Delivery-date: Wed, 26 Mar 2025 11:25:00 -0700 Received: from mail-yb1-f191.google.com ([209.85.219.191]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1txVQx-0001FV-OT for bitcoindev@gnusha.org; Wed, 26 Mar 2025 11:25:00 -0700 Received: by mail-yb1-f191.google.com with SMTP id 3f1490d57ef6-e02fff66a83sf247827276.0 for ; Wed, 26 Mar 2025 11:24:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1743013494; x=1743618294; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=; b=FmAhWTaFNC7PB6hUUKd18FcqG9fO30bL5l6ZVbFQ7M9bq+7rV0HhGhEqLfIIs2HzWf x+vW+l13X9Xlc43ZlWAqDoinLQv6Ve4b/v7B+xtsZuH3Zdn9AS9YGF6qvwzYwwZx/RvG Ngcy5ZR9UMHIcYu3pmqRpzFc0vuC5720JEHZtJ21se53vQu2XxxHcRYWMQ1zQ/+/sFHA zWqUQomN0kZORy2pNIQ1vOLm6ZI/pIVVj/onacZ1FRQJcatxSdaotdVQ4EndToWLq3qq 74y70dPgPHXszELHLCw14LBEedbOz3X6YOZlAM0GeZzaIVzxsoTyCsaYnsCTi39K6LaE a4QA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743013494; x=1743618294; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=; b=H2Nu1TUmkfmNc+nlaC82PRpNVM2kZ7TUwBBsyjWW7PWmC5CDk7q4KHZv37unA2SI9a UtZ5zXJuTdkPV0Hnf1/oLdJk/IPn7mVy3aieA0Fh8zmd1fipMn9hOYtTqqQ2Jxqy9KdX 81blJsL3A4CjMPMewk3YrAxBCq7EpLm5d7i3z/10hCoOluCkPT3sKhWINCNQQbvONrsN wlv6Wo/AU55hzXOcxbkhRo9UA2Pf9VkLs9WRSLuiUY/XTTpdagJ5UJg3lYuryngEpvVj hDHZvhqkWk1EVnPpP/K58GjLZvq9EP7/JrmMRcDSzzndvnNEUj0CuRbOaOcW2rT9R5jD e7Yw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743013494; x=1743618294; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=; b=ttPsmqVkrHKEjYTGMmqhvC1H88fy5EJKK1eNSUYxF16cZysZ2svRJpuRbr94SSJUFN gZQMd7QZ4BubxeJKYv96jffcwUBsKxMzmi0C9jZxYEwhvRwB4+4MD2dWQIfqQ2FLiPbm IUtnYzhENpFqsYJDg++VqauHndonUzLVgf21VHdVFxZJTk3Zr2KVxjMH/gfqnwkxD48S yJwINZ2JXJROpRYB0r1de3iHULfikcAkTz52ZDiPfV77/bT0MJO11fkoDdprL4ZI+4MQ FgPIYPX46++ZdmyGwKYswxZd0N31hF14ni44eHkQZveMnrGsGHP0Tr0sBOK4/MwZJSFY 03ww== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVcq+sSJvTxzAnVkoQv1vyZw62cKky48BVT0+pIYUDwO3iFQaqmOSHpJRNZa1L9DA4+2S+52N/kBz/N@gnusha.org X-Gm-Message-State: AOJu0Yw8kPvjBqmRt0JNLmol95bVss9MZYRHO1oDpIa61pAEAb2HcliG jNAyBNu+CiGhbkVMzQGNULZFKDIJ0WavTRs2sR6FjcNrE84Tv/2D X-Google-Smtp-Source: AGHT+IEhDucePwvpVabQAJWZLNuZKhAijBBKS/qOE7XM+93g3S6oLvpcs9M/ZbOFbZ+9qyBe7Jq5SA== X-Received: by 2002:a05:6902:168f:b0:e64:b9c:47b7 with SMTP id 3f1490d57ef6-e694357b090mr1023716276.19.1743013493843; Wed, 26 Mar 2025 11:24:53 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAJSfVzJtiI5WFo1fO8FLBkp67LfUfvOLju7QQ8tK776NA== Received: by 2002:a25:aa4d:0:b0:e60:8901:aead with SMTP id 3f1490d57ef6-e6942e6855dls226516276.2.-pod-prod-07-us; Wed, 26 Mar 2025 11:24:50 -0700 (PDT) X-Received: by 2002:a05:690c:62c9:b0:6fe:c007:3b20 with SMTP id 00721157ae682-70224f87d39mr8682687b3.2.1743013490577; Wed, 26 Mar 2025 11:24:50 -0700 (PDT) Received: by 2002:a81:a947:0:b0:6ef:590d:3213 with SMTP id 00721157ae682-700ba2435b8ms7b3; Tue, 25 Mar 2025 05:52:10 -0700 (PDT) X-Received: by 2002:a05:690c:4444:b0:6fe:e79f:bd8f with SMTP id 00721157ae682-700bacd58eemr242796727b3.26.1742907128249; Tue, 25 Mar 2025 05:52:08 -0700 (PDT) Date: Tue, 25 Mar 2025 05:52:07 -0700 (PDT) From: jbesraa To: Bitcoin Development Mailing List Message-Id: <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com> In-Reply-To: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> Subject: [bitcoindev] Re: UTXO probing attack using payjoin MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_29026_329018632.1742907127780" X-Original-Sender: JbEsraa@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_29026_329018632.1742907127780 Content-Type: multipart/alternative; boundary="----=_Part_29027_568568523.1742907127780" ------=_Part_29027_568568523.1742907127780 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable While the possibility of UTXO probing via Payjoin is a valid concern=20 regarding privacy, it's important to note that it might not always come=20 without cost for the attacker. The Payjoin recipient needs to validate the= =20 initial request, ensuring the sender's inputs are broadcastable. This means= =20 the recipient could, in practice, broadcast the initial transaction even if= =20 the sender aborts the Payjoin. Furthermore, implementing strategies like=20 maintaining a set of 'seen inputs' can make such probing attempts more=20 easily detectable and less effective. While these measures don't eliminate= =20 the privacy considerations entirely, they do highlight that recipients have= =20 potential defenses and that probing isn't necessarily a risk-free endeavor= =20 for the attacker. On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev /fd0 wrote: Hi everyone,=20 Sometimes we are curious and want to know about UTXOs in other wallets.=20 Payjoin allows you to do this and the recipient would never doubt it=20 because it's a privacy tool. It's possible to find UTXO in recipient's=20 wallet without sending any bitcoin. It's called UTXO probing attack and=20 described in BIP 77-78. I have shared a demo with all the details in this [post][0]. I have used=20 bullbitcoin wallet for testing this because it was the only [wallet][1]=20 which supports payjoin v2 (send, receive) and testnet3. I think users should be aware of this tradeoff and the information they=20 share with the sender in payjoin. Payjoin should only be used with trusted= =20 senders. [0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoi= n [1]: https://en.bitcoin.it/wiki/PayJoin_adoption /dev/fd0 floppy disk guy --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= 1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com. ------=_Part_29027_568568523.1742907127780 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable While the possibility of UTXO probing via Payjoin is a valid concern=20 regarding privacy, it's important to note that it might not always come=20 without cost for the attacker. The Payjoin recipient needs to validate=20 the initial request, ensuring the sender's inputs are broadcastable.=20 This means the recipient could, in practice, broadcast the initial=20 transaction even if the sender aborts the Payjoin. Furthermore,=20 implementing strategies like maintaining a set of 'seen inputs' can make such probing attempts more easily detectable and less effective. While=20 these measures don't eliminate the privacy considerations entirely, they do highlight that recipients have potential defenses and that probing=20 isn't necessarily a risk-free endeavor for the attacker.

On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev= /fd0 wrote:
Hi everyone,
Sometimes we are curious and want to know about UTXOs in other wa= llets. Payjoin allows you to do this and the recipient would never doubt it= because it's a privacy tool. It's possible to find UTXO in recipient's wal= let without sending any bitcoin. It's called UTXO probing attack and descri= bed in BIP 77-78.

I have shared a demo with all the details in t= his [post][0]. I have used bullbitcoin wallet for testing this because it w= as the only [wallet][1] which supports payjoin v2 (send, receive) and testn= et3.

I think users should be aware of this tradeoff and the info= rmation they share with the sender in payjoin. Payjoin should only be used = with trusted senders.

[0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payj= oin
[1]: https://en.bitcoin.it/wiki/PayJoin_adopti= on

/dev/fd0
floppy disk guy

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com.
------=_Part_29027_568568523.1742907127780-- ------=_Part_29026_329018632.1742907127780--