Cross input signature aggregation
Taproot was going to give us this, but people couldn't agree on which MuSig implementation to use. This is why we cant have nice things.
reply
This is kinda a fallacy. CISA doesn't really make it much cheaper (only around 10-20% because of the witness discount). This also assumes you are just merging transactions into one big aggregate transaction which doesn't actually give any real amount of privacy. To gain privacy from coinjoins you need to do something to prevent amount heuristics (either same amount or hamming weights).
I don't think Taproot was ever slated to have CISA. There are lots of weird edge cases that haven't been thought out and that's why it wasn't added AFIAK.
reply
Thanks for clarification. Maybe this is more accurate: Taproot enabled a CiSA soft fork by adding Schnorr. CiSA was not also included in Taproot because there is still a lot to discuss including which MuSig to use.
reply
MuSig isn't detectable, so we didn't need to decide "which" to use. It was more about making sure we can preserve backwards compatibility correctly and handling sighash flags weirdness
reply
10 - 20% is not that bad.. It could be motivational in times of high mining fees
reply
yes but like i said, this is just transaction batching, if you want privacy it will still be more expensive
reply
Exactly, but there is still hope 🙂
reply
deleted by author
reply
So if we can agree on a single musig implementation that will allow all transactions to be coin joins?
reply