Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: CoinJoin: Bitcoin privacy for the real world
by
Michael_S
on 18/11/2013, 20:36:40 UTC
Quote from: dserrano5 on November 18, 2013, 10:53:57 AM
Quote from: Michael_S on November 18, 2013, 01:21:57 AM
But what if the user needs to spend a LARGE amount of BTCs from his wallet? Then it cannot be avoided and the coins get "re-tainted". Of course the user (or wallet client) could initiate two separate transactions (within a short time) to the same output address "1Friend", but this hardly makes any difference (except that an observer could not prove 100% that 1A1out and 1A2out have the same owner, it would only be obvious at 99.99...% certainty.

User could always use CoinJoin again to pay 1Friend, so the inputs to the joint transaction would be 1A1out, 1A2out and some others. No one would know that 1A1out and 1A2out belong to the same person.
Ok, this might slightly improve it at first glance, but I am not at all convinced that it really does. Maybe it does the contrary.

A blockchain observer may still wonder why 1A1out and 1A2out are inputs to the same (CoinJoin-like) transaction. I assume that blockchain analysis uses some sort of scoring or probability method, and the hypothesis that 1A1out and 1A2out belong to the same owner will still get a very high score here.
Furthermore, remember that in CoinJoin all outputs have the same size. So in this case one output is 1.5 BTC to 1Friend, so the other two outputs (going to new addresses of Person A himself) each have 1.5 BTC too. So the sum of all inputs must be at least 4.5 BTC. So Person A must have at lest 4.5 BTC in his wallet although he just wants to transfer 1.5 BTC to 1Friend.

So additional constraints are introduced.

Moreover, from this we see that even addresses of Person A's wallet that were formerly independent are now "entangled" in some way. So we could even consider that the taint spreads over yet unassociated addresses, and privacy things get even worse, not better, by this suggestion.

One would have to analyze this much deeper to tell if taint really gets improved here, by taking into account the methods that are used for blockchain analysis techniques... it is certainly not a trivial subject. Approaching it with simple human intuition may lead to fallacies.