From Bitcoin Wiki
Revision as of 19:16, 23 March 2022 by Nicosey (talk | contribs) (External links)
Jump to: navigation, search

CoinSwap is a non-custodial privacy technique for bitcoin based on the idea of atomic swaps. If Alice and Bob want to do a coinswap; then it can be understood as Alice exchanging her bitcoin for the same amount (minus fees) of Bob's bitcoins, but done with bitcoin smart contracts to eliminate the possibility of cheating by either side. The closely-related idea of atomic swaps has the important property of atomicity, where an exchange of blockchain tokens either happens or not at all, there is no possibility of one side cheating the other.

CoinSwaps break the transaction graph between the sent and received bitcoins. On the block chain it looks like two sets of completely disconnected transactions:

Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address
Bob's Address   ---> 2of2 multisig escrow address 2 ---> Alice's Address

Obviously Alice and Bob generate new addresses each to avoid the privacy loss due to address reuse.

In this example the only distinguishing mark of CoinSwap transactions is that they involve a 2-of-2 multisignature address. As 2-of-3 multisig is far more common as of 2018, CoinSwaps could be done with a 2-of-3 multisig using one fake public key, so it is really a 2-of-2 multisig between Alice and Bob. With script techniques like ECDSA-2P or Schnorr signatures it would become possible to have coinswaps that are completely indistinguishable from any other transaction on the blockchain. CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain. Non-CoinSwap transactions would benefit because a blockchain analyst could never be sure that ordinary transactions are not actually CoinSwaps. They also do not require much block space compared to the amount of privacy they provide.

CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen[1].


CoinSwap was first proposed by Greg Maxwell in October 2013.[2]. In February 2022 MercuryWallet was the first CoinSwap implementation has been deployed[3][4]. In June 2020, the Human Rights Foundation (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to Chris Belcher (one of the main contributors to the Privacy page) to work on the project.[5]

External links

See also