related posts
196 sats \ 0 replies \ @zman 13 Jan 2023
this is very cool indeed. there can surely be many other uses for this besides trustless mixing for privacy.
reply
0 sats \ 5 replies \ @k00b 13 Jan 2023
ELI5 for my soft brain?
reply
10 sats \ 4 replies \ @0260378aef 13 Jan 2023
Does the TLDR help? ("TLDR use Musig and adaptors in Schnorr to make an N-party coin swap such that if any 1 transaction gets broadcast, they all will.")
Adaptors mean that if you see a transaction broadcast, you can take its signature, subtract the adaptor of the other guys to get the corresponding secret you need to complete the signature on your transaction. See https://reyify.com/blog/multiparty-s6
reply
0 sats \ 3 replies \ @k00b 13 Jan 2023
Not really but that's okay.
I can just do homework if it's too hard to explain simply.
reply
1948 sats \ 1 reply \ @windsok 15 Jan 2023
my very basic understanding is that this allows a coinjoin to happen between multiple parties, but instead of having a single large coinjoin transaction that has everyone's inputs and outputs each party sends their own individual transaction.
This seems to have some good privacy benefits, as it would make it much harder to see that a coinjoin is happening, as each transaction just looks like a normal transaction with 1 input and 1 output, and does not look like a coinjoin.
reply
331 sats \ 0 replies \ @kristapsk OP 15 Jan 2023
It's not CoinJoin, it's CoinSwap. https://en.bitcoin.it/wiki/CoinSwap
reply
21 sats \ 0 replies \ @0260378aef 14 Jan 2023
It's old now but https://download.wpsoftware.net/bitcoin/wizardry/mw-slides/2018-05-18-l2/slides.pdf may help, it's high level and abstract, from the originator of the idea (Poelstra).
Important to note that while this all might seem a bit "pie in the sky", it's at the heart of a generally accepted plan to upgrade the Lightning network to a better privacy model, see "PTLC" - I feel sure you'll have heard of that.
The above experiment is an extension to a more-than-2 party swap, which happens to work with adaptors (whereas it couldn't work with HTLC style coinswaps, because hashes aren't additive). That's about it.
reply