qtumproject / qips

Qtum Improvement Proposals
9 stars 2 forks source link

QIP-14: Persistent "lockunspent" to Prevent Dust Attack #14

Open JB395 opened 5 years ago

JB395 commented 5 years ago

Make "lockunspent" command persistent across wallet sessions to allow permanent locking of dust UTXOs, to prevent deanonymising dust attacks. Coin control provides some of this capability but requires user attention with each send.

For advanced users with command line/API interface, no GUI interface. Save the locked UTXOs in the wallet.dat file?

Reference https://medium.com/chainrift-research/bitcoins-attack-vectors-dust-attacks-9040edee2986

Earlz commented 5 years ago

I don't think this feature is in Qtum Core, but if it lands in Bitcoin Core we'll eventually get it for free. However, Qtum-Electrum already does support this feature by the capability of "freezing" UTXOs.

I think the best way to implement this feature would simply be to never spend dust UTXOs without some non-default command line flag like "-spenddust". Of course, this could be worked around by the attacker simply sending more coins than the dust limit. For a targeted attack this would be very effective, though of course makes a broad attack much more expensive