-
Notifications
You must be signed in to change notification settings - Fork 5.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
34db0e9
commit 6b06823
Showing
1 changed file
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| BIP: XXX | ||
| Layer: Applications | ||
| Title: Octojoin v1 | ||
| Author: /dev/fd0 <alicexbt@protonmail.com> | ||
| Type: Informational | ||
| Created: 2024-09-25 | ||
| License: BSD-2-Clause | ||
| ==Introduction== | ||
|
|
||
| ===Abstract=== | ||
|
|
||
| This document describes the process to use swapped UTXOs for inputs, silent payment addresses for outputs, and hide the transacted amount with multiple interpretations. | ||
|
|
||
| ===Motivation=== | ||
|
|
||
| Payjoin requires coordination and sharing of UTXOs between sender and recipient. This affects privacy and UX in some cases. Octojoin avoids sharing of UTXOs and uses swapped UTXOs. | ||
|
|
||
| ====Relation to Monero==== | ||
|
|
||
| Most Monero transactions use 16 ring size for the input, making it impossible to determine which input is signed by the user out of 16. The amounts are hidden, and stealth addresses are used for outputs. | ||
|
|
||
| Octojoin achieves partial obfuscation similar to Monero's ring signatures ([https://www.getmonero.org/2024/04/27/fcmps.html FCMP++] will replace ring signatures in future) and stealth addresses. Swaps can be done off-chain to obscure the transaction's input ownership and history. | ||
|
|
||
| ===Specification=== | ||
|
|
||
| ====Sequence Diagram==== | ||
|
|
||
| <source lang="mermaid"> | ||
| sequenceDiagram | ||
| participant Alice | ||
| participant Wallet | ||
| participant Bob | ||
|
|
||
| Alice->>Wallet: Label swapped UTXOs as 'octojoin' | ||
| Bob->>Alice: Share silent payment address | ||
| Alice->>Wallet: Create transaction using 'octojoin' UTXOs + 1 normal input | ||
| Note right of Alice: Minimum 2 outputs and avoid change for multiple interpretations | ||
| Wallet->>Bob: Pay Bob | ||
| </source> | ||
|
|
||
| Users should label some UTXOs as “octojoin” so that they can be used in octojoin transactions. Ideally, these UTXOs should be ones that have been swapped with others and are linked to someone else’s transaction history. | ||
|
|
||
| '''Input Obfuscation with Off-Chain Swaps''' | ||
|
|
||
| Do off-chain swaps (e.g. statechain, submarine swaps, or coinswap) to obtain UTXOs with different histories. Ensure that all inputs come from other users except one belonging to the sender, making it difficult for on-chain analysts to determine ownership. | ||
|
|
||
| '''Silent Payment Address for Outputs''' | ||
|
|
||
| Use silent payment addresses to generate new addresses for the recipient. | ||
|
|
||
| '''Multiple Outputs and Different Interpretations''' | ||
|
|
||
| The transaction includes multiple outputs, which may include change to the sender, hiding the payment amount. | ||
|
|
||
| An algorithm requiring some values from the user to create the transaction or notify the user about missing inputs will be implemented by different wallets: | ||
|
|
||
| * Payment amount | ||
| * Number of inputs (default: 3) | ||
| * Number of outputs (default: 2) | ||
| * Equal amounts in inputs (default: false) | ||
| Analysis of different decoy selection algorithms used in Monero: https://github.com/monero-project/research-lab/issues/99 | ||
|
|
||
| Input selection is important in Octojoin, although not the same as decoy selection used in different Monero wallets. Recommendations for Octojoin algorithms: | ||
|
|
||
| Transaction MUST have at least 3 inputs, all swapped except one. It SHOULD avoid mixed input types and use random wallet fingerprints, including BIP 69. It SHOULD use inputs of similar age. Some inputs SHOULD be recent UTXOs. All outputs MUST use the same script type. | ||
|
|
||
| ==Implementation== | ||
|
|
||
| Pseudocode: https://uncensoredtech.substack.com/p/octojoin | ||
|
|
||
| Proof of Concept: TBD | ||
|
|
||
| ==Backwards Compatibility== | ||
|
|
||
| This is a new protocol and has no compatibility issues. It is not a replacement for payjoin either and benefits from multiple interpretations on-chain. | ||
|
|
||
| ==Attack Vectors== | ||
|
|
||
| * Metadata leak in swaps | ||
| * User not careful while spending outputs created in Octojoin transaction |