1021 sats \ 4 replies \ @sethforprivacy 6 May \ on: Coinjoin Workshop aka Emessbee 🐝: Unstoppable Coinjoins with No Coordinator bitcoin
OK, so after digging a bit the most interesting thing by far here is the use of ring signatures (like those leveraged in Monero) to prevent any mixing round participant from being able to deterministically link other participants inputs to outputs all without a central coordinator.
In the ZeroLink protocol used by Samourai Wallet, this blinding is done as a part of the "Chaumian Coinjoin" aspect of the protocol, but AFAICT there is no similar protections in JoinMarket today as it's more difficult to coordinate this in a decentralized fashion. This is actually significant, as it reduces the vulnerability of takers to both Sybil attackers and malicious makers.
Perhaps I'm missing something, but this could be extremely useful for JoinMarket to implement! This enhances the Sybil resistance of fidelity bonds and also better protects makers against takers that attempt to reveal their outputs.
They're not called ring signatures, they're called "bulletproofs"
reply
No, I definitely know how Monero works.
Monero uses ring signatures to hide the true spend in each transaction, while Bulletproofs are a form of zero-knowledge range proof used to hide transaction amounts while still allowing them to be verifiable.
Both are core to Monero's privacy, but are different.
reply
Right a combination of Adam Back's proposal called "confidential transactions" and "bullet proofs". Thought you guys lumped them together and just called it "v2" or something.
reply
The implementation of confidential transactions in Monero is called "RingCT" because it's implemented as a part of the ring signature construction, so you're definitely on the right path with that thought :)
Note that bulletproofs are a drastically more efficient way of handling the proofs in confidential transactions and are just a part of them.
reply