1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
Return-Path: <adam.ficsor73@gmail.com>
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 0E3C6C016F
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jun 2020 12:32:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by silver.osuosl.org (Postfix) with ESMTP id E564F25432
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jun 2020 12:32:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RlqPYqUL20sp
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jun 2020 12:32:18 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com
[209.85.208.172])
by silver.osuosl.org (Postfix) with ESMTPS id 7CE27253A7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jun 2020 12:32:18 +0000 (UTC)
Received: by mail-lj1-f172.google.com with SMTP id a9so2243176ljn.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 10 Jun 2020 05:32:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=pmhE4DKJina/kXCWAkBuYgjUm1IqW/HR9n2stS6gt5Q=;
b=Z6DhuNEcnwyM8Rf2sakV8Kj1uiYJAlJc6CKGbOzXAYflkTPzUvm+29ferseUSNg2Dk
Rie6PspuNAhA0tiA8WruSl45faRXLfQIBKw6M1a/lfJhWqVl3+mGkstqsRC0i5W/O2WZ
czov2gHK/AxRlg7waZdmQyGTd8I5hYBCuXViG8mHButxhqQqnJ6ETCuwpQObGsSTnCrF
iKNOfQ0UQjXpdiqsDfs66G1Jkskj+/Vdnha1vFsW5O8euk0hdQTQTs1HIRGUmXUckxkr
qyp3knQODLaunhkMoLyuSIQ+aCekCQhSoNc6fkjUwG0xtNiJpdO0API84uUjbmnImJW9
x45Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=pmhE4DKJina/kXCWAkBuYgjUm1IqW/HR9n2stS6gt5Q=;
b=VIcDzhq6fCQGJv2bJh/Q3xFH/g/PT5s1nSWu8ze3WT4b1wdY0AEmS+5FkFBTiWuPUz
LkttDljkXtDA3y4vezS0FDswtx0h5E5t4UAcfVd9tx3sNu13K3Z9Wifr8BRXMZICeiC9
eGRxxhLAmhfpCzxQ7IEI242FSWU5kD34zwO58MxXOsWtm6Lfl6tDygZf/3rf4OE7gV5w
ogHNHKe0FbwIUTZI868Q6sERrGBO6736RlGD9pDVl3vF5szz2tLClrthRQiNUlWUsAl1
laN/YDdNYaZMmcvLkEGaABmhAS5kOYF5Zws68YkQybrfi9BRTyzv+bShLY7Sz0oBi3GX
spvw==
X-Gm-Message-State: AOAM530IjXP8dVOuImSurDm5vyUMJm/UzIgQTaIjI5QlbSbc8p6L/dCJ
LAEM08dSWywOA/qw0XS6/X7Ro+L++ENz9PF2qAmXyA19M3SpNg==
X-Google-Smtp-Source: ABdhPJyfV/rKe3axg7zhLVaSk6kAEH+Aw6lcdHBMB2wav28OnlXMKeLHR1Z24nx6R2u1WVu7s1JZkjiAv/uC0Q761S4=
X-Received: by 2002:a2e:b60c:: with SMTP id r12mr1733162ljn.316.1591792336014;
Wed, 10 Jun 2020 05:32:16 -0700 (PDT)
MIME-Version: 1.0
From: nopara73 <adam.ficsor73@gmail.com>
Date: Wed, 10 Jun 2020 14:32:05 +0200
Message-ID: <CAEPKjgfbQoXkB=cEp5Jc28ZihRSQe50M2x7k6=AjW+Vo5f=79g@mail.gmail.com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000be907505a7ba0849"
X-Mailman-Approved-At: Wed, 10 Jun 2020 13:40:10 +0000
Subject: [bitcoin-dev] Tainting, CoinJoin, PayJoin, CoinSwap
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 12:32:20 -0000
--000000000000be907505a7ba0849
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
The problem with CoinJoins is that desire for privacy is explicitly
signalled by them, so adversaries can consider them "suspicious." PayJoin
and CoinSwap solve this problem, because they are unnoticeable. I think
this logic doesn't stand for scrutiny.
From here on let's use the terminology of a typical adversary: there are 3
kinds of coin histories: "clean", "dirty" and "suspicious".
The aftermath of you using a "dirty" coin is knocks on your door. You using
a "suspicious" coin is uncomfortable questions and you using a "clean" coin
is seamless transfer.
In scenario 1, you start out with a "clean" history. By using CoinJoins you
make your new coin's history "suspicious" so you have no incentive to
CoinJoin. By using CoinSwap/PayJoin your new coin can be either "clean" or
"dirty". What would a "clean" coin owner prefer more? Take the risk of
knocking on the door or answering uncomfortable questions?
In scenario 2, you start out with a "dirty" history. By using CoinJoins you
make your new coin's history "suspicious" so you have an incentive to
CoinJoin. By using CoinSwap/PayJoin your new coin can either be "clean" or
"dirty". What would a "dirty" coin owner prefer more? And here's an
insight: you may get knocks on your door for a dirty coin that you have
nothing to do with. And you can prove this fact to the adversary, but by
doing so, you'll also expose that you started out with a "dirty" coin to
begin with and now the adversary becomes interested in you for a different
reason.
You can also examine things assuming full adoption of PJ/CS vs full
adoption of CJ, but you'll see that full adoption of any of these solves
the tainting issue.
So my current conclusion is that PJ/CS does not only not solve the taint
problem, it just alters it and ultimately very similar problems arise for
the users. Maybe the goal of unobservable privacy is a fallacy in this
context as it is based on the assumption that desiring privacy is
suspicious, so you want to hide the fact that you desire privacy. And the
solution to the taint issue is either protocol change or social change
(decent adoption.)
PS.: Please try to keep the conversation to the Taint Issue as this email
of mine isn't supposed to be discussing general pros and cons of various
privacy techniques.
Any thoughts?
--=20
Best,
=C3=81d=C3=A1m
--000000000000be907505a7ba0849
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">The problem with CoinJoins is that desire for privacy is e=
xplicitly signalled by them, so adversaries can consider them "suspici=
ous." PayJoin and CoinSwap solve this problem, because they are unnoti=
ceable. I think this logic doesn't stand for scrutiny.<div><br></div><d=
iv>From here on let's use the terminology of a typical adversary: there=
are 3 kinds of coin histories: "clean", "dirty" and &q=
uot;suspicious".<br>The aftermath of you using a "dirty" coi=
n is knocks on your door. You using a "suspicious" coin is uncomf=
ortable questions and you using a "clean" coin is seamless transf=
er.</div><div><br></div><div>In scenario 1, you start out with a "clea=
n" history. By using CoinJoins you make your new coin's history &q=
uot;suspicious" so you have no incentive to CoinJoin. By using CoinSwa=
p/PayJoin your new coin can be either "clean" or "dirty"=
;. What would a "clean" coin owner prefer more? Take the risk of =
knocking on the door or answering uncomfortable questions?<br><br>In scenar=
io 2, you start out with a "dirty"=20
history.=20
By using CoinJoins you make your new coin's history "suspicious&qu=
ot; so you have an incentive to CoinJoin.
By using CoinSwap/PayJoin your new coin can either be "clean" or=
"dirty".=20
What would a "dirty" coin owner prefer more? And here's an in=
sight: you may get knocks on your door for a dirty coin that you have nothi=
ng to do with. And you can prove this fact to the adversary, but by doing s=
o, you'll also expose that you started out with a "dirty" coi=
n to begin with and now the=20
adversary becomes interested in you for a different reason.</div><div><br>Y=
ou can also examine things assuming full adoption of PJ/CS vs full adoption=
of CJ, but you'll see that full adoption of any of these solves the ta=
inting issue.<br><br></div><div>So my current conclusion is that PJ/CS does=
not only not solve the taint problem, it just alters it and ultimately ver=
y similar problems arise for the users. Maybe the goal of unobservable priv=
acy is a fallacy in this context=C2=A0as it is based on the assumption that=
desiring privacy is suspicious, so you want to hide the fact that you desi=
re privacy. And the solution to the taint issue is either protocol change o=
r social change (decent adoption.)<br><br>PS.: Please try to keep the conve=
rsation to the Taint Issue as this email of mine isn't supposed to be d=
iscussing general pros and cons of various privacy techniques.<br><br></div=
><div><div>Any thoughts?<br clear=3D"all"><div><br></div>-- <br><div dir=3D=
"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signature"><div dir=
=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div><span style=
=3D"font-size:13.3333339691162px">Best,<br>=C3=81d=C3=A1m</span></div></div=
></div></div></div></div></div></div></div></div></div>
--000000000000be907505a7ba0849--
|