DASH CoinJoin (Mixing) Guide and Best Practices

xkcd

Active Member
Masternode Owner/Operator
Feb 19, 2017
248
217
103
australia
mnowatch.org
Dash Address
XpoZXRfr2iFxWhfRSAK3j1jww9xd4tJVez
This is an updated guide after the re-branding of PrivateSend broke some links and the technology has improved since the previous guides have been written.

DASH has a built in Privacy/fungibility feature currently called 'CoinJoin' that allows you mix coins with other anonymous people on the network in such a way that it is nearly impossible to determine where the coins originated from. This breaks the trail of chain analysis between the coins you received and wish to spend thus increasing your level of privacy when transacting in DASH. Firstly as a background to what CoinJoin is, read the help pages on the official DASH docs website

https://docs.dash.org/en/stable/introduction/features.html#coinjoin
and
https://docs.dash.org/en/stable/wallets/dashcore/coinjoin-instantsend.html#coinjoin

Note that currently CoinJoin (Mixing) is supported in the Core QT wallet available from https://www.dash.org/downloads/ and in the DASH Electrum wallet.


0. Why Would you want to use this feature?

DASH is a coin whose main focus is on payments, in particular in person payments eg in a shopping mall, supermarket etc. When you spend DASH or a similar Cryptos like Bitcoin, Litecoin, the wallet will find inputs (coins) to spend to make up the value of what you are spending, if you only have large coins in your wallet, but need to spend a small amount, the wallet will be forced to break a large denomination to pay for the item (send the transaction) and you will get the rest back as 'change'.

In your normal day to day life, the largest note you are likely to carry is $100 USD or $100 EURO for example, but in Crypto there is no largest denomination, it can be really large like 100 DASH, if you spend 100 to pay for a cup of coffee, the person you are paying will be able to see on any block explorer that you spend 100 DASH to pay for say 0.02 DASH for the cup of coffee and now you are potentially at risk of getting robbed since the clerk knows for sure you have 99.98 DASH in your wallet. :p

The below transaction illustrates the problem perfectly.
https://blockchair.com/dash/transac...340e22e972ac8b8a81c2d173d2120037713c163e62580

1623332379117.png
Here the person is spending 18 million USD to send someone $49.90 USD of value. This is a massive privacy and personal security issue and CoinJoin solves for this.

Consider this transaction https://blockchair.com/dash/transac...fb14bed980767f2559fd46366228525bb6b03bf69b53e it is a CoinJoin Send transaction.


1623332901493.png

The sender is paying someone (sending DASH) in the amount of 5 DASH, but when we look at what he is paying it out of, we can see he coughed up the exact amount of coins he needed for this transaction. The is how CoinJoin Send works, it will find the right denominations for the TX and nothing more. This means, from looking at this TX we have no idea how much, if any DASH is left in his wallet. Also, if we try to do chain analysis on those inputs, we will not be able to determine where they came from, thus this transaction is considered more private than the first example.

You want to be using this feature or at least be aware of it for when you are making sensitive transactions on a public ledger like DASH or Bitcoin etc. Fortunately DASH makes it dead easy and risk free and trustless for you to use CoinJoin, so let's dive in to how to use properly.


1. Configure your wallet


Straight up, the first thing you want to do is to configure your wallet for the best results. Launch the QT wallet and goto to Settings -> Options and on the Wallet tab enable the checkbox for coin control features and CoinJoin features.

1623333496935.png

You may as well enable them all, it's all good. ;)

Next head on over to the CoinJoin tab and enable the advanced interface and the multisession and crucially increase the number of mixing rounds to 16 !

1623333622627.png

At this point you can also enable TOR routing in the Network tab. Refer to guide https://www.dash.org/forum/threads/how-to-tor.50363/ on how to run a DASH QT wallet over TOR.


1623334072291.png


Now press the OK button to save those changes and from the main menu goto Tools -> Debug Console and in there enter


keypoolrefill 99999

and wait. This will take about two minutes and during that time your wallet will appear to hang, wait until the word null is displayed, then close that window.


1623334788292.png

This will provide you with 100,000 keys for mixing ensuring you never run out of keys and your mixing is never interrupted.

Now you need to encrypt this wallet so that if you leave it running a casual bystanders can't access your PC and spend your DASH, remember to mix the funds, the wallet needs to be running pretty much 24/7. Goto the main menu, select Settings -> Encrypt Wallet. Choose a good password, and ideally store it in your password manager. Never forget/lose this password as the wallet is not recoverable without it.


At this point you need to close the wallet, wait about 2 minutes for it to disappear completely and backup the wallet.dat now. On windows, you can locate the wallet.dat file by holding the windows key and pressing the letter R and paste in %APPDATA%\DashCore and press ENTER. This will open your dashcore folder and the wallet.dat file will be there or in the folder labelled 'wallets' Right click the file and send it to Zip and move that zip file somewhere secure ideally on another machine, USB, or similar so you don't lose it.

While in the dashcore folder, delete the `backups` and any other wallet backups that may appear in the 'wallets' folder. Once done restart your wallet.



2. Testing your wallet

Now is a good time to test your wallet, send a tiny amount of DASH to this wallet, eg 0.00001 DASH. Create a new receiving address by clicking on the Receive tab and then Request payment button. Once the DASH has arrived, create a new payment address in the same wallet, and use the Send tab to send the DASH you have in your wallet back to yourself on the same address, this will prompt you for the password and if correct, the transaction will go through. Alternatively, test the password by going to the main menu and then Settings -> Unlock Wallet. If this is working you are now fully set up for mixing and can send more DASH to this wallet and press the Start CoinJoin button on the main tab.

1623335889112.png



3. Mixing

Depending on how much you have to mix and how many other people are mixing at the same time, the time it take to complete the mixing will vary, allow for up to a day for this process to complete. The main tab will show the progress, the transactions tab will also show you what the wallet is doing.



4. Sending

Use the coinjoin tab to send mixed funds, using the send tab will not be private, so consider the wallet as having two balances one mixed and the other unmixed.



5. Best Practices

Follow these steps to ensure your privacy.

  • Always mix for 16 rounds.
    Using fewer rounds is less secure, eg with 2-4 rounds it is statistically possible to back the mixed coins to a common source, after 16 rounds this is virtually impossible and to date no one has 'cracked' it.
  • Send via the CoinJoin tab only!
    Your privacy is only secured when using the CoinJoin Send. It differs from regular send in the following key ways.
    • It never sends you change back, any unused funds are used to pay miners extra.
    • It never mixes mixed coins and unmixed coins in a transaction.
  • Always connect your wallet via tor and/or VPN. Never open your wallet without you being either on a VPN or the wallet being configured for TOR.
    This is because all DASH, BTC, LTC TXes are sent in the clear o_O and anyone snooping on your internet can clearly see you are transacting in DASH, further, whenever you send a TX chain analysis companies and govts running malicious spy nodes on all blockchains can triangulate the IP making transactions compromising your privacy.
  • Never send the same amount your received.
    Say for example I want to mix and send 5 DASH. If I fund my mixing wallet with 5 DASH in one TX, mix it and then send 5 DASH out in one go even after 16 rounds of mixing, someone with a keen eye on the blockchain could suspect that the 5 DASH that went into mixing has just come out of mixing and this may lead back to you. In this case the mitigation is to mix more than you need, or send the TX in parts, eg 2 +2+ 1 DASH or mix the 5 DASH, wait several weeks and then Send the 5 DASH out, the longer you wait the better.
  • Avoid sending really large transactions.
    large transactions, eg 100 DASH or more are going to standout and may reduce your privacy, ideally used coinjoin send for amounts less than 10 DASH.
  • Try to mix ahead of time.
    The more stale your coins are, ie you mixed them a long time ago, the better your privacy will be, this is because you hide in a bigger temporal set and the data someone would have to go through to try and match your transactions would be extremely vast.
  • Mix slowly.
    If you are not in a rush, mix only for a couple of hours each day and allow your balance to grow over a week or two. This will ensure you mix with as many different people as possible over a very long length of time, making it super hard to trace the coins back to their origin.
  • Try to minimise the number of inputs you use when sending.
    It is not always practical to adhere to this rule, but rest assured that having mixed 16 rounds more than makes up for it and even if you are sending 100 inputs, it will be unlikely anyone can ever find the origin of the coins.

6. Exceptions

The most notable exception to the above is when creating a masternode ALWAYS create it from mixed coins, it way more preferable to do that, than take no precaution at all. Sometimes sending 1000 DASH in CoinJoin will overload the wallet (transaction too large) when that happens, send 200 DASH to an address in your wallet, then repeat 4 more times, then use those 5 inputs of 200 DASH to send the 1000 DASH, it's basically the same thing.


7. Final Thoughts

The privacy built into DASH is Pretty Good Privacy when used right, to date no one has been compromised by unravelling a CoinJoin Send transaction. However, it has to be used carefully and thoughtfully because you are essentially hiding in plain sight. If all you are doing is trying to protect your privacy from the use case mentioned at the top of this document, you can pretty much break all the rules and still have excellent privacy when conducting in person payments. If you have reason to believe your transactions may be scrutinised, you better adhere to this guide. ;)
 
Last edited:

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,648
1,183
Dash Nation
www.dashnation.com
This is an updated guide after the re-branding of PrivateSend broke some links and the technology has improved since the previous guides have been written.

DASH has a built in Privacy/fungibility feature currently called 'CoinJoin' that allows you mix coins with other anonymous people on the network in such a way that it is nearly impossible to determine where the coins originated from. This breaks the trail of chain analysis between the coins you received and wish to spend thus increasing your level of privacy when transacting in DASH. Firstly as a background to what CoinJoin is, read the help pages on the official DASH docs website

https://docs.dash.org/en/stable/introduction/features.html#coinjoin
and
https://docs.dash.org/en/stable/wallets/dashcore/coinjoin-instantsend.html#coinjoin

Note that currently CoinJoin (Mixing) is supported in the Core QT wallet available from https://www.dash.org/downloads/ and in the DASH Electrum wallet.


0. Why Would you want to use this feature?

DASH is a coin whose main focus is on payments, in particular in person payments eg in a shopping mall, supermarket etc. When you spend DASH or a similar Cryptos like Bitcoin, Litecoin, the wallet will find inputs (coins) to spend to make up the value of what you are spending, if you only have large coins in your wallet, but need to spend a small amount, the wallet will be forced to break a large denomination to pay for the item (send the transaction) and you will get the rest back as 'change'.

In your normal day to day life, the largest note you are likely to carry is $100 USD or $100 EURO for example, but in Crypto there is no largest denomination, it can be really large like 100 DASH, if you spend 100 to pay for a cup of coffee, the person you are paying will be able to see on any block explorer that you spend 100 DASH to pay for say 0.02 DASH for the cup of coffee and now you are potentially at risk of getting robbed since the clerk knows for sure you have 99.98 DASH in your wallet. :p

The below transaction illustrates the problem perfectly.
https://blockchair.com/dash/transac...340e22e972ac8b8a81c2d173d2120037713c163e62580

View attachment 10696
Here the person is spending 18 million USD to send someone $49.90 USD of value. This is a massive privacy and personal security issue and CoinJoin solves for this.

Consider this transaction https://blockchair.com/dash/transac...fb14bed980767f2559fd46366228525bb6b03bf69b53e it is a CoinJoin Send transaction.


View attachment 10699

The sender is paying someone (sending DASH) in the amount of 5 DASH, but when we look at what he is paying it out of, we can see he coughed up the exact amount of coins he needed for this transaction. The is how CoinJoin Send works, it will find the right denominations for the TX and nothing more. This means, from looking at this TX we have no idea how much, if any DASH is left in his wallet. Also, if we try to do chain analysis on those inputs, we will not be able to determine where they came from, thus this transaction is considered more private than the first example.

You want to be using this feature or at least be aware of it for when you are making sensitive transactions on a public ledger like DASH or Bitcoin etc. Fortunately DASH makes it dead easy and risk free and trustless for you to use CoinJoin, so let's dive in to how to use properly.


1. Configure your wallet


Straight up, the first thing you want to do is to configure your wallet for the best results. Launch the QT wallet and goto to Settings -> Options and on the Wallet tab enable the checkbox for coin control features and CoinJoin features.

View attachment 10700

You may as well enable them all, it's all good. ;)

Next head on over to the CoinJoin tab and enable the advanced interface and the multisession and crucially increase the number of mixing rounds to 16 !

View attachment 10701

At this point you can also enable TOR routing in the Network tab. Refer to guide https://www.dash.org/forum/threads/how-to-tor.50363/ on how to run a DASH QT wallet over TOR.


View attachment 10702


Now press the OK button to save those changes and from the main menu goto Tools -> Debug Console and in there enter


keypoolrefill 99999

and wait. This will take about two minutes and during that time your wallet will appear to hang, wait until the word null is displayed, then close that window.


View attachment 10703

This will provide you with 1,000,000 keys for mixing ensuring you never run out of keys and your mixing is never interrupted.

Now you need to encrypt this wallet so that if you leave it running a casual bystanders can't access your PC and spend your DASH, remember to mix the funds, the wallet needs to be running pretty much 24/7. Goto the main menu, select Settings -> Encrypt Wallet. Choose a good password, and ideally store it in your password manager. Never forget/lose this password as the wallet is not recoverable without it.


At this point you need to close the wallet, wait about 2 minutes for it to disappear completely and backup the wallet.dat now. On windows, you can locate the wallet.dat file by holding the windows key and pressing the letter R and paste in %APPDATA%\DashCore and press ENTER. This will open your dashcore folder and the wallet.dat file will be there or in the folder labelled 'wallets' Right click the file and send it to Zip and move that zip file somewhere secure ideally on another machine, USB, or similar so you don't lose it.

While in the dashcore folder, delete the `backups` and any other wallet backups that may appear in the 'wallets' folder. Once done restart your wallet.



2. Testing your wallet

Now is a good time to test your wallet, send a tiny amount of DASH to this wallet, eg 0.00001 DASH. Create a new receiving address by clicking on the Receive tab and then Request payment button. Once the DASH has arrived, create a new payment address in the same wallet, and use the Send tab to send the DASH you have in your wallet back to yourself on the same address, this will prompt you for the password and if correct, the transaction will go through. Alternatively, test the password by going to the main menu and then Settings -> Unlock Wallet. If this is working you are now fully set up for mixing and can send more DASH to this wallet and press the Start CoinJoin button on the main tab.

View attachment 10704



3. Mixing

Depending on how much you have to mix and how many other people are mixing at the same time, the time it take to complete the mixing will vary, allow for up to a day for this process to complete. The main tab will show the progress, the transactions tab will also show you what the wallet is doing.



4. Sending

Use the coinjoin tab to send mixed funds, using the send tab will not be private, so consider the wallet as having two balances one mixed and the other unmixed.



5. Best Practices

Follow these steps to ensure your privacy.

  • Always mix for 16 rounds.
    Using fewer rounds is less secure, eg with 2-4 rounds it is statistically possible to back the mixed coins to a common source, after 16 rounds this is virtually impossible and to date no one has 'cracked' it.
  • Send via the CoinJoin tab only!
    Your privacy is only secured when using the CoinJoin Send. It differs from regular send in the following key ways.
    • It never sends you change back, any unused funds are used to pay miners extra.
    • It never mixes mixed coins and unmixed coins in a transaction.
  • Always connect your wallet via tor and/or VPN. Never open your wallet without you being either on a VPN or the wallet being configured for TOR.
    This is because all DASH, BTC, LTC TXes are sent in the clear o_O and anyone snooping on your internet can clearly see you are transacting in DASH, further, whenever you send a TX chain analysis companies and govts running malicious spy nodes on all blockchains can triangulate the IP making transactions compromising your privacy.
  • Never send the same amount your received.
    Say for example I want to mix and send 5 DASH. If I fund my mixing wallet with 5 DASH in one TX, mix it and then send 5 DASH out in one go even after 16 rounds of mixing, someone with a keen eye on the blockchain could suspect that the 5 DASH that went into mixing has just come out of mixing and this may lead back to you. In this case the mitigation is to mix more than you need, or send the TX in parts, eg 2 +2+ 1 DASH or mix the 5 DASH, wait several weeks and then Send the 5 DASH out, the longer you wait the better.
  • Avoid sending really large transactions.
    large transactions, eg 100 DASH or more are going to standout and may reduce your privacy, ideally used coinjoin send for amounts less than 10 DASH.
  • Try to mix ahead of time.
    The more stale your coins are, ie you mixed them a long time ago, the better your privacy will be, this is because you hide in a bigger temporal set and the data someone would have to go through to try and match your transactions would be extremely vast.
  • Mix slowly.
    If you are not in a rush, mix only for a couple of hours each day and allow your balance to grow over a week or two. This will ensure you mix with as many different people as possible over a very long length of time, making it super hard to trace the coins back to their origin.
  • Try to minimise the number of inputs you use when sending.
    It is not always practical to adhere to this rule, but rest assured that having mixed 16 rounds more than makes up for it and even if you are sending 100 inputs, it will be unlikely anyone can ever find the origin of the coins.

6. Exceptions

The most notable exception to the above is when creating a masternode ALWAYS create it from mixed coins, it way more preferable to do that, than take no precaution at all. Sometimes sending 1000 DASH in CoinJoin will overload the wallet (transaction too large) when that happens, send 200 DASH to an address in your wallet, then repeat 4 more times, then use those 5 inputs of 200 DASH to send the 1000 DASH, it's basically the same thing.


7. Final Thoughts

The privacy built into DASH is Pretty Good Privacy when used right, to date no one has been compromised by unravelling a CoinJoin Send transaction. However, it has to be used carefully and thoughtfully because you are essentially hiding in plain sight. If all you are doing is trying to protect your privacy from the use case mentioned at the top of this document, you can pretty much break all the rules and still have excellent privacy when conducting in person payments. If you have reason to believe your transactions may be scrutinised, you better adhere to this guide. ;)
Great guide! I don't use Coinjoin that much, but when I do, I prefer to call it Privatesend! ;) Keep up the good work, man.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,987
1,147
1,183
Also:

1. Before mixing, close down all other network apps; browser, email etc. You don't want your mixing IP to be associated to your identity / beacons / fingerprinting etc.

2. If you're using a VPN, switch to a different server / IP than your normal use.

3. Open the desktop wallet and don't start mixing straight away! This pattern of opening, mixing and closing the wallet will be spotted.
 

xkcd

Active Member
Masternode Owner/Operator
Feb 19, 2017
248
217
103
australia
mnowatch.org
Dash Address
XpoZXRfr2iFxWhfRSAK3j1jww9xd4tJVez
Also:

1. Before mixing, close down all other network apps; browser, email etc. You don't want your mixing IP to be associated to your identity / beacons / fingerprinting etc.

2. If you're using a VPN, switch to a different server / IP than your normal use.

3. Open the desktop wallet and don't start mixing straight away! This pattern of opening, mixing and closing the wallet will be spotted.
This is why I recommend only using the wallet over TOR.
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
2,987
1,147
1,183
This is why I recommend only using the wallet over TOR.
Tor is not for everyone, it has it's drawbacks. Tor nodes are not collateralized or otherwise formed by reputation, so it's easy for bad actors to spin up fake nodes.
 
  • Like
Reactions: AgnewPickens

AgnewPickens

Moderator
Moderator
Mar 11, 2017
431
158
113
57
I only mix 6 rounds, I don't have enough Dash to raise regulator eyebrows with my transactions, but I mix all my Dash
because I like having fungibility, it's like tucking your currency into a wallet, I usually like mine all mixed up, people don't
have to use the CoinJoin feature, but it is a very important part of Dash's features.
 
Last edited:

Nthelight

Member
May 15, 2014
48
46
58
Great work xkcd.

What would you tell people who are wondering about the cost and time it takes for a 4, 8 or 16 rounds mixing session?
 

xkcd

Active Member
Masternode Owner/Operator
Feb 19, 2017
248
217
103
australia
mnowatch.org
Dash Address
XpoZXRfr2iFxWhfRSAK3j1jww9xd4tJVez
Great work xkcd.

What would you tell people who are wondering about the cost and time it takes for a 4, 8 or 16 rounds mixing session?
Honestly, it's not that expensive and 16 rounds doesn't take too long (I am patient). What I would say, is do not settle for less. IMO 4 rounds is not enough to break the link between your dirty coins and the clean ones. I strongly recommend 16. I even know one fella that recompiled the wallet to allow even more rounds, but I think 16 is excellent, because with each round the number of permutations increase exponentially, meaning your privacy increases massively with each round. That means, 16 rounds isn't twice as 'private' as 8 rounds, it's like 256 times more secure.
 
  • Like
Reactions: AgnewPickens

Nthelight

Member
May 15, 2014
48
46
58
There is no indication in the wallet of how long it could take. Does a 16 rounds mixing session of say 100 Dash complete in 24 hours or would it take longer?

Is there a recommended maximum of Dash to mix each session? If you have 1000 Dash to mix, do you mix in one session or do you do several smaller mixes?
 
  • Like
Reactions: AgnewPickens

Nthelight

Member
May 15, 2014
48
46
58
...doing a time and cost comparison with Wasabi would be a good idea
Would be great to have some actual data on timing and cost, so we can at least give some indications before users click the 'start mixing' button.

It would indeed also allows us to make a comparison with other products.
 
  • Like
Reactions: xkcd

Nthelight

Member
May 15, 2014
48
46
58
IMO 4 rounds is not enough to break the link between your dirty coins and the clean ones. I strongly recommend 16.
I concur this. Always mix with 16 rounds, minimum 8 if there's more time pressure.

It's not that 4 rounds is insecure, it's just that the probability of tracing a PS transaction decreases exponentially as you chose more rounds.
 
  • Like
Reactions: xkcd

Miner237

Well-known Member
Foundation Member
May 28, 2014
516
226
213
Can we limit the amount of denominations that are created yet?

I do not need 50 - 0.001 units of dash.... until dash is 20k
 
  • Like
Reactions: xkcd

xkcd

Active Member
Masternode Owner/Operator
Feb 19, 2017
248
217
103
australia
mnowatch.org
Dash Address
XpoZXRfr2iFxWhfRSAK3j1jww9xd4tJVez
Can we limit the amount of denominations that are created yet?

I do not need 50 - 0.001 units of dash.... until dash is 20k
No, there is no way to do this. If you need large denom, eg 10 DASH in size, the way to encourage their formation is to start with a large UTXO for it to denominate, so, if your mixing wallet is filled with dust, create a new address and goto the send tab and send all the DASH to that address and start mixing over. This should create more of the larger denoms and fewer of the dust ones. Good luck!
 

AgnewPickens

Moderator
Moderator
Mar 11, 2017
431
158
113
57
16 rounds of mixing? I use 6 rounds of mixing, the number of permutations exponentiate with rounds, 6 rounds is good enough for most people that are not managing MNO sized sums and just want some privacy in their regular transactions, no regulatory agency is going to try to track transactions below de minimus, even with AI.