Re: [bitcoindev] UTXO probing attack using payjoin

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: "/dev /fd0" <alicexbtong@gmail•com>
To: Yuval Kogman <nothingmuch@woobling•org>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] UTXO probing attack using payjoin
Date: Thu, 27 Mar 2025 00:56:02 +0530	[thread overview]
Message-ID: <CALiT-Zq-WmwZCB2uJ4oq+evFerRZTwtKcct8sPRE6n+Jx3CQhQ@mail.gmail.com> (raw)
In-Reply-To: <CAAQdECADpUOUN9+yBLMR7dVJ2WhsE2uhesSgh=p-jRgzp9AaWQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2395 bytes --]

Hi Yuval,

Thank you for your feedback.

> This will> likely link it to the receiver's other coins eventually, and
certainly
> links it to the receiver's subsequent transactions.

Coin control and labels can be used to avoid this. Consolidation of inputs
is often bad for privacy and makes silent payments, coinjoin etc. useless
in some cases however the user has the choice to select coins manually
while transacting. In payjoin, users can't do much about it. They have to
share UTXOs in response to the original PSBT along with the address to
receive bitcoin.

> In the payjoin setting, the receiver is
> using coinswap in that manner, then as a payjoin receiver they can
> elect to only use coinswapped coins as contributed inputs to payjoin
> transactions.

It could be a workaround or temporary fix for this problem. However, if
swapped coins are used in transactions, octojoin could be a better solution
which doesn't require any inputs from the recipient.

> I'm not sure what you mean by "the recipient would never doubt it
> because it's a privacy tool", it sounds to me like this is mainly a
> criticism of the UX of payjoin supporting wallets, or of wallets in
> general for not educating users that privacy is not a binary thing?

The recipient would never doubt a sender who insists on using payjoin and
not interested in a normal bitcoin transaction. They would not know the
intentions of the sender before payjoin.

> Note that in all of these specifications of payjoin UTXO probing is
> not costless since the sender must send a fully signed transaction in
> order to learn such a UTXO, and this transaction although not
> confirmed still imposes a fee cost on the sender if broadcast (even if
> it is replaced).

It was costless in the demo which could be fixed by bullbitcoin. However,
an attacker with a budget and some motivation can always spy on your wallet
using payjoin. Things become even easier with automated payment systems
such as BTCPay Server.

/dev/fd0
floppy disk guy

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 2921 bytes --]

     prev parent reply	other threads:[~2025-03-27 12:19 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-25 11:46 /dev /fd0
2025-03-25 12:52 ` [bitcoindev] " jbesraa
2025-03-26 19:38   ` /dev /fd0
2025-03-28 19:28     ` waxwing/ AdamISZ
2025-03-28 23:41       ` Yuval Kogman
2025-03-29 13:00         ` /dev /fd0
2025-03-29 12:34       ` /dev /fd0
2025-03-25 13:39 ` [bitcoindev] " Yuval Kogman
2025-03-26 19:26   ` /dev /fd0 [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALiT-Zq-WmwZCB2uJ4oq+evFerRZTwtKcct8sPRE6n+Jx3CQhQ@mail.gmail.com \
    --to=alicexbtong@gmail$(echo .)com \
    --cc=bitcoindev@googlegroups.com \
    --cc=nothingmuch@woobling$(echo .)org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox