Payjoin Privacy

Satoshi left exactly one privacy problem open in the whitepaper, that transactions with multiple inputs "necessarily reveal that their inputs were owned by the same owner." In early bitcoin software, this was true. But no consensus rule prevents transactions with inputs from multiple sources. Payjoin is the simplest solution.

In a basic bitcoin transaction, a sender spends some bitcoin to a new transaction output paying someone and makes change from their funds at the same time. A third party looking at the transaction on chain could assume all input to a transaction must have come from that sender.

In Payjoin, the sender and receiver both contribute funds, breaking Satoshi's assumption. The payment amount plus receiver input amount both go to the receiver and the sender gets change. Because bitcoin is stored in distinct transaction outputs, and not accounts, such a transaction looks the same as one where a sender spent multiple inputs to a receiver and made change. By breaking the assumption from the whitepaper, payjoin makes it much harder to be sure about who got paid how much.