MIME-Version: 1.0
References: <CAEPKjgfbQoXkB=cEp5Jc28ZihRSQe50M2x7k6=AjW+Vo5f=79g@mail.gmail.com>
In-Reply-To: <CAEPKjgfbQoXkB=cEp5Jc28ZihRSQe50M2x7k6=AjW+Vo5f=79g@mail.gmail.com>
From: Greg Sanders <gsanders87@gmail.com>
Date: Wed, 10 Jun 2020 09:48:55 -0400
Message-ID: <CAB3F3DtceGQmyJzEzXHuYVrGtNE3ASq1=Sq6Bps0hE+wn7Dy5w@mail.gmail.com>
To: nopara73 <adam.ficsor73@gmail.com>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000009303b505a7bb1b1e"
Subject: Re: [bitcoin-dev] Tainting, CoinJoin, PayJoin, CoinSwap
Precedence: list

--0000000000009303b505a7bb1b1e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

A major point of defeating the common input heuristic and others is to make
"super-clusters". A small number of users that "don't care" about possibly
touching tainted coins can render many chain analysis techniques unworkable
in practice for enforcement. You don't need 100% coverage to defeat the
heuristic.

On Wed, Jun 10, 2020 at 9:40 AM nopara73 via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> The problem with CoinJoins is that desire for privacy is explicitly
> signalled by them, so adversaries can consider them "suspicious." PayJoin
> and CoinSwap solve this problem, because they are unnoticeable. I think
> this logic doesn't stand for scrutiny.
>
> From here on let's use the terminology of a typical adversary: there are =
3
> kinds of coin histories: "clean", "dirty" and "suspicious".
> The aftermath of you using a "dirty" coin is knocks on your door. You
> using a "suspicious" coin is uncomfortable questions and you using a
> "clean" coin is seamless transfer.
>
> In scenario 1, you start out with a "clean" history. By using CoinJoins
> you make your new coin's history "suspicious" so you have no incentive to
> CoinJoin. By using CoinSwap/PayJoin your new coin can be either "clean" o=
r
> "dirty". What would a "clean" coin owner prefer more? Take the risk of
> knocking on the door or answering uncomfortable questions?
>
> In scenario 2, you start out with a "dirty" history. By using CoinJoins
> you make your new coin's history "suspicious" so you have an incentive to
> CoinJoin. By using CoinSwap/PayJoin your new coin can either be "clean" o=
r
> "dirty". What would a "dirty" coin owner prefer more? And here's an
> insight: you may get knocks on your door for a dirty coin that you have
> nothing to do with. And you can prove this fact to the adversary, but by
> doing so, you'll also expose that you started out with a "dirty" coin to
> begin with and now the adversary becomes interested in you for a differen=
t
> reason.
>
> You can also examine things assuming full adoption of PJ/CS vs full
> adoption of CJ, but you'll see that full adoption of any of these solves
> the tainting issue.
>
> So my current conclusion is that PJ/CS does not only not solve the taint
> problem, it just alters it and ultimately very similar problems arise for
> the users. Maybe the goal of unobservable privacy is a fallacy in this
> context as it is based on the assumption that desiring privacy is
> suspicious, so you want to hide the fact that you desire privacy. And the
> solution to the taint issue is either protocol change or social change
> (decent adoption.)
>
> PS.: Please try to keep the conversation to the Taint Issue as this email
> of mine isn't supposed to be discussing general pros and cons of various
> privacy techniques.
>
> Any thoughts?
>
> --
> Best,
> =C3=81d=C3=A1m
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--0000000000009303b505a7bb1b1e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">A major point of defeating the common input heuristic and =
others is to make &quot;super-clusters&quot;. A small number of users that =
&quot;don&#39;t care&quot; about possibly touching tainted coins can render=
 many chain analysis techniques unworkable in practice for enforcement. You=
 don&#39;t need 100% coverage to defeat the heuristic.=C2=A0</div><br><div =
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jun 10,=
 2020 at 9:40 AM nopara73 via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev=
@lists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; w=
rote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0p=
x 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=
=3D"ltr">The problem with CoinJoins is that desire for privacy is explicitl=
y signalled by them, so adversaries can consider them &quot;suspicious.&quo=
t; PayJoin and CoinSwap solve this problem, because they are unnoticeable. =
I think this logic doesn&#39;t stand for scrutiny.<div><br></div><div>From =
here on let&#39;s use the terminology of a typical adversary: there are 3 k=
inds of coin histories: &quot;clean&quot;, &quot;dirty&quot; and &quot;susp=
icious&quot;.<br>The aftermath of you using a &quot;dirty&quot; coin is kno=
cks on your door. You using a &quot;suspicious&quot; coin is uncomfortable =
questions and you using a &quot;clean&quot; coin is seamless transfer.</div=
><div><br></div><div>In scenario 1, you start out with a &quot;clean&quot; =
history. By using CoinJoins you make your new coin&#39;s history &quot;susp=
icious&quot; so you have no incentive to CoinJoin. By using CoinSwap/PayJoi=
n your new coin can be either &quot;clean&quot; or &quot;dirty&quot;. What =
would a &quot;clean&quot; coin owner prefer more? Take the risk of knocking=
 on the door or answering uncomfortable questions?<br><br>In scenario 2, yo=
u start out with a &quot;dirty&quot;=20

history.=20

By using CoinJoins you make your new coin&#39;s history &quot;suspicious&qu=
ot; so you have an incentive to CoinJoin.

 By using CoinSwap/PayJoin your new coin can either be &quot;clean&quot; or=
 &quot;dirty&quot;.=20

What would a &quot;dirty&quot; coin owner prefer more? And here&#39;s an in=
sight: you may get knocks on your door for a dirty coin that you have nothi=
ng to do with. And you can prove this fact to the adversary, but by doing s=
o, you&#39;ll also expose that you started out with a &quot;dirty&quot; coi=
n to begin with and now the=20

adversary becomes interested in you for a different reason.</div><div><br>Y=
ou can also examine things assuming full adoption of PJ/CS vs full adoption=
 of CJ, but you&#39;ll see that full adoption of any of these solves the ta=
inting issue.<br><br></div><div>So my current conclusion is that PJ/CS does=
 not only not solve the taint problem, it just alters it and ultimately ver=
y similar problems arise for the users. Maybe the goal of unobservable priv=
acy is a fallacy in this context=C2=A0as it is based on the assumption that=
 desiring privacy is suspicious, so you want to hide the fact that you desi=
re privacy. And the solution to the taint issue is either protocol change o=
r social change (decent adoption.)<br><br>PS.: Please try to keep the conve=
rsation to the Taint Issue as this email of mine isn&#39;t supposed to be d=
iscussing general pros and cons of various privacy techniques.<br><br></div=
><div><div>Any thoughts?<br clear=3D"all"><div><br></div>-- <br><div dir=3D=
"ltr"><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><di=
v><span style=3D"font-size:13.3333px">Best,<br>=C3=81d=C3=A1m</span></div><=
/div></div></div></div></div></div></div></div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--0000000000009303b505a7bb1b1e--