Topic: Will we ever have fungibility enhanced TXs that are cheaper than normal TXs ? (Read 191 times)

Oops, sorry. I totally forgot about Schnorr.

Yup. Segwit's version script system allows for Schnorr signature to be activated without a hard fork.

Likely not. Schnorr signature can combine the signatures of the non segwit transactions into one. While this could be useful if you're using CoinJoin to spend several inputs, I would expect the price to be the same whether you're spending it with or without using CoinJoin.
No.

Thanks for the feedback! And thank you for working on fungibility!

I agree that it may seem unrealistic to get Bulletproofs on bitcoin as long as there are issues with a potential "inflation attack"

However we should be able go get Schnorr Signatures, that's just a soft fork isn't it..?

It's not totally clear to me from your answer above..Can you please confirm that we can achieve coin-join transactions that are cheaper than normal transactions with the use of Schnorr Signatures only?

So we actually don't need Bulletproofs for this to happen?

It's possible. Although the probability of Bulletproofs getting into Bitcoin is not that great, because of quantum computers, but let's assume it will. 

https://medium.com/@nopara73/anonymous-bitcoin-1fae5d1e33b7

> Here comes Confidential Transactions! CT solves exactly this. It replaces the output values with Pedersen commitments. The problem is, these commitments are huge and the bigger your transaction is the more you have to pay for it. For this reason, CT was unlikely to ever to be seen in Bitcoin and even if it would have got into it, some kind of hybrid half CT, half CoinShuffle/ZeroLink model would have needed to be done in order to keep the fees in bay.

> Then something happened. In November, 2017 Bulletproofs was introduced, which is an improvement on Confidential Transactions. It makes the commitment sizes smaller. Instead of huge, now they are only big. More importantly, if you want to have many CT outputs in a transaction, then your transaction size does not grow linearly with the number of outputs, which is great for CoinJoin, where the number of outputs can reach high numbers. Numbers, where the cost of CT becomes insignificant. Participating in this CoinJoin would result in similar transaction fees, as the user would send a normal transaction!

> It gets better! There is another technology coming to Bitcoin called Schnorr Signatures.
Today when a CoinJoin transaction has 100 inputs, then it must hold 100 signatures as well. With Schnorr, we can do it with only one signature. This will make CoinJoin transactions about 30–40% cheaper than normal transactions.

> What did we achieve here? Making a CoinJoin mixing transaction with a high anonymity set becomes about 30% cheaper than making a transparent, traditional Bitcoin transaction.

How about Schnorr signatures..? Wouldn't that help..?

Nope. Coinjoin works by having a transaction with inputs from various addresses and outputs to various addresses. The size of a transaction depends largely on the number of inputs and/or outputs. While batching transaction would make the size smaller, it would only be applicable if the transaction has one or only a few inputs.

For Coinjoin, each input would correspond to at least one or more output. As a result, the size used by each participant could be about the same or even bigger when compared to the scenario where they are making their individual transactions.

It's highly impossible for the protocol to recognise which transactions are meant to mix coins; any flags would potentially weaken the purpose. Bitcoin would likely prioritise scaling over anonymity.

By fungibility enhanced I'm thinking of tools like coin-join etc..

It seems to me that most people don't care for privacy because "they got nothing to hide"...(or so they think)

But they are all interested in saving money...

So for these tools to actually work with a large anonymity set, wouldn't it be great if they were actually cheaper to use than normal transactions..?

I mean the total amount of fees paid by 100 people in a coin-join should ideally be cheaper than the total amount of fees paid by the same 100 people if they are just sending normal transactions...

Is there any hopes for this to become reality...?

Thanks for reading!