[bitcoin-dev] Exploring: limiting transaction output amount as a function of total input value
ZmnSCPxj
ZmnSCPxj at protonmail.com
Tue Aug 31 14:22:29 UTC 2021
Good morning Zac,
> Hi ZmnSCPxj,
>
> Thank you for your helpful response. We're on the same page concerning privacy so I'll focus on that. I understand from your mail that privacy would be reduced by this proposal because:
>
> * It requires the introduction of a new type of transaction that is different from a "standard" transaction (would that be P2TR in the future?), reducing the anonymity set for everyone;
> * The payment and change output will be identifiable because the change output must be marked encumbered on-chain;
> * The specifics of how the output is encumbered must be visible on-chain as well reducing privacy even further.
>
> I don't have the technical skills to judge whether these issues can somehow be resolved. In functional terms, the output should be spendable in a way that does not reveal that the output is encumbered, and produce a change output that cannot be distinguished from a non-change output while still being encumbered. Perhaps some clever MAST-fu could somehow help?
I believe some of the covenant efforts may indeed have such clever MAST-fu integrated into them, which is why I pointed you to them --- the people developing these (aj I think? RubenSomsen?) might be able to accommodate this or some subset of the desired feature in a sufficiently clever covenant scheme.
There are a number of such proposals, though, so I cannot really point you to one that seems likely to have a lot of traction.
Regards,
ZmnSCPxj
More information about the bitcoin-dev
mailing list