[bitcoin-dev] Exploring: limiting transaction output amount as a function of total input value

ZmnSCPxj ZmnSCPxj at protonmail.com
Tue Aug 31 14:22:29 UTC 2021

Good morning Zac,

> Hi ZmnSCPxj,
> Thank you for your helpful response. We're on the same page concerning privacy so I'll focus on that. I understand from your mail that privacy would be reduced by this proposal because:
> * It requires the introduction of a new type of transaction that is different from a "standard" transaction (would that be P2TR in the future?), reducing the anonymity set for everyone;
> * The payment and change output will be identifiable because the change output must be marked encumbered on-chain;
> * The specifics of how the output is encumbered must be visible on-chain as well reducing privacy even further.
> I don't have the technical skills to judge whether these issues can somehow be resolved. In functional terms, the output should be spendable in a way that does not reveal that the output is encumbered, and produce a change output that cannot be distinguished from a non-change output while still being encumbered. Perhaps some clever MAST-fu could somehow help?

I believe some of the covenant efforts may indeed have such clever MAST-fu integrated into them, which is why I pointed you to them --- the people developing these (aj I think? RubenSomsen?) might be able to accommodate this or some subset of the desired feature in a sufficiently clever covenant scheme.

There are a number of such proposals, though, so I cannot really point you to one that seems likely to have a lot of traction.


More information about the bitcoin-dev mailing list