From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 25 Mar 2025 04:48:22 -0700 Received: from mail-yb1-f183.google.com ([209.85.219.183]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tx2lZ-0006EU-Aq for bitcoindev@gnusha.org; Tue, 25 Mar 2025 04:48:22 -0700 Received: by mail-yb1-f183.google.com with SMTP id 3f1490d57ef6-e582bfcada6sf8576362276.1 for ; Tue, 25 Mar 2025 04:48:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1742903295; x=1743508095; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:sender:from:to:cc:subject:date :message-id:reply-to; bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=; b=AQ/AVIpDjFteL3UNoGp799zjUBo8y2kFarflaPqq67LOYuo9KoYXnBQ/VBeG1qToRd VK0lTqf5o560deP1/TTbpf5d21wF4jiB+m6V/JPdrHEZTKNVxmh29I4MOA5NbhxOKr6n uNEzcre3QGxeMqvMLINR1zRXC2EcIvP1eR2wPS+xvBSVnr+jwbHeSQzMOMNzpHqLaXx/ Cdmm40BSQdZO7POl7jSWRB26psjxME33tZyzUk5XqdBvSKYAyWm34sRYChsROgDme20y KF3SjAj9M6EvmyPzv7ax143+m1sJnKuDnGV/A/NRYS+CUROqldP+Yja9BpWvHBMKF+iQ iy5Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742903295; x=1743508095; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=; b=gogq21INr7GyfDueR7wDZUVTiUS3MA9RF3XDDO4srF+spfkGnuP74MsPCR+OIc4PlP aux5J9f5x0eB5oKcwh2zoDah/ldw6S/wE5gYbRq+VWurIntm6unYKzhqJcdNXNHiCHH7 wyk5u72ZbZlUoAXrALtDiXKCqP+BijgjrC/FJ7D6+LtI5sxXGdaeuiaRkfTnsthDAPQN CVj+cxbFDBxU36z1oDJRCyXjAfZG2dWWpCGKUR9T8Es2rvOtwO2KX12WVJoEHQUVVL1T BgqlhHdssei6BM4Jqo9BvA3i4CCjNzgkGt0ViIcbeAZhFJLgkYkmezw22wnLTgnbQzrE ePAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742903295; x=1743508095; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=; b=h8fY4FKJNt03AejXH6r+XoTOhbr+GJXHtAGqTE51lwSmjlrMUaUn6PMLUzHnVhRWCU 5LvwyRIvjzXoZNl+59eJ9bVYsM8QZSNwiYDWclZy4wZ/pI30pKetT1X+IBoYWRkgFlLL c8CmHZQW4jQI89bPAGnphCmXviVN1ctRy74frGnB5zBmZdyiSNrAsN9M4wU4ExNrpqIc /UU4p3lzTqJoYnz9VMEuYaYrRIvtJxiTNCJaXmTsD8TDAm2852apj0zBfrkXrFYpKous Uicms2qaZ35prcIRyglLHV3tlopu2YYxqd8SrdTaCNd5BwxHED1Sgt6VyRVsnW+7eB4u QNEQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCXH35x0BPckLYQzwBBIco2C+bsAmjYAgFvqT5NvZS5E6E4s0eqNQoQIh/5fICUGlqnWht7az+oBrunM@gnusha.org X-Gm-Message-State: AOJu0Yz39eEfA/MpiryvLxaUeTEAOmNuRz5DPxZ5rXXI92r6q6sznAGC kzArk6+4EORLK3t/hzDHLvYrOosI9qFjdfe1eT9pysYFkIf3NCiR X-Google-Smtp-Source: AGHT+IGidZbhJriJDQMeHDi0K5LFXMscb24FuqSqXvpqkWa1PVFVjv/gRYH16AOaneR/WAXsPztaHQ== X-Received: by 2002:a05:6902:118c:b0:e5b:240a:ccdb with SMTP id 3f1490d57ef6-e66a4da6cccmr22411073276.20.1742903295048; Tue, 25 Mar 2025 04:48:15 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAI3mGQVv1HfMmFnMIit3hKWY0AJW2KM+X7BWYHX/ocJjg== Received: by 2002:a25:e014:0:b0:e63:4a11:a984 with SMTP id 3f1490d57ef6-e66a02edfeels742115276.0.-pod-prod-02-us; Tue, 25 Mar 2025 04:48:10 -0700 (PDT) X-Received: by 2002:a05:690c:67c6:b0:6ef:94db:b208 with SMTP id 00721157ae682-700bacd2edemr211883647b3.24.1742903290842; Tue, 25 Mar 2025 04:48:10 -0700 (PDT) Received: by 2002:a81:a947:0:b0:6ef:590d:3213 with SMTP id 00721157ae682-700ba2435b8ms7b3; Tue, 25 Mar 2025 04:46:40 -0700 (PDT) X-Received: by 2002:a05:690c:7201:b0:6fe:bfb9:549c with SMTP id 00721157ae682-700babeb60emr223751807b3.1.1742903199040; Tue, 25 Mar 2025 04:46:39 -0700 (PDT) Date: Tue, 25 Mar 2025 04:46:38 -0700 (PDT) From: /dev /fd0 To: Bitcoin Development Mailing List Message-Id: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> Subject: [bitcoindev] UTXO probing attack using payjoin MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_507846_370156378.1742903198764" X-Original-Sender: alicexbtong@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_507846_370156378.1742903198764 Content-Type: multipart/alternative; boundary="----=_Part_507847_411592957.1742903198764" ------=_Part_507847_411592957.1742903198764 Content-Type: text/plain; charset="UTF-8" Hi everyone, Sometimes we are curious and want to know about UTXOs in other wallets. Payjoin allows you to do this and the recipient would never doubt it because it's a privacy tool. It's possible to find UTXO in recipient's wallet without sending any bitcoin. It's called UTXO probing attack and described in BIP 77-78. I have shared a demo with all the details in this [post][0]. I have used bullbitcoin wallet for testing this because it was the only [wallet][1] which supports payjoin v2 (send, receive) and testnet3. I think users should be aware of this tradeoff and the information they share with the sender in payjoin. Payjoin should only be used with trusted senders. [0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin [1]: https://en.bitcoin.it/wiki/PayJoin_adoption /dev/fd0 floppy disk guy -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/450755f1-84c5-4f32-abe0-67087ae884d6n%40googlegroups.com. ------=_Part_507847_411592957.1742903198764 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi everyone,

Sometimes we are curious and want to know about UT= XOs in other wallets. Payjoin allows you to do this and the recipient would= never doubt it because it's a privacy tool. It's possible to find UTXO in = recipient's wallet without sending any bitcoin. It's called UTXO probing at= tack and described in BIP 77-78.

I have shared a demo with all t= he details in this [post][0]. I have used bullbitcoin wallet for testing th= is because it was the only [wallet][1] which supports payjoin v2 (send, rec= eive) and testnet3.

I think users should be aware of this tradeo= ff and the information they share with the sender in payjoin. Payjoin shoul= d only be used with trusted senders.

[0]: https://uncen= soredtech.substack.com/p/utxo-probing-attack-using-payjoin
[1]: https://en.bitcoin.it= /wiki/PayJoin_adoption

/dev/fd0
floppy disk guy

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/450755f1-84c5-4f32-abe0-67087ae884d6n%40googlegroups.com.
------=_Part_507847_411592957.1742903198764-- ------=_Part_507846_370156378.1742903198764--