Payjoin
Collaborative transaction improving privacy by including the recipient in the inputs.
A specific Bitcoin transaction structure that enhances user privacy during a spending by collaborating with the payment recipient. The uniqueness of Payjoin lies in its ability to generate a transaction that looks ordinary at first glance but is actually a mini coinjoin between two parties. For this, the transaction structure involves the payment recipient in the inputs alongside the actual sender. Thus, the recipient includes a payment to themselves in the middle of the transaction that allows them to be paid. For example, if you buy a baguette for
6,000 sats using a UTXO of 10,000 sats, and you opt for a Payjoin, your baker will add a UTXO of 15,000 sats belonging to them as an input, which they will retrieve in full as an output, in addition to your 6,000 sats.The Payjoin transaction fulfills two objectives. Firstly, it aims to mislead an external observer by creating a decoy in the chain analysis on the Common Input Ownership Heuristic (CIOH). Usually, when a transaction on the blockchain has multiple inputs, it is presumed that all these inputs likely belong to the same entity. Thus, when an analyst examines a Payjoin transaction, they are led to believe that all inputs come from the same person. However, this perception is incorrect because the payment recipient also contributes to the inputs alongside the actual payer. Secondly, the Payjoin also deceives an external observer about the actual amount of the payment that was made. By examining the structure of the transaction, the analyst might believe that the payment is equivalent to the amount of one of the outputs. In reality, the payment amount corresponds to none of the outputs. It is actually the difference between the recipient's UTXO in the output and the recipient's UTXO in the input. In this, the Payjoin transaction falls into the realm of steganography. It allows hiding the actual amount of a transaction within a false transaction that acts as a decoy.
► Payjoin is also sometimes called "P2EP (Pay-to-End-Point)", "Stowaway", or "steganographic transaction".
TermDefinition
51% attack
An attack where a malicious actor controls more than half of the mining hash power, allowing them to manipulate transactions, notably by performing double spends.
Account
In an HD wallet, a derivation level (depth 3) allowing hierarchical organization of keys and addresses.
Activation method
The process by which the Bitcoin community decides to activate a soft fork, seeking consensus among miners and users to avoid a blockchain split.
Adaptor signature
A cryptographic technique linking a signature to a secret, such that publishing the signature reveals the secret. Useful for atomic swaps without a trusted intermediary.
Addr
An old Bitcoin network message that allowed communicating IP addresses of nodes accepting connections. Replaced by addrv2 (BIP155) to support longer address formats.
Addr.dat
An old file in Bitcoin Core that stored information about network peers. Replaced by peers.dat since version 0.7.0.
Address reuse
A discouraged practice of using the same Bitcoin address multiple times to receive payments, which harms privacy by allowing funds to be traced.
Address spoofing
An attack where a malicious actor creates an address closely resembling the victim's to deceive them and divert their payments.
Addrv2
A new network message format (BIP155) allowing the broadcasting of Bitcoin node addresses. Supports longer addresses such as Tor v3 or I2P.
Agorism
A libertarian political philosophy advocating economic action outside of state control (counter-economy) to progressively undermine state power.
Air cooling
A cooling system for mining machines using fans to dissipate heat. The most widespread and least expensive method.
Altcoin
Designates any cryptocurrency other than Bitcoin. A contraction of alternative and coin.
Aluvm
A virtual machine designed for deterministic execution of smart contracts, notably within the context of the RGB protocol on Bitcoin.
Analysis heuristic
An empirical method used to trace Bitcoin flows on the blockchain based on observable characteristics within transactions.
Ancestor mining
A principle whereby a miner selects transactions taking into account the fees of parent transactions, not only their own fees. Also called CPFP.
Anchor
In the RGB protocol, a set of data proving the inclusion of a commitment in a Bitcoin transaction, without publicly revealing its content.
Anchor outputs
A mechanism on Lightning allowing adjustment of the fees of a commitment transaction after its creation, to ensure quick channel closure.
Anchors.dat
A Bitcoin Core file storing IP addresses of nodes the client was connected to before shutdown, to facilitate reconnection on restart.
Anonsets (anonymity sets)
Indicators measuring the degree of privacy of a UTXO by counting the number of indistinguishable UTXOs in a set, typically after a coinjoin.
Anyprevout (apo)
A proposal (BIP118) adding new SigHash flags allowing the creation of signatures that do not cover any specific input of the transaction.
51% attack
An attack where a malicious actor controls more than half of the mining hash power, allowing them to manipulate transactions, notably by performing double spends.
Account
In an HD wallet, a derivation level (depth 3) allowing hierarchical organization of keys and addresses.
Activation method
The process by which the Bitcoin community decides to activate a soft fork, seeking consensus among miners and users to avoid a blockchain split.
Adaptor signature
A cryptographic technique linking a signature to a secret, such that publishing the signature reveals the secret. Useful for atomic swaps without a trusted intermediary.
Addr
An old Bitcoin network message that allowed communicating IP addresses of nodes accepting connections. Replaced by addrv2 (BIP155) to support longer address formats.
Addr.dat
An old file in Bitcoin Core that stored information about network peers. Replaced by peers.dat since version 0.7.0.
Address reuse
A discouraged practice of using the same Bitcoin address multiple times to receive payments, which harms privacy by allowing funds to be traced.
Address spoofing
An attack where a malicious actor creates an address closely resembling the victim's to deceive them and divert their payments.
Addrv2
A new network message format (BIP155) allowing the broadcasting of Bitcoin node addresses. Supports longer addresses such as Tor v3 or I2P.
Agorism
A libertarian political philosophy advocating economic action outside of state control (counter-economy) to progressively undermine state power.
Air cooling
A cooling system for mining machines using fans to dissipate heat. The most widespread and least expensive method.
Altcoin
Designates any cryptocurrency other than Bitcoin. A contraction of alternative and coin.
Aluvm
A virtual machine designed for deterministic execution of smart contracts, notably within the context of the RGB protocol on Bitcoin.
Analysis heuristic
An empirical method used to trace Bitcoin flows on the blockchain based on observable characteristics within transactions.
Ancestor mining
A principle whereby a miner selects transactions taking into account the fees of parent transactions, not only their own fees. Also called CPFP.
Anchor
In the RGB protocol, a set of data proving the inclusion of a commitment in a Bitcoin transaction, without publicly revealing its content.
Anchor outputs
A mechanism on Lightning allowing adjustment of the fees of a commitment transaction after its creation, to ensure quick channel closure.
Anchors.dat
A Bitcoin Core file storing IP addresses of nodes the client was connected to before shutdown, to facilitate reconnection on restart.
Anonsets (anonymity sets)
Indicators measuring the degree of privacy of a UTXO by counting the number of indistinguishable UTXOs in a set, typically after a coinjoin.
Anyprevout (apo)
A proposal (BIP118) adding new SigHash flags allowing the creation of signatures that do not cover any specific input of the transaction.