1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
Return-Path: <woltx@protonmail.com>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id 6AC71C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 9 Sep 2022 21:05:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id 455BB61025
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 9 Sep 2022 21:05:18 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 455BB61025
Authentication-Results: smtp3.osuosl.org;
dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com
header.a=rsa-sha256 header.s=protonmail3 header.b=gDlrfc7r
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id uk_LdtNWG9Qv
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 9 Sep 2022 21:05:15 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 18C7760F3D
Received: from mail-4318.protonmail.ch (mail-4318.protonmail.ch [185.70.43.18])
by smtp3.osuosl.org (Postfix) with ESMTPS id 18C7760F3D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 9 Sep 2022 21:05:15 +0000 (UTC)
Date: Fri, 09 Sep 2022 21:05:07 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail3; t=1662757511; x=1663016711;
bh=TslMzmP4MwyLxEsDMsPQOqNlbj8V4bP9kCCz8fe6Jk4=;
h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To:
References:Feedback-ID:From:To:Cc:Date:Subject:Reply-To:
Feedback-ID:Message-ID;
b=gDlrfc7rxFyid5nDTIzPgyzSwvvU79ADPWEFDH69owkLMBu2iN6zWKq29b51j+INW
DTBmpMmWbYVR+YooL4lV715dKM8X7Om0viZaFSNV96hZAtfo9znhySUVKaYWkGfESI
yG/rT7hwUn6ACAp5sDehfdEcc8JqKTUd63Er/CPgVYT4+sVUHux5xNqFVNx4it1QZS
JIr00+Wy6KKlRlC9aEJEb6A0xsaEL5fosEYpM/F/EynSx05GZvD/lz8uO/7ZTY4MLg
+ELUTkIq8mviscKDSv/vSRqZCQgUapGaTUtNT8oCNBbM5JmrnzEgfF4dZy/40vLB8N
wwq+Y6nuFctQQ==
To: alicexbt <alicexbt@protonmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: woltx <woltx@protonmail.com>
Reply-To: woltx <woltx@protonmail.com>
Message-ID: <N_V7H1P2laUdee_YZE16Y4jNPGO0qBBebW1hdeRucs832Iu5ekvNlb3BDTjZG9lgnRjOm5ts7PDeyAvUAXlGdijIty2hIIXk0bEIn-RC-kQ=@protonmail.com>
In-Reply-To: <GDi7LdVsoIcf4DyylHYn9L24lNn6cE47Vo7DWE4GNmkHi-OePqMkqrx5VYisPG28nv4ih4763vKSS_Yul1BvxjXQn4Sr4zF62kQpL_5nzYY=@protonmail.com>
References: <GDi7LdVsoIcf4DyylHYn9L24lNn6cE47Vo7DWE4GNmkHi-OePqMkqrx5VYisPG28nv4ih4763vKSS_Yul1BvxjXQn4Sr4zF62kQpL_5nzYY=@protonmail.com>
Feedback-ID: 48616983:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Fri, 09 Sep 2022 22:15:15 +0000
Subject: Re: [bitcoin-dev] joinstr: coinjoin implementation using nostr
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2022 21:05:18 -0000
Hi /dev/fd0,
I've been reviewing joinstr, and if I understand the code correctly, the cr=
yptographic scheme mentioned as an alternative to blind signatures isn't im=
plemented yet, is it? Currently, it seems that anyone can submit unrelated =
inputs and outputs.
Perhaps PR #24058 (https://github.com/bitcoin/bitcoin/pull/24058) (basic su=
pport BIP-322) can improve this scheme as it implements proof of ownership.=
=20
Instead of clients sending descriptors to the relay and then verifying them=
using `scantxoutset`, it can send `txid:out` with a message signed with th=
e address, verify using `verifymessage` and then use `gettxout` to retrieve=
the value. That way, only the owner can send the UTXO.
I've done some tests connected to a node with BIP322 enabled:
# to send
input_txt: str =3D json.dumps(input)
result =3D core.signmessage(wallet, input['address'], input_txt)
input['signature'] =3D result['result']
nostr_interface.publish_input(input)
# to receive
def validate_input(input: dict[str, int, str, str]) -> bool:
# ...
result =3D core.verifymessage(address=3Dinput['address'], message=3Djso=
n.dumps(message), signature=3Dinput['signature'])
return result['error'] =3D=3D None and result['result'] =3D=3D True
------- Original Message -------
On Saturday, August 20th, 2022 at 1:52 PM, alicexbt via bitcoin-dev <bitcoi=
n-dev@lists.linuxfoundation.org> wrote:
> Hi Max,
>=20
> There a few DoS vectors that need to be fixed. Its just a proof of concep=
t that I wanted to share with everyone to get feedback which could be impro=
ved over time. There is also a warning at the bottom of README to not use t=
his on mainnet as it might have bugs.
>=20
> I will continue the development with coinjoin transactions on signet for =
a few weeks until there is a stable release with no bugs.
>=20
> I have a few ideas in mind for various relay types that might be used con=
currently to prevent numerous problems. Custom relays are supported by Nost=
r. Examples include paying a fee to register for a round, subscribing with =
a time limit, or using invite-only relays. I will run a free and open nostr=
relay for this project and try to fix the Dos issues before a mainnet vers=
ion is released for python script(for nerds) and android app (for all users=
).
>=20
> Related links:
>=20
> https://github.com/fiatjaf/relayer
> https://github.com/fiatjaf/expensive-relay
> https://github.com/fiatjaf/relayer/tree/master/whitelisted
>=20
> /dev/fd0
>=20
>=20
> Sent with Proton Mail secure email.
>=20
>=20
> ------- Original Message -------
> On Saturday, August 20th, 2022 at 10:04 AM, Max Hillebrand max@towardslib=
erty.com wrote:
>=20
>=20
>=20
> > Great to see an implementation of the idea.
> >=20
> > Maybe I misunderstand, but isn't there a vulnerability of denial of ser=
vice here?
> >=20
> > A user who registers one input will receive the round secret identifier=
, and this is all the information required for output registration. However=
, that malicious user can now register multiple outputs, providing the same=
secret, and nobody can link the malicious outputs to any specific input. T=
herefor there cannot be a blame round where the malicious input is removed,=
and thus there can be a ongoing free denial of service attack without attr=
ibution or defense.
> >=20
> > Skol
> > Max
> >=20
> > On August 20, 2022 10:20:00 AM GMT+02:00, alicexbt via bitcoin-dev bitc=
oin-dev@lists.linuxfoundation.org wrote:
> >=20
> > > Hi Bitcoin Developers,
> > >=20
> > > I have written a python script as proof of concept for the coinjoin i=
mplementation using nostr. I used a lot of Python scripts created by others=
in school, so it feels nice to offer something that could be useful to oth=
ers.
> > >=20
> > > The implementation uses Bitcoin Core wallet and RPCs: `listunspent`, =
`getnewaddress`, `scantxoutset`, `createpsbt`, `combinepsbt`, `finalizepsbt=
` and `sendrawtransaction`. It requires python-nostr library because nostr =
is used for coordination between peers. Nostr is a decentralized network ba=
sed on cryptographic keypairs. It is not peer-to-peer however simple and sc=
alable.
> > >=20
> > > Every step is published as an event using a nostr relay and 5 peers c=
oordinate to create, sign and broadcast a coinjoin transaction. I need to w=
rite a NIP that would be an alternative to blind signatures. Relay will sha=
re a random secret with clients for one round which should be present in ou=
tput registration request although never gets published. If someone tries t=
o register an output without registering any inputs, request would not have=
the number initially shared with inputs so request would get rejected or p=
ublished as unverified. Relay would not be able to link inputs and outputs =
as the number is same for all inputs in a round and they get registered at =
different times with new keys and IP address. Clients can use multiple rela=
ys at the same time to avoid trusting one relay. This would result in diffe=
rent shared secret number but same process. If a relay tries to cheat, user=
s will not sign the transaction and avoid using it in future.
> > >=20
> > > Usage:
> > >=20
> > > 1)Run `python coinjoin.py` and enter descriptor for one of the inputs=
.
> > > 2)Script will check inputs for this round in every 30 seconds and reg=
ister a new adddress for output once 5 inputs are registered.
> > > 3)Similar check happens every 30 seconds for outputs. Last peer shoul=
d create a PSBT.
> > > 4)Unsigned PSBT will be printed and signed by wallet with `walletproc=
esspsbt` RPC.
> > > 5)Script will check signed PSBTs and last peer to sign should finaliz=
e coinjoin transaction once 5 signed PSBTs are received.
> > > 6)Coinjoin transaction will be broadcasted and txid will printed.
> > >=20
> > > Example:
> > >=20
> > > ```
> > > List of utxos in wallet:
> > >=20
> > > wpkh([53830dca/84'/1'/0'/0/0]02449be5fb74725255eeeb50eba930fa87705f21=
e99d13cd710cf2c1f21153c808)#x2hyyeg5
> > >=20
> > > Enter descriptor for the input registration: wpkh([53830dca/84'/1'/0'=
/0/0]02449be5fb74725255eeeb50eba930fa87705f21e99d13cd710cf2c1f21153c808)#x2=
hyyeg5
> > >=20
> > > event id: bcbbe62d75d99fed73f1e50ac58a38d1840b658951893e63c0322b378d7=
d56f0
> > >=20
> > >=20
> > > tb1qhxrp4zl54ul0twtyz0gury5399q7z0kvqqrl6m registered for output
> > >=20
> > > event id: 9449c9065bef356d21507a98f88b028b17fc1c49eb195c8d4420604fcaa=
ef041
> > >=20
> > > Unsigned PSBT: cHNidP8BAP1yAQIAAAAFtMaoJYcXvOG5L3Yaz3YyS7gIt4h5/zzOrR=
RS3hrVvwoAAAAAAP////+o83geaSm4L76KToIUl5MiZqLAUbIDJLq6DWrjP/3b8AEAAAAA/////=
zEF3CXIvVHpIa7No1s1yg+KtyOfXTRSyWnOdXMfzcDwAQAAAAD/////wMa4XAgnU+39Ien+KG9r=
Ytv8bLMNYakmZyY/QFfwLRcAAAAAAP/////5M42ID6uLmQTb2tnFHnN7UMpnDD25uN8ZX7A+GNS=
M3QEAAAAA/////wV4xwEAAAAAABYAFLmGGov0rz71uWQT0cGSkSlB4T7MeMcBAAAAAAAWABSc0/=
FM6Hdbdxh10IJkYOklVFWqjnjHAQAAAAAAFgAUPSZKe/w6PT6qIF+WhL4wHaFymjd4xwEAAAAAA=
BYAFMx0rxYlpPWB3NFry4Ctk2eVi/UNeMcBAAAAAAAWABSzc4xK0VTfvjK0MHXrAUFLYgYnOgAA=
AAAAAAAAAAAAAAAAAA=3D=3D
> > >=20
> > > event id: 976744b38fa9343fb79e1b5215512ead6ee08e5890d79a201fc5b872f6d=
e4eba
> > >=20
> > > Signed PSBT: cHNidP8BAP1yAQIAAAAFtMaoJYcXvOG5L3Yaz3YyS7gIt4h5/zzOrRRS=
3hrVvwoAAAAAAP////+o83geaSm4L76KToIUl5MiZqLAUbIDJLq6DWrjP/3b8AEAAAAA/////zE=
F3CXIvVHpIa7No1s1yg+KtyOfXTRSyWnOdXMfzcDwAQAAAAD/////wMa4XAgnU+39Ien+KG9rYt=
v8bLMNYakmZyY/QFfwLRcAAAAAAP/////5M42ID6uLmQTb2tnFHnN7UMpnDD25uN8ZX7A+GNSM3=
QEAAAAA/////wV4xwEAAAAAABYAFLmGGov0rz71uWQT0cGSkSlB4T7MeMcBAAAAAAAWABSc0/FM=
6Hdbdxh10IJkYOklVFWqjnjHAQAAAAAAFgAUPSZKe/w6PT6qIF+WhL4wHaFymjd4xwEAAAAAABY=
AFMx0rxYlpPWB3NFry4Ctk2eVi/UNeMcBAAAAAAAWABSzc4xK0VTfvjK0MHXrAUFLYgYnOgAAAA=
AAAQBxAgAAAAG+qpMXZCy6tBuUlgo8JD0GVXKp60FkhwDeg2sF1fkFkwMAAAAA/f///wLo9wEAA=
AAAABYAFFfLA5xarC/w/SxeMDQ5tuXrYJLUWwMAAAAAAAAWABRfPf//hwMjHB4OKj87cU19XOSh=
7yOWAQABAR/o9wEAAAAAABYAFFfLA5xarC/w/SxeMDQ5tuXrYJLUAQhrAkcwRAIgOIhLoC5348U=
8YkEr4GU1K4yWskIOEXgW4Wsk/W2cR7ICIEJXqtOuDJ5CkwrSuwJLWtzab4dslbN3KuL/pyooMn=
OCASECRJvl+3RyUlXu61DrqTD6h3BfIemdE81xDPLB8hFTyAgAAAAAACICA77Cnd6o3kr0yc+91=
eabpOn5igs/MUMbudNYSS6oyMWMGFODDcpUAACAAQAAgAAAAIAAAAAAFAAAAAAAAAAA
> > >=20
> > > event id: 5846b6e6902f3c5a43496d7d9785ed62444aa74963f03c33d637d8b09ee=
7a139
> > >=20
> > > Coinjoin tx: 75e490b10b15a6a0422f25ff66ad98ef70390c8fecaac02712705dce=
8cc3564b
> > >=20
> > > event id: 9b5d4bf279b59e2b6e539e683fba83da72dce2b640360aa95db1b1400be=
93190
> > > ```
> > >=20
> > > There are lot of things that could be improved and a few suggestions =
are in the gist that described the idea. I would love read to any opinions =
about this experiment and will start working on creating an Android app for=
joinstr next week.
> > >=20
> > > Credits:
> > >=20
> > > - fiatjaf (Nostr)
> > > - Andrew Chow (PSBT)
> > > - Jeff Thibault (python-nostr)
> > > - Existing coinjoin implmentations
> > >=20
> > > /dev/fd0
> > >=20
> > > Sent with Proton Mail secure email.
> > >=20
> > > bitcoin-dev mailing list
> > > bitcoin-dev@lists.linuxfoundation.org
> > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>=20
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
|
