I am looking to compare different implementations of CoinJoin, but I don't feel like going through 20 pages. Would someone be considerate enough to list them here, or maybe in the original post?

Is the bounty still open? I can see the funds are still there.

How do I cite CoinJoin?

Hey all,

I've spent the last two/three months working on a CoinJoin implementation that I call Coinmux.  It is open source and mostly P2P decentralized.

The source is in Ruby (JRuby) and on Github: https://github.com/michaelgpearce/coinmux.  The project home page has quite a bit of information so its worth reading through.

Here is an example transaction created with Coinmux for 3 participants: http://test.webbtc.com/tx/963d6a87c2f0c3e715d0550539ffa3fed0731abd4b3b081d52f29891592f400d.  (You'll notice some change address re-use due to this making my testing easier.)  The commands used were:

bin/coinmux --participants 3 --amount 0.0625 --output-address muTpTtZSGyEbH2xt47SS3J45XG4Dx5F9DE --change-address mwU8DyTw2fBQmyCDJNRyHBDXk7KUDJ7vEA
bin/coinmux -p 3 -a 0.0625 -o mynWtUyX3UmEfvbU6oESCuXWJXA2vjbJw8 -c mjfCi3t1jBsizt9MKtNDxpn3qdd73CRyhQ --data-store p2p?port=14142
bin/coinmux -p 3 -a 0.0625 -o mpexwCiUhDVNYEMWqzoLn8C4UkMdDdZCQo -c mjfCi3t1jBsizt9MKtNDxpn3qdd73CRyhQ --data-store p2p?port=14143

Its setup to use Testnet (i have not tried it on mainnet as its alpha software!).  It can be easily configured to use either a local filesystem to communicate or P2P over the Internet.  The filesystem communication is fairly robust while the P2P Internet mode works reasonably well, but will require a lot more testing and work to prevent bad actors.

There is a protocol specification: https://github.com/michaelgpearce/coinmux/blob/master/docs/spec.md
The peers communicate using JSON messages.  None of the connected peers can associate input with output ownership from the messages themselves, only by IP addresses.  This is a pretty big privacy leak, but can be solved by integrating Tor or Freenet to communicate the messages.

I've only implemented a command line interface for now, but the CLI is event driven and built with a GUI in mind.  I don't want non-developers trying it yet so a CLI seems like a good place to start.

The easiest way to try it out locally is to use "--data-store filesystem" and invoke the command from a couple of different terminal sessions on your computer.  Again, its setup to use Testnet, so you need a Testnet wallet private keys.

Hey all, i just released v0.1.0 of Coinmux (followed quickly by 0.1.1 to fix a couple of minor UI issues) which is my milestone for having things functional on Testnet.  I'm ready to move on to building a GUI to sit on top of the code already there and make it easier to use.

But before I do that, I want to try it out on the Bitcoin MAINNET and with some STRANGERS on the Internet!  I've never done either!

I'm hoping a couple of you are brave enough to try it with me.  I want to do a small CoinJoin transaction, 0.001 BTC (a little less than 1USD) .  To get a suitable wallet, I simply went to bitaddress.org, created a new wallet for the CoinJoin input, and then sent 0.0015 BTC to it from my main wallet (a little extra for miner fees).  Any address with a balance > 0.0015 will work, but I would not recommend using your primary wallet.  There shouldn't be any issues, but better to be safe than sorry.

If you are interested, there is a link to download the latest Java client here: https://github.com/michaelgpearce/coinmux.  To use the Mainnet Bitcoin network instead of Testnet, you'll simply need to set an environment variable COINMUX_ENV=production.  On a Unixy OS, you should be able to just type this command in the terminal/console where you run the Java command.  On Windows, i believe you use the SET command, but its been years since i've used Windows.

I'm on Freenode IRC at #coinmux via webchat: https://webchat.freenode.net.  Hopefully one or two people will come find me.

Thanks!!

How does Coinmux find other users? And if it doesn't, can it implement a Bitmessage chan?

Good stuff - I hope it will explode

Feel free to share your thoughts.  I haven't gotten any feedback on the protocol yet.

I totally agree. It is set up right now to work off testnet by default (the user needs to set an environment variable to connect to Mainnet). Unfortunately, the testnet knowledgeable audience is a lot smaller, and CoinJoining needs multiple people running it at the same time.  Hopefully in time, this will resolve itself.

And i'm not sure i really made this clear in my original posting, but the only thing needed to run Coinmux is Java and the Jar file available from http://github.com/michaelgpearce/coinmux.  You don't need to have BitcoinQT installed and it does not require downloading the blockchain to your computer.  I'm trying to make something that an average Bitcoin user will be able to understand and use.

The cryptographer in me says I should do this, while the engineer in me thinks this may be (too) difficult to implement.  (And I'm a much stronger engineer than cryptographer!)  I still haven't totally wrapped my head around it from an engineering perspective, I'll do that once I get the GUI for Coinmux working.  But I am a believer in keeping Coinmux simple.  Bitcoin has some warts, but its really pretty simple as far as crypto goes.  I'd like to keep that same philosophy for Coinmux.

One of the easiest things I can do to limit who sees the the IP address of published messages is to encrypt them.  Both the Director and Participants have a public key as part of their first message broadcast.  Other than the Director's first announcement message and the Director's subsequent status updates, all other messages can be encrypted so only the involved parties can decrypt the messages.  The IP address would still be leaked, but only those in the mix can make sense of what's going on.  While not a cryptographically perfect solution, this would make traffic analysis more difficult and less useful. This may make put Coinmux in the "good enough to be useful" category. This wouldn't be great, but as an engineer, I realize everything has tradeoffs.

The Coinmux protocol itself was not designed to hide IP addresses/participants, only to facilitate communication.  As i first imagined what the protocol would look like, I had always considered using Freenet for message communication and to provide anonymity at the "network layer." Coinmux was designed with a Freenet like system in mind with the following properties: untraceable message insertion, immutable messages, ability to post multiple messages to a known location/key, and all messages publicly retrievable from a known key.  TomP2P allows for all of these except the untraceable message insertion.  TomP2P was really only selected due to it being available as a Java library and ready to be embedded in an application.  Well, that and it's faster than Freenet.

I'd rather try to solve this at the network layer than the protocol layer.  This allows for the network layer to be easily changed (I have 3 implementations now - TomP2P, the filesystem, and a memory implementation used for testing).  I am still actively considering switching to using Freenet as originally planned. Bitmessage is another option, though i believe their API is inadequate.  Maybe there is a way to use Tor.  Or maybe some new Altcoin becomes a viable option in the future. Or maybe i can push harder on TomP2P: is it possible to shuffle messages around the TomP2P peer network before inserting them to provide anonymity?  The protocol doesn't care who inserted the message, only that it gets inserted.  As it is right now, none of the options outside of TomP2P meet the requirement of "easy to use" as they require an additional application running.

Anyway, there are lots of different options and all of them have tradeoffs, but I am pretty open to anything that will work.  I'll need to let what you wrote settle on my brain a little more.