Samourai Wallet Made Simple(ish)
A guide to using the Samourai bitcoin wallet for mere mortals
I’m no bitcoin nerd (believe me, those guys are intense), but I do want to learn how to transact in bitcoin as near anonymously as I’m able. This is something I’ve been meaning to do for some time, but with recent events in Ottawa and the DOJ’s recent announcement about the FBI forming a national cryptocurrency unit, it seems the stakes have gone up a bit.
From what I’ve read, Samourai is one of the best wallets for approaching anonymous use out there. The devs are principled, the wallet is well built, and they have too many features.
I decided that the best way to learn how to use Samourai for myself would be to make a guide for others who want to do the same. Unfortunately Samourai’s documentation is somewhat labyrinthine, and seems to be out of date in places. So here’s the deal: I’ll navigate Samourai’s documentation, share what I find relevant, and you can tip me on my lightning node.
This is not a detailed walkthrough, so I’ll be eliding a number of things, like installation, passphrases, using Tor, etc. I’ll also assume you know a fair amount about bitcoin, for example what UTXOs are and how they work. Instead, I’ll be focusing just on distilling the many many options Samourai offers into something dumb enough to work for the average user.
Receiving Bitcoin
To receive, simply click the + button at the bottom right, then “Receive” and share the address or QR code that is displayed. This will automatically rotate addresses, protecting you from re-using an address.
In this context, re-using an address is a problem because it allows observers to link multiple transactions to the same address. So, for example, if you receive bitcoin from your mom and from a client paying you in bitcoin, anyone can look at the blockchain and connect your client with your mom. The more transactions there are, the more information an attacker has. This goes for sending as well as receiving.
Advanced receiving options are available, but the only thing I want to point out is that at the time of writing, bech32 addresses are the standard. Only use something else if you need backwards compatibility with an old address or wallet.
Mixing your Bitcoin
While address rotation allows you to segregate bitcoin received, that doesn’t do you much good if you can’t spend it without tying your receiving address to your sending address. It’s quite easy to do chain analysis, tying the outputs from a transaction in which you received bitcoin to a transaction in which you converted that output into an input for another transaction1.
This is where Whirlpool comes in. From the docs:
Whirlpool mathematically disassociates the ownership of inputs to outputs in a given bitcoin transaction and deterministically breaks all prior history of an output with future activity. This is to increase the privacy of the users involved, protect against financial surveillance, and to increase the fungibility of the Bitcoin network as a whole.
Depost, Pre-Mix and Post-Mix
Samourai Wallet has three separate address accounts to manage separating your “dirty” bitcoin from your “clean” bitcoin:
When receiving bitcoin, bitcoin is deposited into your “Deposit” account. From there, you can optionally send those UTXOs to the Pre-mix account where they will await mixing. Mixing is also known as CoinJoin, a process in which your UTXOs are used in tandem with other people’s UTXOs to create transactions where the outputs are directed back to your wallet. Mixes involve a lot of math to determine number of inputs/outputs and cycles, but the basic idea is illustrated below:
Whirlpool Fees
Using Whirlpool is optional, but sending bitcoin from your Deposit account, even using Samourai’s other privacy features, has weaker privacy guarantees. The trade-off is that Whirlpool requires that you pay coordination fees in addition to miner fees to cycle your coins. These fees are pretty substantial, ranging from 5,000 sats to 1,750,000 sats depending on how much bitcoin you’re mixing. This is how Samourai’s coordinator is funded, which is an important part of Whirlpool’s ability to resist Sybil attacks.
It is also quite tricky to pull off. To start with, it appears that the minimum amount of bitcoin you can mix is 0.001 BTC (plus mining fees), or 100,000 sats. This might explain the time I tried to mix 10,000 sats to try it out and my UTXOs completely disappeared from my wallet.
For this reason (and others, including address compatibility), it’s very important to use a Whirlpool Fee Calculator when learning how to use Whirlpool. The line to pay attention to is “Postmix UTXOs created”. Make sure that number is greater than 0 or you won’t get anything back!
Below is an example in which I’m mixing 300,000 BTC from 5 inputs.
One thing to pay attention to here is “Postmix Wallet Balance” vs “Doxxic Change”. Although you’ll get both amounts back, the postmix balance is what will go into your Post-mix account, and is safe to spend. Meanwhile, your “doxxic change” will return to your Deposit account because it was not included in the cleaned portion of the CoinJoin.
I believe this is because equally-sized outputs help anonymize the coins. In the example above, if I adjust my input amount to 310,000 BTC, my doxxic change reduces to 3,352 sats, and the number of postmix UTXOs created goes up by one. It appears that if you fine-tune this amount enough, you can reduce doxxic change entirely, though I’m not sure if this is true in practice.
At any rate, the input amount you’re able to send to whirlpool does depend upon the size of UTXOs in your deposit account — so this would be something to think about even before sending funds to your wallet.
Get Mixing
To mix coins from the home screen, tap the plus button, then the whirlpool icon. This will show your current Whirlpool balance, excluding your deposit account — initially the balance will be zero. To add funds to whirlpool, tap again on the whirlpool icon in the bottom-right corner of the screen, then select “Mix UTXOs”. This will bring up a wizard asking you which UTXOs to mix, what priority to mix at, and which pool to use.
In general, I choose low priority to save on fees. For pool size, choose the smallest pool you can, but be sure your UTXOs meet the minimum, or else they will be lost!
Once you confirm whirlpool details, outputs will be sent to your pre-mix account, and one output will be sent back to your deposit account, which you can mark as un-spendable or not. Note that when viewing your whirlpool your pre-mix UTXOs won’t be displayed until you refresh.
The fee you pay covers your first mix, but as long as your UTXOs are sitting in your post-mix account, they may be re-mixed any number of times at no additional cost. These inputs are known as “free riders” and seem to be a way for Whirlpool to draw on your funds as liquidity to facilitate other users’ mixes.
Once your first mix has completed, you can click on the Samourai icon at the top of the mobile app to toggle from your deposit account to your post-mix account.
Whirlpool Addons
At this point it’s worth mentioning that it’s possible to use your own node to mix your coins, improving privacy and security. This is completely optional, and requires you to set up the app differently on initial install by connecting your wallet to your own Dojo server.
You can also install the Whirlpool Desktop GUI to use in tandem with your mobile wallet. From what I can tell, this is only an additional interface, and isn’t necessary to broker your mobile wallet’s connection with your Dojo server. But it can be nice to have since once you exit the pre-mix screen on mobile there’s no way to get back, and your post-mix account will be empty for some time, which can be a bit anxiety-inducing.
Join and Join Again
Whirlpool is designed to split received funds up, and create many separate small UTXOs. However, this doesn’t mean you can throw caution to the wind when spending — if, for example, you use multiple Whirlpool outputs in a new transaction, those outputs will be re-associated. To avoid this, always keep a sizable balance in your post-mix account and create new transactions in small amounts, or use Cahoots to borrow entropy from a partner.
Sending Bitcoin
Whether you decide to go through the mixing process or not, sending works generally same way. The difference is that sending from your deposit account doxxes your inputs and outputs. In other words, chain analysis software can connect your receiving behavior with your spending behavior. So for example if you buy a gun with your un-mixed UTXOs that you received from your employer, the association of those two addresses is visible on the blockchain for anyone to see. In theory, mixing your coins prevents this association.
To spend, go to the account you want to spend from, and click on the plus button, then click “send”. Along with the usual inputs of destination address and transaction amount, you’ll be given a few additional options.
PayNyms
A PayNym is a way to share your wallet publicly without re-using an address, based on BIP47. The way this basically works is that you send a bitcoin transaction to the receiver’s “notification address”, which bootstraps a private channel for sending subsequent transactions. My impression is that this works similarly to asymmetric key exchange, avoiding man-in-the-middle attacks. You can read more on PayNyms here.
To send using PayNyms, you need to first follow, then connect to a PayNym. The connect step costs a bit over 15k sats to fund the notification transaction, but this requirement should hopefully be dropped in future versions of BIP47. When I tried this from the post-mix account screen it failed, so you may need to do this from the deposit account screen. Once the connection request is sent, you’ll need to wait for it to be confirmed on the blockchain before you can send to it.
Ricochet
A Ricochet Send is a Samourai exclusive transaction type. Ricochet defends against bitcoin blacklists by adding additional decoy transactions between the initial send and eventual recipient. You should consider using Ricochet when sending to Bitcoin Exchanges, and companies that are known to close accounts for flimsy reasons.
Ricochet is fairly expensive, costing 100k sats to fund the four-hop obfuscation process. This is meant to hide the fact that it’s coming from a whirlpool output, since some businesses take this as a sign of criminal behavior, and may freeze your exchange account.
As always, this kind of tool is not 100% effective, it’s just meant to make it more expensive for surveillance to be performed at scale. But if someone doing chain analysis really zeroed in on one of these transactions, they would be able to link it to a whirlpool output at the very least, or if you didn’t mix the coins, to your original input transactions.
Ricochet also offers an additional “staggered” delivery option, which puts each hop into a different block. This helps prevent anyone doing surveillance from using timing analysis to correlate transactions.
Cahoots
If the Ricochet option is not enabled, you will be given the option to use Cahoots, which is Samourai’s term for a cooperative private transaction. There are two variants of this: STONEWALLx2, and Stowaway.
STONEWALLx2 works the same way as a STONEWALL transaction (described below), but involves a partner in the transaction. Your collaborator’s balance will not change — they’ll simply be swapping one set of inputs for another set of outputs, allowing you to increase the entropy of your transaction by borrowing some of their UTXO set.
Stowaway is designed to “create a transaction that looks like a "simple" bitcoin transaction but actually is a mini CoinJoin with an obfuscated amount sent on the blockchain.” Stowaway transactions can only be sent to other Samourai users, since they include a recipient’s UTXO as a transaction input, breaking the common input ownership heuristic.
To keep the length of this article finite, I’m not going to go into detail on Cahoots transactions, but if you’re interested you can read up on them here.
STONEWALL
Finally, if neither Ricochet nor Cahoots is enabled, Samourai will attempt to use STONEWALL when creating your transaction. This performs a simulation of a coordinated STONEWALLx2 transaction, and while less robust, is indistinguishable from STONEWALLx2, and so to an observer exhibits some of the same privacy characteristics.
There is no additional fee for using STONEWALL, but fees are slightly higher than normal for a bitcoin transaction, due to the size and structure of the transaction. STONEWALL uses the Boltzmann Score to select the highest-entropy set of UTXOs as inputs for your transaction, simulating a two-person CoinJoin transaction.
This comes with some downsides; large transactions or wallets with fewer UTXOs will not be able to use STONEWALL, since inputs must not also be outputs of the same transaction, and four outputs must be produced (three of which are decoys, returning to your post-mix account). You can read more about the details of STONEWALL here.
Choosing a Send Strategy
When you’re choosing between send strategies, here’s a quick heuristic:
If you’re not worried about obfuscating your transaction outputs’ history as much as creating plausible deniability about a particular output set coming directly from a CoinJoin, Ricochet is your best option. This is mostly for sending to regulated parties like exchanges.
STONEWALLx2 seems to be the most private option, naturally requiring the most effort to coordinate. This breaks the common input ownership heuristic, can be interpreted multiple ways, and is a three-party transaction.
Stowaway is a simpler version of STONEWALLx2, with weaker privacy characteristics. It breaks the common input ownership heuristic, but a close look at a Stowaway would show that the fee burden lands on a single party. This can be useful though, when sending to another Samourai user, since regular STONEWALL uses only the sender’s UTXOs.
STONEWALL has the weakest privacy guarantees, since it doesn’t break the common input ownership heuristic. However, it does make it more difficult to identify which UTXOs belong to whom.
Conclusion
Samourai has all kinds of cypherpunk goodies and add-ons. You can mark outputs as un-spendable, sign messages using a particular UTXO’s private key, save on fees using batch spends, create and restore backups, access your whirlpool from a GUI or CLI, use your own full node via Dojo for additional privacy, or set up Sentinel to watch transactions on a cold wallet.
I’m not sure if I’ll be using Samourai as my daily driver yet, but I feel like I have a much better understanding of how bitcoin works, what sorts of things chain analysis software looks for, and how to mitigate privacy leaks. Hopefully you do too!
https://medium.com/bitbees/what-the-heck-is-utxo-ca68f2651819