1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
Delivery-date: Thu, 27 Mar 2025 05:19:51 -0700
Received: from mail-oo1-f63.google.com ([209.85.161.63])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCU2P6FJ3EBBBXMESW7QMGQEJJB7IDI@googlegroups.com>)
id 1txmD8-0001OX-6f
for bitcoindev@gnusha.org; Thu, 27 Mar 2025 05:19:51 -0700
Received: by mail-oo1-f63.google.com with SMTP id 006d021491bc7-60047981020sf629734eaf.1
for <bitcoindev@gnusha.org>; Thu, 27 Mar 2025 05:19:50 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1743077984; cv=pass;
d=google.com; s=arc-20240605;
b=LzYUOEsCxl8JRP9XBDtVNvtULd5xLsIs9eyF1tBVO642SuLFEG3uqe9ZhI8/NFs9DY
cUetrOOxZgIqQim6FVkeH4PlDBKqncLfy806TA7T2pRNkdqf/o5yQA6Y0Cs2j5bDu0S5
CjPQ0f5Owwh3aC5XNFYPY8xBLG6kzpzY6mv/jhm0kMo6ytJV3dGacgQigugtJGRhbxba
XmCm5jh3DTSqgILBxP9d9+Ee75Td36kK4kuumS//JeCisDJUMLGowXPOr8y2Z0XzkAdB
PspUYOJUBPdloySZpF75S7bcj0jfqFUrbz0aT8TJmcwr24ltepNMI8vbF2YfhFFIveww
99mA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=;
fh=JrdFzexEMkCdlmVF1DtjMAKWUl8e7dDta20FMnmorlM=;
b=QHp8UzTh2GE8hDLMLdFXX9jTbRk6BA0pBuUo0Gu73cWZqgfhEuIGQl6SxtNuFrCJXQ
TRgTBNCylgFtgHgGMtEvI0j1yZBwOD9wD+WI5VOpwP3p6XlISXrb+p4dAZBy1V8wokk+
6Fii8u1LB/UgVfA56UKVf6ZbF+9cqIYUseijJtcpPK5U62qgsXRIIOVcoYzop6Pu2zZl
zTcjzW/WWTl4qV9t3JMqbIJQ/EOZINPngT7wL8KvYSqBcL/6KeNWTHNYfguAwIr1uZGr
vmZT5Nd+HaEd0lt8pct5GxYPmfviUXPd2/+5xC85CyCrAFCNzC5a7xbj+cNyNSt34wfZ
j9hg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=cbjggFOg;
spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1743077984; x=1743682784; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=;
b=sbuiCIqN14AE4aHWwPrt9KXMnBz1+DxqKEEX1GnqehEAXWkAHFHokHUQcpfC/b4mRK
pfdZqOZAN5GX5C5GkGtWvdQLf66PX5LzDpxt0GsV/enUOJM+5uNUuHO+aavahVyrpRoq
or1thbCQq8zpkV4m8aboprFQbxByqlx+nIiOdTMExUHBJNzGM6O8EOi92ABYabxruNpD
XYhCbIm9Pu/c2kS/HuTOt2lVui7vHD/NPxhhT6VOnakD6ggDMrdjg628SUnq9+ozE4sr
Vo54IPdneJHDHqnX9nZBPF/r9qaEdmANXxGctT8fqRXYbLatg06Z+4ZmFGIeUI5YA56T
GRUg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1743077984; x=1743682784; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=;
b=JD32mSkik24XMgpVFL3tva3NplOMDSuvfvbq6UH7FO/EVPvtYYez2ni5nhp9+NGKjf
zdTKz/0PtVWXzJ0D55GPXkeNxz1SOSMWHeNX2E8Pq6AGjK8zMPrjq/l0v51urVlM3d9l
aw93mopya/YHJj9W9GDMJcC20eVTX/k1+eSEXcczS58pcWYeJrb8LW5KO5www7CoHJz3
LkUE5cksJ8t8+Gua505GDFHH3Th3PZut46Aj4SdR+QDHJEFYWs9ii9290q7AOsRH/2v5
BqUC5bPOcSNtXRQK89NhibLnNwYoNL+MnqrkyOzAUkqeR7M/NQ9GHNPUIcNd93pVYURW
SxKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1743077984; x=1743682784;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=dsnNlLRhStt2kTK8hBbGbj3mb9E4Asu5Od1HIxlGreM=;
b=sS8SVPefQeOOUoNYysn4LTKW9GnQCb7x53SkkrBub5d2D1rsK2iUpZy74wVMIYWmd2
ayBVUH9V1zuNjwQSz5UCRix7DxxSjU7rXtqsso8a1onufKepq34ERvexDbZp5q1t/EFj
MCPQas9/w2eRhFLu0VgnukyxH6PCRM4bxyqcQ4rN8bYiI+WTqgMYTTf/jeVvNZu4MLPM
bd97Kj3cDdz0o0f+SYsZ6DPAt2MLOPOX7lqP/Jy3legrTwbyBiAvWX7ELhMeWZZg/Vti
cgv4IzLJ9dvYFL3ZxrOsNbK3SvGa/IOG01kMA1MUtvN9BYD4c51fdJFPCkBHtHNuRhj0
wXOA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCV9W6xCa981u18gavDbZ/7Ia3fnyZMDodKT+jgMR7jJPbpbsnBya03GmFmi2SO1OFNS5iLqxcu7c0Zw@gnusha.org
X-Gm-Message-State: AOJu0YzvdCUKxuom6OS3WCwiUS8zHSdNQ4UhgEjOO8M2KcJ/gNt8PmW/
d56sh1g5bQFp9vKgoeIFZATv7jLvnuwQ8JHQhRHz0PtslJ/gBcpL
X-Google-Smtp-Source: AGHT+IGWl5iFL0hbvyXl789Q5R++bmIftm8j2hkJGU/6RUz5P+eypmSjd9A/1vhQlz/3IMcnmBCJhg==
X-Received: by 2002:a05:6820:740d:b0:602:ad5:b0ac with SMTP id 006d021491bc7-60278522d38mr1673337eaf.1.1743077984413;
Thu, 27 Mar 2025 05:19:44 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAKO1r/BQM5Yam3WA+UngEfTzdm4EcxpuzNZhtSOd4F8ww==
Received: by 2002:a4a:bd89:0:b0:602:7ef7:1bb with SMTP id 006d021491bc7-6027ef7034fls67551eaf.2.-pod-prod-08-us;
Thu, 27 Mar 2025 05:19:41 -0700 (PDT)
X-Received: by 2002:a05:6808:218b:b0:3fb:a7d0:3b46 with SMTP id 5614622812f47-3fefa4e05d5mr1855668b6e.8.1743077981656;
Thu, 27 Mar 2025 05:19:41 -0700 (PDT)
Received: by 2002:a05:6808:428b:b0:3fa:da36:efcd with SMTP id 5614622812f47-3feefb746c5msb6e;
Wed, 26 Mar 2025 12:26:14 -0700 (PDT)
X-Received: by 2002:a17:90b:134f:b0:2ff:693a:7590 with SMTP id 98e67ed59e1d1-303a9187432mr1180166a91.33.1743017173387;
Wed, 26 Mar 2025 12:26:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1743017173; cv=none;
d=google.com; s=arc-20240605;
b=a4gHFR5SiwMwoKTCnktOKCp810IzFYEOBHVJthCF/gHkX5tyaIPKRj2jqaxRJqka31
tqMWwnIUuxrEnXJFsGCcWZFOSRk+hb/y1aImQbGe6EmXXW0dwNtQXJfwdA848trEldgT
9apGbZ5rNqiSj2PEonRm+GsQ+Kj9Wf4wAx0GO9hrGdXgmTuyFRhbpZ4Otl8H6nhsszpk
XfdrTM7wkHyNCvEbt92oQI7OaUCq5KIDBYY5TkOU4KWgMktJ/HxQ00zqEvJ6vFo8Y8jX
b0xNktm8wb5Ky3+R3V7qRpVPLWku6pvId1wnsfLyCaZF4ccqH4MKAFlhq35UdJIH2JrQ
+U3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:dkim-signature;
bh=jX2wY7Xsx2gO/5Rq2y38mwBmWGVvU1L+SzZ+/WLXf0A=;
fh=5HyPAjoX9Qu8lrKcSbvwAEk6+YgBxPNZL8TnxYb/Mm4=;
b=PE9lIEKt//JR3Pz6PNVh/6rUd0T/nkwWDtix1jVdh0o0b0wnDP2MqsTuapqcUxvEkE
wWVoIPQsaSISKe7BTjxqtCu90BzV1VEL4E2/noV4/Eh0Fwf5PpliIpC3iSTMLukPtRz+
EWnqO4owFnIOOSm0ObLCiqMB1ysh2r2G1dGtrWJ9x1MrKSvisRThxEMMSRuNGw8UzNSr
DnIdAT52xKi1OOSbaXZfBHRJ89Wmnwu119M8KAc25Vmn9F9VpZJrTRPWWO6oTKze6DjW
ZgKnI/0/gEmodmzFbK8Vt2N3FFE5wxtlXzQYpWOTy51heFMDHRcruhBUxJq4/JejQXPg
zltg==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=cbjggFOg;
spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com. [2607:f8b0:4864:20::232])
by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-3039eb0f8edsi38659a91.3.2025.03.26.12.26.13
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 26 Mar 2025 12:26:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) client-ip=2607:f8b0:4864:20::232;
Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-3f94b7bd964so75503b6e.1
for <bitcoindev@googlegroups.com>; Wed, 26 Mar 2025 12:26:13 -0700 (PDT)
X-Gm-Gg: ASbGnctO+Asc3CRvyg1jPSxCl1dCyh7b9VMq7ZDzDMAqINiRTdmBvjGmVY9Gr+nsibM
9zAfvHzjpgZUf5ktCdc22W+SmGo8SpQ3faLP8gnQncfp7aPKZo74f4eOISbRXFDYWYBJBtSSLrT
7/FgoyTcrHygrvuhi8CbAphuJMh9otpoF3J6OEPsJksg0=
X-Received: by 2002:a05:6808:1598:b0:3f8:c486:9b27 with SMTP id
5614622812f47-3fefa546852mr454056b6e.22.1743017172391; Wed, 26 Mar 2025
12:26:12 -0700 (PDT)
MIME-Version: 1.0
References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> <CAAQdECADpUOUN9+yBLMR7dVJ2WhsE2uhesSgh=p-jRgzp9AaWQ@mail.gmail.com>
In-Reply-To: <CAAQdECADpUOUN9+yBLMR7dVJ2WhsE2uhesSgh=p-jRgzp9AaWQ@mail.gmail.com>
From: "/dev /fd0" <alicexbtong@gmail.com>
Date: Thu, 27 Mar 2025 00:56:02 +0530
X-Gm-Features: AQ5f1JoAoUTb-gqf1KPdEw6hIdHxm_yavjHsM772xFqpQFXEV6qqIhMM31oACcA
Message-ID: <CALiT-Zq-WmwZCB2uJ4oq+evFerRZTwtKcct8sPRE6n+Jx3CQhQ@mail.gmail.com>
Subject: Re: [bitcoindev] UTXO probing attack using payjoin
To: Yuval Kogman <nothingmuch@woobling.org>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="00000000000065e0b1063143cf1c"
X-Original-Sender: alicexbtong@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=cbjggFOg; spf=pass
(google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232
as permitted sender) smtp.mailfrom=alicexbtong@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--00000000000065e0b1063143cf1c
Content-Type: text/plain; charset="UTF-8"
Hi Yuval,
Thank you for your feedback.
> This will> likely link it to the receiver's other coins eventually, and
certainly
> links it to the receiver's subsequent transactions.
Coin control and labels can be used to avoid this. Consolidation of inputs
is often bad for privacy and makes silent payments, coinjoin etc. useless
in some cases however the user has the choice to select coins manually
while transacting. In payjoin, users can't do much about it. They have to
share UTXOs in response to the original PSBT along with the address to
receive bitcoin.
> In the payjoin setting, the receiver is
> using coinswap in that manner, then as a payjoin receiver they can
> elect to only use coinswapped coins as contributed inputs to payjoin
> transactions.
It could be a workaround or temporary fix for this problem. However, if
swapped coins are used in transactions, octojoin could be a better solution
which doesn't require any inputs from the recipient.
> I'm not sure what you mean by "the recipient would never doubt it
> because it's a privacy tool", it sounds to me like this is mainly a
> criticism of the UX of payjoin supporting wallets, or of wallets in
> general for not educating users that privacy is not a binary thing?
The recipient would never doubt a sender who insists on using payjoin and
not interested in a normal bitcoin transaction. They would not know the
intentions of the sender before payjoin.
> Note that in all of these specifications of payjoin UTXO probing is
> not costless since the sender must send a fully signed transaction in
> order to learn such a UTXO, and this transaction although not
> confirmed still imposes a fee cost on the sender if broadcast (even if
> it is replaced).
It was costless in the demo which could be fixed by bullbitcoin. However,
an attacker with a budget and some motivation can always spy on your wallet
using payjoin. Things become even easier with automated payment systems
such as BTCPay Server.
/dev/fd0
floppy disk guy
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%40mail.gmail.com.
--00000000000065e0b1063143cf1c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi Yuval,<div><br></div><div>Thank you for your feedback.<=
br><br>> This will> likely link it to the receiver's other coins =
eventually, and certainly<br>> links it to the receiver's subsequent=
transactions.<br><br>Coin control and labels can be used to avoid this. Co=
nsolidation of inputs is often bad for privacy and makes silent payments, c=
oinjoin etc. useless in some cases however the user has the choice to selec=
t coins manually while transacting. In payjoin, users can't do much abo=
ut it. They have to share UTXOs in response to the original=C2=A0PSBT along=
with the address to receive bitcoin.<br><br>>=C2=A0In the payjoin setti=
ng, the receiver is<br>> using coinswap in that manner, then as a payjoi=
n receiver they can<br>> elect to only use coinswapped coins as contribu=
ted inputs to payjoin<br>> transactions.<br><br>It could be a workaround=
or temporary fix for this problem. However, if swapped coins are used in t=
ransactions, octojoin=C2=A0could be a better solution which doesn't req=
uire any inputs from the recipient.<br><br>>=C2=A0I'm not sure what =
you mean by "the recipient would never doubt it<br>> because it'=
;s a privacy tool", it sounds to me like this is mainly a<br>> crit=
icism of the UX of payjoin supporting wallets, or of wallets in<br>> gen=
eral for not educating users that privacy is not a binary thing?<br><br>The=
recipient would never doubt a sender who insists=C2=A0on using payjoin and=
not interested in a normal=C2=A0bitcoin transaction. They would not know t=
he intentions of the sender before payjoin.<div><br></div><div>> Note th=
at in all of these specifications of payjoin UTXO probing is</div>> not =
costless since the sender must send a fully signed transaction in<br>> o=
rder to learn such a UTXO, and this transaction although not<br>> confir=
med still imposes a fee cost on the sender if broadcast (even if<br>> it=
is replaced).=C2=A0<br><br>It was costless in the demo which could be fixe=
d by bullbitcoin. However, an attacker with a budget and some motivation ca=
n always spy on your wallet using payjoin. Things become even easier with=
=C2=A0automated payment systems such as BTCPay Server.<br><br>/dev/fd0<div>=
floppy disk guy</div></div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%40mail.g=
mail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/=
d/msgid/bitcoindev/CALiT-Zq-WmwZCB2uJ4oq%2BevFerRZTwtKcct8sPRE6n%2BJx3CQhQ%=
40mail.gmail.com</a>.<br />
--00000000000065e0b1063143cf1c--
|
