#asknostr
Hey waxwing (nprofile…47xm) I figure you're the guy to ask here. If I'm building a coinjoin but want to *consolidate* two outputs from separate participants which are going to the same recipient, how can all participants validate that their coins are accounted for in the outputs *without* sharing their destinations and amounts with all other participants? I assume this is possible, but I'm struggling to construct it.
ex
A sending 1BTC to D
B sending 1BTC to E
C sending 2BTC to D
Ideally, the outputs would be
3BTC to D
1BTC to E
But how can participants differentiate that from
2BTC to D
1BTC to E
1BTC to F
(without knowing the destinations of each participant's coins, ruining all unlinkability)
I've had a few ideas, but I've run into a brick wall every time. Blinded addition seems not to be useful, since you need to first prove you have contributed enough in inputs which seems to necessitate linking your blinded value to the inputs, ahead of time, negating the value of blinded addition?
I hope I'm missing something obvious (or even a paper doing exactly this?)
Ademan /
npub19j…2pt7r
2023-11-19 14:15:17
Author Public Key
npub19jescdjr3wk552j3q77f3awwhe4qy2ds24xce773exd28nr7emqsm2pt7rPublished at
2023-11-19 14:15:17Event JSON
{
"id": "3089c299750735350cfe05da58362f52da0ccbb515e81ad39374b9b3a2d47ada",
"pubkey": "2cb30c36438bad4a2a5107bc98f5cebe6a0229b0554d8cfbd1c99aa3cc7ecec1",
"created_at": 1700403317,
"kind": 1,
"tags": [
[
"t",
"asknostr"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"wss://relay.damus.io/",
"waxwing"
]
],
"content": "#asknostr\n\nHey nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3jamnwvaz7tmjv4kxz7fwwdhx7un59eek7cmfv9kz7ex47xm I figure you're the guy to ask here. If I'm building a coinjoin but want to *consolidate* two outputs from separate participants which are going to the same recipient, how can all participants validate that their coins are accounted for in the outputs *without* sharing their destinations and amounts with all other participants? I assume this is possible, but I'm struggling to construct it.\n\nex\n\nA sending 1BTC to D\nB sending 1BTC to E\nC sending 2BTC to D\n\nIdeally, the outputs would be\n\n3BTC to D\n1BTC to E\n\nBut how can participants differentiate that from\n\n2BTC to D\n1BTC to E\n1BTC to F\n\n(without knowing the destinations of each participant's coins, ruining all unlinkability)\n\nI've had a few ideas, but I've run into a brick wall every time. Blinded addition seems not to be useful, since you need to first prove you have contributed enough in inputs which seems to necessitate linking your blinded value to the inputs, ahead of time, negating the value of blinded addition?\n\nI hope I'm missing something obvious (or even a paper doing exactly this?)",
"sig": "5e22ff17ef85a54d81bb8513180cefccdaf2d1c7a76e750f60f98daf0896a50a1ff40b322b8061d3c089744fa7c11b2c7eeb5927580d796952a481d0e8e874da"
}