Skip to main content

Announcement: new Zerolink coinjoin coordinator

Ashigaru Open Source Project

Overview

We are excited to announce the release of Ashigaru Whirlpool, an implementation of Samourai Wallet’s Whirlpool, which enables users to voluntarily participate in Zerolink coinjoins once again to achieve forward and backwards privacy for their Bitcoin transactions.

Clients that connect to a coordinator running this protocol are able to break all deterministic links with 100% entropy between inputs and outputs.

Together with the coordinator code, we have also released a client terminal application for use on desktops which has been forked from Sparrow Wallet. This is described in our News post here.

This has been a huge undertaking and effort for the Ashigaru Open Source Project over the last 6 months, having to get familiar and comfortable with the extensive code base across multiple repositories. It is for this reason our development on Ashigaru mobile has been quieter and slower during this period, and for this we hope our users may now understand our justification as to why.

Ashigaru Whirlpool builds upon the original architecture and, at its core, does not deviate from the structured approach to the coinjoin cycles that was designed by TDevD and ZeroLeak of Samourai, and LaurentMT of OXT. Nevertheless, a number of the aspects of the protocol have been updated by the Ashigaru Open Source Project as summarized below.

Network Privacy

Ashigaru Whirlpool is Tor only. There are no clearnet connections possible to ensure coinjoin participants have no concerns about a malicious coordinator linking inputs to outputs via IP addresses, or being able to perform wallet address clustering.

Furthermore, we have enhanced user network anonymity by building in Tor identity isolation to ensure coinjoin participants’ session IDs cannot be used by the coordinator to link activity from the input registration stage to the output reveal address stage of each coinjoin transaction cycle.

Redundancy and decentralization

As our implementation is exclusively Tor, there is no dependency on DNS and our coordinator location is not exposed. The ability for us to spin up new Ashigaru Whirlpool coordinators for clients to automatically connect to is a critical part of our decentralization strategy. Our coordinator has been further modularized by eliminating the dependency of RPC connections to a local full node. The coordinator can therefore be connected to any Dojo full node over Tor, enabling faster deployment and recovery, minimal hardware resource requirements, and greater jurisdictional flexibility.

The protocol necessitates the tracking of all Transaction Zero (Tx0) IDs together with the TxIDs of eligible remixers in a database. This is to ensure only UTXOs which have paid the Anti-Sybil fee may participate in coinjoin cycles. Decentralizing these databases is a key focus for us in the future. Nevertheless, we have reduced the impact of a loss of this database by ensuring only public keys for receipt of Anti-Sybil fees are kept locally to the coordinator, and private keys held offsite.

Liquidity Pools

The existing unspent capacity of Samourai’s Whirlpool will not be used as postmix liquidity in Ashigaru Whirlpool. As we do not possess the private keys of Samourai’s wallets used for their Tx0 validation, nor the transaction databases held by them, we cannot track with accuracy valid candidate UTXOs from their pools should they come on-line and wish to remix with our Ashigaru Whirlpool coordinator. Although we could manually build a database to do this, this would add complexity, may include anomalies, add a support burden for us, and be a more unwieldy central component that we wish to decentralize further in the future. We also have to consider the possibility that Samourai’s hosted Dojo server was seized together with the public keys of user wallets that participated in their coinjoin cycles. We do not wish to risk anonymity sets being diluted for new users entering the pools of Ashigaru Whirlpool.

When connected clients broadcast a Transaction Zero (Tx0) to enter one of the Ashigaru Whirlpool pools, an Anti-Sybil fee is paid. This Anti-Sybil fee is set to a fixed 5% of the pool size. For further Sybil resistance, each pool size is limited to a maximum of 20 x UTXOs created per Tx0, which after achieving 1 on-chain confirmation are then eligible to continue onto their first coinjoin cycle.

Vulnerability fixes

RSA keys used in the Chaumian blinding are not sent to clients by the coordinator in Ashigaru Whirlpool, as this has the potentiality to be misused by providing each coinjoin participant with a unique key to link inputs to outputs. Whilst we have seen no evidence that this has been exploited in any Zerolink protocols so far, we understand that building trust is paramount for us as a newly established development team.

On chain privacy

The Ashigaru Whirlpool coordinator prohibits multisig addresses from being a valid mix-to output destination within any coinjoin cycle to protect against dilution of forward looking anonymity sets, and ensure spending from wallets with post mix tools such as Ashigaru mobile and Sparrow remains possible.

General updates, fixes, and enhancements

In our quest to launch Ashigaru Whirlpool, along the way we have also made many other under-the-hood fixes and quality of life improvements after forking Samourai's code base such as updating dependencies and libraries, to improving code efficiency for performance. Some of these have been a necessity due to the new server architectural differences, and some may be classed as general cleanup and best practice.

Ashigaru Whirlpool coordinator configuration

Key information relating to the practical usage of connecting to and using Ashigaru Whirlpool can be found below:

Supported networks:

  • Mainnet
  • Testnet4

Supported address type:

  • Single-signature Native SegWit bech32 (starting bc1q...)

Pool sizes*:

  • 0.25 BTC
  • 0.025 BTC

*Additional pool sizes may be introduced in the future if / when encouraging usage and unspent capacity growth is observed.

Maximum number of Premix UTXOs created in Tx0 transaction:

  • 20 (for all pool sizes)

Anti-Sybil fee per Tx0 transaction:

  • 0.0125 BTC (for 0.25 BTC pool)
  • 0.00125 BTC (for 0.025 BTC pool)

First-mix instant forward looking anonymity set:

  • 5 minimum
  • 10 maximum (if surge cycle is triggered)

Free and Open Source

Code repository

Ashigaru Whirlpool code bases can be found here (Tor only).

Software license

All code repositories related to Ashigaru Whirlpool are released under the Free and Open Source license GNU General Public License Version 3.

If you are not familiar with Zerolink coinjoin (like Ashigaru Whirlpool), familiarizing yourself with the resources below may help you in grasping the technicalities and core principles of how using this tool may aid you in achieving personal financial privacy.

Bitesize Bitcoin - coinjoin

Track me if you can - How bitcoin forward-looking anonymity sets work

Track Me If You Can — How Bitcoin Forward-Looking Anonymity Sets Work
Whirlpool gives a certain level of privacy when using bitcoin, and forward-looking anonymity sets are a measure of how well hidden you are.
Bitcoin MagazineBrother Rabbit

Whirlpool FAQ

Whirlpool FAQ
And Postmix spending tips
Bitcoiner.GuideQnA

Diving head first into Whirlpool anonymity sets

Diving head first into Whirlpool Anonymity Sets.
There has been much confusion recently around Anonymity Sets in relation to CoinJoin transactions. While there is no universally agreed…
Samourai WalletSamourai Wallet

How to maintain privacy when spending mixed bitcoin

How To Maintain Privacy When Spending Mixed Bitcoin
Mixing bitcoin using Whirpool can achieve anonymity. Here are a few tools to help maintain that privacy benefit when spending.
Bitcoin MagazineEconomalchemist

Invitation to developers

We hope that other open source Bitcoin wallet application developers will integrate with and connect their software to our coordinator to benefit from the same liquidity pools and offer their users this powerful tool. Developers, our contact method and details may be found here.

Brand assets updated

Along with this release we have designed a logo for Ashigaru Whirlpool which is now included within our Brand Assets under the Creative Commons license CC BY-NC-SA 4.0. This can be viewed in our code repository here, or downloaded from our website (using the Tor browser) here.

User feedback

In the spirit of Free and Open Source software, all user feedback is welcome from this initial release and we ask that any feature requests, issues, and bugs are raised on the official Ashigaru code respository.

If you have the skills and ability to contribute to the Ashigaru code base, pull requests are welcomed to our code repository. You may email us and we will create an account for you.

For security and vulnerability reporting, we request you raise either a private issue on our code repository, or encrypt your communication using the contact method here.

Reminder

This website is the home of the Ashigaru Open Source Project. We do not hold a social media presence, nor have any other method of letting you know about the latest news related to this project. You should always verify information, or second-hand information, with what is stated on this website.

If you would like to get in contact with us, please do so via encrypted email following the steps here.