Good morning Prayank,

> 1. Peer 1 doesn't need to be a trusted third party, it can be implemented in 
> a way that some peers involved in this system can provide liquidity for 
> others and incentives can be a small fee.

It is not clear in the article, but you mention using a 2-of-3, and show 3 
It seems to me that Peer 1 and Peer 3 (2-of-3) can simply sign to spend the 
funds coming from Peer 2, and split the funds of Peer 2 among them, without 
getting input from Peer 2.

That is the reason why I consider this tr\*sted --- Peer 2 has to trust Peer 1 
does not collude with Peer 3 to steal the funds of Peer 2.

Unless I have misunderstood your article, which is why I asked for 

> 2. Yes joinmarket is awesome and its payjoin will be better to achieve the 
> same but I was trying to contribute and add more options for people to 
> improve privacy on Bitcoin. If we have different ways to mix it will be 
> harder for spy companies to analyze of some of the transactions.

* While JoinMarket has *a* PayJoin implementation, what I described in the 
previous email was not a PayJoin, it is standard CoinJoin where one of the 
equal-valued outputs is to the payee.
  * In particular, PayJoin requires the cooperation of the payee, what I 
described does *not* require anything from the payee other than a destination 
address and an amount to pay.
* Your described technique (as I understand it) is not too different from what 
JoinMarket already does for normal sends, with the JoinMarket technique having 
the advantage that it works with the current paradigm of "send payment to this 
address" without reconnecting to the payee.
  The advantage you describe is largely had only if the technique is 
significantly different.
  For instance, CoinSwap and CoinJoinXT are different enough from CoinJoin to 
be valuable in this respect.

> 3. Also one such setup might not make a huge difference but a chain of such 
> mixers will surely work better if everything done correctly. 
> 4. Maybe multisig usage is not ideal for such things right now and I am not 
> the best person when it comes to coding but think that better privacy for 
> multisig will make it possible for lot of ideas to be implemented on Bitcoin 
> using different multisig setups and combination of other things that we 
> already have.

Schnorr (which is introduced as a package deal with Taproot) already makes all 
n-of-n look the same as 1-of-1 without tr\*sted setup, and makes hidden m-of-n 
possible with some kind of setup (possibly untrusted I think, but I am not 
enough of a mathist to describe this, in any case my base understanding is that 
the setup for m-of-n Schnorr requires a complex ritual involving a number of 
communication rounds).
Taproot allows to hide explicit m-of-n in a script behind some kind of n-of-n 
or m-of-m.

So multisignature usage would automatically gain such advantage once Taproot 
gets deployed.

In any case, if you are still interested in protocol design with some amount of 
focus on privacy, please consider reading this article as well:

What exactly is your goal here.

bitcoin-dev mailing list

Reply via email to