--- Log opened Mon May 10 00:00:51 2021 01:12 -!- belcher_ is now known as belcher 01:31 -!- undeath [~undeath@hashcat/team/undeath] has joined #joinmarket 01:33 -!- fiatjaf [~fiatjaf@2804:7f2:298d:1e20:ea40:f2ff:fe85:d2dc] has quit [Ping timeout: 250 seconds] 01:35 -!- fiatjaf [~fiatjaf@2804:7f2:2a8f:67a2:ea40:f2ff:fe85:d2dc] has joined #joinmarket 01:51 < undeath> belcher: thanks for the fidelity bonds pr! 01:53 < belcher> no problem haha 02:00 < undeath> interesting stuff and hyped to see it in production soon :) 02:01 < belcher> im very interested to see what effect it has on the market 02:01 < belcher> we've got countless times when someone on reddit or IRC accidentality admitted to running 3-4 yield generators 02:02 < belcher> its possible the ~100 makers we have results in just 30-40 yield generators with fidelity bonds 02:03 < belcher> also after they're added we can spam joinmarket as a DiFi solution, telling people can they make money doing nothing, previously i was reluctant to do that because the stat "100 makers ready to coinjoin" doesnt mean much if they could all just be one guy 02:07 < undeath> lol 02:11 < undeath> if someone were to run multiple makers with a shared fidelity bond, would that be immediately obvious? 02:12 < undeath> is it advertised as part of the offer or only later during the coinjoin? 02:18 < belcher> yeah that just wont work 02:18 < belcher> takers check for duplicate UTXOs 02:18 < belcher> it is advertised as part of the offer 02:19 < belcher> also, importantly, the fidelity bond value is calculated as the bitcoins squared, so e.g. if theres 5btc in the bond the value is 25, with 6btc the value is 36 02:20 < belcher> that means people have a strong incentive to put all their coins into just one maker bot, so when a taker does a coinjoin with multiple makers they know theres a strong incentive for those multiple makers to genuinely be different people 02:20 < belcher> the squaring really punishes a sybil attacker... because a sybil attacker has to run multiple bots while honest bots (honest = only profit motivated) run just one bot 02:21 < belcher> i added a section to the orderbook watch html server, one of the things it calculates is "foregone value", i.e. assume the top N makers in the orderbook are actually sybils, how much fidelity bond value have they not collected because they split up their bitcoins over multiple bots 02:36 < undeath> magnificient 02:40 < undeath> i see you removed a couple of references to legacy segwit wallets. are fidelity bonds only supported for native segwit? 03:12 < belcher> yes 03:12 < belcher> no point using p2sh-wrapped segwit anymore really 03:18 -!- Sanford83Koch [~Sanford83@static.57.1.216.95.clients.your-server.de] has joined #joinmarket 03:32 < undeath> "With realistic assumptions we have calculated that an adversary would need to lock up around 50000 bitcoins for 6 months" - it'd be interesting to see those assumptions 03:56 < waxwing> openoms, i was going through it in detail and you have a few duplicates in that list (not too many; a9d7.. x2 and 0abd.. x3). it'll be because candidates.txt is appended too, not overwritten. 03:56 < waxwing> so presumably you ran it more than once on different windows or something like that. 03:56 < waxwing> appended to* sorry 04:19 < waxwing> also openoms your pastebin has from 682603 to 682795, so it's more than a day? more like 1.3 days i guess, or maybe a bit more? 04:24 < belcher> undeath all the assumptions and method is here https://gist.github.com/chris-belcher/87ebbcbb639686057a389acb9ab3e25b 04:25 < belcher> the major assumption is i took the state of the orderbook in july 2019 and assumed people would put a similar amount of coins into fidelity bonds 04:25 < belcher> hmm back then the orderbook had only 67 makers, today its about 100 on native segwit and about 60 on p2sh-segwit 04:25 < belcher> so sybil resistance is even stronger in theory today 04:31 < waxwing> thread may be of interest: https://x0f.org/web/statuses/106210642377163192 04:31 < waxwing> feel free to share the clickbait headline lol 04:32 < belcher> doesnt seem very clickbait to me, its true 04:32 < belcher> why is it stupid? 04:32 < belcher> its the sum of all coinjoin outputs right? 04:32 < waxwing> yeah but i don't know what it really means 04:33 < waxwing> ok fair enough, i do think it's click-baity to use that as a measure, but it's admittedly very hard to come up with a better one! 04:33 < belcher> according to http://bitcoinkpis.com/privacy joinmarket out-coinjoins wasabi and samourai by about 2-3x 04:34 < belcher> presumably because they have coinjoins of amounts 0.1btc or less, and in joinmarket you get coinjoin amounts of 50btc sometimes and just one of those is like 500 wasabi coinjoins 04:35 < waxwing> yes this is why i feel that the choice of measure i'm using there is misleading 04:35 < belcher> why? 04:35 < waxwing> but it's also true that it's a feature we have that they don't (and can't really) 04:35 < belcher> i would say its down to joinmarket's better design, i never much like the fixed denominations design of the others 04:35 < waxwing> because i think 1 coinjoin with 100 counterparties has a nonlinear advantage over 20 cjs with 5 counterparties 04:36 < waxwing> yes we have advantages but they have other advantages 04:36 < belcher> what advantage is that 04:36 < belcher> from the point of view of a surveillance company both are unmixable 04:37 < waxwing> computational intractability and more repeats, plus things like "toxic recall" become entirely impossible at large anon sets 04:37 < waxwing> i think if we were at say 20 not average 7, i'd be more inclined to agree that we don't lose that much by being smaller per tx 04:37 < waxwing> anyway all of this stuff is pretty arguable and unclear 04:38 < belcher> yep, not an exact science 04:40 < belcher> your graph that you posted on mastadon, it might be a bit better if the x axis was log scale 04:40 < belcher> monetary amounts usually always make more sense as lot, you can also see in the graph a lot of points bunch up close to 0btc 04:40 < belcher> make more sense as log* 04:40 < waxwing> yes true, but i guess in this case it's not *too* bad; there's not much data here. 04:41 < waxwing> i was just looking at it wondering if it says anything interesting, perhaps the only thing is that it's heartening to see very few <5 cp joins 04:41 < belcher> yep 04:48 < undeath> isn't it a bit misleading to assume every maker locks up their maxsize amount? That would probably be 50-60% of their funds which would cripple liquidity significantly 04:49 < belcher> well yeah 04:49 < belcher> back in 2019 or even now i dont have another way to really estimate 04:49 < belcher> even if you divide by 2 or 3 the answer doesnt change much, its still many tens of thousands of bitcoins locked up for months 04:50 < belcher> the important result is that if honest makers have locked up X btc then the sybil attacker has to lock up around 20x or 30x that amount 04:50 < undeath> yes, not an easy task. after all the protocol ensures nobody really knows how much funds are in others' wallets 04:50 < belcher> its stronger than for example PoW where the attacker only has to get the same amount of hashpower as everyone else 04:51 < undeath> i wonder how eager people are to lock up their coins for months or even years with the price volatility 04:51 < belcher> hodlers will 04:52 < openoms> @waxwing yes, thanks, it was appended for sure. Very useful that it keeps the data like that since the scan is computationally expensive 05:10 < openoms> @belcher very excited for fidelity bonds too. I don't think that locking up for along time is an issue. Many don't trade, but good recommendation to start with 1-2 months. Some are not planning to use JM long term, only run to an extent then move to cold storage for the peace of mind. 05:10 < openoms> Saying that being able to keep the bonds cold will be a great development! 05:11 < belcher> yep, the whole of joinmarket is based on the observation that theres plenty of bitcoins out there sitting in cold storage, so they are available to be put to use for coinjoins if theres an incentive 06:03 -!- davterra [~davterra@gateway/tor-sasl/tralfaz] has joined #joinmarket 06:58 < waxwing> belcher, what did you glean from that survey you did of what lockup time ~ burn? personally my figures would be much lower than the gist, i think i would treat 5-10 years as already very near to burn. 06:59 < waxwing> mostly because of the unknowable risks we deal with in this field, but also my age might play a role in that assessment :) 07:29 < waxwing> belcher, another question, what changed your mind about coin burning? 07:51 -!- Sanford83Koch [~Sanford83@static.57.1.216.95.clients.your-server.de] has quit [Ping timeout: 252 seconds] 08:21 -!- viasil [~nobody@95.174.67.172] has quit [Ping timeout: 252 seconds] 08:31 -!- viasil [~nobody@95.174.67.172] has joined #joinmarket 08:33 -!- rojiro_ [~rojiro@gateway/tor-sasl/rojiro] has joined #joinmarket 08:33 -!- rojiro [~rojiro@gateway/tor-sasl/rojiro] has quit [Ping timeout: 240 seconds] 08:51 < undeath> is it expected that some tests fail in #872 or is something with my test setup broken? 09:09 < waxwing> Why is it tbond and not fbond. i can't figure out what t stands for :) 09:09 < waxwing> undeath, i've almost finished reading the code, i'll run it too as a cross check, fwiw, soon. 09:10 < waxwing> in fact, nothing is stopping me, right now :) 09:13 < waxwing> yeah i have a number of failures. will come back to it later. 09:13 < undeath> ok, thanks for checking 09:13 < undeath> was worried i messed something up 09:16 < waxwing> at first glance it looks like there's old tests that now fail due to missing arguments (e.g.: taker.initialize()), so there's at least one reason it makes sense. 09:17 < undeath> yeah, some complaints about missing fidelity bonds related attributes or arguments 09:21 -!- stoner19 is now known as Guest93646 09:21 -!- Guest93646 is now known as stoner29 09:22 -!- stoner29 is now known as stoner19 09:44 < belcher> waxwing 5 years is equivalent to 14% pa, 10 years is 7% pa... its hard to get much from the survey really *shrug* 09:44 < belcher> i wrote this https://gist.github.com/chris-belcher/87ebbcbb639686057a389acb9ab3e25b#determining-interest-rate-r and the exact interest rate shouldnt matter too much as long as its sane 09:44 < belcher> tbond stands for timelocked bond 09:44 < belcher> i changed my mind on burning when i realized if i skip burning then less code needs to be written, and you can still get burning by allowing locktimes that are far into the future 09:45 < belcher> hmm yeah i didnt run all the tests 😅 10:08 -!- Traca [~Traca@gateway/tor-sasl/traca] has joined #joinmarket 11:05 < waxwing> yeah makes sense re: burn. i guess only advantage is pruneable cf long timelock but simplicity matters. 11:07 < belcher> yep, thats ultimately why timelocked fidelity bonds are easier to design for, because every node stores them in its utxo set 11:07 -!- vrana [~mvranic@gateway/tor-sasl/vrana] has quit [Ping timeout: 240 seconds] 11:08 < belcher> burner outputs are not much harder though, with a merkle proof a pruned node can be convinced of their existence, but the proof for them is larger 11:16 -!- vrana [~mvranic@gateway/tor-sasl/vrana] has joined #joinmarket 11:24 < waxwing> oh proof size yes. good point. 12:02 -!- Traca [~Traca@gateway/tor-sasl/traca] has quit [Remote host closed the connection] 12:04 -!- Traca [~Traca@gateway/tor-sasl/traca] has joined #joinmarket 12:29 < Traca> I am reading the fidelity bonds and I have some questions, what I understand is that in order to try to make sybil attakcs more expensive, makers decide to lock coins for a period of time (even some sending to a burner address? to loose it?) and in exchange get higher gains when coinjoining 12:30 < Traca> if I am a chainanalysis trying to analize the joinmakert, why should I care locking for 6 months? probably they have been doing it for years 12:31 < Traca> I am asking because it is possible that I did not understand it correct, the time the coins are locked, you are still doing coinjoins right? 12:34 < belcher> Traca the coins doing the coinjoins are separate from the coins locked in timelocked addresses 12:34 < Traca> ok 12:35 < Traca> and the fidelity bonds are coins that you will recover after a period of time? or some are completley lost? 12:35 < Traca> the locked coins I mean* 12:35 < belcher> the crucial argument is that the value of a fidelity bond is calculated as the bitcoins squared, so if its 5btc locked up the value is 5x5=25.. this means that theres a strong incentive to lump coins together into just one bot, and for a sybil attack to work it must run many many bots and therefore it has a strong headwind due to the squared term 12:36 < belcher> the maker locking the coins chooses how much they want to lock them for, so they can choose 1-2 months but also they could choose 70 years which is basically the same as losing them 12:36 < belcher> obviously the longer coins are locked for the more valuable the fidelity bond 12:37 < Traca> I understand now, thanks for the explanation belcher 13:16 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has quit [Ping timeout: 240 seconds] 14:12 -!- jonatack [jon@gateway/vpn/airvpn/jonatack] has joined #joinmarket 14:40 -!- Traca [~Traca@gateway/tor-sasl/traca] has quit [Quit: Traca] 15:02 -!- undeath [~undeath@hashcat/team/undeath] has quit [Quit: WeeChat 3.1] 20:38 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #joinmarket 20:41 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 246 seconds] 22:26 -!- Cory [~Cory@unaffiliated/cory] has quit [Read error: Connection reset by peer] 22:44 -!- Saloframes_ [~Saloframe@97-118-147-192.hlrn.qwest.net] has quit [Read error: Connection reset by peer] 23:17 -!- Cory [~Cory@unaffiliated/cory] has joined #joinmarket 23:25 -!- flight [~flight@135-23-126-204.cpe.pppoe.ca] has quit [Ping timeout: 240 seconds] --- Log closed Tue May 11 00:00:51 2021