Return-Path: <belcher@riseup.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id B9E99EF5
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  7 Aug 2019 10:05:45 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 2F4C3823
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed,  7 Aug 2019 10:05:45 +0000 (UTC)
Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net",
	Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.riseup.net (Postfix) with ESMTPS id AB3291A071A;
	Wed,  7 Aug 2019 03:05:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1565172344; bh=rz5Unyjq/s4V/QHkdboFZtsEoZJbZtUrVakTJWmh8xU=;
	h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
	b=SDo9qVHHBHxsTb1wvIistBKB+R365jMdHbujumJutT6JrOKpDpHpUtbYHYRvyYqE/
	llmxT68yIg10XWTLxRxKz6es0bea+wlAgy3QnJoHN7JZ9B0QhXgPktMmjrpCAsNOWF
	THxR6FeffBvHf6r7Yg5aDmvZUvweqOyKz5aSHe/o=
X-Riseup-User-ID: 4BDE46B9E35C3DC158651C51A4EA2B3A6836094C40A98DA1B4F5347117CE6E2D
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by capuchin.riseup.net (Postfix) with ESMTPSA id CB8B812081C;
	Wed,  7 Aug 2019 03:05:43 -0700 (PDT)
To: Dmitry Petukhov <dp@simplexum.com>
References: <985792b1-e7aa-677b-a7a1-6a5f672da884@riseup.net>
	<94534006-D560-4C90-9D5D-A3A64B698518@gmail.com>
	<20190726143738.0be561da@simplexum.com>
	<3c328312-2bdd-60d9-7425-8db620d09abb@riseup.net>
	<20190731205018.10ed4302@simplexum.com>
	<ae32dcbb-c950-3b3f-22b9-d152d6b221cb@riseup.net>
	<20190802145057.7b81c597@simplexum.com>
	<ad501873-8912-765e-8df5-c9b0451fcd0a@riseup.net>
	<20190807015541.3d8aa849@simplexum.com>
	<20190807023742.73750ba3@simplexum.com>
From: Chris Belcher <belcher@riseup.net>
Openpgp: preference=signencrypt
Autocrypt: addr=belcher@riseup.net; prefer-encrypt=mutual; keydata=
	mQINBFPk74oBEACzBLjd+Z5z7eimqPuObFTaJCTXP7fgZjgVwt+q94VQ2wM0ctk/Ft9w2A92
	f14T7PiHaVDjHxrcW+6sw2VI2f60T8Tjf+b4701hIybluWL8DntG9BW19bZLmjAj7zkgektl
	YNDUrlYcQq2OEHm/MGk6Ajt2RA56aRKqoz22e+4ZA89gDgamxUAadul7AETSsgqOEUDI0FKR
	FODzoH65w1ien/DLkG1f76jd0XA6AxrESJVO0JzvkTnJGElBcA37rYaMmDi4DhG2MY4u63VE
	8h6DyUXcRhmTZIAj+r+Ht+KMDiuiyQcKywCzzF/7Ui7YxqeAgjm5aPDU2E8X9Qd7cqHQzFM7
	ZCqc9P6ENAk5a0JjHw0d0knApboSvkIJUB0j1xDIS0HaRlfHM4TPdOoDgnaXb7BvDfE+0zSz
	WkvAns9oJV6uWdnz5kllVCjgB/FXO4plyFCHhXikXjm1XuQyL8xV88OqgDFXwVhKrDL9Pknu
	sTchYm3BS2b5Xq1HQqToT3I2gRGTtDzZVZV0izCefJaDp1mf49k2cokDEfw9MroEj4A0Wfht
	0J64pzlBYn/9zor5cZp/EAblLRDK6HKhSZArIiDR1RC7a6s7oTzmfn0suhKDdTzkbTAnDsPi
	Dokl58xoxz+JdYKjzVh98lpcvMPlbZ+LwIsgbdH4KZj7mVOsJwARAQABtB9DaHJpcyBCZWxj
	aGVyIDxmYWxzZUBlbWFpbC5jb20+iQI+BBMBAgAoBQJT5O+KAhsDBQkSzAMABgsJCAcDAgYV
	CAIJCgsEFgIDAQIeAQIXgAAKCRDvc06md/MRKS8jD/9P9fSYSIVjltL9brAMfIu7wJn0H0lX
	TbcuCM2uQitJ3BNxI3c7aq5dEby27u5Ud54otncDJuRPQVDKs6H7t1rInitgJ1MTQ9/aQGFA
	btKcgtVIMFbeClzTTfWr4W7fE45NI7E9EANgk5JfmWh3U+KINYLF5RtqynYocrsP6zOV+G9A
	HCpBemd9TN60CoMLMyMzTHEW1oQffaVAXY8DgthEYO/odWYIod7VTmEm0zU1aSysPqMwPWNm
	8XIl0f8SfKQyZlAU8e1eCFVCenkE44FKC5qQNYc2UxexEYtfCWChTGc4oHKxIyYmTCCefsQF
	LvgwtvlNHRXHSDKSPSNcRcpl8DFpNEKrmMlkJ8Mx+YR05CydlTQ0bI3FBohJC+UHrjD5I3hA
	wJUC1o+yVSOEd+zN3cG1EECIwkEQSmBgG5t/le2RdzfXOdpf9ku2/zoBpq00R54JxUKlfRM7
	OPTv7X+1AKHkxOySdCZwGgvdh2Whuqs4kTvtco00gCFM9fBd5oi1RJuHtxHsj8+/XU15UItb
	jeo96CIlM5YUeoRLPT5mxZYWgYAARFeSFReNq/Tuwq9d8EokUrtAyrPayznliy53UJfWDVzl
	925c0Cz0HWaP2fWj+uFcj/8K0bhptuWJQy0Poht1z3aJC1UjEgr1Xz8I7jeSJmIlA9plcJw2
	k4dhWbkCDQRT5O+KARAAyFxAM28EQwLctr0CrQhYWZfMKzAhCw+EyrUJ+/e4uiAQ4OyXifRr
	ZV6kLRul3WbTB1kpA6wgCShO0N3vw8fFG2Cs6QphVagEH8yfQUroaVxgADYOTLHMOb7INS8r
	KI/uRNmE6bXTX27oaqCEXLMycqYlufad7hr42S/T8zNh5m2vl6T/1Poj2/ormViKwAxM+8qf
	xd8FNI4UKmq2zZE9mZ5PiSIX0qRgM0yCvxV39ex/nhxzouTBvv4Lb1ntplR/bMLrHxsCzhyM
	KDgcX7ApGm+y6YEsOvzw9rRCRuJpE4lth8ShgjTtNTHfklBD6Ztymc7q7bdPWpKOEvO5lDQ6
	q8+KfENv862cOLlWLk7YR2+mHZ1PXGhWC7ggwEkfGJoXo0x8X+zgUKe2+9Jj4yEhfL0IbFYC
	z2J5d+cWVIBktI3xqkwLUZWuAbE3vgYA4h8ztR6l18NTPkiAvpNQEaL4ZRnAx22WdsQ8GlEW
	dyKZBWbLUdNcMmPfGi5FCw2nNvCyN6ktv5mTZE12EqgvpzYcuUGQPIMV9KTlSPum3NLDq8QI
	6grbG8iNNpEBxmCQOKz2/BuYApU2hwt2E44fL8e6CRK3ridcRdqpueg75my6KkOqm8nSiMEc
	/pVIHwdJ9/quiuRaeC/tZWlYPIwDWgb8ZE/g66z35WAguMQ+EwfvgAUAEQEAAYkCJQQYAQIA
	DwUCU+TvigIbDAUJEswDAAAKCRDvc06md/MRKaZwD/9OI3o3gVmst/mGx6hVQry++ht8dFWN
	IiASPBvD3E5EWbqWi6mmqSIOS6CxjU0PncxTBPCXtzxo/WzuHGQg/xtNeQ0T8b2lBScZAw93
	qm1IcHXLUe5w/Tap6YaDmSYCIZAdtbHzYfPW4JK7cmvcjvF8jhTFOBEOFVQkTi19G7caVot0
	+wL1e2DRHDXAe5CinEpaLBlwHeEu/5j6wc3erohUZlK9IbAclj4iZTQbaq3EyqUXl59dBOON
	xmL5edJxzVishIYQGIyA9WP1SylXt+kO82NEqZG2OxdXAlzjuJ8C2pAG+nbLtDo4hcsiN/MA
	aX9/JB7MXclT5ioerF4yNgKEdfq7LmynsTUd8w/Ilyp7AD+BWoujyO94i8h9eKvjf9PvSwxQ
	uAjRpxne7ZJD8vCsMNXBHSbeEK2LiwStHL/w473viXpDD53J6OLxX6a5RummR+rixbMH7dgK
	MJQ7FlyDphm3or6CSkGEir1KA0y1vqQNFtHhguFapAWMDKaJjQQNgvZUmOo6hbZqmvUF1OWc
	d6GA6j3WOUe3fDJXfbq6P9Jmxq64op887dYKsg7xjQq/7KM7wyRcqXXcbBdgvNtVDP+EnzBN
	HyYY/3ms4YIHE5JHxQ9LV4yPcWkYTvb1XpNIFVbrSXAeyGHVNT+SO6olFovbWIC3Az9yesaM
	1aSoTg==
Message-ID: <483af6d0-ac5a-0e22-da29-af0be5196c15@riseup.net>
Date: Wed, 7 Aug 2019 11:05:41 +0100
MIME-Version: 1.0
In-Reply-To: <20190807023742.73750ba3@simplexum.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: bitcoin-dev@lists.linuxfoundation.org
Subject: Re: [bitcoin-dev] Improving JoinMarket's resistance to sybil
 attacks using fidelity bonds
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 10:05:45 -0000

These are very creative schemes. At the very least they would stop the
easy mindless renting TXO method, where someone with coins on a hardware
wallet simply creates a signature and copypastes it into a website to
get free money. The workaround scheme with shared ownership of TXOs
requires brand new wallets to be created and hodlers must trust the
wallets enough to move their coins and hold them there for a long time.

Requiring fidelity bond TXOs to be held in hot wallets can also be
beaten as a scheme for stopping renting, because the rentee can put
their coin private keys on an always-on raspberry pi which is connected
to the maker's computer and constantly ready to give out signatures. The
coins would be in hot wallets yet still be rented out. As above the
raspberry pi setup would be much more of a hassle than copypasting a
signature into a website, so it could still be worth doing.

I wonder if there's a cryptographic way to prove that muSig and 2P-ECDSA
have not been used to create a certain pubkey/signature.

On 06/08/2019 22:37, Dmitry Petukhov wrote:
> Unfortunately, both described schemes fail the same way as
> 'require TXOs to be consolidated by the owner', by the fact that with
> muSig, shared ownership of TXO is possible, as explained by ZmnSCPxj in
> [1]. 2P-ECDSA is also possible, just more complex, so just saying 'ban
> musig for the bonds' is not the answer, I believe.
> 
> [1]
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-August/017217.html
> 
> В Wed, 7 Aug 2019 01:55:41 +0500
> Dmitry Petukhov <dp@simplexum.com> wrote:
> 
>> В Mon, 5 Aug 2019 20:04:26 +0100
>> Chris Belcher <belcher@riseup.net> wrote:
>>
>>> So what's needed is a way to make renting out TXOs impossible or
>>> very difficult.  
>>
>> You can make renting the TXOs risky for the attacker. Make it so that
>> the entity that rented out the TXO can revoke the participation of
>> said TXO in the market, by publishing some special signature. That
>> act of revocation can also mean revocation of all other TXOs that
>> were used in a bond alongside it. This way, any entity that wants to
>> spoil an attacker's consolidation via rent, can rent out its TXO to
>> the attacker, and then revoke it, spoiling the whole package the
>> attacker have consolidated.
>>
>> There may be other way to impose penalties.
>>
>> For example, all locked TXO may be required to be spendable by *any*
>> key that controls any TXO in the 'bond TXO package'. I think this
>> should be possible with taproot - you will have to publish a taproot
>> trees for your locked TXOs (say, N of them), and the tree for each TXO
>> will have N leaves, each leaf will specify a condition "spendable by
>> the key N". This way, if I give you my TXO to include it in a bond by
>> locking it, you also need to make your other TXOs in a bond spendable
>> by me.
>>
>> For both scenarios to work for the attacker, there's need to be an
>> off-chain contractual relationship between the parties. Otherwise the
>> entity that rents out the TXOs can spoil or just confiscate the bond
>> of the entity that rented them, without reprecussions.
> 
>