-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mixing while computer is turned off #48
Comments
In this case anyone can correlate I may also misunderstand the proposed scheme though. Can you write it down again in a less novel-ish form with some illustrations? |
Okay, there I go:
|
A (partial) solution available now is to use a 2-of-2 to hide the script on one of the UTXOs. https://zmnscpxj.github.io/offchain/generalized.html Rather than Alice paying to Wasabi still has to pay to In any case: when Alice comes online and claims the Liabilities are still:
Thus still highly undesirable. It is also the possibility, to use 2p-ECDSA (today) to implement Scriptless Script "hashlocks" (really pointlocks), which lets a signature leak the private key of another pubkey as long as some data (part of 2p-ECDSA) is given by Alice to Wasabi. Then Alice, by the simple act of signing to spend the post-mix coin, also leaks to Wasabi the information needed for Wasabi to redeem the Alice pre-mix coin. Unfortunately I cannot give much details as I do not understand the math in detail, so here is the paper instead: https://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20180426/fe978423/attachment-0001.pdf If my understanding of the conclusion is correct, then essentially it does not require special script and can be implemented onchain by P2WPKH only. |
Thanks @ZmnSCPxj. I am going to read the material carefully very soon. |
I was also wondering if coinjoining would keep working after exiting Wasabi. Until this feature is implemented, could Wasabi alert the user when exiting the app that coinjoning will stop? |
Introduction
Wasabi users need to let the computers turned on if they want to participate in coinjoins because they need to sign the coinjoin transaction with the corresponding private keys that are under their exclusive control. This creates some usability issues and could be preventing to reach a higher level of liquidity in Wasabi coinjoin rounds.
During the latest Wasabi devs meeting @danwalmsley suggested that it would be beneficial for our user base if they could participate in coinjoins while disconnected or their computers are turned off. I think it is possible to implement such a system.
Goal
Describe the mechanisms that can allow Wasabi users to participate in coinjoin rounds without loosing control over their private keys, delegating the participation in a trustless third party (in this case I think it should be a Wasabi service).
Description
This proposal is based on atomic swaps and just for the sake of the simplicity we will describe it here in its simplest version.
Users point of view
An user Alice (A) wants to get private coins from the next coinjoin rounds but she doesn't want to let her machine turned on for many hours. Alice opens Wasabi wallet, goes to Coinjoin tab, selects the coins and enqueue them and turns off her computer. Next time she opens Wasabi wallet she sees the new clean coins arrived.
Wasabi point of view
When Alice enqueue her coins and presses the button to start the the process Wasabi client generates a secret number X and creates a transaction tx-alice-to-wasabi that spends all those coins to a scriptPubKey that can be spent only by Wasabi (Alice sends the coins to a well-known Wasabi pubkey) and only if wasabi can demonstrate it knows the secret value X. Clearly Wasabi can only know the value of X from Alice. Finally the Wasabi client sends two things to the Wasabi backend (HASH(X) and the tx-alice-to-wasabi). Using a different identity Alice sends to the Wasabi coordinator the list of pubkeys where it must send the resulting coins.
The Wasabi coordinator participates, with its own money, in the coinjoin transactions on behalf of Alice and creates outputs that can be only spent by Alice but only if she reveals the secret X that Wasabi needs in order to be able to spend the coins that Alice sent to it in the first step.
Wasabi client reveals the secret value X to the Wasabi coordinator to allow it to unlock the coin in the first transaction.
What if Alice doesn't reveal the secret value X?
Alice can only spend her money if she reveals the secret value so, once Alice spends the coins, Wasabi can recover its money too.
What if Alice doesn't reveal the secret value X and doesn't spend her coins?
We have no answer to this case yet.
Other uses in Wasabi
Atomic swaps can be implemented to create a way for users to exchange coins. Imagine someone who has 1,000 bitcoins and wants to get clean coins right now. That person could exchange his coins with Wasabi users who has mixed coins. That could generate a market.
The text was updated successfully, but these errors were encountered: