pull down to refresh

Dreaming about CoinJoin at protocol level
5176 sats \ 10 comments \ @italiansatoshi 20 Nov 2023 bitcoin

Disclaimer

This is a dream. I'm not even aware if this stuff is even possible but, you know, dreaming is free. There's the VERY REAL possibility that all the following rant is pure bullshit.

Falling alseep

All started while I was on my couch going through my Twitter timeline and I stumbled upon this thread. It had been a few days that a thought was running through my mind:
Is it feasible to get perfect privacy for all TXs in every future block, without relying on end user post-intervention (coinjoining), making any chain-analysis useless ? That would be a huge step forward.
Try to think about it like whirlpool-ing each and every transaction in every future confirmed block aiming at 100% entropy, 0 deterministic links & 0 "unmixed change".
CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol.
But... someone has to do this job and I think that they should be miners. More on this later on.

Start dreaming

In my dream there's a magic black box, at bitcoin protocol level, which is able to mix and match (coinjoin) all the transactions added to the block by the miner while it run his ASICS to find a nonce that create a block hash that is below the target difficulty (which is a valid Proof-of-Work).
The miner will collect additional fees for this work - possibly a fixed amount of sats for each transaction - on top of the current subsidy and the regular fees. This will keep - and perhaps rise - the incentive for the miner itself.
In this fantasy world, every future valid block will contain only already coinjoined transaction. No purchase history, no real time balances. Heuristics will be broken. Fuck chain analysis.

REM activity detected

I admit it candidly. I've no idea how to make this work. Remember? This is only a dream. In the remote case that this is technically possible without harming the current protocol, I can guess that a lot of time and wizardry by bitcoin devs will be needed to create such a magic black box.
I'm not even aware of what sort of technical problems should be faced up let alone their complexity.
But hey, if we can dream about citadels we can also dream about perfect privacy at protocol level. Can't we ?
Thinking about consequences, at minimum time between blocks would increase. This would lead to more time needed for on-chain transaction confirmation; to postpone halving dates and who knows what else.
On the bright side, every end user would be able to just transact with bitcoin (no matter which wallet is used) while the protocol itself take care of obfuscate the details to any chain analysis attempt.
Every bitcoin will be more fungible, so we can safely ignore any connection between any particular individual or use case it interacted with in the past.
Last but not least, probably it will render any KYC procedure less useful.

The morning after

Well, it's time to wake up. But who knows? Maybe someday in the future, as I wake up scratching my head, I'll be surprised by the news that my dreams have come true.
Please consider all of this as a madman's utterances and act accordingly.
@italiansatoshi

Relevant material

Twitter thread by BitcoinQ+A and Matt Odell
NoKYConly by BitcoinQ+A
Rabbit Hole Recap: Week of 2020.09.14
Samourai Wallet – Bitcoin Culture & New Privacy Features
Clark Moody Bitcoin - Dashboard
write
preview
related posts
1046 sats \ 4 replies \ @OT 20 Nov 2023
I remember Peter Todd talking about this (think it was on bitcoin takeover pod).
It would be hard to coin join over a certain amount. Imagine someone sending 1000 bitcoin, there would need to be a HUGE pool to match these tx.
Then the other problem would be that these "decoy" TX will be taking up a lot of block space. It will be expensive & harder to get into a block.
I like the idea, but I think having a large liquidity pool that you can use to coin join & collaborative TX would be best. Imagine if samurai, wasabi all used join market together like a happy family, we'd have the cheapest CJ as competition does its thing.
reply
42 sats \ 3 replies \ @anon 20 Nov 2023
Man, with just few wisdow words you made my dream a nightmare 🤢 Anyway I've to totally agree with your points cause you're absolutely right expeciallt about block space and price to get into a block. Sad is I have had a hard wake up.
reply
0 sats \ 1 reply \ @stackeraw 21 Nov 2023
Dont give up. Creative people brings sometimes breakthrough nobody could imagine. remember Albert eindstein about Imagination. Someday you will hit it big. Look at this artikel If it will give you a push in right path
https://bigthink.com/starts-with-a-bang/einstein-famous-quote-misunderstood/
reply
0 sats \ 0 replies \ @OT 21 Nov 2023
I think it would require at least a softfork. It might be hard to get consensus on something like this. Maybe if chain analysis gets perfected, then everyone might agree
reply
0 sats \ 0 replies \ @OT 21 Nov 2023
Haha, yeah I liked the idea after hearing PT mention that one time. There might be a way to do it, but I haven't heard it yet.
reply
100 sats \ 0 replies \ @037447d9ca 21 Nov 2023
you just dreamed about Grin
reply
0 sats \ 0 replies \ @anon 21 Nov 2023
This can be solved at the wallet level: every wallet provider could in theory make the transactions of their custodial users into one big coin-join. For non-custodial wallets the challenge gets much bigger.
At the mining level one big coin-join pool is very difficult to make. Basically, you/your wallet should be able to securely exchange keys with all others users/wallets before submitting the transaction to the mem pool. I believe the MimbleWimble protocol works with one-big-coinjoin-per-block sort of system.
reply
0 sats \ 1 reply \ @pepe78 21 Nov 2023
If there is a coin join at protocol level, will be a reason for governments to make it illegal
reply
0 sats \ 0 replies \ @Dash_1971 21 Nov 2023
Yes.
reply
0 sats \ 0 replies \ @davidw 20 Nov 2023 freebie
Nice write-up. Jealous of your dreams. I'm by no means an expect on these matters, but anything that requires miners making a decision is probably best avoided.
I believe the solution to the problem is effectively what Payjoin offers. Without any hard fork or soft fork required. Using pure business and financial incentive to scale. We just need to accelerate its awareness & adoption.
What is Payjoin? If you're still unsure of how Payjoins work, here on SN is perhaps the best write-up of late from @ratiotile, then there is the payjoin.org site or my SN teaser.
Payjoin incenitivises any exchange, wallet, lightning-btc swap service or any business whatsoever to adopt collaborative transactions. Privacy isn't even really on the agenda, because not only can it help the business save on fees, it can cut-out entire transactions entirely by connecting buyer with seller, customer with supplier or multiple parties with multiple parties.
Rather than going from A) customer to B) company to C) supplier. B could just accept payments that automatically forward all A) customer deposits to C) supplier addresses at a given interval/period.
There's no miner incentive in this case, in fact it will reduce their fees due to a smaller chain footprint with fewer transactions. Yet that's probably something to be celebrated, there is no decision for miners to make.