Topic: The intricacies of BTC forward looking anonymity sets (Read 173 times)

It is important to note that from the perspective of the Whirlpool system, fresh bitcoins are those ones that either have never participated in Whirlpool CoinJoin transactions (5 inputs => 5 outputs) or have been spent from the Whirlpool post-mix pool (left the system and reveal some other non-Whirlpool connections). Technically, if all bitcoins in existence were to enter the Whirlpool system, there would be no one to sponsor further CoinJoin transactions, the forward-looking anonymity set would shrink to non-existence, and the whole system would collapse. The same would happen if everyone suddenly decided to leave the system to regain control over bitcoins and use them as normal money and not the tool to obfuscate financial transactions. After all, if you don't want anyone to spy on your transactions, don't use traceable blockchain but physical cash.

Whirlpool, however, does have some important advantages over Wasabi: inputs are picked randomly and never merged within a single CoinJoin round, whereas Wasabi CoinJoins are a disaster on the input side.

I've been thinking about this for some time, and I have come to the conclusion that the only thing that should happen when fresh BTC dries up, there would be a reduced amount of privacy since the anonymity sets become smaller, until eventually your transaction gets bounced back in a single coinjoin.

1) Whirlpool will stop functioning if there is no inflow of fresh "unmixed" bitcoins that are used to sponsor free remixes of participants who entered earlier. It all sounds like a Ponzi scheme to me, especially considering the fact that other CoinJoin implementations work perfectly even without adding unmixed coins, which makes entering new liquidity rather optional than compulsory.

2) tx0 is used to construct "perfect" inputs of the same size and to get rid of "doxxic" change by sending it to a "bad bank" address (unusual derivation path) so that users won't be able to accidentally merge whirlpooled outputs with remainings of this zero transaction. By creating perfect inputs, you ensure that there won't be any additional change created during mixing rounds. The problem is it requires two transactions to construct a single coinjoin, which may be considered an inefficient usage of blockspace, bloating of blockchain with spam transactions.

3) A Whirlpool transaction consists of five inputs and five outputs of equal amounts that belong to different users or, more precisely, different wallets. This in itself is a very strong heuristic that may help chain surveillance companies deanonymize outputs' owners.

4) Whirlpool is practically unusable on mobile phones, at least for doing remixes because remixes require a 24/7 connection to a coordinator, which is infeasible on mobile platforms. So, if one of the outputs wasn't remixed or spent after a CoinJoin, the chain surveillance firm may conclude it was a mobile user.

5) If you aren't running a Dojo server when connecting to Whirlpool, all your xpubs, namely your primary xpub, pre-mix xpub, post-mix xpub, and also "bad bank" xpub, will be going through Samourai's node, which automatically means you should trust them not to expose such information or not to use it against you and your privacy.

Bitcoin aims at ensuring one's privacy on the Blockchain while conducting transactions, whirlpool network goes ahead to ensure it's feasibility. I was looking for a better way to understand how whirlpool goes about this and stumbled on forward looking anonymity sets and thought I could bring it here in the forum.
 Now, a forward looking anonymity set is the number of post mix UTXOs that moved down from your transactions that have not been remixed.
I guess we are familiar with the whirlpool coin join implementation but to better understand it, I'd just give a rough explanation. This is like every other Bitcoin transaction having inputs and outputs but each input is provided by a different BTC wallet, while each output is returned to one of the participating wallets. A better explanation can be gotten here. whirlpool link
 Transaction on the samourai wallet are done by its coordinator, but it is quite interesting to know that he can be "blinded" to not knowing which input belongs to an output and the transactor is not required to give up custody of his BTC.
 
We know that Bitcoin Blockchain ledger is public and as such, to be certain transactions are not monitored, we enter into  a whirlpool and provide an input which looks like this.
https://i.ibb.co/yNCM68V/293753771-1242186319654377-1301828826371156006-n.jpg
From the graph, each input and output UTXO belongs to five participants, hence all the outputs are equal.
By observation, it becomes difficult to track which output belongs to the transactor reason being that all obvious traceable links between the input and output side of the transaction are broken.

 This is where the forward looking anonymity set comes to play;
With the use of a whirlpool, depending on the pool size, your BTC is broken into bits looking like this: 0.5, 0.05, 0.1 or 0.001. Now, with the whirlpool build, outputs left in the pool become eligible for a remix at no additional cost.
 Should one of the participating peers decide to remix, the
crowd in which the transactor hides in (i.e the forward looking set) grows to nine.
https://i.ibb.co/bW8jTx6/294160379-586386826397900-171960537038326948-n.jpg.
 The owner of the output UTXO may not need to remix for the crowd he's in to grow and the interesting part is, whether it's the utxo of the owner or that of his peers, one will not be able to figure out from which utxo the first mix was conducted from.
 Also, the crowd can grow without remixing from the owner, so after the first mix, the UTXO (the red circle) still remains in it's small size in the whirlpool.
More coin joins are added as a result of my peers remixing and thus is connected to the first mix
 
 So to calculate the exact crowd which the owner of the output is we take the equal output UTXO (orange) and add to his output ( red), and this leads to a forward looking anonymity set of 21.
 https://bitcoinmagazine.com/technical/how-bitcoin-anonymity-sets-work