From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 090261012 for ; Fri, 2 Aug 2019 09:22:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3A5DF712 for ; Fri, 2 Aug 2019 09:22:07 +0000 (UTC) Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id CE64A1A11D7; Fri, 2 Aug 2019 02:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1564737727; bh=U9DW0XifiVGXkt8qKm55u242FK198BnUW4zh9RmvcbU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=XYs0RsrivYG/TjJW6C+VG6/rKip9vS0L6FOvMJDTB7E2kZSXkv4MR7bljkMjzP0kd 5pBu8uQo23hGMjonsSUUery39K0goPzpJmSViCua4Be9yT+wyo9DzgZnTFcMKyADQR AByP8US/IAylL+fg3hxDm2i0a7PcDFfBH5bTRdwQ= X-Riseup-User-ID: 5522422EF4A8A3E8384A81AF3B48E4E44111205E3C8FBFFC95E8B58101048683 Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id EB996120A03; Fri, 2 Aug 2019 02:22:05 -0700 (PDT) To: Dmitry Petukhov , bitcoin-dev@lists.linuxfoundation.org References: <985792b1-e7aa-677b-a7a1-6a5f672da884@riseup.net> <94534006-D560-4C90-9D5D-A3A64B698518@gmail.com> <20190726143738.0be561da@simplexum.com> <3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net> <20190731205018.10ed4302@simplexum.com> From: Chris Belcher Openpgp: preference=signencrypt Autocrypt: addr=belcher@riseup.net; prefer-encrypt=mutual; keydata= mQINBFPk74oBEACzBLjd+Z5z7eimqPuObFTaJCTXP7fgZjgVwt+q94VQ2wM0ctk/Ft9w2A92 f14T7PiHaVDjHxrcW+6sw2VI2f60T8Tjf+b4701hIybluWL8DntG9BW19bZLmjAj7zkgektl YNDUrlYcQq2OEHm/MGk6Ajt2RA56aRKqoz22e+4ZA89gDgamxUAadul7AETSsgqOEUDI0FKR FODzoH65w1ien/DLkG1f76jd0XA6AxrESJVO0JzvkTnJGElBcA37rYaMmDi4DhG2MY4u63VE 8h6DyUXcRhmTZIAj+r+Ht+KMDiuiyQcKywCzzF/7Ui7YxqeAgjm5aPDU2E8X9Qd7cqHQzFM7 ZCqc9P6ENAk5a0JjHw0d0knApboSvkIJUB0j1xDIS0HaRlfHM4TPdOoDgnaXb7BvDfE+0zSz WkvAns9oJV6uWdnz5kllVCjgB/FXO4plyFCHhXikXjm1XuQyL8xV88OqgDFXwVhKrDL9Pknu sTchYm3BS2b5Xq1HQqToT3I2gRGTtDzZVZV0izCefJaDp1mf49k2cokDEfw9MroEj4A0Wfht 0J64pzlBYn/9zor5cZp/EAblLRDK6HKhSZArIiDR1RC7a6s7oTzmfn0suhKDdTzkbTAnDsPi Dokl58xoxz+JdYKjzVh98lpcvMPlbZ+LwIsgbdH4KZj7mVOsJwARAQABtB9DaHJpcyBCZWxj aGVyIDxmYWxzZUBlbWFpbC5jb20+iQI+BBMBAgAoBQJT5O+KAhsDBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAAKCRDvc06md/MRKS8jD/9P9fSYSIVjltL9brAMfIu7wJn0H0lX TbcuCM2uQitJ3BNxI3c7aq5dEby27u5Ud54otncDJuRPQVDKs6H7t1rInitgJ1MTQ9/aQGFA btKcgtVIMFbeClzTTfWr4W7fE45NI7E9EANgk5JfmWh3U+KINYLF5RtqynYocrsP6zOV+G9A HCpBemd9TN60CoMLMyMzTHEW1oQffaVAXY8DgthEYO/odWYIod7VTmEm0zU1aSysPqMwPWNm 8XIl0f8SfKQyZlAU8e1eCFVCenkE44FKC5qQNYc2UxexEYtfCWChTGc4oHKxIyYmTCCefsQF LvgwtvlNHRXHSDKSPSNcRcpl8DFpNEKrmMlkJ8Mx+YR05CydlTQ0bI3FBohJC+UHrjD5I3hA wJUC1o+yVSOEd+zN3cG1EECIwkEQSmBgG5t/le2RdzfXOdpf9ku2/zoBpq00R54JxUKlfRM7 OPTv7X+1AKHkxOySdCZwGgvdh2Whuqs4kTvtco00gCFM9fBd5oi1RJuHtxHsj8+/XU15UItb jeo96CIlM5YUeoRLPT5mxZYWgYAARFeSFReNq/Tuwq9d8EokUrtAyrPayznliy53UJfWDVzl 925c0Cz0HWaP2fWj+uFcj/8K0bhptuWJQy0Poht1z3aJC1UjEgr1Xz8I7jeSJmIlA9plcJw2 k4dhWbkCDQRT5O+KARAAyFxAM28EQwLctr0CrQhYWZfMKzAhCw+EyrUJ+/e4uiAQ4OyXifRr ZV6kLRul3WbTB1kpA6wgCShO0N3vw8fFG2Cs6QphVagEH8yfQUroaVxgADYOTLHMOb7INS8r KI/uRNmE6bXTX27oaqCEXLMycqYlufad7hr42S/T8zNh5m2vl6T/1Poj2/ormViKwAxM+8qf xd8FNI4UKmq2zZE9mZ5PiSIX0qRgM0yCvxV39ex/nhxzouTBvv4Lb1ntplR/bMLrHxsCzhyM KDgcX7ApGm+y6YEsOvzw9rRCRuJpE4lth8ShgjTtNTHfklBD6Ztymc7q7bdPWpKOEvO5lDQ6 q8+KfENv862cOLlWLk7YR2+mHZ1PXGhWC7ggwEkfGJoXo0x8X+zgUKe2+9Jj4yEhfL0IbFYC z2J5d+cWVIBktI3xqkwLUZWuAbE3vgYA4h8ztR6l18NTPkiAvpNQEaL4ZRnAx22WdsQ8GlEW dyKZBWbLUdNcMmPfGi5FCw2nNvCyN6ktv5mTZE12EqgvpzYcuUGQPIMV9KTlSPum3NLDq8QI 6grbG8iNNpEBxmCQOKz2/BuYApU2hwt2E44fL8e6CRK3ridcRdqpueg75my6KkOqm8nSiMEc /pVIHwdJ9/quiuRaeC/tZWlYPIwDWgb8ZE/g66z35WAguMQ+EwfvgAUAEQEAAYkCJQQYAQIA DwUCU+TvigIbDAUJEswDAAAKCRDvc06md/MRKaZwD/9OI3o3gVmst/mGx6hVQry++ht8dFWN IiASPBvD3E5EWbqWi6mmqSIOS6CxjU0PncxTBPCXtzxo/WzuHGQg/xtNeQ0T8b2lBScZAw93 qm1IcHXLUe5w/Tap6YaDmSYCIZAdtbHzYfPW4JK7cmvcjvF8jhTFOBEOFVQkTi19G7caVot0 +wL1e2DRHDXAe5CinEpaLBlwHeEu/5j6wc3erohUZlK9IbAclj4iZTQbaq3EyqUXl59dBOON xmL5edJxzVishIYQGIyA9WP1SylXt+kO82NEqZG2OxdXAlzjuJ8C2pAG+nbLtDo4hcsiN/MA aX9/JB7MXclT5ioerF4yNgKEdfq7LmynsTUd8w/Ilyp7AD+BWoujyO94i8h9eKvjf9PvSwxQ uAjRpxne7ZJD8vCsMNXBHSbeEK2LiwStHL/w473viXpDD53J6OLxX6a5RummR+rixbMH7dgK MJQ7FlyDphm3or6CSkGEir1KA0y1vqQNFtHhguFapAWMDKaJjQQNgvZUmOo6hbZqmvUF1OWc d6GA6j3WOUe3fDJXfbq6P9Jmxq64op887dYKsg7xjQq/7KM7wyRcqXXcbBdgvNtVDP+EnzBN HyYY/3ms4YIHE5JHxQ9LV4yPcWkYTvb1XpNIFVbrSXAeyGHVNT+SO6olFovbWIC3Az9yesaM 1aSoTg== Message-ID: Date: Fri, 2 Aug 2019 10:21:57 +0100 MIME-Version: 1.0 In-Reply-To: <20190731205018.10ed4302@simplexum.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 02 Aug 2019 11:32:35 +0000 Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Aug 2019 09:22:10 -0000 On 31/07/2019 16:50, Dmitry Petukhov wrote: > В Tue, 30 Jul 2019 22:39:14 +0100 > Chris Belcher via bitcoin-dev > wrote: > >> This is where a sacrifice of V bitcoins creates a >> bond of value V^2. The formula provides a strong incentive for >> profit-motivated makers to use all their fidelity bond coins with just >> one maker, not spread them out over many makers. > > The attacker derives additional value from the use of > locked utxo - the deanonimyzation capabilities. > > An entity M can use all of its locked coins to run a maker, and then > earn value X. It will also incur some operational expenses in the course > of running the maker, so the profit will be less than X. > > If these locked coins are given to the attacker A as a package, an > attacker can derive a value of X+D where D is a value of increased > deanonymization capabilities for an attacker. Operational expenses > for an attacker are the same as before (without timelocked bonds), > because they need to operate a lot of makers either way. > > If M is profit-driven and non-ideological, it can rent out all of its > coins to A as a package, for the price X, and get the same value without > running a maker and dedicating any resources and time to it, not > incurring any operatinal expenses (thus having a bigger profit in the > end). > > Attacker A will run a maker with M's coins, get profit X, pay X to M, > get increased deanonymization capabilities. > > If renting out of utxo is done in a way that the owner always gets X > after the lock expires, the operation will be riskless for the owner. > The attacker will need to lock amount X along with owner's coins, but > hopefully makes X back by running a maker operation. > > The price for renting out the coins will be determined on the size of > the 'coin package', so it will not be feasible for the owners of the > coins to rent them out separately. > > An attacker can even rent coins from several entities and combine them > to create a more 'powerful' maker. If I understand correctly, such > 'powerful' maker can have bigger profit than two less 'powerful' > makers. It seems like a centralization risk to me. > There's a few different issues here. Yes TXO fidelity bonds can be rented out, but that doesn't make a sybil attack cheaper. The aim of the fidelity bond scheme is to require makers to sacrifice value, renting out their fidelity bond coins doesn't avoid that sacrifice because the sacrifice is the paid rent. Because of the maths and market forces the rent paid by the attacker should be about the same as the cost of just buying the bitcoins and locking them. Centralization and decentralization are not ends in themselves, the main aim in JoinMarket is to improve privacy while keeping the other properties of bitcoin (e.g. censorship resistance). A single maker can never deanonoymize coinjoins no matter how valuable their bond is, because takers always choose multiple makers, and all of them need to be controlled by the sybil attacker for the attack to succeed. If a sybil attacker splits up their fidelity bonds (rented or not) amongst multiple maker bots then they reduce the value of their bonds because of the V^2 term. Rented TXOs does destroy the effect of "A long-term holder probably won't want to attack a system like JoinMarket which makes his own investment coins more private and more fungible". However this is not the main effect which would protect JoinMarket's privacy. The main effect is the cost which for real-life numbers would be about 45-120 bitcoin sent to burner outputs. Perhaps then rented TXOs is an argument against using coin age as a way to create fidelity bonds. Hodlers would be far less likely to rent out their coins if they have to specifically move them to a special time-locked address. Another point is that for privacy reasons creators of fidelity bonds should mix their coins before and after using them, because those TXOs are revealed to the world. So it's likely that fidelity bonds creators will need to install and run JoinMarket anyway.