‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, 21 February 2020 22:17, Antoine Riard via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> How can a Bitcoin tranaction leak protocol usage ? > * the output type (p2sh, p2wsh, ...) > * the spending policy (2-of-3 multisig, timelock, hashlock,...) > * outputs ordering (BIP69) > * nLocktime/nSequence > * RBF-signaling > * Equal-value outputs > * weird watermark (LN commitment tx obfuscated commitment number) > * fees strategy like CPFP > * in-protocol announcements [0] > Good list. Another one, usually wouldn't be *protocol* as much as wallet leakage, but could be: utxo selection algorithm (which of course may be difficult to deduce, but often, far from impossible). (Also trivial and increasingly irrelevant, but nVersion). With regards to coinjoin in this context (I know your points are much broader), my comment is: For existing protocols (joinmarket's, wasabi's, samourai's), in the equal-outs paradigm, I don't see much that can be done in this area. But I would ask people to consider CoinJoinXT[1] more seriously in a taproot/schnorr world, since it addresses this exact point. With a short (not cross-block like swaps or LN setup) interaction, participants can arrange the effect of coinjoin without the on-chain watermark of coinjoin (so, steganographic). The taproot/schnorr part is needed there because multisig is required from transaction to transaction in that protocol, so doing it today is less interesting (albeit still interesting). waxwing [1] https://joinmarket.me/blog/blog/coinjoinxt/ _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
