This article explains a privacy-enhancing transaction tool called Stonewallx2. Developed by Samourai Wallet, this tool can be used to collaborate in cahoots transactions to create decoy bitcoin outputs.
When it comes to defensively guarding the privacy of Bitcoin users, Samourai Wallet has been on the bleeding edge for many years. Maintaining privacy while using Bitcoin requires paying close attention to the way that your transactions are being built; which inputs are being used and what kind of history your inputs are bringing with them. Common input ownership heuristics are used by chain analysis companies to surveil Bitcoin users. These heuristics make the assumption that when there are multiple inputs to a Bitcoin transaction, those inputs belong to the same entity. Techniques can be used to break these assumptions, thus rendering the ability of a chain analysis company to maintain such assumptions utterly indefensible.
One technique used in the fight for privacy is a tool brought to you by Samourai Wallet is called StonewallX2. When someone wants to enhance their privacy while sending bitcoin, they can choose to collaborate with another user to build a cahoots transaction, which will take multiple inputs from both parties and always produce four outputs. Two of the outputs will be identical in size, one is the actual spend to the third party and the other one is a decoy which is sent back to the collaborator. Then the other two outputs are the change returned to the two collaborating parties.
For example, if Bob wants to send Charlie 0.007 bitcoin, Bob can collaborate with Alice to build the transaction in a privacy-enhancing way. The transaction will have four outputs:
- Change to Alice
- Change to Bob
- Spend to Charlie
- Identical decoy spend returned to Alice
It is necessary for Alice and Bob to communicate the timing of their transaction out of band, meaning that in the example video below, Bob will have contacted Alice using a communication method outside of the Samourai Wallet application such as a phone call, an E2EE text, a secure email, etc.
To an external observer of Alice, Bob and Charlie's transaction, they will no longer be able to make any certain conclusions about the ownership of inputs and outputs to the transaction. When the external observer looks at Alice & Bob's transaction on chain, this is what they will see:
How To Use Stonewallx2
Any Samourai Wallet user can start using StonewallX2 and other privacy enhancing tools right now. Here is a video example of a StonewallX2 transaction being built between Alice and Bob with a payment being sent to Charlie:
Step One: Set Up The Transaction
StonewallX2 transactions can be built between two collaborators with the payment going to a third party.
Bob selects his Whirlpool wallet from the homescreen so that he can spend bitcoin from his mixed outputs.
In this example, Bob wants to send a payment of 0.007 BTC to Charlie. Bob is going to collaborate with Alice by having her provide some inputs to the transaction as well. Alice will pay half of the miner fee and receive the benefit of added privacy in return.
Bob has copied Charlie's receiving address to his clipboard and he pastes it in the "To" address dialog box.
Then, Bob enters the amount to spend, 0.007 BTC.
Next, Bob enables the Cahoots privacy add on, then selects StonewallX2, then selects “online participant.”
At this point, Bob's PayNym contact list is retrieved and Bob is able to select Alice's PayNym from his list. In order for PayNym contacts to populate on your list, you will need to have followed each other. It is not necessary to take the added step of connecting to each other.
Once Alice's PayNym has been selected, Bob will have a chance to review the transaction details and set the miner fee. Bob is ready to begin the StonewallX2 transaction.
Step Two: Out-Of-Band Communication
It is necessary for Bob to coordinate the timing of the transaction with Alice out-of-band using a preferred communication method such as E2EE text, secure email, phone call, etc.
Once Bob has coordinated with Alice, then Alice knows to start listening for the Cahoots request by selecting "Receive" from her wallet homescreen, navigating to the three-dot menu in the upper-righthand corner and then selecting "Receive Online Cahoots."
Alice could also receive the Cahoots request from her Whirlpool post-mix wallet which will offer all parties optimal privacy benefits.
Alice receives the notification and approves the request.
Step Three: Soroban
Soroban is an application-agnostic communication layer that shares the transaction details between both wallets encrypted over Tor. This development enhances the user experience and achieves a complete transaction, ready to broadcast, within seconds regardless of geographic distance.
Both Alice and Bob will observe a progress bar at the top of their wallet screens.
Bob's wallet is providing inputs and Alice's wallet is also providing inputs.
StonewallX2 transactions can have many inputs but will always have four outputs. The 0.007 BTC payment to Charlie is one output, with an identical 0.007 BTC output going back to Alice. The other two outputs consist of “change” being returned to Alice and Bob.
Step Four: Finalize And Broadcast
Once the transaction has been built, Bob has an opportunity to review the details and then he can send the transaction. He will be asked to confirm and then with that, the transaction is broadcast to the Bitcoin network.
A Stonewallx2 Q&A
One of the things I like most about Samourai Wallet is that it builds the tools it wants to see in the world, tools that the team itself uses day in and day out. I think this approach is summarized well on its website with the statement: "We are privacy activists who have dedicated our lives to creating the software that Silicon Valley will never build, the regulators will never allow, and the VC's will never invest in. We build the software that Bitcoin deserves."
I recently had the chance to ask a member of the Samourai Wallet team a few questions about on-chain privacy:
Why should Bitcoiners care about on-chain privacy and what do they have to lose by not using the tools?
The blockchain is an immutable, publicly-available ledger. The tracks you leave behind today will be available for the public (the good, the bad and the ugly) to scrutinize forever more. By taking steps to improve your on-chain footprint now, you are helping not only your present situation, but more importantly your future situation.
How does Stonewallx2 help enhance a user's privacy?
Stonewallx2 has a few benefits. First, it supplements the normal Stonewall transactions because both transactions have the exact same on-chain footprint. This means that every one person using Stonewall can be two people using Stonewallx2 from the perspective of an external observer of the blockchain. Second, the composition of a Stonewall transaction is designed as such to create a transaction with as many interpretations as possible. Most transactions have a single interpretation, making tracking the flow of funds trivial. When a Stonewall transaction is encountered, the number of interpretations is increased significantly, in addition to doubt as to the number of participants in the transaction (one or two?).
What do you think is the most important privacy development in Bitcoin that developers could be working on today to mitigate future on-chain privacy concerns?
The lowest-hanging fruit is eradicating address reuse. A great way of helping this along are PayNym- (BIP47) derived stealth addresses. These special addresses are reusable and allow you to share them publicly without any privacy loss, unlike sharing a static bitcoin address. After that, I would suggest implementing an advanced coin selection algorithm such as Stonewall.
What advice would you give to someone new to Bitcoin? What do you wish you had known when you were first starting out with Bitcoin?
Stay away from KYC services. They will try to lure you in with convenience at the cost of your sovereignty and freedom — stay away. Take it slow, don't rush anything. Use the tools.
Samourai Wallet has developed many privacy-focused tools, bringing new features and improvements to users that help achieve anonymity through their CoinJoin implementation, Whirlpool, and maintain privacy with spending tools like Stowaway, Stonewallx2, Richochet and PayNyms.
Samourai Wallet is also the only Bitcoin wallet to date that has implemented BIP47. Additionally, it recently implemented the app-agnostic, Tor-based communication layer Soroban. Soroban brings tremendous UX improvements to users engaging in collaborative cahoots transactions like Stowaway and Stonewallx2. See usecahoots.com for an article I wrote on Cahoots transactions and the UX evolution of building the transactions manually versus automatically over Soroban.
Sonewallx2 is a powerful privacy-enhancing tool that can be used to break common input ownership heuristics while spending to a third party. To learn more, visit Samourai Wallet's website here. You can start taking steps today to increase your privacy and minimize your on-chain footprint. Supplementing your Samourai Wallet with your own Bitcoin full node is a logical next step if you're not running your own node then you are trusting someone else's. The Ronin Dojo team has built the perfect full node companion for your Samourai Wallet. Learn more at the Ronin Dojo website here.
Both developer teams maintain resourceful community support channels on Telegram:
Samourai Wallet: https://t.me/SamouraiWallet
Ronin Dojo: https://t.me/RoninDojoUI
This is a guest post by Econoalchemist. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.