I am trying to learn about payjoin. I have a couple concerns on its
effectiveness. Are my concerns valid or am I missing something?

concern 1
If it is known to be a payjoin transaction anyone could determine the
sender the recipient and amount right?

Lets assume that everyone has a single utxo because payjoin becomes common
use and payjoin consolidates utxos through "snowballing". If Alice has a
UTXO of 0.05 btc and Bob has a UTXO of 1.15 btc. Bob can be assumed to
have more balance because he is a merchant and his customers payjoin him
payments alot.

If Alice and Bob do a payjoin with Alice paying 0.01 btc to Bob, it would
probably look like this right?

 0.05---> |____---->1.16
 1.15---> |    ---->0.04

It is very obvious here the amount sent and the sender.  Even if Alice did
combine another input it would still be very obvious. In this case Alice
has another utxo with 0.4 BTC

 0.40---> |
 0.05---> |____---->1.16
 1.15---> |    ---->0.44

This is still obvious that Alice paid Bob 0.01 BTC isn't it?

concern 2
If there is just one consolidated utxo after each payjoin, would it  be
easy to break the privacy of transaction chains?




For exmaple, lets say that Alice payjoins to Bob. Then later on Clark
payjoins with Bob. Based on the payjoin between Clark and Bob, Clark now
knows what UTXO was actually Bob's. And can then know which one was
actually Alices. By transacting a payjoin with someone, they could decloak
the payjoins before them right? If so, how far back the chain can they go?

The issue is not that someone knows the utxos of themselves and the entity
they payjoined with. The issue is that someone can figure out the payjoins
of others before them with the same entity.

I surely must be missing something here. What am I not understanding?

PGP 97F0C3AE985A191DA0556BCAA82529E2025BDE35

bitcoin-dev mailing list

Reply via email to