Skip to content

Commit 83303a0

Browse files
kevkevinpalbitschmidty
kevkevinpal
authored and
bitschmidty
committed
News399: add payjoin fingerprinting news
1 parent 23ecfd6 commit 83303a0

1 file changed

Lines changed: 40 additions & 2 deletions

File tree

_posts/en/newsletters/2026-04-03-newsletter.md

Lines changed: 40 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,43 @@ popular Bitcoin infrastructure software.
1616

1717
## News
1818

19-
FIXME:bitschmidty
19+
- **Wallet fingerprinting risks for payjoin privacy**: Armin Sabouri
20+
[posted][topic payjoin fingerprinting] to Delving Bitcoin about how differences in
21+
payjoin implementations make it possible to fingerprint [payjoin][topic payjoin] transactions
22+
and can damage payjoin's privacy.
23+
24+
Sabouri states that payjoin transactions should appear indistinguishable from
25+
standard single-party transactions. However, there can be artifacts of collaborative transactions:
26+
27+
- Intra-transaction
28+
29+
- Partition inputs and outputs by owner within a single transaction.
30+
31+
- Differences in input encoding.
32+
33+
- Inputs length in bytes.
34+
35+
- Inter-transaction
36+
37+
- Backward: Each input was created by a prior transaction that carries its own fingerprint.
38+
39+
- Forward: Each output may be spent in a future transaction, revealing fingerprints.
40+
41+
He then reviewed three payjoin implementations: Samourai, the PDK demo,
42+
and Cake Wallet (sending to Bull Bitcoin Mobile). In each of these examples, he finds
43+
a few discrepancies which make it possible to fingerprint these
44+
implementations. This includes but is not limited to:
45+
46+
- Differences in encoded input signatures.
47+
48+
- SIGHASH_ALL byte being included in one input but not the other.
49+
50+
- Output value assignment.
51+
52+
Sabouri concludes that while some of these
53+
wallet fingerprints are trivial to eliminate, others are intrinsic to a
54+
particular wallet's design choice. Wallet developers should be aware of these
55+
potential privacy leaks when implementing payjoin into their wallets.
2056

2157
## Changing consensus
2258

@@ -48,4 +84,6 @@ FIXME:Gustavojfe
4884

4985
{% include snippets/recap-ad.md when="2026-04-07 16:30" %}
5086
{% include references.md %}
51-
{% include linkers/issues.md v=2 issues="" %}
87+
88+
[topic payjoin]: /en/topics/payjoin/
89+
[topic payjoin fingerprinting]: https://delvingbitcoin.org/t/how-wallet-fingerprints-damage-payjoin-privacy/2354

0 commit comments

Comments
 (0)