1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
Delivery-date: Wed, 26 Mar 2025 11:25:00 -0700
Received: from mail-yb1-f191.google.com ([209.85.219.191])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDWZFZGAXUDBB4UMSG7QMGQE7ADB4SY@googlegroups.com>)
id 1txVQx-0001FV-OT
for bitcoindev@gnusha.org; Wed, 26 Mar 2025 11:25:00 -0700
Received: by mail-yb1-f191.google.com with SMTP id 3f1490d57ef6-e02fff66a83sf247827276.0
for <bitcoindev@gnusha.org>; Wed, 26 Mar 2025 11:24:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1743013494; x=1743618294; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=;
b=FmAhWTaFNC7PB6hUUKd18FcqG9fO30bL5l6ZVbFQ7M9bq+7rV0HhGhEqLfIIs2HzWf
x+vW+l13X9Xlc43ZlWAqDoinLQv6Ve4b/v7B+xtsZuH3Zdn9AS9YGF6qvwzYwwZx/RvG
Ngcy5ZR9UMHIcYu3pmqRpzFc0vuC5720JEHZtJ21se53vQu2XxxHcRYWMQ1zQ/+/sFHA
zWqUQomN0kZORy2pNIQ1vOLm6ZI/pIVVj/onacZ1FRQJcatxSdaotdVQ4EndToWLq3qq
74y70dPgPHXszELHLCw14LBEedbOz3X6YOZlAM0GeZzaIVzxsoTyCsaYnsCTi39K6LaE
a4QA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1743013494; x=1743618294; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=;
b=H2Nu1TUmkfmNc+nlaC82PRpNVM2kZ7TUwBBsyjWW7PWmC5CDk7q4KHZv37unA2SI9a
UtZ5zXJuTdkPV0Hnf1/oLdJk/IPn7mVy3aieA0Fh8zmd1fipMn9hOYtTqqQ2Jxqy9KdX
81blJsL3A4CjMPMewk3YrAxBCq7EpLm5d7i3z/10hCoOluCkPT3sKhWINCNQQbvONrsN
wlv6Wo/AU55hzXOcxbkhRo9UA2Pf9VkLs9WRSLuiUY/XTTpdagJ5UJg3lYuryngEpvVj
hDHZvhqkWk1EVnPpP/K58GjLZvq9EP7/JrmMRcDSzzndvnNEUj0CuRbOaOcW2rT9R5jD
e7Yw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1743013494; x=1743618294;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=fnefT0QHm/cyZwdfT+ijZ2OPL8VXLehE2bK4XWNYo+o=;
b=ttPsmqVkrHKEjYTGMmqhvC1H88fy5EJKK1eNSUYxF16cZysZ2svRJpuRbr94SSJUFN
gZQMd7QZ4BubxeJKYv96jffcwUBsKxMzmi0C9jZxYEwhvRwB4+4MD2dWQIfqQ2FLiPbm
IUtnYzhENpFqsYJDg++VqauHndonUzLVgf21VHdVFxZJTk3Zr2KVxjMH/gfqnwkxD48S
yJwINZ2JXJROpRYB0r1de3iHULfikcAkTz52ZDiPfV77/bT0MJO11fkoDdprL4ZI+4MQ
FgPIYPX46++ZdmyGwKYswxZd0N31hF14ni44eHkQZveMnrGsGHP0Tr0sBOK4/MwZJSFY
03ww==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVcq+sSJvTxzAnVkoQv1vyZw62cKky48BVT0+pIYUDwO3iFQaqmOSHpJRNZa1L9DA4+2S+52N/kBz/N@gnusha.org
X-Gm-Message-State: AOJu0Yw8kPvjBqmRt0JNLmol95bVss9MZYRHO1oDpIa61pAEAb2HcliG
jNAyBNu+CiGhbkVMzQGNULZFKDIJ0WavTRs2sR6FjcNrE84Tv/2D
X-Google-Smtp-Source: AGHT+IEhDucePwvpVabQAJWZLNuZKhAijBBKS/qOE7XM+93g3S6oLvpcs9M/ZbOFbZ+9qyBe7Jq5SA==
X-Received: by 2002:a05:6902:168f:b0:e64:b9c:47b7 with SMTP id 3f1490d57ef6-e694357b090mr1023716276.19.1743013493843;
Wed, 26 Mar 2025 11:24:53 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAJSfVzJtiI5WFo1fO8FLBkp67LfUfvOLju7QQ8tK776NA==
Received: by 2002:a25:aa4d:0:b0:e60:8901:aead with SMTP id 3f1490d57ef6-e6942e6855dls226516276.2.-pod-prod-07-us;
Wed, 26 Mar 2025 11:24:50 -0700 (PDT)
X-Received: by 2002:a05:690c:62c9:b0:6fe:c007:3b20 with SMTP id 00721157ae682-70224f87d39mr8682687b3.2.1743013490577;
Wed, 26 Mar 2025 11:24:50 -0700 (PDT)
Received: by 2002:a81:a947:0:b0:6ef:590d:3213 with SMTP id 00721157ae682-700ba2435b8ms7b3;
Tue, 25 Mar 2025 05:52:10 -0700 (PDT)
X-Received: by 2002:a05:690c:4444:b0:6fe:e79f:bd8f with SMTP id 00721157ae682-700bacd58eemr242796727b3.26.1742907128249;
Tue, 25 Mar 2025 05:52:08 -0700 (PDT)
Date: Tue, 25 Mar 2025 05:52:07 -0700 (PDT)
From: jbesraa <jbesraa@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn@googlegroups.com>
In-Reply-To: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com>
References: <450755f1-84c5-4f32-abe0-67087ae884d6n@googlegroups.com>
Subject: [bitcoindev] Re: UTXO probing attack using payjoin
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_29026_329018632.1742907127780"
X-Original-Sender: JbEsraa@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_29026_329018632.1742907127780
Content-Type: multipart/alternative;
boundary="----=_Part_29027_568568523.1742907127780"
------=_Part_29027_568568523.1742907127780
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
While the possibility of UTXO probing via Payjoin is a valid concern=20
regarding privacy, it's important to note that it might not always come=20
without cost for the attacker. The Payjoin recipient needs to validate the=
=20
initial request, ensuring the sender's inputs are broadcastable. This means=
=20
the recipient could, in practice, broadcast the initial transaction even if=
=20
the sender aborts the Payjoin. Furthermore, implementing strategies like=20
maintaining a set of 'seen inputs' can make such probing attempts more=20
easily detectable and less effective. While these measures don't eliminate=
=20
the privacy considerations entirely, they do highlight that recipients have=
=20
potential defenses and that probing isn't necessarily a risk-free endeavor=
=20
for the attacker.
On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev /fd0 wrote:
Hi everyone,=20
Sometimes we are curious and want to know about UTXOs in other wallets.=20
Payjoin allows you to do this and the recipient would never doubt it=20
because it's a privacy tool. It's possible to find UTXO in recipient's=20
wallet without sending any bitcoin. It's called UTXO probing attack and=20
described in BIP 77-78.
I have shared a demo with all the details in this [post][0]. I have used=20
bullbitcoin wallet for testing this because it was the only [wallet][1]=20
which supports payjoin v2 (send, receive) and testnet3.
I think users should be aware of this tradeoff and the information they=20
share with the sender in payjoin. Payjoin should only be used with trusted=
=20
senders.
[0]: https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoi=
n
[1]: https://en.bitcoin.it/wiki/PayJoin_adoption
/dev/fd0
floppy disk guy
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com.
------=_Part_29027_568568523.1742907127780
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
While the possibility of UTXO probing via Payjoin is a valid concern=20
regarding privacy, it's important to note that it might not always come=20
without cost for the attacker. The Payjoin recipient needs to validate=20
the initial request, ensuring the sender's inputs are broadcastable.=20
This means the recipient could, in practice, broadcast the initial=20
transaction even if the sender aborts the Payjoin. Furthermore,=20
implementing strategies like maintaining a set of 'seen inputs' can make
such probing attempts more easily detectable and less effective. While=20
these measures don't eliminate the privacy considerations entirely, they
do highlight that recipients have potential defenses and that probing=20
isn't necessarily a risk-free endeavor for the attacker.<br /><br /><div><d=
iv dir=3D"auto">On Tuesday, March 25, 2025 at 1:48:15=E2=80=AFPM UTC+2 /dev=
/fd0 wrote:<br /></div><blockquote style=3D"margin: 0px 0px 0px 0.8ex; bor=
der-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Hi everyone, <b=
r /><br />Sometimes we are curious and want to know about UTXOs in other wa=
llets. Payjoin allows you to do this and the recipient would never doubt it=
because it's a privacy tool. It's possible to find UTXO in recipient's wal=
let without sending any bitcoin. It's called UTXO probing attack and descri=
bed in BIP 77-78.<br /><br />I have shared a demo with all the details in t=
his [post][0]. I have used bullbitcoin wallet for testing this because it w=
as the only [wallet][1] which supports payjoin v2 (send, receive) and testn=
et3.<br /><br />I think users should be aware of this tradeoff and the info=
rmation they share with the sender in payjoin. Payjoin should only be used =
with trusted senders.<br /><br />[0]: <a href=3D"https://uncensoredtech.sub=
stack.com/p/utxo-probing-attack-using-payjoin" target=3D"_blank" rel=3D"nof=
ollow">https://uncensoredtech.substack.com/p/utxo-probing-attack-using-payj=
oin</a><br />[1]: <a href=3D"https://en.bitcoin.it/wiki/PayJoin_adoption" t=
arget=3D"_blank" rel=3D"nofollow">https://en.bitcoin.it/wiki/PayJoin_adopti=
on</a><br /><br />/dev/fd0<br />floppy disk guy</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/1c7130d4-cbac-4404-968c-9eb7b4e2e4cbn%40googlegroups.com</a>.<br />
------=_Part_29027_568568523.1742907127780--
------=_Part_29026_329018632.1742907127780--
|
