From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 27 Mar 2025 05:19:51 -0700 Received: from mail-oo1-f63.google.com ([209.85.161.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1txmD8-0001OX-6f for bitcoindev@gnusha.org; Thu, 27 Mar 2025 05:19:51 -0700 Received: by mail-oo1-f63.google.com with SMTP id 006d021491bc7-60047981020sf629734eaf.1 for ; Thu, 27 Mar 2025 05:19:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1743077984; cv=pass; d=google.com; s=arc-20240605; b=LzYUOEsCxl8JRP9XBDtVNvtULd5xLsIs9eyF1tBVO642SuLFEG3uqe9ZhI8/NFs9DY cUetrOOxZgIqQim6FVkeH4PlDBKqncLfy806TA7T2pRNkdqf/o5yQA6Y0Cs2j5bDu0S5 CjPQ0f5Owwh3aC5XNFYPY8xBLG6kzpzY6mv/jhm0kMo6ytJV3dGacgQigugtJGRhbxba XmCm5jh3DTSqgILBxP9d9+Ee75Td36kK4kuumS//JeCisDJUMLGowXPOr8y2Z0XzkAdB PspUYOJUBPdloySZpF75S7bcj0jfqFUrbz0aT8TJmcwr24ltepNMI8vbF2YfhFFIveww 99mA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=; fh=JrdFzexEMkCdlmVF1DtjMAKWUl8e7dDta20FMnmorlM=; b=QHp8UzTh2GE8hDLMLdFXX9jTbRk6BA0pBuUo0Gu73cWZqgfhEuIGQl6SxtNuFrCJXQ TRgTBNCylgFtgHgGMtEvI0j1yZBwOD9wD+WI5VOpwP3p6XlISXrb+p4dAZBy1V8wokk+ 6Fii8u1LB/UgVfA56UKVf6ZbF+9cqIYUseijJtcpPK5U62qgsXRIIOVcoYzop6Pu2zZl zTcjzW/WWTl4qV9t3JMqbIJQ/EOZINPngT7wL8KvYSqBcL/6KeNWTHNYfguAwIr1uZGr vmZT5Nd+HaEd0lt8pct5GxYPmfviUXPd2/+5xC85CyCrAFCNzC5a7xbj+cNyNSt34wfZ j9hg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cbjggFOg; spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1743077984; x=1743682784; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=; b=sbuiCIqN14AE4aHWwPrt9KXMnBz1+DxqKEEX1GnqehEAXWkAHFHokHUQcpfC/b4mRK pfdZqOZAN5GX5C5GkGtWvdQLf66PX5LzDpxt0GsV/enUOJM+5uNUuHO+aavahVyrpRoq or1thbCQq8zpkV4m8aboprFQbxByqlx+nIiOdTMExUHBJNzGM6O8EOi92ABYabxruNpD XYhCbIm9Pu/c2kS/HuTOt2lVui7vHD/NPxhhT6VOnakD6ggDMrdjg628SUnq9+ozE4sr Vo54IPdneJHDHqnX9nZBPF/r9qaEdmANXxGctT8fqRXYbLatg06Z+4ZmFGIeUI5YA56T GRUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743077984; x=1743682784; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=; b=JD32mSkik24XMgpVFL3tva3NplOMDSuvfvbq6UH7FO/EVPvtYYez2ni5nhp9+NGKjf zdTKz/0PtVWXzJ0D55GPXkeNxz1SOSMWHeNX2E8Pq6AGjK8zMPrjq/l0v51urVlM3d9l aw93mopya/YHJj9W9GDMJcC20eVTX/k1+eSEXcczS58pcWYeJrb8LW5KO5www7CoHJz3 LkUE5cksJ8t8+Gua505GDFHH3Th3PZut46Aj4SdR+QDHJEFYWs9ii9290q7AOsRH/2v5 BqUC5bPOcSNtXRQK89NhibLnNwYoNL+MnqrkyOzAUkqeR7M/NQ9GHNPUIcNd93pVYURW SxKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743077984; x=1743682784; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=; b=sS8SVPefQeOOUoNYysn4LTKW9GnQCb7x53SkkrBub5d2D1rsK2iUpZy74wVMIYWmd2 ayBVUH9V1zuNjwQSz5UCRix7DxxSjU7rXtqsso8a1onufKepq34ERvexDbZp5q1t/EFj MCPQas9/w2eRhFLu0VgnukyxH6PCRM4bxyqcQ4rN8bYiI+WTqgMYTTf/jeVvNZu4MLPM bd97Kj3cDdz0o0f+SYsZ6DPAt2MLOPOX7lqP/Jy3legrTwbyBiAvWX7ELhMeWZZg/Vti cgv4IzLJ9dvYFL3ZxrOsNbK3SvGa/IOG01kMA1MUtvN9BYD4c51fdJFPCkBHtHNuRhj0 wXOA== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCV9W6xCa981u18gavDbZ/7Ia3fnyZMDodKT+jgMR7jJPbpbsnBya03GmFmi2SO1OFNS5iLqxcu7c0Zw@gnusha.org X-Gm-Message-State: AOJu0YzvdCUKxuom6OS3WCwiUS8zHSdNQ4UhgEjOO8M2KcJ/gNt8PmW/ d56sh1g5bQFp9vKgoeIFZATv7jLvnuwQ8JHQhRHz0PtslJ/gBcpL X-Google-Smtp-Source: AGHT+IGWl5iFL0hbvyXl789Q5R++bmIftm8j2hkJGU/6RUz5P+eypmSjd9A/1vhQlz/3IMcnmBCJhg== X-Received: by 2002:a05:6820:740d:b0:602:ad5:b0ac with SMTP id 006d021491bc7-60278522d38mr1673337eaf.1.1743077984413; Thu, 27 Mar 2025 05:19:44 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAKO1r/BQM5Yam3WA+UngEfTzdm4EcxpuzNZhtSOd4F8ww== Received: by 2002:a4a:bd89:0:b0:602:7ef7:1bb with SMTP id 006d021491bc7-6027ef7034fls67551eaf.2.-pod-prod-08-us; Thu, 27 Mar 2025 05:19:41 -0700 (PDT) X-Received: by 2002:a05:6808:218b:b0:3fb:a7d0:3b46 with SMTP id 5614622812f47-3fefa4e05d5mr1855668b6e.8.1743077981656; Thu, 27 Mar 2025 05:19:41 -0700 (PDT) Received: by 2002:a05:6808:428b:b0:3fa:da36:efcd with SMTP id 5614622812f47-3feefb746c5msb6e; Wed, 26 Mar 2025 12:26:14 -0700 (PDT) X-Received: by 2002:a17:90b:134f:b0:2ff:693a:7590 with SMTP id 98e67ed59e1d1-303a9187432mr1180166a91.33.1743017173387; Wed, 26 Mar 2025 12:26:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1743017173; cv=none; d=google.com; s=arc-20240605; b=a4gHFR5SiwMwoKTCnktOKCp810IzFYEOBHVJthCF/gHkX5tyaIPKRj2jqaxRJqka31 tqMWwnIUuxrEnXJFsGCcWZFOSRk+hb/y1aImQbGe6EmXXW0dwNtQXJfwdA848trEldgT 9apGbZ5rNqiSj2PEonRm+GsQ+Kj9Wf4wAx0GO9hrGdXgmTuyFRhbpZ4Otl8H6nhsszpk XfdrTM7wkHyNCvEbt92oQI7OaUCq5KIDBYY5TkOU4KWgMktJ/HxQ00zqEvJ6vFo8Y8jX b0xNktm8wb5Ky3+R3V7qRpVPLWku6pvId1wnsfLyCaZF4ccqH4MKAFlhq35UdJIH2JrQ +U3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=jX2wY7Xsx2gO/5Rq2y38mwBmWGVvU1L+SzZ+/WLXf0A=; fh=5HyPAjoX9Qu8lrKcSbvwAEk6+YgBxPNZL8TnxYb/Mm4=; b=PE9lIEKt//JR3Pz6PNVh/6rUd0T/nkwWDtix1jVdh0o0b0wnDP2MqsTuapqcUxvEkE wWVoIPQsaSISKe7BTjxqtCu90BzV1VEL4E2/noV4/Eh0Fwf5PpliIpC3iSTMLukPtRz+ EWnqO4owFnIOOSm0ObLCiqMB1ysh2r2G1dGtrWJ9x1MrKSvisRThxEMMSRuNGw8UzNSr DnIdAT52xKi1OOSbaXZfBHRJ89Wmnwu119M8KAc25Vmn9F9VpZJrTRPWWO6oTKze6DjW ZgKnI/0/gEmodmzFbK8Vt2N3FFE5wxtlXzQYpWOTy51heFMDHRcruhBUxJq4/JejQXPg zltg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cbjggFOg; spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com. [2607:f8b0:4864:20::232]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-3039eb0f8edsi38659a91.3.2025.03.26.12.26.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 Mar 2025 12:26:13 -0700 (PDT) Received-SPF: pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) client-ip=2607:f8b0:4864:20::232; Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-3f94b7bd964so75503b6e.1 for ; Wed, 26 Mar 2025 12:26:13 -0700 (PDT) X-Gm-Gg: ASbGnctO+Asc3CRvyg1jPSxCl1dCyh7b9VMq7ZDzDMAqINiRTdmBvjGmVY9Gr+nsibM 9zAfvHzjpgZUf5ktCdc22W+SmGo8SpQ3faLP8gnQncfp7aPKZo74f4eOISbRXFDYWYBJBtSSLrT 7/FgoyTcrHygrvuhi8CbAphuJMh9otpoF3J6OEPsJksg0= X-Received: by 2002:a05:6808:1598:b0:3f8:c486:9b27 with SMTP id 5614622812f47-3fefa546852mr454056b6e.22.1743017172391; Wed, 26 Mar 2025 12:26:12 -0700 (PDT) MIME-Version: 1.0 References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> In-Reply-To: From: "/dev /fd0" Date: Thu, 27 Mar 2025 00:56:02 +0530 X-Gm-Features: AQ5f1JoAoUTb-gqf1KPdEw6hIdHxm_yavjHsM772xFqpQFXEV6qqIhMM31oACcA Message-ID: Subject: Re: [bitcoindev] UTXO probing attack using payjoin To: Yuval Kogman Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="00000000000065e0b1063143cf1c" X-Original-Sender: alicexbtong@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cbjggFOg; spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --00000000000065e0b1063143cf1c Content-Type: text/plain; charset="UTF-8" Hi Yuval, Thank you for your feedback. > This will> likely link it to the receiver's other coins eventually, and certainly > links it to the receiver's subsequent transactions. Coin control and labels can be used to avoid this. Consolidation of inputs is often bad for privacy and makes silent payments, coinjoin etc. useless in some cases however the user has the choice to select coins manually while transacting. In payjoin, users can't do much about it. They have to share UTXOs in response to the original PSBT along with the address to receive bitcoin. > In the payjoin setting, the receiver is > using coinswap in that manner, then as a payjoin receiver they can > elect to only use coinswapped coins as contributed inputs to payjoin > transactions. It could be a workaround or temporary fix for this problem. However, if swapped coins are used in transactions, octojoin could be a better solution which doesn't require any inputs from the recipient. > I'm not sure what you mean by "the recipient would never doubt it > because it's a privacy tool", it sounds to me like this is mainly a > criticism of the UX of payjoin supporting wallets, or of wallets in > general for not educating users that privacy is not a binary thing? The recipient would never doubt a sender who insists on using payjoin and not interested in a normal bitcoin transaction. They would not know the intentions of the sender before payjoin. > Note that in all of these specifications of payjoin UTXO probing is > not costless since the sender must send a fully signed transaction in > order to learn such a UTXO, and this transaction although not > confirmed still imposes a fee cost on the sender if broadcast (even if > it is replaced). It was costless in the demo which could be fixed by bullbitcoin. However, an attacker with a budget and some motivation can always spy on your wallet using payjoin. Things become even easier with automated payment systems such as BTCPay Server. /dev/fd0 floppy disk guy -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%40mail.gmail.com. --00000000000065e0b1063143cf1c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Yuval,

Thank you for your feedback.<= br>
> This will> likely link it to the receiver's other coins = eventually, and certainly
> links it to the receiver's subsequent= transactions.

Coin control and labels can be used to avoid this. Co= nsolidation of inputs is often bad for privacy and makes silent payments, c= oinjoin etc. useless in some cases however the user has the choice to selec= t coins manually while transacting. In payjoin, users can't do much abo= ut it. They have to share UTXOs in response to the original=C2=A0PSBT along= with the address to receive bitcoin.

>=C2=A0In the payjoin setti= ng, the receiver is
> using coinswap in that manner, then as a payjoi= n receiver they can
> elect to only use coinswapped coins as contribu= ted inputs to payjoin
> transactions.

It could be a workaround= or temporary fix for this problem. However, if swapped coins are used in t= ransactions, octojoin=C2=A0could be a better solution which doesn't req= uire any inputs from the recipient.

>=C2=A0I'm not sure what = you mean by "the recipient would never doubt it
> because it'= ;s a privacy tool", it sounds to me like this is mainly a
> crit= icism of the UX of payjoin supporting wallets, or of wallets in
> gen= eral for not educating users that privacy is not a binary thing?

The= recipient would never doubt a sender who insists=C2=A0on using payjoin and= not interested in a normal=C2=A0bitcoin transaction. They would not know t= he intentions of the sender before payjoin.

> Note th= at in all of these specifications of payjoin UTXO probing is
> not = costless since the sender must send a fully signed transaction in
> o= rder to learn such a UTXO, and this transaction although not
> confir= med still imposes a fee cost on the sender if broadcast (even if
> it= is replaced).=C2=A0

It was costless in the demo which could be fixe= d by bullbitcoin. However, an attacker with a budget and some motivation ca= n always spy on your wallet using payjoin. Things become even easier with= =C2=A0automated payment systems such as BTCPay Server.

/dev/fd0
= floppy disk guy

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/= d/msgid/bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%= 40mail.gmail.com.
--00000000000065e0b1063143cf1c--