Craig Raw, founder of Sparrow Wallet rejoins me on the show to talk about the latest: easy coinjoin for the desktop is now here with whirlpool being integrated into Sparrow Wallet. Sparrow Wallet might well make coinjoin much more accessible to users interested in bitcoin privacy. 


Craig and I chat: 

  • Latest updates
  • How Whirlpool in Sparrow works
  • STONEWALL privacy preserving spends in Sparrow
  • Implications of having multiple whirlpool clients
  • Electrum server back ends for Sparrow
  • Wallet business models

Links:

Sponsors: 

Stephan Livera links:

Podcast Transcript:

Stephan Livera:

Craig, welcome back to the show.

Craig Raw:

Thanks Stephan. It’s great to be here again.

Stephan Livera:

Yeah. Craig, you’ve done some really cool things with the Sparrow Wallet, and I wanted to get you back on to talk about what’s happening with CoinJoin being available in Sparrow wallet, which is I think a big improvement in the overall user experience, and there’s a lot to get into and talk about. So if you want to just offer a little bit of a high level—what’s changed in Sparrow Wallet since we last spoke on the show?

Craig Raw:

Sure. I’m not sure of the exact list of everything that’s changed, but certainly adding CoinJoin has been one of the major features that has been added. We’ve been working on that for about a month now. It was launched last week. That was probably the most major feature addition that Sparrow has seen for awhile.

Stephan Livera:

Yeah. And definitely this is really cool because it hits a certain combination that wasn’t possible or easily available before, because previously if you wanted to mix with Samourai Wallet you needed to do it off a mobile [wallet]. And then on the other hand, if you wanted to do something like JoinMarket, well, it just wasn’t accessible as much for somebody who’s trying to learn about privacy or trying to learn how to do a CoinJoin. This actually does change the game a little bit because Sparrow does hit a nice balance there in that you’re able to get started if you’re a total newcoiner and still do some mixing as well. Can you tell us a little bit about your thought process there around selecting the Samourai Wallet Whirlpool as the way you wanted to do this?

Craig Raw:

Sure. Sparrow has always had a focus on trying to be private when it was first launched. You could actually only connect to your private Electrum server. That said, job one was and still remains keeping your funds secure. That’s what we covered when we last had our chat. Good security in Sparrow is now relatively simple and easy to achieve, so it was time for me to start looking back to the privacy angle again. If we just take a step back for a second, despite the fact that Bitcoin is pseudonymous, the privacy it offers is actually pretty poor. If you’ve obtained Bitcoin from an exchange and you provided your details, that Bitcoin is going to be linked to your identity. In other words, there’s a good chance that the ownership of funds can be tracked through the transaction graph of normal Bitcoin transactions. So to improve on this, we need to look at specific types of transactions that can either confuse the heuristic analysis or dramatically reduce its probabilities. One of the first privacy-specific features that Sparrow added was actually PayJoin. And that’s really the pay-to-end-point or the BIP 78 variety of PayJoin. And PayJoin is great—it’s got this steganographic quality so it looks like either transactions on-chain, it breaks the common input ownership heuristic, and it also hides the payment amount. So it’s got some really great features to it, but unfortunately it has this big downside. Pay-to-end-point basically means that the protocol needs to have a server endpoint, which is most likely a server run by a merchant. And for that merchant, they have to run a hot wallet on that server in order to participate in a PayJoin. So when it’s simple for that merchant to run a watch-only wallet running a hot wallet, there’s a significant additional risk for them to take. And that means that few do it, and that means that finding a merchant who supports this kind of PayJoin is actually quite rare. So even though I like the technique from a technical point of view, I wasn’t seeing that it was creating privacy for Sparrow users. That led me to CoinJoin. CoinJoin has now emerged as the de-facto privacy tool for the most common use of Bitcoin which is HODLing or stacking sats as we like to say. It has no less than three well-known implementations at this point. It’s been well-researched, tested for many years, and if it’s implemented well it offers excellent forward privacy by introducing entropy into the transaction graph and breaking those deterministic links. One of the best things about CoinJoin is that it’s actually relatively simple, unlike privacy on Lightning which is a much more complex topic. And I think you talked about this back in SLP276, which was a great show. So CoinJoin has this clear on-chain footprint, which is both a good and a bad thing. Most of the conversation so far is focused on the bad: that services might block UTXOs with some kind of a history that leads back to a CoinJoin. But there’s also a good side to it: it’s clear to everyone that the ownership of funds cannot be traced through a CoinJoin. There’s just simply no useful history, and that just makes it very clear and you know what you have. So that leads me on to the question that you asked, [which] is, Why Whirlpool? So I don’t want to get into a debate around the different CoinJoin implementations, mainly because others are much more qualified to have that debate. But what I will say is the way Samourai implemented Whirlpool displays a really good understanding of incentives. CoinJoin works best for everyone when there are many users. In other words, there’s high [quality? inaudible 5:33] [and] that’s true for all CoinJoins. Ideally you want users to keep their coins mixing to increase the size of the crowd that you’re in. So that improves everyone’s forward-looking anonymity set, and Whirlpool encourages this by asking users to pay once to enter the pool. And then once the funds are in the pool, you don’t pay again no matter how many CoinJoin cycles you want to partake in. So the liquidity tends to grow over time which increases the size of the crowd. And I think taking incentives into account is what makes the design of Bitcoin itself so unique and successful. So we needed the same thinking in CoinJoin and Whirlpool really demonstrates that well.

Stephan Livera:

Yeah. That’s a great comment there. There’s a few interesting features there around Whirlpool as well. So this is what the Samourai Wallet guys will talk about as well, this idea of trying to go for the maximum possible entropy—not mixing with yourself, not mixing previously seen coins together, no deterministic links between the inputs and the outputs, and no address reuse. And so the interesting thing there is: I suppose the Whirlpool coordinator—which is run by the Samourai Wallet team—is the one enforcing those rules before you’re allowed into a round. Correct? But Sparrow is a way that you can participate in the Whirlpool CoinJoin.

Craig Raw:

That’s right. Actually what Sparrow uses is the exact same code—the Whirlpool client code—that Samourai wallet uses. And [also], in fact, the CLI tool that you get with the RoninDojo node. So it’s all actually the same code, and that’s one of the reasons why it was relatively easy for me to actually build this in. And that should give people some comfort that it’s actually just the same code. It’s not like this code had to be rewritten. It is, as you say, really the coordinator that enforces these rules—the client is really just there to connect to it. And if you don’t play by the rules, you’re going to get your UTXOs banned. So that’s I think very important that everyone knows that there’s a level playing field.

Stephan Livera:

Yeah. And this is really interesting because there might be some users out there who—they really wanted a desktop wallet to do a CoinJoin with, and if they weren’t particularly interested in using Wasabi, well then this is probably the easiest one for them to use. And so they could even start with a small amount and just spin up a hot wallet on Sparrow and use that as their little intermediary wallet that they receive. So let’s say they’re purchasing coins or mining coins or earning [Bitcoin] in some way. Let’s say they have an online store. They can earn those coins and then use Sparrow to run them through a mix. And then—actually we’ll get into this later—but around mixing to cold storage, which is a fascinating feature as well. But that’s worthwhile for users and it opens it up a lot more because historically you had to have a mobile to do it. So it was maybe a harder experience from that. But I think it’d be good to talk through the process and how it works and what it looks like in a desktop interface. So could you just talk us through that? What does it look like? What is the user going to see when they use Sparrow to do CoinJoin?

Craig Raw:

Yeah, sure. So as I said, it’s relatively easy to use. What you need to do, as you just mentioned, is first create—or if you already have one—to load a normal hot wallet. What do I mean by a hot wallet? I mean a BIP 339. So a standard set of seed words. And it needs to be a hot wallet—as opposed to, for example, a wallet connected to a hardware wallet like a ColdCard—in order for the Whirlpool client to sign the mixed transactions as and when a mix occurs. If you had to then get involved, you would delay the mix for everyone and that is a potential denial of service attack, so that’s the reason that we need to have a hot wallet here. Once you’ve created that hot wallet, and there’s a quick start guide on the Sparrow wallet site which can help with that, then what you need to do is to go to the UTXOs tab and there’s a button there called Mix Selected, and you just select the UTXOs that you want to mix and then there’s a dialogue which will then take you through the process. So what happens in that process is that an additional three wallets get effectively added to your hot wallet. Now those wallets appear as tabs on the right. So you’re going to now have four tabs in the right: your original wallet, a pre-mix wallet, a post-mix wallet, and your Bad Bank wallet. And how that works is: what you do when you mix with Whirlpool is that you first create a pre-mix transaction with the UTXOs that you want to mix, and that effectively does a bit of housekeeping and splits those input UTXOs into equal outputs ready for your first CoinJoin mix. And your first CoinJoin mix then takes it from the pre-mix wallet. So the pre-mix transaction moves it into the pre-mix wallet, and then your first CoinJoin transaction takes it out of the pre-mix wallet and then mixes it into the post-mix wallet. Any [loose] change from the pre-mix transaction goes into your Bad Bank wallet, and that’s called Bad Bank because it basically contains UTXOs that may be linked to any of the previous identities that you’re now trying to remove. So you need to be quite careful with those. Once those mixed UTXOs have entered the post-mix wallet, they then can sit there and be remixed. And the more you remix, the more the size of the crowd grows for you. So what you really have there is this idea that you can just leave them there for a while, or you can move them out. And to move them out, you can then mix them to any other wallet, usually a cold storage wallet such as one that might have the private keys on a hardware wallet. That’s the basics of it. As I say, most of this stuff actually happens and is done by the Whirlpool client, so you don’t have to do anything beyond sending that pre-mix transaction.

Stephan Livera:

Yeah. And so for listeners who are not familiar, there’s a certain structure of how the Samourai wallet Whirlpool style works, and obviously Sparrow is taking that same style. And so you might have that account zero or—that’s that first wallet that you create in Sparrow. And then as you said, we create those additional tabs. Just to walk that through, let’s say you spin up a Sparrow wallet and it’s a hot wallet on the computer—the keys are live or hot on the computer—and you have 0.07 Bitcoin that you want to run through the mix, as an example. And so then you would select that UTXO, or multiple UTXOs, or pieces of Bitcoin, and you would select a mix. And then that would run that wizard, and that would show you the fees and show you, Okay, it’s going to cost this much and so on. In that example, it would split down to let’s say seven 0.01 Bitcoin UTXOs that would end up in the pre-mix. In truth, it’s a bit more than 0.07 because there’s fees and things like that. And then that change—the toxic change or doxxing change—goes into the Bad Bank. That’s where the user has to be a bit more careful about how they deal with that aspect of it. But then at the end of the day, they will have that 0.07, or seven of those 0.01 [Bitcoin] in the post-mix as an example. The other interesting feature I noticed from reading your website is that you’ve actually also got [Samourai Wallet’s] Stonewall in the wallet as well. Can you tell us a little bit about that?

Craig Raw:

Yeah, sure. So what Stonewall is—it’s got this fancy name—but it’s actually a relatively simple idea. So let’s say that you and me decided to create a CoinJoin together, right? So we would basically both decide on a certain equal output amount. And we would both take UTXOs from our wallets and we would create a single transaction that paid us both the equal amount that we’ve chosen, plus any change that we might have leftover from the UTXOs that we have each selected from our wallet. So we might be putting unequal amounts into this particular transaction, but we’re getting one output which is the same for us both, plus any [loose] change also going to each of us. And that’s really all that Stonewall is. It basically looks like this two-person CoinJoin. Now what the implementation of Stonewall is in Samourai wallet—Sparrow Wallet is basically doing that but doing it as a fake one. So you’re basically creating a transaction which looks just like the one I described, but it’s only you creating it! To the outside world, however, no one has any idea. So you can pay somebody with one of those equal outputs. The other output comes back to you, but it looks to the outside world like you’ve done a two-person CoinJoin so nobody really knows what’s going on. It really confuses the transaction graph and makes it very difficult to see [whether] a payment has been made or is this just people sending money effectively to themselves?

Stephan Livera:

And just another note for listeners who are new—if you’re still learning about CoinJoin and privacy—at least as I understand the Samourai Wallet style, they’re trying to think about it as a holistic flow. It’s not just like a one-off CoinJoin and then you’re done. The idea is to make every spend a CoinJoin. And so the idea is you might’ve received some coins, you run that through a CoinJoin and now in your post-mix wallet after you’ve done the CoinJoin, you still want to make sure the spends going out of there look like CoinJoins. And so in Samourai Wallet that’s using Stonewall or Stonewallx2, or Stowaway, as examples. So it’s really interesting then that you are replicating that in the desktop on Sparrow Wallet. That means that user can now try to maintain their privacy by using Stonewall on their way out of the mix. That’s a really interesting and important element just to highlight there for new listeners to make sure you’re aware about that. And that’s a really cool thing to see that this is now becoming accessible on the desktop, also. I wanted to talk about how—I mean some of this does go into the Bitcoin Twitter privacy debate itself—but one of the elements we’ve seen is this idea that, Oh, see, Samourai Wallet is bad because unless they’re running Dojo, Samourai Wallet knows everyone in the mix. But now that model is changing because now it could be a Samourai Wallet user, or it could be a Sparrow Wallet user. And the Sparrow Wallet users are not calling out to the Samourai server. They are now calling out to—depending on how they’ve configured Sparrow Wallet—the predefined ones that are set there. People like [inaudible], Blockstream, and a few others. Or they’re calling out to their own Electrum server. So I think that actually does change things a little bit in terms of Samourai Wallet overall as a CoinJoin tool, obviously as adoption happens more and more people will start using it in that way. And so then it might just be like a really cool mutual benefit thing that now it’s harder for people to be deanonymized in that theoretical attack. What do you think?

Craig Raw:

Yeah, I think that that’s a great, great point, and certainly one of the key design goals that I had was to ensure that the privacy that you have with your wallet in Sparrow before the release was exactly the same as the privacy you have with your wallet after the release. And no matter where you stand on the whole CoinJoin debate, Sparrow remains the same, right? If you start to CoinJoin, all of the UTXO information is coming from the same source that it always did. Nothing goes to Samourai’s servers. The only UTXO information you send is to the coordinator, and that’s done according to the ZeroLink protocol, which basically ensures that your identity changes in the middle of the mix. In other words, the coordinator doesn’t know the identity of the client for the final mix transaction that goes out because the identity will actually change via Tor. We created a new Tor circuit in the middle of the mix to ensure that there’s a break in the way that the coordinator can see things. And that’s been well-researched and well understood. That’s a very important part of things is to ensure that the privacy of your UTXOs remains the same.

Stephan Livera:

Yeah, that’s a really good point to see. Maybe just to spell out that point with what I was saying earlier as well is that historically, or at least up until recently, the debate was, Oh, see if you’re not running Dojo, Samourai will know all of your clients because there’s a Samourai backing server that’s [inaudible] and there’s separately the Samourai Whirlpool coordinator. And so the threat or the supposed argument was that, Oh, look, see, there’s not that many people using Dojo, therefore most people are just using the Samourai one. And even those people using Dojo would get figured out by the process of elimination. But now with Sparrow Wallet and increasing the accessibility, it’s now available on the desktop just as a desktop wallet and the default setup now will be not using the Samourai wallet service in terms of wallet information like UTXO information, but rather only coordinating with the Whirlpool coordinator over Tor, or the Tor circuits as you mentioned. So that’s a really interesting element there. And I wanted to talk a little bit about the backing server aspect of it. If you could just spell out the three main ways that a user can have their backing server for Sparrow Wallet? If you could just spell those out for listeners so they understand what are the differences there and what should they be using?

Craig Raw:

Yeah, sure. Basically, the default when you first install is to use a public server. So what I’ve done is [I’ve] chosen a few well-known individuals with companies with a good privacy track record. This is different from the Electrum wallet, which chooses an Electrum server from a very large list on a peer-to-peer network that anyone can join. So you could potentially be connected to a malicious server that’s trying to learn more about your wallet. But with Sparrow you only get a choice of these five. There’s no guarantees here, but at least you can be reasonably sure that you’re not connecting to some random server that was begun just a few days ago for the purpose of trying to harvest your information. That’s the first way in which you can connect. Now, obviously, if you want to improve your privacy, you want to be running your own node—and that’s the second way. So if you’re running your own Bitcoin Core node, you can connect directly to it. And that’s relatively easy. The only downside with that approach is that Sparrow needs to create a wallet within Bitcoin Core itself, and that wallet within Bitcoin Core—all of those addresses are stored in plain text. So if somebody gets access to the machine your node is running on, then they could potentially learn more about your wallet. So that leads us to the third way you can connect. And that’s using a private Electrum server. The most common implementation of an Electrum server is an implementation called Electrus, which has actually today just released a new version which is really well worth it. And that approach is the best because every request you make to that server, it doesn’t leave any kind of trace. There’s no information left behind. The server just gets the information out of its index, sends it to you and you’re done. That’s the best method that I know of to retrieve that UTXO information is by using a private server like Electrus.

Stephan Livera:

Yeah. And so for listeners who are curious about the best way or an easy way to do that—many of the nodes’ package solutions or implementations—they offer that. So: Umbrel, MyNode, RaspiBlitz and so on, they offer that [for] Electrus. So it makes it easy for you then. If you wanted to do this in a way that’s more private, you can set up your own Electrus and then point your Sparrow Wallet to that Electrus. So that way now you’re not trusting anybody else’s node—you’re using your own. So that’s a few tips there for listeners. And I also wanted to talk about this feature Mix to Cold Storage. Can you tell us a bit about that? I mean it reminds me a little bit of a feature I think I’ve seen in JoinMarket as well, but it’s great to see this now come to Sparrow.

Craig Raw:

Yeah, sure. So obviously if you’re running a hot wallet, you should be somewhat concerned about ensuring that the seed that is sitting in that hot wallet remains secure. And of course we have a large and important industry in the hardware wallet market, which is precisely designed to try and keep seeds off your desktop PC. There is a strong reasoning there to say that you shouldn’t keep all of your funds in a hot wallet. And what we generally do is create a wallet with a hard hardware wallet, so Sparrow is effectively acting as a watcher for that hard hardware wallet—for the keys that contains—and that’s where the majority of your funds should eventually end up. So that’s what we would call a cold storage wallet. Now in order to mix as we discussed earlier, you need a hot wallet. So the ability to mix out to your cold storage wallet is an important factor. And that’s relatively new in the world. I don’t think it’s been a big thing yet. But it was very important for me because Sparrow’s primary use case is really to allow its users to save. And to save obviously means to ensure your funds are secure, so therefore mixing out to a cold storage wallet was important. It’s relatively easy to do: you’re basically back on the UTXOs tab again, and when you’re in the post-mix wallet—which is where all of your post-mix UTXOs end up—there’s a Mix To button. You click that, you get a little dialogue and you can choose any open wallet. The wallet needs to be open in order to ensure that there’s no address reuse. So for example, if you received a different transaction or to a different address in that wallet, Sparrow obviously needs to know about that so it doesn’t send the post-mix UTXO to that address. And it’s important to know also that when you mix out to a cold storage wallet, you’re actually just mixing out the output of a CoinJoin transaction. So it’s a normal mix that’s being sent out. It’s not like you are breaking your links, or you’re not doing anything that in some way damages the privacy that you have. So yeah, that was an important feature to add.

Stephan Livera:

Yeah, that’s a really cool feature [for] those people who for whatever reason want to stack it into your hardware wallet or into your multisig setup, ideally—in this example with Sparrow, you could have both wallets open: the hot wallet that you’re using for doing the mixing and then your hardware wallet or your multisig setup that you’re using for cold storage stacking. Now, historically, if somebody wanted to do this using Samourai Wallet, they had to use multiple Stonewallx2s or Stonewalls to be able to slowly spend it out. Or they had to do one UTXO by UTXO. This is actually a really time-saving and arguably even cost-saving feature. And the accessibility is much easier for it—the ease of use is there. So I think that’s also a very cool feature for people to think about and consider. And then on top of that, there are other ways that you could use Sparrow Wallet. Here’s an example: you might have your BTCPay and you might take the zpub out of that. So that’s like your master key, your xpubs—for listeners, check out the recent episode with Andrew Chow for some discussion on that—but you could take that out and put that into your Sparrow Wallet and use that, couldn’t you? Or maybe you might generate it in Sparrow Wallet and take the zpub out and paste that into your BTCPay. So that way, when you receive new money, it hits and you can manage it inside your Sparrow Wallet. And then it’s taking one step out instead of having to have a BTCPay wallet, a Sparrow CoinJoin wallet, and a Sparrow cold storage hardware wallet or multisig. Now you can just have the Sparrow hot wallet and then the Sparrow cold wallet. And BTCPay—which is also running as your merchant solution—can generate new addresses for you that will then hit inside your Sparrow Wallet, right?

Craig Raw:

Yeah. That’s quite right. You can link these things up. And I think that’s really the benefit of building to a standard, is that if we all work to those different standards that have been put forward, then we end up with these solutions that are able to play together in such harmonious ways. And that’s really exciting for me and why Sparrow has always been keen to go for a standards-based approach. One other thing I didn’t mention about the mix to cold storage is that you can set up the number of mixes. It would release the minimum number of mixes that need to occur before that mix out to the cold storage happens. It’s actually not a determined number because we don’t want to enable any kind of pattern analysis and say, Oh, well, somebody set up seven mixes and we can see that seven mixes occurred. So it’s only a minimum number, and then there’s a chance that you might mix out after that.

Stephan Livera:

Right. Yeah, that’s really cool. And so while we’re on that topic of remixing—so this is a big thing a lot of the Samourai guys talk about—the benefit of remixing, because that helps maintain that overall Samourai liquidity pool and gives privacy to the flock or to the whole herd, if you will. So how is that being done in Sparrow? Can it run in the background? Can it minimize to the tray? Can you tell us a little bit about that?

Craig Raw:

Yeah, sure. So Sparrow does need to be running. You can minimize to the tray in Windows and OS X. Unfortunately, Linux doesn’t have the concept of a tray. But actually I think what a future release will have is the ability to lock a wallet so that you can actually do that too, just to give you some degree of being able to hide that information while it’s actually there. But certainly Sparrow needs to run. It needs to have that Whirlpool client going. It’s also important to ensure that your computer doesn’t go to sleep because if it goes to sleep, obviously the Whirlpool client doesn’t run either. So there’s a variety of different little apps that you can install which I’ve linked to on the Whirlpool doc site on sparrowwallet.com.

Stephan Livera:

Excellent. And I presume then that people could even just have this on their computer while they’re working, because the idea is: this is your hot wallet, it’s not meant to store everything and you could just have it on in the background while you’re working and remixing is going on. And then periodically you’re just flushing it out into your cold, right? Or you’re mixing to cold.

Craig Raw:

That’s right. So the idea is that mixing takes time. You actually don’t want to mix everything at once because then it would be pretty obvious. So you want to have this idea of, There’s time between individual blocks that you have funds in. People want their mixing to happen very fast, but actually that’s not really what you want. What you [are] actually seeking is mixing to happen over time, and if it happens over time then obviously you’ll be much more hidden. So that’s something that you need to set yourself up for, that once you get into a mix, you should really leave your coins there for a while. And I’m talking at least many, many days, but it could be weeks or even months just to ensure that you have a good period of time for those transactions to occur and to appear in many different blocks which have some indeterminate amount of time between them.

Stephan Livera:

I’m also curious, are there any other on-chain footprints that might be different or the same with, say, Samourai Wallet spends? And is that something you’re intending to do or is it just more like, It’s not a huge deal either way. So what I’m referring to here—just for listeners who are unfamiliar—when your Bitcoin wallet composes a transaction, there are certain fingerprints that might be possible based on how that transaction was constructed. It might be certain values or things like nLocktimes, sequence numbers, and things. And so there are different thoughts and approaches around this. So Craig, I’m wondering what’s your view on that? Are you trying to make Sparrow have the same fingerprint as Samourai Wallet or is there a different way you’re thinking about it?

Craig Raw:

Yeah. Great question. What Sparrow tries to do is to follow as broadly as it can what most others are doing, or at least [what] most of the more evolved wallets are doing. I actually need to do more research if I’m very honest into exactly what Samourai is doing. But one of the things that Sparrow does is that it implements what we call anti-fee-sniping, which is a theoretical risk that we have where a miner could try and steal transactions and in effect game the mining market. And the way in which we deal with that is to basically just set the lock time to the current block height whenever we set a transaction. Also, all transactions that Sparrow creates have RBF enabled. It’s a useful feature, and I think one that we would want to have on. So that’s a pretty standard setup. It matches what Electrum does by default. As I say, I think I need to do a little bit more research into it just to try and ensure that those Stonewall spins look the same—and then there’s a bigger crowd in which we can hide.

Stephan Livera:

Right. Very interesting stuff. And there’s definitely different philosophies and thoughts on this. So for example, LaurentMT from OXT—OXT is part of the Samourai Wallet team—and his philosophy on this idea is that it should be like drunk wallets. That wallets would change their fingerprints and things rather than trying to mandate that the wallets all align. It’s this idea that they would use slightly different values and things in their aspects that can give off a fingerprint. But there are competing priorities here. So for example—as you said—to have RBF enabled, you’ve got to have certain things on. To have anti-fee-sniping, you’ve got to do certain things with the lock time. And then I know—and maybe this is also relating to the anti-fee-sniping part—Chris Belcher came out with some possible ways to configure the transaction so that they help look the same as in the Taproot world when Taproot is coming. So there’s all of these different aspects to balance there as well, because it’s not just CoinJoin, it’s like, What about the use of Taproot in the future? And things like that. Was that also part of your motivation around the anti-fee-sniping?

Craig Raw:

Yeah, it’s actually interesting that you mentioned that particular contribution by Chris. Sparrow actually implemented that suggestion that he had in the most recent version. What that basically does is it does the anti-fee-sniping, but it does it in a way that’s a bit random. So sometimes it uses absolute lock time to do it, and sometimes it uses sequence-based lock time to do it. And it has the same effect. And what we’re trying to do there is that we are hoping that all of the Layer 2 solutions move to Taproot pretty soon and what we’re actually hoping to do there is to provide them with some cover so that when we get there, we have all of these various Layer 2 solutions doing their thing, but we don’t know whether, for example, it’s a channel close or whether it’s actually just a Sparrow user. I’m probably using the wrong example here—but there’s a certain amount of confusion that we can add into the graph by ensuring that Sparrow is doing things that a Layer 2 solution would also do. And that’s the sort of idea of what he put forward. So it was quite important to me to work on that. Those are the sort of more unseen things. But I think it’s important to get those in early before Taproot really starts to take root, so we have this confusion in there right from the very start.

Stephan Livera:

Right. And so for listeners who aren’t familiar, the point there is that: once we are in a Taproot world, the idea is that channel open and channel close transactions—or in the collaborative close case—will look the same as a single signature or a single person Taproot spend. And so the point then is that there’s a bigger and bigger crowd to hide in that the individual users who are using wallets that support Taproot are now also in the same anonymity set as those users using say Lightning or other Layer 2s—things like DLCs and so on that it might be all giving that same fingerprint. But this is the other interesting question: part of that argument I was talking about before of having multiple users of the Whirlpool system, if you will—like Samourai Wallet and Sparrow—part of that argument would be if they are having the same fingerprint, because otherwise the counter-argument could be that the chain surveillance companies of the world could just look at, Oh, okay—we figured out, based on the latest spend that this customer or user did, we can tell that was a Sparrow user and this other one was a Samourai Wallet user. And then, again, we’re back to that same problem of having a thread to draw on that helps them distinguish between the different wallets that are using Whirlpool, as an example. Right?

Craig Raw:

Yeah that’s a great point, Stephan. And certainly one that I’ll need to spend some more time [on]. It’s important to say though that all of the transactions which are done within the Whirlpool clients—all of the pre-mixed transaction, the premix to postmix, and all of the postmixed ones—those are all done by the same Whirlpool client code that Samourai has. So those transactions will not look any different. They will look exactly the same.

Stephan Livera:

Yeah. And that’s great to see that you’ve really got that focus there. I’m also curious, what are your thoughts or ideas around future directions with CoinJoin and privacy? Would you be looking at things like coinswaps or even having something like a Stonewallx2? What are your thoughts there?

Craig Raw:

Yeah. So one of the great benefits of doing the work that I had to do for Whirlpool was actually I was able to bring in quite a lot of the code that Samourai uses for the various other techniques that they have. So certainly I’ll be looking at Stonewallx2, as you say. I think that that’s fairly important because we don’t just want to fake things, right? We want to have real chances of it actually being a two-person CoinJoin. That’s the point. So that’s very much something that’s going to happen. And in fact with that same code import that I’ve described, all of the Soroban code comes as well. So hopefully being able to leverage that enables us to do a PayJoin like I described earlier but without requiring that endpoint. So basically we have two users who are able to talk to each other without having some kind of a server endpoint and then be able to construct these collaborative actions which could be a CoinJoin, that could be a PayJoin—many different kinds. The idea is really the more of that we can bring into the Bitcoin world, the more the chainalysis just fails. Doing all of that is very much on the cards. That’s key in order to take this forward. In terms of coin swap, it’s a really interesting tech—I think it’s still quite young. The biggest concern as I see it in the early days is that with CoinJoin you end up with effectively no history. There is obviously a UTXO history, but it has so many different possibilities that in effect you can say that each one of them is so small you don’t really know which one it is. The difference is that with coin swap you’re effectively swapping your UTXO history with someone else and you don’t know whose UTXO history you’re going to get. That’s the point. So you might end up with a UTXO history that you don’t ideally want, and the trouble is that—and this has been used against CoinJoin as well in the early days—is that in those first few coin swaps, you might swap with somebody who really requires it because their UTXO history has some element to it that you don’t want. That’s a concern and that’s the zero to one issue that coin swap has to overcome. But I certainly hope it does. I’m keen for it. I think it has a place perhaps right now as a postmix tool.

Stephan Livera:

There’s also been some chatter about reproducible builds recently. I know this is something you have tried to take more seriously with Sparrow Wallet as well. So what’s the Sparrow Wallet approach there?

Craig Raw:

Yeah. It’s a hard thing to get right. It’s first of all important to say that there are many different risks and this is just one of them, so it’s not the be-all and end-all. It’s a really nice thing thing to have and it’s certainly very important for Bitcoin Core itself, but it’s a journey. One has to start off with an intermediate build stage and work your way up. Where Sparrow is right now is that you’re able to reproduce the binaries pre- the installers. So there’s a Windows installer—I haven’t got to that point point yet. But also pre- the signing. So with OS X, in order for the application to be able to run at all you actually have to sign with a key provided by Apple. And that also introduces a step. Obviously if you’re reproducing the build, you don’t have that private key. So there are ways in which one can deal with that, but that’s also a step. What you can do today is reproduce the binary, certainly for the Linux build that everyone uses. So if you run it on Linux, you can build that binary yourself and it’ll be bit-for-bit the exact same one as you download from the site. And that’s where I am now and I’m certainly hoping to take things forward with it, but it’s an important step and it at least shows that this project can be reproduced. So yeah, that’s where we’re at with that.

Stephan Livera:

Yeah. So just for listeners who are unfamiliar, basically the point there is that we are helping make sure that we know the code we’re running doesn’t have malicious bugs or vulnerabilities inserted into it. And so the idea being that you could take the source code and that you could take it yourself and independently reproduce that same binary—or installer, in this example. So that’s for listeners who are unfamiliar, maybe if you’re new. Just a bit of an explainer there. Yeah, this is a really interesting time for Bitcoin wallets. They’re all changing and shifting. I’m also curious your thoughts around wallet business models. Has anything changed there in terms of Sparrow? Also I’m curious, is there any sort of revenue share thing going on with the Whirlpool aspect of it?

Craig Raw:

So what I can share there, Stephan—what I can suggest rather—is that any wallet developer who’s thinking about CoinJoin, thinking about building a Whirlpool client in, should really go and talk to the Samourai guys. It’s been great to work with them. It will work out well for you if you do so. The more CoinJoin clients that we have the better. We’re on a pathway here where CoinJoin becomes, if not the norm, then certainly something that’s so widely done it’s no longer a niche product. It’s no longer something which is done by a few mad men who believe that the world’s going to end. It’s a very reasonable approach to seek financial privacy. And CoinJoin is, as I said earlier, probably the de-facto way of doing it now. So certainly more wallets should think about building this in. It is a way for them to be able to earn something for their work. And I would love to see it. I certainly hope that it happens.

Stephan Livera:

Right. Yeah. Historically we’ve seen in this space where wallets that were popular ended up having to have [a] cross-subsidy model where maybe, as an example, it was some well-known company running the wallet, like a blockchain.info or blockchain.com and things like that, where they ran the wallets that became very well known. And so it is an interesting thing because obviously this space has such a strong focus on open source—everything open source—and then that can present a challenge for the developers who are trying to make a sustainable business and make it make a wallet that actually innovates along with time and really stays up to pace—or changing the game if they can. Because otherwise they end up having to rely on donations or rely on a benefactor or rely on the skilled work and the person already having enough money that they are happy to just work on it in their own time. And so as this space grows and matures further, it’s a good thing to see that more wallets will have a business model that is actually sustainable for them.

Craig Raw:

Yeah, sure. It’s also important to say that Whirlpool has been designed really for this kind of idea from the very start. It was clear to me that they had thought about how to make this happen and always had this kind of idea that multiple wallets might be involved. To be honest, [I’m] just really happy that it’s now finally beginning to happen. So as I say, if you’re thinking about it as a dev, go and have a chat because we need to make [CoinJoin] just a very standard option.

Stephan Livera:

Yeah. I’m just thinking of that video with the guy crazy-dancing and then the first follower and then after that all the other people come along, so who knows?

Craig Raw:

Yeah, sure.

Stephan Livera:

Maybe you’re the first follower, Craig!

Craig Raw:

Yeah. But you know, again, it’s just gonna have to become a normal thing. We’re just going to have to say, Here’s a UTXO with a CoinJoin history and that’s really just the norm. It’s not a big deal.

Stephan Livera:

It’s not stigmatized to use CoinJoin, right. That’s the idea that we’re going for, because currently it can happen where the compliance department in the exchange will stop someone’s account or things like that if there is CoinJoin history pre or post that exchange for that customer. So that’s something people have to think about. But also you have to think about what are we trying to achieve here? We’re trying to achieve a whole new money and there’s going to be some challenges on the way. That’s the way I’m thinking about it, at least. So maybe the last question would just be any tips for somebody who is new and learning about Bitcoin, learning about how to secure their coins, and learning about privacy and CoinJoin. Do you have any tips for them or things that they should keep in mind as they’re using Sparrow Wallet?

Craig Raw:

Yeah. It’s quite easy to get overwhelmed. There’s lots to learn. It’s important just to start small. One of the best tips that I can give, and this might sound a little odd because most people don’t actually do it, but using Testnet is just such an incredible resource to understand how Bitcoin works without risking any funds. So what you can do is basically start Sparrow as a Testnet wallet. It’s fairly easy to do, and you can see how to do it on the website. And just start playing around with sending amounts to different wallets. Try different things. That’s one of the biggest tips. Beyond that, don’t be afraid of creating many different wallets. Some people think, Well, I have my one wallet and that’s it. Try and create small wallets, do different things, play around with it, because the idea is that the more you try, the more you learn. And you might make a few mistakes, you might lose a little bit of funds if you do something wrong, but the best thing about that is that you learn very fast from those errors that you might might make. And rather make those errors when there’s a smaller amount—just a few dollars at play—rather than when your entire cold storage is at play. I think the most important thing is just try and read up. There’s plenty of good guides, video tutorials, the amount of information out there has just changed hugely since a few years ago. Anybody getting into this space now is in a great place to be able to learn.

Stephan Livera:

Yeah. And I’m also curious, are there any Sparrow Wallet communities? Is there a Telegram channel or anything else that people should know about?

Craig Raw:

Yeah. So if you go to the basically Sparrow Wallet group, t.me/sparrowwallet, that’s the group. There’s lots of users there and lots of people who can offer help not just in Sparrow Wallet but certainly on the Whirlpool side of things as well. So yeah, that’s the main place to go.

Stephan Livera:

Excellent. All right, great. Well, I think that’s pretty much it for this one, but where can people find you online and obviously where can they find Sparrow Wallet?

Craig Raw:

Sure. So I’m on Twitter @craigraw. Sparrow Wallet is also on Twitter, @SparrowWallet, and then sparrowwallet.com. You can go and get the wallet itself and find various docs.

Stephan Livera:

Fantastic. Well, I’d encourage listeners to give it a try because I think it’s a really good wallet, a lot of really cool features in there now. And so it actually makes sense for a person starting out with Sparrow Wallet to give that a try and then you can ramp up from there. So, Craig, thanks very much. I really enjoyed chatting with you and I’m look forward to chatting again soon.

Craig Raw:

Excellent. Thanks. It’s been great Stephan.

Leave a Reply