Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How Wasabi Wallet and Samourai Wallet slightly degrade the divisibility of bitcoin

How Wasabi Wallet and Samourai-Wallet-Whirlpool slightly degrade the divisibility of bitcoin

December 2018

I made this claim on twitter recently and many people wanted me to go into more detail.

Lots of privacy tech in bitcoin like coinjoin, coinswap, tumblebit and Lightning Network require many entities to come together to agree to make certain kinds of transactions. This creates a requirement that the right resources (coins) have to be in the right place, at the right time, in the right quantity. This isn't a software or tech problem, its an economic problem of liquidity. To be concrete, if a user wants to send exactly 2.54436 BTC at exactly 19:32 on 2020-02-28 with coinjoin, then they'd have to find a few other entities who also want to send exactly the same amount at exactly the same time. If not our user must change his behaviour.

Today Wasabi, Samourai Wallet's Whirlpool product and JoinMarket use two different ways of solving this liquidity problem. This post is about comparing them, and arguing why I think the JoinMarket method is best.

Wasabi and Whirlpool work by having users provide liquidity for each other. The time-liquidity is provided by slowing down the process; coinjoin's happen not when the users want but at set intervals and users must wait for rounds (unless enough entities arrive before the time is up). In our example the user cant make coinjoins at exactly 19:32 on 2020-02-28 but at another fixed time, and all the users must wait around for it.

Amount-liquidity is provided by limiting the coinjoin amounts; Users dont transact the coinjoin amounts they want to but a smaller amount at a fixed denomination that everyone else also coinjoins. In our example above the user would have to split up their 2.54436 BTC into many smaller amounts

JoinMarket works by liquidity being traded in exchange for money. Liquidity-takers pay for the privilege of choosing the exact time and quantity of the coinjoin, while liquidity-makers earn that money but cannot choose the time and quantity and must run high-uptime computers which are always ready to coinjoin. This is similar to how market makers work in any market such as a BTC/USD exchange; market makers are always ready to take the other side of a trade, but in return they earn a bid-ask spread.

Payjoin works by combining the coinjoin liquidity event with a goods-and-services liquidity event. When a customer and merchant make an economic transaction between them, they also make a coinjoin transaction. The customer is the liquidity-taker who chooses the time and quantity of the coinjoin, and the merchant goes along with it as the liquidity-maker.

Lightning Network also has liquidity requirements. It solves them with a combination of ideas. For opening channels there is a liquidity requirement, it seems the plan is to use something analogous to P2EP where channels are opened at the same time as paying somebody on-chain (Although this video is from 2016 so maybe the thinking has moved on since then). For routing transactions through already-existing channels liquidity is traded for money in an analogous way to JoinMarket.

Time Delay


diamonds not cows

theres many reasons we dont use cattle as money, but a major reason is that if a customer is paying for something worth less than one cow, they cant chop up the cow and retain the same value. imagine if you had to chop off a cows head and hand it over to a merchant when you bought groceries.

similarly if you're a merchant who has been selling groceries all day, at the end of the working day you might have a bunch of cow's heads that customers paid you with. it's not possible to combine up all the cow's heads together to get one cow of the same value.

similarly, if you're an entrepreneur and you increase the efficency of your business by 5% on year, you'll find it very difficult to measure and assess a payment in cattle which was 5% different from last year.

so divisibility is a very important property of money, as important as fungibility.

bitcoin is scalable in a very important way: that a single UTXO can hold any amount of bitcoin value in it with O(1) scaling, meaning anything from 1 satoshi to 21 million bitcoins can be held with the same amount of block space this is one reason why layering works for scalability this property is lost with fixed denominations

real life example here: someone mixes 50btc with wasabi and has 500 addresses with 0.1 btc each, and it seems he cant do anything with the money now without degrading his privacy

Rekt by fee market

Why do Wasabi and Samourai exist even if their UX is a bit worse

This is really bad right?

Well no. I'd much rather people use Wasabi or Whirlpool if the only alternative is


liquidity is good, good stuff should be paid for because there's no free lunch

the privacy created by paid-for liquidity could be massively improved by fidelity bonds

must write about the divisibility of money, fixed-denomination protocols damage that "we all know fungibility is a necessary property of money, but so is divisibility. we dont use cattle as money because you cant chop a cow in half and retain its value when you want to buy something worth half-a-cow. fixed-denomination privacy tech like tumblebit and wasabi wallet wont work well because they destroy the divisibility of money. trading divisibility for fungibility is a losing proposition, prove me wrong" "cows are actually fungibile for most purposes (if you have a beef farm with more than around 50 cows you dont know all their names, they are essentially fungible to you especially when they're converted into meat) but fungibility isnt enough to make cows money" "tumblebit suffered from this as well (link the 800-output tx, where all 800 have to be the same size)" "for economic activity prices need to be able to change by small amounts" e.g if an entrepanure runs a business and manages to make it 5% more efficent, they could change prices by 5% to pass savings on, that wouldnt be possible with fine divisibility

notes on sybil attacks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment