[Feature]Integrate whirlpool into Bisq wallet

[Bl5ckj5ck]

Hey!👋 Bisq is one of the few platforms aiming at preserving the privacy of the users and where you can buy/sell bitcoins for fiat with no KYC. It's a great peer to peer exchange platform but it doesn't give users a complete privacy-oriented solution since it is based on a wallet which lacks any privacy measure intended to protect them against on chain tracking techniques.

Indeed Bisq wallet does not offer any method to keep txs unlinked to each other on the blockchain. Currently the only solution consists on transferring the funds to an external wallet, mixing them through a coinjoin and sending them back to the Bisq wallet.

We can do more in order to guarantee financial privacy. Integrating whirlpool into Bisq wallet would be a great step forward to make the common ownership analysis more difficult. It would be also easier and faster for Bisq users to keep their tx private in just a single wallet(Bisq). Thus, this would increase the privacy of both Bisq and Samourai users.

What is coinjoin? Coinjoin is a technique developed to create a transaction which makes impossible to trace ownership of funds with any certainty.

Why whirlpool? Whirlpool is a coinjoin implementation which offers a high degree of anonimity and lets users have full ownership of their funds. It has gained a lot of trust (it has been integrated also into Sparrow wallet, recently 4558 BTC unspent capacity). There are no deterministic links between inputs and outputs, no address reuse, no mixing previously seen coins together and no mix with yourself.

I'm sure that this feature could be very useful for each Bisq user if implemented. I hope it will be applied. We need privacy to be increased on layer one as much as we can by integrating and using the tools available

[w0000000t]

I am extremely green about coinjoins, while I completely understand how they work and why they are useful (duh), my experience is extremely lacking. Anyway, from my understanding, whirlpool is the "easy" path, and njoinmarket is the "advanced" alternative which also happens to be much cheaper (much welcome outcome). Do you think whirlpool would present other advantages if included in Bisq (I totally vouch for this feature, BTW), over JM? I think an integration of any coinjoin service in Bisq would mean even the more complex JM could be presented inside our UI in a user-friendly way. Opinions?

An integration could be placed into the Funds>Send funds panel, let's say you choose addresses to withdraw from, one (or more, even better?) destination address(es), and then enable a switch to "coinjoin transaction", so it's all pretty much transparent.

[Bl5ckj5ck]

Thanks for commenting @w0000000t . I'm not a high experienced Joinmarket user but here are my points on it based on other users’ experiences and observations.

The first problem with Joinmarket is that it's hard to use for most users. The errors made by them aren't stopped by the protocol and this could lead to merging utxos which would be a big issue for Bisq users. Moreover Joinmarket doesn't follow zerolink protocol meaning that it’s easier to track and there’s no structural enforcement of fresh liquidity. Here's a link https://research.oxt.me/the-cold-case-files to a report which follows some coins through JoinMarket out to Poloniex and Coinbase after they were stolen. On the other hand in Whirlpool it’s impossible to accidentally merge mixed and "unmixed change". They are kept separate, the change is always segregated. Whirlpool could be a bit more expensive to do so but this upfront cost is easily recouped through free remixing

[chimp1984]

While totally supporting the basic idea and seeing clearly the importance of CJ I am skeptical if an integration of a CJ solution in Bisq is really the best way.

Why?

• Bisq is doing already a lot, many think too much (e.g.. DAO). Adding more complexity and resource requirements will make it harder to reach more users as it is already.
• Trying to do too many things rarely works well. There are at least 3 solid projects out (Wasabi, JoinMarket, Samurai). I think its better to keep things separated even at the cost of extra transactions and convenience
• While the user base of Bisq would be likely a good base for a CJ model it would be counter productive to compete with the existing projects and to reduce potentially their user base. Better having several independent projects.
• CJ is a top target for regulators. Being a no-KYC DEX comes already with quite some risks. Painting a second target on our back is maybe not the most wise thing to do, specially when considering the still very weak foundations of Bisq.
• CJ is a pretty complex topic on its own. Bisq do not have experts in that field. Providing privacy tools which are not really bullet proof is dangerous and irresonsible. Samurai got that criticism from some Bitcoin core devs in early days. I don't know if they have fixed their issues and have not followed closely, but I personally would not use Samurai without spending quite some time to be sure I fully understand their model. So making mistakes in that area will come with severe reputation damage and it can take long until recovered.
• Bisq lacks of devs for the core use case (trading). The new Bisq version (Misq/Bisq2.0) lacks devs as well. Adding a big and complex project like CJ seems not appropriate from resources point of view.

[Bl5ckj5ck]

While the user base of Bisq would be likely a good base for a CJ model it would be counter productive to compete with the existing projects and to reduce potentially their user base. Better having several independent projects.

Actually we don't need to compete with them. For integrating a coinjoin model, Bisq wallet would act just as a client and so provide more liquidity. Like Sparrowwallet is doing right now with Whirlpool.

CJ is a top target for regulators. Being a no-KYC DEX comes already with quite some risks. Painting a second target on our back is maybe not the most wise thing to do, specially when considering the still very weak foundations of Bisq

Who's the target? Bisq has no owner and it's p2p. I see your "fear" but I think we all should fight for our privacy. Bisq's mission consists on spreading and increasing the adoption of the tools which aim to protect our financial privacy.

I don't know if they have fixed their issues and have not followed closely, but I personally would not use Samurai without spending quite some time to be sure I fully understand their model. So making mistakes in that area will come with severe reputation damage and it can take long until recovered.

Here are some interesting docs which might be useful to learn more about whirlpool.

• https://medium.com/samourai-wallet/diving-head-first-into-whirlpool-anonymity-sets-4156a54b0bc7 • https://bitcoiner.guide/whirlpool/ • https://docs.samourai.io/whirlpool

Bisq lacks of devs for the core use case (trading). The new Bisq version (Misq/Bisq2.0) lacks devs as well. Adding a big and complex project like CJ seems not appropriate from resources point of view.

We could create a bounty for the research and its subsequent integration.

Thanks for your comments @chimp1984 , let me know what you think about my points

[chimp1984]

I personally don't have the bandwidth to look deeper into that, but other Bisq contributors are welcome to add their opinion. My highest prio is to get Bisq 2.0 on track. I think in the Bisq 2.0 model additional feature would also be easier to integrate as the whole design is much more modular and extensibel.

[apemithrandir]

I would support this venture and also like to point out the potential for the Whirlpool fees to be shared between Samourai and the DAO. This is something that Sparrow Wallet has done for it's implementation and assists in the funding of that project.

I can understand @chimp1984's points and the main issue is a lack of Dev resources as usual. This is also something as a non-dev I cannot help with. I would gladly contribute Sats towards a bounty to get some sort of coin join implementation as default into Bisq 2.0, but I require more knowledge of the trade protocol plans for 2.0. I know there are plans to reduce the number of transactions from 4 to potentially just 1, but I do not know the particulars.

One should also note this research paper that has done on the ability of chain analysis firms to identify and track existing Bisq users: The Bisq decentralised exchange: on the privacy cost of participation.pdf

---

Edit: It might already be possible to load your Bisq wallet into Sparrow Wallet and then use Whirlpool and Coin control from there. You would need load the Bisq wallet default derivation path as the Deposit account. You buy on Bisq and it goes into the Sparrow Wallet Deposit account and then you select UTXOs in Sparrow Wallet to send to Whirlpool. Perhaps a guide on the Wiki for how to do this would be helpful.

[chimp1984]

One should also note this research paper that has done on the ability of chain analysis firms to identify and track existing Bisq users: The Bisq decentralised exchange: on the privacy cost of participation.pdf

I was in contact with the researcher. The context of the DAO partizipants is in reality that most are re-using a Github identity for their repeated compensation requests, thus leaking information about what they have earned on the blockchain is irrelevant.

DAO partizipants who do not want that (to the price that they cannot build up reputation) can create a new GH identity and new Bisq data directory/wallet for each contribution. They need to get un-connected BSQ (buying them on the market) and unconnceted BTC (coinjoined). So the effort and convenience costs are high but doable for those who want to do it.

The BSQ colored coin concept has inherently less privacy than BTC and inherits all the weak privacy already existing in BTC. The anonymity set alone is a hard to solve issue when it comes to privacy with BSQ. I think one need to consider it as a limitation same as the weak privacy in Bitcoin is a limitation but there are ways around it if one is willing to take the effort.

It might already be possible to load your Bisq wallet into Sparrow Wallet

Yes that should be possible for BTC (not for BSQ - it is very dangerous to do anything with BSQ utxos outside Bisq as they would get burned if any of the complex rules are broken). The user has to do probably a spv resync after that in Bisq. I think a easier way is to just send the BCT as a transaction (miner fees are not high luckily these days).

Also one need to consider that neither Sparrow Wallet nor Samurai/Whirlpool are audited toroughly (as far I am aware). Its very complex stuff and to trust that it will really protect one should not be based on what they put out in their marketing. I considered Sparrow Wallet an interesting wallet until they decided as one of the first to support that evil address verification protocol (and removed it after ppl complained). Something I would not expect from people who take privacy really serious.

https://twitter.com/SamouraiWallet/status/1487096159990685704?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1487096159990685704%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fcointelegraph.com%2Fnews%2Ftrezor-removes-controversial-address-verification-protocol-other-wallets-follow-suit

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically closed because of inactivity. Feel free to reopen it if you think it is still relevant.