--- Log opened Tue Aug 10 00:00:34 2021
01:16 < belcher_> thats not really a credible threat, the makers connect over tor, and compromising them only helps the attacker if they manage to compromise every maker involved in a coinjoin, compromising one or two doesnt help
01:18 -!- belcher_ is now known as belcher
01:31 < belcher> a taker picks multiple makers coinjoins, sure it will likely pick that whale but thats only one slot, the taker needs to choose 7-10 makers overall and that whale is just one
02:08 -!- jonatack [~jonatack@user/jonatack] has joined #joinmarket
04:38 -!- undeath [~undeath@user/undeath] has joined #joinmarket
04:45 -!- Lightsword_ [~Lightswor@user/lightsword] has joined #joinmarket
04:46 -!- stoner19_ [~stoner19@2a02:c207:2022:1374::1] has joined #joinmarket
04:47 -!- ufotofu_ [~ufotofu@user/ufotofu] has joined #joinmarket
04:48 -!- VicenteH [~user@44.235.15.37.dynamic.jazztel.es] has joined #joinmarket
04:51 -!- VicenteH [~user@44.235.15.37.dynamic.jazztel.es] has quit [Changing host]
04:51 -!- VicenteH [~user@user/zenton] has joined #joinmarket
04:51 -!- Netsplit *.net <-> *.split quits: pigeons, shiza, berndj, Xeha, avril, BlueMatt, nixbitcoindev[m], Zenton, curemici[m], ufotofu,  (+7 more, use /NETSPLIT to show all of them)
04:51 -!- Lightsword_ is now known as Lightsword
04:53 -!- Netsplit over, joins: eric_yhf[m], curemici[m], nixbitcoindev[m], k3tan
04:53 -!- VicenteH is now known as Zenton
04:55 -!- xyy [~xyy@2001:470:69fc:105::f2d] has quit [Ping timeout: 252 seconds]
04:56 -!- eric_yhf[m] [~ericyhfma@2001:470:69fc:105::ca86] has quit [Ping timeout: 245 seconds]
04:56 -!- nixbitcoindev[m] [~nixbitcoi@2001:470:69fc:105::b8cd] has quit [Ping timeout: 245 seconds]
04:57 -!- avril [av@user/avril] has joined #joinmarket
04:57 -!- shiza [~admin@ec2-52-208-131-13.eu-west-1.compute.amazonaws.com] has joined #joinmarket
04:57 -!- dodo [~dodo@user/dodo] has joined #joinmarket
04:57 -!- nsh [~lol@user/nsh] has joined #joinmarket
04:58 -!- berndj [~berndj@ns1.linksynergy.co.za] has joined #joinmarket
04:58 -!- pigeons [~pigeons@androzani.sysevolve.com] has joined #joinmarket
04:58 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #joinmarket
04:58 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has joined #joinmarket
04:58 -!- achow101 [~achow101@user/achow101] has joined #joinmarket
05:01 -!- tiker[m] [~tikerfunk@2001:470:69fc:105::103a] has quit [Ping timeout: 272 seconds]
05:01 -!- openoms[m] [~openomsma@2001:470:69fc:105::c2f] has quit [Ping timeout: 272 seconds]
05:01 -!- nyxnor[m] [~nyxnormat@2001:470:69fc:105::5011] has quit [Ping timeout: 272 seconds]
05:01 -!- Evanito[m] [~evanito@2001:470:69fc:105::1ec] has quit [Ping timeout: 276 seconds]
05:14 -!- eric_yhf[m] [~ericyhfma@2001:470:69fc:105::ca86] has joined #joinmarket
05:19 -!- nixbitcoindev[m] [~nixbitcoi@2001:470:69fc:105::b8cd] has joined #joinmarket
05:49 -!- openoms[m] [~openomsma@2001:470:69fc:105::c2f] has joined #joinmarket
05:49 -!- tiker[m] [~tikerfunk@2001:470:69fc:105::103a] has joined #joinmarket
05:53 -!- Evanito[m] [~evanito@2001:470:69fc:105::1ec] has joined #joinmarket
05:54 -!- nyxnor[m] [~nyxnormat@2001:470:69fc:105::5011] has joined #joinmarket
06:04 -!- xyy [~xyy@2001:470:69fc:105::f2d] has joined #joinmarket
06:13 -!- openoms_ [~quassel@gateway/tor-sasl/openoms] has quit [Remote host closed the connection]
06:13 -!- openoms [~quassel@gateway/tor-sasl/openoms] has joined #joinmarket
06:58 -!- NorrinRadd [~username@154.6.20.240] has quit [Ping timeout: 268 seconds]
07:21 < waxwing> belcher, did you write in the fidelity-bonds.md that only the most valuable bond is considered? See #963
07:22 < waxwing> i mean only the most valuable bond is *advertised* ofc
07:23 < waxwing> i may have missed it, but it looks like it only explains that one is optimal vs many, not that only one is advertised
07:26 < belcher> ill read
07:30 -!- Pedro94 [~Pedro@pool-96-232-92-134.nycmny.fios.verizon.net] has joined #joinmarket
07:35 < belcher> by my reading its not really written anywhere, certainly not emphasized
07:54 < waxwing> might make sense to PR that edit along with emphasizing the ways you can and can't spend the timelocked outputs in coinjoins (in that section that already exists), that we mentioned a couple days back.
07:55 < belcher> the section "Can I add coins to a fidelity bond that already exists?" kind of hints at it but not enough
07:55 < belcher> ill write a PR
07:55 < belcher> ill write a PR about locking up multiple UTXOs
07:56 < belcher> i suggest you or someone else who coded things regarding spending in coinjoins write another PR explaining that, i wasnt really follownig those issues in detail tbh
07:56 < waxwing> sure np
08:15 < belcher> bitcoin's utxo model is unintuative if you're not familiar with it which is probably why these two people got burned
08:16 < waxwing> well, maybe, but it'd be an easy mistake to make to think that the bonds aggregate, because they could aggregate (albeit extremely suboptimally due to ^2 term)
08:17 < waxwing> i mean under the hood it'd be a mess but users wouldn't think like that
08:19 < waxwing> wow, i missed "The yield generator will automatically announce the most valuable fidelity bond in its wallet." on this read through (though i must have seen it before, because i was assuming it was there)
08:19 < waxwing> so prob. just a matter of emphasis
08:20 < belcher> i notice the phrase "fidelity bonds" in the plural if very often used
08:20 < belcher> when in practice yield-generators are just creating a single fidelity bond
08:20 < belcher> i might modify that too, only refer to them in the singular in the yield-generator section
08:31 < belcher> iv done the edits but cant push to github, it says "Internal Server Error" so ill try again later
08:31 < belcher> bbl now
08:46 < waxwing> yeah i was just coming here to say the same :)
08:46 < waxwing> "remote: fatal error in commit_refs" <- service outage or something
09:01 < JoinMarketRelay> [hackint/curious] re: #971 I think the person is trying to say that without FB an adversary as a taker can see maker's nick and maker's offered UTXOs but if the maker restarts his YG he gets a different nick so this somewhat makes it harder to track who owns which UTXOs. But with FB all maker's UTXOs are linked to his FB persistently for *years* so it's easy to
09:01 < JoinMarketRelay> track which UTXOs this particular
09:01 < JoinMarketRelay> [hackint/curious] person (maker with FB) owned at given time. Is that not a concern?
09:03 < JoinMarketRelay> [hackint/JamesFidelityBOND] Curious: https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/971#issue-962914670
09:04 < JoinMarketRelay> [hackint/JamesFidelityBOND] (Fidelity Bonds degrade mixing and anonimity? #971)
09:04 < JoinMarketRelay> [hackint/curious] Not sure why are you linking again the issue I just referenced.
09:04 < JoinMarketRelay> [hackint/JamesFidelityBOND] Isn't it all about the same?
09:05 < JoinMarketRelay> [hackint/curious] I referenced this issue.
09:05 < JoinMarketRelay> [hackint/JamesFidelityBOND] I see now sorry.
09:06 < JoinMarketRelay> [hackint/JamesFidelityBOND] FB give you pseudonimity for maker no more anononimity?
09:06 < JoinMarketRelay> [hackint/curious] I think it's a serious question that needs to be discussed.
09:09 < JoinMarketRelay> [hackint/JamesFidelityBOND] As a maker without FB you could restart after each CJ and assign your self a new nick (fresh identity) your UTXO exposed to the next taker shouldn't be known too, except you get choosen by the same taker again.
09:09 < JoinMarketRelay> [hackint/curious] An adversary taker can just keep initiating mixes (but never actually goes through) which allows him to collect makers' offerred UTXOs linked to their FBs. The taker can keep doing this perpetually and maintain a list of UTXOs belonging to particular people.
09:09 < JoinMarketRelay> [hackint/JamesFidelityBOND] Maker could refresh its identity after each TX, after it he get at least 2 new UTXOs .
09:10 < JoinMarketRelay> [hackint/curious] With FB you have a permanent nick for years.
09:11 < JoinMarketRelay> [hackint/curious] I think #971 is a valid question.
09:11 < JoinMarketRelay> [hackint/JamesFidelityBOND] While with FB you as maker announce always the same FB utxo maybe even for years (see orderbook up to 3 years now) regardless of restarts / nick changes, or joined coined new UTXO, the FBUTXO will stay the same all the time making you perfectly traceable between CJ.
09:11 < JoinMarketRelay> [hackint/JamesFidelityBOND] You may learn if they came from the same as last CJ or last year.
09:12 < JoinMarketRelay> [hackint/curious] You just repeated what I said above :)
09:12 < JoinMarketRelay> [hackint/JamesFidelityBOND] Basicly yes, but I did not copy you. haha
09:13 < JoinMarketRelay> [hackint/JamesFidelityBOND] SO I just agree. was about pointing out almost the same
09:13 < JoinMarketRelay> [hackint/curious] Yes, great. I think more people should ask about this until we get an explanation how is this not a concern.
09:14 < JoinMarketRelay> [hackint/curious] If you have github please say something there.
09:14 < waxwing> i'm curious, curious :) but did you read what i wrote here and in the linked mastodon thread? https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/960#issuecomment-891851678
09:15 < JoinMarketRelay> [hackint/JamesFidelityBOND] If I like to use FB and do not want decrease my anonimity set, I would do something like: Setup FB for short periods, maybe 1 month. shutdown maker after timelock expired. Restart as Taker and do a sweeping of FB UTXO. Continue or repeat as maker, but do a CJ after sweep if planning to lock coins again.
09:16 < JoinMarketRelay> [hackint/curious] waxwing, I didn't.
09:17 < JoinMarketRelay> [hackint/JamesFidelityBOND] Curious: https://bvrgrzu5awjacohape5s6s3j2locltcu5c7azzzuufqznknus5ll5fid.onion/@waxwing/106691802538114853
09:17 < JoinMarketRelay> [hackint/curious] JamesFidelityBOND yes sure having FBs for a short time would limit the exposure but your bond_value would be so low that you would get very few mixes as a maker.
09:18 < JoinMarketRelay> [hackint/JamesFidelityBOND] :(
09:20 < JoinMarketRelay> [hackint/curious] waxwing, from that thread it seems that you agree this is a concern. You could have just said so.
09:25 < JoinMarketRelay> [hackint/kristapsk] belcher, re "cant push to github", jus had the same with unrelated repo, both using git on cli and trying to edit on github.com web, so looks they are having some issues
09:39 < openoms[m]> @kristapsk belcher can confirm the github issue. Resolved now.
09:51 < JoinMarketRelay> [hackint/kristapsk] yes, can confirm, was able to successfully push just now to one of my repos
10:17 -!- greypw [~greypw@grey.pw] has quit [Quit: I'll be back!]
10:20 -!- undeath [~undeath@user/undeath] has quit [Quit: WeeChat 3.1]
10:24 < belcher> ty kristapsk openoms[m] i pushed it now
10:25 < belcher> [hackint/curious] An adversary taker can just keep initiating mixes (but never actually goes through) which allows him to collect makers' offerred UTXOs linked to their FBs. The taker can keep doing this perpetually and maintain a list of UTXOs belonging to particular people. <----- this could have been done without FBs too, and in fact it was, look up the 156 issue on the original github, today's joinmarket resists this attack with the podle scheme
10:26 < belcher> 156 issue: https://github.com/JoinMarket-Org/joinmarket/issues/156
10:28 < belcher> creators of fidelity bonds are also advised to mix their coins before sending to the timelocked address, and to use a transaction with no change
10:28 < belcher> that avoids leaking privacy-relevant information about the bond
10:29 < belcher> the bond utxo is linked with the irc nickname, but the irc nickname is just random data, and makers connect via tor so the irc nick is not linked with their ip address, and the fidelity bond utxo is not linked with any resulting coinjoins
10:30 < belcher> remember the principle of data fusion https://en.bitcoin.it/wiki/Privacy#Method_of_data_fusion serious privacy breaks usually happen when multiple leaks are combined, but in joinmarket fidelity bonds the bond UTXOs are carefully separated from any other privacy-relevant information (and if they're not then its a bug)
11:00 -!- NorrinRadd [~username@154.6.20.5] has joined #joinmarket
11:03 < JoinMarketRelay> [hackint/curious] This issue is not about anonymity of the FB, it's about being able to track which UTXOs belong to the same person because they all are linked to the same FB which acts as a unique persistent identifier.
11:04 < belcher> coinjoin UTXOs you mean
11:04 < belcher> ?
11:04 < JoinMarketRelay> [hackint/curious] of course
11:04 < JMBridge> [agora/Guest26678] Yes
11:04 < belcher> coinjoin (or any) UTXOs are destroyed when they are spent
11:05 < belcher> so a taker who did a coinjoin and learned a fidelity bond <-> coinjoin UTXO link, will find that link becomes more useless when the maker spends that coinjoin UTXO
11:05 < belcher> its worth noting that an adversarial taker couldve learned what the maker's coinjoin UTXOs were before fidelity bonds were added
11:07 < JoinMarketRelay> [hackint/curious] The adversary in a taker role just keeps initiating mixes, never really goes through with them, and collect the list of UTXOs belonging to each FB. He will do it perpetually for months and collects a very detailed list of UTXOs which belonged to given specific person at given specific time.
11:08 < belcher> 1) the taker could do that even if FBs didnt exist 2) they actually did do that in 2016 and thats the reason the PoDLE scheme exists
11:08 < belcher> see https://github.com/JoinMarket-Org/joinmarket/issues/156
11:09 < JoinMarketRelay> [hackint/curious] Before FB there was no unique identifier persistent for years. The nick could have been changed anytime by restarting YG. With FB this is not possible, the FB itself now acts as the unique identifier that never changes.
11:10 < belcher> changing the IRC nick does nothing against the 156 attack
11:10 < belcher> because the UTXOs are still known by the spy
11:10 < belcher> coinjoin UTXOs*
11:11 < JoinMarketRelay> [hackint/curious] But they cannot be linked to other UTXOs of the same physical person if that person doesn't use FB.
11:11 < JoinMarketRelay> [hackint/curious] If he does, they can.
11:11 < belcher> yeah they can, using the attack you just told me
11:12 < JoinMarketRelay> [hackint/JamesFidelityBOND] :o
11:12 < belcher> taker requests coinjoin UTXOs, the maker sends them, now the maker's UTXOs are all link together
11:12 < belcher> also, FBs wont link a maker to a physical person (assuming they followed the advice of mixing before sending to the timelocked address, and not creating a change address)
11:13 < JoinMarketRelay> [hackint/JamesFidelityBOND] Aka sweeping before timelocking
11:13 < JoinMarketRelay> [hackint/curious] Without FB the maker here is nobody, a random person, whose UTXOs will eventually get spent and that's that. With FB it's not a random person anymore, it's a specific person who will stay specific because he will be identified for years due to his unique FB.
11:14 < JoinMarketRelay> [hackint/curious] All UTXOs of the specific person with FB can be collected and linked across years of mixing. That is not possible without FB.
11:14 < belcher> sorry but you are wrong
11:14 < belcher> i dont feel like repeating myself again, we're going round in circles
11:15 < belcher> any lurkers who are unsure can say something, or read the log
11:15 < JoinMarketRelay> [hackint/curious] You never said anything that would disprove what I am saying.
11:16 < belcher> you say "system X works with mechanism Y" and i say "no it doesnt, mechanism Y doesnt happen" and you dont engage with what i say, instead you repeat "system X works with mechanism Y"
11:18 < belcher> your scheme seems to rely on the 156 attack which works without fidelity bonds, and was also partially solved in 2016 with the podle scheme
11:18 < JoinMarketRelay> [hackint/JamesFidelityBOND] FB is an individual maker fingerprint, without using FB the maker is not or not cost wisely fingerprintable by his UTXO thanks to PODLE
11:18 < belcher> takers cant just repeatedly request coinjoin UTXO
11:18 < JoinMarketRelay> [hackint/curious] Today I ask for offers as a taker, I get UTXOs of various makers, I write them down together with respective FB they are bought to. Tomorrow I do that same, I get different UTXOs but if they link to the same FB I know it's the same person. Without FB I wouldn't be able to make this link.
11:19 < JoinMarketRelay> [hackint/curious] bound*
11:20 < belcher> your mistake happens at "Tomorrow I do that same"
11:20 < JoinMarketRelay> [hackint/JamesFidelityBOND] A taker needs to ask for maxsize of maker and get list of UTXO, log it and quit. than the taker utxo get blacklisted after the taker snoops 3 times in a row with offer of his same taker utxo. than he needs new utxo which costs money to see, "oh hey maker J5xxx it is you again" but with FB you just see it from the orderbook its the same
11:20 < JoinMarketRelay> fingerprint
11:20 < belcher> because you'll get the message "ran out of podle commitments"
11:21 < JoinMarketRelay> [hackint/curious] Yes takers can repeatedly request coinjoins, they just every time present a different podle.
11:22 < belcher> did you just break the podle scheme? we should investigate that
11:22 < JoinMarketRelay> [hackint/JamesFidelityBOND] The taker needs fresh utxos. you can just feed it with dust of 547 satoshi utxos to make maker happy exposing all his utxos?
11:23 < JoinMarketRelay> [hackint/curious] The taker can make an unlimited number of UTXOs.
11:23 < JoinMarketRelay> [hackint/JamesFidelityBOND] Curious: "a different podle" means a different utxo commitment
11:23 < JoinMarketRelay> [hackint/curious] Exactly.
11:24 < JoinMarketRelay> [hackint/JamesFidelityBOND] Do you have unlimited utxos? no
11:24 < JoinMarketRelay> [hackint/curious] Anybody can.
11:25 < JoinMarketRelay> [hackint/curious] You can create thousands of UTXOs in a few minutes. And if that's not enough, you can simply take any "blacklisted" UTXOs and make a new one out of it, it takes just 100 satoshis.
11:25 < JoinMarketRelay> [hackint/JamesFidelityBOND] Yes you can wash your "blacklisted" UTXOs fresh by spending it and use the new resulting utxo -minerfee
11:26 < belcher> thats all true, but i dont see how FBs change the situation, because something like this attack was done in 2016
11:26 < belcher> the "identity" just becomes the set of coinjoin UTXOs
11:26 < belcher> and even if they're linked with the FB UTXO, so what? since the FB utxo came from mixing
11:26 < JoinMarketRelay> [hackint/curious] FB is a unique identifier that links all the UTXOs I collect across days, months, even years, to the same person.
11:27 < belcher> all the coinjoins do that too
11:27 < belcher> the 156 attack allows the attacker to unmix all coinjoins
11:27 < JoinMarketRelay> [hackint/curious] The "so what?" is that they all link to the same person, that's "so what?".
11:28 < belcher> right but FBs dont make the situation worse, because the attacker can use the set of all coinjoin TXOs as their "identity" instead of the FB
11:28 < JoinMarketRelay> [hackint/JamesFidelityBOND] I see there a difference of makers identity fingerprint compared both cases
11:29 < JoinMarketRelay> [hackint/JamesFidelityBOND] A maker will sometime get a full fresh utxo list set by greediest merging algorithm, if I than restart maker, who knows I'm the same person except the previous taker who know my cjout and cjchange anyway?
11:29 < JoinMarketRelay> [hackint/curious] Without FB the attacker can only link various UTXOs to a nick which can change anytime. With FB he can link them all to the specific FB which represents the specific person. He can do this with UTXOs he collected from over many months.
11:31 < JoinMarketRelay> [hackint/curious] I can have a list saying this particular person (identified by FB) had monday at specific time these UTXOs, on tuesday different UTXOs, etc. etc, I can maintain a list of UTXOs of this very same specific person he had any given day across months, even years.
11:31 < JoinMarketRelay> [hackint/curious] Without FB I couldn't make this list.
11:32 < JoinMarketRelay> [hackint/JamesFidelityBOND] If you can do this, you know which inputs belong to outputs of same maker?
11:32 < belcher> if you collected coinjoin UTXOs like that, you could just unmix the coinjoins that the maker was involved in
11:32 < JoinMarketRelay> [hackint/JamesFidelityBOND] Ok
11:33 < JoinMarketRelay> [hackint/curious] I am not talking about any unmixing, I am talking about identifying which UTXOs belonged at specific time to the same person over many months, even years.
11:33 < JoinMarketRelay> [hackint/thaddeus] curious: Are you saying there's no reason to do the 'privacy-enchancements' like randomizing the fees, etc when using a fidelity bond?
11:34 < JoinMarketRelay> [hackint/curious] I am saying just what I am saying.
11:34 < JoinMarketRelay> [hackint/JamesFidelityBOND] But you can do so for the other FB makers each, and finally unmix all FB CJ maker counterparties? 7/8 per fidelity_bond_weighted_order_choose unmix 7 out of 8 makers?
11:35 < belcher> so lets say you had a set of UTXOs for FB1 on monday, another set for tuesday, etc, what do you do with that information? clearly you use it to unmix coinjoins, right? thats why im talking about unmixing coinjoins
11:36 < belcher> if so, then you realize the FB1 isnt necessary, you could unmix coinjoins even if the maker didnt have a fidelity bond
11:36 < JoinMarketRelay> [hackint/curious] As a maker do I want anybody to be able to find out which UTXOs I owned at any given day across months, even years? HELL NO! Do you? If you do then you of course don't see any problem.
11:37 < belcher> thats why we have the podle scheme
11:37 < belcher> an attacker could do this even if the maker doesnt have a fidelity bond
11:37 < belcher> you're talking about "any given day across months", so the attacker needs to be doing this constantly
11:38 < waxwing> belcher, btw blog post was revived at: https://www.reyify.com/blog/racing-against-snoopers-in-joinmarket-0.2
11:38 < JoinMarketRelay> [hackint/curious] As a maker without FB there is nothing tomorrow that necessarily links me to my maker's activities yesterday. FB is the link.
11:39 < JoinMarketRelay> [hackint/curious] Yes the attacker could be doing this perpetually, that's what I said several times.
11:39 < belcher> ty waxwing 
11:39 < belcher> curious, the link is the on-chain coinjoins
11:40 < JoinMarketRelay> [hackint/curious] My yesterday
11:40 < JoinMarketRelay> [hackint/curious] 's CJs are spend today, disconnected to me tomorrow.
11:40 < belcher> if you see a coinjoin with inputs (Input0, input1, input2...) and outputs (output1, output2, output3...), and the attacks see that yesterday you owned input1 and today you own output3, then it becomes pretty easy to unmix the coinjoin
11:41 < JoinMarketRelay> [hackint/curious] And how can he know that yesterday's input1 and today's output3 belongs to the same person without FB?
11:41 < belcher> because he'll ask the maker repeatedly
11:42 < JoinMarketRelay> [hackint/curious] The maker changed nick in the meantime and all his UTXOs are also different because he mixed them in the meantime.
11:42 < belcher> and it will be the same IRC nick unless the maker disconnects, and even if they reconnect if they ask against the attacker will see the old UTXOs and from there be able to link it to the old IRC nick
11:42 < JoinMarketRelay> [hackint/curious] No and no.
11:42 < belcher> yield-generators dont really mix, they typically just leave their bots running
11:42 < belcher> they certainly dont mix every time their internet disconnects for a minute
11:43 < JoinMarketRelay> [hackint/curious] I think you deliberately don't want to understand, or more like pretend you don't understand. There is no rational talking to you, I will stop trying.
11:44 < JoinMarketRelay> [hackint/JamesFidelityBOND] This usually happens as a result of a network failure you may lose access to coinjoins during this period.
11:45 < belcher> these makers have a network failure, yet are somehow able to create coinjoins despite having no internet, and despite yield-generator.py not being coded to be a taker every time it disconnects
11:46 < belcher> this is not even any new information, this has all happened before during the 156 attack in 2016 https://github.com/JoinMarket-Org/joinmarket/issues/156
11:46 < belcher> im not even inventing this stuff, just remembering
11:47 < belcher> there would be a fake taker bot that sat in the irc channel, it would start a coinjoin with all the makers to get their UTXOs but then halt the protocol, when it noticed that one of the UTXOs became spent then it would contact all those makers again to get their new UTXOs
11:47 < belcher> it would do that repeatedly, and with it it would have enough information to mix all coinjoins
11:47 < belcher> s/mix/unmix/
11:48 < JoinMarketRelay> [hackint/JamesFidelityBOND] So we need FB for takers as well, if podle alone does not help? :'D
11:50 < JoinMarketRelay> [hackint/JamesFidelityBOND] The snoppytaker situation was all before FB so unrelated.
11:50 < JoinMarketRelay> [hackint/JamesFidelityBOND] But since it is not completely impossible it still exist.
11:50 < belcher> yeah
11:50 < belcher> the attack is quite visible, it cant be done in secret
11:51 < belcher> every maker would notice that they get these incomplete coinjoin requests all the time, thats what people saw in 2016
11:51 < JoinMarketRelay> [hackint/JamesFidelityBOND] With FB the takersnooper just got less work todo
11:51 < belcher> why?
11:54 < JoinMarketRelay> [hackint/JamesFidelityBOND] Eviltaker logs my maker utxos. my maker does a maxsize full cjamount using all UTXOs coinjoin with taker2 and reconnect. (I get fresh utxo set and nickname) how eviltaker could know with only snooping, that I might be the same maker? with FB he can tell easily.
11:55 < JoinMarketRelay> [hackint/JamesFidelityBOND] With maker doing UTXO mergings. => 2 new UTXOs
11:56 < waxwing> i think it's pretty important to distinguish global attack and targeted. the former can be used to attack takers, whereas targeted is one individual maker, and the value of it is only temporary (see: "racing against snoopers" etc etc)
11:56 < waxwing> the global one is what we saw in 2016 and defended against with podle.
11:57 < belcher> JamesFidelityBOND one way it could tell is timing, if it sees an irc nickname quit and then return soon after it would be very likely that its the same bot
11:57 < JoinMarketRelay> [hackint/JamesFidelityBOND] Yes there is different cases scenario that looks mixed to me in the chat.
11:57 < JoinMarketRelay> [hackint/JamesFidelityBOND] Ok
11:57 < belcher> today yield generators are not coded to reconnect after each coinjoin fwiw... although thats not a bad idea
11:58 < belcher> /me bbl
12:00 < JoinMarketRelay> [hackint/curious] When I first read about FB I thought: "How could he implement something that will give makers that want to be anonymous a permanent nick persistent for years? As if it wasn't bad enough that the normal nick doesn't change throughout the whole YG session. Was he forced by LE to cripple JoinMarket in such a monstrous way?". Now I think that must
12:00 < JoinMarketRelay> really be the case, there is no
12:00 < JoinMarketRelay> [hackint/curious] other logical explanation.
12:08 < JoinMarketRelay> [hackint/JamesFidelityBOND] Thats bullshit. the FB was reviewed by multiple eyes before release. single person shouldn't be able to be forced to degrade anonimty of the opensource project.
12:11 < gene> curious: throwing wild accusations requires some proof. you are accusing someone who has done a lot of privacy work for Bitcoin of some serious wrongdoing
12:11 < JoinMarketRelay> [hackint/JamesFidelityBOND] Gene: he already left from hackint irc.
12:11 < JoinMarketRelay> [hackint/JamesFidelityBOND] Curios left
12:11 < JoinMarketRelay> [hackint/JamesFidelityBOND] Curious*
12:11 < gene> lame
12:11 < gene> throw wild shit around, then bail
12:12 < gene> shitty move
12:12 < waxwing> kristapsk maybe github outage again?
12:12 < waxwing> no rush anyhow
12:12 < waxwing> i think thursday for release, most likely
12:16 < JoinMarketRelay> [hackint/kristapsk] waxwing, not sure, https://api.github.com/repos/JoinMarket-Org/joinmarket-clientserver/pulls/981 returns correct JSON, maybe something is changed there by github
12:18 < gene> would single-use fidelity bonds work? something like a make posts an FB, and after first use, the bond is unlocked
12:19 < gene> that would eliminate concerns around long-term identity association
12:21 < gene> bonds could still be aged, with a selection algo that takes longer age into account. as soon as a bond is used in a coinjoin, funds are unlocked, allowing the make to reopen a new bond
12:21 < gene> *maker
13:19 -!- NorrinRadd [~username@154.6.20.5] has quit [Ping timeout: 248 seconds]
13:21 -!- NorrinRadd [~username@154.6.20.5] has joined #joinmarket
13:38 -!- JMBridged [~CoinJoins@gateway/tor-sasl/jmbridge] has joined #joinmarket
13:39 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has quit [Ping timeout: 244 seconds]
13:39 -!- JMBridged is now known as JMBridge
13:57 < JoinMarketRelay> [hackint/kristapsk] waxwing, it looks to me github-merge.py does not like empty pull request description ("body": null)
13:59 < JoinMarketRelay> [hackint/kristapsk] yup, that was it, changed it to "." and it worked
14:36 -!- ufotofu_ is now known as ufotofu
14:49 < waxwing> kristapsk oh interesting, thanks
14:54 -!- jonatack [~jonatack@user/jonatack] has quit [Quit: Client closed]
15:01 -!- greypw [~greypw@user/greypw] has joined #joinmarket
15:22 -!- jonatack [~jonatack@user/jonatack] has joined #joinmarket
15:24 -!- NorrinRadd [~username@154.6.20.5] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
15:26 -!- Pedro94 [~Pedro@pool-96-232-92-134.nycmny.fios.verizon.net] has quit [Quit: Client closed]
15:47 < belcher> i had a thought of another way to link maker's irc nicknames even if they change, which is to look at the maxsize, minsize and fees
15:48 < belcher> if the yieldgenerator is shut down and restarts, it will have a new irc nickname, but its maxsize/minsize/fees will be very similar (there is randomness but only a few % so the anonymity set isnt that large)
15:49 < belcher> if so then that also leaks information about a persistent yield-generator identity and therefore fidelity bonds dont change things much
15:49 < belcher> however admittedly the argument "this thing is already bad" isnt a reason to make it worse... the main argument really has to be that a persistent maker identity isnt too terrible since its not linked with the resulting coinjoins
16:09 < waxwing> yeah basically. it's a nontrivial argument and there is a bit of a tradeoff going on, but that's roughly how i saw it.
16:09 < waxwing> but obviously that's why i was pontificating about ring sigs because it would be nice to take it out of the equation.
16:09 < waxwing> (plus i could imagine that idea making sense in other non-JM contexts too, maybe)
18:47 -!- ementar4729 [~ementar47@189.122.121.102] has joined #joinmarket
19:05 < davterra> seems like the value of the fidelity bond would be constant for each bonded maker, making it easy to tell which maker is which regarldless of the rest of the info shown.
21:40 -!- belcher_ [~belcher@user/belcher] has joined #joinmarket
21:45 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 272 seconds]
23:37 -!- belcher_ is now known as belcher
--- Log closed Wed Aug 11 00:00:35 2021