-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BIP Draft for Octojoin #1669
base: master
Are you sure you want to change the base?
BIP Draft for Octojoin #1669
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
b03f800
to
a0dc7f5
Compare
a0dc7f5
to
c52c746
Compare
bar [125, 143, 157, 130, 117, 106, 121, 123, 127] | ||
</source> | ||
|
||
Transactions that already use 3 inputs and 2 outputs will serve as the anonymity set for octojoin transactions with default values. It is possible to change defaults and use more number of inputs and outputs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Transactions that already use 3 inputs and 2 outputs will serve as the anonymity set for octojoin transactions with default values. It is possible to change defaults and use more number of inputs and outputs. | |
Transactions that already use 3 inputs and 2 outputs will serve as the anonymity set for octojoin transactions with default values. It is possible to change defaults and use a higher number of inputs and outputs. |
|
||
====Swapped UTXOs==== | ||
|
||
Swapping UTXOs off-chain will obscure the transaction's input ownership and history. It also adds more noise on-chain to make chain analysis difficult |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Swapping UTXOs off-chain will obscure the transaction's input ownership and history. It also adds more noise on-chain to make chain analysis difficult | |
Swapping UTXOs off-chain will obscure the transaction's input ownership and history. It also adds more noise on-chain to make chain analysis difficult. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The hard part of this scheme appears to be the acquisition of inputs from varied sources, but then the proposed approach in this BIP seems to amount to using such UTXOs to fund an ordinary silent payment. It’s not clear to me whether this BIP draft amounts to an original innovation, given that the method of acquiring UTXOs of varied backgrounds does not appear to be in the focus of this BIP.
|
||
'''Input Obfuscation with Off-Chain Swaps''' | ||
|
||
Do off-chain swaps (e.g. statechain, submarine swaps, or coinswap) to obtain UTXOs with different histories. Ensure that all inputs come from other users except one belonging to the sender, making it difficult for on-chain analysts to determine ownership. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- A statechain UTXO is co-owned by the statechain operator and the last recipient in a multisig. Multisig inputs do not participate in the secret derivation.
- Submarine swaps refer to a multi-hop lightning payment whose last hop is executed as an on-chain payment to the recipient. Submarine swaps are easily identifiable via an on-chain HTLC construction and also include a multisig construction.
- A coinswap is a payment received to the recipient whose inputs were not controlled by the sender.
Given that two of the listed examples exhibit uncommon patterns, and the third constitutes a payment to a wallet that was executed by a different UTXO owner than the sender, it’s not clear to me how a transaction funded by a combination of such inputs would have significantly improved privacy properties. If an observer simply categorizes the inputs and analyses their pedigree under the corresponding context, it seems likely that a transaction would be sufficiently recognizable as an Octojoin and given the small number of Statechain and Submarine Swap providers, potentially even identifiable via information requests to such service providers. Could you please expand the motivation section by elaborating your arguments why participation in this scheme is expected to lead to a privacy improvement?
This BIP isn't about acquiring UTXOs but using them. Input selection used in such transactions along with outputs is the original innovation. Example for an octojoin transaction (both outputs belong to recipient): https://mempool.space/signet/tx/5447f526c64d4f00171f024aae38a1c347ad00e7a295247f9c6acfca21ed2655 I will address other comments after adding more things in next commit. |
I had written a blog post about the concept and it was shared on mailing list in July 2024. There wasn't any response on mailing list but I have discussed it with some developers and there seems to be lot of interest for the idea among users.
This is an initial draft and the pull request will help me complete the BIP ASAP.
TODO