Author: ZmnSCPxj 2020-04-30 08:54:28
Published on: 2020-04-30T08:54:28+00:00
The article discusses the implementation of CoinSwap, a protocol that allows two parties to swap their UTXOs without revealing any information about their respective wallets. CoinSwap can be combined with PayJoin or CoinJoinXT to break the common-input-ownership-heuristic (CIOH), which is used to identify owners of inputs in equal-output-coinjoins and JoinMarket. The idea of using two mixdepths for CoinSwap is also discussed. This can be done by separating a receiving wallet from a sending wallet or imposing a rule where all sends must be via CoinSwap.Multi-transaction CoinSwaps can be done by having UTXOs come from the same mixdepth, but inputs that should be separate should not be co-spent in the same transaction. Despite this, the author believes that some kind of mixdepth facility will still matter in CoinSwap to protect against the issue of co-spending inputs. To protect privacy during CoinSwap transactions, Alice should always specify a "payment amount" even if it is not actually a payment. Bob can also intentionally break change detection heuristics by making his change output p2wpkh or p2pkh.The article explores ways to increase anonymity sets in CoinSwap by creating situations where an adversary would find a huge number of false positives. One idea is to require standard swap amounts, similar to the standard 100mBTC mixing bin of Wasabi. The author also suggests randomly selecting some existing 1-input 1-output transactions in the mempool and/or recent blocks, summing them, and swapping for the same sum to force at least one false positive.The distribution of output values on the blockchain is a significant factor in determining whether or not sparse subset sum is easier than subset sum. The assumption that this distribution follows a lognormal distribution is likely accurate, given its prevalence in economics and finance. Despite the fact that sparse subset sum may be easier than subset sum, it is still likely to be difficult enough to remain secure in practice. Additionally, some output amounts have very few significant figures, which can be used to add privacy by occasionally rounding one of our outputs in the same way.
Updated on: 2023-06-14T00:56:34.084814+00:00