Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E5683147E for ; Fri, 22 Mar 2019 11:15:30 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-oln040092069026.outbound.protection.outlook.com [40.92.69.26]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 7FD21827 for ; Fri, 22 Mar 2019 11:15:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DAL26oyH9yAL6O9II3TyQAXB7H0+6yb7KHwwT/D9kdE=; b=mnuIv8qKQ31uLRk5V5dl2yqDto6/hyviQaM4jRzKErW6LPNplttqwoRNnhetNeX8UUtVRDPxqmrzNaq6oSI5UbvfJyKHIxZz4H/y/0AOSD7AedEScqjMgXagN3IpvKRl+TeoJWTqLeb2qdahhPIBeAvIc+HFnBuPvuFzwQGFzwWGde0VUiJY4uVQI0kV0Er2mhcSL2CVCbHrtNlAC+H6lImWbMsBRs/AGJStcPi3b+vTsl45Bq4aJ+HVXeY6tFNu6U5UKiL+ubV9udBlYRSWKMXt0kgXs/gVtWyc28F2pvYLae0pSZ/rE+RmZjIfBp676KUUPgWsIiJ2bHptla5T1Q== Received: from VE1EUR02FT023.eop-EUR02.prod.protection.outlook.com (10.152.12.60) by VE1EUR02HT221.eop-EUR02.prod.protection.outlook.com (10.152.13.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9; Fri, 22 Mar 2019 11:15:26 +0000 Received: from DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM (10.152.12.51) by VE1EUR02FT023.mail.protection.outlook.com (10.152.12.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1730.9 via Frontend Transport; Fri, 22 Mar 2019 11:15:26 +0000 Received: from DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM ([fe80::71be:5864:9139:4f9c]) by DB6PR10MB1832.EURPRD10.PROD.OUTLOOK.COM ([fe80::71be:5864:9139:4f9c%3]) with mapi id 15.20.1709.015; Fri, 22 Mar 2019 11:15:26 +0000 From: "Kenshiro []" To: Bitcoin Protocol Discussion , "rhavar@protonmail.com" Thread-Topic: [bitcoin-dev] Payjoin privacy with the receiver of the transaction Thread-Index: AQHU3Xi3TuLQzioN20KrtFTwOE2knaYWUg2AgAEejBiAABTNWQ== Date: Fri, 22 Mar 2019 11:15:26 +0000 Message-ID: References: , , In-Reply-To: Accept-Language: en-US, es-ES Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:04AFCB0DF3FF09CD2DD75ADD360A528A20C7CE167DA7A40630E70EC5BCCA8331; UpperCasedChecksum:83C4BD92EF1192C035BD14E556B2DAEC9DBB4733DA9EC6179C5230CFC6EE45AF; SizeAsReceived:7151; Count:43 x-tmn: [KLOVB6G+5B1bGCFEUYt0VDIN2L7EPW49] x-ms-publictraffictype: Email x-incomingheadercount: 43 x-eopattributedmessage: 0 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031322404)(2017031323274)(1601125500)(1603101475)(1701031045); SRVR:VE1EUR02HT221; x-ms-traffictypediagnostic: VE1EUR02HT221: x-microsoft-antispam-message-info: 4UzNm3rWSMEN1NAYV1h7PuNsikgW47IEgj1u/A2j1UEUgGvHZccp/k2d+4aonmsS Content-Type: multipart/alternative; boundary="_000_DB6PR10MB1832FFFFD06F26525522E826A6430DB6PR10MB1832EURP_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: f61813a1-d7be-4758-6b87-08d6aeb7af81 X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2019 11:15:26.5666 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1EUR02HT221 X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 22 Mar 2019 13:41:33 +0000 Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transaction X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Mar 2019 11:15:31 -0000 --_000_DB6PR10MB1832FFFFD06F26525522E826A6430DB6PR10MB1832EURP_ Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable They Payjoin protocol could include the possibility of receive "safe" amoun= ts (i.e.: 0.025 btc) to several addresses so every user using Payjoin alrea= dy have a splitted balance. Only people receiving a regular public transact= ion should need the extra splitting transaction. Regards ________________________________ From: Kenshiro [] Sent: Friday, March 22, 2019 11:23 To: Bitcoin Protocol Discussion; rhavar@protonmail.com Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transac= tion >I'm not really sure the problem you're describing, but it sounds like some= thing that affects normal bitcoin transactions as well. Yeah, it affects normal transactions too. But I'm focused in Payjoin becaus= e it should allow private transactions. The problem I see is that Payjoin s= houldn't allow that the sender or the receiver of the transaction can get i= nformation about the bitcoin balance of each other. A person could have his= savings in btc in a single address, use Payjoin to send/receive a payment = thinking it's private and leaking to the receptor he has a high amount of b= tc. But an automatic splitting to itself in the background could solve the = problem (maybe 100$ amounts) or so. >There's certainly some interesting about the idea of "pre-fragmenting" you= r wallet utxo so you can make (or in payjoin: receive) payments with better= privacy aspects.However, it's pretty unlikely to be practical for normal u= sers, as it'll generally result in pretty big and cost-ineffective transact= ions. For users that really want privacy it should not be a problem. When a walle= t receive a high amount of btc (+100$ or another amount defined by the user= ) it can automatically make a transaction to itself splitting the amount in= several addresses. The amounts that are already small don't need to be spl= itted again. Small amount addresses + Payjoin could give real privacy to bi= tcoin users. Users that don't want privacy could disable the "Private" mode= in the wallet and disable the auto-splitting feature. i.e.: you receive 1000$ in btc and the wallet make an automatic transaction= to itself to 10 addresses, 100$ each. I would prefer wait some time and have privacy than the opposite. Regards ________________________________ From: rhavar@protonmail.com Sent: Thursday, March 21, 2019 17:52 To: Kenshiro \[\]; Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the transac= tion I'm not really sure the problem you're describing, but it sounds like somet= hing that affects normal bitcoin transactions as well. There's certainly some interesting about the idea of "pre-fragmenting" your= wallet utxo so you can make (or in payjoin: receive) payments with better = privacy aspects.However, it's pretty unlikely to be practical for normal us= ers, as it'll generally result in pretty big and cost-ineffective transacti= ons. In general though, there's like a 1000 different things you can do with coi= n selection, utxo management (and payjoin contributed input selection) but = more often than not you are just making just making 1 trade off for another= and good solutions will be wildly different depending on how you use your = wallet. -Ryan =1B$B!>!>!>!>!>!>!>=1B(B Original Message =1B$B!>!>!>!>!>!>!>=1B(B On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev wrote: Hi, I think Payjoin can be a very good privacy solution for Bitcoin, but I have= a question about it: - If a user has 1 BTC in a single address and make a payjoin payment to oth= er person of 0.1 BTC using that address as input, the other person can see = in a blockchain explorer the change address with an amount of 0.9 BTC. That= 's a serious privacy leak. I would like to know what will be the standard s= olution to this issue. An easy fix could be that the user wallet check if a= ny address contains a BTC amount higher than a "safe" amount like 0.01 BTC = or less. If some address exceed that amount the wallet could automatically = make 1 payment to itself to split the amount in several addresses. In this = way nobody receiving a payment from a user will ever know that he has a bit= coin balance higher than the "safe" amount. What do you think? Regards, --_000_DB6PR10MB1832FFFFD06F26525522E826A6430DB6PR10MB1832EURP_ Content-Type: text/html; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable
They Payjoin protocol could include the possibility of receive "safe&q= uot; amounts (i.e.: 0.025 btc) to several addresses so every user usin= g Payjoin already have a splitted balance. Only people receiving a regular = public transaction should need the extra splitting transaction.

Regards

From: Kenshiro []
Sent: Friday, March 22, 2019 11:23
To: Bitcoin Protocol Discussion; rhavar@protonmail.com
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the = transaction
 
>I'm not really sure the problem you're describing= , but it sounds like something that affects normal bitcoin transactions as = well.

Yeah, it affects normal transactions too. But= I'm focused in Payjoin because it should allow private transactions. The p= roblem I see is that Payjoin shouldn't allow that the sender or the receive= r of the transaction can get information about the bitcoin balance of each other. A person could have his savings i= n btc in a single address, use Payjoin to send/receive a payment thinking i= t's private and leaking to the receptor he has a high amount of btc. But an= automatic splitting to itself in the background could solve the problem (maybe 100$ amounts) or so. 

>There's certainly some interesting about= the idea of "pre-fragmenting" your wallet utxo so you can make (= or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as= it'll generally result in pretty big and cost-ineffective transactions.

For users that really want privacy it should = not be a problem. When a wallet receive a high amount of btc (+100$ or = another amount defined by the user) it can automatically make a transaction= to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted ag= ain. Small amount addresses + Payjoin could give real privacy to bitcoi= n users. Users that don't want privacy could disable the "Private"= ; mode in the wallet and disable the auto-splitting feature. 

i.e.: you receive 1000$ in btc and the wallet= make an automatic transaction to itself to 10 addresses, 100$ each.

I would prefer wait some time and have privac= y than the opposite.

Regards

From: rhavar@protonmail.c= om <rhavar@protonmail.com>
Sent: Thursday, March 21, 2019 17:52
To: Kenshiro \[\]; Bitcoin Protocol Discussion
Subject: Re: [bitcoin-dev] Payjoin privacy with the receiver of the = transaction
 
I'm not really sure the problem you're describing, but it sounds like = something that affects normal bitcoin transactions as well.

There's certainly some interesting about the idea of "pre-fragmen= ting" your wallet utxo so you can make (or in payjoin: receive) paymen= ts with better privacy aspects.However, it's pretty unlikely to be practica= l for normal users, as it'll generally result in pretty big and cost-ineffective transactions.

In general though, there's like a 1000 different things you can do wit= h coin selection, utxo management (and payjoin contributed input selection)= but more often than not you are just making just making 1 trade off for an= other and good solutions will be wildly different depending on how you use your wallet.


-Ryan


=1B$B!>!>!>!>!>!>!>=1B(B Original Message =1B$B!>!>!>!>!>!>!>=1B(B
On Monday, March 18, 2019 3:55 AM, Kenshiro \[\] via bitcoin-dev <b= itcoin-dev@lists.linuxfoundation.org> wrote:

Hi,

I think Payjoin can be a very good privacy solution for Bitcoin, but I= have a question about it:

- If a user has 1 BTC in a single address and make a payjoin payment t= o other person of 0.1 BTC using that address as input, the other person can= see in a blockchain explorer the change address with an amount of 0.9 BTC.= That's a serious privacy leak. I would like to know what will be the standard solution to this issue. An = easy fix could be that the user wallet check if any address contains a BTC = amount higher than a "safe" amount like 0.01 BTC or less. If some= address exceed that amount the wallet could automatically make 1 payment to itself to split the amount in several addr= esses. In this way nobody receiving a payment from a user will ever know th= at he has a bitcoin balance higher than the "safe" amount.

What do you think?

Regards,

--_000_DB6PR10MB1832FFFFD06F26525522E826A6430DB6PR10MB1832EURP_--