From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 41DA83AA5 for ; Wed, 31 Jul 2019 15:48:54 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.ruggedbytes.com (mail.ruggedbytes.com [88.99.30.248]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2CF19E7 for ; Wed, 31 Jul 2019 15:48:52 +0000 (UTC) Received: from mail.ruggedbytes.com (localhost [127.0.0.1]) by mail.ruggedbytes.com (Postfix) with ESMTPS id 5C57A260052E; Wed, 31 Jul 2019 15:48:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=simplexum.com; s=mail; t=1564588130; bh=nelV2a6hhJ+piWJe8ow/55uujcM/PNxr46pPcYYgzqs=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=ltJV/qEpRWFc55T7hqeKqtUEz+66AQgjvqqUN2WIkDEtTU8qMWPxiYQ6RFwgDeE8Z clbZidVQLj4YTiy/Y2KFAjomoL7Cci561MHArdBFkVY2B5+8PrDilA6oTG2r51HHH2 eh8Zhl0Vz/MuvaSKhmWzrC5HN1pZNznsolJGYYdQ= Date: Wed, 31 Jul 2019 20:50:18 +0500 From: Dmitry Petukhov To: bitcoin-dev@lists.linuxfoundation.org Message-ID: <20190731205018.10ed4302@simplexum.com> In-Reply-To: <3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net> References: <985792b1-e7aa-677b-a7a1-6a5f672da884@riseup.net> <94534006-D560-4C90-9D5D-A3A64B698518@gmail.com> <20190726143738.0be561da@simplexum.com> <3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net> Organization: simplexum.com MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 31 Jul 2019 18:18:45 +0000 Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2019 15:48:54 -0000 =D0=92 Tue, 30 Jul 2019 22:39:14 +0100 Chris Belcher via bitcoin-dev wrote: > This is where a sacrifice of V bitcoins creates a > bond of value V^2. The formula provides a strong incentive for > profit-motivated makers to use all their fidelity bond coins with just > one maker, not spread them out over many makers. The attacker derives additional value from the use of locked utxo - the deanonimyzation capabilities. An entity M can use all of its locked coins to run a maker, and then earn value X. It will also incur some operational expenses in the course of running the maker, so the profit will be less than X. If these locked coins are given to the attacker A as a package, an attacker can derive a value of X+D where D is a value of increased deanonymization capabilities for an attacker. Operational expenses for an attacker are the same as before (without timelocked bonds), because they need to operate a lot of makers either way. If M is profit-driven and non-ideological, it can rent out all of its coins to A as a package, for the price X, and get the same value without running a maker and dedicating any resources and time to it, not incurring any operatinal expenses (thus having a bigger profit in the end). Attacker A will run a maker with M's coins, get profit X, pay X to M, get increased deanonymization capabilities.=20 If renting out of utxo is done in a way that the owner always gets X after the lock expires, the operation will be riskless for the owner. The attacker will need to lock amount X along with owner's coins, but hopefully makes X back by running a maker operation.=20 The price for renting out the coins will be determined on the size of the 'coin package', so it will not be feasible for the owners of the coins to rent them out separately. An attacker can even rent coins from several entities and combine them to create a more 'powerful' maker. If I understand correctly, such 'powerful' maker can have bigger profit than two less 'powerful' makers. It seems like a centralization risk to me.