From: Chris Belcher <belcher@riseup.net>
To: Dmitry Petukhov <dp@simplexum.com>
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Wed, 7 Aug 2019 11:05:41 +0100 [thread overview]
Message-ID: <483af6d0-ac5a-0e22-da29-af0be5196c15@riseup.net> (raw)
In-Reply-To: <20190807023742.73750ba3@simplexum.com>
These are very creative schemes. At the very least they would stop the
easy mindless renting TXO method, where someone with coins on a hardware
wallet simply creates a signature and copypastes it into a website to
get free money. The workaround scheme with shared ownership of TXOs
requires brand new wallets to be created and hodlers must trust the
wallets enough to move their coins and hold them there for a long time.
Requiring fidelity bond TXOs to be held in hot wallets can also be
beaten as a scheme for stopping renting, because the rentee can put
their coin private keys on an always-on raspberry pi which is connected
to the maker's computer and constantly ready to give out signatures. The
coins would be in hot wallets yet still be rented out. As above the
raspberry pi setup would be much more of a hassle than copypasting a
signature into a website, so it could still be worth doing.
I wonder if there's a cryptographic way to prove that muSig and 2P-ECDSA
have not been used to create a certain pubkey/signature.
On 06/08/2019 22:37, Dmitry Petukhov wrote:
> Unfortunately, both described schemes fail the same way as
> 'require TXOs to be consolidated by the owner', by the fact that with
> muSig, shared ownership of TXO is possible, as explained by ZmnSCPxj in
> [1]. 2P-ECDSA is also possible, just more complex, so just saying 'ban
> musig for the bonds' is not the answer, I believe.
>
> [1]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017217.html
>
> В Wed, 7 Aug 2019 01:55:41 +0500
> Dmitry Petukhov <dp@simplexum.com> wrote:
>
>> В Mon, 5 Aug 2019 20:04:26 +0100
>> Chris Belcher <belcher@riseup.net> wrote:
>>
>>> So what's needed is a way to make renting out TXOs impossible or
>>> very difficult.
>>
>> You can make renting the TXOs risky for the attacker. Make it so that
>> the entity that rented out the TXO can revoke the participation of
>> said TXO in the market, by publishing some special signature. That
>> act of revocation can also mean revocation of all other TXOs that
>> were used in a bond alongside it. This way, any entity that wants to
>> spoil an attacker's consolidation via rent, can rent out its TXO to
>> the attacker, and then revoke it, spoiling the whole package the
>> attacker have consolidated.
>>
>> There may be other way to impose penalties.
>>
>> For example, all locked TXO may be required to be spendable by *any*
>> key that controls any TXO in the 'bond TXO package'. I think this
>> should be possible with taproot - you will have to publish a taproot
>> trees for your locked TXOs (say, N of them), and the tree for each TXO
>> will have N leaves, each leaf will specify a condition "spendable by
>> the key N". This way, if I give you my TXO to include it in a bond by
>> locking it, you also need to make your other TXOs in a bond spendable
>> by me.
>>
>> For both scenarios to work for the attacker, there's need to be an
>> off-chain contractual relationship between the parties. Otherwise the
>> entity that rents out the TXOs can spoil or just confiscate the bond
>> of the entity that rented them, without reprecussions.
>
>
next prev parent reply other threads:[~2019-08-07 10:05 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-25 11:47 [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds Chris Belcher
2019-07-26 8:10 ` Tamas Blummer
2019-07-26 9:38 ` Dmitry Petukhov
2019-07-30 21:39 ` Chris Belcher
2019-07-31 15:50 ` Dmitry Petukhov
2019-08-02 9:21 ` Chris Belcher
[not found] ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04 ` Chris Belcher
2019-08-06 1:51 ` Leo Wandersleb
2019-08-06 10:27 ` Chris Belcher
2019-08-06 13:07 ` Leo Wandersleb
2019-08-06 2:54 ` ZmnSCPxj
2019-08-06 20:55 ` Dmitry Petukhov
2019-08-06 21:37 ` Dmitry Petukhov
2019-08-06 23:33 ` ZmnSCPxj
2019-08-07 9:38 ` Chris Belcher
2019-08-07 11:20 ` ZmnSCPxj
2019-08-07 10:05 ` Chris Belcher [this message]
2019-08-07 11:35 ` ZmnSCPxj
2019-08-07 15:10 ` Dmitry Petukhov
2019-08-08 0:09 ` ZmnSCPxj
2019-08-08 9:35 ` ZmnSCPxj
2019-08-08 11:37 ` Dmitry Petukhov
2019-08-08 13:59 ` ZmnSCPxj
2019-08-08 20:06 ` Chris Belcher
2019-08-08 12:05 ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17 ` Tamas Blummer
2019-07-28 18:29 ` Tamas Blummer
2019-07-30 21:27 ` Chris Belcher
2019-07-31 17:59 ` David A. Harding
2019-08-02 14:24 ` Adam Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=483af6d0-ac5a-0e22-da29-af0be5196c15@riseup.net \
--to=belcher@riseup.net \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=dp@simplexum.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox