Author: Chris Belcher 2020-06-10 17:49:16
Published on: 2020-06-10T17:49:16+00:00
In an email to bitcoin-dev, Mr. Lee Chiffre expressed his concerns about the effectiveness of payjoin and asked if he was missing something. His first concern was that if payjoin became a common use, anyone could determine the sender, recipient, and amount of a transaction. He used an example of Alice and Bob doing a payjoin with Alice paying 0.01 BTC to Bob, where it would be very obvious who sent the payment and how much was sent. Even if Alice combined another input, it would still be apparent. Mr. Lee Chiffre's second concern was whether it would be easy to break the privacy of transaction chains if there was just one consolidated utxo after each payjoin. He used an example where Alice payjoins to Bob and later on, Clark payjoins with Bob. Based on the payjoin between Clark and Bob, Clark now knows what UTXO was actually Bob's and can then know which one was Alice's. By transacting a payjoin with someone, they could decloak the payjoins before them. The email response added that payjoin breaks the common-input-ownership heuristic, which is a significant reason why blockchain surveillance is so effective. The assumption is mentioned by Satoshi in the whitepaper, where he laments that the privacy loss is unavoidable. However, the fact that we have technology to break this assumption is a massive deal, and that's a big value-add of PayJoin. The email also provided a link to a paper on the unreasonable effectiveness of address clustering.
Updated on: 2023-06-14T02:18:45.659970+00:00