public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: alicexbt <alicexbt@protonmail•com>
To: Lucas Ontivero <lucasontivero@gmail•com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
Date: Tue, 23 May 2023 12:48:02 +0000	[thread overview]
Message-ID: <oLOjKr_MJ2WHkg0KSM5sw5B9RQNFDWpM3RHjea_Q_lRM3rBzwyRELllZzc2hxuGjFTkykJDAP1p-p3QbXTqYMl3U_EnuDxq_3a5ZfcB7aPw=@protonmail.com> (raw)
In-Reply-To: <CALHvQn29S2T=ehqGD1vCJQQuC0aD6rjUUPsb+n80EBPgc_G4JA@mail.gmail.com>

Hi Lucas,

> In some coinjoin implementations inputs are registered first because in that way, if the user fails or refuses to sign the transaction the input is banned and denial of service is made a bit more expensive, in the sense that an attacker needs more and more utxos to keep the attack going.

DoS attacks are even possible in later stages of a coinjoin round. Example: Double spend inputs after signing

Inputs could be banned in second step if ALL|ANYONECANPAY sighash flag is used and outputs are registered initially.

/dev/fd0
floppy disk guy

Sent with Proton Mail secure email.

------- Original Message -------
On Tuesday, May 23rd, 2023 at 5:47 PM, Lucas Ontivero <lucasontivero@gmail•com> wrote:


> Hi all,
> In some coinjoin implementations inputs are registered first because in that way, if the user fails or refuses to sign the transaction the input is banned and denial of service is made a bit more expensive, in the sense that an attacker needs more and more utxos to keep the attack going.
> 
> Your proposal can work if you find an alternative mechanism for mitigating the DoS attacks or when DoS attacks are not a problem (I can imagine there are scenarios where it is not really important).
> Best
> - Lucas
> 
> 
> 
> On Mon, May 22, 2023 at 7:53 PM Ben Carman via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
> 
> > The problem with using ALL|ANYONECANPAY is that you cannot verify beforehand that the other inputs are the inputs you want added to the transaction.
> > 
> > Some examples of bad things that could happen:
> > 
> > 
> > -   Coordinator adds its own inputs, you still get your outputs but effectively paid fees for no privacy gain
> > -   The inputs added could be paying at a lower fee rate than expected, causing the tx to take longer than what you paid for
> > -   Different input types or amount are added so you no longer have the same uniformity across the inputs
> > -   (if you care) An input from a sanctioned address is added, causing you to get "tainted" coins.
> >     
> > 
> > This is the code in ln-vortex that verifies the psbt on the client side if you are curious
> > 
> > https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scala/com/lnvortex/client/VortexClient.scala#L616
> > 
> > 
> > Best,
> > 
> > benthecarman
> > 
> > 
> > 
> > From: bitcoin-dev <bitcoin-dev-bounces@lists•linuxfoundation.org> on behalf of alicexbt via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org>
> > Sent: Monday, May 22, 2023 7:51 AM
> > To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
> > Subject: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY
> > 
> > Hi Bitcoin Developers,
> > 
> > I recently experimented with different sighash flags, PSBTs and realized ALL|ANYONECANPAY could be used to reduce some steps in coinjoin.
> > 
> > Steps:
> > 
> > - Register outputs.
> > - One user creates a signed PSBT with 1 input, all registered outputs and ALL|ANYONECANPAY sighash flag. Other participants keep adding their inputs to PSBT.
> > - Finalize and broadcast the transaction.
> > 
> > Proof of Concept (Aice and Bob): https://gitlab.com/-/snippets/2542297
> > 
> > Tx: https://mempool.space/testnet/tx/c6dd626591dca7e25bbd516f01b23171eb0f2b623471fcf8e073c87c1179c492
> > 
> > I plan to use this in joinstr if there are no major drawbacks and it can even be implemented by other coinjoin implementations.
> > 
> > /dev/fd0
> > floppy disk guy
> > 
> > Sent with Proton Mail secure email.
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists•linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> > 
> > _______________________________________________
> > bitcoin-dev mailing list
> > bitcoin-dev@lists•linuxfoundation.org
> > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


  reply	other threads:[~2023-05-23 12:48 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-22 12:51 alicexbt
2023-05-22 22:51 ` Ben Carman
2023-05-23 12:17   ` Lucas Ontivero
2023-05-23 12:48     ` alicexbt [this message]
2023-05-23 12:34   ` alicexbt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='oLOjKr_MJ2WHkg0KSM5sw5B9RQNFDWpM3RHjea_Q_lRM3rBzwyRELllZzc2hxuGjFTkykJDAP1p-p3QbXTqYMl3U_EnuDxq_3a5ZfcB7aPw=@protonmail.com' \
    --to=alicexbt@protonmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=lucasontivero@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox