Published on: 2020-01-16T02:11:44+00:00
A proposed protocol called Wormhole aims to enhance the privacy of Bitcoin transactions. It builds upon the ZeroLink CoinJoin protocol and introduces minor modifications to ensure that neither the sender nor the receiver gain knowledge of each other's inputs and outputs. This is achieved through the use of Schnorr blind signatures, which obscure the link between inputs and equal value outputs during the transaction process.The Wormhole protocol employs a centralized coordinator who is unable to steal or spy on the transaction. The coordinator remains unaware that Wormhole is being utilized. The outcome of the protocol is that the sender (A) possesses a 4 bitcoin UTXO with an anonset of 100, as well as a 0.5 bitcoin UTXO with an anonset of 1. On the other hand, the receiver (B) holds a 1 bitcoin UTXO with an anonset of 100. While the coordinator (W) is aware of A's input and change, they do not know which equal value output belongs to whom, nor are they aware that B has no inputs.Communication between A and B can take place through any private channel such as Tor, QR codes, SD cards, or carrier pigeons. The communication between A/B and W follows the same method used in the regular ZeroLink implementation, most likely involving Tor. The anonymity set of the equal value zero link outputs from A and B is determined by the total number of such outputs in the same transaction.Wormhole challenges the assumption that zero links are solely a consolidation within the same wallet. It is an interactive protocol that involves multiple rounds of communication, requiring all participants (A, B, and W) to be online. Additionally, the protocol can be combined with Pay to Endpoint or Knapsack to enable A to send a specific amount to B, with part of the transaction being the equal value zero link output and part being the P2EP change or Knapsack sub-transaction. There is also the possibility of integrating atomic coinswaps with Schnorr adaptor signatures, where A's input in CJTX1 "pays" B's output in CJTX2, although this may require B to know the signature (and thus the input) of A.
Updated on: 2023-08-02T01:47:48.158105+00:00