public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: AdamISZ <AdamISZ@protonmail.com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] LN & Coinjoin, a Great Tx Format Wedding
Date: Sun, 23 Feb 2020 00:59:46 +0000	[thread overview]
Message-ID: <x7A06kB4r0DzPTeDDWWouWLXT5_5YRaHax76XP_ToY0aUAPHXVt8Wuvf3RRpFpguIFD53Ho_KQM4WYEkFl6ZZlVw6KIk-GP5izmGDVppfvA=@protonmail.com> (raw)
In-Reply-To: <L95umnyb-GwoyP_ZWM7oNmMbhooYpCFXoKAGRPoPOpGpMGhMHQWuczKhJ2VX2nrZt3jaJ5bOMy5dvQ3DYqs_O_eEsA_63dd2_rvdoOzoGoI=@protonmail.com>

Good morning waxwing,

> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Friday, 21 February 2020 22:17, Antoine Riard via bitcoin-dev bitcoin-dev@lists.linuxfoundation.org wrote:
>
> > How can a Bitcoin tranaction leak protocol usage ?
> >
> > -   the output type (p2sh, p2wsh, ...)
> > -   the spending policy (2-of-3 multisig, timelock, hashlock,...)
> > -   outputs ordering (BIP69)
> > -   nLocktime/nSequence
> > -   RBF-signaling
> > -   Equal-value outputs
> > -   weird watermark (LN commitment tx obfuscated commitment number)
> > -   fees strategy like CPFP
> > -   in-protocol announcements [0]
>
> Good list.
> Another one, usually wouldn't be protocol as much as wallet leakage, but could be: utxo selection algorithm (which of course may be difficult to deduce, but often, far from impossible).
> (Also trivial and increasingly irrelevant, but nVersion).
>
> With regards to coinjoin in this context (I know your points are much broader), my comment is:
> For existing protocols (joinmarket's, wasabi's, samourai's), in the equal-outs paradigm, I don't see much that can be done in this area.
> But I would ask people to consider CoinJoinXT[1] more seriously in a taproot/schnorr world, since it addresses this exact point. With a short (not cross-block like swaps or LN setup) interaction, participants can arrange the effect of coinjoin without the on-chain watermark of coinjoin (so, steganographic). The taproot/schnorr part is needed there because multisig is required from transaction to transaction in that protocol, so doing it today is less interesting (albeit still interesting).

CoinJoinXT is indeed something I am interested in at some point: https://zmnscpxj.github.io/bitcoin/coinjoinxt.html
The above writeup is a client-server model, with multiple clients mixing.
If none of the participants reveal that a CoinJoinXT was done, then the graph is difficult to detect as such.
However, if any participants reveal that a CoinJoinXT was done, it has a fallback such that it is almost as good as an equal-value CoinJoin (but takes up more block space).
At least it is not immediately obvious that it is in fact a CoinJoinXT from *just* a simple transaction analysis, which we hope is enough to deter simple policies like "check N transactions back for a transaction with more than one equal-valued output".

Regards,
ZmnSCPxj


  reply	other threads:[~2020-02-23  0:59 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-21 22:17 [bitcoin-dev] LN & Coinjoin, a Great Tx Format Wedding Antoine Riard
2020-02-22 12:10 ` AdamISZ
2020-02-23  0:59   ` ZmnSCPxj [this message]
2020-02-24 17:58   ` Antoine Riard
2020-02-23  1:29 ` ZmnSCPxj
2020-02-24 18:26   ` Antoine Riard
2020-02-24 23:35     ` ZmnSCPxj
2020-02-25 19:16       ` Antoine Riard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='x7A06kB4r0DzPTeDDWWouWLXT5_5YRaHax76XP_ToY0aUAPHXVt8Wuvf3RRpFpguIFD53Ho_KQM4WYEkFl6ZZlVw6KIk-GP5izmGDVppfvA=@protonmail.com' \
    --to=zmnscpxj@protonmail.com \
    --cc=AdamISZ@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox