CoinSwap is a proposed method to increase the privacy of bitcoin transactions. Currently, blockchain analysis is largely based on the assumption that if Alice sends the entire UTXO to a certain address, apparently, she sends the transaction to herself. CoinSwap undermines this heuristic rule by allowing two parties to send full UTXOs to new addresses that do not belong to them. At the same time, the parties exchange UTXOs and break the chain of custody for both “coins”.
Although the CoinSwap process involves the execution of on-chain transactions, it is an off-chain coordination protocol between users and does not require any changes to the main Bitcoin protocol. All interactions between the two parties take place over the Internet, and ordinary bitcoin transactions are recorded in the Bitcoin blockchain. However, CoinSwap is still at a very early stage and has not been widely distributed.
How CoinSwap Works
The process looks like this: two parties, Alice and Bob, send UTXO to two separate 2-of-2 multisig addresses. These are two completely separate transactions, and, in addition to the possibility of determining by time and an identical amount, they are not interconnected by the methods of blockchain analysis.
Alice and Bob then cooperate to forward bitcoins from both multisig addresses to each other. The UTXO entered by Alice to her multisig address will be sent to the address owned by Bob, and the UTXO entered by Bob will be sent to Alice.
Simplified CoinSwap Exchange Scheme
After this operation, both Alice and Bob will control the same amount of bitcoins – minus transaction fees — but with greater confidentiality.
Weaknesses of CoinSwap
According to the somewhat simplified explanation given above, CoinSwap has several disadvantages that could undermine the supposed privacy enhancement.
For example, if Alice and Bob send equivalent amounts to each other, a conditional blockchain analyst can compare the transaction amounts and assume the probability of UTXO exchange via CoinSwap. To prevent this, the CoinSwap exchange can be split into several transactions, hiding the total amounts sent by each party.
In addition, the hypothetical CoinSwap market may be subject to denial of service (DOS) attacks and information blackout. In a DoS attack, an attacker can repeatedly initiate a CoinSwap with a bona fide participant and interrupt it in the process, forcing the victim to pay fees for on-chain transactions without any increase in confidentiality. An attacker may also offer to perform a CoinSwap to many participants to find out which UTXOs they control, and thus weaken their privacy level. Finally, an attacker can participate in a large number of CoinSwap exchanges and mislead users who will think that they have increased the confidentiality of their UTXOs, when in fact they performed one or more exchanges with the same observer, who can then deanonymize the “coins” of the victims.
Good faith bonds have been proposed as a way to protect against these attacks. In short, good faith bonds require the initiator of the CoinSwap exchange offer to deposit an appropriate amount of collateral in bitcoins into a special contract with a temporary lock, which guarantees the other party that the initiator has a strong incentive to complete the operation smoothly. Good faith bonds block the initiator’s pledge, which means that carrying out a large-scale DoS attack will require blocking a huge amount of bitcoins for a significant period of time. It is assumed that such an increase in costs should be enough to prevent DoS attacks.