Subnostr

One really cool usecase of Wabisabi coinjoin is that you can receive bitcoin without revealing your address to the sender.

The sender registers his inputs at the coinjoin coordinator and receives the Wabisabi credential. He consolidates or splits his credentials to be the exact payment amount, and then gives the receiver that Wabisabi credential.

The receiver now can consolidate or split this credential to any arbitrary value, and later register his output address and credential directly with the coordinator.

The sender will only sign the coinjoin transaction if the receiver confirms that his desired outputs are included.

When all inputs sign the transaction and it gets confirmed on the blockchain, the receiver considers the payment complete and hands over the goods.

There are hundreds of other inputs and outputs, and the coordinator doesn't know that the wabisabi credential was transfered among users. Both the sender and receiver can even batch multiple payments into this coinjoin without linking common ownership of inputs or outputs.

Reply to this note

Please Login to reply.

Discussion

PABLOF7z 2y ago

that's like using a chaumian mint for deposit+withdrawal atomically, right? 🤔

know of any wallet that implements this?

Max 2y ago

Not exactly.

Cashu or Fedimint use ecash as a money warehouse receipt redeemable at par for sats.

In Wabisabi coinjoin the ecash is used as anonymous access rights to the output side of the coinjoin transaction coordination.

The token is not "as good as" sats and it cannot be "redeemed" for sats. Instead it can be redeemed for the right to do an api call in the output registration phase.

A coinjoin coordination can fail frequently and for many reasons. If only one input fails to sign, the transaction is invalid, and even if all sign, it can still get double spent before confirmation.

The merchant doesn't consider himself paid when he receives the wabisabi credential, but only when the final transaction with his output is in the blockchain.

So far nobody has implemented this, but both BTCPay and Wasabi will have this functionality soonish in two weeks.

Ralphy 2y ago

The infamous two weeks 😁

Naruto 2y ago

The coordinator knows the plaintext credential, it's not only known to the sender and receiver?

Max 2y ago

The trick is, that every time you create a new credential, it's serial number is scrambled/blinded.

And whenever you spend or present a credential, then you must unblind the serial number.

So, the coordinator sees a random blinded cyphertext when the credential is created, and he sees a different random unblinded serial number when the credential is presented.

This is theoretically perfect privacy, meaning Esch credential looks indistinguishably random with the anonymity set of all users of this time period.

Max 2y ago

Sorry, this was meant for you

#[4]