Delivery-date: Thu, 27 Mar 2025 05:19:45 -0700
Sender: bitcoindev@googlegroups.com
Received-SPF: pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) client-ip=2607:f8b0:4864:20::232;
MIME-Version: 1.0
References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com>
In-Reply-To: <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com>
From: "/dev /fd0" <alicexbtong@gmail.com>
Date: Thu, 27 Mar 2025 01:08:41 +0530
Message-ID: <CALiT-Zrq0Nr9uNWDTMj3=VJ6TCcmeL3s+Jau+nEGHqYqFcfB+g@mail.gmail.com>
Subject: Re: [bitcoindev] Re: UTXO probing attack using payjoin
To: jbesraa <jbesraa@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000b93be3063143fc21"
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com

--000000000000b93be3063143fc21
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi jbesraa,

> While the possibility of UTXO probing via Payjoin is a valid concern
regarding privacy, it's important to note that it might not always come
without cost for the attacker. The Payjoin recipient > needs to validate
the initial request, ensuring the sender's inputs are broadcastable. This
means the recipient could, in practice, broadcast the initial transaction
even if the sender aborts the > Payjoin.

> Furthermore, implementing strategies like maintaining a set of 'seen
inputs' can make such probing attempts more easily detectable and less
effective.

The original transaction can be replaced by the attacker, and it would only
cost a few hundred sats or nothing if it's payjoin transaction. I think
such attacks could still be effective if the attacker has the budget and
motivation to spy on someone's wallet.

/dev/fd0
floppy disk guy


On Wed, Mar 26, 2025 at 11:54=E2=80=AFPM jbesraa <jbesraa@gmail.com> wrote:

> While the possibility of UTXO probing via Payjoin is a valid concern
> regarding privacy, it's important to note that it might not always come
> without cost for the attacker. The Payjoin recipient needs to validate th=
e
> initial request, ensuring the sender's inputs are broadcastable. This mea=
ns
> the recipient could, in practice, broadcast the initial transaction even =
if
> the sender aborts the Payjoin. Furthermore, implementing strategies like
> maintaining a set of 'seen inputs' can make such probing attempts more
> easily detectable and less effective. While these measures don't eliminat=
e
> the privacy considerations entirely, they do highlight that recipients ha=
ve
> potential defenses and that probing isn't necessarily a risk-free endeavo=
r
> for the attacker.
>
> On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev /fd0 wrote:
>
> Hi everyone,
>
> Sometimes we are curious and want to know about UTXOs in other wallets.
> Payjoin allows you to do this and the recipient would never doubt it
> because it's a privacy tool. It's possible to find UTXO in recipient's
> wallet without sending any bitcoin. It's called UTXO probing attack and
> described in BIP 77-78.
>
> I have shared a demo with all the details in this [post][0]. I have used
> bullbitcoin wallet for testing this because it was the only [wallet][1]
> which supports payjoin v2 (send, receive) and testnet3.
>
> I think users should be aware of this tradeoff and the information they
> share with the sender in payjoin. Payjoin should only be used with truste=
d
> senders.
>
> [0]:
> https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
> [1]: https://en.bitcoin.it/wiki/PayJoin_adoption
>
> /dev/fd0
> floppy disk guy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7=
b4e2e4cbn%40googlegroups.com
> <https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb=
7b4e2e4cbn%40googlegroups.com?utm_medium=3Demail&utm_source=3Dfooter>
> .
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqFcfB%2Bg%40mail.gmail.co=
m.

--000000000000b93be3063143fc21
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi jbesraa,<div><br>&gt;=C2=A0While the possibility of UTX=
O probing via Payjoin is a valid concern regarding privacy, it&#39;s import=
ant to note that it might not always come without cost for the attacker. Th=
e Payjoin recipient &gt; needs to validate the initial request, ensuring th=
e sender&#39;s inputs are broadcastable. This means the recipient could, in=
 practice, broadcast the initial transaction even if the sender aborts the =
&gt; Payjoin.<br><br>&gt;=C2=A0Furthermore, implementing strategies like ma=
intaining a set of &#39;seen inputs&#39; can make such probing attempts mor=
e easily detectable and less effective.<br><br>The original transaction can=
 be replaced by the attacker, and it would only cost a few hundred sats or =
nothing if it&#39;s payjoin transaction. I think such attacks could still b=
e effective if the attacker has the budget and motivation to spy on someone=
&#39;s wallet.</div><div><br></div><div>/dev/fd0</div><div>floppy disk guy<=
br></div><div><br></div></div><br><div class=3D"gmail_quote gmail_quote_con=
tainer"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Mar 26, 2025 at 11:54=
=E2=80=AFPM jbesraa &lt;<a href=3D"mailto:jbesraa@gmail.com">jbesraa@gmail.=
com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">While the possibility of UTXO probing via Payjoin is a valid concern=20
regarding privacy, it&#39;s important to note that it might not always come=
=20
without cost for the attacker. The Payjoin recipient needs to validate=20
the initial request, ensuring the sender&#39;s inputs are broadcastable.=20
This means the recipient could, in practice, broadcast the initial=20
transaction even if the sender aborts the Payjoin. Furthermore,=20
implementing strategies like maintaining a set of &#39;seen inputs&#39; can=
 make
 such probing attempts more easily detectable and less effective. While=20
these measures don&#39;t eliminate the privacy considerations entirely, the=
y
 do highlight that recipients have potential defenses and that probing=20
isn&#39;t necessarily a risk-free endeavor for the attacker.<br><br><div><d=
iv dir=3D"auto">On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev=
 /fd0 wrote:<br></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">Hi everyone, <br><br>Some=
times we are curious and want to know about UTXOs in other wallets. Payjoin=
 allows you to do this and the recipient would never doubt it because it=
9;s a privacy tool. It&#39;s possible to find UTXO in recipient&#39;s walle=
t without sending any bitcoin. It&#39;s called UTXO probing attack and desc=
ribed in BIP 77-78.<br><br>I have shared a demo with all the details in thi=
s [post][0]. I have used bullbitcoin wallet for testing this because it was=
 the only [wallet][1] which supports payjoin v2 (send, receive) and testnet=
3.<br><br>I think users should be aware of this tradeoff and the informatio=
n they share with the sender in payjoin. Payjoin should only be used with t=
rusted senders.<br><br>[0]: <a href=3D"https://uncensoredtech.substack.com/=
p/utxo-probing-attack-using-payjoin" rel=3D"nofollow" target=3D"_blank">htt=
ps://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin</a><br=
>[1]: <a href=3D"https://en.bitcoin.it/wiki/PayJoin_adoption" rel=3D"nofoll=
ow" target=3D"_blank">https://en.bitcoin.it/wiki/PayJoin_adoption</a><br><b=
r>/dev/fd0<br>floppy disk guy</blockquote></div>

<p></p>

-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=
=3D"_blank">bitcoindev+unsubscribe@googlegroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com?utm_med=
ium=3Demail&amp;utm_source=3Dfooter" target=3D"_blank">https://groups.googl=
e.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegrou=
ps.com</a>.<br>
</blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqFcfB%2Bg%40ma=
il.gmail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.=
com/d/msgid/bitcoindev/CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqF=
cfB%2Bg%40mail.gmail.com</a>.<br />

--000000000000b93be3063143fc21--