Hi jbesraa,

> While the possibility of UTXO probing via Payjoin is a valid concern regarding privacy, it's important to note that it might not always come without cost for the attacker. The Payjoin recipient > needs to validate the initial request, ensuring the sender's inputs are broadcastable. This means the recipient could, in practice, broadcast the initial transaction even if the sender aborts the > Payjoin.

> Furthermore, implementing strategies like maintaining a set of 'seen inputs' can make such probing attempts more easily detectable and less effective.

The original transaction can be replaced by the attacker, and it would only cost a few hundred sats or nothing if it's payjoin transaction. I think such attacks could still be effective if the attacker has the budget and motivation to spy on someone's wallet.

/dev/fd0
floppy disk guy


On Wed, Mar 26, 2025 at 11:54 PM jbesraa <jbesraa@gmail.com> wrote:
While the possibility of UTXO probing via Payjoin is a valid concern regarding privacy, it's important to note that it might not always come without cost for the attacker. The Payjoin recipient needs to validate the initial request, ensuring the sender's inputs are broadcastable. This means the recipient could, in practice, broadcast the initial transaction even if the sender aborts the Payjoin. Furthermore, implementing strategies like maintaining a set of 'seen inputs' can make such probing attempts more easily detectable and less effective. While these measures don't eliminate the privacy considerations entirely, they do highlight that recipients have potential defenses and that probing isn't necessarily a risk-free endeavor for the attacker.

On Tuesday, March 25, 2025 at 1:48:15 PM UTC+2 /dev /fd0 wrote:
Hi everyone,

Sometimes we are curious and want to know about UTXOs in other wallets. Payjoin allows you to do this and the recipient would never doubt it because it's a privacy tool. It's possible to find UTXO in recipient's wallet without sending any bitcoin. It's called UTXO probing attack and described in BIP 77-78.

I have shared a demo with all the details in this [post][0]. I have used bullbitcoin wallet for testing this because it was the only [wallet][1] which supports payjoin v2 (send, receive) and testnet3.

I think users should be aware of this tradeoff and the information they share with the sender in payjoin. Payjoin should only be used with trusted senders.

[0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
[1]: https://en.bitcoin.it/wiki/PayJoin_adoption

/dev/fd0
floppy disk guy

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqFcfB%2Bg%40mail.gmail.com.