Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A045F14F8 for ; Fri, 22 Mar 2019 10:23:28 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-oln040092069081.outbound.protection.outlook.com [40.92.69.81]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6DF70148 for ; Fri, 22 Mar 2019 10:23:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YKaLXi72rWnCSYDWRlp9K/DBUGYw0nYXXn1oPU5qDGI=; b=C0iL1L1uWBdacoD0akYJ4OjjzgHPyF2G0Sw+mj4IdzxBxfoSIzSj6OM7zeEZqLEXyH7PSv/yyPnvqEd3Zul3Yf9/BkxOYjPDqX/YBaf7dN1KMKz5mv72cVLxEloAWhoZXRkTnoDcKmo7dV8BAfY6noBaBuUOh96mPXl72PeIutTwtn8d1fAeH/m2wCcehqrXbfRIbImyppas5d9Eiwkpn7N6ule37Tk6Q5p4mT+heY3ERqQimvSFl4hyr0tQPsh9pcE/KH7DQfmYeB960X3LFa7aurfu0kNWFBByDYwNcBdD+ecXF/LPVO1llPjE+Sc4Ynyod4xaTt6mjEhy+2zE6g== Received: from VE1EUR02FT023.eop-EUR02.prod.protection.outlook.com (10.152.12.53) by VE1EUR02HT170.eop-EUR02.prod.protection.outlook.com (10.152.13.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9; Fri, 22 Mar 2019 10:23:24 +0000 Received: from DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM (10.152.12.60) by VE1EUR02FT023.mail.protection.outlook.com (10.152.12.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9 via Frontend Transport; Fri, 22 Mar 2019 10:23:24 +0000 Received: from DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM ([fe80::71be:5864:9139:4f9c]) by DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM ([fe80::71be:5864:9139:4f9c%3]) with mapi id 15.20.1709.015; Fri, 22 Mar 2019 10:23:24 +0000 From: "Kenshiro []" To: Bitcoin Protocol Discussion , "rhavar@protonmail.com" Thread-Topic: [bitcoin-dev] Payjoin privacy with the receiver of the transaction Thread-Index: AQHU3Xi3TuLQzioN20KrtFTwOE2knaYWUg2AgAEejBg= Date: Fri, 22 Mar 2019 10:23:24 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US, es-ES Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:912DD739DE6C5FAC8879511975608A7A9C46210DE9E0E00C8EED2A0DA8798241; UpperCasedChecksum:E7347BCB50F1FBF5A3AF5260374558DE81F65CF255C95A4F8BDEA593063453AD; SizeAsReceived:7108; Count:43 x-tmn: [8wzKMors1tglFvDxEtUVrOgS3bRSaMOH] x-ms-publictraffictype: Email x-incomingheadercount: 43 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031324274)(2017031323274)(1601125500)(1603101475)(1701031045); SRVR:VE1EUR02HT170; x-ms-traffictypediagnostic: VE1EUR02HT170: x-microsoft-antispam-message-info: 0bi5Kbzj8g5JPuN3oIvVkIV7xX2c06cn+ivJNwhIc7M5oY6+pi2v4IJ9NBFwCQMF Content-Type: multipart/alternative; boundary="_000_DB6PR10MB1832829D9C812F50C66BD11CA6430DB6PR10MB1832EURP_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: eb9c521a-98b1-4458-50a0-08d6aeb06a65 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2019 10:23:24.1024 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR02HT170 X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 22 Mar 2019 13:41:33 +0000 Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2019 10:23:28 -0000 --_000_DB6PR10MB1832829D9C812F50C66BD11CA6430DB6PR10MB1832EURP_ Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable >I'm not really sure the problem you're describing, but it sounds like some= thing that affects normal bitcoin transactions as well. Yeah, it affects normal transactions too. But I'm focused in Payjoin becaus= e it should allow private transactions. The problem I see is that Payjoin s= houldn't allow that the sender or the receiver of the transaction can get i= nformation about the bitcoin balance of each other. A person could have his= savings in btc in a single address, use Payjoin to send/receive a payment = thinking it's private and leaking to the receptor he has a high amount of b= tc. But an automatic splitting to itself in the background could solve the = problem (maybe 100$ amounts) or so. >There's certainly some interesting about the idea of "pre-fragmenting" you= r wallet utxo so you can make (or in payjoin: receive) payments with better= privacy aspects.However, it's pretty unlikely to be practical for normal u= sers, as it'll generally result in pretty big and cost-ineffective transact= ions. For users that really want privacy it should not be a problem. When a walle= t receive a high amount of btc (+100$ or another amount defined by the user= ) it can automatically make a transaction to itself splitting the amount in= several addresses. The amounts that are already small don't need to be spl= itted again. Small amount addresses + Payjoin could give real privacy to bi= tcoin users. Users that don't want privacy could disable the "Private" mode= in the wallet and disable the auto-splitting feature. i.e.: you receive 1000$ in btc and the wallet make an automatic transaction= to itself to 10 addresses, 100$ each. I would prefer wait some time and have privacy than the opposite. Regards ________________________________ From: rhavar@protonmail.com Sent: Thursday, March 21, 2019 17:52 To: Kenshiro \[\]; Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transac= tion I'm not really sure the problem you're describing, but it sounds like somet= hing that affects normal bitcoin transactions as well. There's certainly some interesting about the idea of "pre-fragmenting" your= wallet utxo so you can make (or in payjoin: receive) payments with better = privacy aspects.However, it's pretty unlikely to be practical for normal us= ers, as it'll generally result in pretty big and cost-ineffective transacti= ons. In general though, there's like a 1000 different things you can do with coi= n selection, utxo management (and payjoin contributed input selection) but = more often than not you are just making just making 1 trade off for another= and good solutions will be wildly different depending on how you use your = wallet. -Ryan =1B$B!>!>!>!>!>!>!>=1B(B Original Message =1B$B!>!>!>!>!>!>!>=1B(B On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev wrote: Hi, I think Payjoin can be a very good privacy solution for Bitcoin, but I have= a question about it: - If a user has 1 BTC in a single address and make a payjoin payment to oth= er person of 0.1 BTC using that address as input, the other person can see = in a blockchain explorer the change address with an amount of 0.9 BTC. That= 's a serious privacy leak. I would like to know what will be the standard s= olution to this issue. An easy fix could be that the user wallet check if a= ny address contains a BTC amount higher than a "safe" amount like 0.01 BTC = or less. If some address exceed that amount the wallet could automatically = make 1 payment to itself to split the amount in several addresses. In this = way nobody receiving a payment from a user will ever know that he has a bit= coin balance higher than the "safe" amount. What do you think? Regards, --_000_DB6PR10MB1832829D9C812F50C66BD11CA6430DB6PR10MB1832EURP_ Content-Type: text/html; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable
>I'm not r= eally sure the problem you're describing, but it sounds like something that affe= cts normal bitcoin transactions as well.

Yeah, it affects normal transactions too. B= ut I'm focused in Payjoin because it should allow private transactions. The= problem I see is that Payjoin shouldn't allow that the sender or the recei= ver of the transaction can get information about the bitcoin balance of each other. A person could have his savings i= n btc in a single address, use Payjoin to send/receive a payment thinking i= t's private and leaking to the receptor he has a high amount of btc. But an= automatic splitting to itself in the background could solve the problem (maybe 100$ amounts) or so. 

>T= here's certainly some interesting about the idea of "pre-fragmenting" y= our wallet utxo so you can make (or in payjoin: receive) payments with bett= er privacy aspects.However, it's pretty unlikely to be practical for normal= users, as it'll generally result in pretty big and cost-ineffective transactions.

For users that really want privacy it shoul= d not be a problem. When a wallet receive a high amount of btc (+100$ o= r another amount defined by the user) it can automatically make a transacti= on to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted ag= ain. Small amount addresses + Payjoin could give real privacy to bitcoi= n users. Users that don't want privacy could disable the "Private"= ; mode in the wallet and disable the auto-splitting feature. 

i.e.: you receive 1000$ in btc and the wall= et make an automatic transaction to itself to 10 addresses, 100$ each.

I would prefer wait some time and have priv= acy than the opposite.

Regards


From: rhavar@protonmail.com= <rhavar@protonmail.com>
Sent: Thursday, March 21, 2019 17:52
To: Kenshiro \[\]; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the = transaction
 
I'm not really sure the problem you're describing, but it sounds like = something that affects normal bitcoin transactions as well.

There's certainly some interesting about the idea of "pre-fragmen= ting" your wallet utxo so you can make (or in payjoin: receive) paymen= ts with better privacy aspects.However, it's pretty unlikely to be practica= l for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

In general though, there's like a 1000 different things you can do wit= h coin selection, utxo management (and payjoin contributed input selection)= but more often than not you are just making just making 1 trade off for an= other and good solutions will be wildly different depending on how you use your wallet.


-Ryan


=1B$B!>!>!>!>!>!>!>=1B(B Original Message =1B$B!>!>!>!>!>!>!>=1B(B
On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev <b= itcoin-dev@lists.linuxfoundation.org> wrote:

Hi,

I think Payjoin can be a very good privacy solution for Bitcoin, but I= have a question about it:

- If a user has 1 BTC in a single address and make a payjoin payment t= o other person of 0.1 BTC using that address as input, the other person can= see in a blockchain explorer the change address with an amount of 0.9 BTC.= That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An = easy fix could be that the user wallet check if any address contains a BTC = amount higher than a "safe" amount like 0.01 BTC or less. If some= address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addr= esses. In this way nobody receiving a payment from a user will ever know th= at he has a bitcoin balance higher than the "safe" amount.

What do you think?

Regards,

--_000_DB6PR10MB1832829D9C812F50C66BD11CA6430DB6PR10MB1832EURP_--