From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 68FA6C016F for ; Wed, 10 Jun 2020 04:01:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 588098861E for ; Wed, 10 Jun 2020 04:01:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5eoyDVRa-Kt for ; Wed, 10 Jun 2020 04:01:48 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from secmail.pro (secmail.pro [46.226.110.217]) by hemlock.osuosl.org (Postfix) with ESMTP id 4B260885CF for ; Wed, 10 Jun 2020 04:01:48 +0000 (UTC) Received: by secmail.pro (Postfix, from userid 33) id 00E6841AEC; Wed, 10 Jun 2020 06:01:45 +0200 (CEST) Received: from secmailw453j7piv.onion (localhost [IPv6:::1]) by secmail.pro (Postfix) with ESMTP id A7F84192D68C for ; Tue, 9 Jun 2020 21:01:44 -0700 (PDT) Received: from 127.0.0.1 (SquirrelMail authenticated user lee.chiffre@secmail.pro) by giyzk7o6dcunb2ry.onion with HTTP; Tue, 9 Jun 2020 21:01:44 -0700 Message-ID: <7c0dc46538f96032596163c4a9f03dc2.squirrel@giyzk7o6dcunb2ry.onion> Date: Tue, 9 Jun 2020 21:01:44 -0700 From: "Mr. Lee Chiffre" To: bitcoin-dev@lists.linuxfoundation.org User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Mailman-Approved-At: Wed, 10 Jun 2020 06:07:27 +0000 Subject: [bitcoin-dev] Question about PayJoin effectiveness X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2020 04:01:49 -0000 I am trying to learn about payjoin. I have a couple concerns on its effectiveness. Are my concerns valid or am I missing something? concern 1 If it is known to be a payjoin transaction anyone could determine the sender the recipient and amount right? Lets assume that everyone has a single utxo because payjoin becomes common use and payjoin consolidates utxos through "snowballing". If Alice has a UTXO of 0.05 btc and Bob has a UTXO of 1.15 btc. Bob can be assumed to have more balance because he is a merchant and his customers payjoin him payments alot. If Alice and Bob do a payjoin with Alice paying 0.01 btc to Bob, it would probably look like this right? 0.05---> |____---->1.16 1.15---> | ---->0.04 It is very obvious here the amount sent and the sender. Even if Alice did combine another input it would still be very obvious. In this case Alice has another utxo with 0.4 BTC 0.40---> | 0.05---> |____---->1.16 1.15---> | ---->0.44 This is still obvious that Alice paid Bob 0.01 BTC isn't it? concern 2 If there is just one consolidated utxo after each payjoin, would it be easy to break the privacy of transaction chains? Alice---payjoin--->Bob Clark---payjoin--->Bob or Alice---payjoin--->Bob---payjoin--->Clark For exmaple, lets say that Alice payjoins to Bob. Then later on Clark payjoins with Bob. Based on the payjoin between Clark and Bob, Clark now knows what UTXO was actually Bob's. And can then know which one was actually Alices. By transacting a payjoin with someone, they could decloak the payjoins before them right? If so, how far back the chain can they go? The issue is not that someone knows the utxos of themselves and the entity they payjoined with. The issue is that someone can figure out the payjoins of others before them with the same entity. I surely must be missing something here. What am I not understanding? -- lee.chiffre@secmail.pro PGP 97F0C3AE985A191DA0556BCAA82529E2025BDE35