Summary: WabiSabi is a lower-layer CoinJoin protocol, not just a Wasabi feature. Its value is that it breaks coordinator-run CoinJoin into explicit stages: input registration, credential issuance and reissuance, output registration behind fresh network identities, signing, and blame-round recovery. The cryptographic trick is straightforward to state even if the machinery is not: a coordinator can verify conservation of value without learning which inputs funded which outputs.
What it does:
Defines a centrally coordinated CoinJoin protocol where users register inputs, receive anonymous credentials representing value, privately reissue those credentials into new denominations, and later register outputs without revealing input-output links to the coordinator
Uses distinct participant roles and network identities — Satoshi, Alice, and Bob in the generic protocol docs — so status polling, input registration, and output registration are separated at the network layer
Supports variable-amount CoinJoin flows instead of requiring equal-value pool outputs only, making amount decomposition a private credential operation rather than a visible pool-choice constraint
Adds connection-confirmation and blame-round structure so the coordinator can continue with honest participants and exclude disruptive signers when a round fails late
Serves as the cryptographic sublayer beneath Wasabi’s wallet-facing CoinJoin implementation, with the generic protocol docs explicitly leaving some transaction-structure privacy choices to higher layers
Key claims:
The ePrint paper defines WabiSabi as a centrally coordinated CoinJoin protocol with variable amounts built from keyed-verification anonymous credentials and homomorphic value commitments.
The protocol repository and explainer make clear that the coordinator certifies value without learning the private linkage between the user’s input registrations and later output registrations.
The generic protocol docs show that WabiSabi is not just the coinjoin round but a full state machine: input registration, connection confirmation, output registration, signing, broadcast, and failure handling through blame assignment and retry.
WabiSabi’s real comparison value is lower-layer separation. It decomposes privacy into credential issuance, credential reissuance, network-identity separation, coordinator policy, and transaction-structure choices instead of collapsing everything into one generic CoinJoin wallet label.
The protocol also makes an important caveat explicit: naive transaction structure can still leak links by amounts, script types, or address reuse even if the credential scheme itself works as intended. That is exactly why WabiSabi deserves to stay visible as a subprotocol rather than being flattened entirely into Wasabi.
WabiSabi belongs in the corpus because it is the clearest current primary-source example of a coordinator-run variable-amount CoinJoin credential system, and it gives the Bitcoin privacy section a reusable sublayer beneath wallet brands.
Whitepaper: WabiSabi: Centrally Coordinated CoinJoins with Variable Amounts (IACR ePrint 2021/206): https://eprint.iacr.org/2021/206 and PDF at https://eprint.iacr.org/2021/206.pdf. Additional primary-source notes for this pass are saved in ../whitepapers/wabisabi-primary-sources-2026-05-15.md.