Wasabi Wallet: Does It Solves The Bitcoin Privacy Problem?
Key Questions Answered
Wasabi is an open-source, non-custodial, privacy-focused Bitcoin wallet for Windows, Linux, and Mac. It includes an integrated Tor connection, CoinJoin, and coin control privacy features. The Wasabi Wallet is exclusive to Desktop devices and doesn’t support a mobile version.
The Wasabi wallet was created in 2018 as the flagship product of zkSNACKs, a research company specializing in Bitcoin fungibility and privacy-related products.
The company was founded by CEOs Gergely Hajdu and Balint Harmat, and CTO Adam Ficsor. Adam Ficsor is the creator of DotNetTor, a Tor library for .NET Core, co-creator of NTumbleBit, inventor of ZeroLink, and one of the most active GitHub contributors in the world.
How Does The Wasabi Wallet solve Bitcoin Privacy problem?
Contrary to what many still believe, Bitcoin and bitcoin transactions aren’t private.
Bitcoin is—by default—a transparent system where everyone can see the entire history of every account balance. If you aren’t purposefully obfuscating your transactions and shielding your identity, everyone can see your entire transaction history, income, spending habits, trading strategies, how much Bitcoin you own, and for how long you’ve held it.
The first concern with Bitcoin privacy is that each coin is not 100% unique. To keep track of all the coins and transactions on the ledger, Bitcoin uses an accounting model based on unspent transaction outputs or UTXOs. The UTXOs are the fundamental building blocks of bitcoin transactions and represent indivisible chunks of bitcoin currency, locked to a specific address, recorded on the blockchain, and recognized as currency units or “coins” by the entire Bitcoin network.
Thus, when a user receives bitcoin, the coins aren’t—as many mistakenly believe—sent to the user’s wallet. Instead, the amount is recorded on the blockchain as a UTXO belonging to a specific bitcoin address or account. If the user then wishes to spend the coins or the “unspent transaction output” belonging to the address, they must sign the transaction with the corresponding private key stored in their wallet.
The most important thing to remember here is that each UTXO, or “coin”, is like a snowflake made unique by its completely transparent transaction history. Every UTXO has an input containing the sending address and at least one output containing the receiving address. When Jane sends bitcoin to Joe, Joe doesn’t just receive any random UTXO, but rather the exact coin sent by Jane. And when Joe then sends that same coin to Jorge, Jorge can check the UTXO using a blockchain explorer and see its entire history dating back to the coinbase transaction, including the last transaction made by Jane to Joe.
Now, due to the pseudonymous nature of Bitcoin, Jorge doesn’t necessarily know that it was Jane who sent the coin to Joe because Bitcoin addresses aren’t tied to real-world names or IP addresses. However, many government agencies and private transaction surveillance companies work day and night to de-anonymize Bitcoin transactions and link them to real-world identities. If one isn’t extremely careful about their Bitcoin privacy, they can easily get de-anonymized and have their identities revealed and tied with their entire transaction history.
Now, let’s see how the Wassabi wallet solves this problem and helps make Bitcoin more anonymous.
How Does Wasabi Wallet Work?
For obvious reasons, anyone holding any substantial wealth in Bitcoin wouldn’t want to advertise their holdings to everyone they transact with. This would be like the Internet equivalent of showing off a gold chain in a dark back alley. It’s a recipe for disaster. However, as we already explained, every time you send someone even a tiny portion of your bitcoin, you risk revealing your wealth to them.
This is where the Wasabi wallet comes in. The Wasabi wallet adds multiple layers of redundancy by allowing users to:
- Generate new addresses with the same private key for every transaction made.
- Pick and choose UTXOs manually.
- Use CoinJoin to obfuscate the UTOXs and hide transactions when sending or receiving bitcoins.
- Hide an IP address by routing all network communication through Tor by default.
Let’s go through all of these features in order.
One of the basic security rules of Bitcoin is to never reuse addresses. Using the same Bitcoin address to receive multiple transactions undermines the privacy of yourself and others. When you use an address more than once, you’re revealing to everyone that the address is a payment destination and not a random change address, which means that a single private key can spend all its coins. And because it’s effortless to track all of the UXTOs of an address, it’s also straightforward to calculate how much bitcoin the private key holds.
Furthermore, when you reuse an address to receive bitcoin, it becomes much easier for others to determine that the address is yours and thus de-anonymize you. Every time you sign a new transaction using the reused address’s private key, whoever receives the UTXO can use that address’s history to discover more information about who’s behind it.
The Wasabi wallet solves this issue by leveraging an alternative key derivation function called “hardened derivation” to generate new, significantly more secure addresses every time you send and receive transactions. Moreover, to protect against Dusting attacks, Wasabi also allows users to set an adjustable “dust limit” on transactions, where the wallet won’t show UTXOs below a specific threshold value. This way, every time you send or receive Bitcoin using the Wasabi wallet, you’ll be doing so using newly generated addresses by default.
Manual Coin Labeling and Selection
The main difference between the Wasabi wallet and other Hierarchical Deterministic wallets is that Wasabi doesn’t cluster all UTXOs into a single derived Bitcoin balance. Instead, it allows users to view, manually label, and select specific UTXOs from the “Send” and “CoinJoin” tabs in the wallet before making transactions.
The purpose of this feature is to prevent users from including an unintended or non-private coin in a transaction, which could significantly reduce their Bitcoin privacy.
Wasabi’s flagship feature is a coin mixing technology called ZeroLink, invented by Wasabi’s founder and CTO Adam Ficsor. ZeroLink is based on a variation of the CoinJoin technology called Chaumian Coinjoin, which was first hinted at by Bitcointalk forum user hashcoin in 2011 and described in more detail by another user going under the pseudonym killerstorm in 2013.
How Does Coinjoin Work?
The term CoinJoin was coined by legendary computer scientist, cryptographer, and Bitcoin core developer Gregory Maxwell, who was also the first to give a more detailed explanation of the concept.
In simplified terms, Wasabi’s CoinJoin works by merging many transactions from multiple users, mixing their inputs and outputs into one big transaction. After the mixing is done (it takes a few minutes), everyone receives back their fair share from the tumbling pool.
The critical issue here is that somebody—a person, a server, or a wallet—has to do the mixing, which introduces a central point of failure where a third party performing the mixing has complete control over the bitcoins and knows the origin and destination of each coin.
ZeroLink’s coin mixing technology solves this problem by using so-called “Chaum blind signatures,” which allow users to send a cryptographically-blinded version of the post-mix-up receiving address to the tumbling server. This effectively means that the tumbling server can neither violate anonymity (know which coins are whose) nor steal the bitcoins. The users send the coins from one address and receive them, after they are mixed, on another address that remains private even to the tumbler.
This mechanism makes bitcoins fungible again because the post-mix-up UTXOs are made indistinguishable from each other, rendering their transaction history untraceable and private.
Wasabi Wallet + Tor
The fourth layer of privacy offered by the Wasabi wallet is the built-in Tor connection. Wasabi uses the Tor network to hide the user’s IP address when mixing and broadcasting transactions on the Bitcoin network, and also to secure all network communications from snooping.
Relaying communications through peer-to-peer privacy networks like Tor is very important for Bitcoin privacy because unencrypted transactions can reveal the user’s IP, which can then be used to estimate the user’s physical location.
Wasabi accesses the Tor network automatically, which means users don’t need to have Tor pre-installed on their desktops.
How to Install Wasabi Wallet
Installing the Wasabi wallet is like installing any other software program on your desktop, with one additional caveat: you must ensure you’re installing the correct version of the software by verifying the developer’s PGP signatures.
These are not just empty words. If you mistakenly download a fake version of Wasabi, you can say goodbye to your bitcoins right then and there.
The first step is to make sure you download the Wasabi client from the official https://wasabiwallet.io/ website. The second step is to verify the software package you downloaded is actually the official one by the Wasabi developers. You can do this by checking whether the Wasabi package you downloaded is signed with the valid PGP signature by zkSNACKs, the company behind Wasabi.
You can download the separate signature .asc file by clicking on the “SIGNATURE” hyperlink found directly below the green download button for the Wasabi wallet.