Decred CoinShuffle++

This service provides CoinShuffle++ mixing to create Decred CoinJoin transactions with other users of the server. It acts as a coordination point and provides optimized polynomial factorization to improve mix times. The server does not know which mixed outputs in a successfully-created CoinJoin belong to which peer.

The mixing epoch is 20m0s.

This server is configured with a self-signed TLS certificate. It must be saved and referenced by the dcrwallet config. Click here to download and see below for config examples.

Mixed ticket buying

Mixed ticket buying uses CoinShuffle++ to anonymize outputs of split transactions, which are spent to create ticket purchases. Voting rights and commitment outputs must be assigned to unused and unique addresses of accounts and not single addresses to prevent address reuse.

Solo stakers are recommended to use two wallets to separate ticket buying and voting, due to requirements of the voting wallet being always unlocked and highly available. An extended public key must be exported from the voting wallet (using getmasterpubkey) and imported by the ticket buying wallet (using importxpub).

Use the following options for a mixed solo ticket buyer which continues to buy more tickets from the mixed account as outputs mature:

$ dcrwallet \ \
  --enableticketbuyer --purchaseaccount=mixed --mixedaccount=mixed/1 \
  --changeaccount=unmixed --ticketbuyer.votingaccount=voting --mixchange

Converting from an unmixed ticket buyer

Solo stakers wishing to convert from an unmixed solo ticket buying setup to a mixed buyer can use two ticket buying wallets simultaneously, with a setup to slowly mix funds from the existing buyer (buyer1) to the new mixed buyer (buyer2). Each ticket buyer must be provisioned with a unique voting xpub:
voter$ dcrctl --wallet createnewaccount voting1
voter$ dcrctl --wallet createnewaccount voting2
voter$ dcrctl --wallet getmasterpubkey voting1
voter$ dcrctl --wallet getmasterpubkey voting2
buyer1$ dcrctl --wallet importxpub voting voting1-xpub
buyer2$ dcrctl --wallet importxpub voting voting2-xpub
In addition, the mixed account xpub of the mixed ticket buyer must be imported by buyer1:
buyer2$ dcrctl --wallet getmasterpubkey mixed
buyer1$ dcrctl --wallet importxpub mixed mixed-xpub
The mixed ticket buying wallet may use the setup from the previous section. The old wallet must be configured slightly differently:
buyer1$ dcrwallet \ \
  --enableticketbuyer --purchaseaccount=default --mixedaccount=mixed/0 \
  --ticketsplitaccount=default --changeaccount=unmixed \
  --ticketbuyer.votingaccount=voting --mixchange
Note these differences:

Change mixing and non-staking

Change outputs in the CoinJoin are not anonymous, and can easily be traced back to the set of inputs used during the mix. A dedicated unmixed account for CoinShuffle++ change is required, and it is not safe to spend change with other outputs in any transaction, including other mixes. To remedy this, dcrwallet provides a change mixing feature to create smaller mixed outputs of standard values and never submitting more than a single change output to the mixer in a request.

These features are enabled with the following config:

$ dcrwallet \ \
  --mixedaccount=mixed/1 --changeaccount=unmixed --mixchange

Alternatively, the mixaccount JSON-RPC may be used instead of the --mixchange option to mix single outputs from the account without leaving the wallet persistently unlocked.

Non-stakers are able to use this mechanism to mix received funds. Use the unmixed account to provide receiving addresses and mix the account as if it was CoinShuffle++ change.

Address reuse

Address reuse strips the anonymity provided by CoinShuffle++. It is imperative that addresses are never reused and that extended public keys of mixed and voting accounts are not revealed to other parties.

Tor Hidden Service

The server is accessible as a Tor hidden service. This can be configured using the following options:

$ dcrwallet --proxy= \
  --csppserver=6i6otcms7mxhnmqf5uclj6tot4gd6dsgk3twnfefssh7v7pbqs57umqd.onion:5760 \

In case dcrwallet connects to dcrd directly, the --nodcrdproxy=1 option may be specified in addition to the above.