> ❌ This is the flaw with Full-Agg for protocols like CoinJoin or PayJoin, Full-Agg introduces complexity.

Coinjoins are already interactive, so there's no new complexity introduced.

kruw

bitcoin

# CISA: Full-Aggregation & Interactivity issues  

![](https://m.stacker.news/84418)

---

### Reminder  
In the previous post, we explained:

- **Half-Agg** → Non-interactive  
- **Full-Agg** → Interactive


![](https://m.stacker.news/84419)



## 🔍 What does "interactivity" mean?

Let’s break it down 👇

---

Creating an aggregate signature requires **communication between participants**

Let’s illustrate this with Alice and Bob
![](https://m.stacker.news/84445)



To create `Sigₐgg`, Alice and Bob must  exchange cryptographic commitments.

![](https://m.stacker.news/84425)

After sharing commitments, each signer creates a partial signature

Partial signatures are then combined to produce the final aggregate signature

```
Sigₐgg = (∑Rᵢ, ∑sᵢ)
```

---
## ❌ This is the flaw with Full-Agg
![](https://m.stacker.news/84426)


---

## ⚠️ For protocols like CoinJoin or PayJoin,  
Full-Agg introduces **complexity**:

![](https://m.stacker.news/84427)

---

![](https://m.stacker.news/84428)

---


## ✅ But Full-Agg works great  
when **one user controls all inputs**

![](https://m.stacker.news/84430)

---

![](https://m.stacker.news/84431)

*(Source: HRF CISA Research Paper)*

---

## 🧬 The hybrid approach  
**Combine Full-Agg and Half-Agg**

![](https://m.stacker.news/84447)


*from: [hrf.org/latest/cisa-research-paper](https://hrf.org/latest/cisa-research-paper)*

---
Follow [@Bitcoin_Devs](https://twitter.com/Bitcoin_Devs)  for more Bitcoin technical posts.

![](https://m.stacker.news/84448)

