Privately Pay Someone with Bitcoin: Inside Async Payjoin's Privacy Solution

When you pay someone with bitcoin using a standard wallet, you’re leaving behind a trail of information that blockchain analysts can follow. Your transaction publicly reveals which addresses sent funds, how much was sent, and how much change was returned. This level of transparency, while not compromising Bitcoin’s security, does create privacy risks for everyday users. Async Payjoin represents a breakthrough approach to solving this challenge, offering a way to pay with bitcoin while maintaining financial privacy at scale.

Unlike privacy-focused alternatives like Monero or Zcash that use encryption to hide transaction amounts, Async Payjoin enhances Bitcoin’s privacy through a collaborative transaction method that requires no changes to Bitcoin’s core protocol. Modeled after HTTPS, which secured web payments in the 2010s, this privacy toolkit is being built by the Payjoin Foundation through open-source development designed for mass wallet adoption.

Why Bitcoin Payments Need Privacy Protection

When you initiate a bitcoin payment, blockchain observers typically see a simple pattern: one sender address combining multiple inputs (if the payment amount exceeds a single UTXO—an unspent transaction output) that gets split into two outputs. One output is the payment, the other is change returning to you.

The problem lies in a fundamental assumption made by chain analysis firms like Chain Analysis: whenever multiple UTXOs are combined in a single transaction, those pockets of coins likely belong to the same entity. This heuristic, which has been remarkably reliable for traditional transactions, allows analysts to link your previously unconnected addresses together. Over time, as you make multiple payments, firms can map your entire transaction history, revealing:

• Everyone you’ve paid in the past and present
• The precise amounts you’ve transacted
• Your total bitcoin holdings
• Your spending patterns and income levels

This information asymmetry undermines bitcoin fungibility—the principle that all coins should be equal and interchangeable regardless of history. When certain coins become “tainted” or traceable to specific users or activities, they lose this fungibility property.

How Async Payjoin Works: A Step-by-Step Look at Privacy-Enhanced Transactions

Payjoin dissolves the standard input heuristic by introducing coordination between sender and receiver. Instead of the typical single-input, two-output transaction structure, a Payjoin transaction features two inputs and two outputs, with the critical difference being that one input comes from the receiver’s wallet.

Here’s how a private bitcoin payment via Payjoin actually works:

The Coordination Process: You initiate a payment to someone while both parties’ wallets communicate in the background. Rather than you simply creating a transaction and broadcasting it, both you and the recipient collaborate to construct the final transaction. The recipient contributes one of their own UTXOs as an additional input to the transaction, while still receiving the full amount they expected.

The Privacy Benefit: From the perspective of a blockchain analyst, this transaction now appears ambiguous. They cannot determine which input belongs to the sender and which belongs to the receiver. The presence of two inputs and two outputs breaks the assumption that all inputs come from a single entity. The more transactions of this type that exist on the blockchain, the less reliable the single-input heuristic becomes for all users, creating a privacy benefit that extends beyond individual transactions.

Non-Custodial and Atomic: This entire process remains non-custodial—both parties maintain full control over their funds. The transaction is atomic, meaning it only becomes valid if both sender and receiver cryptographically agree on all details. If either party withdraws, the transaction simply doesn’t execute.

The older Payjoin V1 implementation required both parties to be online simultaneously to coordinate. Async Payjoin (also called Payjoin V2) solves this limitation through a blinded directory server using Oblivious HTTP (OHTTP), enabling asynchronous coordination. The directory server never sees either party’s IP address or the actual transaction details—it only processes uniformly-sized encrypted 8-kilobyte blobs, functioning similarly to a minimal version of Tor with a single encryption layer.

Wallets Supporting Private Bitcoin Payments Today

A growing ecosystem of Bitcoin wallets now supports Payjoin standards, allowing users to pay with privacy-enhanced transactions. Current support includes:

• Payjoin V1 Support: BTCPay Server, Blue Wallet, Wasabi Wallet, Bitmask, JoinMarket, Sparrow Wallet
• Payjoin V2 Support: Bull Bitcoin Mobile, Cake Wallet

The protocol includes backward compatibility, meaning users with non-Payjoin wallets can still send funds to Payjoin addresses and QR codes without any friction. If your preferred wallet doesn’t yet support Payjoin privacy standards, the technical reference is available at BIP 77, with a ready-to-integrate developer kit on GitHub that follows the same modular approach as Bitcoin and Lightning development kits.

The Payjoin Foundation: Building Privacy Infrastructure for Bitcoin

Founded in August 2025, the Payjoin Foundation operates as a nonprofit dedicated to sustaining open-source privacy development for Bitcoin payments. This nonprofit structure was deliberately chosen after observing that for-profit privacy companies have historically failed in the Bitcoin space.

“Bitcoin privacy—for-profits have basically been killed,” explains Dan Gould, executive director of the Payjoin Foundation. “The reason is simple: a for-profit has an incentive to sell something that doesn’t necessarily guarantee privacy. If they make a sale, they earn profit. HTTPS succeeded because it was a decentralized nonprofit effort led by Let’s Encrypt, similar to how Tor has sustained on volunteer infrastructure for decades.”

Foundation Leadership:

Dan Gould leads development of Async Payjoin as both executive director and lead maintainer of the Payjoin DevKit. He pioneered Bitcoin privacy tools during the TumbleBit era and previously forked Wasabi Wallet for mobile use.

Yuval Kogman serves as advisory board member and “Bitcoin Wizard” at Spiral, co-authoring BIP 77 (the Payjoin V2 standard) with Gould. Over two decades of programming experience inform Kogman’s extensive Bitcoin privacy work, including developing WabiSabi Denial-of-Service protections and identifying vulnerabilities across multiple CoinJoin implementations.

Armin Sabouri joined as R&D lead with background experience as CTO at Botanix and engineer at Casa. Sabouri co-won the 2021 MIT Bitcoin Hackathon by implementing BIP 78 CoinJoin functionality on macOS via Tor and co-authored BIP 347 (OP_CAT).

Funding and Development:

The Payjoin Foundation receives funding from OpenSats and Cake Wallet, with additional support from Spiral, Human Rights Foundation, Maelstrom, and Btrust for open-source developers. The Rust implementation of Async Payjoin alone features 37 documented contributors on GitHub.

The foundation has applied for 501©(3) nonprofit status in the United States, with approval pending. Those interested in supporting the mission can contact Gould at donate@payjoin.org.

Async Payjoin’s Technical Architecture: Network Privacy and Client-Server Model

The “Async” component of Async Payjoin refers to the protocol’s use of a blinded directory server model that enables users to pay someone with bitcoin asynchronously, without requiring simultaneous online presence.

Oblivious HTTP as Privacy Infrastructure:

The protocol implements Oblivious HTTP (OHTTP), a web standard that has already undergone rigorous security review and is natively supported in iOS and modern browsers. Gould describes it as “the minimal viable product of Tor”—instead of Tor’s multiple encryption layers and hops, OHTTP provides a single, focused encryption layer between user and server.

“The directory server is only reachable by oblivious HTTP, which functions as a forced proxy,” Gould explains. “IP addresses are never leaked to the directory server. The encrypted payload—the pre-signed transaction—remains end-to-end encrypted between sender and receiver. The directory only receives an 8-kilobyte uniform encrypted blob and sees nothing.”

Volunteer-Sustained Privacy Network:

Similar to Tor exit nodes, the Payjoin V2 directory servers provide no financial incentive to operators, relying instead on volunteer infrastructure maintainers. This model has successfully sustained privacy networks for decades and aligns with the nonprofit philosophy underlying the entire Payjoin initiative.

Bitcoin Privacy and Regulatory Compliance: Addressing the Misconception

A common misconception exists that Bitcoin privacy tools like Payjoin conflict with regulatory compliance requirements. Exchange operators and regulators often express concern that privacy technologies undermine their ability to monitor and enforce AML/KYC standards.

This concern, according to Gould, misses the fundamental point: “A compliance regime is totally independent from the nature of the blockchain. If an exchange wants to collect your name, know where you live, your phone number, and your source of funds, having privacy by default doesn’t prevent them from collecting that information. It doesn’t stop them from requiring it to do business with you.”

The Real Impact:

Payjoin privacy doesn’t eliminate compliance; it decentralizes the control of financial information. Rather than allowing third parties complete visibility into your entire wallet history (past, present, and future), Payjoin puts the power to consent in your own hands.

“It simply means that instead of every blockchain analyst, every exchange, and every party having complete insight into your financial history, you maintain privacy by default,” Gould notes. “Compliance and privacy are not mutually exclusive—they’re actually complementary when properly implemented.”

This approach echoes how traditional financial privacy works: governments and financial institutions maintain visibility into accounts they regulate, but organized crime and competitors do not. Many countries already have laws protecting financial privacy. Async Payjoin seeks to elevate Bitcoin to these same privacy standards through open technical standards rather than corporate gatekeeping.

By distributing Payjoin as an open-source library rather than a proprietary wallet, the Payjoin Foundation ensures that any Bitcoin payments application can integrate privacy, creating the infrastructure for widespread adoption—just as HTTPS did for web security, and Let’s Encrypt did for certificate distribution.