(thanks to @fivepiece for significant contributions to these ideas)
"On chain contracting" is of course a very generic term; it applies to multisignature, coinjoin, coinswap or other exotic transactions that involve more than one party in one transaction (coinjoin, multisig) or multiple transactions (swaps with atomic-via-secret).
Here we're going to focus on a broader model that may allow more complex setups,
| This document is an attempt to define metrics quantifying the degree of privacy provided by a bitcoin transaction. | |
| Objectives | |
| Definition of metrics measuring the resistance of a transaction to a set of attacks against users privacy. | |
| Attacks considered in the scope of these metrics are: | |
| - Merged Inputs Heuristic: methods identifying the inputs controlled by a same entity | |
| - Coinjoin Sudoku: methods identifying the links existing between the inputs and outputs of a transaction |
| Context | |
| In part 1 of this document, we've defined the entropy of a transaction. | |
| This metric is a first good proxy to qualify the degree of privacy provided by a transaction but it fails to detect privacy leaks occuring at lower levels (1). | |
| In this second part, we define 2 complementary fine-grained tools/metrics: the Link Probability of 2 utxos (LP) and the Link Probability Matrix (LPM) of a transaction. | |
| Link Probability of 2 UTXOs | |
| We call Link Probability of a tuple (tx input, tx output) the probability that a link exists between the 2 utxos. |
| Context | |
| This third part is about known and potential attacks against the privacy provided by tools like coinjoin. | |
| Known attacks & weaknesses | |
| - Linkability of inputs and outputs | |
| A good illustration of this attack is Coinjoin Sudoku (see (1) for details). |
| ;;;; inter-macro communication example | |
| ;;;; shared by pillton in #lisp | |
| (defpackage "EXAMPLE" | |
| (:use "COMMON-LISP")) | |
| (in-package "EXAMPLE") | |
| (define-symbol-macro %block-vars% nil) | |
| (define-symbol-macro %block-tests% nil) | |
| (define-symbol-macro %results% nil) |
| ;;; package | |
| (cl:defpackage :deed-it-happen | |
| (:use :cl . #.(ql:quickload :ironclad)) | |
| (:intern ironclad::simple-octet-vector)) | |
| (cl:in-package :deed-it-happen) | |
| ;;; secp256k1 | |
| (macrolet ((define-constants (&rest constants) | |
| `(progn ,@(loop for (name value) on constants by #'cddr | |
| collect `(defconstant ,name ,value))))) |
| The remaining files of this repository were published by | |
| Mircea Popescu, on his personal site, in response to the | |
| perceived lack of unspecialized professionals among the | |
| humans crowding for money and attention around Bitcoin. | |
| I'm not going to copy his entire preamble, yet, for it | |
| can still be found on generic archival sites: | |
| https://archive.md/4oK5x |
| (use-package (mapcan 'ql:quickload '(:drakma :cl-json :local-time))) | |
| (defun fetch-bet-json (id) | |
| (http-request (format () "http://bitbet.us/bet/~D/?json" id))) | |
| (defun parse-json-str (str) (with-input-from-string (in str) (decode-json in))) | |
| (defun process-bet-data (data) | |
| (loop for bet in (cdr (assoc :bets data)) | |
| for side = (cdr (assoc :side bet)) |
| In the protocol all parties are assumed to have private communications channels. | |
| Phase 0. Sets up the escrows and their timeout refunds. | |
| Phase 1. Makes it so that if Bob gets paid there is no way for Alice to fail to get paid. | |
| Phase 2. Just releases the escrows directly because everyone is happy that cheating isn't possible. | |
| Alice Bob | |
| ========================================================= | |
| 0. Compute TX_0: A>2of2{A,B'} | Compute TX_1: B>2of2{B,A'} \ | |
| 1. Send TX_0 TXID ------------> | |
