Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ecash for change output value matching #59

Open
stiell opened this issue Jun 23, 2019 · 3 comments
Open

Ecash for change output value matching #59

stiell opened this issue Jun 23, 2019 · 3 comments
Labels
ideas

Comments

@stiell
Copy link

stiell commented Jun 23, 2019

Is your feature request related to a problem? Please describe.

Change outputs are currently nearly always unique and each output can therefore be associated with its corresponding input(s). However, looking at some CoinJoin transactions, there are many change outputs that are close to each other in value, and very often close to 0.1 BTC. If the values could be slightly adjusted to match other outputs, these outputs could become part of an anonymity set, or even contribute to the main anonymity set.

Describe the solution you'd like

I'd like to propose the idea of having the coordinator issue long-lived ecash tokens of a relatively small denomination, which users may cash in to increase their effective input, and which are paid out if an output is decreased to match other outputs. The ecash tokens obtained in one round may be used anonymously in a later round.

The client needs to trust the coordinator with the validity of these tokens, so they should only be used for small amounts and the client should only accept holding up to a certain amount of tokens at any time (e.g. up to 100k sat worth).

Ecash tokens should all be of the same denomination, e.g. 10k sat, for maximum anonymity. However, fractions of the token denomination may be handled by using provably fair stochastic rounding.

These tokens might be used in other ways: What about, instead of only adjusting output values to match, each output value is randomised a little, exchanging tokens to compensate? Outputs are no longer exactly equal, yet anonymity is preserved.

Describe alternatives you've considered

An alternative might be to allow for small output adjustments without exchanging ecash tokens, but the tolerated range of such adjustments would probably be smaller.

Adjustments via LN? I think it would get more complicated in several respects.

CT would of course fix this whole issue, but I don't think this is coming to Bitcoin anytime soon.

edit: I guess this issue rather belongs in ZeroLink.
@nopara73
Copy link
Contributor

I'll move it to the Meta project. Unfortunately I don't think we can even consider it, due to regulatory issues with custodial things :/

@nopara73
Copy link
Contributor

But definitely a worthy conversation to be had.

@nopara73 nopara73 transferred this issue from WalletWasabi/WalletWasabi Jun 24, 2019
@nopara73 nopara73 added the ideas label Jun 24, 2019
@MaxHillebrand
Copy link
Member

With a protocol like scrit we can have digital bearer certificates that do not rely on a single trusted third party, but instead a federation of servers, where m-1 cannot increase the certificate supply, and a signature is needed to transfer the certificates.

It would be an interesting idea for the lawyers to find out if such a federated model is still encompassed by the custodianship issue...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ideas
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stiell @nopara73 @MaxHillebrand