Good morning JAMES,
> Good Afternoon,
>
> Verifiable and independantly verifiable are not the same. Independantly
> scrutinable means any public can scrutinise blockchain to determine it
> is honest. It does not rely on involved parties but insistently on the
> data published in the blockchain.
The involved parties ultimately publish the data on the blockchain, and the
result is independently validatable.
All that each involved party has to do is validate for itself that it does not
lose any funds, and, by the operation of math, the summary result does not
result in any loss (or creation) of funds, thus CoinJoin cannot lead to fraud.
I do not see much of a point in your objection here.
For example, in the case of Lightning, the individual payments made by the
participants in the channel cannot be verified by anyone else (they can lie
about the payments that occurred on their channel).
But both participants in the channel need to agree on a single result, and it
is that summary result that is independently verified onchain and published.
Indeed, one major technique for privacy improvement in Bitcoin is the simple
technique of creating summaries of multiple actions without revealing details.
Such a general class of techniques works by reducing the data pushed onchain
which provides both (a) scale because less data on chain and (b) privacy
because less data is analyzable onchain.
Basically ---
1. The entire point of a public blockchain is to prevent uncontrolled forgery
of the coin.
Only particular rules allow construction of new coins (in Bitcoin, the
mining subsidy).
2. Various techniques can be used to support the above central point.
* The simplest is to openly publish every amount value in cleartext.
* However, this is not necessarily the ***only*** acceptable way to
achieve the goal!
* Remember, the point is to prevent uncontrolled forgery.
The point is **not** mass surveillance.
* Another method would be to openly publish **summaries** of transactions,
such as by Lightning Network summarizing the result of multiple payments.
* CoinJoin is really just a way to summarize multiple self-payments.
* Another method would be to use homomorphisms between a cleartext and a
ciphertext, and publish only the ciphertext (which can be independently
verified as correctly being added together and that inputs equal outputs plus
fees).
No privacy technique worth discussing and development in Bitcoin gets around
the above point, and thus fraud cannot be achieved with those (at least if we
define fraud simply as "those who control the keys control the coins" ---
someone stealing a copy of your privkeys is beyond this definition of fraud).
Any privacy improvement Taproot buys (mostly in LN, but also some additional
privacy for CoinSwap) will still not allow fraud.
Regards,
ZmnSCPxj
_______________________________________________
bitcoin-dev mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
