Perfect CoinJoins are the points of reference to any collaborative transaction. 🥇
view this post on our onion site
3 min read

Perfect CoinJoins are the points of reference to any collaborative transaction. 🥇

Perfect CoinJoins are the points of reference to any collaborative transaction. 🥇

Contradictory to deterministic links, this is the aim. Diving into the mathematical aspect of Whirlpool. A perfect coinjoin is defined as:

  • All inputs have the very same amount, inputs > 1
  • All outputs have the very same amount, outputs > 1
  • No fee or same fee is paid by all inputs
  • Number of inputs or outputs is a multiple of the other

These strict requirements are the reason for having none deterministic links, at all. An outside observer would face the highest entropy when the conditions are met and wouldn't be able to determine which input has been sent to it's output(s).

The higher inputs & outputs, the higher possible ways to map. The #Whirlpool structure has 5 inputs and outputs. On one hand, it is still easy to achieve amount of online users, yet on the other hand is the first combination of NxN coinjoin that has more than thousands maps. The method to count all possible maps is by understanding which scenarios may describe what happened in a TX.

Examining #Whirlpool TX, here the mathematics comes to our aid. Five inputs could be done by one, two or any other amount of users, up to five. Each scenario of number of users would define different amount of partitions on the inputs. For example, if the TX was made up by two users, the partitions would either be one user has one input and the other has four inputs, or one user has two and the other has three. There's no other possible way to part a set of five into two disjoint subsets. How many ways there are to assign one address to one user and the rest to the other? This may be calculated with the binomial coefficients. Luckily, Eric Temple Bell came up with Bell polynomials.Bell polynomials are used to generate polynomials that are a description of the possible partitions, for any set size and amount of disjoint subsets. As for #Whirlpool TX, Bell(5,1) would be the description of one user owning all inputs, Bell(5,2) would be the description of two users, where the first user owns 1 input and the other owns 4 inputs, or where the first user owns 2 inputs and the other one owns 3, and so on up to Bell(5,5) where each user owns exactly one input.

Done with the inputs, what about the outputs? Well, this was the part that took me some good time to figure combinatorically, as perfect coinjoin isn't just NxN TX, it could also be Nx2N, Nx3N and so on. Here it comes! Each subset of input(s) would be assigned to the proportional subset of output(s), where the proportion is the ratio between output(s) and input(s). The number of different ways to assign output(s) to input(s) could be calculated with the multinomial theorem.

Why do we even care about how many maps are there for a TX? As being declared, those kind of TXs are the points of reference to our privacy score a TX can achieve. By sending directly, consolidating UTXOs or where the numbers of input(s) & output(s) aren't a multiple of the other, we sacrifice our own privacy, leaking information we wouldn't like to. For instance, this TX below could be mapped in 3 different ways, while a perfect coinjoin of 2 inputs & 4 outputs could be mapped into 7 different ways. That's only 43% efficiency compared to the perfect one. Summing up, here's a pseudo code I've wrote yesterday while working on my first optimization of Boltzmann calculator code. Boltzmann is a complete package of privacy measurement and metrics for Bitcoin TXs, made by @LaurentMT.

Found this post helpful? Consider sending the author a tip