1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
Return-Path: <alicexbt@protonmail.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 32097C0029
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Jun 2023 19:29:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id EDA9B40A8B
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Jun 2023 19:29:04 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org EDA9B40A8B
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=hwNMU/Am
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id GlvHQAxO_buz
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Jun 2023 19:29:04 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org C3AF0409F8
Received: from mail-4324.protonmail.ch (mail-4324.protonmail.ch [185.70.43.24])
by smtp2.osuosl.org (Postfix) with ESMTPS id C3AF0409F8
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Jun 2023 19:29:03 +0000 (UTC)
Date: Mon, 12 Jun 2023 19:28:47 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1686598141; x=1686857341;
bh=LOiVYNSF2vFlGo1uy30EC9M/KgOMwiFkWIZBKW3GPRY=;
h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
Message-ID:BIMI-Selector;
b=hwNMU/AmnY3ifIo0Y5MmJwkeqfasNqXue+VM6B9xthF68/CGzTeG5NZZKZfToo4x4
iZiOU4HIKmoUKL4XQI67xNxrnctpxw+ljaw4Wj0PUXGxx668kEcKaXlaPhqra/p7tP
QkC+D518ye7V38xI8F4TY/pLint0O3IFLjAS3H3rZyyED9M5cB0c6pqKI8w9hxrnaV
17GibJKv6jCB9fsTHv/GEsvUmX9FnUdqYxaQfK+5vuSUBS1gYDng9+9SydwdAA6GY8
S9rm3XidF2Y3yHMXonxIfsuv8MK5ukp8G3yJWNE0v8YhvkIcc0s4Ho+BbJdHFLKjFx
Dd6gDXK9nwPIg==
To: symphonicbtc <symphonicbtc@proton.me>
From: alicexbt <alicexbt@protonmail.com>
Message-ID: <EQsyuwTpcGBPNNTpCdDzZr4mWC99WoNQLxt5_vSpBCVUZ-dfbGJOrAUh4aLZ7LBkDjpRtEsPTi11xCn4NfY4z18ljbrbsx6GIUgJaK_APxI=@protonmail.com>
In-Reply-To: <5q2errITNASjAVbki97N00q-GQvQHR_9jJ0dppnEW1dcPGYQ9C71abKzcP0z7wit_wbXsRGpNstCPM26pkQmn1aFwfL475A93gaK6uPSt6c=@proton.me>
References: <5q2errITNASjAVbki97N00q-GQvQHR_9jJ0dppnEW1dcPGYQ9C71abKzcP0z7wit_wbXsRGpNstCPM26pkQmn1aFwfL475A93gaK6uPSt6c=@proton.me>
Feedback-ID: 40602938:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Mon, 12 Jun 2023 20:15:48 +0000
Cc: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] postr: p2n payjoin using nostr
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2023 19:29:05 -0000
Hi Symphonic,
> I'm a bit confused as to what exactly this is a proof of concept for.
This is a proof of concept for using nostr npub and relays for payjoin.
> Your use of SIGHASH_NONE does in fact make it possible for the reciever t=
o do whatever they want with your funds (which I see you acknowledge in you=
r brief description, but still, not very practical).
SIGHASH_NONE can be used when there is no change in the transaction and sen=
der wants to spend whole UTXO for the payment. Recipient is free to decide =
the outputs and extra input for the transaction.
> However, it is also possible for anyone who sees the final broadcasted tr=
ansaction to extract the sender's input and use it for any purpose they wis=
h; game theoretically miners would just steal your funds, but it's possible=
for any user to RBF and send those funds wherever they like.
- Based on my understanding of SIGHASH flags and a [blog post][0] by Raghav=
Sood, use of SIGHASH_ALL by recipient will secure all outputs. However I h=
ave realized it is still vulnerable in a [tweet thread][1] as you mentioned=
. While writing this email, poll was still 50-50 so I guess its a learning =
thing. We have less docs about SIGHASH flags, maybe an e-book with all expe=
riments would improve this.
- Since this was just a PoC to use nostr, use of specific SIGHASH flags can=
be ignored and developers can use other flags or default. I will improve/c=
hange it as well. I wanted to use SIGHASH_NONE to improve privacy and less =
UX issues.
- There are no incentives for sender or recipient to use RBF and double spe=
nd in a payjoin transaction.
[0]: https://raghavsood.com/blog/2018/06/10/bitcoin-signature-types-sighash
[1]: https://twitter.com/1440000bytes/status/1668261886884708352
/dev/fd0
flopyy disk guy
Sent with Proton Mail secure email.
------- Original Message -------
On Sunday, June 11th, 2023 at 8:02 AM, symphonicbtc <symphonicbtc@proton.me=
> wrote:
> Hey alicexbt,
> I'm a bit confused as to what exactly this is a proof of concept for. You=
r use of SIGHASH_NONE does in fact make it possible for the reciever to do =
whatever they want with your funds (which I see you acknowledge in your bri=
ef description, but still, not very practical). However, it is also possibl=
e for anyone who sees the final broadcasted transaction to extract the send=
er's input and use it for any purpose they wish; game theoretically miners =
would just steal your funds, but it's possible for any user to RBF and send=
those funds wherever they like.
>=20
> As is the case with any work-in-progress software, but especially in this=
instance, I urge you to disable the ability to use mainnet coins directly =
in your code. This is highly irresponsible to post in this state.
>=20
> Moreover, a bit redundantly considering the glaring and severe security i=
ssues, this is not a proper implemenation of a payjoin, even in a theoretic=
al scenario, as it is trivial to discern which inputs belong to the sender =
and reciever respectively in the final transaction.
>=20
> Symphonic
>=20
>=20
> Sent with Proton Mail secure email.
|