Ben Carman [ARCHIVE] on Nostr: 📅 Original date posted:2023-05-22 🗒️ Summary of this message: Using ...
📅 Original date posted:2023-05-22
🗒️ Summary of this message: Using ALL|ANYONECANPAY in coinjoin can reduce steps, but it poses risks such as adding unwanted inputs, lower fee rates, and lack of uniformity. Verification code is available.
📝 Original message:The problem with using ALL|ANYONECANPAY is that you cannot verify beforehand that the other inputs are the inputs you want added to the transaction.
Some examples of bad things that could happen:
* Coordinator adds its own inputs, you still get your outputs but effectively paid fees for no privacy gain
* The inputs added could be paying at a lower fee rate than expected, causing the tx to take longer than what you paid for
* Different input types or amount are added so you no longer have the same uniformity across the inputs
* (if you care) An input from a sanctioned address is added, causing you to get "tainted" coins.
This is the code in ln-vortex that verifies the psbt on the client side if you are curious
https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scala/com/lnvortex/client/VortexClient.scala#L616
Best,
benthecarman
________________________________
From: bitcoin-dev <bitcoin-dev-bounces at lists.linuxfoundation.org> on behalf of alicexbt via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
Sent: Monday, May 22, 2023 7:51 AM
To: Bitcoin Protocol Discussion <bitcoin-dev at lists.linuxfoundation.org>
Subject: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
Hi Bitcoin Developers,
I recently experimented with different sighash flags, PSBTs and realized ALL|ANYONECANPAY could be used to reduce some steps in coinjoin.
Steps:
- Register outputs.
- One user creates a signed PSBT with 1 input, all registered outputs and ALL|ANYONECANPAY sighash flag. Other participants keep adding their inputs to PSBT.
- Finalize and broadcast the transaction.
Proof of Concept (Aice and Bob): https://gitlab.com/-/snippets/2542297
Tx: https://mempool.space/testnet/tx/c6dd626591dca7e25bbd516f01b23171eb0f2b623471fcf8e073c87c1179c492
I plan to use this in joinstr if there are no major drawbacks and it can even be implemented by other coinjoin implementations.
/dev/fd0
floppy disk guy
Sent with Proton Mail secure email.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230522/9d45d394/attachment-0001.html>
🗒️ Summary of this message: Using ALL|ANYONECANPAY in coinjoin can reduce steps, but it poses risks such as adding unwanted inputs, lower fee rates, and lack of uniformity. Verification code is available.
📝 Original message:The problem with using ALL|ANYONECANPAY is that you cannot verify beforehand that the other inputs are the inputs you want added to the transaction.
Some examples of bad things that could happen:
* Coordinator adds its own inputs, you still get your outputs but effectively paid fees for no privacy gain
* The inputs added could be paying at a lower fee rate than expected, causing the tx to take longer than what you paid for
* Different input types or amount are added so you no longer have the same uniformity across the inputs
* (if you care) An input from a sanctioned address is added, causing you to get "tainted" coins.
This is the code in ln-vortex that verifies the psbt on the client side if you are curious
https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scala/com/lnvortex/client/VortexClient.scala#L616
Best,
benthecarman
________________________________
From: bitcoin-dev <bitcoin-dev-bounces at lists.linuxfoundation.org> on behalf of alicexbt via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
Sent: Monday, May 22, 2023 7:51 AM
To: Bitcoin Protocol Discussion <bitcoin-dev at lists.linuxfoundation.org>
Subject: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
Hi Bitcoin Developers,
I recently experimented with different sighash flags, PSBTs and realized ALL|ANYONECANPAY could be used to reduce some steps in coinjoin.
Steps:
- Register outputs.
- One user creates a signed PSBT with 1 input, all registered outputs and ALL|ANYONECANPAY sighash flag. Other participants keep adding their inputs to PSBT.
- Finalize and broadcast the transaction.
Proof of Concept (Aice and Bob): https://gitlab.com/-/snippets/2542297
Tx: https://mempool.space/testnet/tx/c6dd626591dca7e25bbd516f01b23171eb0f2b623471fcf8e073c87c1179c492
I plan to use this in joinstr if there are no major drawbacks and it can even be implemented by other coinjoin implementations.
/dev/fd0
floppy disk guy
Sent with Proton Mail secure email.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev at lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20230522/9d45d394/attachment-0001.html>