Sep 12, 2022 7 min read COINJOIN

Polar Vortex: Understanding Mixing to Cold Storage

Ho there Adventurer! You seem to pass by this tavern quite regularly. Is it possible you just happen by twice a fortnight? Or could it be that you are mixed up? Aha! I knew it! You are not the only one to frequent ol' Stormcrow's roost. Lately several adventurers have seen the writings of John Galt or Diverter detailing the use of Whirlpool to mix to cold storage, but are a bit confused. Can one send mixed coin to cold storage? Why would one mix to cold storage? If it is possible to mix to cold storage, why not simply mix to existing hardware wallets? These guides are detailed, but the concept may be lost on some. Some seem a bit confused with the creation of multiple wallets, or maybe even how the whirlpool and post-mix spending actually work. Some read these guides and miss the forest for the trees. Perhaps you need a...bird's eye view? No wait! No more jokes, honest!

A Wintry Mix

Where were we? Ah yes, mixing to cold storage. John Galt calls this Ice Bath, and Diverter refers to this as Mix and Chill, clever names both. Either way the point is that some people want the security of offline storage after they mix. From the mobile app, there is no clear way to send post-mix UTXOs to cold storage however. Users would need to spend a utxo to send it to their cold storage of choice, and oftentimes undo the privacy benefits in the process, especially if they combine multiple post-mix utxos while doing so. The Whirlpool CLI (command line interface), however, makes this possible, and those who study Diverter's works will see that the Samourais have thought ahead and even built in some randomness to when a mixed UTXO will be sent to cold storage. Spending from cold storage is not simple, though. It often involves crafting a transaction from a watch-only wallet, moving that transaction to a hardware wallet to be signed, and moving that signed transaction back to the watch wallet for broadcasting. One encounters difficulty, however, if/when they decide to spend their post-mix Bitcoin at some point in the future, for the tools set forth by the Samourai (and adopted by Sparrow Wallet as well) are not available when spending from Trezor Suite or via a wallet like Electrum.

Smelting UTXOs

Before we move on, let us review how the Whirlpool works, just in case you forgot. Think of Bitcoin transactions like smelting and casting gold ingots. You put a few ingots together, melt them down, and then pour them out into outputs of your desired sizes. The most common surveillance heuristic (that is behavioral assumption) is that multiple inputs to a transaction belong to the same owner. Another heuristic that surveillance groups employ is that in transactions with two outputs, one is a so-called "change" address, meaning one input goes back to the initiating user. So let us theorize a transaction with a few inputs and two outputs. The base assumption is that one user combined multiple utxos, paid Bitcoin to one other user, and the rest was paid back to themselves as change. But by collaborating, one may craft a transaction with inputs and outputs from multiple users. The public blockchain sees which transactions a utxo came from and which they go to, but does not show who signed for each. Therefore one cannot know for certain if a transaction with multiple inputs is all from a single user or from multiple. Neither can they know for certain who controls each output address.

Uncertainty aside, there are yet more assumptions made. For instance, if a transaction includes UTXOs of 0.1btc & 0.4btc, and outputs of 0.45btc & 0.05btc, we know that neither output could create the 0.45btc output individually, and the 0.05btc output is less than the smallest input. If the user wanted to simply pay 0.05btc, why would the wallet have combined UTXOs? So the assumption is that the 0.05 output is change back to the owner, and the 0.45btc was paid to another. But again, this is assumption. We cannot know for certain from the blockchain who created inputs or who received outputs. We cannot know what coordination went on. This is the basis upon which whirlpool and post-mix tools are built.

Whirlpool Inner Workings

Whirlpool relies on like-sized inputs and outputs to obfuscate intention, confounding these assumptions. The Tx0 transaction takes inputs from one wallet, melts them together and pours them out into three types of outputs: a fee to the coordinator, a number of like-sized inputs depending on the chosen pool, and then whatever remains is deemed "doxxic change" and sent back to the user. From here, these like sized outputs are coordinated from multiple users into collaborative transactions; five in, five out, all the same size. Statistically there are 1496 possible interpretations of such a transaction, rendering trying to determine which outputs came from which users a futile waste of time. However, if one recombines post-mix utxos into cold storage at this point, those 1496 possibilities begin dropping drastically.

Weapons to be Used

Samourai Wallet attempts to protect users from putting arrows into their own feet by warning users against combining post-mix UTXOs, but at the end of the day, if a user is determined, they are not explicitly prevented from doing so.

Samourai also offers a number of privacy enhancing spend tools, weapons in the fight against the spies and watchers. Stonewallx2 transactions look like a miniature coinjoin, with each user contributing inputs and having 4 outputs: 1 "true" payment, a 2nd payment equal to the true payment which is sent back to the helper, and then two change outputs back to both users. Stowaway transactions are collaborative transactions which look like "normal" transactions, with the recipient contributing an input, and then receiving an output that includes their change in addition to the amount paid them by the true sender. You can read more in depth about these transactions from Econoalchemist here

"Stormcrow, I thought you were going to tell me about cold storage!" Yes, yes, we are getting there. Patience Adventurer, there is method to my madness. Now that I am sure you understand how Whirlpool works, and what tools are available from Samourai (and Sparrow), we can discuss the writings of John Galt and Diverter. What these sages are trying to show you is how to mix to a cold storage solution that, when the time is right for your UTXOs to be thawed and sent, will allow you the options of spending tools like Stonewallx2 and Stowaway, and save you the fees of sending your utxos from whirlpool to cold storage.

The basic concept is that your cold storage is either a Samourai Wallet or Sparrow Wallet [Wallet 1]. You create the wallet while offline, either by putting your mobile device in Airplane mode or by disconnecting your ethernet and wireless connections on your computer. While remaining offline you export the zpub of this wallet, and then import that zpub into a watch-only wallet in Sparrow or Samourai's Sentinel app [Wallet 1a]. Some may choose to use a separate phone that remains always offline as a Samourai signing device. Then using Sparrow's "mix to" feature or the Whirlpool CLI, you will tell Whirlpool to use the zpub from your offline wallet for addresses when it mixes out to cold storage. After hitting the appropriate number of mixes from [Wallet 2], bitcoin will be sent to this offline wallet [Wallet 1] and you can watch it from your watch-only wallet [Wallet 1a]. And when the time is right you may bring Wallet 1 online entirely or craft privacy tool transactions from Sparrow wallet and sign with your offline Samourai Wallet.

Well Adventurer, I hope I have helped you see the greater picture. Good luck on your journey in the frosty North! Follow the path laid out by these guides and remember to reach out for help along the journey to those who have gone before you.