-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improving ricochet privacy #17
Comments
Maybe provide parameters in the script for users to add value for sleep time? This is just improving UX and anyone who is running bash scripts can be assumed as advanced user who already knows how to add such things if there is enough documentation about it.
0.001 BTC for Ricochet is not a small fee IMO anyway its Samourai 😄
Disagree
Agree
Cough Cough. Privacy ends here. |
There are already parameters for that. bitcoin-scripts/ricochet-send.sh Lines 5 to 17 in c4a40e0
bitcoin-scripts/ricochet-send-from.sh Lines 5 to 17 in c4a40e0
I am actually thinking about writing some basic more detailed documenation finally. Initially wrote these scripts for my personal use, documenation wasn't priority.
Disagree with specific amounts or idea in general? I basically took amounts Samourai uses, just added upper limit of ~1% on top of it, so that people could use this for smaller amounts. But I'm open to suggestions here. Probably it's good idea to try to not have that amont too dusty, so that it looks more like a "normal" transaction.
That's out of scope of these scripts. One can either use |
Idea in general. This is just adding hops in Bitcoin transaction.
You can have different wallets to separate coins but there would still be coins in a wallet with different transactions. Coin selection algorithms used in Bitcoin Core are not necessarily focused on improving privacy so it is possible that you end up using more inputs in a transaction than required, hence sharing more information about your wallet history. |
Does not change what already existing scripts do. This just adds one extra output in already existing transaction in process. Block space efficiency is important goal, but adding these hops currently is practical privacy solution that works. For example, if I send coinjoined bitcoins to a friend, who then sends them directly to Binance or Coinbase, he is in risk of freezed funds or account closure. In ideal world more people would be using coinjoins, coinswaps and other privacy techniques, so that all bitcoins are "dirty", but we aren't there (hopefully - yet). |
Agree we need post coinjoin tools. Disagreement was only about adding a fees for ricochet. |
Ricochet transaction chains created with
ricochet-send.sh
andricochet-send-from.sh
already are helpful defense against automated blockchain analysis that limits number of hops they are analyzing (and they do - from what I have seen, they show scores, which are mostly proximity of address to specific activities), but they have distinguishable pattern - chain of 1 input, 1 output transactions. I believe privacy can be improved litle bit here by reducing number of 1 input, 1 output transactions and replacing at least some of them with 1 input, 2 output or 2 input, 2 output transactions which are more common (see 1in-1out vs 1in-2out statistics charts).Additional factor is time, but I don't see how to improve that with these scripts, users can do it themselves by increasing sleeptime_min, sleeptime_max and hop_confirmations parameters of the scripts.
Add additional donation output to Tx0 / Tx1
That is what Samourai Wallet already does. They currently add 0.001 BTC fee to themselves.
My plan would be to add 1% with upper limit of 0.001 BTC donation to early hop, with txfee_factor randomization applied on top of it (so could be up to 0.0013 BTC with default settings). Of course, we don't want address reuse, so script would ask server side for PGP signed address, preferably over Tor (if
torify
is available), with clearnet HTTPS fallback. That currently looks to me unavoidable centralization. In worst case for the user, if I'm evil actor andtorify
does not work for the user, that would allow me to tie specific transactions to user IP address. My hope is that power Bitcoin users using these scripts to improve privacy will have working Tor instance on machine too.Addititional Q - is
torify
often available? Should try 127.0.0.1:9050 (Tor default) and 127.0.0.1:9150 (Tor Browser default) SOCKS proxies too?Also need to think how to do it in a way that donation is voluntary (otherwise it's not a donation), likely should be some documented way how to turn this off.
Would look like this.
ricochet-send.sh
ricochet-send-from.sh
Fake BIP78 payjoin in
ricochet-send.sh
Tx0Currently ricochet hops always use legacy P2PKH addresses. If migrated to bech32 P2WPKH,
ricochet-send.sh
could ensure that Tx0 always have at least two inputs from wallet. That way it shares anonymity set with these payjoins. I think SegWit is requirement here, as I'm not aware of any payjoin implementations in the wild that uses P2PKH.The text was updated successfully, but these errors were encountered: