Skip to content

Instantly share code, notes, and snippets.

@JimDennis

JimDennis/JMalert.md

Forked from chris-belcher/JMalert.md
Last active September 11, 2016 23:24
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save JimDennis/4f99c7ec4d224b7e5803fa3cab01c977 to your computer and use it in GitHub Desktop.
Save JimDennis/4f99c7ec4d224b7e5803fa3cab01c977 to your computer and use it in GitHub Desktop.
Download ZIP
JoinMarket's privacy is degraded until further notice
Raw
JMalert.md

JoinMarket's privacy is degraded (for a while)

09/06/2016

Summary

JoinMarket is a young project, there are some possible vulnerabilities which could be exploited to spy on every user.

Recently people have noticed that one such attack seems to actually be happening. The attack has the possibility of degrading the privacy of all JoinMarket coinjoins.

All JoinMarket users must be aware of this, and may want to not use JoinMarket until the issue is resolved.

This vulnerability can probably be fixed with a protocol update to JoinMarket, but that doesn't yet exist yet. It needs to be written.

What is happening?

The vulnerability (known henceforth as issue #156) was first written about in July 2015. It's named after the issue number of github.

Read through this issue to gain an understanding of what the attack is and how it works. JoinMarket-Org/joinmarket#156

It means that an attacker for free can learn what UTXOs belong to which maker, and can eliminate them when analysing coinjoins on the blockchain. It's not trivial to actually obtain all the UTXOs from a maker, but even learning a proportion of them is enough to spy on a large amount of coinjoins.

JoinMarket is still private to everyone who isn't this #156 spy. Different people use JoinMarket and bitcoin for many different reasons; if their privacy requirements are lower then they can still use JoinMarket. Without JoinMarket, bitcoin transactions can be analyzed in more detail forever in the future because they are recorded on the permanant public blockchain.

What will happen now?

We have a pretty good idea how to fix this. See the github issue for details. Also see waxwing's blog post. It generally involves limiting spy taker's ability to get maker's UTXOs for free.

Alternate privacy methods

JoinMarket's sendpayment script probably can't be replaced. There's no other way I know of which immediately creates a bitcoin transaction like sendpayment.

JoinMarket's tumbler script (which aims to break the link between addresses) probably can be substituted by something else. The best way is probably to piggyback off the hot wallets of various bitcoin websites.

Worked example for tumbler replacement

We'll pick some bitcoin websites that don't require an identity to deposit and withdraw coins, and send the bitcoin through them. We must remember to split up the amounts and use different deposit addresses to stop amount correlation.

Say we want to break the link between 1btc we have and send it to our cold storage wallet. Each arrow -> is a new bitcoin withdrawal transaction.

          LocalBitcoins.com     NitrogenSports.eu     ChangeTip.com      BitFinex.com       cold storage wallet
1btc  ->  1addrA  1btc      ->  1addrB 0.1btc     ->  1addrE 0.1btc  ->  1addrG 0.4btc  ->  1addrH 0.25btc
                            ->  1addrC 0.2btc     ->  1addrF 0.9btc  ->  1addrF 0.6btc  ->  1addrI 0.25btc
                            ->  1addrD 0.7btc                                           ->  1addrJ 0.25btc
                                                                                        ->  1addrK 0.25btc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment