1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
|
Delivery-date: Thu, 27 Mar 2025 05:19:45 -0700
Received: from mail-oa1-f62.google.com ([209.85.160.62])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCU2P6FJ3EBBBV4ESW7QMGQERTEWV5Y@googlegroups.com>)
id 1txmD2-0001OO-HJ
for bitcoindev@gnusha.org; Thu, 27 Mar 2025 05:19:45 -0700
Received: by mail-oa1-f62.google.com with SMTP id 586e51a60fabf-2c2d8a35eaasf786781fac.0
for <bitcoindev@gnusha.org>; Thu, 27 Mar 2025 05:19:44 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1743077978; cv=pass;
d=google.com; s=arc-20240605;
b=jTWGll6pR64WF1owPTkIb/v+Kr1Ep8falagqx80Nn4Gx4MUVooBK9xU8ZeNu8sjN93
f9hOXWwfNHvmmwXLOlAfKb/03/Qyih1dhJkiA2RwcNdk1ngA0+gUVOIQDGyOklElkHer
+UvTHHqhGMwcgb+qlE5vFqUbhlRbADbNe45OTLqfqt15xQWSiEgEfVoptQo6/JXenDq4
JUiqAoNUfGtfwrbpShEMyHV8eiC8Fsm+19gKNfUFJUdiXkeqzvK9B/4iDqNT6G9nb6kp
wcwfh5YJReSzhWTLx1dPiJHBtYNbe5irK4dOqZlJhUTdeirkDB9qeFlAwM8PvE8fFRL3
1f3w==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=rRu3yxmKQnlMSELmwE7+r6t14BgVE/w5Qkiv3gWFmbA=;
fh=iQlJy24cMkfOA74CRWwWakL+nXa6r1oJqk4/cCVHskQ=;
b=RlABwjRnv6E43n7N35KXZDPr3Wo4DrhDJ3SKH12E12vrOF+KFTRyVh36O56wW5p9R4
3Ka2Clnkqe7ksSy+1WmDTMCYZWG7Gt/iZJIDRr8mH62mc7fKVKxBX0Dba2ecvzYdVj/N
LziOI0aDGdMBiJHaxPZJitX2vNvf6Jmk/lRL2yRMDnfwtVW5crZFW3OjYP7LADC/WYFs
nJevZC0JhyY5xecNlQ+Bo4irV84aY/wre1KUlSeYOtuVwXQhwgQO+0+FkfgMatyRaGNe
sVitBKEGKsJEEVepvfDX+jf2X+mTETXqiFitGPgumH9fMgT4X4R6L4R5G3XtkUaXWNby
jA/w==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=nPOzj0To;
spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1743077978; x=1743682778; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=rRu3yxmKQnlMSELmwE7+r6t14BgVE/w5Qkiv3gWFmbA=;
b=h7CUA4ETg4srVsoJGzXGWYyUDhjht0LTiOuHeIrk7wMNyS/PFkQ+CFCK+HD+IfSXFm
0lkSTPY2XJGN1PAPLCuNO8CiGDH+ki4J/jYlkpUlZ12g8cm6NNjMQPZJV69B7OaOQO12
MwsSHyNqmp/yjGf3QZA4N2mZPsjZH2oV/bVs+V8J4MQFLad/i71kqQ9Fkg09E6wj43LI
KR+ilVu3Xya7TQxoaWowF6GFCDm+1Z466cFAsAtxT47xSuYhRx7LMvMvrBZ4UVN36hDw
Cza6OE6+eqMcn69uy//ZP528OFP07kGC+cfXLJzD4akIE+Rj+3rby6t3qVOsGPdzg+HI
XepA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1743077978; x=1743682778; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=rRu3yxmKQnlMSELmwE7+r6t14BgVE/w5Qkiv3gWFmbA=;
b=eHFli8ruMBCPrRoJyiQjdIgB7uReTrf9/DPcG1xXkREDdJU0fpyT9+COoe1fyZzglP
lOpLR7BNKZneyUYwFitkreqo4LkQVPHXg/b3YjFgwGkXHbBowuH35ALVnOi2AUVes7RU
KFl2ASvDTewJUwI3PdgifUDO7U5fi/Mf0kYixdZQlt92BuYiFwjXcNtwFxpojZWSLx2I
p3Z+fG6vVtmb7iblPpnChX5jekq8mJIgdF/QW5zBSGynZmY2E925OeZbekNCvnR/vjt3
tEH1ScnLpeCav3xNZVq7rWlSrvYgtUFCkMrLv5bslLH48pqfmzHKyoOGlptNGlZAKjqx
gSIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1743077978; x=1743682778;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=rRu3yxmKQnlMSELmwE7+r6t14BgVE/w5Qkiv3gWFmbA=;
b=FdBuVUF4t/J6+1SQvazLkwjq6Eejvh/U8IO2Em9/FNoYsPb0duupZJ0qoGUxNLdsEH
DAPz/o7XsBGSC/YCRj2/cx2L4VgZ/TkDCTpzmIjzG/bjgMTm19gBjOmzYHOn11nJYV4O
p5FM18jD8SwoxhmAZp4sQ0BleEHflLBxR7cFNrYBLcv0Uus3oKZ6KPqZalTrH3/TzIF/
zpUGJTB9i0xNJIumsZN0ovuYAw1BgVCFMHxdsCADo0ABygf9Z/jquu1+/g8wNdz55sUV
9QLwHHUjXkBQS2NygeG8N+y33BRBTYt4jpSslGaxNBLAv+QelXekC8qY9qEv1oCZ8jH+
dp/A==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUxVKHHgQ3k4rx4NiMCub/loBVsWm6x9XukiXiQKZYQ5MPe8eWGFgPNJyJjLYorVMiv2PWEamstzaWu@gnusha.org
X-Gm-Message-State: AOJu0YwioW5rHybHS1INSQ3H+c1xhtqPEV1sVwEsRuMXC0J1+j7AyWMw
k8lo7UbsM4i9kgJAy8w2vE9UvIb/UohMVlr4pmLoiP1wmFC4NaZU
X-Google-Smtp-Source: AGHT+IEsFzAlcyfzvs383gNW18B4ckUSC+KapggDfgA6TOzBydfq6MM1T1qFdYP0BCmI6B8hkBEwHQ==
X-Received: by 2002:a05:6870:b681:b0:2b8:84d7:ddd5 with SMTP id 586e51a60fabf-2c84826c037mr1660004fac.39.1743077977995;
Thu, 27 Mar 2025 05:19:37 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAKhKtv2a/V/6QLnpzbUT4fn/4PkIdMNVFED12c5WwOEOg==
Received: by 2002:a4a:b1c4:0:b0:601:afcc:166b with SMTP id 006d021491bc7-60278f82079ls308749eaf.1.-pod-prod-09-us;
Thu, 27 Mar 2025 05:19:34 -0700 (PDT)
X-Received: by 2002:a05:6808:2188:b0:3fe:ab43:3c8 with SMTP id 5614622812f47-3fefa545ff5mr1498779b6e.18.1743077974879;
Thu, 27 Mar 2025 05:19:34 -0700 (PDT)
Received: by 2002:a05:6808:2797:b0:3f6:a384:eb6f with SMTP id 5614622812f47-3feef8f0f2dmsb6e;
Wed, 26 Mar 2025 12:38:54 -0700 (PDT)
X-Received: by 2002:a05:6830:6709:b0:72b:9e3b:82be with SMTP id 46e09a7af769-72c4c94760amr661872a34.7.1743017933459;
Wed, 26 Mar 2025 12:38:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1743017933; cv=none;
d=google.com; s=arc-20240605;
b=LmdWyEr+R0ydJCwia0cAU+ROmONnh6tnqbq7MkdfViMLYdBfA5DVU8hn3e2VBbrax0
cdbWz7L20sTaEsgJuXRRUbLa2b9g3+2P3ZbIRmHIbyK/D6zdh5iYDrCH08XFxXvVwTyi
qduyaMw5iOL9J6kCKYWcrcORU/TsnKib+Z+mpYYwTmye6//roSN8+C9ED3lPtUPQUanP
94TizJFjLnpZBD+d5/5NifvnfzKTfK2U9RpPVDO6C3sSjX/Zpf9yZaPBxf4L+D9DqxyD
qm/6oXa3aEIReAmxjomEvT7EYvZ/vJu0TnvxBrAWDJH0I6EMe9Yn6xY8Ms/feuCtK55p
8gxw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:dkim-signature;
bh=AtlNGDMGu83bKt8MlKglijYN2nNiIOQuWW8CSMBMLwE=;
fh=hdm+3SNhb8HerDb33yUCu6zc1ahwBD3CM8yQ4ZjLELk=;
b=Gl0DKrj+vi2OBB9tQGQwW1zW3kDlFhQUc1hVSjZj80CIeaorwcjfOfIvqNmhTJ7cjY
/eTaJ+7HvYElkhT6+Ap13yON/vv18zDXg/AdH+fwN6sl0Qp3WvXKgPzgCWMR66v/mgdi
EpGlL7whWnLN5z9HGsJMM5/gT+rhoUwL6B6GC4v36Bv/1PinVyqoYHBwQu0gJ35evuEL
UWbPICJGFID8u4frmdjWopZy5ZPYTUnlQTqgkzvde9AWwwpF9kwTM+sNrUL1oWaKn/qn
nG3iD7Ffo8oqMaP4LskY+DR0UTOBgHgGe8MGI720NSXl8IoJPphlSmG4K4kN0pM3PqjF
TZSw==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=nPOzj0To;
spf=pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) smtp.mailfrom=alicexbtong@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com. [2607:f8b0:4864:20::232])
by gmr-mx.google.com with ESMTPS id 46e09a7af769-72c0aab56e1si591187a34.0.2025.03.26.12.38.53
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 26 Mar 2025 12:38:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232 as permitted sender) client-ip=2607:f8b0:4864:20::232;
Received: by mail-oi1-x232.google.com with SMTP id 5614622812f47-3feb3f54339so94120b6e.1
for <bitcoindev@googlegroups.com>; Wed, 26 Mar 2025 12:38:53 -0700 (PDT)
X-Gm-Gg: ASbGncuRKxxttsh//qZX519aorT2w5YLZaJwXkgHCmbpMDC/70em/6wKC3rdZGilzEI
2d/JxLG0kVP7SkIkR9VCyD0zhOOh5aYZ6jUjhwxvojA1qupBJ1M7eEbs8mZfX3xB5yFZ8KNrG2d
2vQLr0APOy0SnFNY75VkWlcu4nyT2VzOJ2+s2b4Ri+ZVU=
X-Received: by 2002:a05:6808:3c4c:b0:3fc:7e1:a455 with SMTP id
5614622812f47-3fefa4e5c9bmr657625b6e.2.1743017932828; Wed, 26 Mar 2025
12:38:52 -0700 (PDT)
MIME-Version: 1.0
References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com> <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com>
In-Reply-To: <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com>
From: "/dev /fd0" <alicexbtong@gmail.com>
Date: Thu, 27 Mar 2025 01:08:41 +0530
X-Gm-Features: AQ5f1JqaoeSj3-tmwNItzc74ByKqq4yXK4YQiKOLdcWIgwsChxcnhZPA6saqOpg
Message-ID: <CALiT-Zrq0Nr9uNWDTMj3=VJ6TCcmeL3s+Jau+nEGHqYqFcfB+g@mail.gmail.com>
Subject: Re: [bitcoindev] Re: UTXO probing attack using payjoin
To: jbesraa <jbesraa@gmail.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000b93be3063143fc21"
X-Original-Sender: alicexbtong@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=nPOzj0To; spf=pass
(google.com: domain of alicexbtong@gmail.com designates 2607:f8b0:4864:20::232
as permitted sender) smtp.mailfrom=alicexbtong@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--000000000000b93be3063143fc21
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi jbesraa,
> While the possibility of UTXO probing via Payjoin is a valid concern
regarding privacy, it's important to note that it might not always come
without cost for the attacker. The Payjoin recipient > needs to validate
the initial request, ensuring the sender's inputs are broadcastable. This
means the recipient could, in practice, broadcast the initial transaction
even if the sender aborts the > Payjoin.
> Furthermore, implementing strategies like maintaining a set of 'seen
inputs' can make such probing attempts more easily detectable and less
effective.
The original transaction can be replaced by the attacker, and it would only
cost a few hundred sats or nothing if it's payjoin transaction. I think
such attacks could still be effective if the attacker has the budget and
motivation to spy on someone's wallet.
/dev/fd0
floppy disk guy
On Wed, Mar 26, 2025 at 11:54=E2=80=AFPM jbesraa <jbesraa@gmail.com> wrote:
> While the possibility of UTXO probing via Payjoin is a valid concern
> regarding privacy, it's important to note that it might not always come
> without cost for the attacker. The Payjoin recipient needs to validate th=
e
> initial request, ensuring the sender's inputs are broadcastable. This mea=
ns
> the recipient could, in practice, broadcast the initial transaction even =
if
> the sender aborts the Payjoin. Furthermore, implementing strategies like
> maintaining a set of 'seen inputs' can make such probing attempts more
> easily detectable and less effective. While these measures don't eliminat=
e
> the privacy considerations entirely, they do highlight that recipients ha=
ve
> potential defenses and that probing isn't necessarily a risk-free endeavo=
r
> for the attacker.
>
> On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev /fd0 wrote:
>
> Hi everyone,
>
> Sometimes we are curious and want to know about UTXOs in other wallets.
> Payjoin allows you to do this and the recipient would never doubt it
> because it's a privacy tool. It's possible to find UTXO in recipient's
> wallet without sending any bitcoin. It's called UTXO probing attack and
> described in BIP 77-78.
>
> I have shared a demo with all the details in this [post][0]. I have used
> bullbitcoin wallet for testing this because it was the only [wallet][1]
> which supports payjoin v2 (send, receive) and testnet3.
>
> I think users should be aware of this tradeoff and the information they
> share with the sender in payjoin. Payjoin should only be used with truste=
d
> senders.
>
> [0]:
> https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
> [1]: https://en.bitcoin.it/wiki/PayJoin_adoption
>
> /dev/fd0
> floppy disk guy
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7=
b4e2e4cbn%40googlegroups.com
> <https://groups.google.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb=
7b4e2e4cbn%40googlegroups.com?utm_medium=3Demail&utm_source=3Dfooter>
> .
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqFcfB%2Bg%40mail.gmail.co=
m.
--000000000000b93be3063143fc21
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi jbesraa,<div><br>>=C2=A0While the possibility of UTX=
O probing via Payjoin is a valid concern regarding privacy, it's import=
ant to note that it might not always come without cost for the attacker. Th=
e Payjoin recipient > needs to validate the initial request, ensuring th=
e sender's inputs are broadcastable. This means the recipient could, in=
practice, broadcast the initial transaction even if the sender aborts the =
> Payjoin.<br><br>>=C2=A0Furthermore, implementing strategies like ma=
intaining a set of 'seen inputs' can make such probing attempts mor=
e easily detectable and less effective.<br><br>The original transaction can=
be replaced by the attacker, and it would only cost a few hundred sats or =
nothing if it's payjoin transaction. I think such attacks could still b=
e effective if the attacker has the budget and motivation to spy on someone=
's wallet.</div><div><br></div><div>/dev/fd0</div><div>floppy disk guy<=
br></div><div><br></div></div><br><div class=3D"gmail_quote gmail_quote_con=
tainer"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Mar 26, 2025 at 11:54=
=E2=80=AFPM jbesraa <<a href=3D"mailto:jbesraa@gmail.com">jbesraa@gmail.=
com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">While the possibility of UTXO probing via Payjoin is a valid concern=20
regarding privacy, it's important to note that it might not always come=
=20
without cost for the attacker. The Payjoin recipient needs to validate=20
the initial request, ensuring the sender's inputs are broadcastable.=20
This means the recipient could, in practice, broadcast the initial=20
transaction even if the sender aborts the Payjoin. Furthermore,=20
implementing strategies like maintaining a set of 'seen inputs' can=
make
such probing attempts more easily detectable and less effective. While=20
these measures don't eliminate the privacy considerations entirely, the=
y
do highlight that recipients have potential defenses and that probing=20
isn't necessarily a risk-free endeavor for the attacker.<br><br><div><d=
iv dir=3D"auto">On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev=
/fd0 wrote:<br></div><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">Hi everyone, <br><br>Some=
times we are curious and want to know about UTXOs in other wallets. Payjoin=
allows you to do this and the recipient would never doubt it because it=
9;s a privacy tool. It's possible to find UTXO in recipient's walle=
t without sending any bitcoin. It's called UTXO probing attack and desc=
ribed in BIP 77-78.<br><br>I have shared a demo with all the details in thi=
s [post][0]. I have used bullbitcoin wallet for testing this because it was=
the only [wallet][1] which supports payjoin v2 (send, receive) and testnet=
3.<br><br>I think users should be aware of this tradeoff and the informatio=
n they share with the sender in payjoin. Payjoin should only be used with t=
rusted senders.<br><br>[0]: <a href=3D"https://uncensoredtech.substack.com/=
p/utxo-probing-attack-using-payjoin" rel=3D"nofollow" target=3D"_blank">htt=
ps://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin</a><br=
>[1]: <a href=3D"https://en.bitcoin.it/wiki/PayJoin_adoption" rel=3D"nofoll=
ow" target=3D"_blank">https://en.bitcoin.it/wiki/PayJoin_adoption</a><br><b=
r>/dev/fd0<br>floppy disk guy</blockquote></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=
=3D"_blank">bitcoindev+unsubscribe@googlegroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter" target=3D"_blank">https://groups.googl=
e.com/d/msgid/bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegrou=
ps.com</a>.<br>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqFcfB%2Bg%40ma=
il.gmail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.=
com/d/msgid/bitcoindev/CALiT-Zrq0Nr9uNWDTMj3%3DVJ6TCcmeL3s%2BJau%2BnEGHqYqF=
cfB%2Bg%40mail.gmail.com</a>.<br />
--000000000000b93be3063143fc21--
|
