SNICKER would send a message to the wallet of the user that was selected for the coinjoin. The proposal was devised two years ago and would have a better performance with Taproot.

Bitcoin developer Adam Gibson posted to the Bitcoin-Dev mailing list a proposal to implement Simple Non-Interactive Coinjoin with Keys for Encryption Reused (SNICKER). CoinJoin is a method to perform private transactions in Bitcoin, which prevents the tracking of addresses within the blockchain, since it uses multiple payments that are incorporated into a single transaction.

This solution was described by Gibson almost two years ago, but it was reviewed in September 4th by the Bitcoin Optech team. SNICKER works in two steps: a proposer step and a receiver step. In the proposer step, one of the parties uses the blockchain and the set of Bitcoin UTXOs (unspent transaction outputs) to find those UTXOs from which the owner’s public key can be inferred thanks to SNICKER, which scans the blocks received by the proposer node. It selects one of those UTXOs whose value is less than the amount that its wallet manages and creates three outputs, which are the result of joining that found UTXO with the proposer’s UTXOs.

The first coinjoin output goes to the party that is proposing the coinjoin. The second coinjoin output is addressed to the owner of the selected UTXO or receiver, and both coinjoin outputs pay the same amount, so that they are indistinguishable on the blockchain. In the third output, the proposer receives back any amount of money that exceeds the amount of coinjoin.

As the addresses already having a transaction history do not allow taking advantage of the privacy benefits of CoinJoin, the proposer generates new unique addresses for its two outputs. Given that the receiver cannot tell the proposer which address to use, then the proposer uses the receiver’s public key and the Elliptical Curve Diffie Hellman (ECDH) to generate a shared secret. This secret, when combined with the receiver’s public key, creates a new public key that only the receiver can sign.

The new public key allows creating the new address for the receiver’s coinjoin output. This ensures the privacy of the transaction as no one, apart from the proposer and the receiver, can notice the difference in the transactions.

To complete the proposer step, it creates a partially signed Bitcoin transaction (PSBT) with the information obtained, which contains the signatures for its UTXO. This transaction is then uploaded to a public server.

If the receiver accepts the message received on its keychain with the text New coinjoin proposals found. Check?, it can then evaluate the partially signed transaction in order to confirm that it is correct, add its signature to its UTXO and transmit the transaction to the network to complete the coinjoin.

SNICKER helps Bitcoin wallets to create coinjoins in a non-interactive manner. Non-interaction implies that the parties involved in the transaction do not meet, synchronize, or need to know who they are in the future. In the relationship between the parties, one of them would limit to posting an encrypted message whereas the other would only read it in its key. If reasonable anonymity measures are followed when transmitting the final transaction, then the parties’ privacy is preserved.

By Willmen Blanco


Please enter your comment!
Please enter your name here