BIP Draft for Octojoin

[1440000bytes]

I had written a blog post about the concept and it was shared on mailing list in July 2024. There wasn't any response on mailing list but I have discussed it with some developers and there seems to be lot of interest for the idea among users.

This is an initial draft and the pull request will help me complete the BIP ASAP.

TODO

• Add rationale section
• Add proof of concept
• Add acknowledgment section
• Add more technical details

[jonatack]

A few comments. It may be good to reach out to garner more feedback (i.e. perhaps you and @DanGould, author of #1483, can each review each other's draft.)

[jonatack]

Suggested change

	Transactions that already use 3 inputs and 2 outputs will serve as the anonymity set for octojoin transactions with default values. It is possible to change defaults and use more number of inputs and outputs.
	Transactions that already use 3 inputs and 2 outputs will serve as the anonymity set for octojoin transactions with default values. It is possible to change defaults and use a higher number of inputs and outputs.

[jonatack]

Suggested change

	Swapping UTXOs off-chain will obscure the transaction's input ownership and history. It also adds more noise on-chain to make chain analysis difficult
	Swapping UTXOs off-chain will obscure the transaction's input ownership and history. It also adds more noise on-chain to make chain analysis difficult.

[murchandamus]

The hard part of this scheme appears to be the acquisition of inputs from varied sources, but then the proposed approach in this BIP seems to amount to using such UTXOs to fund an ordinary silent payment. It’s not clear to me whether this BIP draft amounts to an original innovation, given that the method of acquiring UTXOs of varied backgrounds does not appear to be in the focus of this BIP.

[murchandamus]

• A statechain UTXO is co-owned by the statechain operator and the last recipient in a multisig. Multisig inputs do not participate in the secret derivation.
• Submarine swaps refer to a multi-hop lightning payment whose last hop is executed as an on-chain payment to the recipient. Submarine swaps are easily identifiable via an on-chain HTLC construction and also include a multisig construction.
• A coinswap is a payment received to the recipient whose inputs were not controlled by the sender.

Given that two of the listed examples exhibit uncommon patterns, and the third constitutes a payment to a wallet that was executed by a different UTXO owner than the sender, it’s not clear to me how a transaction funded by a combination of such inputs would have significantly improved privacy properties. If an observer simply categorizes the inputs and analyses their pedigree under the corresponding context, it seems likely that a transaction would be sufficiently recognizable as an Octojoin and given the small number of Statechain and Submarine Swap providers, potentially even identifiable via information requests to such service providers. Could you please expand the motivation section by elaborating your arguments why participation in this scheme is expected to lead to a privacy improvement?

[1440000bytes]

It’s not clear to me whether this BIP draft amounts to an original innovation, given that the method of acquiring UTXOs of varied backgrounds does not appear to be in the focus of this BIP.

This BIP isn't about acquiring UTXOs but using them. Input selection used in such transactions along with outputs is the original innovation.

Example for an octojoin transaction (both outputs belong to recipient): https://mempool.space/signet/tx/5447f526c64d4f00171f024aae38a1c347ad00e7a295247f9c6acfca21ed2655

I will address other comments after adding more things in next commit.