Good morning JAMES,
> No-one has yet demonstrated that Conjoin or using Wasabi wallet is secure if
> it relies on third-parties. Are the transaction not forwarded partially
> signed as with an SPV wallet? So it is possible the SPV server cannot
> redirect funds if dishonest? SPV wallets are secure producing fully signed
> transactions. A ConJoin transaction signs for the UTXO and forwards it to be
> included signed for in another larger transaction with many inputs and outputs
The above point was not answered, so let me answer this for elucidation of you
and any readers.
A CoinJoin transaction is a single transaction with many inputs and many
outputs.
Every input must be signed.
When used to obfuscate, each input has different actual entities owning the
coin.
In order to prevent fraud, it is necessary that what total amount each entity
puts into the transaction, that entity also gets out (in freshly-generated
addresses, which I hope you do not object to) as an output.
When providing its signature, each entity verifies that its provided address
exists in some output first before signing out its input.
The provided signature requires all the inputs and all the outputs to exist in
the transaction.
Because of this, it is not possible to take a "partial" signature for this
transaction, then change the transaction to redirect outputs elsewhere --- the
signature of previous participants become invalid for the modified transaction..
Thus, the security of the CoinJoin cannot be damaged by a third party.
Third parties involved in popular implementations of CoinJoin (such as the
coordinator in Wasabi) are nothing more than clerical actuaries that take
signatures of an immutable document, and any attempt by that clerical actuary
to change the document also destroys any signatures of that document, making
the modified document (the transaction) invalid.
> . Also, none of those you mention is inherently a Privacy Technology.
> Transparency is one of the key articles of value in Bitcoin because it
> prevents fraud.
The prevention of fraud simply requires that all addition is validatable.
It does not require that the actual values involved are visible in cleartext.
Various cryptographic techniques already exist which allow the verifiable
addition of encrypted values ("homomorphisms").
You can get 1 * G and 2 * G, add the resulting points, and compare it to 3 * G
and see that you get the same point, yet if you did not know exactly what G was
used, you would not know that you were checking the addition of 1 + 2 = 3.
That is the basis of a large number of privacy coins.
At the same time, if I wanted to *voluntarily* reveal this 1 + 2 = 3, I could
reveal the numbers involved and the point G I used, and any validator
(including, say, a government taxing authority) can check that the points
recorded on the blockchain match with what I claimed.
For the prevention of fraud, we should strive to be as transparent as *little*
as possible, while allowing users to *voluntarily* reveal information.
Regards,
ZmnSCPxj
_______________________________________________
bitcoin-dev mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
