be increased while keeping small transaction sizes, in a number of ways. For example the simplest implementation is where the users send their input and output information to some meeting point server, and the server creates the transaction and asks people to sign it. The server learns the mapping, but no one else does, and the server still can’t steal the coins. An alternative way would be to use chaum blind signatures (https://en.wikipedia.org/wiki/Blind_signature).
4. The main benefit of CoinJoin over Zerocoin is that it requires a trusted party to initiate its accumulator. If that party cheats, they can steal all the coins

1. BitLaundry is a centralized service where an amount is sent to the service and then everything gets taken care of under the hood. In CoinJoin, it involves no trust, as only all the users need to agree on the transaction (the set of inputs that become outputs, and then individually sign a transaction then later combine all the signatures).
2. If the transaction involves too many people, someone may decline and you need to retry.
3. The transactions are very cheap, which means there is no limit to the amount of transactions that can be propagated. This way you can increase the anonymity set while the transaction stays the same.
4. CoinJoin does not require a network-wide soft-fork, unlike Zerocoin.

With BitLaundry, you are still relying on a third party to facilitate the transaction.

The two parties must participate for the transaction to take place.

More addresses produced with more transaction creates higher anonymity.

BitJoin could be implemented without further edits to the existing system.

BitLaundry is a centralized third party working on incentives to keep their business operating and run in good faith, where as CoinJoin is decentralized p2p mechanism. CoinJoin users agree on set on inputs to spend, and another set for intended outputs; For CoinJoin to be valid, All inputs and outputs must be valid. BitLaundry needs more users for it to be secure. CoinJoin if I understand correctly needs less users to agree and merge their signatures. BitLaundry is subject to hack, raid, and governmental and employee sabotages.

Failure (retry) is when a TX fails, it could be because:

• Signatures not merging, and/or repeated attempts to send the same previously sent UTXO maybe because some party missing a signature.
• DOS attacks

For a CoinJoin transaction to be valid, ALL input/output pairs must be valid

By increasing the number of small transactions in CoinJoin, you increase the participation and then anonymity set. Also by denominating our BTC in whole numbers i.e. 0.01, 0.001 (not random) but send more transactions

ZeroCoin requires a soft fork to be implemented. its harder for more networks to agree upon. CoinJoin doesn’t require a soft fork.

1. BitLaundry is centralized. BitJoin is by default decentralized. Both ends have to agree on a number of inputs and outputs to pay and spend. They have to be signed individually and joined at the end.
2. Failure risk is related to the risk that the CoinJoin transaction fails, either because of a DOS attack or because a member of the transaction is not able/willing to perform its part of signature. It is an increased risk when it comes to huge transactions because it would put at risk all other parties involved
3. By increasing the number of transactions even further.
4. CoinJoin doesn’t require soft fork.

1. In CoinJoin you don’t have to trust a third party.

2. The transaction could fail due to a party not signing the transaction or due to a DOS attack.

3. Increase the number of transactions in a CoinJoin payment.

4. The transaction size is much smaller and Zerocoin would require a soft fork upgrade to the network.

1. The benefit of CoinJoin over BitLaundry is that Bitcoin users can add signatures to transactions that are completely independent from each other.

2. About halfway down, Maxwell writes: “failure (retry) risk means that really huge joint transactions would not be wise.” In other words, no one would be willing to sign them.

3. Anonymity set can be increased while keeping small transaction sizes by limiting the number of participants.

4. The main benefit of CoinJoin over Zerocoin is that CoinJoin provides better privacy and security.

1. CoinJoin is voluntary between users who chooses to use it, while BitLaundry is a centralized third party working as an intermediary between the users.

2. The risk is of the transaction to fail because of a DOS attack, or maybe because of an invalid signiture.

3. By increasing the number of transactions

4. ZeroCoin will require Bitcoin to soft-fork while CoinJoin does not affect Bitcoins protocol

1. The benfit of CoinJoin over BitLaundry is no third trusted party is needed (usage in a single transaction does not prove common control):
   1.1.The signatures, one per input, inside a transaction are completely independent of each other, later merged & transmitted. The tx is not valid and won’t be accepted by the network untill all signatures are provided.
   1.2.To use this to increase privacy, the N users would agree on a uniform output size and provide inputs amounting to at least that size. The transaction would have N outputs of that size and potentially N more change outputs if some of the users provided input in excess of the target. Whereas with Bitlaudry a certain amount in excess of a uniform size would link the sender & receiver.
   1.3. Making a joint payment together would sligtly increase privacy & make a tx smaller - easier on the network + lower in fees.

2. Failure (retry) risk means if someone fails to sign for an input in a bulk of inputs & the tx is not transmitted to the network.

3. Anonymity set can be increased to any size if you can build txs with participants where you create a sequence of txs which form a three-stage switching network. (e.g. using three stages of 32 transactions with 32 inputs each 1024 users can be joined with a total of 96 transactions).

4. The main benefit of CoinJoin over Zerocoin is that it requires no trusted party to initiate its accumulator which grows forever and has no pruning - we’d need to switch accumulators periodically to reduce the working set size (causing blocked txs), reducing the anonymity set size.
   The anonymity sets of CoinJoin transactions could easily be big enough for common users to regain some of their casual privacy .