public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Leo Wandersleb <leo@LeoWandersleb•de>
To: bitcoin-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Tue, 6 Aug 2019 13:51:02 +1200	[thread overview]
Message-ID: <3a9a9277-130d-fbb2-fa51-6119a2242812@LeoWandersleb.de> (raw)
In-Reply-To: <ad501873-8912-765e-8df5-c9b0451fcd0a@riseup.net>

On 8/6/19 7:04 AM, Chris Belcher via bitcoin-dev wrote:
> However, there _is_ a cost to being a sybil attacker. If we define
> honest makers as entities who run just one maker bot, and dishonest
> makers as entities who run multiple maker bots, then we can say that
> running a dishonest maker operation requires a sacrifice of fee income,
> because someone doing that would earn more money if they ran an honest
> maker instead. This happens because of the quadratic V^2 term in the
> formula calculating the fidelity bond value, which provides this
> incentive for lumping together fidelity bonds. This V^2 is probably the
> most important part for privacy.

As established above, there will emerge a market to lock coins, so these locks
will be readily available without having to buy them. Even with V^2 there is no
reason to amass more coins beyond a certain point. Running the biggest 5 V^2
scores should be pretty solid to get in on many coin joins.

> Another way is to require the bond signature proofs to involve the
> one-time taker identifier, and so be different every time. This
> basically requires fidelity bond privkeys to be online in hot wallets,
> and so should massively increase the difficulty of renting TXOs because
> the maker and the TXO owner need to be in constant real-time communication.

Requiring the bond to reside on a hot wallet would be a massive disadvantage.

No matter how you look at the whole problem of sibyl attacks, the honest maker
will have operational costs and gain fees and the sibyl attacker will have the
same plus profit from the deanonymization. As long as makers hunt marginal
profits, the sibyl attacker having the higher margin from deanonymization will
always win. The fidelity bonds would make this even worse, as increased
complexity and entry cost would not favor more makers but less even before the
centralization incentive mentioned above (V^2). To say that old holders have
bitcoins laying around that they can use for such bonds is a fallacy as they
could just as well rent them out on a bonds market.

How about turning this upside down and shift the incentives from being taker to
being maker by introducing a mandatory fee? If each join costs 1% per maker,
people would initially gasp and reject to update to that version but those who
do, will do to become makers, increasing the maker count massively and
eventually most people in frequent need of joining will also become makers to
offset the costs of being takers.

With these changed rules again the sibyl attackers would still have their
competitive edge and would flood the market with even more cheap offers but now
everybody would have an incentive to do the same and as makers have to have the
UTXOs, it's not free to sibyl attack already.

LW


  reply	other threads:[~2019-08-06  1:56 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25 11:47 Chris Belcher
2019-07-26  8:10 ` Tamas Blummer
2019-07-26  9:38   ` Dmitry Petukhov
2019-07-30 21:39     ` Chris Belcher
2019-07-31 15:50       ` Dmitry Petukhov
2019-08-02  9:21         ` Chris Belcher
     [not found]           ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04             ` Chris Belcher
2019-08-06  1:51               ` Leo Wandersleb [this message]
2019-08-06 10:27                 ` Chris Belcher
2019-08-06 13:07                   ` Leo Wandersleb
2019-08-06  2:54               ` ZmnSCPxj
2019-08-06 20:55               ` Dmitry Petukhov
2019-08-06 21:37                 ` Dmitry Petukhov
2019-08-06 23:33                   ` ZmnSCPxj
2019-08-07  9:38                     ` Chris Belcher
2019-08-07 11:20                       ` ZmnSCPxj
2019-08-07 10:05                   ` Chris Belcher
2019-08-07 11:35                     ` ZmnSCPxj
2019-08-07 15:10                     ` Dmitry Petukhov
2019-08-08  0:09                       ` ZmnSCPxj
2019-08-08  9:35                         ` ZmnSCPxj
2019-08-08 11:37                           ` Dmitry Petukhov
2019-08-08 13:59                             ` ZmnSCPxj
2019-08-08 20:06                               ` Chris Belcher
2019-08-08 12:05                       ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17   ` Tamas Blummer
2019-07-28 18:29   ` Tamas Blummer
2019-07-30 21:27   ` Chris Belcher
2019-07-31 17:59     ` David A. Harding
2019-08-02 14:24 ` Adam Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3a9a9277-130d-fbb2-fa51-6119a2242812@LeoWandersleb.de \
    --to=leo@leowandersleb$(echo .)de \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox