Disclaimer: I’m not familiar with the code implementation so this builds from some random facts that were shared over time on keybase.
Right now the coinbase outputs and kernels are labeled as Coinbase which can be seen here
This means two things:
- Coinbase outputs are not a part of the anonymity set of transactions appearing in a block
- Coinbase outputs hence don’t any have anonymity which leaves miner outputs transparent for everyone to trace
Coincidentally, a youtube video was shared today https://www.youtube.com/watch?v=EFrvrct3U2g (paper is also linked) that does some upper bound analysis on the UTXO amounts which is possible due to everyone being able to identify the coinbase outputs.
The reason why coinbase outputs are separate (afaik) is because of the maturity rule which prevents spending of coinbase outputs for a certain amount of time (not sure how much, a day maybe?). I’m not sure why this rule exists so if someone knows the answer please share.
Making outputs indistinguishable:
It would be worth thinking whether it would make sense to unify the outputs by making coinbase outputs have the same Transaction type which would and make them indistinguisable from transactions in the block (the same kernel+offset aggregation that protects the transactions also prevents users from finding out coinbase output from the kernel - unless there is only the coinbase output and kernel in a block).
Looking only at the blockchain data (ignoring p2p), the benefit of this would be that:
- each transaction output gains +1 output obfuscation on their outputs side
- miner coinbase gains +(N_outputs - 1) output obfuscation on their outputs side
- less information for chain analysis
- the protocol becomes simpler because coinbase output is no longer an edge case (I think)
It’s not all pretty because at the p2p layer, nodes might be able to guess that the output that did not appear in the transaction mempool is the coinbase output, but this is happening outside of the blockchain and might get non-consensus-breaking improvements over time… perhaps.
- What is the exact reasoning behind the coinbase maturity rule? Is it needed?
- Does this introduce any problems?
- Would it be worth it?
Thanks to @Kurt for starting the conversation about this idea
Edit: I’ve added a section that explains why coinbase output can’t be found out from the coinbase kernel.