[bitcoin-dev] Payjoin privacy with the receiver of the transaction

ZmnSCPxj ZmnSCPxj at protonmail.com
Fri Mar 22 16:05:13 UTC 2019

Good morning,

> >There's certainly some interesting about the idea of "pre-fragmenting" your wallet utxo so you can make (or in payjoin: receive) payments with better privacy aspects.However, it's pretty unlikely to be practical for normal users, as it'll generally result in pretty big and cost-ineffective transactions.
> For users that really want privacy it should not be a problem. When a wallet receive a high amount of btc (+100$ or another amount defined by the user) it can automatically make a transaction to itself splitting the amount in several addresses. The amounts that are already small don't need to be splitted again. Small amount addresses + Payjoin could give real privacy to bitcoin users. Users that don't want privacy could disable the "Private" mode in the wallet and disable the auto-splitting feature. 
> i.e.: you receive 1000$ in btc and the wallet make an automatic transaction to itself to 10 addresses, 100$ each.

It seems to me, to interact somewhat with ZeroLink.

Under ZeroLink, post-mix UTXOs must not be combined.
(Basic Post-Mix Wallet Requirement: "Post-mix wallet MUST prevent joining inputs together.")

The upshot of this, for practical use, is that as payments are done by the user, available coins become smaller and smaller.
And the maximum amount the user can pay with, is limited by the largest post-mix coin they have.

If a ZeroLink post-mix wallet were to split its UTXOs as soon as it got them from the mix, then it would immediately find itself limiting the maximum amount the user could pay.
I suppose if the ZeroLink post-mix wallet had multiple post-mix coins, it could split one of them for the same purpose as above.

Another thought, is if a ZeroLink post-mix wallet could support a Payjoin, as either receiver or sender.
Naively, it seems to me to improve privacy to do so, as long as the ZeroLink post-mix wallet only provides a single UTXO to the Payjoin, whether as receiver or sender.
For a ZeroLink post-mix wallet to a ZeroLink post-mix wallet Payjoin, this would typically result in a two-input, two-output transaction, with both participants having one input and one output each in the transaction, but difficult (?) for third parties to determine which input/output belongs to which.

Now, if we suppose that both ZeroLink and Payjoin become commonly used, then it is likely that two users using the same Chaumian CoinJoin mix transaction will find that one needs to pay the other.
Thus hopefully it may become common for a Chaumian CoinJoin mix transaction to have outputs that (directly or indirectly) merge into Payjoin two-input two-output transactions.
This can then be used to allow a ZeroLink post-mix wallet some limited amount of merging its post-mix UTXOs.
For instance, if a ZeroLink post-mix wallet has a 0.25BTC and a 0.15BTC coin, and needs to pay 0.3 BTC, it may very well simulate a Payjoin to itself, and create a transaction (0.25, 0.15) -> (0.35, 0.05).
Then it can use the 0.35BTC output to pay the 0.3 BTC.

Possibly, anyway.


More information about the bitcoin-dev mailing list