This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Context | |
This third part is about known and potential attacks against the privacy provided by tools like coinjoin. | |
Known attacks & weaknesses | |
- Linkability of inputs and outputs | |
A good illustration of this attack is Coinjoin Sudoku (see (1) for details). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Context | |
In part 1 of this document, we've defined the entropy of a transaction. | |
This metric is a first good proxy to qualify the degree of privacy provided by a transaction but it fails to detect privacy leaks occuring at lower levels (1). | |
In this second part, we define 2 complementary fine-grained tools/metrics: the Link Probability of 2 utxos (LP) and the Link Probability Matrix (LPM) of a transaction. | |
Link Probability of 2 UTXOs | |
We call Link Probability of a tuple (tx input, tx output) the probability that a link exists between the 2 utxos. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This document is an attempt to define metrics quantifying the degree of privacy provided by a bitcoin transaction. | |
Objectives | |
Definition of metrics measuring the resistance of a transaction to a set of attacks against users privacy. | |
Attacks considered in the scope of these metrics are: | |
- Merged Inputs Heuristic: methods identifying the inputs controlled by a same entity | |
- Coinjoin Sudoku: methods identifying the links existing between the inputs and outputs of a transaction |
(thanks to @fivepiece for significant contributions to these ideas)
"On chain contracting" is of course a very generic term; it applies to multisignature, coinjoin, coinswap or other exotic transactions that involve more than one party in one transaction (coinjoin, multisig) or multiple transactions (swaps with atomic-via-secret).
Here we're going to focus on a broader model that may allow more complex setups,