CoinSwap

CoinSwap is an on-chain privacy protocol, first sketched by Greg Maxwell in 2013 and later developed as the Maxwell-Belcher protocol, in which two parties trade coins of equal value (minus fees) without either side being able to steal. Unlike CoinJoin, where everyone signs one transaction with equal-sized outputs, a CoinSwap produces transactions that look like ordinary, unrelated payments. The result is that the link between a person's old coins and their new coins is severed on the public ledger.

How a swap works

Alice and Bob each lock funds into a 2-of-2 multisignature address. Hash-time-locked contracts (HTLCs) ensure the swap is atomic: either both parties receive the other's coins or both get refunded after a timeout, so neither can cheat. Because Alice's receiving address is never directly connected to her funding address by any transaction, a blockchain observer cannot prove they belong to the same wallet. CoinSwap predates the Lightning Network as one of the earliest practical uses of HTLCs on Bitcoin.

Why it matters for fungibility

CoinSwap improves privacy for everyone, not just its users. Once any payment could plausibly have been a swap, surveillance heuristics lose confidence across the board. The tradeoff is complexity: CoinSwap is significantly harder to implement than CoinJoin and remains an evolving area, with experimental implementations rather than mass adoption. For sovereign Bitcoiners, it represents a maturing tool for restoring fungibility at the protocol layer.

CoinSwap defeats the same surveillance assumption described in our Common-Input-Ownership Heuristic entry, and is best understood alongside the Transaction Graph it is designed to break.