1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
Delivery-date: Tue, 25 Mar 2025 04:48:22 -0700
Received: from mail-yb1-f183.google.com ([209.85.219.183])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCU2P6FJ3EBBB65PRK7QMGQEL3OL6MA@googlegroups.com>)
id 1tx2lZ-0006EU-Aq
for bitcoindev@gnusha.org; Tue, 25 Mar 2025 04:48:22 -0700
Received: by mail-yb1-f183.google.com with SMTP id 3f1490d57ef6-e582bfcada6sf8576362276.1
for <bitcoindev@gnusha.org>; Tue, 25 Mar 2025 04:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1742903295; x=1743508095; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=;
b=AQ/AVIpDjFteL3UNoGp799zjUBo8y2kFarflaPqq67LOYuo9KoYXnBQ/VBeG1qToRd
VK0lTqf5o560deP1/TTbpf5d21wF4jiB+m6V/JPdrHEZTKNVxmh29I4MOA5NbhxOKr6n
uNEzcre3QGxeMqvMLINR1zRXC2EcIvP1eR2wPS+xvBSVnr+jwbHeSQzMOMNzpHqLaXx/
Cdmm40BSQdZO7POl7jSWRB26psjxME33tZyzUk5XqdBvSKYAyWm34sRYChsROgDme20y
KF3SjAj9M6EvmyPzv7ax143+m1sJnKuDnGV/A/NRYS+CUROqldP+Yja9BpWvHBMKF+iQ
iy5Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742903295; x=1743508095; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:from:to:cc:subject:date:message-id
:reply-to;
bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=;
b=gogq21INr7GyfDueR7wDZUVTiUS3MA9RF3XDDO4srF+spfkGnuP74MsPCR+OIc4PlP
aux5J9f5x0eB5oKcwh2zoDah/ldw6S/wE5gYbRq+VWurIntm6unYKzhqJcdNXNHiCHH7
wyk5u72ZbZlUoAXrALtDiXKCqP+BijgjrC/FJ7D6+LtI5sxXGdaeuiaRkfTnsthDAPQN
CVj+cxbFDBxU36z1oDJRCyXjAfZG2dWWpCGKUR9T8Es2rvOtwO2KX12WVJoEHQUVVL1T
BgqlhHdssei6BM4Jqo9BvA3i4CCjNzgkGt0ViIcbeAZhFJLgkYkmezw22wnLTgnbQzrE
ePAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742903295; x=1743508095;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=eiazBcQngbp9Y2UELvqOaqVTDGi51U+X43QSUa/LQXc=;
b=h8fY4FKJNt03AejXH6r+XoTOhbr+GJXHtAGqTE51lwSmjlrMUaUn6PMLUzHnVhRWCU
5LvwyRIvjzXoZNl+59eJ9bVYsM8QZSNwiYDWclZy4wZ/pI30pKetT1X+IBoYWRkgFlLL
c8CmHZQW4jQI89bPAGnphCmXviVN1ctRy74frGnB5zBmZdyiSNrAsN9M4wU4ExNrpqIc
/UU4p3lzTqJoYnz9VMEuYaYrRIvtJxiTNCJaXmTsD8TDAm2852apj0zBfrkXrFYpKous
Uicms2qaZ35prcIRyglLHV3tlopu2YYxqd8SrdTaCNd5BwxHED1Sgt6VyRVsnW+7eB4u
QNEQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCXH35x0BPckLYQzwBBIco2C+bsAmjYAgFvqT5NvZS5E6E4s0eqNQoQIh/5fICUGlqnWht7az+oBrunM@gnusha.org
X-Gm-Message-State: AOJu0Yz39eEfA/MpiryvLxaUeTEAOmNuRz5DPxZ5rXXI92r6q6sznAGC
kzArk6+4EORLK3t/hzDHLvYrOosI9qFjdfe1eT9pysYFkIf3NCiR
X-Google-Smtp-Source: AGHT+IGidZbhJriJDQMeHDi0K5LFXMscb24FuqSqXvpqkWa1PVFVjv/gRYH16AOaneR/WAXsPztaHQ==
X-Received: by 2002:a05:6902:118c:b0:e5b:240a:ccdb with SMTP id 3f1490d57ef6-e66a4da6cccmr22411073276.20.1742903295048;
Tue, 25 Mar 2025 04:48:15 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAI3mGQVv1HfMmFnMIit3hKWY0AJW2KM+X7BWYHX/ocJjg==
Received: by 2002:a25:e014:0:b0:e63:4a11:a984 with SMTP id 3f1490d57ef6-e66a02edfeels742115276.0.-pod-prod-02-us;
Tue, 25 Mar 2025 04:48:10 -0700 (PDT)
X-Received: by 2002:a05:690c:67c6:b0:6ef:94db:b208 with SMTP id 00721157ae682-700bacd2edemr211883647b3.24.1742903290842;
Tue, 25 Mar 2025 04:48:10 -0700 (PDT)
Received: by 2002:a81:a947:0:b0:6ef:590d:3213 with SMTP id 00721157ae682-700ba2435b8ms7b3;
Tue, 25 Mar 2025 04:46:40 -0700 (PDT)
X-Received: by 2002:a05:690c:7201:b0:6fe:bfb9:549c with SMTP id 00721157ae682-700babeb60emr223751807b3.1.1742903199040;
Tue, 25 Mar 2025 04:46:39 -0700 (PDT)
Date: Tue, 25 Mar 2025 04:46:38 -0700 (PDT)
From: /dev /fd0 <alicexbtong@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com>
Subject: [bitcoindev] UTXO probing attack using payjoin
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_507846_370156378.1742903198764"
X-Original-Sender: alicexbtong@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_507846_370156378.1742903198764
Content-Type: multipart/alternative;
boundary="----=_Part_507847_411592957.1742903198764"
------=_Part_507847_411592957.1742903198764
Content-Type: text/plain; charset="UTF-8"
Hi everyone,
Sometimes we are curious and want to know about UTXOs in other wallets.
Payjoin allows you to do this and the recipient would never doubt it
because it's a privacy tool. It's possible to find UTXO in recipient's
wallet without sending any bitcoin. It's called UTXO probing attack and
described in BIP 77-78.
I have shared a demo with all the details in this [post][0]. I have used
bullbitcoin wallet for testing this because it was the only [wallet][1]
which supports payjoin v2 (send, receive) and testnet3.
I think users should be aware of this tradeoff and the information they
share with the sender in payjoin. Payjoin should only be used with trusted
senders.
[0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
[1]: https://en.bitcoin.it/wiki/PayJoin_adoption
/dev/fd0
floppy disk guy
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/450755f1-84c5-4f32-abe0-67087ae884d6n%40googlegroups.com.
------=_Part_507847_411592957.1742903198764
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi everyone, <br /><br />Sometimes we are curious and want to know about UT=
XOs in other wallets. Payjoin allows you to do this and the recipient would=
never doubt it because it's a privacy tool. It's possible to find UTXO in =
recipient's wallet without sending any bitcoin. It's called UTXO probing at=
tack and described in BIP 77-78.<br /><br />I have shared a demo with all t=
he details in this [post][0]. I have used bullbitcoin wallet for testing th=
is because it was the only [wallet][1] which supports payjoin v2 (send, rec=
eive) and testnet3.<br /><br />I think users should be aware of this tradeo=
ff and the information they share with the sender in payjoin. Payjoin shoul=
d only be used with trusted senders.<br /><br />[0]: <a href=3D"https://unc=
ensoredtech.substack.com/p/utxo-probing-attack-using-payjoin">https://uncen=
soredtech.substack.com/p/utxo-probing-attack-using-payjoin</a><br />[1]: <a=
href=3D"https://en.bitcoin.it/wiki/PayJoin_adoption">https://en.bitcoin.it=
/wiki/PayJoin_adoption</a><br /><br />/dev/fd0<br />floppy disk guy
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/450755f1-84c5-4f32-abe0-67087ae884d6n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/450755f1-84c5-4f32-abe0-67087ae884d6n%40googlegroups.com</a>.<br />
------=_Part_507847_411592957.1742903198764--
------=_Part_507846_370156378.1742903198764--
|
