Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: "David A. Harding" <dave@dtrt•org>
To: Chris Belcher <belcher@riseup•net>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Wed, 31 Jul 2019 07:59:40 -1000	[thread overview]
Message-ID: <20190731175940.6i57a52jcvkpjodf@ganymede> (raw)
In-Reply-To: <96722b03-9aa0-5e3d-25ed-c644c26d5a27@riseup.net>

On Tue, Jul 30, 2019 at 10:27:17PM +0100, Chris Belcher wrote:
> And any ECC-alternative or hash-function-alternative fork will
> probably take a couple of months to be designed, implemented and
> deployed as well, giving a chance for lockers to move coins.

Probably.  A stronger form of my argument would apply to single-wallet
(or wallet library) problems of the type we see with depressing
regularity, such as reused nonces, weak nonces, brainwallets, and weak
HD seeds.  In some cases, this leads directly to theft and loss---but in
others, the problem is detected by a friendly party and funds can be
moved to a secure address before the problem is publicly disclosed and
attackers try to exploit it themselves.

If funds are timelocked, there's a greater chance that the issue will
become publicly known and easily exploitable while the funds are
inaccessible.  Then, at the time the lock expires, it'll become a race
between attackers and the coin owner to see who can get a spending
transaction confirmed first.

> This scheme could be attacked using address reuse. An attacker could
> create an aged coin on a heavily-reused address, which would force an
> SPV client using this scheme to download all the blocks which contain
> this reused address which could result in many gigabytes of extra
> download requirement.

Good point.  There's also the case that some Electrum-style indexers
don't index more than a certain number of outputs sent to the same
address.  E.g., I believe Electrs[1] stops indexing by default after 100
outputs to the same address.

[1] https://github.com/romanz/electrs

> So to fix this: a condition for aged coins is that their address has not
> been reused, if the coin is on a reused address then the value of the
> fidelity bond becomes zero.

I don't think that works.  If Bob sends 100 BTC to bc1foo and then uses
that UTXO as his fidelity bond, Mallory can subsequently send some dust
to bc1foo to invalidate Bob's bond.

To use compact block filters in a way that prevents spamming, I think
we'd need a different filter type that allowed you to filter by
outpoint.

-Dave

next prev parent reply	other threads:[~2019-07-31 18:00 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25 11:47 Chris Belcher
2019-07-26  8:10 ` Tamas Blummer
2019-07-26  9:38   ` Dmitry Petukhov
2019-07-30 21:39     ` Chris Belcher
2019-07-31 15:50       ` Dmitry Petukhov
2019-08-02  9:21         ` Chris Belcher
     [not found]           ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04             ` Chris Belcher
2019-08-06  1:51               ` Leo Wandersleb
2019-08-06 10:27                 ` Chris Belcher
2019-08-06 13:07                   ` Leo Wandersleb
2019-08-06  2:54               ` ZmnSCPxj
2019-08-06 20:55               ` Dmitry Petukhov
2019-08-06 21:37                 ` Dmitry Petukhov
2019-08-06 23:33                   ` ZmnSCPxj
2019-08-07  9:38                     ` Chris Belcher
2019-08-07 11:20                       ` ZmnSCPxj
2019-08-07 10:05                   ` Chris Belcher
2019-08-07 11:35                     ` ZmnSCPxj
2019-08-07 15:10                     ` Dmitry Petukhov
2019-08-08  0:09                       ` ZmnSCPxj
2019-08-08  9:35                         ` ZmnSCPxj
2019-08-08 11:37                           ` Dmitry Petukhov
2019-08-08 13:59                             ` ZmnSCPxj
2019-08-08 20:06                               ` Chris Belcher
2019-08-08 12:05                       ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17   ` Tamas Blummer
2019-07-28 18:29   ` Tamas Blummer
2019-07-30 21:27   ` Chris Belcher
2019-07-31 17:59     ` David A. Harding [this message]
2019-08-02 14:24 ` Adam Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190731175940.6i57a52jcvkpjodf@ganymede \
    --to=dave@dtrt$(echo .)org \
    --cc=belcher@riseup$(echo .)net \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox