* [bitcoin-dev] P2P trading replacement transactions
@ 2022-08-05 14:44 alicexbt
2022-08-06 12:55 ` Michael Folkson
0 siblings, 1 reply; 5+ messages in thread
From: alicexbt @ 2022-08-05 14:44 UTC (permalink / raw)
To: Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 1643 bytes --]
Hi Bitcoin Developers,
Does it make sense to trade replacement transactions for privacy? I have shared basic details to implement this and would love to read opinions about it or ways to improve it:
=============================
alice
=============================
tx1: input a (0.01) -> output b1 (0.008)
-> change c1 (0.001)
tx2: input a (0.01) -> output e2 (0.007)
-> output f2 (0.001)
=============================
bob
=============================
tx1: input d (0.011) -> output e1 (0.007)
-> change f1 (0.003)
tx2: input d (0.011) -> output b2 (0.008)
-> output c2 (0.001)
=============================
carol
=============================
- creates an API to manage trades that will use 2 of 3 multisig
- alice and bob create orders for replacement
- either they could be matched automatically using some algorithm or bob manually accepts the offer
- 2 of 3 multisig is created with Alice, Bob and Carol keys
- bob locks 0.01 BTC in it and shares outputs e2,f2 with alice
- alice signs tx2 and shares tx with bob
- alice locks 0.011 BTC in it and shares outputs b2,c2 with bob
- bob signs tx2 and shares with alice
- both replacement txs can be broadcasted
- funds are released from 2 of 3 multisig with a tx having 3 outputs (one to pay fee which goes to carol)
positives:
- privacy
negatives:
- extra fees
- will take some time although everything will be managed by wallet with API provided by carol
- need to lock bitcoin with same amount as used in tx1
- amounts could still be used to link txs in some cases- carol and other peer knows the details
/dev/fd0
Sent with [Proton Mail](https://proton.me/) secure email.
[-- Attachment #2: Type: text/html, Size: 4820 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] P2P trading replacement transactions
2022-08-05 14:44 [bitcoin-dev] P2P trading replacement transactions alicexbt
@ 2022-08-06 12:55 ` Michael Folkson
2022-08-06 14:11 ` alicexbt
0 siblings, 1 reply; 5+ messages in thread
From: Michael Folkson @ 2022-08-06 12:55 UTC (permalink / raw)
To: alicexbt, Bitcoin Protocol Discussion
[-- Attachment #1: Type: text/plain, Size: 2749 bytes --]
Hi alicexbt
What do you mean by "replacement transaction"? Replacing or swapping outputs with a counterparty's?
I guess I'm struggling to understand exactly what you are attempting to achieve here with regards to privacy and if this additional protocol complexity is worth it. Recall a 2 (or n) party coinjoin would get you an output where it isn't clear to blockchain observers which output you control and a coinswap [0] would have you taking the coin history of your counterparty. What does this scheme offer with regards to privacy that those don't? This seems to have more complexity too though I maybe misunderstanding something.
Thanks
Michael
[0]: https://bitcoinops.org/en/topics/coinswap/
--
Michael Folkson
Email: michaelfolkson at [protonmail.com](http://protonmail.com/)
Keybase: michaelfolkson
PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
------- Original Message -------
On Friday, August 5th, 2022 at 15:44, alicexbt via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi Bitcoin Developers,
>
> Does it make sense to trade replacement transactions for privacy? I have shared basic details to implement this and would love to read opinions about it or ways to improve it:
>
> =============================
> alice
> =============================
>
> tx1: input a (0.01) -> output b1 (0.008)
> -> change c1 (0.001)
>
> tx2: input a (0.01) -> output e2 (0.007)
> -> output f2 (0.001)
>
> =============================
>
> bob
> =============================
>
> tx1: input d (0.011) -> output e1 (0.007)
> -> change f1 (0.003)
>
> tx2: input d (0.011) -> output b2 (0.008)
> -> output c2 (0.001)
>
> =============================
>
> carol
> =============================
>
> - creates an API to manage trades that will use 2 of 3 multisig
> - alice and bob create orders for replacement
> - either they could be matched automatically using some algorithm or bob manually accepts the offer
> - 2 of 3 multisig is created with Alice, Bob and Carol keys
> - bob locks 0.01 BTC in it and shares outputs e2,f2 with alice
> - alice signs tx2 and shares tx with bob
> - alice locks 0.011 BTC in it and shares outputs b2,c2 with bob
> - bob signs tx2 and shares with alice
> - both replacement txs can be broadcasted
> - funds are released from 2 of 3 multisig with a tx having 3 outputs (one to pay fee which goes to carol)
>
> positives:
>
> - privacy
>
> negatives:
>
> - extra fees
> - will take some time although everything will be managed by wallet with API provided by carol
> - need to lock bitcoin with same amount as used in tx1
> - amounts could still be used to link txs in some cases- carol and other peer knows the details
>
> /dev/fd0
>
> Sent with [Proton Mail](https://proton.me/) secure email.
[-- Attachment #2: Type: text/html, Size: 8790 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] P2P trading replacement transactions
2022-08-06 12:55 ` Michael Folkson
@ 2022-08-06 14:11 ` alicexbt
0 siblings, 0 replies; 5+ messages in thread
From: alicexbt @ 2022-08-06 14:11 UTC (permalink / raw)
To: Michael Folkson; +Cc: Bitcoin Protocol Discussion
Hi Michael,
> What do you mean by "replacement transaction"? Replacing or swapping outputs with a counterparty's?
User broadcasts tx1 which is in mempool, wants to replace transaction with higher fee rate however changes outputs and they are replaced with counterparty's outputs in tx2.
> I guess I'm struggling to understand exactly what you are attempting to achieve here with regards to privacy and if this additional protocol complexity is worth it. Recall a 2 (or n) party coinjoin would get you an output where it isn't clear to blockchain observers which output you control and a coinswap [0] would have you taking the coin history of your counterparty. What does this scheme offer with regards to privacy that those don't? This seems to have more complexity too though I maybe misunderstanding something.
Coinjoin and Coinswap offer different levels of privacy. This method just aims to break the assumption that tx2 (replacement transaction) is done to use a higher fee rate with same sender and recipient. It looks complex in the way I wrote in the last email or maybe because of implementation details although UX will be simple and something like this:
- user sends bitcoin in tx1 which is unconfirmed
- tries to bump fee
- wallet offer an extra privacy option
- if user selects it, everything happens in the background and user just needs to approve in between
- user broadcasts tx2 to replace tx1 which has outputs shared by counterparty
- counterparty does the same for this user
If this method makes sense or we have a similar market to trade replacements in future, it could be helpful in creating a process in which a chain of replacements happen before bitcoin reaches the destination similar to tor circuit.
Example:
- tx1 enters a pool
- gets replaced by tx2 (different outputs)
- tx3 replaces tx2 (different outputs)
We could look at the logs and see tx3 originated at tx1 but no clue if original recipient received it in the end. There would be normal replacements done by other users so it would make analysis difficult.
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Saturday, August 6th, 2022 at 6:25 PM, Michael Folkson <michaelfolkson@protonmail.com> wrote:
> Hi alicexbt
>
> What do you mean by "replacement transaction"? Replacing or swapping outputs with a counterparty's?
>
> I guess I'm struggling to understand exactly what you are attempting to achieve here with regards to privacy and if this additional protocol complexity is worth it. Recall a 2 (or n) party coinjoin would get you an output where it isn't clear to blockchain observers which output you control and a coinswap [0] would have you taking the coin history of your counterparty. What does this scheme offer with regards to privacy that those don't? This seems to have more complexity too though I maybe misunderstanding something.
>
> Thanks
> Michael
>
> [0]: https://bitcoinops.org/en/topics/coinswap/
>
> --
> Michael Folkson
> Email: michaelfolkson at protonmail.com
> Keybase: michaelfolkson
> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
>
>
> ------- Original Message -------
> On Friday, August 5th, 2022 at 15:44, alicexbt via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>
> > Hi Bitcoin Developers,
> >
> >
> > Does it make sense to trade replacement transactions for privacy? I have shared basic details to implement this and would love to read opinions about it or ways to improve it:
> >
> >
> > =============================
> > alice=============================
> >
> > tx1: input a (0.01) -> output b1 (0.008)
> > -> change c1 (0.001)
> >
> > tx2: input a (0.01) -> output e2 (0.007)
> > -> output f2 (0.001)
> >
> >
> > =============================
> >
> > bob
> > =============================
> >
> >
> > tx1: input d (0.011) -> output e1 (0.007)
> > -> change f1 (0.003)
> >
> > tx2: input d (0.011) -> output b2 (0.008)
> > -> output c2 (0.001)
> >
> >
> > =============================
> >
> > carol
> > =============================
> >
> >
> > - creates an API to manage trades that will use 2 of 3 multisig
> > - alice and bob create orders for replacement
> > - either they could be matched automatically using some algorithm or bob manually accepts the offer
> > - 2 of 3 multisig is created with Alice, Bob and Carol keys
> > - bob locks 0.01 BTC in it and shares outputs e2,f2 with alice
> > - alice signs tx2 and shares tx with bob
> > - alice locks 0.011 BTC in it and shares outputs b2,c2 with bob
> > - bob signs tx2 and shares with alice
> > - both replacement txs can be broadcasted
> > - funds are released from 2 of 3 multisig with a tx having 3 outputs (one to pay fee which goes to carol)
> >
> >
> >
> > positives:
> >
> > - privacy
> >
> > negatives:
> >
> > - extra fees
> > - will take some time although everything will be managed by wallet with API provided by carol
> > - need to lock bitcoin with same amount as used in tx1
> > - amounts could still be used to link txs in some cases
> > - carol and other peer knows the details
> >
> >
> >
> >
> > /dev/fd0
> >
> >
> >
> >
> > Sent with Proton Mail secure email.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] P2P trading replacement transactions
@ 2022-08-06 14:16 Ali Sherief
2022-08-08 13:12 ` alicexbt
0 siblings, 1 reply; 5+ messages in thread
From: Ali Sherief @ 2022-08-06 14:16 UTC (permalink / raw)
To: alicexbt; +Cc: bitcoin-dev
[-- Attachment #1: Type: text/plain, Size: 2128 bytes --]
It would probably only work out if each output got their own private keys, since otherwise Alice can't share any outputs with Bob and vice versa.
The whole thing sounds like an HTLC with an additional trading of private keys for the actual trades instead of in the HLTC. How are they going to share their private keys securely, with PGP?
Perhaps Taproot with its selective revealing of certain script branches can help here, but I'm not sure about details.
- Ali
> Hi Bitcoin Developers,
>
> Does it make sense to trade replacement transactions for privacy? I have shared basic details to implement this and would love to read opinions about it or ways to improve it:
>
> =============================
> alice
> =============================
>
> tx1: input a (0.01) -> output b1 (0.008)
> -> change c1 (0.001)
>
> tx2: input a (0.01) -> output e2 (0.007)
> -> output f2 (0.001)
>
> =============================
>
> bob
> =============================
>
> tx1: input d (0.011) -> output e1 (0.007)
> -> change f1 (0.003)
>
> tx2: input d (0.011) -> output b2 (0.008)
> -> output c2 (0.001)
>
> =============================
>
> carol
> =============================
>
> - creates an API to manage trades that will use 2 of 3 multisig
> - alice and bob create orders for replacement
> - either they could be matched automatically using some algorithm or bob manually accepts the offer
> - 2 of 3 multisig is created with Alice, Bob and Carol keys
> - bob locks 0.01 BTC in it and shares outputs e2,f2 with alice
> - alice signs tx2 and shares tx with bob
> - alice locks 0.011 BTC in it and shares outputs b2,c2 with bob
> - bob signs tx2 and shares with alice
> - both replacement txs can be broadcasted
> - funds are released from 2 of 3 multisig with a tx having 3 outputs (one to pay fee which goes to carol)
>
> positives:
>
> - privacy
>
> negatives:
>
> - extra fees
> - will take some time although everything will be managed by wallet with API provided by carol
> - need to lock bitcoin with same amount as used in tx1
> - amounts could still be used to link txs in some cases- carol and other peer knows the details
[-- Attachment #2: Type: text/html, Size: 2442 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bitcoin-dev] P2P trading replacement transactions
2022-08-06 14:16 Ali Sherief
@ 2022-08-08 13:12 ` alicexbt
0 siblings, 0 replies; 5+ messages in thread
From: alicexbt @ 2022-08-08 13:12 UTC (permalink / raw)
To: Ali Sherief; +Cc: bitcoin-dev
Hi Ali,
> It would probably only work out if each output got their own private keys, since otherwise Alice can't share any outputs with Bob and vice versa.
> The whole thing sounds like an HTLC with an additional trading of private keys for the actual trades instead of in the HLTC. How are they going to share their private keys securely, with PGP?
Alice and Bob can share outputs and these are swapped in the replacement transactions. A 2of3 multisig and Carol is required so that nobody cheats. Trading of private keys is not required. I have explained things in a different way in my [last email][1] sent to Michael Folkson.
[1]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-August/020841.html
/dev/fd0
Sent with Proton Mail secure email.
------- Original Message -------
On Saturday, August 6th, 2022 at 7:46 PM, Ali Sherief <ali@notatether.com> wrote:
> It would probably only work out if each output got their own private keys, since otherwise Alice can't share any outputs with Bob and vice versa.
>
> The whole thing sounds like an HTLC with an additional trading of private keys for the actual trades instead of in the HLTC. How are they going to share their private keys securely, with PGP?
> Perhaps Taproot with its selective revealing of certain script branches can help here, but I'm not sure about details.
> - Ali
>
>
> > Hi Bitcoin Developers,
> >
> > Does it make sense to trade replacement transactions for privacy? I have shared basic details to implement this and would love to read opinions about it or ways to improve it:
> >
> > =============================
> > alice
> > =============================
> >
> > tx1: input a (0.01) -> output b1 (0.008)
> > -> change c1 (0.001)
> >
> > tx2: input a (0.01) -> output e2 (0.007)
> > -> output f2 (0.001)
> >
> > =============================
> >
> > bob
> > =============================
> >
> > tx1: input d (0.011) -> output e1 (0.007)
> > -> change f1 (0.003)
> >
> > tx2: input d (0.011) -> output b2 (0.008)
> > -> output c2 (0.001)
> >
> > =============================
> >
> > carol
> > =============================
> >
> > - creates an API to manage trades that will use 2 of 3 multisig
> > - alice and bob create orders for replacement
> > - either they could be matched automatically using some algorithm or bob manually accepts the offer
> > - 2 of 3 multisig is created with Alice, Bob and Carol keys
> > - bob locks 0.01 BTC in it and shares outputs e2,f2 with alice
> > - alice signs tx2 and shares tx with bob
> > - alice locks 0.011 BTC in it and shares outputs b2,c2 with bob
> > - bob signs tx2 and shares with alice
> > - both replacement txs can be broadcasted
> > - funds are released from 2 of 3 multisig with a tx having 3 outputs (one to pay fee which goes to carol)
> >
> > positives:
> >
> > - privacy
> >
> > negatives:
> >
> > - extra fees
> > - will take some time although everything will be managed by wallet with API provided by carol
> > - need to lock bitcoin with same amount as used in tx1
> > - amounts could still be used to link txs in some cases- carol and other peer knows the details
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-08-08 13:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05 14:44 [bitcoin-dev] P2P trading replacement transactions alicexbt
2022-08-06 12:55 ` Michael Folkson
2022-08-06 14:11 ` alicexbt
2022-08-06 14:16 Ali Sherief
2022-08-08 13:12 ` alicexbt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox