As I understand it, signature aggregation allows for the same transaction fee if there is 1 input or 50 inputs.

This means by doing a coinjoin, you get a cheaper transaction.

Many people are claiming that since this creates an economic incentive, as it is cheaper, to use coinjoin bitcoin will increase in privacy/fungibility.

However, I am a little confused about this.

IF everyone has the same input and same output in a coinjoin, like with wasabi or samari wallet, then I can see how it allows for some privacy.

BUT breaking up or combining your bitcoin into a specific amount, like 0.1 BTC is costly to do so.

The cheapest coinjoins would be ones that have different values for inputs and outputs.

This would ultimately make the coinjoin fairly traceable as you could deduce what is happening: Imagine if there were inputs of 5 BTC, 5 BTC, 1 BTC, 0.1 BTC, and 0.01 BTC with outputs of 10 BTC, 1.01 BTC, and 0.03, and 0.06 BTC.

With the likely issue of address reuse, and combining coinjoined outputs with previous or future outputs, you will likely be able to get a fairly clear picture of what is happening. Imagine if some of those inputs and outputs were associated with monthly payments to the same address, and likely having links to previous similar transactions.

It seems like coinjoin really only offers solid privacy if all inputs and outputs are of the same value, yet the cheapest coinjoin would not have this feature.

Is it far to argue that schnorr signature aggregation, which does make coinjoin cheaper, makes it cheaper to send a “private” transaction when the privacy is seriously compromised by the cheapest strategy of using different values of inputs/outputs?

It seems like a properly anonymizing coinjoin is ultimately still more expensive then a typical coinjoin.

submitted by /u/Vespco
[link] [comments]