Return-Path: Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B9126C002A for ; Tue, 23 May 2023 12:48:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 8DAFC41CF6 for ; Tue, 23 May 2023 12:48:11 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 8DAFC41CF6 Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=m4PIgCEd X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.103 X-Spam-Level: X-Spam-Status: No, score=-0.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JCBtjNpEx0cF for ; Tue, 23 May 2023 12:48:10 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 53BDB40BD5 Received: from mail-4324.protonmail.ch (mail-4324.protonmail.ch [185.70.43.24]) by smtp2.osuosl.org (Postfix) with ESMTPS id 53BDB40BD5 for ; Tue, 23 May 2023 12:48:10 +0000 (UTC) Date: Tue, 23 May 2023 12:48:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1684846087; x=1685105287; bh=RW/q+5KEHnmioLd/VFBypll8P8cti3QRjTQjeTNi+44=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=m4PIgCEdJEbl8EI6MHjXiDZ+lzfrG+qduA10ESUhsk9ql7SUcoTKQ9Ahz64HwWev3 lP2mmvmgpmj86aBgYExR+kY3oOfbPMO+JpDQq9/zHsODrL4XTv9ElHaTzlQTaZey/R vxE9Nu+ZnqDDirbLh7IWARu6inDY/Sl5Y8LOFXCLeADeOMxunJH7+DPKL6olcvdLJ7 MRt3tjoD4FY4F4VbVGxDnfiMxySsQnQQwTK7jYzA87LEgbYLIITEMWe4q7CuIcYeVo QNMZoBeuA3es8iRprlrJVu1Y8S3Am1aLyVDxROAlx9j9ekFbrVMMXRGgzIhUX70xiB bGfken0ZZWN5g== To: Lucas Ontivero From: alicexbt Message-ID: In-Reply-To: References: Feedback-ID: 40602938:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Tue, 23 May 2023 13:04:22 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2023 12:48:11 -0000 Hi Lucas, > In some coinjoin implementations inputs are registered first because in t= hat way, if the user fails or refuses to sign the transaction the input is = banned and denial of service is made a bit more expensive, in the sense tha= t an attacker needs more and more utxos to keep the attack going. DoS attacks are even possible in later stages of a coinjoin round. Example:= Double spend inputs after signing Inputs could be banned in second step if ALL|ANYONECANPAY sighash flag is u= sed and outputs are registered initially. /dev/fd0 floppy disk guy Sent with Proton Mail secure email. ------- Original Message ------- On Tuesday, May 23rd, 2023 at 5:47 PM, Lucas Ontivero wrote: > Hi all, > In some coinjoin implementations inputs are registered first because in t= hat way, if the user fails or refuses to sign the transaction the input is = banned and denial of service is made a bit more expensive, in the sense tha= t an attacker needs more and more utxos to keep the attack going. >=20 > Your proposal can work if you find an alternative mechanism for mitigatin= g the DoS attacks or when DoS attacks are not a problem (I can imagine ther= e are scenarios where it is not really important). > Best > - Lucas >=20 >=20 >=20 > On Mon, May 22, 2023 at 7:53=E2=80=AFPM Ben Carman via bitcoin-dev wrote: >=20 > > The problem with using ALL|ANYONECANPAY is that you cannot verify befor= ehand that the other inputs are the inputs you want added to the transactio= n. > >=20 > > Some examples of bad things that could happen: > >=20 > >=20 > > - Coordinator adds its own inputs, you still get your outputs but eff= ectively paid fees for no privacy gain > > - The inputs added could be paying at a lower fee rate than expected,= causing the tx to take longer than what you paid for > > - Different input types or amount are added so you no longer have the= same uniformity across the inputs > > - (if you care) An input from a sanctioned address is added, causing = you to get "tainted" coins. > > =20 > >=20 > > This is the code in ln-vortex that verifies the psbt on the client side= if you are curious > >=20 > > https://github.com/ln-vortex/ln-vortex/blob/master/client/src/main/scal= a/com/lnvortex/client/VortexClient.scala#L616 > >=20 > >=20 > > Best, > >=20 > > benthecarman > >=20 > >=20 > >=20 > > From: bitcoin-dev on be= half of alicexbt via bitcoin-dev > > Sent: Monday, May 22, 2023 7:51 AM > > To: Bitcoin Protocol Discussion > > Subject: [bitcoin-dev] Coinjoin with less steps using ALL|ANYONECANPAY > >=20 > > Hi Bitcoin Developers, > >=20 > > I recently experimented with different sighash flags, PSBTs and realize= d ALL|ANYONECANPAY could be used to reduce some steps in coinjoin. > >=20 > > Steps: > >=20 > > - Register outputs. > > - One user creates a signed PSBT with 1 input, all registered outputs a= nd ALL|ANYONECANPAY sighash flag. Other participants keep adding their inpu= ts to PSBT. > > - Finalize and broadcast the transaction. > >=20 > > Proof of Concept (Aice and Bob): https://gitlab.com/-/snippets/2542297 > >=20 > > Tx: https://mempool.space/testnet/tx/c6dd626591dca7e25bbd516f01b23171eb= 0f2b623471fcf8e073c87c1179c492 > >=20 > > I plan to use this in joinstr if there are no major drawbacks and it ca= n even be implemented by other coinjoin implementations. > >=20 > > /dev/fd0 > > floppy disk guy > >=20 > > Sent with Proton Mail secure email. > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >=20 > > _______________________________________________ > > bitcoin-dev mailing list > > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev