Read the legendary gmaxwell’s Bitcointalk post about CoinJoin. Answer the questions and post your answers below:
https://bitcointalk.org/?topic=279249
Questions:
Good! Check out other answers for #2 and #3 
What is the benefit of CoinJoin over BitLaundry, if any?
Coinjoin is design “per se” to get privacy for the users, for example “utxos” are of the same ammount (in order not to know who is the receiver) or take into consideration the share of the neccessary keys for the transactions (encryption, “onion opening”,…) and the anonimity set is much bigger.
About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
The risk of some participants “going down” during the proccess of Coinjoin or the possibility of DOS attack.
How can anonymity set be increased while keeping small transaction sizes?
Increasing the number of transactions of the Coinjoin proccess.
What is the main benefit of CoinJoin over Zerocoin?
No need for a “soft fork” and proven and known cryptography, “lighter” signatures, no central “accummulator” needed, and less time (with privacy implications) and computational requirements.
What is the benefit of CoinJoin over BitLaundry, if any?
Bitlaundry is a centralized entity while CoinJoin is a decentralized p2p between users that agrees on inputs and outputs, while the signatures, one per input, inside a transaction remain completely independent from each other, will be merged after with the signed Tx.
About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
If a participant doesn’t sign a Tx or in the eventuality of DOS attack the process fail and needs to be retried leaving out the party that failed to provide the signature.
How can anonymity set be increased while keeping small transaction sizes?
because these transactions are cheap, there is no limit to the number of transactions you can cascade, so you can increase the anonymity set simply increasing participation.
What is the main benefit of CoinJoin over Zerocoin?
there is no need to softfork on the bitcoin network for it to work, and practically the anonymity set (because of the fact CJ Tx are really small) can be the same or really similar.
To anybody who wants a more readable version of the same CoinJoin article, instead of reading it from the bitcointalk forum, check the version in the bitcoin wiki: https://en.bitcoin.it/wiki/CoinJoin
Bitlaundry is a website controlled by someone and subject to be closed, raided, hacked or the owner could run away with some funds.
CoinJoin is more “decentralized” as it requires a set of people to agree to mix their inputs and intended outputs into a single transaction.
The risk is of the transaction to fail because of a DOS attack or because a participant of the transaction doesn’t sign his part.
Anonymity can be increased by increasing the number of transactions included in the process.
CoinJoin does not require any change in the network: no protocol (and political) change, no soft fork.
Non custodial, using the bitcoin blockchain…
Failure retry is when a transaction fails. For various reasons. In this case the threat of someone not signing. I believe by cascading he is referring to this transaction being repeatedly attempted. Would there not be risk that that large UTXO get locked up as older attempted TX has president over never TX to avoid double spend. So since you signed that TX. You can’t spend it in a newer TX unless the TX fails without retrying and goes into a block before the old TX is tried again? Or am I missing something?
The best way for this to happen is all inputs and outputs being exact same value. So 10 inputs of 0.1 BTC and 10 outputs of 0.1 BTC would obscure sender and receive much better then random amounts.
Data size of the blockchain can stay smaller with CoinJoin vs Zerocoin. Data size is a centralization risk for the Bitcoin network. To anyone reading this I recommend taking the Bitcoin Programming course in Academy and trying to run your own Bitcoin full node. Softfork of network is also a risk though it would only be a questions who did and did not use it. Rather then an actual hardfork of the network.
The idea of retry risk is:
‘failure’ is when an input/output pair aren’t valid, for some reason. Could be an invalid signature, amounts don’t balance, inputs are not unspent, could be an attacker… any number of reasons why one input/output pair might fail.
For a CoinJoin transaction to be valid, ALL input/output pairs must be valid. If every user (input/output pair) has a 1% chance of making a mistake or being malicious, more users = higher risk.
@Baidis: I think your question #2 is about an individual pair being invalid, and what happens there. In that case, if someone tries to double-spend a UTXO, the blockchain should always ‘choose’ the older one. Does that answer your question?
1.bitlaundry is much more centralized , no time locks and depnds of trust of person running bit laundry. coinjoin users agree on a set of inputs and set of outputs and sign them individually to be merged later.
2, if one person spends their transaction before it completes or if there is dos attack during transaction
3.by increasing the number of transactions in the coinjoin transaction
4.cutting edge crptography not understood by everyone, requires large memory, and hard fork
Still bit confused. So the transaction is fully constructed and broadcast to Bitcoin network by one node. Is there a delay in the network verifying the TX of any substantial time? Do users have to re-sign each time the UTXO’s in the TX change. Or is the chaining of attempts created because each signature is only allocated to it’s corresponding UTXO? Does that allow the broadcaster of the TX to keep changing the combination of UTXO’s in the TX till one is approved? Can that cause each UTXO in the TX to be locked up till transaction approves if the node were to constantly be rebroadcasting this CoinJoin TX?
1. CoinJoin transactions don’t rely on a trusted entity and are indistinguishable from normal Bitcoin transactions.
2. It is about DOS attacks. In his post GMaxwell writes: “Someone can refuse to sign a valid joint transaction, or someone can spend their input out from under the joint transaction before it completes”.
3. By cascading small transactions.
4. It already works on Bitcoin and doesn’t requre a soft fork.1. CoinJoin transactions don’t rely on a trusted entity and are indistinguishable from normal Bitcoin transactions.
2. It is about DOS attacks. In his post GMaxwell writes: “Someone can refuse to sign a valid joint transaction, or someone can spend their input out from under the joint transaction before it completes”.
3. By cascading small transactions.
4. It already works on Bitcoin and doesn’t requre a soft fork.What is the benefit of CoinJoin over BitLaundry, if any?
I have full control of my balances. dont need third party.
About halfway down, Maxwell writes: “failure (retry) risk mean that really huge joint transactions would not be wise.” Explain failure (retry) risk.
The risk of some participants “going down” during the process of Coinjoin or the possibility of DOS attack.
How can anonymity set be increased while keeping small transaction sizes?
because these transactions are cheap, there is no limit to the number of transactions you can cascade, so you can increase the anonymity set simply increasing participation.
What is the main benefit of CoinJoin over Zerocoin?
Zerocoin requires a soft-forking change to the Bitcoin protocol , CoinJoin transactions work today
First we should remember things might differ between implementations. But in the version described here,
The signatures, one per input, inside a transaction are completely independent of each other. This means that it’s possible for Bitcoin users to agree on a set of inputs to spend, and a set of outputs to pay to, and then to individually and separately sign a transaction and later merge their signatures. The transaction is not valid and won’t be accepted by the network until all signatures are provided, and no one will sign a transaction which is not to their liking.
So to your questions,
So the transaction is fully constructed and broadcast to Bitcoin network by one node. Is there a delay in the network verifying the TX of any substantial time?
The transaction is constructed by a user, and then sent to all nodes they’re connected to. Nodes try to validate and, if it’s correct, they add it to their chain and rebroadcast.
Do users have to re-sign each time the UTXO’s in the TX change.
Correct. That’s the ‘failure risk’. If one input/output pair is rejected, everyone needs to update their signature.
Can that cause each UTXO in the TX to be locked up till transaction approves if the node were to constantly be rebroadcasting this CoinJoin TX?
Each tx has an identifier from the creator, so nodes don’t need to worry about duplicates.
If the same UTXO is included in two otherwise ‘valid’ transactions, a node will keep the older transaction (and rebroadcast) and reject the newer one (and stop rebroadcasting).
Awesome so the failure risk is that every transaction like this has to be confirmed by the user that it actually sent. Other wise if Bob is sending Alice funds he might later find she is angry she never got her money because TX failed. Also the assumed annoyance of repeatedly signing TX till network approves it. Probably also a factor of time out on the TX also I assume so if one of 100 goes for lunch everyone else gets a failed TX. Meaning the larger the pool size the more people are required to coordinate signing at same time.