Unfortunately, there is no way to talk about bitcoin privacy and the intricacies of JoinMarket without a little bit of jargon.
This glossary explains some of the concepts and terms used in Jam.
A bitcoin address—also called bitcoin invoice address1—is a string of characters that you send to someone else to receive funds.
There are currently three invoice address formats in use:
For more details please refer to the Bitcoin Wiki. Jam defaults to Bech32 addresses.
Address reuse refers to the practice of reusing a single bitcoin invoice address for multiple transactions. It is highly discouraged since it harms the privacy of yourself and others. You should never reuse addresses.
The only way to hide in plain sight is by hiding in a crowd. The anonymity set is simply the size of this crowd.
If you are putting on a hat and sunglasses to hide in a crowd of people that are wearing the same hat and sunglasses, your anonymity set is the size of this crowd. If said crowd is 50 people, an attacker could mistake you for anyone out of these 50 people. Similarly, when doing a collaborative transaction in bitcoin, you are creating an onchain footprint that is equivalent to the onchain footprint of others.
Bitcoin's base layer (or Layer 1) refers to any transaction that touches the timechain, i.e. all onchain transactions. The base layer is concerned with global consensus and settlement.
Higher layers build ontop the settlement assurrances of the base layer. One example of a Layer 2 system is the Lightning Network. All money is layered, including gold and fiat monies. Read Layered Money by Nik Bhatia to understand this in more detail.
A batch transaction is a transaction that combines multiple real-world transactions into one on-chain transaction. It has multiple inputs and multiple outputs. Different parties may control one or multiple inputs and receive one or multiple outputs.
Bech32 is an invoice address format. It was specified in BIP 173 and is used for both SegWit and Taproot addresses.
A mostly meaningless marketing term used to confuse newcomers. While "block chain" is still the main term used to refer to Bitcoin's linked data structure of blocks, it has increasingly become meaningless over the years as it got co-opted by grifters, charlatans & marketers. A better, more descriptive term of said data structure is timechain.
Chain analysis is is the practice of applying heuristics to a timechain's public transaction graph. The goal of chain analysis is to link the pseudonymous identities created by bitcoin software with "real" identities corresponding to natural persons or entities.
Chain analysis is based on flawed assumptions, because ownership in bitcoin is defined by secret knowledge, not possession. Identities can only be linked probabilistically, not provably. One of the main assumptions used by chain analysis companies is the common input ownership heuristic. Collaborative transactions break this heuristic.
A CoinJoin is a collaborative transaction that combines inputs from multiple parties. The purpose of a CoinJoin is to combine inputs and create outputs in ways that improves the financial privacy of participants, without relying on a trusted third party for custody. When done correctly, a CoinJoin breaks any deterministic links between transactions, moving the process of chain analysis from quasi-deterministic with high certainty to probabilistic with low certainty.
CoinJoins break the common input ownership heuristic that is used by chain analysis companies to de-anonymize actors. The concept was 1st introduced in 2011 by Bitcointalk user hashcoin2, but later popularised in 2013 by Gregory Maxwell.34
All CoinJoin transactions are collaborative transactions. The two main types of CoinJoin transactions are equal-output and unequal-output CoinJoins. Other differences might be interactivity (or lack thereof) and number of participants.
A collaborative transaction is a bitcoin transaction that is initiated and signed by multiple participants. A collaborative transaction involves two or more parties and is thus always a batch transaction. All CoinJoins are collaborative transactions.
When using physical cash, spending a $100 bill to pay for a $25 item, you will get $75 back in change. The reason for this is that you can't spend just a part of the bill, because ripping off a quarter of it for payment will invalidate the bill. Consequently, when bills change hands, the whole bill has to be spent, and an appropriate amount of change goes back to the spender.
Bitcoin works the same way. When sats change hands, the spender has to spend the whole UTXO. Bitcoin creates the appropriate amount of change automatically. Because all transactions are recorded transparently and publicly on the timechain,
As of this writing,5 a simple spend is the most common transaction type, which describes the example given above: one input ($100 bill) produces two outputs: $25 for the merchant, and $75 in change. The act of an outside observer guessing whether you bought something for $25 or $75 (or: who was the customer of the transaction, and who was the merchant) is what is called change detection.
When it comes to chain analysis, change detection is the name of the game. The goal of chain analysis companies is to link identities to transactions, and to do that, one has to detect whether funds changed hands or not.
Technically speaking, change detection is trying to figure out which output of a transaction is a change output. Change detection is based on various heuristics. False positives will always exist, even if the transaction under scrutiny is a simple spend. Consequently, it is more an art than a science.
To quote one special investigations team speaking on chain analysis:
Attributing ownership, however, is often nuanced because outside observers can only infer it depending on factors such as availability and quality of the evidence. Evidence means proof that indeed an address belongs to an individual or entity. Unless you own an address yourself, it is very difficult to say with absolute certainty who an address is owned by. This is why it’s more fitting to consider blockchain analytics more of an art than science.
Keep in mind that ownership can change without any on-chain transaction happening, e.g. by passing on a private key directly. It is also possible that amount to be paid lines up perfectly with a single UTXO, meaning that what looks like a self-spend is actually a payment.
One can only conclude, as is also mentioned in the report linked above, that "an external observer cannot possibly gain a full picture or claim 100% confidence in ownership attribution."
Privacy Fundamentals: The Bitcoin Transaction
Bitcoin Wiki: Change Detection
Short for Common Input Ownership Heuristic.
Common Input Ownership Heuristic
The common input ownership heuristic assumes that all inputs of a transaction are controlled by a single entity. This assumption is clearly wrong, because collaborative transactions exist. CoinJoin transactions are designed to break this heuristic.
"Doxxic" change is any leftover change that is going back to you when participating in an equal-output CoinJoin. Doxxic change is problematic because it can potentially destroy any privacy benefits gained from a CoinJoin.
The word is a combination of "toxic" and "doxxing." Doxxing is the act of finding out the legal identity (or similar identifiying information) of a pseudonymous entity. Bitcoin is a pseudonymous system and does not require the True Names6 of participants.
You can use the sweep functionality to avoid doxxic change in Jam.
An eclipse attack is an attack in networked systems in which an attacker targets a node to convince it of a false network state. The attacker surrounds the node in order to conceal or block off accurate information, leaving the attacked node(s) in the dark in terms of the global network state.
An eclipse attack is similar to a Sybil attack.
Bitcoin Stack Exchange: Eclipse Attack vs. Sybil Attack
An equal-output CoinJoin is a collaborative transaction that produces outputs of equal denomination, i.e. outputs of equal value when measured in sats. For this reason, these types of transactions are also referred to as equal-amount or equal-value CoinJoin transactions.
Equal-output CoinJoins are batch transaction that are easily identifiable on-chain due to their uniform output structure.
Like any collaborative transaction, an equal-output CoinJoin breaks the Common Input Ownership Heuristic. Participating in such a transaction allows you to gain privacy by "hiding in the crowd."
Jam defaults to collaborative transactions when sending and sweeping, creating equal-output CoinJoins.
A fidelity bond is an insurance policies which protects the policyholder from wrongful acts committed by others. The term comes from the world of business and finance, thus the policyholders are usually companies, and the other parties are usually employees.
In JoinMarket, a fidelity bond is a mechanism which ensures that market actors act honestly. It is a protection mechanism against Sybil attacks, because a fidelity bond makes the creation of cryptographic identities costly.
It is impossible to move or spend funds that are locked in a fidelity bond before the bond expires. They cannot be used in collaborative transactions (neither as taker nor as maker) as fidelity bonds are time-locked by the Bitcoin protocol.
Fidelity bonds improve the privacy guarantees of the whole system and increase your chance of being chosen as a market maker drastically.
What Are Fidelity Bonds and How Do They Work in JoinMarket?
JoinMarket: Financial Mathematics of Fidelity Bonds
Creating a Fidelity Bond in Jam
Jam is both the name of the project and the verb we use when a collaborative transaction is in progress.
Sir! The radar, sir! It appears to be... [Jam starts flowing through the computer screen] jammed!
In Jam, a "jar" is a container that holds some sats of yours.7 Jars exist to segregate your sats into multiple buckets that are disconnected from each other, which aids privacy. To not risk any privacy degradation, you can only spend from one jar at a time.
There are 5 jars by default. The default jar to receive funds is Jar A.
A market maker is someone who offers bitcoin liquidity to the market, to be used by others for collaborative transactions. You can create an offer via the "Earn" tab and become a market maker.
Short for 'memory pool.' A pool of valid bitcoin transactions held by each node, that are not yet confirmed in the timechain.
An offchain (or off-chain) transaction is any transaction that does not happen onchain. Examples include transactions on the Lightning network, the handing over of physical private keys, as well as transactions on centralized ledgers such as exchanges and other trusted third parties.
Some offchain transactions, such as handing over private keys on USB sticks or similar, are outside of the scope of chain analysis. Consequently, chain analysis can never be completely accurate.
An onchain (or on-chain) transaction is a bitcoin transaction that is settled on the bitcoin timechain. The analysis of these transactions is called chain analysis, which is the spying on and de-anonymizing of bitcoin's users by trying to find patterns in the onchain data.
Short for pay-to-public-key-hash.
Short for pay-to-script-hash.
A PayJoin is a collaborative transaction between two parties that facilitates an actual payment for a good or service. The merchant agrees to provide one or multiple inputs to the transaction, increasing the privacy of both parties.
A PayJoin has different onchain characteristics than an equal-output CoinJoin and is not detectable via chain analysis alone. A PayJoin transaction has multiple interpretations, all of which are equally valid. In addition to breaking the common input ownership heuristic it poisons the basis of all chain analysis, because of its undetectability.
Bitcoin Wiki: PayJoin Adoption
Short for satoshis, plural of sat (satoshi).
A sat the smallest fraction of a bitcoin that can be expressed
on-chain. There are
100,000,000 sats in a bitcoin. There are
multiple currency symbols for a sat emerging. In Jam, the sat
symbol8 is used:
The 'scheduler' is a component of JoinMarket which schedules multiple collaborative transactions in a row. It will use random intervals and amounts to make timing analysis and de-anonymization via chain analysis more difficult.
The 'Sweep' screen uses the scheduler to sweep funds to one or multiple external wallets under your control.
A transaction that splits one input into two outputs: payment and change.
The "simple spend" is the most common bitcoin transaction type to date, since most wallet implementations do not optimize for privacy. For most simple spend transactions it is possible to discern which output is the actual payment or which one is the change. This change detection makes the tracing of funds possible.
Privacy Fundamentals: The Bitcoin Transaction
Simple Non-Interactive Coinjoin with Keys for Encryption Reused.
A Sybil attack is a special kind of attack in peer-to-peer networked computing. The victim is surrounded by malicious entities, each of which act as if they are a separate entity. The victim believes that everything is in order, that he is getting an accurate state of the network from multiple independent peers. In actuality, the Sybil attacker controls all entities surrounding the victim. Consequently, the attacker is able to trick the victim into accepting a malicious network state.
JoinMarket uses fidelity bonds to protect users from Sybil attacks.
Design for Improving JoinMarket's Resistance to Sybil Attacks Using Fidelity Bonds
A 'sweep' send will transfer all funds of a jar or all funds of your wallet. To sweep all funds from your wallet multiple transactions are created using the scheduler.
Taint is an external property defined by chain analysis surveillance firms. It is an attempt to trace the origin and ownership of UTXOs, classifying their owners and building lists of "good" and "bad" money.
All taint in bitcoin always is and always will be arbitrarily defined and probabilistically applied. Just like change detection, it is more an art than a science. It can never be done exactly. False positives and false negatives will always arise.
The bitcoin network is indifferent to taint. Miners will include any transaction in a valid block that will reward them economically. Any application of taint on the block production level is equivalent to imposing additional rules via a soft-fork, which fully validating nodes can reject.
A market taker is someone who buys bitcoin liquidity from the market, taking up market makers on their offers. You can see active offers in the order book.
You will automatically take offers when running the scheduler via the "Sweep" functionality.
The data structure of Bitcoin's base layer. It represents a timestamped and linked list of blocks. Anyone can create a new block, but each block must have sufficient proof of work, making it costly to create new blocks.
A UTXO can be locked up by a script which defines that said UTXO can only be spent in a block that is higher than a certain value. This makes UTXOs unspendable before a specific time.
A bitcoin transaction describes the movement of sats. It is structured data that describes inputs and outputs, among other things. A valid bitcoin transaction has at least one input and at least one output. Every transaction input refers to the output of a previous transaction. We say that an input "consumes" an output. If an output is not consumed yet, we speak of an unspent transaction output, or UTXO, for short.
Privacy Fundamentals: The Bitcoin Transaction
Learn Me a Bitcoin: Transactions
Short for transaction.
Unspent Transaction Output
The tip of the chain of signatures which originates in a coinbase output. It's a "coin" that has not yet been spent and can still be spend.
Short for Unspent Transaction Output.
The term invoice is proposed in BIP-179 as an alternative. ↩
Blind Bitcoin Transfers hashcoin, July 2011 ↩
I taint rich! Maxwell, Jan. 2013 ↩
CoinJoin: Bitcoin privacy for the real world Maxwell, Aug. 2013 ↩
Block 744,811 ↩
Vernor Vinge, 1981, True Names ↩
What we call "jars" are usually called "mixdepths" in JoinMarket. They are also referred to as "pockets" and "accounts" in some of the older parts of the JoinMarket documentation. ↩