Nostr Web Client

Truths about coinjoins:

- Wabisabi has a superior architecture to Whirpool.

- Including change in the coinjoin as in Wasabi 1.0 is in any case an advantage, not a disadvantage. If you don't understand this, it's simply because you don't understand the math.

- There is no such thing as isolated change in Whirpool; changes are traceable.

- With Wabisabi, you can forget about change problems and Postmix tools.

- Wabisabi is not free as they sell it to you; the coordinator continues to make money from decomposition.

- Wabisabi does manage Tor circuits well; I checked the code myself (Nothingmuch says no, and I have to trust him because he knows much more than I do).

- Whirpool does not manage Tor circuits well, and the coordinator can find out who is on each side of the mix (I have not reviewed the Ashigaru code that they say has mitigated this, proving me right, which I was denied at the time).

- Whirpool and Wabisabi are vulnerable to tagging attacks.

- In Whirpool and Wasabi, you have to trust the coordinator; you don't know if they are really executing the published code.

- Joinmarket is complex for someone who doesn't know what they are doing, but it can mitigate the problems described above.

- Joinstr, in my opinion, is the most promising; it mitigates most of the problems described in centralized coordinators and is easy to use.

I think the community should throw its weight behind supporting #Joinstr

Reply to this note

Please Login to reply.

Discussion

rapadu 6mo ago

Thx for the summary 💥

Sean 6mo ago

Very helpful 👌🏻

Hanshan 6mo ago 💬 1

dude is technically retarded and doesnt understand shit about fuck

Sean 6mo ago

Would love to know your perspective because I'm not clued up about CoinJoins at all. I know their potential but thats about it. Nothing from a technical pov anyway

₿jarni ⚡iggi 6mo ago

A good tutorial idea maybe for nostr:npub1rxysxnjkhrmqd3ey73dp9n5y5yvyzcs64acc9g0k2epcpwwyya4spvhnp8 using Joinstr? 🤠

https://docs.joinstr.xyz/

₿² 6mo ago

TLDR haha 🤣

Kruw 6mo ago

No trust is required for WabiSabi coordinators (other than server liveness).

You would be able to detect any tagging attacks by comparing your client's round ID with the public one published by the coordinator (see https://coinjoin.kruw.io/wabisabi/human-monitor )

Hanshan 6mo ago

this is a complete load of poorly-researched bullshit

Ailo 6mo ago

Well, it sure looks interesting to me as a total noob. Where's the bullshit?

Hanshan 6mo ago

for starters he doesn't understand Whirlpool architecture

if you're running the client it doesn't matter what the coordinator is, trust is not required.

he clearly doesn't understand the tradeoffs between equal output CJs (Whirlpool) and Wabisabi. theres a reason doxxic change is separated (dunno why he claims it isnt, the wallet clearly separates it). wabisabi doesn't create change like this but introduces other problems instead.

the Ashigaru team says they fixed the tagging vulnerability that was reported at the beginning of the year, so far that hasn't been confirmed on way or the other.

I could go on but in short

this dude trying to pass himself off as a cypherpunk has frequently demonstrated he doesn't have the technical understanding.

i seriously doubt he's qualified to do a code review of anything.

this is the "ring signatures cause supply inflation" dude after all.

he might have some good takes

but hes terrible when it comes to anything technical.

Ailo 6mo ago

Thanks for clarifying!

FikaTimeBooks.com 6mo ago

So, what's your rebuttal?

Hanshan 6mo ago

nostr:nevent1qqsd246avzz6f9ekuuuf5pxshwwjalma037y3zle6aa4fhhwwkwh2kspz9mhxue69uhkummnw3ezuamfdejj7q3qlxzaxzge0jq9u9cecucctdt5lslwgp7hcxmp2l0wn8r2ecjenwasxpqqqqqqztd7j96

econoalchemist 6mo ago 💬 3

Wasabi's architecture was so flawed that some 133 users have been arrested after using it and chain analysis companies advertised Wasabi de-mixing services.

Two of the most horrendous issues were systemic address reuse where change addresses were later used again for mix outputs; and symmetric address reuse where the same address would show up on the input and output sides of a CoinJoin transaction. Neither of these issues were resolved with Wasabi 2.0 (Sabi Wabi or whatever they called it) and you can still find these issues occurring in Wasabi CoinJoins today.

If you want to go down this rabbit hole, here is a good place to start: https://pastebin.com/NHDVC03U

As for the new Ashigaru Whirlpool coordinator being able to link inputs and outputs, despite the unhinged takes flying around from NothingMuch and FloppyDic, the claims don't make sense IMO given the description of how the protocol works. If either of those guys have a valid point, it is getting lost due to their poor communication skills and inability to demonstrate or explain the exact issue in laymen's terms. I have seen zero evidence that a ZeroLink coordinator like the one Asgigaru is running has ever linked inputs to outputs.

nostr:nevent1qqsxnjwfc5gldjd7sdtp8zr9c3m88sqdckvv7fgksv9cp0848qu7xtspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg8u7u9ytnagzl42syaeh29rwht385ckna9z0u7u4s75jyfd7e7n0cpsgqqqqqqsshu3p0