Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 32097C0029 for ; Mon, 12 Jun 2023 19:29:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id EDA9B40A8B for ; Mon, 12 Jun 2023 19:29:04 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org EDA9B40A8B Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=hwNMU/Am X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GlvHQAxO_buz for ; Mon, 12 Jun 2023 19:29:04 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org C3AF0409F8 Received: from mail-4324.protonmail.ch (mail-4324.protonmail.ch [185.70.43.24]) by smtp2.osuosl.org (Postfix) with ESMTPS id C3AF0409F8 for ; Mon, 12 Jun 2023 19:29:03 +0000 (UTC) Date: Mon, 12 Jun 2023 19:28:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1686598141; x=1686857341; bh=LOiVYNSF2vFlGo1uy30EC9M/KgOMwiFkWIZBKW3GPRY=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=hwNMU/AmnY3ifIo0Y5MmJwkeqfasNqXue+VM6B9xthF68/CGzTeG5NZZKZfToo4x4 iZiOU4HIKmoUKL4XQI67xNxrnctpxw+ljaw4Wj0PUXGxx668kEcKaXlaPhqra/p7tP QkC+D518ye7V38xI8F4TY/pLint0O3IFLjAS3H3rZyyED9M5cB0c6pqKI8w9hxrnaV 17GibJKv6jCB9fsTHv/GEsvUmX9FnUdqYxaQfK+5vuSUBS1gYDng9+9SydwdAA6GY8 S9rm3XidF2Y3yHMXonxIfsuv8MK5ukp8G3yJWNE0v8YhvkIcc0s4Ho+BbJdHFLKjFx Dd6gDXK9nwPIg== To: symphonicbtc From: alicexbt Message-ID: In-Reply-To: <5q2errITNASjAVbki97N00q-GQvQHR_9jJ0dppnEW1dcPGYQ9C71abKzcP0z7wit_wbXsRGpNstCPM26pkQmn1aFwfL475A93gaK6uPSt6c=@proton.me> References: <5q2errITNASjAVbki97N00q-GQvQHR_9jJ0dppnEW1dcPGYQ9C71abKzcP0z7wit_wbXsRGpNstCPM26pkQmn1aFwfL475A93gaK6uPSt6c=@proton.me> Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Mon, 12 Jun 2023 20:15:48 +0000 Cc: "bitcoin-dev@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] postr: p2n payjoin using nostr X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jun 2023 19:29:05 -0000 Hi Symphonic, > I'm a bit confused as to what exactly this is a proof of concept for. This is a proof of concept for using nostr npub and relays for payjoin. > Your use of SIGHASH_NONE does in fact make it possible for the reciever t= o do whatever they want with your funds (which I see you acknowledge in you= r brief description, but still, not very practical). SIGHASH_NONE can be used when there is no change in the transaction and sen= der wants to spend whole UTXO for the payment. Recipient is free to decide = the outputs and extra input for the transaction. > However, it is also possible for anyone who sees the final broadcasted tr= ansaction to extract the sender's input and use it for any purpose they wis= h; game theoretically miners would just steal your funds, but it's possible= for any user to RBF and send those funds wherever they like. - Based on my understanding of SIGHASH flags and a [blog post][0] by Raghav= Sood, use of SIGHASH_ALL by recipient will secure all outputs. However I h= ave realized it is still vulnerable in a [tweet thread][1] as you mentioned= . While writing this email, poll was still 50-50 so I guess its a learning = thing. We have less docs about SIGHASH flags, maybe an e-book with all expe= riments would improve this. - Since this was just a PoC to use nostr, use of specific SIGHASH flags can= be ignored and developers can use other flags or default. I will improve/c= hange it as well. I wanted to use SIGHASH_NONE to improve privacy and less = UX issues. - There are no incentives for sender or recipient to use RBF and double spe= nd in a payjoin transaction. [0]: https://raghavsood.com/blog/2018/06/10/bitcoin-signature-types-sighash [1]: https://twitter.com/1440000bytes/status/1668261886884708352 /dev/fd0 flopyy disk guy Sent with Proton Mail secure email. ------- Original Message ------- On Sunday, June 11th, 2023 at 8:02 AM, symphonicbtc wrote: > Hey alicexbt, > I'm a bit confused as to what exactly this is a proof of concept for. You= r use of SIGHASH_NONE does in fact make it possible for the reciever to do = whatever they want with your funds (which I see you acknowledge in your bri= ef description, but still, not very practical). However, it is also possibl= e for anyone who sees the final broadcasted transaction to extract the send= er's input and use it for any purpose they wish; game theoretically miners = would just steal your funds, but it's possible for any user to RBF and send= those funds wherever they like. >=20 > As is the case with any work-in-progress software, but especially in this= instance, I urge you to disable the ability to use mainnet coins directly = in your code. This is highly irresponsible to post in this state. >=20 > Moreover, a bit redundantly considering the glaring and severe security i= ssues, this is not a proper implemenation of a payjoin, even in a theoretic= al scenario, as it is trivial to discern which inputs belong to the sender = and reciever respectively in the final transaction. >=20 > Symphonic >=20 >=20 > Sent with Proton Mail secure email.