diff --git a/coinjoins/README.md b/coinjoins/README.md new file mode 100644 index 0000000..508c9ba --- /dev/null +++ b/coinjoins/README.md @@ -0,0 +1,83 @@ +# Coinjoins & Privacy UX Primer + +- Bitcoin is not anonymous. +- Consider each address you generate as a new identity. +- Coin has history +- Histories can link addresses into clusters +- Public ledger +- Anyone can lookup +- New users may not be aware + +## Address Reuse + +Use a [hierarchical deterministic wallet](https://en.bitcoin.it/wiki/Deterministic_wallet) in order to avoid reusing an identity. + +Practicality + +- How do you adverise an address to be paid in a video? +- Handling gap limit, online and during recovery + +## Wallet Fingerprinting + +The way the transaction is constructed can give chain analysts an idea of which wallet was used. + +1. Change is sometimes the last output + 1. Solutions + 1. [Lexicographical Ordering (BIP 0069)](https://github.com/bitcoin/bips/blob/master/bip-0069.mediawiki) (see also [arguments against, search for bip 69 in transcript](https://diyhpl.us/wiki/transcripts/london-bitcoin-devs/2020-05-05-socratic-seminar-payjoins/)) + 2. Random Ordering - is there a standard? verifiable? deniable? +2. If the `nLockTime` in the transaction or `nSequence` of the inputs are set + - locktime type (absolute/`nLockTime`, [relative/`nSequence` (BIP 68)](https://github.com/bitcoin/bips/blob/master/bip-0068.mediawiki), and their [interactions](https://b10c.me/mempool-observations/1-locktime-stairs/)) + - locktime value type (blockheight, [MTP (BIP 113)](https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki)) + - [RBF opt in (BIP 125)](https://github.com/bitcoin/bips/blob/master/bip-0125.mediawiki) + +## Routing Transaction + +- Should use Tor + - Research Dandelion +- If an attacker has enough nodes in the network it can determine the location of where the transaction was broadcasted. + +## Methods + +### Coinswap + +Privacy through a swap for another users coin history. + +### Coinjoins + +Privacy by combining of coin history. + +#### Censoring + +- Some exchanges may not accept deposits from coinjoins +- Adding hops — *see Samourai Wallet's Ricochet* + +#### Components + +##### Rounds + +- Role of the coordinatior + +##### Coin Selection + +- Post-mix wallet MUST prevent joining inputs together. [cite_1] + +--- + +#### Techniques + +Types of coinjoin techniques... + +##### Equal Output Coinjoin + +- All parties mix the same output denominations + +##### PayJoin + +A type of coinjoin which involves two parties adding their inputs, and outputs on the same transaction so the direction of payment cannot be determined. + +- is not obviously visible as an equal-output [CoinJoin](https://en.bitcoin.it/wiki/CoinJoin) + +> If [PayJoin transactions](https://en.bitcoin.it/wiki/PayJoin) became even moderately used then it would make the [common-input-ownership heuristic](https://en.bitcoin.it/wiki/Common-input-ownership_heuristic) be completely flawed in practice. As they are undetectable we wouldn't even know whether they are being used today. As [Transaction surveillance companies](https://en.bitcoin.it/wiki/Transaction_surveillance_company) mostly depend on that heuristic, as of 2019 there is great excitement about the PayJoin idea. + +[1]: https://github.com/nopara73/ZeroLink#i-introduction +[2]: https://zmnscpxj.github.io/bitcoin/coinjoinxt.html diff --git a/coinjoins/process.md b/coinjoins/process.md new file mode 100644 index 0000000..2493bd2 --- /dev/null +++ b/coinjoins/process.md @@ -0,0 +1,92 @@ +# Coinjoin Process + +## Events + +### Start + +1. Connect to the coordinator +2. See how many rounds are active + +### Check Active Rounds + +- Fee Rate +- List of Preferred Denominations + +Rounds have a fee rate +Maximum input number + +### Request Registration + +Every registration request needs you to present credentials. + +- Request 0 credentials +- 0 credentials have no value + +### Input Registration + +- Show coordinator the inputs (outputs ) +- Prove you can spend it (sign round params) +- Show crednetials (0 credntials at first) +- Difference = Sum(10000 * ) + +### Connection Confriamtion + +- Keep telling the server that you're interested in the round — so others don't rely on your inputs if you are not available. + - How often must this be done? + +### Output Registration Phase + +- Everyone needs to query the status once more + - They learn all of the input signatures + - They want to know that everyone is seeing the same key for the server + - They wanna make sure everyones inputs is legit + - Everyone gets the signatures and verify them + - Then register outputs + - Same like registering inputs except it is negative + - Credentials as change + - Prove output amount is the same as the presented and requested credentials + - Everyone runs out of credentials + - All of the outputs are registered + +### Transaction Signing + +1. Now the round proceeds to transaction signing +2. They check for their own outputs, and sign for everyone of their inputs + +### Broadcast + +1. Coordinator broadcasts transactions with all signatures + +--- + + + +## Challenges + +### Time-staggered batched coinjoin payments + +- what is the problem +- what is the proposed flow +- what is the goals + +### Handling Change + +Change after a mix poses a problem as it can be tracked — so how do you dispose of very small outputs? + +#### WabiSabi + +- Dispose them through the coordinator — so someone doesnt know what charitiy. `wabisabi` + +- - Change can be tracked + +- Fee Credentials + +- Prepaid Fees + +- Opt in to donations using change + + +### Coin Selection + +- Wallet is able to select intelegently for you in cost effeicent ways but pershaps not in private ways because it does not understand the meaning of the labels. +- High anonimity coins can be auto-selected. \ No newline at end of file