Utxo Dealership: forthcoming BTC privacy tool & winner of Tabconf 2023 Hackathon \ stacker news ~bitcoin

Utxo Dealership: forthcoming BTC privacy tool & winner of Tabconf 2023 Hackathon www.youtube.com/watch?v=gHqB8htq8Kg

25.2k sats \ 46 comments \ @supertestnet 11 Sep 2023 bitcoin

636 sats \ 30 replies \ @TonyGiorgio 11 Sep 2023

Congrats!

Tldr?

2150 sats \ 26 replies \ @nullcount 11 Sep 2023

From: https://github.com/supertestnet/utxo-dealership

first the buyer creates an htlc and deposits his coins inside
the buyer should be able to take the coins after the timelock
but the seller should be able to take them with the preimage
next the seller creates an htlc and deposits a coinbase inside
the seller should be able to take the coins after the timelock
but the buyer should be able to take them with the preimage
the buyer's timelock should be longer than the seller's otherwise
the buyer could wait til his own timelock expires, then sweep
the funds from his own htlc using the timelock path, then
sweep the funds from the seller's htlc using the preimage before
the seller's timelock expires, thus taking the seller's money
without the seller being able to reimburse himself
also both htlcs should use the same hash which the buyer knows
when the coinbase matures the buyer should disclose the preimage
to the seller
then the seller should send the buyer a sig so he can withdraw
from the seller's htlc using the multisig path
then the buyer should send the seller a sig so he can withdraw
from the buyer's htlc using the multisig path

50 sats \ 25 replies \ @supertestnet OP 11 Sep 2023

Nice, you found an explainer in my documentation

Unfortunately it doesn't give a very high level overview of what's happening

Basically you're doing a swap: the miner gives you part of his coinbase output and you give the miner the same amount plus a fee

You end up with coins that have no history and he ends up with a new revenue stream

280 sats \ 5 replies \ @anon 11 Sep 2023

Why would a miner trade “tainted” coins for “virgin” BTC? I’d imagine it would cost more than a coinjoin

80 sats \ 4 replies \ @supertestnet OP 11 Sep 2023

I think you maybe got it reversed? Miners create "virgin coins" in every bitcoin block. For them, the supply of "virgin coins" is abundant. But for everyone else, "virgin coins" are hard to come by. Lots of people want virgin coins but only miners have a steady supply of them. So miners can charge a premium for them. Plus, when a miner receives "tainted coins", they can use them as fees that they pay to themselves in a bunch of smaller transactions. I suspect there are ways of doing this that evade detection by chain analysts, allowing miners to effectively turn "tainted coins" back into "virgin coins" and resell them.

0 sats \ 0 replies \ @Jon_Hodl 12 Sep 2023

"Plus, when a miner receives "tainted coins", they can use them as fees that they pay to themselves in a bunch of smaller transactions."

This is a service that has been missing for a long time.

0 sats \ 2 replies \ @BlueSlime 12 Sep 2023

deleted by author

0 sats \ 1 reply \ @BlueSlime 12 Sep 2023

How does that work? Does the miner just try to tip themselves within their own block template?

21 sats \ 0 replies \ @TonyGiorgio 12 Sep 2023

Transactions don't even need fees if they're not intended to be broadcasted to the rest of the network. So yes, they include in their own block template.

reply on another page

52 sats \ 10 replies \ @nullcount 11 Sep 2023

Can you elaborate on the decision to use Nostr for a "privacy" app? Wouldn't using this app entail broadcasting details about the swap to third parties? I get that the note is encrypted, but why leak data about who is messaging who? What does nostr solve here? Is it just easier than using a DB for hackathon prototype?

40 sats \ 7 replies \ @supertestnet OP 11 Sep 2023

Nostr is certainly easier to use in a hackathon than a real database, but there are additional factors: who should host the database? Nick and I don't plan to do it, it would make us a central point of failure. Censors from various countries could easily serve use takedown notices if they don't like the offers in our database -- we can avoid that by simply not having one. We'll make the website optional too, because having a single, easily shuttered frontend is another obvious footgun.

Each miner can store their own database of offers and disclose them on whatever media they want. That is probably the most robust solution, but I hope using nostr for message transport in this prototype sets a standard for interopetability so that these databases can fill a global orderbook rather than create a dozen silos.

Also, to reduce metadata leaks, we aren't having anyone sign in using nostr. No one's identity is needed for this because the buyer and the seller don't have to trust one another. Your transactions should not ever be tied to your real nostr identity, so we just don't have you or the miner sign in. Instead, from nostr's perspective, each order is only associated with an ephemeral keypair created when you visit the site and only used for one purchase, then discarded forever.

Moreover, we'll also put up a warning message if you visit the site on a clearnet browser, reminding you that if you don't hide your ip address e.g. via tor or a vpn, you'll reveal your use of our tool to your ISP and anyone they choose to disclose that information to.

0 sats \ 0 replies \ @ursuscamp 12 Sep 2023

It's very endearing that Nostr is so bad at its designed use case, but so useful for many other things.

0 sats \ 5 replies \ @nullcount 11 Sep 2023

Thanks for the explain. Especially about using newly generated nostr keys per session. Makes total sense. I'm keen to dive in.

It doesn't have to be a coinbase output right, could trade for any (dirty) utxo right?

50 sats \ 4 replies \ @supertestnet OP 11 Sep 2023

We will probably add a "certified pre-owned" section where regular people can sell not-new utxos

It might be useful if someone who doesn't think they have the time or skill to use coinjoins still wants to have some coinjoined utxos

They can just purchase them instead of doing an actual coinjoin themselves

60 sats \ 3 replies \ @nullcount 11 Sep 2023

This should use less block space than coinjoin. Also, no coordinator fees.

However, the history of a not-new utxo is preserved, unlike coinjoin.

But there is still value in trading for a utxo with different history as opposed to no history, or obfuscated history. Especially if its more space efficient than alternative trustless swaps.

view replies

0 sats \ 1 reply \ @Muuny 11 Sep 2023

decentralization is the main component of this whole thing. why centralize when we don't have to

50 sats \ 0 replies \ @nullcount 11 Sep 2023

Because privacy is the main component of UTXO Dealership and encrypted nostr messages do not hide the public keys who are messaging, nor the date/time of sending the message. Typically, you don't broadcast details about private dealings on a censorship resistant public network. I'd rather a single server had incriminating evidence than broadcast that evidence to hundreds of servers. You might be better off swapping UTXOs for privacy shitcoins with ring signatures or other tech that obfuscates the addresses, then swapping back to BTC to get a new UTXO. Less metadata stored and more resistant to timing analysis.

0 sats \ 7 replies \ @TonyGiorgio 12 Sep 2023

You'll end up with coins that have a history of being used in coinswaps by specific miners given that most are completely doxxed.

60 sats \ 6 replies \ @supertestnet OP 12 Sep 2023

I don't think doxxed mining pools will sell their coins using this software, because they won't want to do anything where their customers are anonymous (they might not even legally be allowed to)

so customers and profits will naturally flow to the not doxxed mining pools who do run the software

in the best case scenario -- in the wild land of my imagination, where my hopes and dreams live alongside unicorns and butterflies -- the pursuit of profit could attract miners to leave kyc'd mining pools in pursuit of greater profitability elsewhere (i.e. at mining pools that do sell their coins anonymously)

0 sats \ 5 replies \ @TonyGiorgio 12 Sep 2023

Totally a free market that could happen, with anon pools being more profitable and getting more use. I think random coins swapping with random coins in an indistinguishable way will offer more ambiguity, but potentially more scrutiny on buyers.

100 sats \ 4 replies \ @supertestnet OP 12 Sep 2023

ideally the utxo goes straight into the swap address as a coinbase output -- that way it belongs to the buyer from the moment it's created. I want chain analysts to have difficulty telling if someone bought the coinbase or mined it. Coinswaps help with this because, thanks to taproot, they look like an ordinary single sig address. (Well, right now mine don't, they look like a 2 of 2 -- but I am fixing that as we speak.)

0 sats \ 3 replies \ @TonyGiorgio 12 Sep 2023

How do you stop grief?

view replies

0 sats \ 2 replies \ @TonyGiorgio 12 Sep 2023

The Coinbase tx already has a 100 block timelock, that's 16 or so days? Yeah 32 days or more sounds like a fine trade off.

0 sats \ 1 reply \ @supertestnet OP 12 Sep 2023

The Coinbase tx already has a 100 block timelock, that's 16 or so days?

100 blocks is about 16 hours. There are about 144 blocks per day.

4 sats \ 0 replies \ @TonyGiorgio 12 Sep 2023

Oops lol mixed up hours vs days

922 sats \ 0 replies \ @SovranSystems 11 Sep 2023

History in the making.

486 sats \ 2 replies \ @Jon_Hodl 12 Sep 2023

This looks promising. I have had the same thought about miners selling their fresh UTXOs at a premium for bitcoin or even to swap doxxic change UTXOs for ones not associated with me.

I have a few questions.

This creates 2 different transactions and it's not a CoinJoin, right?
How does the buyer know that the seller is actually selling fresh sats from a coinbase tx and not just selling an old UTXO with a history?
Can anyone use this tool just to swap a doxxic change UTXO for a different one? or does it have to be a miner/pool?

50 sats \ 1 reply \ @supertestnet OP 13 Sep 2023

This looks promising

Thanks!

This creates 2 different transactions and it's not a CoinJoin, right?

It is not a coinjoin and there are four transactions: (1) the buyer deposits into Swap Address A and (2) the seller deposits into Swap Address B. Then some off-chain communication happens to enable each party to sweep the other's money. Then (3) the seller sweeps the money from Swap Address A and (4) the buyer sweeps the money from Swap Address B.

How does the buyer know that the seller is actually selling fresh sats from a coinbase tx and not just selling an old UTXO with a history?

When #2 happens the buyer can check whether Swap Address B contains the output of a coinbase transaction. If it doesn't, he can just abort and sweep back his money from Swap Address A after a timelock expires. Note that my software does not currently check if the utxo being sold is the output of a coinbase transaction, that is currently up to the buyer to check. (Fixing that is on my to do list.)

Can anyone use this tool just to swap a doxxic change UTXO for a different one? or does it have to be a miner/pool?

Right now the software does not check if the seller is a miner so you can use it to sell your doxxic change. But even when it does check if the seller is a miner, you still might be able to use your doxxic change to buy a coinbase utxo from a miner. It's up to the miner how small of an output they'll create. So if you have a doxxic change output of, say, 15310 sats, a miner might go ahead and do a swap with you.

10 sats \ 0 replies \ @Jon_Hodl 14 Sep 2023

Excellent work!

Keep it up and let me know when its' ready to test. I've got some small UTXOs that I'd be interested in experimenting with.

486 sats \ 0 replies \ @BlueSlime 12 Sep 2023

The best part is how much Nick deeply hates nostr, yet he won grand prize through the nostr category. 🤣

10 sats \ 0 replies \ @TheWildHustle 11 Sep 2023

I'm pretty amazed tbh

13 sats \ 1 reply \ @02ad8239c2 11 Sep 2023

Who knew supertestnet was such a showman ? Best explainer i've seen for a while.

30 sats \ 0 replies \ @supertestnet OP 11 Sep 2023

0 sats \ 0 replies \ @Hypnagog 12 Sep 2023

More privacy! More incentives for privacy! Yay!

0 sats \ 4 replies \ @Dash_1971 11 Sep 2023

Great work. You love to see it.

121 sats \ 3 replies \ @Dash_1971 11 Sep 2023

I love that this uses creativity to tackle the two issues of privacy and miner profitability. Cypherpunks write code and it's so refreshing to see builders build rather than get involved with drama on social media.