fsebugoutzone.org:9999

       Post ASW36IswP5a9pI668e by waxwing@x0f.org
 (DIR) More posts by waxwing@x0f.org
 (DIR) Post #ASVKZhKG7KLU5WW824 by waxwing@x0f.org
       2023-02-08T00:19:42Z
       
       1 likes, 1 repeats
       
       Video of my presentation from btc++ in Mexico City in December:https://www.youtube.com/watch?v=khmLiM9xhwkabout &quot;Steganographic Decentralized Market-based Coinjoin&quot; (well, and a bit of philosophizing about bitcoin at the start!)Thanks to organizers, was a great conf (and actually good job with the recording!)#bitcoin #coinjoin
       
 (DIR) Post #ASVLC1aNEv0tvYKY1Q by giacomozucco@bitcoinhackers.org
       2023-02-09T13:35:07Z
       
       0 likes, 0 repeats
       
       @waxwing Great presentation! Two question, if I may:1) since the goal of the clever PTLC construction is offchain fees for ONCHAIN coinjoins, can&#39;t one use something like a current submarine swap plus taproot scriptpath, instead, to grant atomicity?2) can you elaborate about that oddly strong &quot;No&quot; about CISA incentivizing CJ?More details:
       
 (DIR) Post #ASVLVUib9JlpmaSeum by giacomozucco@bitcoinhackers.org
       2023-02-09T13:38:38Z
       
       0 likes, 0 repeats
       
       @waxwing 1) A current sumbarine swap already grant atomicity between an offchain and an onchain payment. But the non-steganographic component is in the OP_IF/OP_ELSE redeem script. The latter, though, could be hidden in the branch of a scriptpath spending, with Taproot. Moving from HTLCs to PTLCs would still be good for privacy, regardless of this. But wouldn&#39;t this be a short term alternative option too, for &quot;offchain fees&quot; in CJ?
       
 (DIR) Post #ASVM89Br7kpqJAZrAO by giacomozucco@bitcoinhackers.org
       2023-02-09T13:45:37Z
       
       0 likes, 0 repeats
       
       @waxwing 2) You mention Jonas&#39; research here as reference for the &quot;No&quot;, but many CISA proponents would ideally see CISA as *alternative to* the witness discount (a less arbitrary, more consumption-based way to incentivize UTXOset reduction to &quot;overcompensate post-p2sh incentives&quot;). In that case, without discount, a theoretical 41.2% seems like a BIG DEAL, especially in high-fee scenarios! And improper CJs are still better than nothing for chainanal-heuristic pollution.https://github.com/ElementsProject/cross-input-aggregation/blob/master/savings.org
       
 (DIR) Post #ASVMTVNfoazBDEHzP6 by giacomozucco@bitcoinhackers.org
       2023-02-09T13:49:28Z
       
       0 likes, 0 repeats
       
       @waxwing (I guess Jonas isn&#39;t on mastodon directly, but there&#39;s a bot at least, I tag him here for cc @n1ckler)
       
 (DIR) Post #ASVQC4sRVAR9uFcuVU by waxwing@x0f.org
       2023-02-09T14:31:07Z
       
       0 likes, 0 repeats
       
       @giacomozucco @n1ckler Thanks, two very interesting angles to look into there .. btw the ElementsProject link seems to have a typo, doesn&#39;t resolve.I will definitely read this stuff though and get back to you, cheers.
       
 (DIR) Post #ASVQcugxThyE8V3Ecy by giacomozucco@bitcoinhackers.org
       2023-02-09T14:36:00Z
       
       0 likes, 0 repeats
       
       @waxwing @n1ckler 🙏🙏🙏
       
 (DIR) Post #ASVclUlYRECbmi3kp6 by waxwing@x0f.org
       2023-02-09T16:51:58Z
       
       0 likes, 0 repeats
       
       @giacomozucco On the submarine swap part: my fundamental issue with it, is that with script-based swaps, the atomicity is between an off chain payment, and a *version of the tx I don&#39;t actually want* (i.e. one in which preimages are revealed on chain, breaking the stega- or just privacy part). Now sure we can overlay that, as in CoinSwap designs, but that requires sig negotiation a second time, so it&#39;s *those* second signatures that are actually what I want to pay for. Adaptors fix that.
       
 (DIR) Post #ASW36IswP5a9pI668e by waxwing@x0f.org
       2023-02-09T16:59:07Z
       
       0 likes, 0 repeats
       
       @giacomozucco On CISA: my &quot;no&quot; was a bit misleading I guess, it was a mix of &#39;it doesn&#39;t really help&#39; and &#39;I&#39;m not getting into this right now&#39;.For the former, it needs a ton of unpacking, but: I am assuming no change in witness discount (so say 15% at the asymptote as per nickler). Here, 15% isn&#39;t much but it *is* enough to incentivize behaviour perhaps, right? Except: coordination costs - especially at the asymptote! - are very nontrivial.So then we start imagining a world with ...
       
 (DIR) Post #ASW36JYltZ2hv1fVL6 by waxwing@x0f.org
       2023-02-09T17:01:47Z
       
       0 likes, 0 repeats
       
       @giacomozucco .. very large &quot;tx batching&quot; coinjoins because of 10-15% discount (and we just handwave coordination). These coinjoins don&#39;t have a privacy property ..Except! They do, because of subset sum being exponentially hard.Except! That&#39;s a worst case for the snooper, there will in reality very often be radically sub exponential ways of disentangling.Except! Look at wabisabi/ @nothingmuch work on denominations...Etc etc.Only one substantive point left:
       
 (DIR) Post #ASW36KGNHRvA6G4KIq by waxwing@x0f.org
       2023-02-09T17:04:36Z
       
       0 likes, 0 repeats
       
       @giacomozucco @nothingmuch .. , which is the part of what you said that I didn&#39;t know: discussing changes to witness discount. I&#39;m not sure if it alters any of the above (maybe?) and I also don&#39;t have much sense of why or how it would change with CISA. It&#39;s obvious to me that the witness discount as a concept was rational, but I don&#39;t know what number it should be, or if it should be changed in future (I&#39;m kind of against further changes to it, but then again CISA is a massive change!).
       
 (DIR) Post #ASW36KtMwT743CJT5E by waxwing@x0f.org
       2023-02-09T17:08:41Z
       
       0 likes, 0 repeats
       
       @giacomozucco @nothingmuch I think the important part of that talk for myself, was ironing out the concept of &#39;many party atomicity&#39;, because that fits particularly with the Joinmarket philosophy of &quot;random actor is central coordinator&quot;; the fact that you can get that &quot;all get paid if 1 party does X&quot; seems like it could be very important. I even tried to write a formal paper proving the security of that, but I got stuck on one point (ZK is weird, here) and haven&#39;t quite finished it.
       
 (DIR) Post #ASW36LMRCOMhVLugOO by giacomozucco@bitcoinhackers.org
       2023-02-09T21:47:03Z
       
       0 likes, 0 repeats
       
       @waxwing Thanks you very much!Re:&quot;I also don&#39;t have much sense of why or how it would change with CISA&quot;wasn&#39;t the rationale exactly incentivize UTXOset reduction? CISA would do that too, private or not. @nothingmuch
       
 (DIR) Post #ASbpqcW7dxH9kkGYfg by waxwing@x0f.org
       2023-02-12T16:46:48Z
       
       0 likes, 0 repeats
       
       @giacomozucco @nothingmuch Sorry, late response but: &quot;incentivize utxo set reduction&quot;, imo it&#39;s not *just* pedantry to say: that&#39;s putting the cart before the horse. The discount is intended to reflect the lower overall cost, to the network, of witness data cf other (e.g. outputs) data. Logically yes that does incentivize utxo set reduction, but I guess that&#39;s not the only thing it does. What you want is for price to reflect cost.But from a common sense perspective, I get your point.