Pheromon
commented
6 years ago 10$ fees are a bad estimation: fees are much, much higher because they are paid to offchain services to accelerate the inclusion of an otherwise stuck transaction. I know people doing a tx with 5$ fees and then paying 120$ (in Bitcoin Cash) to "accelerate" it.
Anyway, I have a question: what is needed to port ZeroLink to Bitcoin Cash?
I would like to make some experiments there, since fees are about 1 cent per transaction and that means we can do a lot of mixing paying very little.
nopara73
darkrevive
jonathancross
Revisiting the original assumptions on ZeroLink may result in ZeroLink v2:
Originally, ZeroLink relied on the Bitcoin network fees to be at least $1. Today the fees are hitting $10, they are rapidly growing with no sign of stopping.
A. High fees bring up the need for more elaborate fee estimation, because in a ZeroLink transaction everyone must agree on the fee rate. Loosely related issue about RBF: #56 B. High fees probably can simplify our current DoS and Sybil protection strategies.
In ZeroLink's prototype, its performance was unexpectedly good. A ZeroLink transaction happened within 30 seconds. Works are underway in the underlying Tor library that will likely result in near instant transactions.
New research directions they may be game changers: SNICKER #46 , Byzantine Cycle Mode #50 , Clusterfuck Wallet #42
Byzantine Cycle Mode #50 may relax the constraint of common denominations for CoinJoins.
In practice, it turned out completely preventing inputs to be joined together after the mix is not practical.
A Clusterfuck Wallet #42 may relax the prevention of input joining constraint.
Opening Lightning Network channels #58 via coinjoin is another interesting research territory. LN channel openings with common coinjoin denominations rarely results any convenience loss for the user. This can also help relaxing the input joining constraint. At this point, more research is needed about its pros and cons.
At the beginning ZeroLink was intended to work with both low and high anonymity sets. However for low anonymity set privacy solutions there is already JoinMarket, Monero and with its current usage patterns, ZCash. ZeroLink could compete much more effectively if its anonymity set would be high (100ish) from the beginning.
Huge anonymity set also helps mitigating the risk of input joining.
There is a need to be able to send coinjoins into specified custom addresses. The Clusterfuck Wallet can mitigate the risk of possible privacy loss due to this.
While the community support was unprecedented, adoption from other developers were not as expected. Samourai wallet is aiming to build its own implementation, Breeze is written in the same programming language as HiddenWallet, so there are little to no costs to keep two implementations in sync, the DarkWallet developer who contacted me doesn't seem to be active anymore, other wallet developers were showing no interest.
ZeroLink made many tradeoffs in order to facilitate its implementations across competing wallets. Also to maintain compatibility ZeroLink also specified many uniformity requirements, for example utilization of extpubkeys and the whole set of Wallet Uniformity Requirements. Such requirements can be safely removed.
ZeroLink needs more specific networking mechanism to be specified. Such works are underway, see ToT protocol.
It seems like there is a trend of people starting to be able to afford running their own full node. As the transaction fees are growing, people who can afford to use the first layer of Bitcoin are increasingly the ones who can afford to run a full node. If this trend keeps up, works on privacy preserving light wallets may be unneccessary.