Skip to main content

CoinJoin | Bitcoin Glossary | Mapping Bitcoin

CoinJoin

Seguridad

Also known as: coin join, coin mixing

A privacy-enhancing technique where multiple users combine their transactions into a single joint transaction, making it difficult for outside observers to determine which inputs paid which outputs. Implementations include Wasabi Wallet and JoinMarket.

Overview

CoinJoin is a privacy technique first described by Bitcoin developer Gregory Maxwell in 2013. It works by combining multiple users' transactions into a single transaction with many inputs and many equal-valued outputs, breaking the link between sender and recipient. Unlike centralized mixing services, CoinJoin is trustless: participants never give up custody of their funds.

How CoinJoin Works

Without CoinJoin (links are obvious):
  Alice: 0.5 BTC ──→ 0.5 BTC to Bob

With CoinJoin (links are ambiguous):
  Inputs:                    Outputs:
  ├── Alice:  0.1 BTC       ├── 0.1 BTC → ? (Alice, Bob, or Carol?)
  ├── Bob:    0.1 BTC       ├── 0.1 BTC → ? (Alice, Bob, or Carol?)
  └── Carol:  0.1 BTC       └── 0.1 BTC → ? (Alice, Bob, or Carol?)

An observer sees 3 inputs and 3 equal outputs but cannot
determine which input funded which output.

Key Properties

  • Trustless: No coordinator ever holds users' private keys or funds
  • Equal denomination: Outputs are the same amount to maximize the anonymity set
  • Collaborative: Multiple users must participate simultaneously
  • On-chain: CoinJoin transactions are normal Bitcoin transactions that are indistinguishable from multi-party payments

Implementations

  • Wasabi Wallet: Automated CoinJoin with a centralized coordinator (for coordination, not custody)
  • JoinMarket: Decentralized marketplace where makers offer liquidity for CoinJoin and takers pay a small fee
  • PayJoin/P2EP: A two-party CoinJoin that looks like a normal transaction, enhancing privacy without the distinct fingerprint of traditional CoinJoins

Limitations and Misconceptions

CoinJoin does not make transactions invisible on the blockchain. A sophisticated observer can still identify CoinJoin transactions by their characteristic pattern of equal-valued outputs. However, while they can identify that a CoinJoin occurred, they cannot determine the mapping between inputs and outputs. The privacy benefit comes from this ambiguity, which grows with the number of participants (the "anonymity set").

Post-mix behavior is also critical. If a user combines CoinJoined outputs with non-CoinJoined outputs in a subsequent transaction, they can undo some of the privacy gained.

Términos Relacionados

FungibilityEconomía

The property that every unit of a currency is interchangeable and indistinguishable from any other unit. Bitcoin's fungibility is imperfect because transaction history is publicly visible, leading to concerns about tainted coins and the need for privacy tools like CoinJoin.

JoinMarketSeguridad

A decentralized CoinJoin implementation that creates a marketplace where makers offer liquidity for CoinJoin transactions and takers pay a small fee to use that liquidity. JoinMarket improves Bitcoin privacy without relying on a central coordinator.

PayJoinSeguridad

A privacy-enhancing transaction protocol where both the sender and recipient contribute inputs to a transaction, breaking the common-input-ownership heuristic used by chain analysis. PayJoin transactions look like ordinary payments on-chain, making them hard to detect.

Chain AnalysisSeguridad

The practice of examining Bitcoin blockchain data to trace transaction flows, identify address clusters, and de-anonymize users. Chain analysis firms provide surveillance services to governments and financial institutions, motivating privacy-enhancing techniques.