Author: Chris Belcher 2020-04-29 15:06:01
Published on: 2020-04-29T15:06:01+00:00
The author discusses the benefits of a CoinSwap system compared to the JoinMarket maker, which also provides CoinSwap services using the same UTXOs. The transactions in a CoinSwap system are steganographic, while those in equal-output-coinjoins would lose this benefit. The JoinMarket wallet structure is divided into mixdepths, with the rule that UTXOs in different mixdepths cannot be spent simultaneously, making it challenging to handle multitransactions. A surveillor monitoring a specific mixdepth gets a good hint in solving the sparse subset sum problem if all the UTXOs in the multitransaction swap come from the same mixdepth. In contrast, if all the UTXOs come from different mixdepths, then a surveillor who has solved the sparse subset sum problem now knows that the various mixdepths belong to the same JoinMarket user.The author suggests that CoinSwap could use two or even just one mixdepth since CoinSwap transactions do not have the flaw of leaking change addresses like equal-output-coinjoins. CoinSwap can be combined with something like PayJoin or CoinJoinXT, which would genuinely break the common-input-ownership-heuristic (CIOH), so such a system wouldn't have this flaw either. If a CoinSwap system was implemented, Bob could split a UTXO he owns by using a change output, and we could intentionally break change detection heuristics.The author also talks about multi-transaction CoinSwaps, which are not truly an example of a subset-sum problem but rather a related and easier problem called "sparse subset sum." An adversary trying to unmix a 3-transaction CoinSwap would have to find the sum of every 3-combination of the relevant outputs. The author suggests that we can make a simplified reasonable assumption that outputs on the blockchain follow a lognormal distribution. To work this out precisely, we would need to study the distribution of output values on the blockchain today.
Updated on: 2023-06-14T00:53:51.222169+00:00