This is just the nugget of an idea, but:
A miner could discriminate against payments based on the amounts in the outputs.
A countermeasure would be to craft the transaction in such a way that does not disclose amounts, e.g. Confidential Transactions.
This idea introduces a potential new attacker, which is a miner. The miner is a network-level attacker, but has an ability that other network-level attackers do not have: to add or not add transactions to blocks.
If this seems like an idea worth including in the threat model, there are likely other ways that the miner attacker can discriminate transactions, in which case this attack should be generalized, or other attacks should be added. A generic form of the attack might be: "Exclude transaction from mined blocks based on distinguishing characteristics, such as client fingerprint, amount, or public keys involved in the transaction."
kristovatlas
commented
8 years ago
This is just the nugget of an idea, but: A miner could discriminate against payments based on the amounts in the outputs.
A countermeasure would be to craft the transaction in such a way that does not disclose amounts, e.g. Confidential Transactions.
This idea introduces a potential new attacker, which is a miner. The miner is a network-level attacker, but has an ability that other network-level attackers do not have: to add or not add transactions to blocks.
If this seems like an idea worth including in the threat model, there are likely other ways that the miner attacker can discriminate transactions, in which case this attack should be generalized, or other attacks should be added. A generic form of the attack might be: "Exclude transaction from mined blocks based on distinguishing characteristics, such as client fingerprint, amount, or public keys involved in the transaction."