From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: Antoine Riard <antoine.riard@gmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] CoinPool, exploring generic payment pools for Fun and Privacy
Date: Sat, 13 Jun 2020 00:45:12 +0000 [thread overview]
Message-ID: <m-yAKsQ52s-bYOrtEXVwETAcJ8sSbJt0k9WDN1ueidJ01IaEHRJtq9Odffmz_2utLxPfmI418x58aFc3vKBpOD2FKqgeCUAn1mvI1OSyGRY=@protonmail.com> (raw)
In-Reply-To: <CALZpt+EsACbq1QM9MFkC63_gDXW0vHfeTjXc7C9r4+2-1WKAJw@mail.gmail.com>
Good morning Antoine,
> Yes, that's part of future research, defining better *in-pool* observer. Sadly, right now, even if you use mask construction inside, it's quite easy to trace leaves by value weight. Of course, you can enforce equal-value leaves, as for a regular onchain CoinJoin. I think it comes with a higher onchain cost in case of pool breakage.
Perhaps not necessarily.
An advantage of WabiSabi is I can pretend to be two or more participants.
For example, I can pretend to be "Alice" and "Bob", and pretend that "Alice" owes a life debt to "Bob".
At initial state setup, I put a 1.0 BTC coin as "Alice" and a 0.5 BTC coin as "Bob".
Now, at each state update I need to sign as "Alice" and "Bob".
However, after the first initial state, I can use a new persona "Bobby" to *own* my coins, even though I still have to sign as "Alice" and "Bob" in every state update.
What the other pool participants see is that the 1.0 BTC "Alice" coin and the 0.5 BTC "Bob" coin are merged into the 1.5 BTC "Bobby" coin.
What they cannot be sure of is:
* "Alice" paid to "Bob", who is now pretending to be "Bobby".
* "Bob" paid to "Alice", who is now pretending to be "Bobby".
* "Alice" and "Bob" are the same person, and is also pretending to be "Bobby".
All the other participants know is that whoever owns the coin *now* is still part of the pool, but cannot be sure which participant *really* owns which coin, and whether participants are sockpuppets (which is why it should use n-of-n at each state update, incidentally).
In effect, it "imports" the possibility of PayJoin inside the CoinPool construction.
Regards,
ZmnSCPxj
next prev parent reply other threads:[~2020-06-13 0:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-11 8:53 [bitcoin-dev] CoinPool, exploring generic payment pools for Fun and Privacy Antoine Riard
2020-06-11 17:21 ` Jeremy
2020-06-12 23:45 ` Antoine Riard
2020-06-12 8:39 ` ZmnSCPxj
2020-06-13 0:28 ` Antoine Riard
2020-06-13 0:45 ` ZmnSCPxj [this message]
2020-06-13 1:20 ` ZmnSCPxj
2020-06-16 5:23 ` ZmnSCPxj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='m-yAKsQ52s-bYOrtEXVwETAcJ8sSbJt0k9WDN1ueidJ01IaEHRJtq9Odffmz_2utLxPfmI418x58aFc3vKBpOD2FKqgeCUAn1mvI1OSyGRY=@protonmail.com' \
--to=zmnscpxj@protonmail.com \
--cc=antoine.riard@gmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox