public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Dmitry Petukhov <dp@simplexum.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Thu, 8 Aug 2019 16:37:50 +0500	[thread overview]
Message-ID: <20190808163750.57f4e620@simplexum.com> (raw)
In-Reply-To: <-6u9Ut_oYRThO21GIO1G8u4LpKavq2okw0Z7KoIM0tgwg4mAYXt2TP-SgiigMofdvLhvRuwX_q7Op6DUDM_eWUCjGmIEL_VTLpAeYDNOl5c=@protonmail.com>

В Thu, 08 Aug 2019 09:35:24 +0000
ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:

> <MuSig(all participants *except* this participant)> OP_CHECKSIGVERIFY
> <participant_snitch_key> OP_CHECKSIG

This anti-snitch protection won't work if there are two snitches, which
is concievable in the case of a large-scale consolidated bonds (one
entity can pretend to be two independent entities with two different
TXO). The snitch co-conspirator will refuse to sign the punishment
transaction.

If you change the MuSig(all_except_snitch) to 1-of-n multisig
construction so that anyone other than the actual 'snitch' can
confiscate the snitch-bond, then there's possibility that that a
co-conspirator can get that bond before others - even before
the sntich transaction is distributed to takers.

It seems that to reasonably protect from more than one snitch with this
punishment scheme, you want to make a multitude of taproot leaves where
each leaf can be spent by cooperation of N entities, where N is the
size of expected non-snitch participant set.

> Finally, aggregation is still possible to insure by off-blockchain
> agreements, possibly with legal consequences, and thus entities like
> exchanges might still be able to aggregate funds and acquire an
> undeservedly large weight in the fidelity bond system.

This seems to me like the most immediate problem for the discussed
system.

Since the centralized exchanges or other custodial services already
control TXOs of their customers who sent their funds there, they can
use them to make extra profit with joinmarket, and create fidelity
bonds out of these TXO with (or without) consent of the customers, and
pay them (or not) the amount according to their UTXO, while getting the
consolidation benefit of V^2 for themselves. It is also more probable
that such centralized custodial services would be willing to
participate in a deanonymization efforts, so that they can explain
their participation in coinjoins to regulators.


  reply	other threads:[~2019-08-08 11:37 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25 11:47 [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds Chris Belcher
2019-07-26  8:10 ` Tamas Blummer
2019-07-26  9:38   ` Dmitry Petukhov
2019-07-30 21:39     ` Chris Belcher
2019-07-31 15:50       ` Dmitry Petukhov
2019-08-02  9:21         ` Chris Belcher
     [not found]           ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04             ` Chris Belcher
2019-08-06  1:51               ` Leo Wandersleb
2019-08-06 10:27                 ` Chris Belcher
2019-08-06 13:07                   ` Leo Wandersleb
2019-08-06  2:54               ` ZmnSCPxj
2019-08-06 20:55               ` Dmitry Petukhov
2019-08-06 21:37                 ` Dmitry Petukhov
2019-08-06 23:33                   ` ZmnSCPxj
2019-08-07  9:38                     ` Chris Belcher
2019-08-07 11:20                       ` ZmnSCPxj
2019-08-07 10:05                   ` Chris Belcher
2019-08-07 11:35                     ` ZmnSCPxj
2019-08-07 15:10                     ` Dmitry Petukhov
2019-08-08  0:09                       ` ZmnSCPxj
2019-08-08  9:35                         ` ZmnSCPxj
2019-08-08 11:37                           ` Dmitry Petukhov [this message]
2019-08-08 13:59                             ` ZmnSCPxj
2019-08-08 20:06                               ` Chris Belcher
2019-08-08 12:05                       ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17   ` Tamas Blummer
2019-07-28 18:29   ` Tamas Blummer
2019-07-30 21:27   ` Chris Belcher
2019-07-31 17:59     ` David A. Harding
2019-08-02 14:24 ` Adam Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190808163750.57f4e620@simplexum.com \
    --to=dp@simplexum.com \
    --cc=ZmnSCPxj@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox