public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: alicexbt <alicexbt@protonmail•com>
To: Ben Carman <benthecarman@live•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
Date: Tue, 23 May 2023 12:34:03 +0000	[thread overview]
Message-ID: <WEKSZ7Q3Eloj2wIrMIjdLPpvmhKq9nvcZz5Agb6CvnpOAGrkRXatFogui9N7XnSorQ4BymhISqAHjss90M1F-H-HIaGKvbfaCTXDCVHQsqM=@protonmail.com> (raw)
In-Reply-To: <SJ1P223MB0531D7D62140F0516A25897AA1439@SJ1P223MB0531.NAMP223.PROD.OUTLOOK.COM>

Hi Ben,

Thanks for the feedback.

> -   Coordinator adds its own inputs, you still get your outputs but effectively paid fees for no privacy gain

What will be the incentive for a coordinator to add its inputs in coinjoin? Is this possible without ALL|ANYONECANPAY as well? Even if there is an incentive its unlikely to work in joinstr as there is no centralized coordinator. Multiple common relays are used to coordinate a coinjoin round.

> -   The inputs added could be paying at a lower fee rate than expected, causing the tx to take longer than what you paid for
> -   Different input types or amount are added so you no longer have the same uniformity across the inputs

> This is the code in ln-vortex that verifies the psbt on the client side if you are curious
> 
> https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scala/com/lnvortex/client/VortexClient.scala#L616

These 2 are important things and could be managed with client side validation by keeping min-max amounts for inputs in a round and disallow different types of inputs. Thanks for sharing the code that validates PSBT.

Joinstr will also use NIP38/48 channels for coinjoin rounds so that only participants in a coinjoin round are aware of details.

/dev/fd0
floppy disk guy

Sent with Proton Mail secure email.

------- Original Message -------
On Tuesday, May 23rd, 2023 at 4:21 AM, Ben Carman <benthecarman@live•com> wrote:


> The problem with using ALL|ANYONECANPAY is that you cannot verify beforehand that the other inputs are the inputs you want added to the transaction.
> 
> Some examples of bad things that could happen:
> 
> 
> -   Coordinator adds its own inputs, you still get your outputs but effectively paid fees for no privacy gain
> -   The inputs added could be paying at a lower fee rate than expected, causing the tx to take longer than what you paid for
> -   Different input types or amount are added so you no longer have the same uniformity across the inputs
> -   (if you care) An input from a sanctioned address is added, causing you to get "tainted" coins.
>     
> 
> This is the code in ln-vortex that verifies the psbt on the client side if you are curious
> 
> https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scala/com/lnvortex/client/VortexClient.scala#L616
> 
> 
> Best,
> 
> benthecarman
> 
> 
> 
> From: bitcoin-dev <bitcoin-dev-bounces@lists•linuxfoundation.org> on behalf of alicexbt via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org>
> Sent: Monday, May 22, 2023 7:51 AM
> To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
> Subject: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
> 
> Hi Bitcoin Developers,
> 
> I recently experimented with different sighash flags, PSBTs and realized ALL|ANYONECANPAY could be used to reduce some steps in coinjoin.
> 
> Steps:
> 
> - Register outputs.
> - One user creates a signed PSBT with 1 input, all registered outputs and ALL|ANYONECANPAY sighash flag. Other participants keep adding their inputs to PSBT.
> - Finalize and broadcast the transaction.
> 
> Proof of Concept (Aice and Bob): https://gitlab.com/-/snippets/2542297
> 
> Tx: https://mempool.space/testnet/tx/c6dd626591dca7e25bbd516f01b23171eb0f2b623471fcf8e073c87c1179c492
> 
> I plan to use this in joinstr if there are no major drawbacks and it can even be implemented by other coinjoin implementations.
> 
> /dev/fd0
> floppy disk guy
> 
> Sent with Proton Mail secure email.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


      parent reply	other threads:[~2023-05-23 12:34 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-22 12:51 alicexbt
2023-05-22 22:51 ` Ben Carman
2023-05-23 12:17   ` Lucas Ontivero
2023-05-23 12:48     ` alicexbt
2023-05-23 12:34   ` alicexbt [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='WEKSZ7Q3Eloj2wIrMIjdLPpvmhKq9nvcZz5Agb6CvnpOAGrkRXatFogui9N7XnSorQ4BymhISqAHjss90M1F-H-HIaGKvbfaCTXDCVHQsqM=@protonmail.com' \
    --to=alicexbt@protonmail$(echo .)com \
    --cc=benthecarman@live$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox