CoinSwap: Difference between revisions
No edit summary |
Calliptamus (talk | contribs) |
||
| Line 15: | Line 15: | ||
CoinSwap was first proposed by Greg Maxwell in October 2013.<ref>[https://bitcointalk.org/index.php?topic=321228.0 CoinSwap: Transaction graph disjoint trustless trading]</ref>. In February 2022 '''MercuryWallet''' was the first CoinSwap implementation has been deployed<ref>[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017898.html Design for a CoinSwap implementation for massively improving Bitcoin privacy and fungibility]</ref><ref>[https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964 Coinswap design document]</ref>. In June 2020, the [https://en.wikipedia.org/wiki/Human_Rights_Foundation Human Rights Foundation] (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to [https://en.bitcoin.it/wiki/User:Belcher Chris Belcher] (one of the main contributors to the [[Privacy]] page) to work on the project.<ref>[https://bitcoinmagazine.com/articles/the-human-rights-foundation-is-now-funding-bitcoin-privacy-development-starting-with-coinswap The Human Rights Foundation Is Now Funding Bitcoin Privacy Development, Starting With CoinSwap]</ref> | CoinSwap was first proposed by Greg Maxwell in October 2013.<ref>[https://bitcointalk.org/index.php?topic=321228.0 CoinSwap: Transaction graph disjoint trustless trading]</ref>. In February 2022 '''MercuryWallet''' was the first CoinSwap implementation has been deployed<ref>[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017898.html Design for a CoinSwap implementation for massively improving Bitcoin privacy and fungibility]</ref><ref>[https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964 Coinswap design document]</ref>. In June 2020, the [https://en.wikipedia.org/wiki/Human_Rights_Foundation Human Rights Foundation] (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to [https://en.bitcoin.it/wiki/User:Belcher Chris Belcher] (one of the main contributors to the [[Privacy]] page) to work on the project.<ref>[https://bitcoinmagazine.com/articles/the-human-rights-foundation-is-now-funding-bitcoin-privacy-development-starting-with-coinswap The Human Rights Foundation Is Now Funding Bitcoin Privacy Development, Starting With CoinSwap]</ref> | ||
== Comparison with CoinJoin == | |||
While both CoinSwap and [[CoinJoin]] aim to enhance Bitcoin privacy, they differ fundamentally in design, trust assumptions, and on-chain footprint. Below is a breakdown of their key distinctions: | |||
=== Transaction structure === | |||
CoinJoin: Multiple participants collaboratively create a single transaction with combined inputs and outputs. All participants sign together, and the transaction is broadcast as one entity (e.g., a 5-input, 5-output transaction). | |||
CoinSwap: Participants execute multiple separate transactions over time, often through intermediaries (or "hubs"), creating no direct link between their original and final UTXOs. | |||
=== Trust and coordination === | |||
CoinJoin: | |||
* Requires synchronized coordination among participants (e.g., via a coordinator or software like JoinMarket). | |||
* Trust is minimized in non-custodial implementations, but centralized mixers may introduce custodial risk. | |||
CoinSwap: | |||
* Operates asynchronously; participants need not be online simultaneously. | |||
* Trust is eliminated if using atomic swaps with [[Hash Time Locked Contracts|Hashed Time-Locked Contracts (HTLCs)]], though intermediaries (if used) could theoretically collude. | |||
=== Privacy guarantees === | |||
CoinJoin: | |||
* Obscures ownership by merging funds, but advanced chain analysis may infer links via amount clustering or timing heuristics. | |||
* All participants’ UTXOs are visible in the same transaction graph. | |||
CoinSwap: | |||
* Breaks the direct on-chain link between sender and receiver by routing funds through unrelated transactions. | |||
* Resembles ordinary payments, making it harder to flag as a privacy technique. | |||
=== Blockchain footprint === | |||
CoinJoin: Produces large, identifiable transactions with equal-output amounts (e.g., 0.1 BTC × 10), which may attract scrutiny. | |||
CoinSwap: Generates smaller, ordinary-looking transactions that blend with everyday Bitcoin activity. | |||
=== Use cases === | |||
CoinJoin: Best for quickly anonymizing a batch of UTXOs with minimal fees, ideal for users prioritizing efficiency. | |||
CoinSwap: Suited for long-term privacy where avoiding pattern detection is critical (e.g., breaking ties between old and new UTXOs). | |||
== External links == | == External links == | ||
Latest revision as of 18:24, 4 May 2025
CoinSwap is a non-custodial privacy technique for bitcoin based on the idea of atomic swaps. If Alice and Bob want to do a coinswap; then it can be understood as Alice exchanging her bitcoin for the same amount (minus fees) of Bob's bitcoins, but done with bitcoin smart contracts to eliminate the possibility of cheating by either side. The closely-related idea of atomic swaps has the important property of atomicity, where an exchange of blockchain tokens either happens or not at all, there is no possibility of one side cheating the other.
CoinSwaps break the transaction graph between the sent and received bitcoins. On the block chain it looks like two sets of completely disconnected transactions:
Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address Bob's Address ---> 2of2 multisig escrow address 2 ---> Alice's Address
Obviously Alice and Bob generate new addresses each to avoid the privacy loss due to address reuse.
In this example the only distinguishing mark of CoinSwap transactions is that they involve a 2-of-2 multisignature address. As 2-of-3 multisig is far more common as of 2018, CoinSwaps could be done with a 2-of-3 multisig using one fake public key, so it is really a 2-of-2 multisig between Alice and Bob. With script techniques like ECDSA-2P or Schnorr signatures it would become possible to have coinswaps that are completely indistinguishable from any other transaction on the blockchain. CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain. Non-CoinSwap transactions would benefit because a blockchain analyst could never be sure that ordinary transactions are not actually CoinSwaps. They also do not require much block space compared to the amount of privacy they provide.
CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen[1].
History
CoinSwap was first proposed by Greg Maxwell in October 2013.[2]. In February 2022 MercuryWallet was the first CoinSwap implementation has been deployed[3][4]. In June 2020, the Human Rights Foundation (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to Chris Belcher (one of the main contributors to the Privacy page) to work on the project.[5]
Comparison with CoinJoin
While both CoinSwap and CoinJoin aim to enhance Bitcoin privacy, they differ fundamentally in design, trust assumptions, and on-chain footprint. Below is a breakdown of their key distinctions:
Transaction structure
CoinJoin: Multiple participants collaboratively create a single transaction with combined inputs and outputs. All participants sign together, and the transaction is broadcast as one entity (e.g., a 5-input, 5-output transaction).
CoinSwap: Participants execute multiple separate transactions over time, often through intermediaries (or "hubs"), creating no direct link between their original and final UTXOs.
Trust and coordination
CoinJoin:
- Requires synchronized coordination among participants (e.g., via a coordinator or software like JoinMarket).
- Trust is minimized in non-custodial implementations, but centralized mixers may introduce custodial risk.
CoinSwap:
- Operates asynchronously; participants need not be online simultaneously.
- Trust is eliminated if using atomic swaps with Hashed Time-Locked Contracts (HTLCs), though intermediaries (if used) could theoretically collude.
Privacy guarantees
CoinJoin:
- Obscures ownership by merging funds, but advanced chain analysis may infer links via amount clustering or timing heuristics.
- All participants’ UTXOs are visible in the same transaction graph.
CoinSwap:
- Breaks the direct on-chain link between sender and receiver by routing funds through unrelated transactions.
- Resembles ordinary payments, making it harder to flag as a privacy technique.
Blockchain footprint
CoinJoin: Produces large, identifiable transactions with equal-output amounts (e.g., 0.1 BTC × 10), which may attract scrutiny.
CoinSwap: Generates smaller, ordinary-looking transactions that blend with everyday Bitcoin activity.
Use cases
CoinJoin: Best for quickly anonymizing a batch of UTXOs with minimal fees, ideal for users prioritizing efficiency.
CoinSwap: Suited for long-term privacy where avoiding pattern detection is critical (e.g., breaking ties between old and new UTXOs).
External links
- CoinSwap implementation design document by Chris Belcher, May 2020
- Technical explanation, July 2017
- Implementation in Python, abandoned since 2017
- Statechain & CoinSwap Wallet, February 2022
See also
References
- ↑ https://joinmarket.me/blog/blog/the-half-scriptless-swap/
- ↑ CoinSwap: Transaction graph disjoint trustless trading
- ↑ Design for a CoinSwap implementation for massively improving Bitcoin privacy and fungibility
- ↑ Coinswap design document
- ↑ The Human Rights Foundation Is Now Funding Bitcoin Privacy Development, Starting With CoinSwap