public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Payjoin privacy with the receiver of the transaction
@ 2019-03-18 10:55 Kenshiro []
  2019-03-21 16:52 ` rhavar
  0 siblings, 1 reply; 5+ messages in thread
From: Kenshiro [] @ 2019-03-18 10:55 UTC (permalink / raw)
  To: bitcoin-dev

[-- Attachment #1: Type: text/plain, Size: 861 bytes --]

Hi,

I think Payjoin can be a very good privacy solution for Bitcoin, but I have a question about it:

- If a user has 1 BTC in a single address and make a payjoin payment to other person of 0.1 BTC using that address as input, the other person can see in a blockchain explorer the change address with an amount of 0.9 BTC. That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An easy fix could be that the user wallet check if any address contains a BTC amount higher than a "safe" amount like 0.01 BTC or less. If some address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addresses. In this way nobody receiving a payment from a user will ever know that he has a bitcoin balance higher than the "safe" amount.

What do you think?

Regards,

[-- Attachment #2: Type: text/html, Size: 1371 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction
  2019-03-18 10:55 [bitcoin-dev] Payjoin privacy with the receiver of the transaction Kenshiro []
@ 2019-03-21 16:52 ` rhavar
  2019-03-22 10:23   ` Kenshiro []
  0 siblings, 1 reply; 5+ messages in thread
From: rhavar @ 2019-03-21 16:52 UTC (permalink / raw)
  To: Kenshiro \[\], Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 1792 bytes --]

I'm not really sure the problem you're describing, but it sounds like something that affects normal bitcoin transactions as well.

There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

In general though, there's like a 1000 different things you can do with coin selection, utxo management (and payjoin contributed input selection) but more often than not you are just making just making 1 trade off for another and good solutions will be wildly different depending on how you use your wallet.

-Ryan

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi,
>
> I think Payjoin can be a very good privacy solution for Bitcoin, but I have a question about it:
>
> - If a user has 1 BTC in a single address and make a payjoin payment to other person of 0.1 BTC using that address as input, the other person can see in a blockchain explorer the change address with an amount of 0.9 BTC. That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An easy fix could be that the user wallet check if any address contains a BTC amount higher than a "safe" amount like 0.01 BTC or less. If some address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addresses. In this way nobody receiving a payment from a user will ever know that he has a bitcoin balance higher than the "safe" amount.
>
> What do you think?
>
> Regards,

[-- Attachment #2: Type: text/html, Size: 2480 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction
  2019-03-21 16:52 ` rhavar
@ 2019-03-22 10:23   ` Kenshiro []
  2019-03-22 11:15     ` Kenshiro []
  2019-03-22 16:05     ` ZmnSCPxj
  0 siblings, 2 replies; 5+ messages in thread
From: Kenshiro [] @ 2019-03-22 10:23 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion, rhavar

[-- Attachment #1: Type: text/plain, Size: 3771 bytes --]

>I'm not really sure the problem you're describing, but it sounds like something that affects normal bitcoin transactions as well.

Yeah, it affects normal transactions too. But I'm focused in Payjoin because it should allow private transactions. The problem I see is that Payjoin shouldn't allow that the sender or the receiver of the transaction can get information about the bitcoin balance of each other. A person could have his savings in btc in a single address, use Payjoin to send/receive a payment thinking it's private and leaking to the receptor he has a high amount of btc. But an automatic splitting to itself in the background could solve the problem (maybe 100$ amounts) or so.

>There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

For users that really want privacy it should not be a problem. When a wallet receive a high amount of btc (+100$ or another amount defined by the user) it can automatically make a transaction to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted again. Small amount addresses + Payjoin could give real privacy to bitcoin users. Users that don't want privacy could disable the "Private" mode in the wallet and disable the auto-splitting feature.

i.e.: you receive 1000$ in btc and the wallet make an automatic transaction to itself to 10 addresses, 100$ each.

I would prefer wait some time and have privacy than the opposite.

Regards

________________________________
From: rhavar@protonmail.com <rhavar@protonmail.com>
Sent: Thursday, March 21, 2019 17:52
To: Kenshiro \[\]; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction

I'm not really sure the problem you're describing, but it sounds like something that affects normal bitcoin transactions as well.

There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

In general though, there's like a 1000 different things you can do with coin selection, utxo management (and payjoin contributed input selection) but more often than not you are just making just making 1 trade off for another and good solutions will be wildly different depending on how you use your wallet.


-Ryan


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

Hi,

I think Payjoin can be a very good privacy solution for Bitcoin, but I have a question about it:

- If a user has 1 BTC in a single address and make a payjoin payment to other person of 0.1 BTC using that address as input, the other person can see in a blockchain explorer the change address with an amount of 0.9 BTC. That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An easy fix could be that the user wallet check if any address contains a BTC amount higher than a "safe" amount like 0.01 BTC or less. If some address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addresses. In this way nobody receiving a payment from a user will ever know that he has a bitcoin balance higher than the "safe" amount.

What do you think?

Regards,


[-- Attachment #2: Type: text/html, Size: 7019 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction
  2019-03-22 10:23   ` Kenshiro []
@ 2019-03-22 11:15     ` Kenshiro []
  2019-03-22 16:05     ` ZmnSCPxj
  1 sibling, 0 replies; 5+ messages in thread
From: Kenshiro [] @ 2019-03-22 11:15 UTC (permalink / raw)
  To: Bitcoin Protocol Discussion, rhavar

[-- Attachment #1: Type: text/plain, Size: 4287 bytes --]

They Payjoin protocol could include the possibility of receive "safe" amounts (i.e.: 0.025 btc) to several addresses so every user using Payjoin already have a splitted balance. Only people receiving a regular public transaction should need the extra splitting transaction.

Regards

________________________________
From: Kenshiro []
Sent: Friday, March 22, 2019 11:23
To: Bitcoin Protocol Discussion; rhavar@protonmail.com
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction

>I'm not really sure the problem you're describing, but it sounds like something that affects normal bitcoin transactions as well.

Yeah, it affects normal transactions too. But I'm focused in Payjoin because it should allow private transactions. The problem I see is that Payjoin shouldn't allow that the sender or the receiver of the transaction can get information about the bitcoin balance of each other. A person could have his savings in btc in a single address, use Payjoin to send/receive a payment thinking it's private and leaking to the receptor he has a high amount of btc. But an automatic splitting to itself in the background could solve the problem (maybe 100$ amounts) or so.

>There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

For users that really want privacy it should not be a problem. When a wallet receive a high amount of btc (+100$ or another amount defined by the user) it can automatically make a transaction to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted again. Small amount addresses + Payjoin could give real privacy to bitcoin users. Users that don't want privacy could disable the "Private" mode in the wallet and disable the auto-splitting feature.

i.e.: you receive 1000$ in btc and the wallet make an automatic transaction to itself to 10 addresses, 100$ each.

I would prefer wait some time and have privacy than the opposite.

Regards

________________________________
From: rhavar@protonmail.com <rhavar@protonmail.com>
Sent: Thursday, March 21, 2019 17:52
To: Kenshiro \[\]; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction

I'm not really sure the problem you're describing, but it sounds like something that affects normal bitcoin transactions as well.

There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

In general though, there's like a 1000 different things you can do with coin selection, utxo management (and payjoin contributed input selection) but more often than not you are just making just making 1 trade off for another and good solutions will be wildly different depending on how you use your wallet.


-Ryan


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

Hi,

I think Payjoin can be a very good privacy solution for Bitcoin, but I have a question about it:

- If a user has 1 BTC in a single address and make a payjoin payment to other person of 0.1 BTC using that address as input, the other person can see in a blockchain explorer the change address with an amount of 0.9 BTC. That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An easy fix could be that the user wallet check if any address contains a BTC amount higher than a "safe" amount like 0.01 BTC or less. If some address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addresses. In this way nobody receiving a payment from a user will ever know that he has a bitcoin balance higher than the "safe" amount.

What do you think?

Regards,


[-- Attachment #2: Type: text/html, Size: 7465 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction
  2019-03-22 10:23   ` Kenshiro []
  2019-03-22 11:15     ` Kenshiro []
@ 2019-03-22 16:05     ` ZmnSCPxj
  1 sibling, 0 replies; 5+ messages in thread
From: ZmnSCPxj @ 2019-03-22 16:05 UTC (permalink / raw)
  To: Kenshiro \[\], Bitcoin Protocol Discussion

Good morning,

> >There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.
>
> For users that really want privacy it should not be a problem. When a wallet receive a high amount of btc (+100$ or another amount defined by the user) it can automatically make a transaction to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted again. Small amount addresses + Payjoin could give real privacy to bitcoin users. Users that don't want privacy could disable the "Private" mode in the wallet and disable the auto-splitting feature. 
>
> i.e.: you receive 1000$ in btc and the wallet make an automatic transaction to itself to 10 addresses, 100$ each.
>

It seems to me, to interact somewhat with ZeroLink.

Under ZeroLink, post-mix UTXOs must not be combined.
(Basic Post-Mix Wallet Requirement: "Post-mix wallet MUST prevent joining inputs together.")

The upshot of this, for practical use, is that as payments are done by the user, available coins become smaller and smaller.
And the maximum amount the user can pay with, is limited by the largest post-mix coin they have.

If a ZeroLink post-mix wallet were to split its UTXOs as soon as it got them from the mix, then it would immediately find itself limiting the maximum amount the user could pay.
I suppose if the ZeroLink post-mix wallet had multiple post-mix coins, it could split one of them for the same purpose as above.

Another thought, is if a ZeroLink post-mix wallet could support a Payjoin, as either receiver or sender.
Naively, it seems to me to improve privacy to do so, as long as the ZeroLink post-mix wallet only provides a single UTXO to the Payjoin, whether as receiver or sender.
For a ZeroLink post-mix wallet to a ZeroLink post-mix wallet Payjoin, this would typically result in a two-input, two-output transaction, with both participants having one input and one output each in the transaction, but difficult (?) for third parties to determine which input/output belongs to which.

Now, if we suppose that both ZeroLink and Payjoin become commonly used, then it is likely that two users using the same Chaumian CoinJoin mix transaction will find that one needs to pay the other.
Thus hopefully it may become common for a Chaumian CoinJoin mix transaction to have outputs that (directly or indirectly) merge into Payjoin two-input two-output transactions.
This can then be used to allow a ZeroLink post-mix wallet some limited amount of merging its post-mix UTXOs.
For instance, if a ZeroLink post-mix wallet has a 0.25BTC and a 0.15BTC coin, and needs to pay 0.3 BTC, it may very well simulate a Payjoin to itself, and create a transaction (0.25, 0.15) -> (0.35, 0.05).
Then it can use the 0.35BTC output to pay the 0.3 BTC.

Possibly, anyway.

Regards,
ZmnSCPxj


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-03-22 16:05 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-18 10:55 [bitcoin-dev] Payjoin privacy with the receiver of the transaction Kenshiro []
2019-03-21 16:52 ` rhavar
2019-03-22 10:23   ` Kenshiro []
2019-03-22 11:15     ` Kenshiro []
2019-03-22 16:05     ` ZmnSCPxj

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox