Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id D38FAC016F for ; Wed, 10 Jun 2020 07:09:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C2F6E81F27 for ; Wed, 10 Jun 2020 07:09:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c2z4uuXKQKcV for ; Wed, 10 Jun 2020 07:09:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40132.protonmail.ch (mail-40132.protonmail.ch [185.70.40.132]) by whitealder.osuosl.org (Postfix) with ESMTPS id 766038060A for ; Wed, 10 Jun 2020 07:09:10 +0000 (UTC) Date: Wed, 10 Jun 2020 07:09:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1591772948; bh=0DLcaw7jPbNOG2W5n61XY17qtVOoLcaQd4IBv4uwnto=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=YQ69oaSxwlz8uzeHkdWADtfU0ukeBlsGjYOeP/jCPqUMyE2EBVvBUT03NMtkZ7V8b wsyFGZCzsKA1wV4INGHKcyu8W0/00+h8eC/S8+q5BWz34foM3cemMnh2T6BRIzqmuA pndUZf1v5ZhjVZh8jHDV/ts2fk1WyfqRENKzoERk= To: "Mr. Lee Chiffre" , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: <5b77933071fa02e900183d8d5e24d866.squirrel@giyzk7o6dcunb2ry.onion> References: <82d90d57-ad07-fc7d-4aca-2b227ac2068d@riseup.net> <5b77933071fa02e900183d8d5e24d866.squirrel@giyzk7o6dcunb2ry.onion> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] Design for a CoinSwap implementation for massively improving Bitcoin privacy and fungibility X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2020 07:09:12 -0000 Good morning Mr. Lee, > > =3D=3D=3D Combining multi-transaction with routing =3D=3D=3D > > Routing and multi-transaction must be combined to get both benefits. If > > Alice owns multiple UTXOs (of value 6 BTC, 8 BTC and 1 BTC) then this i= s > > easy with this configuration: > > > > Alice > > (6 BTC) (8 BTC) (1 BTC) > > | | | > > | | | > > v v v > > Bob > > (5 BTC) (5 BTC) (5 BTC) > > | | | > > | | | > > v v v > > Charlie > > (9 BTC) (5 BTC) (1 BTC) > > | | | > > | | | > > v v v > > Dennis > > (7 BTC) (4 BTC) (4 BTC) > > | | | > > | | | > > v v v > > Alice > > > > Great work Chris and you have my respects for your contributions to > Bitcoin. A concern I have with bitcoin is scalability and privacy. Both > are important. The reasons people bash on Monero is also the same issue > Bitcoin has. The very large transaction size to achieve acceptable privac= y > on a distributed financial network. Im not shilling Monero here. I am onl= y > saying that bitcoin transactions with similar privacy properties are at > least equally as large as Monero transactions. Coinjoin on Monero can be > compared to ring signatures in Monero from the view of using decoys to > help conceal the source. From this proposal is this to say that > transactions will be at least 12 times larger in size to achieve the > property of privacy that bitcoin is currently missing? CoinSwap lets you buy privacy at whatever rate is manageable for you. You can buy a simple non-routed non-multitransaction CoinSwap, for example,= instead of larger sections like the above, depending on your privacy needs= . Even doing a non-routed non-multitransaction CoinSwap would help fungibilit= y of those doing more complex setups, because the tiny CoinSwaps you make a= re made of "the same things" that the more complex CoinSwaps are made of. > > Another thing to consider is that if coinswaps cannot be sent as a paymen= t > then a coinswap needs to take place after every transaction to keep the > privacy and unlinkability from your other bitcoin transactions. > > I always thought that CoinSwap would be and is a very much needed thing > that needs developed. The ability to swap coins with other people in a > trustless way and way that is not linkable to the public blockchain. But > how can this be scalable at all with the multiple branches and layers? > This is a good idea in theory but my concern would be the scalability > issues this creates. > > Do you have any comments on this? > Thank you Overall, multiple mixing techniques cover a wide range of cost and privacy. * PayJoins are cheap and almost free (you are coordinating with only one ot= her participant who is strongly incentivized to cooperate with you, and mak= ing a single overall tx) but buys you only a small dollop of privacy (trans= action can be misinterpreted by chain analysis, but probabilistic analysis = can be "reasonably accurate" for a few transactions). * Equal-valued CoinJoins are slightly more expensive than PayJoins but give= a good amount of privacy (you are coordinating with multiple participants,= and probably paying coordination/participation fees, but *which* output is= yours will give probabilistic analysis a run for its money, although it is= obvious that you *did* participate in a CoinJoin). * CoinSwaps are a good bit more expensive than equal-valud CoinJoins but gi= ve a significant amount of privacy for their cost (you are coordinating wit= h multiple participants and paying coordination/participation fees *and* yo= u run the risk of getting your funds timelocked in case of network communic= ations problems or active hacking attempts, but it is hard for chain analys= is to even *realize* that a CoinSwap even occurred, i.e. it is steganograph= ic). Chris argues that CoinSwap gives better privacy:cost ratios than equal-valu= ed CoinJoins, you can wait and see if he gives more supporting arguments re= garding this, but overall the various mixing tech exists to give choice on = how much privacy you buy. Regards, ZmnSCPxj