Good morning waxwing, > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Friday, 21 February 2020 22:17, Antoine Riard via bitcoin-dev > bitcoin-dev@lists.linuxfoundation.org wrote: > > > How can a Bitcoin tranaction leak protocol usage ? > > > > - the output type (p2sh, p2wsh, ...) > > - the spending policy (2-of-3 multisig, timelock, hashlock,...) > > - outputs ordering (BIP69) > > - nLocktime/nSequence > > - RBF-signaling > > - Equal-value outputs > > - weird watermark (LN commitment tx obfuscated commitment number) > > - fees strategy like CPFP > > - in-protocol announcements [0] > > Good list. > Another one, usually wouldn't be protocol as much as wallet leakage, but > could be: utxo selection algorithm (which of course may be difficult to > deduce, but often, far from impossible). > (Also trivial and increasingly irrelevant, but nVersion). > > With regards to coinjoin in this context (I know your points are much > broader), my comment is: > For existing protocols (joinmarket's, wasabi's, samourai's), in the > equal-outs paradigm, I don't see much that can be done in this area. > But I would ask people to consider CoinJoinXT[1] more seriously in a > taproot/schnorr world, since it addresses this exact point. With a short (not > cross-block like swaps or LN setup) interaction, participants can arrange the > effect of coinjoin without the on-chain watermark of coinjoin (so, > steganographic). The taproot/schnorr part is needed there because multisig is > required from transaction to transaction in that protocol, so doing it today > is less interesting (albeit still interesting).
CoinJoinXT is indeed something I am interested in at some point: https://zmnscpxj.github.io/bitcoin/coinjoinxt.html The above writeup is a client-server model, with multiple clients mixing. If none of the participants reveal that a CoinJoinXT was done, then the graph is difficult to detect as such. However, if any participants reveal that a CoinJoinXT was done, it has a fallback such that it is almost as good as an equal-value CoinJoin (but takes up more block space). At least it is not immediately obvious that it is in fact a CoinJoinXT from *just* a simple transaction analysis, which we hope is enough to deter simple policies like "check N transactions back for a transaction with more than one equal-valued output". Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev