Bitcoin was “supposed” to be an anonymous cryptocurrency, which it is but with loopholes. Wasabi Wallet is one of those wallets which claims to promote and strengthen the anonymity for users when it comes to Bitcoins, and that’s what this Wasabi Wallet review is all about.
So, before we can debate about Wasabi’s true potential, or the validity of the claims it makes we need to understand what claims they actually are and what loopholes Wasabi tries to limit.
Primary Loophole with Bitcoin
Bitcoin even though is “anonymous”, is still traceable. Every Bitcoin transaction is logged on the Blockchain, it’s a public ledger which can be viewed and verified by anyone with an internet connection.
Hence if users have knowledge of your Bitcoin wallet address, crucial information such as transactions, total funds, and other data can be easily verified.
Here’s an example, I simply Googled for – “Richest BTC addresses”, copy-pasted their BTC address on one of the many blockchain sites available and here’s what I have:
As is evident, I can not only gain knowledge of the address’s total balance, but also of each single transaction in and out of that wallet! This transparency is what Wasabi tries to trample with its Chaumian Coinjoin coin shuffling.
What is Chaumian CoinJoin?
I believe not everyone here knows, or probably even wants to know what the Chaumian CoinJoin is; if you belong to the latter type simply scroll down for a surface-level Wasabi Wallet review.
Else, continue on this section to get an idea what makes Wasabi a better privacy-oriented wallet than others in the industry.
Chaumian CoinJoin is basically a way to anonymize Bitcoin transactions, so third-parties and spies can’t identify the parties involved in a transaction.
It’s something that Gregory Maxwell first discussed in 2013 on Bitcoin Talk, A simple explanation is, without CoinJoin each individual Bitcoin transaction is “individual”, so a transaction from John to Kristy would reflect on the Blockchain as “From John’s address to Kristy’s address”, totally identifiable and privacy-breaching!
But with CoinJoin, a number of users come together and combine their transactions into one single transaction, so even if a total of 10 people are involved in a transaction (5 senders, and 5 recipients) blockchain records only 1 transaction.
Hence for any third-parties it’s next to impossible being able to identify each individual party involved in the transaction. Here’s an illustration from the official CoinJam page explaining how the method works:
For those who need a more technical comprehension of things, you first need to understand that for the next few lines, an “input” would mean an address from where the Bitcoins are sent, and an “output” would mean the address the funds are sent to.
So, all the users wishing to join the CoinJoin input their coins > they register their proofs > the desired output is specified > these are blinded and sent to the tumbler.
The Tumbler does its thing (basically checks the amounts, proofs, spending right) and then signs the transaction and sends it back to the initial senders, who then have to unblind this output.
A second set of identity is created for all the people who initially joined the CoinJoin and sent their coins in, these people then register the signed outputs previously received back to the Tumbler.
Finally, the CoinJoin transaction is built and sent to all the users who sent their coins in for signing, if the desired output matches with the outputs on this transaction it’s signed by these users and broadcasted on the network.
Note that all of this happens in the backend, and users don’t actually have to do any of this stuff manually. It’s just what happens after a CoinJoin transaction is initiated.
I’ll do my level best to explain this in the simplest possible words (cause the actual technical backend took me nearly 3 days to completely understand).
So, how secure and anonymous a CoinJoin transaction actually is? Well, a network analysis may reveal that the set of transaction(s) is actually a CoinJoin transaction.
However, it’s next to impossible to identify or link an input to an output, in other words who sent coins, and how much to whom still remains completely anonymous.
Also, the transactions happen over Tor and not the clearnet, and Tor as we know functions on multiple relays and nodes making it hard to track anyway. The servers can’t be hijacked or hacked into to spy on the IP addresses of the folks joining in on the CoinJoin either.
As for theft issues, every output transaction is only signed by users if they see their desired outputs, and if an user doesn’t sign his/her input the transaction obviously doesn’t go through, so everyone has to keep their honesty for the transaction to be successful.
Can Users Cheat?
What if a user refuses to sign a join transaction? Or there is the possibility of users spending their part of the coins before a transaction is completed. Well there do exist anti-cheat measures.
For starters, CoinJoin has this rule that all signatures must be available within a specific time-frame, if not; the transaction is conflicted. When that’s the case, users can simply add the non-cooperative user to a blacklist blocking him/her from future transactions.
If it’s a decentralized environment you’re working with, in that case it would require an anti-Zero-knowledge system because only then the culprit can be identified and excluded.
Do Signing Parties Know the Final Output Destination of each Coin Set?
Nope, especially not in Chaum blind signatures. The users only provide the server with an encrypted (or blind) version of the output addresses for the server to sign them. The users who still don’t know each other, reconnect to unblind their addresses once the server sends the tokens back. Once done, these are sent back to the server.
The server as it had previously signed the outputs validates the transaction, and then users finally sign the transactions.
In laymen’s terms, No. The signing parties do not know each other (unless you connected over some form of chat and gave away your information) or the output destinations.
Wasabi Wallet Introduction
Wasabi Wallet (formerly Hidden Wallet) is an open-source (and free) Bitcoin wallet which helps users store, manage as well as transact using Bitcoins in a more anonymous and secure environment than other wallets out there.
It’s available Windows 64 bit, Linux and MacOS, although Windows 32-bit isn’t supported. Download it from- https://www.wasabiwallet.io/. Let’s get started with this Wasabi Wallet review then?
Wasabi Wallet User Interface
The above sections on this Wasabi wallet review may have you spiked, it does seem (and functions) like rocket-science in the backend but actually using the wallet is pretty simple in my personal opinion.
As soon as the wallet is downloaded and run, the first screen is basically the registration page, you name your wallet and set a password.
The next screen would get you your recovery seed, simply note it down so you can recover your account in case you lose it, although note that you’ll also need the password to recover your account in addition to the seed.
Once a wallet is created, simply load it up by clicking on the “Load Wallet” button. You can create as many wallets as you want by going to “File >New”.
Other than that it has a top bar with only the minimum required buttons which include File, Tools, and help!
They’ve also incorporated one-click address copying, which does come in handy considering how BTC addresses are pretty long, complex, and need to be right to every last number or alphabet.
Sending and Receiving Bitcoins using Wasabi
I’d actually work with the “receiving” first considering how the wallet you just created on Wasabi is currently empty, and you need to receive funds into it before you can send.
Simply Load up the wallet you want, and click on the “receive” tab. Over there simply set a name for your wallet, it can be anything random which will make it easier for you to identify the funds you receive with the reason you’re receiving them;“My first receiving address” is just one of the gazillions of possibility.
Once you click on Generate, Wasabi will generate an address which you can copy by clicking on the address, and send out to users who wish to send you Bitcoins.
Once you do receive funds on the address, it gets removed from the “receive” tab and is moved to the “history” tab where you can check the details for the transaction.
Anyway once you have funds in your Wasabi wallet, it’s time to mix and send those coins out, basically CoinJoin, the very crux of this Wasabi Wallet.
Simply click on the “Send” tab, fill up the details as you would on any other wallet (the receiving address, the label, the fee you’d like to pay) and so on and finally click on “send transaction”.
Now users need to wait, for the coins they just sent to be confirmed, once they do they’ll be shown on the “CoinJoin” tab on the wallet. You can pay attention to the “filters” information at the bottom of the wallet, that’s the number of filters remaining before your transaction is confirmed.
Once the transaction is confirmed it would appear on the CoinJoin tab with a green tick next to it, enter your password (which you set during registration) and click on Enqueue. This would send the coins into a CoinJoin queue.
The only step left is waiting. Wait till enough people join the CoinJoin, once they do the transaction would go through all the steps in the background (phase 1, signing, and everything in between) and finally the coins would be sent out to the address you specified.
Final Words on Wasabi Wallet Review
So that’s a wrap as far as this Wasabi Wallet goes folks. I do agree the technical aspects of the wallet aren’t as easy to understand as we’d like, but that’s the point, a system complex and strong enough to provide us the privacy and anonymity we seek.
I still made it a point to simplify things as good as I could for, or to the best of my knowledge for the purposes of this Wasabi wallet review, also note that the wallet is still in its infant phase hence a lot of updates, changes and additions should totally be expected.
Because it’s completely open-source, anyone with the knowledge to do so can easily audit the code, understand how the application works and that it really is as secure as it claims to be.
The only two minor problems I could come up with are, the fact that it still can be identified as a join, CoinJoin transaction by network experts. And that at times the Bitcoin addresses aren’t found when transferring funds from some “not so authentic” sources.
Anyway, in my personal opinion it’s still one step closer to Bitcoin anonymity and decentralization and totally worth a try considering how it’s free anyway. But hey that’s just my opinion, do drop your two cents on this Wasabi wallet review in the comments.