Decred CoinShuffle++
This service provides CoinShuffle++ mixing to create Decred CoinJoin transactions with other users of the server. It acts as a coordination point and provides optimized polynomial factorization to improve mix times. The server does not know which mixed outputs in a successfully-created CoinJoin belong to which peer.
The mixing epoch is 10m0s.
This server is configured with a self-signed TLS certificate.
It must be saved and referenced by the dcrwallet
config.
Click here to download
and see below for config examples.
Mixed ticket buying
Mixed ticket buying uses CoinShuffle++ to anonymize outputs of split transactions, which are spent to create ticket purchases. Voting rights and commitment outputs must be assigned to unused and unique addresses of accounts and not single addresses to prevent address reuse.
Solo stakers are recommended to use two wallets to separate ticket buying and
voting, due to requirements of the voting wallet being always unlocked and
highly available. An extended public key must be exported from the voting
wallet (using getmasterpubkey
) and imported by the ticket buying
wallet (using importxpub
).
Use the following options for a mixed solo ticket buyer which continues to buy more tickets from the mixed account as outputs mature:
$ dcrwallet --csppserver=mix.decred.org:5760 \ --csppserver.ca=mix.decred.org.pem \ --enableticketbuyer --purchaseaccount=mixed --mixedaccount=mixed/1 \ --changeaccount=unmixed --ticketbuyer.votingaccount=voting --mixchange
Converting from an unmixed ticket buyer
Solo stakers wishing to convert from an unmixed solo ticket buying setup to a mixed buyer can use two ticket buying wallets simultaneously, with a setup to slowly mix funds from the existing buyer (buyer1) to the new mixed buyer (buyer2). Each ticket buyer must be provisioned with a unique voting xpub:voter$ dcrctl --wallet createnewaccount voting1 voter$ dcrctl --wallet createnewaccount voting2 voter$ dcrctl --wallet getmasterpubkey voting1 voting1-xpub voter$ dcrctl --wallet getmasterpubkey voting2 voting2-xpub buyer1$ dcrctl --wallet importxpub voting voting1-xpub buyer2$ dcrctl --wallet importxpub voting voting2-xpubIn addition, the mixed account xpub of the mixed ticket buyer must be imported by buyer1:
buyer2$ dcrctl --wallet getmasterpubkey mixed mixed-xpub buyer1$ dcrctl --wallet importxpub mixed mixed-xpubThe mixed ticket buying wallet may use the setup from the previous section. The old wallet must be configured slightly differently:
buyer1$ dcrwallet --csppserver=mix.decred.org:5760 \ --csppserver.ca=mix.decred.org.pem \ --enableticketbuyer --purchaseaccount=default --mixedaccount=mixed/0 \ --ticketsplitaccount=default --changeaccount=unmixed \ --ticketbuyer.votingaccount=voting --mixchangeNote these differences:
-
--mixedaccount=mixed/0
- The unmixed wallet must use the external (not internal) branch of the mixed account to avoid address reuseage problems arising from two wallets simultaneously deriving from the same branch. -
--ticketsplitaccount=default
- Unless this is set, the mixed account and branch will be used derive a fresh address for the mix. However, this would create issues when publishing a ticket, because the unmixed wallet does not have the required private key (mixed account is an imported xpub). This option must be set to a derived account with private keys, such as the purchasing source account.
Change mixing and non-staking
Change outputs in the CoinJoin are not anonymous, and can easily be traced
back to the set of inputs used during the mix. A dedicated unmixed account for
CoinShuffle++ change is required, and it is not safe to spend change with other
outputs in any transaction, including other mixes. To remedy this,
dcrwallet
provides a change mixing feature to create smaller mixed
outputs of standard values and never submitting more than a single change output
to the mixer in a request.
These features are enabled with the following config:
$ dcrwallet --csppserver=mix.decred.org:5760 \ --csppserver.ca=mix.decred.org.pem \ --mixedaccount=mixed/1 --changeaccount=unmixed --mixchange
Alternatively, the mixaccount
JSON-RPC may be used instead of
the --mixchange
option to mix single outputs
from the account without leaving the wallet persistently unlocked.
Non-stakers are able to use this mechanism to mix received funds. Use the unmixed account to provide receiving addresses and mix the account as if it was CoinShuffle++ change.
Address reuse
Address reuse strips the anonymity provided by CoinShuffle++. It is imperative that addresses are never reused and that extended public keys of mixed and voting accounts are not revealed to other parties.
Tor Hidden Service
The server is accessible as a Tor hidden service. This can be configured using the following options:
$ dcrwallet --proxy=127.0.0.1:9050 \ --csppserver=rtlhphncpqvyxbwxztgo2l76r7ndz7oznj5vuhav4iwwoj2wk4boq5yd.onion:5760 \ ...
In case dcrwallet
connects to dcrd
directly, the
--nodcrdproxy=1
option may be specified in addition to the above.