This is just to start some discussion and to describe my current thoughts on this.
An idea was mentioned on the forum a month ago that I’m finding more and more interesting. Beam will have the “unlink” option in the wallet to use the Lelantus MW (tx gets put into the shielded pool and gains anonymity over time). I think we could use a similar UX to send a tx to the
daily.grin.mw (which can be thought of as a shielded pool) and show the user
Estimated time left which would be the time remaining until the daily.grin.mw broadcasts the tx. Similarly, the daily.grin.mw could report the current ‘unlinking potential’ to differentiate between a day that had 5 transaction and one that had 500. The ‘Stop unlinking’ UX button would cost some fees and would mean that we spend the input that we sent to the daily.grin.mw server (the server should note that and remove the transaction containing this input from its daily transaction pool - in case of broadcast race-condition, the daily.grin.mw should rebroadcast again the daily aggregated tx without this tx. This seems to provide an interesting and in a way very similar ‘unlinking’ process as the Lelantus MW - both take a long time and have a linearly growing anonymity set depending on the amount of opt-in transactions. There are some differences between the two which I tried to capture below:
- the drawback of making a daily tx is that it takes
24h + confirmationstime to confirm the tx while lelantus is just the regular
- daily can prune outputs while lelantus can’t
- daily doesn’t add complexity and doesn’t come with a greater fee cost
- both are opt-in and require users to wait to gain anonymity
- lelantus has the advantage of having a dynamic ‘time interval’ as opposed to static 24h that daily requires
- daily aggregator service is centralized and needs to be trusted
- doesn’t require consensus changes or change to the node behaviour
- prunning is preserved
- requires hours before a tx is broadcasted so the ‘effective confirmation time’ is much longer
- the time to wait is static and can’t be decided by the user (max 24h of being in a Lelantus pool)
- centralized and needs to be trusted
- not centralized, no trust required
- tx can get broadcasted right away
- the unlinking potential is unlimited in time
- Adds a lot of complexity to the protocol that can’t ever be thrown away
- Adds privacy at the cost of scalability (outputs can’t be prunned) which takes away one of the main MW advantages
If trusted, the Daily aggregator can be thought of as an offchain Lelantus. People can opt-in to send a transaction to the daily aggregator server instead of the dandelion network and after a day, the tx gets broadcasted with an anonymity set as big as the number of opt-in txs that happened during that day. I know that this is “just a central coinjoin server”, but I’ve not seen anyone talk about the outcome resemblance to Lelantus.
The outputs that were ‘unlinked’ could even have the ‘potential unlinkability’ score written down next to them if we wanted to distinguish them - I’m not sure we do though.
Note: The above differences are copied from https://gist.github.com/phyro/45f754d583c1296a4f91ac05959369cf which is my understanding after some keybase discussion on the topic
Edit: As was pointed below by @david, I skipped a very important part of comparison which is transacting inside the shielded pool. This can’t be done with daily.grin.mw afaict.