If you have no friends, use JoinBot!
If you find this post helpful consider sending Loïc some sats via BIP47 PayNym: +throbbingpond8B1
What is a collaborative transaction on Bitcoin?
Bitcoin is established on a distributed and transparent account ledger. Anyone is able to trace the transactions of the users of this electronic cash system. To ensure some confidentiality, the Bitcoin user can make transactions with a specific structure, in order to add plausible deniability in the interpretation of these.
The idea is not to hide information directly, but to confuse it with others. It is this objective that is used in particular in Coinjoins, transactions to break the history of a coin on Bitcoin, and to make its tracing complex. To achieve this result, we must create several inputs and outputs of the same amount in the transaction.
Inputs are the inputs to a Bitcoin transaction, and outputs represent outputs. The transaction consumes its inputs in order to create new outputs by changing the conditions of spending on a coin. It is this mechanism that makes it possible to move bitcoins between users.
One way to manage to muddy the waters in a Bitcoin transaction is to make a collaborative transaction. As its name suggests, it consists of an agreement between several users who will each deposit a sum of bitcoins as input of the same transaction, and recover an amount as output.
As mentioned earlier, the most well-known collaborative transaction structure is the Coinjoin. For example, on the Coinjoin Whirlpool protocol, transactions involve 5 participants in and out, each with the same amount of bitcoins.
An outside observer of this transaction will be unable to know which output belongs to which input user. If we take the example of user n°4 (purple), we can recognize his UTXO in input, but we will not know which of the 5 outputs is really his. The initial information is not hidden, but confused in a group.
The user is able to deny possession of a certain UTXO output. This phenomenon is called "plausible deniability", and it allows to obtain confidentiality in a Bitcoin transaction yet transparent.
Although very effective to break the tracing of a UTXO, the Coinjoin is not suitable for direct spending. Indeed, its structure implies having to use inputs of a predefined amount and outputs of the same value (modulo the mining costs). However, the spending transaction on Bitcoin is a critical moment for privacy since it often makes a physical link between the user and his on-chain activity. It therefore seems essential to use confidentiality tools on the expense. There are other collaborative transaction structures designed specifically for actual payment transactions.
The StonewallX2 transaction
Among the myriad of spending tools offered on Samourai Wallet, there is the collaborative transaction StonewallX2. It is a mini Coinjoin between two users designed for payment. From the outside, this transaction can lead to several possible interpretations. We then find plausible deniability and consequently, confidentiality for the user.
This StonewallX2 collaborative transaction mount is available on Samourai Wallet and Sparrow Wallet. This tool is interoperable between the two software.
Its mechanism is quite simple to understand. Here's how it works in handy:
- A user wants to make a payment in bitcoins (for example, at a merchant).
- It retrieves the receiving address of the actual recipient of the payment (the merchant).
- He builds a specific transaction with several inputs: at least one belonging to him and one belonging to an external collaborator.
- The transaction will have 4 outputs, including 2 of the same amounts: one to the merchant's address to pay him, an exchange that returns to the user, an output of the same value as the payment that goes to the employee and another output that also goes back to the employee.
For example, here is a classic StonewallX2 transaction in which I made a payment of 50,125 sats. The first input of 102,588 sats comes from my Samourai wallet. The second input of 104,255 sats comes from my collaborator's wallet:
We can observe 4 outputs including 2 of the same amount in order to blur the tracks:
- 50,125 sats that go to the actual recipient of my payment.
- 52,306 SATS that represent my exchange and therefore return to an address in my wallet.
- 50,125 sats that go back to my collaborator.
- 53,973 sats that come back to my collaborator.
At the end of the operation, the employee finds all his initial balance (modulo the mining fees), and the user will have paid the merchant. This adds a lot of entropy to the transaction and breaks the undeniable links between the sender and the recipient of the payment.
The strength of the StonewallX2 transaction is that it completely counteracts one of the rules of thumb used by chain analysts: the common ownership of inputs in a multi-input transaction. In other words, in most cases, if we observe a Bitcoin transaction that has several inputs, we can admit that all these inputs belong to the same person. Satoshi Nakamoto had already identified this problem for user privacy in his White Paper:
"As an additional firewall, a new key pair could be used for each transaction to keep them untied to a common owner. However, the link is inevitable with multi-entry transactions, which necessarily reveal that their entries were held by the same owner."
This is one of the many rules of thumb used in on-chain analysis to build address clusters. To learn more about these heuristics, I advise you to read this series of 4 articles by Samourai which introduces the subject wonderfully.
The strength of the StonewallX2 transaction lies in the fact that an outside observer will think that the different inputs of the transaction belong to a common owner. In reality, it is two different users who collaborate. The analysis of the payment is therefore brought to a decoy, and the confidentiality of users is preserved.
From the outside, a StonewallX2 transaction cannot be distinguished from a Stonewall transaction. The effective difference between these lies simply in the fact that the Stonewall is not collaborative. It only uses UTXOs from the same user. But, in their structures on the account book, Stonewall and StonewallX2 are perfectly identical. This makes it possible to add even more possible interpretations to this transaction structure since an outside observer will not be able to know if the inputs come from the same person, or from two collaborators.
Then, the advantage of StonewallX2 over a Stowaway-type PayJoin is that it can be used in all situations. The actual recipient of the payment does not deposit any input into the transaction. Thus, one can use a StonewallX2 to pay at any merchant accepting Bitcoin, even if the latter does not use Samourai or Sparrow.
On the other hand, the main disadvantage of this transaction structure is that it requires an employee who wants to use his bitcoins to participate in your payment. If you have bitcoiner friends willing to help you in any circumstance, this is not a problem. On the other hand, if you do not know other users of Samourai Wallet, or if no one is available to collaborate, then you are blocked.
There is, however, a Telegram group where you can find other Samourai users who will be willing to collaborate with you. You can find it here:
To solve this problem, the Samourai team recently added a new feature to their application: JoinBot.
What is JoinBot?
The principle of JoinBot is simple. If you can't find someone to collaborate with for a StonewallX2 transaction, you can collaborate with them. Concretely, you will actually carry out a collaborative transaction directly with Samourai Wallet.
This service is very convenient, especially for novice users, since it is available 24/7. If you need to make an urgent payment and want to make a StonewallX2, you will no longer need to contact a friend, or search for a collaborator online. JoinBot will assist you.
Another advantage of JoinBot is that the UTXO it provides as input come exclusively from Whirlpool postmix, which improves the confidentiality of your payment. Also, since JoinBot is online all the time, you should collaborate with UTXOs that have large prospective Anonset
Obviously, JoinBot has some compromises that should be noted:
- As with a classic StonewallX2, your employee is necessarily aware of the UTXOs used and their destination. In the case of JoinBot, Samourai knows the details of this transaction. This is not necessarily a bad thing, but it should be kept in mind.
- To avoid spam, Samourai charges a 3.5% service fee on the actual transaction amount, with a maximum limit of 0.01 BTC. For example, if I send an actual payment of 100,000 sats with JoinBot, the service fee will be 3,500 sats.
- To use JoinBot, you must have at least two unlinked UTXOs available on your wallet.
- On a classic StonewallX2, mining costs are shared equally between the two employees. With JoinBot, you will obviously have to pay the full mining fee.
In order for a JoinBot transaction to be exactly similar to a classic StonewallX2 or Stonewall transaction, the payment of the service fee is made on a completely separate transaction. The refund of half of the mining fees initially paid by Samourai will be made during this second transaction. In order to optimize your confidentiality to the end, the payment of fees is done using a transaction at the Stowaway structure (PayJoin).
How to use JoinBot?
To complete a JoinBot transaction, you must have a Samourai Wallet. You can download it here, or from the Google Playstore.
Unlike the majority of tools developed by Samourai, for the moment, Sparrow Wallet has not yet announced to implement JoinBot. This tool is therefore only available on Samourai.
Find out step by step how to make a StonewallX2 transaction with JoinBot in this video:
but it will not match the data presented below.
Here is the diagram of the transaction we just made in the video:
We can discover 5 inputs:
- 3 inputs of 100,000 sats that come from Samourai (JoinBot).
- 2 inputs from my personal portfolio, 3,524 sats and 1.8 million sats.
The 4 outputs of the transaction are as follows:
- 1 of 212,452 sats to the actual recipient of my payment.
- 1 other of the same amount that returns to a Samurai address.
- 1 change which also goes back to Samurai for 87,302 sats. This represents the difference between their total inputs (300,000 sats) and obfuscation output (212,452 sats) minus mining fees.
- 1 changes to another address in my wallet. It represents the difference between my total inputs and the actual payment, minus mining fees.
As a reminder, mining fees do not represent an output of transactions. They simply represent the difference between total inputs and total outputs.
JoinBot is an additional tool that adds more choice and freedom for the Samurai user. It allows you to carry out a StonewallX2 collaborative transaction directly with Samourai as a collaborator. This type of transaction helps improve user privacy.
If you can make a classic StonewallX2 with a friend, I still advise you to prefer this use of the tool. On the other hand, if you are blocked and you do not find any collaborator to make a payment, you know that JoinBot will be available 24/7 to collaborate with you.