From: Chris Belcher <belcher@riseup.net>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>,
Dmitry Petukhov <dp@simplexum.com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Wed, 7 Aug 2019 10:38:43 +0100 [thread overview]
Message-ID: <113a68d9-6c8c-3bf2-b337-9b87c5fd1db7@riseup.net> (raw)
In-Reply-To: <j-MXLs8fEpx57ttA_3TbcaWXT_eGjpcFkFE-Yzy3aPrUhSmnSSwHS1zIuez4aoBp8VrIsGHL8sAWYc_vR_T6QgQXM4xCDrVVlv0uW9MIs5s=@protonmail.com>
On 07/08/2019 00:33, ZmnSCPxj wrote:
> Good morning all,
>
> It might be useful to remember that there exists pressure to pool proof-of-work due to tiny non-linearities caused by Proximity Premium and Variance Discount flaws.
> Similarly, any non-linearity in any fidelity bond scheme exerts the same pooling pressure.
> Deliberately increasing the non-linearity to V^2 worsens the pooling pressure, not lessens it.
>
> (I wonder if instead going the opposite way and doing V^0.999 might work better; I have not figured all the implications of such a scheme and leave it to the reader.)
>
>> Unfortunately, both described schemes fail the same way as
>> 'require TXOs to be consolidated by the owner', by the fact that with
>> muSig, shared ownership of TXO is possible, as explained by ZmnSCPxj in
>> [1]. 2P-ECDSA is also possible, just more complex, so just saying 'ban
>> musig for the bonds' is not the answer, I believe.
>
> If my understanding is correct, efforts to expand ECDSA to more than two-party n-of-n "true" multisignatures already are ongoing.
>
> One might attempt to use transaction malleability as a protection, and require that transactions that put up bond TXOs should spend from at least one ***non***-SegWit output, so that the scheme as described fails (as the funding txid is malleable after-the-fact).
>
> But the scheme as described only considers ways to securely aggregate *within* the Bitcoin universe.
>
> I have recently learned of a spacce called the "real world", wherein apparently there exist things as "contract law".
> It seems to me this "contract law" is a half-baked implementation of Bitcoin cryptographic smart contracts.
> By what little I understand of this "contract law", it would be possible for an aggregator to accept some amount of money, with a promise to return that money in the future with some additional funds.
> If the aggregator fails to uphold its promise, then some (admittedly centralized) authority entity within the "real world" then imposes punishments (apparently inspired by similar mechanisms in Lightning Network) on the aggregator.
> Such arrangements (accepting some money now with a promise to return the money, plus some interest earned, in the future) apparently already exist in this "real world", under the name of "time deposits".
>
>
> Regards,
> ZmnSCPxj
>
Good morning all,
Custodial solutions are much less worrying because they introduce so
much counterparty risk.
It's more risky to give bitcoins in custody than for fiat money because
there's no lender of last resort. People using JoinMarket in a
non-custodial way will always have a larger risk-adjusted return; The
return for running a JoinMarket yield generator isn't that big anyway to
start with. The non-custodial renting of TXO signatures is far more
worrying.
Also, as described in my other email
(https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017218.html
starting "
Let's say the sybil attacker...") the superlinear V^2 term is essential
to the resistance of the fidelity bond system to sybil attacks. All
things considered the consolidation of makers due to renting TXOs is not
as bad as sybil attacks. Consolidation of makers means that the
privacy-relevant information is shared amongst fewer people than
otherwise, but at least those people are independent (otherwise they'd
merge together). In a sybil attack the privacy-relevant information is
not shared at all, but entirely known by just one person which is much
worse.
CB
next prev parent reply other threads:[~2019-08-07 9:38 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-25 11:47 [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds Chris Belcher
2019-07-26 8:10 ` Tamas Blummer
2019-07-26 9:38 ` Dmitry Petukhov
2019-07-30 21:39 ` Chris Belcher
2019-07-31 15:50 ` Dmitry Petukhov
2019-08-02 9:21 ` Chris Belcher
[not found] ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04 ` Chris Belcher
2019-08-06 1:51 ` Leo Wandersleb
2019-08-06 10:27 ` Chris Belcher
2019-08-06 13:07 ` Leo Wandersleb
2019-08-06 2:54 ` ZmnSCPxj
2019-08-06 20:55 ` Dmitry Petukhov
2019-08-06 21:37 ` Dmitry Petukhov
2019-08-06 23:33 ` ZmnSCPxj
2019-08-07 9:38 ` Chris Belcher [this message]
2019-08-07 11:20 ` ZmnSCPxj
2019-08-07 10:05 ` Chris Belcher
2019-08-07 11:35 ` ZmnSCPxj
2019-08-07 15:10 ` Dmitry Petukhov
2019-08-08 0:09 ` ZmnSCPxj
2019-08-08 9:35 ` ZmnSCPxj
2019-08-08 11:37 ` Dmitry Petukhov
2019-08-08 13:59 ` ZmnSCPxj
2019-08-08 20:06 ` Chris Belcher
2019-08-08 12:05 ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17 ` Tamas Blummer
2019-07-28 18:29 ` Tamas Blummer
2019-07-30 21:27 ` Chris Belcher
2019-07-31 17:59 ` David A. Harding
2019-08-02 14:24 ` Adam Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=113a68d9-6c8c-3bf2-b337-9b87c5fd1db7@riseup.net \
--to=belcher@riseup.net \
--cc=ZmnSCPxj@protonmail.com \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=dp@simplexum.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox