Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 212F2C002D for ; Sat, 20 Aug 2022 16:53:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id E765E40267 for ; Sat, 20 Aug 2022 16:53:08 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E765E40267 Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=T/McMg8C X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.102 X-Spam-Level: X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4EFYgLkiIl8b for ; Sat, 20 Aug 2022 16:53:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 0B89B418F3 Received: from mail-4027.protonmail.ch (mail-4027.protonmail.ch [185.70.40.27]) by smtp4.osuosl.org (Postfix) with ESMTPS id 0B89B418F3 for ; Sat, 20 Aug 2022 16:53:06 +0000 (UTC) Date: Sat, 20 Aug 2022 16:52:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1661014384; x=1661273584; bh=ujpXaJGbUiZEiHMq+MGrhBRxbImYWYiX7033yIvuCf4=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:Feedback-ID:From:To: Cc:Date:Subject:Reply-To:Feedback-ID:Message-ID; b=T/McMg8Cl3dNdyBzJUVX7H9AC2gjttPbePpmVnizMPZf6tXzvqUCI2GH4iwIqkECo Zo+Dh68uQWN173Ccvk5F+J8bfz7wy8EOvifcAVqIqbMpwSfVvwYnCw5U4kcRyo4B76 iYBjHRhz+G3DUEnms2u4wStEaVcEnNdp3UVC3QZoOsRRNAZF3eIZYAUPjph+ZrRLx4 uMC76wy8PF6/Ahxloo37zGvoDB3IFBiAXt5F3PX5uM9UEgOsztBzaxGhoAJZtI4Ekl INKOMk8Keo+U6GDduXPGkV61I9JrYU81qCE6kenILjFCz7t2Es5TJN0qHlZzAvBCu7 e07LK0MtjeLFA== To: Max Hillebrand From: alicexbt Reply-To: alicexbt Message-ID: Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Sat, 20 Aug 2022 17:01:00 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] joinstr: coinjoin implementation using nostr X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2022 16:53:09 -0000 Hi Max, There a few DoS vectors that need to be fixed. Its just a proof of concept = that I wanted to share with everyone to get feedback which could be improve= d over time. There is also a warning at the bottom of README to not use thi= s on mainnet as it might have bugs. I will continue the development with coinjoin transactions on signet for a = few weeks until there is a stable release with no bugs.=20 I have a few ideas in mind for various relay types that might be used concu= rrently to prevent numerous problems. Custom relays are supported by Nostr.= Examples include paying a fee to register for a round, subscribing with a = time limit, or using invite-only relays. I will run a free and open nostr r= elay for this project and try to fix the Dos issues before a mainnet versio= n is released for python script(for nerds) and android app (for all users). Related links:=20 https://github.com/fiatjaf/relayer https://github.com/fiatjaf/expensive-relay https://github.com/fiatjaf/relayer/tree/master/whitelisted /dev/fd0 Sent with Proton Mail secure email. ------- Original Message ------- On Saturday, August 20th, 2022 at 10:04 AM, Max Hillebrand wrote: > Great to see an implementation of the idea. >=20 > Maybe I misunderstand, but isn't there a vulnerability of denial of servi= ce here? >=20 > A user who registers one input will receive the round secret identifier, = and this is all the information required for output registration. However, = that malicious user can now register multiple outputs, providing the same s= ecret, and nobody can link the malicious outputs to any specific input. The= refor there cannot be a blame round where the malicious input is removed, a= nd thus there can be a ongoing free denial of service attack without attrib= ution or defense. >=20 > Skol > Max >=20 >=20 > On August 20, 2022 10:20:00 AM GMT+02:00, alicexbt via bitcoin-dev wrote: >=20 > > Hi Bitcoin Developers, > >=20 > > I have written a python script as proof of concept for the [coinjoin im= plementation][1] using [nostr][2]. I used a lot of Python scripts created b= y others in school, so it feels nice to offer something that could be usefu= l to others. > >=20 > > The implementation uses Bitcoin Core wallet and RPCs: `listunspent`, `g= etnewaddress`, `scantxoutset`, `createpsbt`, `combinepsbt`, `finalizepsbt` = and `sendrawtransaction`. It requires python-nostr library because nostr is= used for coordination between peers. Nostr is a decentralized network base= d on cryptographic keypairs. It is not peer-to-peer however simple and scal= able. > >=20 > > Every step is published as an event using a nostr relay and 5 peers coo= rdinate to create, sign and broadcast a coinjoin transaction. I need to wr= ite a NIP that would be an alternative to blind signatures. Relay will shar= e a random secret with clients for one round which should be present in out= put registration request although never gets published. If someone tries to= register an output without registering any inputs, request would not have = the number initially shared with inputs so request would get rejected or pu= blished as unverified. Relay would not be able to link inputs and outputs a= s the number is same for all inputs in a round and they get registered at d= ifferent times with new keys and IP address. Clients can use multiple relay= s at the same time to avoid trusting one relay. This would result in differ= ent shared secret number but same process. If a relay tries to cheat, users= will not sign the transaction and avoid using it in future. > >=20 > > Usage: > >=20 > > 1)Run `python coinjoin.py` and enter descriptor for one of the inputs. > > 2)Script will check inputs for this round in every 30 seconds and regi= ster a new adddress for output once 5 inputs are registered. > > 3)Similar check happens every 30 seconds for outputs. Last peer should= create a PSBT. > > 4)Unsigned PSBT will be printed and signed by wallet with `walletproce= sspsbt` RPC. > > 5)Script will check signed PSBTs and last peer to sign should finalize= coinjoin transaction once 5 signed PSBTs are received. > > 6)Coinjoin transaction will be broadcasted and txid will printed. > >=20 > > Example: > >=20 > > ``` > > List of utxos in wallet: > >=20 > > wpkh([53830dca/84'/1'/0'/0/0]02449be5fb74725255eeeb50eba930fa87705f21e9= 9d13cd710cf2c1f21153c808)#x2hyyeg5 > >=20 > > Enter descriptor for the input registration: wpkh([53830dca/84'/1'/0'/0= /0]02449be5fb74725255eeeb50eba930fa87705f21e99d13cd710cf2c1f21153c808)#x2hy= yeg5 > >=20 > > event id: bcbbe62d75d99fed73f1e50ac58a38d1840b658951893e63c0322b378d7d= 56f0 > >=20 > > ``` > > ``` > > tb1qhxrp4zl54ul0twtyz0gury5399q7z0kvqqrl6m registered for output > >=20 > > event id: 9449c9065bef356d21507a98f88b028b17fc1c49eb195c8d4420604fcaaef= 041 > > ``` > > ``` > > Unsigned PSBT: cHNidP8BAP1yAQIAAAAFtMaoJYcXvOG5L3Yaz3YyS7gIt4h5/zzOrRRS= 3hrVvwoAAAAAAP////+o83geaSm4L76KToIUl5MiZqLAUbIDJLq6DWrjP/3b8AEAAAAA/////zE= F3CXIvVHpIa7No1s1yg+KtyOfXTRSyWnOdXMfzcDwAQAAAAD/////wMa4XAgnU+39Ien+KG9rYt= v8bLMNYakmZyY/QFfwLRcAAAAAAP/////5M42ID6uLmQTb2tnFHnN7UMpnDD25uN8ZX7A+GNSM3= QEAAAAA/////wV4xwEAAAAAABYAFLmGGov0rz71uWQT0cGSkSlB4T7MeMcBAAAAAAAWABSc0/FM= 6Hdbdxh10IJkYOklVFWqjnjHAQAAAAAAFgAUPSZKe/w6PT6qIF+WhL4wHaFymjd4xwEAAAAAABY= AFMx0rxYlpPWB3NFry4Ctk2eVi/UNeMcBAAAAAAAWABSzc4xK0VTfvjK0MHXrAUFLYgYnOgAAAA= AAAAAAAAAAAAAAAA=3D=3D > >=20 > > event id: 976744b38fa9343fb79e1b5215512ead6ee08e5890d79a201fc5b872f6de4= eba > > ``` > > ``` > > Signed PSBT: cHNidP8BAP1yAQIAAAAFtMaoJYcXvOG5L3Yaz3YyS7gIt4h5/zzOrRRS3h= rVvwoAAAAAAP////+o83geaSm4L76KToIUl5MiZqLAUbIDJLq6DWrjP/3b8AEAAAAA/////zEF3= CXIvVHpIa7No1s1yg+KtyOfXTRSyWnOdXMfzcDwAQAAAAD/////wMa4XAgnU+39Ien+KG9rYtv8= bLMNYakmZyY/QFfwLRcAAAAAAP/////5M42ID6uLmQTb2tnFHnN7UMpnDD25uN8ZX7A+GNSM3QE= AAAAA/////wV4xwEAAAAAABYAFLmGGov0rz71uWQT0cGSkSlB4T7MeMcBAAAAAAAWABSc0/FM6H= dbdxh10IJkYOklVFWqjnjHAQAAAAAAFgAUPSZKe/w6PT6qIF+WhL4wHaFymjd4xwEAAAAAABYAF= Mx0rxYlpPWB3NFry4Ctk2eVi/UNeMcBAAAAAAAWABSzc4xK0VTfvjK0MHXrAUFLYgYnOgAAAAAA= AQBxAgAAAAG+qpMXZCy6tBuUlgo8JD0GVXKp60FkhwDeg2sF1fkFkwMAAAAA/f///wLo9wEAAAA= AABYAFFfLA5xarC/w/SxeMDQ5tuXrYJLUWwMAAAAAAAAWABRfPf//hwMjHB4OKj87cU19XOSh7y= OWAQABAR/o9wEAAAAAABYAFFfLA5xarC/w/SxeMDQ5tuXrYJLUAQhrAkcwRAIgOIhLoC5348U8Y= kEr4GU1K4yWskIOEXgW4Wsk/W2cR7ICIEJXqtOuDJ5CkwrSuwJLWtzab4dslbN3KuL/pyooMnOC= ASECRJvl+3RyUlXu61DrqTD6h3BfIemdE81xDPLB8hFTyAgAAAAAACICA77Cnd6o3kr0yc+91ea= bpOn5igs/MUMbudNYSS6oyMWMGFODDcpUAACAAQAAgAAAAIAAAAAAFAAAAAAAAAAA > >=20 > > event id: 5846b6e6902f3c5a43496d7d9785ed62444aa74963f03c33d637d8b09ee7a= 139 > > ``` > > ``` > > Coinjoin tx: 75e490b10b15a6a0422f25ff66ad98ef70390c8fecaac02712705dce8c= c3564b > >=20 > > event id: 9b5d4bf279b59e2b6e539e683fba83da72dce2b640360aa95db1b1400be93= 190 > > ``` > >=20 > > There are lot of things that could be improved and a few suggestions ar= e in the gist that described the [idea][3]. I would love read to any opinio= ns about this experiment and will start working on creating an Android app = for joinstr next week. > >=20 > > Credits: > >=20 > > - fiatjaf (Nostr) > > - Andrew Chow (PSBT) > > - Jeff Thibault (python-nostr) > > - Existing coinjoin implmentations > >=20 > > [1]: https://github.com/1440000bytes/joinstr > > [2]: https://github.com/nostr-protocol/nostr > > [3]: https://gist.github.com/1440000bytes/1c305097b070c8374cc3b91f50314= a45 > >=20 > > /dev/fd0 > >=20 > > Sent with Proton Mail secure email. > >=20 > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev