Hi Ali, > It would probably only work out if each output got their own private keys, > since otherwise Alice can't share any outputs with Bob and vice versa. > The whole thing sounds like an HTLC with an additional trading of private > keys for the actual trades instead of in the HLTC. How are they going to > share their private keys securely, with PGP?
Alice and Bob can share outputs and these are swapped in the replacement transactions. A 2of3 multisig and Carol is required so that nobody cheats. Trading of private keys is not required. I have explained things in a different way in my [last email][1] sent to Michael Folkson. [1]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-August/020841.html /dev/fd0 Sent with Proton Mail secure email. ------- Original Message ------- On Saturday, August 6th, 2022 at 7:46 PM, Ali Sherief <a...@notatether.com> wrote: > It would probably only work out if each output got their own private keys, > since otherwise Alice can't share any outputs with Bob and vice versa. > > The whole thing sounds like an HTLC with an additional trading of private > keys for the actual trades instead of in the HLTC. How are they going to > share their private keys securely, with PGP? > Perhaps Taproot with its selective revealing of certain script branches can > help here, but I'm not sure about details. > - Ali > > > > Hi Bitcoin Developers, > > > > Does it make sense to trade replacement transactions for privacy? I have > > shared basic details to implement this and would love to read opinions > > about it or ways to improve it: > > > > ============================= > > alice > > ============================= > > > > tx1: input a (0.01) -> output b1 (0.008) > > -> change c1 (0.001) > > > > tx2: input a (0.01) -> output e2 (0.007) > > -> output f2 (0.001) > > > > ============================= > > > > bob > > ============================= > > > > tx1: input d (0.011) -> output e1 (0.007) > > -> change f1 (0.003) > > > > tx2: input d (0.011) -> output b2 (0.008) > > -> output c2 (0.001) > > > > ============================= > > > > carol > > ============================= > > > > - creates an API to manage trades that will use 2 of 3 multisig > > - alice and bob create orders for replacement > > - either they could be matched automatically using some algorithm or bob > > manually accepts the offer > > - 2 of 3 multisig is created with Alice, Bob and Carol keys > > - bob locks 0.01 BTC in it and shares outputs e2,f2 with alice > > - alice signs tx2 and shares tx with bob > > - alice locks 0.011 BTC in it and shares outputs b2,c2 with bob > > - bob signs tx2 and shares with alice > > - both replacement txs can be broadcasted > > - funds are released from 2 of 3 multisig with a tx having 3 outputs (one > > to pay fee which goes to carol) > > > > positives: > > > > - privacy > > > > negatives: > > > > - extra fees > > - will take some time although everything will be managed by wallet with > > API provided by carol > > - need to lock bitcoin with same amount as used in tx1 > > - amounts could still be used to link txs in some cases- carol and other > > peer knows the details > > > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
