So I hear Grin may eventually implement Coinswap in the future to mitigate the transaction graph issue which is a major privacy issue
I’m not sure I understand how this works. Please tell me if my assumptions are correct.
From my understanding coinswap has the following problems :
*additional fees for the sender of the tx
*delay in receiving the tx for the receiver (which is first sent to the mixer and then mixed and sent at the end of the day)
*a choice to make : what if you don’t want to send coins to the mixer and need the recipient to receive the coins right now? will we have to make a choice as seen in other crypto wallets?
*a new vulnerability if the mixer is not honest
*parasite mixing tx that clog the network and eat up the 14 tps limit and heavier chain
The idea is not to make every transaction a CoinSwap by default, but to allow wallet owners to occasionally use a CoinSwap server to break linkage in the transaction graph. So no, no additional transaction fees.
See above, most transaction will be normal transactions, fees will be the same, it is just an additional option that user can use the Coinswap now and then. I expect it will be only used on occasion to break transaction linkage, not for every transaction.
This is indeed an important point, hence we want the implementation be open source and easy to run. Multiple people can run a CoinSwap and user can select the one they trust.
Not sure about this one and where the 14 tps limit comes from, but a transaction will have costs, so spamming the blockchain will be expensive. Also in Grin, making more transaction does not bloat the blockchain that much, only the kernel needs to be kept if an output is spend. So basically the blockchain grows when more outputs are created then spend. This comes down to roughly 0.01 Grin per output created, so bloating the chain is deinsentivised: https://docs.grin.mw/grin-rfcs/text/0017-fix-fees/
Grin transactions are privacy preserving, so no address, no amounts, but yes transactions can be linked through their outputs. Having a daily coinswap will solve these issues 90%, since you can never proof a coinswap did not happened somewhere in the transaction graph since with Schnorr signatures they look identical to any other transaction…
If in the future more people start using Grin, coinswap could become default. See here a great post from @phyro on the possible road to make Grin even more private and awesome over the years:
I hope we see outputs being sent to the coinswap server by default because it gives a nice property that you can’t have an output owned for longer than ~1day that has a traceable owner (given that the coinswap service outputs a big enough transaction) meaning that every single one of your outputs that has been on the chain for more than a day has no clear history. The mixer comes with an assumption that at least one mix node is honest. If that’s true then nobody will know the links in the large coinswap transaction. But even if all collude, if the linkage isn’t made public, it protects against 99.99% of the users knowing the links. That’s also a big privacy improvement - though it might depend on your situation. And you don’t need to care if you send the output to the coinswap or not, it should be possible to use it in a transaction if you need to because the coinswap service knows how to filter out the spent outputs effectively.
And yes, it comes with some fee cost, but this should boost your as well as others privacy. Everyone pays a small fee to increase everyone else’s anonymity set. If everyone does this, users work together to help each other stay private through larger anonymity sets. The situation might change when we have full blocks, but that’s not something to worry about for the next couple of years
You can know whether an output came from the coinswap service (you can’t tell which was its output) by checking whether the coinswap transaction contained that output. To obtain all the coinswap transactions, you simply send a coinswap to every daily mix and trace the transactions in the mempool that contains your coinswap. Now you know which outputs were produced by the coinswap service.
It’s not a perfect solution by any means, but as I argued here Mimblewimble CoinSwap proposal - #40 by oryhp , I think it might have the best properties of the mixers I’ve found (at least those that work on large anonymity sets).