Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Chris Belcher <belcher@riseup•net>
To: ZmnSCPxj <ZmnSCPxj@protonmail•com>, Dmitry Petukhov <dp@simplexum•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds
Date: Thu, 8 Aug 2019 21:06:07 +0100	[thread overview]
Message-ID: <4026143f-0af1-ad06-22c6-a6928c7b342b@riseup.net> (raw)
In-Reply-To: <ybzcv93zmtmV9rve96W4Sti2pip5WSqzMgDsCXUOB4nFSd3EIfZ7IEmVAQNeF7VTIEY9giHjX_Xisnw2h9lCp7ZzQ_jUT043pblf-jW_J3Q=@protonmail.com>

Hello list,

Two points:

* The V^2 term is the only thing in the whole scheme that provides any
sybil protection. I've already gone through the reasoning in an earlier
email and the maths is clear; in a scheme with linear V honest makers
have no economic advantage over sybil attackers. This is because only a
sybil attacker needs to split up their money into multiple fidelity
bonds, and that comes with a penalty under the V^2 rule.

It's worth reiterating that including a single evil maker in a
JoinMarket coinjoin does not ruin it's privacy. Privacy is only ruined
if *all* makers in a coinjoin are controlled by the same entity. So if
takers use one maker who has rented TXOs, then its no big deal as long
as the other included makers are controlled by other people. Therefore
when balancing the harms, consolidation into fewer makers is not as bad
as having no sybil protection (which as a reminder means that *all*
makers are controlled by one entity), and so the V^2 term does more good
than harm.

We can't condemn the V^2 rule because of consolidation without
acknowledging the good it does in penalizing sybil attacks.

* Regarding entities like exchanges running makers. They can also do
this today with JoinMarket, the proposed fidelity bond scheme doesn't
make that worse. It's an underlying assumption of JoinMarket that
coinjoining power is proportional to bitcoin ownership (in a similar way
that an underlying assumption of bitcoin is that transaction
confirmation power is proportional to hashpower). If those big exchanges
find that coinjoins involving them included just one maker controlled by
someone else then their aim of deanonymization will have failed. And
then those exchanges have to explain to their regulators why they helped
hide the origin and destination of some black market money.

next prev parent reply	other threads:[~2019-08-08 20:06 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25 11:47 Chris Belcher
2019-07-26  8:10 ` Tamas Blummer
2019-07-26  9:38   ` Dmitry Petukhov
2019-07-30 21:39     ` Chris Belcher
2019-07-31 15:50       ` Dmitry Petukhov
2019-08-02  9:21         ` Chris Belcher
     [not found]           ` <20190802145057.7b81c597@simplexum.com>
2019-08-05 19:04             ` Chris Belcher
2019-08-06  1:51               ` Leo Wandersleb
2019-08-06 10:27                 ` Chris Belcher
2019-08-06 13:07                   ` Leo Wandersleb
2019-08-06  2:54               ` ZmnSCPxj
2019-08-06 20:55               ` Dmitry Petukhov
2019-08-06 21:37                 ` Dmitry Petukhov
2019-08-06 23:33                   ` ZmnSCPxj
2019-08-07  9:38                     ` Chris Belcher
2019-08-07 11:20                       ` ZmnSCPxj
2019-08-07 10:05                   ` Chris Belcher
2019-08-07 11:35                     ` ZmnSCPxj
2019-08-07 15:10                     ` Dmitry Petukhov
2019-08-08  0:09                       ` ZmnSCPxj
2019-08-08  9:35                         ` ZmnSCPxj
2019-08-08 11:37                           ` Dmitry Petukhov
2019-08-08 13:59                             ` ZmnSCPxj
2019-08-08 20:06                               ` Chris Belcher [this message]
2019-08-08 12:05                       ` Dmitry Petukhov
2019-07-27 19:34 ` David A. Harding
2019-07-28 14:17   ` Tamas Blummer
2019-07-28 18:29   ` Tamas Blummer
2019-07-30 21:27   ` Chris Belcher
2019-07-31 17:59     ` David A. Harding
2019-08-02 14:24 ` Adam Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4026143f-0af1-ad06-22c6-a6928c7b342b@riseup.net \
    --to=belcher@riseup$(echo .)net \
    --cc=ZmnSCPxj@protonmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=dp@simplexum$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox