From: Javier Mateos <javierpmateos@gmail•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Reiterating centralized coinjoin (Wasabi & Samourai) deanonymization attacks
Date: Mon, 7 Apr 2025 03:01:39 -0700 (PDT) [thread overview]
Message-ID: <35a802c4-b0dc-43a3-a087-de2babf12759n@googlegroups.com> (raw)
In-Reply-To: <Z_AMBe7CnGX_Rm14@petertodd.org>
[-- Attachment #1.1: Type: text/plain, Size: 3516 bytes --]
Hello everyone,
First of all, I believe this debate has been extremely constructive,
despite some friction regarding inherent biases. I think Yuval has
identified real risks, and at the same time, there was a lack of clarity
regarding how the coordinator operated. If the coordinator had malicious
intentions in the beginning, these have been observed and brought to the
table by a community that is always active and vigilant about these crucial
issues. I believe this is already part of the healthy culture surrounding
Bitcoin.
At this moment, what is crucial is to look forward and demand:
-Overall Transparency: We need clear answers to questions such as: How are
the residual funds calculated and allocated? Which wallet(s) are used?
Ultimately, this information should be publicly verifiable on the
blockchain.
-Audit and Review of the Revenue Model: Is the current mechanism (which
retains residual funds) the best option? Could the excess be redistributed
among users? Should it be handed over to a group of independent auditors,
or what alternative is best? These are questions aimed at finding more
transparent options, especially if disclosed properly. They could even be
addressed through a bounty, for example.
-Audit and Review of the Protocol Architecture: The measures above would
help and could pave the way for the adoption of technical mitigations.
Clearly, a thorough technical and ethical review is required, or else we
wouldn’t have this healthy debate.
Regards,
-Javier
El viernes, 4 de abril de 2025 a las 14:26:17 UTC-3, Peter Todd escribió:
> On Fri, Jan 31, 2025 at 10:39:10PM +0100, Yuval Kogman wrote:
> > - https://youtu.be/v952Fd1vmOs?t=2073 - here, months after launching
> > his service, he fails to disclose until pressed to elaborate, then
> > admits he's collecting revenues and casually misrepresents the
> > "optimistic" behavior of wasabi (which a bug) as a "little known
> > secret" that justifies his appropriation of excess funds, which under
> > the zksnacks coordinator went to the mining fees (thereby bolstering
> > sybil resistance, not undermining it).
>
> For the record, I checked the archive.org and github history of the
> Wasabi Wallet docs themselves, and since at least Nov 23rd 2024
> (archive.org) or possible Oct 10th 2024 (git commit), they've clearly
> stated that leftovers go to the coordinator:
>
> "In rare cases the output decomposition contains change (maximum of
> 10,000 sats per coinjoin), this leftover goes to the coordinator. This
> is because creating such small amounts would harm privacy and ends up
> being more expensive than just forfeiting it."
>
> (note: this whole passage is highlighted)
>
>
> https://web.archive.org/web/20241123035844/https://docs.wasabiwallet.io/using-wasabi/CoinJoin.html#fees
>
> https://github.com/WalletWasabi/WasabiDoc/commit/a1f2f474f282918f2e1626a01351ac8f1b9c43cf
>
> The git commit that introduced that language is PGP-signed by Github as
> of Nov 9th 2024.
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/35a802c4-b0dc-43a3-a087-de2babf12759n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 6102 bytes --]
next prev parent reply other threads:[~2025-04-07 10:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-21 14:16 Yuval Kogman
2025-01-06 13:07 ` Sjors Provoost
2025-01-06 14:30 ` Yuval Kogman
2025-01-07 15:56 ` waxwing/ AdamISZ
2025-01-07 21:33 ` Yuval Kogman
2025-01-23 16:25 ` Peter Todd
2025-01-24 16:00 ` Peter Todd
2025-01-24 16:38 ` waxwing/ AdamISZ
2025-02-04 14:02 ` Yuval Kogman
2025-02-04 22:22 ` Peter Todd
2025-02-07 20:07 ` Yuval Kogman
[not found] ` <sqPb0Ljo2YteBE3rTHUfnrdHihbV9UnZjM4Q7tfqYzDuqsGZbHcaqJnU9LYwN7_iaqIO9B-FVAx3aXRyuDh1TnzZ-Mnp_2vRC4JblnvN1O4=@protonmail.com>
2025-02-13 15:42 ` Yuval Kogman
2025-02-12 10:17 ` /dev /fd0
[not found] ` <CAAQdECD9MfVqU=BLgRpUnEMa=m0cnGj4SWCcviKzpRYJktMaNA@mail.gmail.com>
2025-04-04 16:42 ` Peter Todd
2025-04-04 17:58 ` Yuval Kogman
2025-04-04 19:59 ` Yuval Kogman
2025-04-07 10:01 ` Javier Mateos [this message]
2025-04-09 2:16 ` Yuval Kogman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=35a802c4-b0dc-43a3-a087-de2babf12759n@googlegroups.com \
--to=javierpmateos@gmail$(echo .)com \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox