Although Satoshi Nakamoto’s white paper[1] suggests that privacy was a design goal of the Bitcoin protocol, blockchain analysis can often break users’ privacy[2]. This is a problem. Bitcoin users might not necessarily want the world to know where they spend their money, what they earn or how much they own, while businesses may not want to leak transaction details to competitors — to name some examples.
But there are solutions to regain privacy. A new solution was proposed[3] on the bitcoin-dev mailing list this week, by the Bitcoin and Lightning developer who goes by the pseudonym “ZmnSCPxj.” Called Payswap, the proposed solution offers a simple-yet-effective trick to confuse blockchain analysis by inverting the relation between payer and payee.
Here’s how that works.
The Traceability of Bitcoin Payments
A typical bitcoin transaction is a payment from one person (the payer) to another (the payee). Let’s say, for example, Alice wants to pay Bob 3 bitcoin. If Alice owns a chunk of coins (a UTXO) worth exactly 3 coins, and we for simplicity ignore fees, she could create a transaction with one input (referring to her address holding 3 coins) and one output (referring to Bob’s Bitcoin address). The chunk of 3 coins would essentially move from Alice’s address to Bob’s address. Simple.
However, more often than not, Alice won’t have a chunk of the exact right amount of coins she needs to pay Bob. Alice may, for example, only have chunks of 2 coins. In this case, she can still create a transaction. This transaction would have two inputs (two chunks of 2 coins, presumably from two different addresses), and also two outputs: one output worth 3 coins attributed to Bob’s address, and one output worth 1 coin, which she sends back
