Published on: 2020-06-10T17:49:16+00:00
In an email to bitcoin-dev, Mr. Lee Chiffre expressed concerns about the effectiveness of payjoin and raised two main points. First, he questioned whether it would be possible for anyone to determine the sender, recipient, and amount of a transaction if payjoin became widely used. He provided an example where Alice pays 0.01 BTC to Bob through payjoin, highlighting that it would be obvious who sent the payment and how much was sent. Even if Alice combined another input, the transaction details would still be apparent. Mr. Lee Chiffre's second concern focused on the potential privacy implications of having just one consolidated unspent transaction output (UTXO) after each payjoin. He illustrated this with an example where Alice payjoins with Bob, and later Clark payjoins with Bob as well. Based on the payjoin between Clark and Bob, Clark could identify which UTXO belonged to Bob and consequently discern which one was Alice's. This could potentially allow someone to de-anonymize the payjoins that occurred before them in the transaction chain. The email response acknowledged that payjoin does break the common-input-ownership heuristic, which is a key factor in the effectiveness of blockchain surveillance. Satoshi mentioned this assumption in the whitepaper, noting the unavoidable loss of privacy. However, the fact that technology exists to challenge this assumption is considered a significant advantage of payjoin. The email also included a link to a paper on the unreasonable effectiveness of address clustering.Payjoin is a method used to enhance the privacy of Bitcoin transactions. Nevertheless, there are concerns about its effectiveness. One major concern is that if payjoin transactions are easily identifiable, it becomes possible for anyone to determine the sender, recipient, and amount involved. Additionally, the consolidation of UTXOs after each payjoin raises questions about the potential privacy breaches in transaction chains. For instance, if multiple payjoins occur with the same entity, it could allow someone to trace back the entire chain and decloak preceding payjoins. To address these concerns, suggestions include shuffling inputs and outputs or consistently using BIP39. While payjoin has the potential to improve privacy, it is important to acknowledge and address the existing concerns to ensure its effectiveness.
Updated on: 2023-08-02T02:22:07.379156+00:00