From 6b06823ec11ff34bcbe9f6b8b6252c2b9b83635b Mon Sep 17 00:00:00 2001 From: /dev/fd0 <147166694+1440000bytes@users.noreply.github.com> Date: Wed, 25 Sep 2024 10:43:48 +0000 Subject: [PATCH] add bip for octojoin --- bip-octojoin.mediawiki | 82 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 bip-octojoin.mediawiki diff --git a/bip-octojoin.mediawiki b/bip-octojoin.mediawiki new file mode 100644 index 000000000..c819dd746 --- /dev/null +++ b/bip-octojoin.mediawiki @@ -0,0 +1,82 @@ + BIP: XXX + Layer: Applications + Title: Octojoin v1 + Author: /dev/fd0 + Type: Informational + Created: 2024-09-25 + License: BSD-2-Clause + +==Introduction== + +===Abstract=== + +This document describes the process to use swapped UTXOs for inputs, silent payment addresses for outputs, and hide the transacted amount with multiple interpretations. + +===Motivation=== + +Payjoin requires coordination and sharing of UTXOs between sender and recipient. This affects privacy and UX in some cases. Octojoin avoids sharing of UTXOs and uses swapped UTXOs. + +====Relation to Monero==== + +Most Monero transactions use 16 ring size for the input, making it impossible to determine which input is signed by the user out of 16. The amounts are hidden, and stealth addresses are used for outputs. + +Octojoin achieves partial obfuscation similar to Monero's ring signatures ([https://www.getmonero.org/2024/04/27/fcmps.html FCMP++] will replace ring signatures in future) and stealth addresses. Swaps can be done off-chain to obscure the transaction's input ownership and history. + +===Specification=== + +====Sequence Diagram==== + + +sequenceDiagram + participant Alice + participant Wallet + participant Bob + + Alice->>Wallet: Label swapped UTXOs as 'octojoin' + Bob->>Alice: Share silent payment address + Alice->>Wallet: Create transaction using 'octojoin' UTXOs + 1 normal input + Note right of Alice: Minimum 2 outputs and avoid change for multiple interpretations + Wallet->>Bob: Pay Bob + + +Users should label some UTXOs as “octojoin” so that they can be used in octojoin transactions. Ideally, these UTXOs should be ones that have been swapped with others and are linked to someone else’s transaction history. + +'''Input Obfuscation with Off-Chain Swaps''' + +Do off-chain swaps (e.g. statechain, submarine swaps, or coinswap) to obtain UTXOs with different histories. Ensure that all inputs come from other users except one belonging to the sender, making it difficult for on-chain analysts to determine ownership. + +'''Silent Payment Address for Outputs''' + +Use silent payment addresses to generate new addresses for the recipient. + +'''Multiple Outputs and Different Interpretations''' + +The transaction includes multiple outputs, which may include change to the sender, hiding the payment amount. + +An algorithm requiring some values from the user to create the transaction or notify the user about missing inputs will be implemented by different wallets: + +* Payment amount +* Number of inputs (default: 3) +* Number of outputs (default: 2) +* Equal amounts in inputs (default: false) + +Analysis of different decoy selection algorithms used in Monero: https://github.com/monero-project/research-lab/issues/99 + +Input selection is important in Octojoin, although not the same as decoy selection used in different Monero wallets. Recommendations for Octojoin algorithms: + +Transaction MUST have at least 3 inputs, all swapped except one. It SHOULD avoid mixed input types and use random wallet fingerprints, including BIP 69. It SHOULD use inputs of similar age. Some inputs SHOULD be recent UTXOs. All outputs MUST use the same script type. + +==Implementation== + +Pseudocode: https://uncensoredtech.substack.com/p/octojoin + +Proof of Concept: TBD + +==Backwards Compatibility== + +This is a new protocol and has no compatibility issues. It is not a replacement for payjoin either and benefits from multiple interpretations on-chain. + +==Attack Vectors== + +* Metadata leak in swaps +* User not careful while spending outputs created in Octojoin transaction