Chris Belcher [ARCHIVE] on Nostr: 📅 Original date posted:2019-07-30 📝 Original message:On 26/07/2019 10:38, ...
📅 Original date posted:2019-07-30
📝 Original message:On 26/07/2019 10:38, Dmitry Petukhov via bitcoin-dev wrote:
>
> If the attacker is the entity who provides this 'maker outsourcing',
> and it captures significant portion of that maker-outsourcing/utxo-rent
> market, it can even receive some profit from the convenience fee, while
> deanonymizing the joins.
>
> And with pseudonymous entities, you cannot be sure how much of that
> market the attacker controls.
>
No the attacker does not. I believe renting out UTXO proofs does not
change the privacy properties, because of the quadratic term in the
fidelity bond formula. This is where a sacrifice of V bitcoins creates a
bond of value V^2. The formula provides a strong incentive for
profit-motivated makers to use all their fidelity bond coins with just
one maker, not spread them out over many makers. JoinMarket takers
always use multiple makers, so a single maker can never deanonymize a
coinjoin just they get chosen by takers a lot. (But they would make
loads of money in coinjoin fees, which should encourage other makers to
also sacrifice coins in order to compete with them and capture some of
that fee income)
If a sybil attacker wants to run multiple makers for the purpose of
deanomyization then they will take a substantial quadratic hit in their
effectiveness. This is explored the other document "Financial
mathematics of JoinMarket fidelity bonds"
https://gist.github.com/chris-belcher/87ebbcbb639686057a389acb9ab3e25b
Regards
CB
📝 Original message:On 26/07/2019 10:38, Dmitry Petukhov via bitcoin-dev wrote:
>
> If the attacker is the entity who provides this 'maker outsourcing',
> and it captures significant portion of that maker-outsourcing/utxo-rent
> market, it can even receive some profit from the convenience fee, while
> deanonymizing the joins.
>
> And with pseudonymous entities, you cannot be sure how much of that
> market the attacker controls.
>
No the attacker does not. I believe renting out UTXO proofs does not
change the privacy properties, because of the quadratic term in the
fidelity bond formula. This is where a sacrifice of V bitcoins creates a
bond of value V^2. The formula provides a strong incentive for
profit-motivated makers to use all their fidelity bond coins with just
one maker, not spread them out over many makers. JoinMarket takers
always use multiple makers, so a single maker can never deanonymize a
coinjoin just they get chosen by takers a lot. (But they would make
loads of money in coinjoin fees, which should encourage other makers to
also sacrifice coins in order to compete with them and capture some of
that fee income)
If a sybil attacker wants to run multiple makers for the purpose of
deanomyization then they will take a substantial quadratic hit in their
effectiveness. This is explored the other document "Financial
mathematics of JoinMarket fidelity bonds"
https://gist.github.com/chris-belcher/87ebbcbb639686057a389acb9ab3e25b
Regards
CB