From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id DDFE4C013E for ; Sun, 23 Feb 2020 00:59:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id C4A582274B for ; Sun, 23 Feb 2020 00:59:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCH-D7Uly0je for ; Sun, 23 Feb 2020 00:59:55 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) by silver.osuosl.org (Postfix) with ESMTPS id B863A226DB for ; Sun, 23 Feb 2020 00:59:55 +0000 (UTC) Date: Sun, 23 Feb 2020 00:59:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=default; t=1582419593; bh=G48ezMbxh+vm9JLE27w3LHEpPbaOf6ogm4H53/JGlew=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References: Feedback-ID:From; b=SXuLCaWnbNiPOkDYJIUfX5hwjI6tTUcmwr2KuXxe4IGngfVM3ZDnwTkLEgPIt3HlZ VAwg8V7a8qKsKpPyllck1OOV0bQQi3fle2pbmyInL/1jp0bVp7kSj/vC8iC+82XlkH RiLXKWeFatSeKZ2cak+gQzQv7ZDfR2L/aqlOEWWQ= To: AdamISZ , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: References: Feedback-ID: el4j0RWPRERue64lIQeq9Y2FP-mdB86tFqjmrJyEPR9VAtMovPEo9tvgA0CrTsSHJeeyPXqnoAu6DN-R04uJUg==:Ext:ProtonMail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] LN & Coinjoin, a Great Tx Format Wedding X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Feb 2020 00:59:58 -0000 Good morning waxwing, > =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original = Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 > On Friday, 21 February 2020 22:17, Antoine Riard via bitcoin-dev bitcoin-= dev@lists.linuxfoundation.org wrote: > > > How can a Bitcoin tranaction leak protocol usage ? > > > > - the output type (p2sh, p2wsh, ...) > > - the spending policy (2-of-3 multisig, timelock, hashlock,...) > > - outputs ordering (BIP69) > > - nLocktime/nSequence > > - RBF-signaling > > - Equal-value outputs > > - weird watermark (LN commitment tx obfuscated commitment number) > > - fees strategy like CPFP > > - in-protocol announcements [0] > > Good list. > Another one, usually wouldn't be protocol as much as wallet leakage, but = could be: utxo selection algorithm (which of course may be difficult to ded= uce, but often, far from impossible). > (Also trivial and increasingly irrelevant, but nVersion). > > With regards to coinjoin in this context (I know your points are much bro= ader), my comment is: > For existing protocols (joinmarket's, wasabi's, samourai's), in the equal= -outs paradigm, I don't see much that can be done in this area. > But I would ask people to consider CoinJoinXT[1] more seriously in a tapr= oot/schnorr world, since it addresses this exact point. With a short (not c= ross-block like swaps or LN setup) interaction, participants can arrange th= e effect of coinjoin without the on-chain watermark of coinjoin (so, stegan= ographic). The taproot/schnorr part is needed there because multisig is req= uired from transaction to transaction in that protocol, so doing it today i= s less interesting (albeit still interesting). CoinJoinXT is indeed something I am interested in at some point: https://zm= nscpxj.github.io/bitcoin/coinjoinxt.html The above writeup is a client-server model, with multiple clients mixing. If none of the participants reveal that a CoinJoinXT was done, then the gra= ph is difficult to detect as such. However, if any participants reveal that a CoinJoinXT was done, it has a fa= llback such that it is almost as good as an equal-value CoinJoin (but takes= up more block space). At least it is not immediately obvious that it is in fact a CoinJoinXT from= *just* a simple transaction analysis, which we hope is enough to deter sim= ple policies like "check N transactions back for a transaction with more th= an one equal-valued output". Regards, ZmnSCPxj