--- Log opened Thu Aug 19 00:00:42 2021 00:57 < JoinMarketRelay> [hackint/the-eht] @belcher: I mean more like, would the maker realize that it's wayyyy outdated and should probably shut down itself? seems it wouldn't, right? I know this is somewhat hypothetical, but was thinking about it because I'm sometimes too lazy to update immediately. 00:57 < belcher> there is no code where the maker automatically shuts itself down 00:57 < JoinMarketRelay> [hackint/the-eht] k! 01:03 < openoms[m]> "Hi, Im trying to interact with..." <- I only connect through the Tor v3 endpoints: https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/63f45941f0bb123c4cc24eac08b141ae175c0b6e/jmclient/jmclient/configure.py#L137 01:03 < openoms[m]> Had no issues lately. 01:12 < waxwing> fwiw these kinds of connections do go down frequently. bots are able to handle it though. 01:15 < waxwing> very blue-sky but: if you were to create a coinjoin with the fee paid over LN, you would need ofc to atomicize the CJ with the LN payment. you can embed a secret in an adaptor sig but it's slightly troublesome: 01:16 < waxwing> an adaptor sig is only worthwhile there if you can force the counterparty to use one specific sig (which is why it usually works in a multisig context, where you're constrained to one sig by the counterparty(ies)) 01:20 < waxwing> thinking more, i now realise there's a deeper (and slightly amusing) problem: for the taker to be forced to reveal a secret somewhere in the coinjoin transaction, so the makers can claim fee payments, requires the makers knowing which inputs and outputs belong to the taker :) 01:21 < waxwing> well, "requires", modulo wizardry ofc 01:32 -!- openoms[m] [~openomsma@2001:470:69fc:105::c2f] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- eric_yhf[m] [~ericyhfma@2001:470:69fc:105::ca86] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- nyxnor[m] [~nyxnormat@2001:470:69fc:105::5011] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- Evanito[m] [~evanito@2001:470:69fc:105::1ec] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- curemici[m] [~curemicci@2001:470:69fc:105::ca5e] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- xyy [~xyy@2001:470:69fc:105::f2d] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- nixbitcoindev[m] [~nixbitcoi@2001:470:69fc:105::b8cd] has quit [Quit: Bridge terminating on SIGTERM] 01:32 -!- greypw [~greypw@user/greypw] has quit [Quit: Bridge terminating on SIGTERM] 01:36 -!- Evanito[m] [~evanito@2001:470:69fc:105::1ec] has joined #joinmarket 01:51 -!- xyy [~xyy@2001:470:69fc:105::f2d] has joined #joinmarket 01:51 -!- openoms[m] [~openomsma@2001:470:69fc:105::c2f] has joined #joinmarket 01:52 -!- greypw [~greypw@user/greypw] has joined #joinmarket 01:52 -!- nyxnor[m] [~nyxnormat@2001:470:69fc:105::5011] has joined #joinmarket 01:52 -!- nixbitcoindev[m] [~nixbitcoi@2001:470:69fc:105::b8cd] has joined #joinmarket 01:52 -!- curemici[m] [~curemicci@2001:470:69fc:105::ca5e] has joined #joinmarket 01:52 -!- eric_yhf[m] [~ericyhfma@2001:470:69fc:105::ca86] has joined #joinmarket 02:00 < JoinMarketRelay> [hackint/the-eht] I have nothing to hide 02:07 < belcher> waxwing remember my off-chain coinjoin fee proposal from 2-3 years ago? it used a chaumian ecash server instead of LN 02:29 -!- undeath [~undeath@user/undeath] has joined #joinmarket 02:48 < waxwing> belcher, oh, vaguely, yeah, i should revisit 02:48 < waxwing> meanwhile on my walk i remembered that i'd repeated an earlier conceptual error. you don't technically need multisig to create a coin-for-secret swap with adaptors. 02:49 < waxwing> it's easier to use fournier's conception: "encrypted signatures". an adaptor is that. so it can be like: Alice encrypts her signature spending her coin to Bob, then Bob encrypts his signature spending to her, with the same encryption key. 02:49 < waxwing> so that when Alice decrypt's Bob's signature to claim her money, she necessarily reveals the key to Bob to get his coin. 02:50 < waxwing> i talked about it here in response to Fournier's paper about it: https://www.reyify.com/blog/schnorrless-scriptless-scripts 02:50 < waxwing> so you could imagine: Alice-Taker encrypts off chain payment to Bob, Bob encrypts his input signature when he sends it to Alice, with the same key. 02:50 < waxwing> so Alice can decrypt it and when she broadcasts, Bob(s) all get their off chain paymnet 02:51 -!- jonatack [~jonatack@user/jonatack] has joined #joinmarket 02:52 < waxwing> there's probably like 20 problems with that, but: afaict it doesn't have the problem that Alice reveals her own inputs or outputs in the cj. 03:03 < waxwing> looks like hodl invoice as per https://github.com/lightningnetwork/lnd/pull/2022#issue-221372282 is how you do "encrypt off chain payment". roughly. i'm sure there are alternatives. 03:04 < waxwing> belcher, this one right? https://gist.github.com/chris-belcher/c8219fe6283b8f97116aeccaf1190c07 03:05 < waxwing> "In this off-chain-JoinMarket the ecash server(s) would be coded to only give the money to the maker(s) if a certain txid gets confirmed" -> can you expand on that? (if you remember :) ) 03:11 < belcher> waxwing an ecash server can implement any smart contract 03:11 -!- NorrinRadd [~username@154.6.20.113] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 03:12 < belcher> from another writeup "It's possible for contracts to be used, and these contracts can be much more complex than is possible on a decentralized system because the contracts will be evaluated by a small number of centralized entities. For example, you could have contracts based on the price of something according to a website, which would be impossible on any reasonable decentralized system. However, actually using contracts (which is optional) might 03:12 < belcher> allow the bank to link transactions, since they have to see the contract (in the absence of homomorphic encryption magic)." 03:13 < belcher> our contract would simply be "transfer the money to X if this txid confirms, but if that txid becomes invalid (because one of the inputs get spent somewhere else) then transfer the money back to the sender Y" 03:28 -!- NorrinRadd [~username@154.6.20.113] has joined #joinmarket 04:05 -!- NorrinRadd [~username@154.6.20.113] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 04:08 < waxwing> right, got it 04:51 -!- NorrinRadd [~username@154.6.20.113] has joined #joinmarket 05:14 < JoinMarketRelay> [hackint/pmert_] wow, new fidelity bond of 124 btc! almost 230 total locked now. 05:21 < waxwing> well that's rather large 05:21 -!- dc81 [~dc81@99.164.139.170] has quit [Ping timeout: 248 seconds] 05:25 -!- SomeFellow [~SomeFello@194.54.28.203] has joined #joinmarket 05:26 < SomeFellow> The guy who put it up has a maxsize of 0.3. Either a mistake, or he's REALLY determined to be part of every small CJ. 05:29 < belcher> impressive 05:30 < belcher> fwiw 0.3 btc coinjoins also deserve strong sybil resistance... previously before fidelity bonds the large the coinjoin amount the stronger the sybil resistance, a weird situation because often people need privacy for small purchases like buying anonymous VPNs 05:35 < belcher> to successfully sybil attack this orderbook now with N=8 makers would cost you locking up 98k btc for 1 year, or burning 123btc.... and if the top makers in the orderbook were actually all controlled by the same person they would still only have a 5.8% chance of a successful sybil attack, and by doing so they would be giving up about 7.1 btc^2 of fidelity bond value (the total fidelity bond value right now is around 4.4 btc^2, so this is pretty big) 05:35 < JoinMarketRelay> [hackint/s45rutz7e] Insane. 05:35 < belcher> itsallgoingtoplan.jpg 05:36 < JoinMarketRelay> [hackint/s45rutz7e] Goodbye YG gains. 05:36 < JoinMarketRelay> [hackint/s45rutz7e] Cannot afford such bonds. 05:37 < SomeFellow> So I read in some doc somewhere that cold storage FBs could become a thing at some point. How likely would the devs say it is that that will happen within the next 6 months or so? I'd be willing to dip into my cold stash for a FB if/when that's implemented, so it would suck if I ended up locking up a small chunk of hot wallet funds for a year only 05:37 < SomeFellow> for that feature to arrive a few months later. 05:38 < belcher> im not planning to work on cold storage FBs myself in the near future 05:38 < belcher> the "top makers actually being sybils means they only successfully sybil attack 5% of the time" still means theres around 95% of the gains to be made by the non-top-makers 05:39 < belcher> this whale with a 124btc bond still can only get chosen once... once he's been chosen the taker still has to find 7-8 other makers to be in the coinjoin as well, one of those could be you 05:39 < SomeFellow> I've been seeing a sharp increase in joins from my YG the last few days, and I don't know if it's because of the price of BTC going up, more takers upgrading to >=0.9, or [recent geopolitical events]. 05:39 < SomeFellow> Or luck. Could be luck. Either way, I'm happy. 05:39 < JoinMarketRelay> [hackint/s45rutz7e] SomeFellow: the mixdepth not means the total cjamount available, but across mixdepths. also he could everytime add more coins to his wallet 05:41 < SomeFellow> s45rutz7e: Sure, but the maxsize would be the biggest mixdepth. I guess maybe he created the bond while waiting for an inflow of BTC from somewhere else to clear. 05:42 < SomeFellow> wrt cold FBs: I guess I can feel reasonably sure I won't get sniped by that feature the day after I re-up my FB then. Cheers. 05:42 < JoinMarketRelay> [hackint/s45rutz7e] There comes to my mind, what If I have my hands on 125BTC, I do sybil attack JM by splitting it across lets say 10 wallets with 12.5 BTC FB each? so I can take part at least once and multiple times in each single CJ. 05:43 < belcher> s45rutz7e you could but you'd make way more money by putting all that 125btc into just one maker, because the fidelity bond value goes as the _square_ of the bitcoins 05:44 < JoinMarketRelay> [hackint/s45rutz7e] Ah, yes. I remember it is weigthed by FB value. 05:46 < JoinMarketRelay> [hackint/s45rutz7e] Personally unfortunately I do have no spare Coins affordable for any FB at all. So I'm not taking part in the party anyway. 05:48 < JoinMarketRelay> [hackint/s45rutz7e] If splitting bonds to sybil like, is economic disaster, couldn't it hurt the anonimity set if your taker algorith choose more of that bond candidates? 05:49 < JoinMarketRelay> [hackint/s45rutz7e] I couldn't thing of this be real possibly threat at all because of simply size of funds locked, but if some are able to lock up 124 btc... who knows 05:49 -!- tralfaz is now known as davterra 05:50 < belcher> well yeah if you do a 10-party coinjoin but 3 of those makers are actually all the same people then your anonymity set with respect to the attacker is 7 rather than 10 05:50 < belcher> but thats still pretty ok, especially since with tumbler you're doing multiple coinjoins so the anonymity accumulates 05:50 < JoinMarketRelay> [hackint/s45rutz7e] I read the calculation above: "cost you locking up 98k btc for 1 year" does assume you have only a single one maker bot rigth? How will that change with splitted multiple or am I get it the wrong direction 05:51 < JoinMarketRelay> [hackint/s45rutz7e] Default of 10 counterparties do rather seem less, compared to other solutions. 05:51 < belcher> the assumption is that the attacker deploys 8 maker bots (8 because it was N=8 in that case), and then it calculates how much money the attacker needs to put into the fidelity bonds of those 8 bots so that their chance of a successful sybil attack is 95% for one coinjoin 05:52 < JoinMarketRelay> [hackint/s45rutz7e] Oh, I see now. 05:53 < JoinMarketRelay> [hackint/s45rutz7e] Ok thanks for detailed explanation. that answered my questions. 05:58 < JoinMarketRelay> [hackint/s45rutz7e] I believe this whale with a 124btc bond still have highest chance to take part once in every CJ and learn taker utxo & so its cjchange address if he is not sweeping, not that I falsely would like to accuse him doing so. :) 06:01 < belcher> anyone can learn a cj change address, you dont need to be a maker taking part in the coinjoin to do that 06:02 < belcher> btw looks like the 124btc whale created a 500btc change output https://blockstream.info/tx/93722aa851984b9b8b95a0139181bd4fc1282070a44b1b9a2d1b19cc68c2a47b 06:02 < JoinMarketRelay> [hackint/s45rutz7e] Https://kycp.org/#/93722aa851984b9b8b95a0139181bd4fc1282070a44b1b9a2d1b19cc68c2a47b 06:04 < JoinMarketRelay> [hackint/s45rutz7e] The parent tx merging is sad 06:04 < belcher> why? 06:04 < belcher> one of the reused txes is for 550 sats, i wonder if its a forced address reuse attack 06:05 < belcher> although it didnt succeed, since the whale co-spent both in the same transaction, leaking no extra data 06:07 < belcher> by my reading the coins ultimately come from a long line of previous joinmarket coinjoins too 06:08 < belcher> and the 550 sat payment seems to come from a long line of peer-chain transactions that send approx 550 sat to various addresses, so thats pretty clearly a forced-address-reuse-attempt 06:09 < JoinMarketRelay> [hackint/s45rutz7e] That what I mean, if they was previously CJed, why would you want to merge the outputs, more than nessesary. just to start peel of 500btc afterwards again. 06:09 < belcher> the attacker hoped that the owner of the 624btc would spend the 624btc utxo and the 550sat utxo in different transactions, leaking data 06:09 < belcher> they were merged back in april 2021 06:17 < belcher> so the source address where the 124btc came from seems to be a 2of2 multisig address 06:19 < belcher> so what happened is in april 2021 the owner mustve swept a lot of his coins from a joinmarket wallet into some kind of safer storage (the 2of2 is also probably cold storage), and then this morning used some of that to create a fidelity bond with the remaining 500btc going to a p2wpkh (i.e. _not_ back to the same 2of2 multisig address).... so im suspecting the 500btc is actually back into his joinmarket wallet and he's just frozen the coins for now 06:19 < belcher> which is why that maker is advertising just 0.3btc 06:20 < belcher> btw if the 124btc guy is reading this, sorry for the probing but its interesting and im curious, and no serious privacy-relevant information has leaked anyway 06:20 < belcher> once bitcoin gets schnorr we could end up in a situation where all these multisig scripts and single sigs look indistinguishable to the analysis i just did would be much harder 06:21 < SomeFellow> Maybe it's one of the non-native SW whales finally switching over 06:21 < belcher> oh good thinking let me check 06:22 < belcher> yes you're right, the big sweep back in april 2021 which came from joinmarket coinjoins are all from p2sh addresses 06:24 < SomeFellow> Non-native still has more >100 offers up than native. Strange. 06:25 < belcher> i dont take too much notice of offers or makers, they are in-principle easy to fake 06:26 < belcher> though i wonder if some of those just dont really check up on their yieldgenerators much and just havent noticed that joinmarket updated 06:36 < waxwing> i'm guessing that very small input is not FAR attack belcher , usually they are spent in huge batches. 06:36 < waxwing> but only a guess i suppose 06:37 < belcher> i dont know what else it could be, and iv read about people who own huge amounts of coin noticing that when they move it they get small payments raining down onto the same address 06:39 < waxwing> and yes the 500btc seems to have gone into the yg itself. 06:40 < waxwing> for anyone reading, consider splitting it into smaller amounts per mixdepth. this advice is specific to very large size users though, because for normal size users their amounts won't stick out as much. 06:40 < waxwing> obviously people prefer concentration but i guess you're hardly likely to see 150-500 btc coinjoins (although they may very occasionally occur they're a bit too big to get a decent anon set i think) 06:41 -!- deafboy [quasselcor@cicolina.org] has quit [Quit: deafboy] 06:41 < waxwing> i mean it'll split over time anyway, but it's likely to take a long time 06:41 -!- deafboy [quasselcor@cicolina.org] has joined #joinmarket 06:43 < waxwing> belcher, yeah fair enough, it was by definition AR even if it wasn't FAR :) 06:47 < belcher> why not FAR? (forced) we cant know for sure but i bet the 550 sat payment was not done by the owner of the 624btc utxo 06:48 < waxwing> right, my only point was that it wasn't the usual pattern of a huge batch of those tiny (in this case 550 sat) payments. 06:48 < JoinMarketRelay> [hackint/s45rutz7e] Cant you do a git tag check or something else for version information and send notice on yg to inform its user it is time to do upgrades? 06:48 < waxwing> but maybe this particular attacker is ok with the cost of splitting them. 07:25 -!- undeath [~undeath@user/undeath] has quit [Quit: WeeChat 3.2] 08:10 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has quit [Ping timeout: 244 seconds] 08:10 -!- JMBridged [~CoinJoins@gateway/tor-sasl/jmbridge] has joined #joinmarket 08:10 -!- JMBridged is now known as JMBridge 08:53 -!- stortz [~stortz@user/stortz] has joined #joinmarket 09:38 -!- stortz [~stortz@user/stortz] has quit [Quit: Client closed] 10:31 -!- NorrinRadd [~username@154.6.20.113] has quit [Ping timeout: 252 seconds] 10:36 -!- NorrinRadd [~username@154.6.20.57] has joined #joinmarket 10:42 -!- Xeha_ is now known as Xeha 10:47 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has quit [Quit: /dev/null] 10:55 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has joined #joinmarket 11:00 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has quit [Quit: /dev/null] 11:01 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has joined #joinmarket 11:01 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has quit [Client Quit] 11:04 -!- Xeha [~Xeha@dynamic-82-220-88-142.ftth.solnet.ch] has joined #joinmarket 11:59 -!- gene [~gene@gateway/tor-sasl/gene] has joined #joinmarket 12:00 -!- Netsplit *.net <-> *.split quits: berndj, pigeons, BlueMatt 12:01 -!- Netsplit over, joins: BlueMatt 12:02 -!- berndj [~berndj@ns1.linksynergy.co.za] has joined #joinmarket 12:03 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has quit [Remote host closed the connection] 12:03 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has quit [Client Quit] 12:03 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #joinmarket 12:03 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has joined #joinmarket 12:05 -!- pigeons [~pigeons@androzani.sysevolve.com] has joined #joinmarket 12:18 -!- JMBridged [~CoinJoins@gateway/tor-sasl/jmbridge] has joined #joinmarket 12:18 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has quit [Quit: Bridge selfdestructed.] 12:18 -!- JMBridged is now known as JMBridge 12:40 -!- gene [~gene@gateway/tor-sasl/gene] has quit [Quit: gene] 15:16 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has quit [Remote host closed the connection] 15:17 -!- JMBridge [~CoinJoins@gateway/tor-sasl/jmbridge] has joined #joinmarket 15:41 -!- SomeFellow [~SomeFello@194.54.28.203] has quit [Quit: Connection closed] 16:18 < xyy> "The guy who put it up has a..." <- assume this should have said "minsize" instead? 16:20 < xyy> that would make more sense semantically. also I don't even see a `maxsize` setting. 16:25 < xyy> two very unrelated questions: 16:25 < xyy> 1) a maker who just wants to maximize financial gain and doesn't care about the privacy gain is incentivized to use a wallet with `--mixdepth=2` (or whatever the minimum is) ... has anyone thought through what the privacy implications for takers would be if all makers were doing this? I'm concerned that makers might start doing this to compensate for the funds "lost" to their fidelity bond(s). 16:27 < xyy> 2. Purely out of curiosity, has anyone estimated how the percentage ROI / APY of someone with 100+ BTC in JM would compare to someone with lets say 5 BTC? I'd say pre-FB whales were probably struggling to "turn around their inventory" fast enough (thus making a lower yield than smaller makers).. but this might have changed now, given that whales get more volume 16:30 < xyy> oh wait, the selection pre-FB was volume/balance weighted, right? forget about 2 then 16:37 < xyy> while (1) is not directly related to FBs (i.e., the incentive was there before FBs) ... just think that some people might start thinking harder now how to tweak their setup, with the increased competition 16:38 < xyy> (hint to those people: there is more money to be made elsewhere) 16:40 < xyy> but even people who just want to optimize their privacy as a maker might (rightly or wrongly) come to the conclusion that more join volume >>>> high mixdepth 16:42 < xyy> what am I (hopefully) missing? 18:22 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 252 seconds] 18:34 -!- belcher [~belcher@user/belcher] has joined #joinmarket --- Log closed Fri Aug 20 00:00:43 2021