1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
Return-Path: <dp@simplexum.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 41DA83AA5
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 31 Jul 2019 15:48:54 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.ruggedbytes.com (mail.ruggedbytes.com [88.99.30.248])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2CF19E7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 31 Jul 2019 15:48:52 +0000 (UTC)
Received: from mail.ruggedbytes.com (localhost [127.0.0.1])
by mail.ruggedbytes.com (Postfix) with ESMTPS id 5C57A260052E;
Wed, 31 Jul 2019 15:48:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=simplexum.com;
s=mail; t=1564588130;
bh=nelV2a6hhJ+piWJe8ow/55uujcM/PNxr46pPcYYgzqs=;
h=Date:From:To:Cc:Subject:In-Reply-To:References;
b=ltJV/qEpRWFc55T7hqeKqtUEz+66AQgjvqqUN2WIkDEtTU8qMWPxiYQ6RFwgDeE8Z
clbZidVQLj4YTiy/Y2KFAjomoL7Cci561MHArdBFkVY2B5+8PrDilA6oTG2r51HHH2
eh8Zhl0Vz/MuvaSKhmWzrC5HN1pZNznsolJGYYdQ=
Date: Wed, 31 Jul 2019 20:50:18 +0500
From: Dmitry Petukhov <dp@simplexum.com>
To: bitcoin-dev@lists.linuxfoundation.org
Message-ID: <20190731205018.10ed4302@simplexum.com>
In-Reply-To: <3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net>
References: <985792b1-e7aa-677b-a7a1-6a5f672da884@riseup.net>
<94534006-D560-4C90-9D5D-A3A64B698518@gmail.com>
<20190726143738.0be561da@simplexum.com>
<3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net>
Organization: simplexum.com
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 31 Jul 2019 18:18:45 +0000
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil
attacks using fidelity bonds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 15:48:54 -0000
=D0=92 Tue, 30 Jul 2019 22:39:14 +0100
Chris Belcher via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
wrote:
> This is where a sacrifice of V bitcoins creates a
> bond of value V^2. The formula provides a strong incentive for
> profit-motivated makers to use all their fidelity bond coins with just
> one maker, not spread them out over many makers.
The attacker derives additional value from the use of
locked utxo - the deanonimyzation capabilities.
An entity M can use all of its locked coins to run a maker, and then
earn value X. It will also incur some operational expenses in the course
of running the maker, so the profit will be less than X.
If these locked coins are given to the attacker A as a package, an
attacker can derive a value of X+D where D is a value of increased
deanonymization capabilities for an attacker. Operational expenses
for an attacker are the same as before (without timelocked bonds),
because they need to operate a lot of makers either way.
If M is profit-driven and non-ideological, it can rent out all of its
coins to A as a package, for the price X, and get the same value without
running a maker and dedicating any resources and time to it, not
incurring any operatinal expenses (thus having a bigger profit in the
end).
Attacker A will run a maker with M's coins, get profit X, pay X to M,
get increased deanonymization capabilities.=20
If renting out of utxo is done in a way that the owner always gets X
after the lock expires, the operation will be riskless for the owner.
The attacker will need to lock amount X along with owner's coins, but
hopefully makes X back by running a maker operation.=20
The price for renting out the coins will be determined on the size of
the 'coin package', so it will not be feasible for the owners of the
coins to rent them out separately.
An attacker can even rent coins from several entities and combine them
to create a more 'powerful' maker. If I understand correctly, such
'powerful' maker can have bigger profit than two less 'powerful'
makers. It seems like a centralization risk to me.
|