Research Summary: Usability of Cryptocurrency Wallets Providing CoinJoin Transactions

TLDR

  • Blockchain transactions are traceable.
  • CoinJoin is one of the techniques that adopts a decentralized approach to achieve privacy on the Unspent Transaction Output (UTXO) based blockchains.
  • This paper provides a comprehensive usability study of three main Bitcoin wallets that integrate the CoinJoin technique, i.e., Joinmarket, Wasabi, and Samourai

Core Research Question

  • How do current implementations of CoinJoin technique satisfy the usability criteria such as learnability and errors?
  • How do current implementations of CoinJoin technique satisfy fundamental design criteria such as visibility, feedback, constraints, mapping, and consistency?

Citation

Ghesmati, Simin, Walid Fdhila, and Edgar Weippl. “Usability of Cryptocurrency Wallets Providing CoinJoin Transactions.” Proceedings of Usable Security and Privacy (USEC’22). Internet Society, 2022.

Background

  • CoinJoin: A joint transaction involving multiple users intending to hide the relationships between the sender and recipient addresses. In Bitcoin, each input should be signed by the corresponding key independently from other inputs. This property makes a novel form of transactions in Bitcoin in which users can provide a set of inputs (A, B, and C) and outputs (A’, B’, and C’) to create a transaction. All the users should spend the same amount of coins; otherwise, the values in inputs and outputs can reveal the relationships.
  • JoinMarket wallet: A desktop wallet that applies a taker-maker model to create CoinJoin transactions. A taker broadcasts her willingness to create a CoinJoin transaction on IRC. The makers listening to the IRC send their participation confirmations to the taker, including fees. The taker creates the transaction with the desired CoinJoin amount and sends it to the makers to sign.
  • Wasabi wallet: A desktop wallet that uses a coordinator to create CoinJoin transactions. By Chaumian CoinJoin the outputs are blindly signed such that the coordinator can not map inputs to outputs. In Wasabi, CoinJoin is created in three main phases: (i) input registration, (ii) output registration, and (iii) signing.
  • Samourai wallet: A mobile wallet currently released as an Android application. It also creates CoinJoin by a coordinator using Chaumian CoinJoin under the name “Whirlpool”. At the time of writing, there exist four pools (0.001 BTC, 0.01 BTC, 0.05 BTC, and 0.5 BTC) to create CoinJoin transactions with a flat fee rate. Users register their coins to one of the pools and wait for the required peers to create a CoinJoin transaction.

Summary

  • Objective
    • Our study uses a cognitive walkthrough. The experts evaluated each wallet’s learnability by measuring how novice users may pass or fail the tasks and identifying possible errors or issues they may face.
  • Tasks definition
    • T.1 Installing the application.
    • T.2 Generating a wallet.
    • T.3 Funding the wallet.
    • T.4 Performing a CoinJoin transaction.
    • T.5 Transferring CoinJoin coins to the destination address.

Method

  1. Test Planning
    • Problem statement
    • Wallet selection
  2. Tasks & Criteria Definition
    • Tasks elaboration & review
    • Evaluation criteria
  3. Recruit Participants
    • For cognitive walkthrough
    • For small-size user study
  4. Conduct Test
    • Performing tasks
    • Identifying issues
    • Capturing the results
  5. Analysis & Report
    • Results categorization
    • Improvement proposal

Results

  • Wasabi Pros:
    • Easy installation & well documented
    • Large anonymity set up to 100
    • CoinJoin transaction in a one-hour time frame at the latest
  • Wasabi Cons:
    • Creates too many small coins
    • If the change is less than the minimum pool amount, it is left in the wallet
  • JoinMakert Pros:
    • Modification of the fees and the number of counterparties
    • Specifying the amount by user
    • CoinJoin for a large amount
    • Directly send the mixed coins to the destination address, therefore needs 1 transaction less
  • JoinMarket Cons:
    • Configuration is not easy for non-technical users
    • Creating CoinJoin cannot be easily done without reading the documentation
    • Some errors do not give a clear indication of what should be done
  • Samourai Pros:
    • Simple installation
    • Simple steps to generate a wallet
  • Samourai Cons:
    • Only released for Android
    • The interface lacks visibility of the functions
    • The function names differ from the commonly used terms
    • No information, if the CoinJoin is stuck
    • If the change is less than the minimum pool amount, it is left in the wallet

Discussion and Key Takeaways

  • Understanding of the techniques’ concepts by users is required
  • Intuitive and user-friendly design is required
  • Performing CoinJoin transactions by users is still difficult
  • Dealing with error messages is difficult
  • Merging previously mixed coins with other UTXOs should be prevented

Implications and Follow-Ups

  • Limitations: Using Bitcoin testnet, because of the high fees in mainnet. So:
    • It had impact on the time on tasks.
    • We were not able to perform CoinJoin on the Samourai testnet.
  • Future work:
    • Extending the user study to include more technical and non-technical users.
    • Contact the first author if you can help us in the user study.

Applicability

The study findings will enable privacy wallet developers to gain valuable insights into a better user experience.

6 Likes

Nice summary @simin. I believe that the main goal of CoinJoin is to increase the anonymity of Bitcoin transactions.
From a functional standpoint, the Bitcoin blockchain has always made CoinJoin possible.
The concept underlying CoinJoin is straightforward, and the Bitcoin network already supports it, but the execution of this process is challenging.
The Bitcoin community therefore required not only a description of the concept but also the real service implementation by developers.
Although they provide some degree of anonymity, bitcoin transactions are not really anonymous.
Your whole history of transactions might be made public if your identity is somehow connected to a Bitcoin address.
The Bitcoin community is constantly looking for ways to increase transaction privacy due to these constraints on pseudo-anonymity.
CoinJoin is one such privacy-focused option.

Several sender addresses pool their BTC coins in a CoinJoin transaction, and the combined monies are delivered to numerous recipient addresses.
Others may find it difficult to determine which address actually paid each recipient because of the reordering of the amounts between the send and receive functions.
Even though CoinJoin may not completely guarantee transaction anonymity, it is nevertheless a vast improvement over typical Bitcoin transactions in terms of privacy.
Wallets are used to implement the CoinJoin services, with the first one debuting in 2014.
Currently, Wasabi Wallet, JoinMarket, and Samurai Wallet’s Whirlpool service are the top three CoinJoin providers

1 Like

User experience in software application is crucial. If you, as a crypto user, find it difficult navigating a crypto wallet, you won’t recommend it to others. Again, you will most likely delete it from your device.

Crypto and blockchain are difficult already, so builders should try as much as possible to make crypto software applications easy to use. This will accelerate the adoption of the technology.

Having read this research paper, I have a handful of points to present.

General observation from the research

Comparing the three wallets from the test conducted, the Wasabi wallet was the easiest to use for Coinjoin transactions, followed by the JoinMarket wallet, and then the Samourai wallet.

Generally, the researchers found out that the three wallets were not all efficient for CoinJoin transactions due to the delay in throughput encountered during the test.

On the Implications of the research and Follow-ups

The two expert testers could have been a limitation of this research. If there were two classes of testers (novices and experts) and an increased number of testers as opposed to two persons, the results obtained might have been a high entropy one, thus producing a wider range of possibilities.

Other Layer 1 blockchains, such as Zcash and Monero, have an inherent mechanism for ensuring privacy. The absence of a similar mechanism in the Bitcoin blockchain probably affects the mass adoption of Bitcoin as the leading cryptocurrency.

If improvements to these wallets are not made or other mixing techniques are not explored, cryptocurrency going mainstream could be slowed down.

On the Applicability of the research

The limitations of these three wallets can be beneficial to new companies building Bitcoin privacy wallets. They can focus on building a new wallet that incorporates the strengths and eliminates the weaknesses of these three test wallets.

The individual companies owning these test wallets can also make individual improvements on the limitations discovered on each wallet, thereby making them more usable.

Taking the above two steps would ensure that the wallets will no longer be easily deanonymized through heuristics.

Consequently, the privacy of users can be assured. This will bolster confidence in using the Bitcoin blockchain for financial transactions, thus leading to more adoption of the technology.

Conclusion
@Simin, this is outstanding research work. I’m happy that you plan on doing further research on the topic to finalize things. You can reach out to me for the test part.

4 Likes

Thanks @simin, for this insightful summary, I see that this paper provided a cognitive walkthrough to evaluate the usability of three leading wallets that support CoinJoin transaction. I think facts have shown that linking multiple transactions together with off-chain information (e.g., forums, social networks) can expose users’ actual identities, interactions, and financial data. Having such information exposed can, in turn, lead to undesirable consequences; e.g., attract criminals, motivate extortion or discrimination, and benefit competitors. So because of these issues, the author then proposed, several mixing methods in other to overcome the privacy concerns in Bitcoin, and mitigate user traceability. In view of that, CoinJoin was seen as one of the first promising techniques that were adopted and integrated within different privacy wallets. This paper also focusses on three main Bitcoin wallets such as; JoinMarke, Wasabi, Samoura. I think the author further conducted a usability study on Bitcoin privacy wallets that support CoinJoin transactions. For the purpose of clarity, the term coinjoin is a joint transaction involving multiple users intending to hide the relationships between the sender and recipient addresses.

It is important to note that Samourai provides a simple installation, and as well using it as a regular wallet is satisfying. However, the wallet is only released for Android. The wallet interface lacks visibility of the functions, and the function names differ from the terms commonly used in the community. I think facts have further shown that users who do not understand the CoinJoin technique basics may find mixing cryptocurrencies through the wallet and dealing with error messages difficult.

There is the need to design an intuitive, and informative interface that is understandable by novice users; this will help them perform CoinJoin transactions and be aware of the risks associated with specific actions.

2 Likes