thesimplekid
commented
1 year ago Thank you for this, I knew there were some issues here. I will look into this
Open MaxHillebrand opened 1 year ago
thesimplekid
commented
1 year ago Thank you for this, I knew there were some issues here. I will look into this
This is a lovely project, keep it up!
Some of the attack vectors that joinmarket suffers from applies as well, and I didn't see this one in the roadmap. I assume there is no coordinator blinding, so the taker knows common input&output ownership of makers.
The taker can start a new transaction, then invite a lot of makers, seeing their common inputs, then aborting the round. After a couple attempts, without much cost, this malicious taker knows the entire utxo set of each maker, thus substantially decreasing privacy, including past coinjoins.
This attack was executed against joinmarket in the past, and they solved it by introducing poodles. The maker only reveals his utxo, if the taker proves that he controls a utxo. This enforces some cost to the taker, the creation of a utxo. This also enables blaming and punishing misbehaving takers, as makers can gossip used poodles and loosely deny double spends.