Skip to content

Instantly share code, notes, and snippets.

Avatar

chris-belcher

View GitHub Profile
@chris-belcher
chris-belcher / coinswap-design.md
Last active Sep 2, 2020
Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility
View coinswap-design.md

Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility

25/5/2020

Abstract

Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.

Now imagine another user, Carol, who isn't too bothered by privacy and sends her bitcoin using a regular wallet which exists today. But because Carol's transaction looks exactly the same as Alice's, anybody analyzing the blockchain must now deal with the possibility that Carol's transaction actually sent her coins to a totally unconnected address. So Carol's privacy is improved even though she didn't change her behaviour, and perhaps had never even heard of this software.

@chris-belcher
chris-belcher / work-diary
Last active Sep 14, 2020
Chris Belcher work diary
View work-diary
I keep a diary of all the work I do on bitcoin privacy.
It may also be interesting to my collaborators and donors, and anyone who wants to follow
how my projects are going (these days I'm almost exclusively working on developing
CoinSwap, see https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964).
(Note: I use the datetime format YYYY-MM-DD)
= week-2020-9-7 =
finished coding wallet generation and recovery, now coding wallet sync
@chris-belcher
chris-belcher / design-for-improving-joinmarkets-resistance-to-sybil-attacks-using-fidelity-bonds.md
Last active May 29, 2020
Design for improving JoinMarket's resistance to sybil attacks using fidelity bonds
View design-for-improving-joinmarkets-resistance-to-sybil-attacks-using-fidelity-bonds.md

Design for improving JoinMarket's resistance to sybil attacks using fidelity bonds

13/7/2019

tl;dr

JoinMarket can be sybil attacked today at relatively low cost which can destroy its privacy. Bitcoins can be sacrificed with burner outputs and time-locked addresses (also called fidelity bonds), and this can be used to greatly improve JoinMarket's resistance to sybil attacks.

With real-world data and realistic assumptions we calculate that under such a fidelity bond system an adversary would need to lock up 30,000-80,000 bitcoins for months, or send 45-120 bitcoins to burner addresses to have a good chance of sybil attacking the system if it were added to JoinMarket.

@chris-belcher
chris-belcher / sybil-attack-success-prob.py
Created Jul 13, 2019
Sybil attack success probability
View sybil-attack-success-prob.py
#! /usr/bin/python3
##this file calculates the success probability of a sybil attack on the
# orderbook with fidelity bonds used in joinmarket
# see https://gist.github.com/chris-belcher/87ebbcbb639686057a389acb9ab3e25b
from scipy.optimize import brentq
from time import time
from datetime import timedelta
@chris-belcher
chris-belcher / financial-mathematics-of-joinmarket-fidelity-bonds.md
Last active May 27, 2020
Financial mathematics of joinmarket fidelity bonds
View financial-mathematics-of-joinmarket-fidelity-bonds.md

Financial mathematics of JoinMarket fidelity bonds

13/7/2019

To read the context see the main document Design for improving joinmarket's resistance to sybil attacks using fidelity bonds.

Valuing fidelity bonds

We want to come up with a mathematical formula which gives the value of a fidelity bond. We want this function to be in the best interests of takers who use it. We aim for them to get the best possible sybil resistance.

@chris-belcher
chris-belcher / miner-resistant-lightweight-wallets.md
Last active May 26, 2020
DSPV Security - Miner-resistant design of lightweight bitcoin wallets
View miner-resistant-lightweight-wallets.md

edit: this scheme has serious problems, see the comments

DSPV security - Miner-Resistant Design of Lightweight Bitcoin Wallets

2019/03/21

What are lightweight wallets

Lightweight wallets are ones which are not full nodes. Lots of people use them because full nodes are costly: they cost time to setup/synchronize, education, disk space, bandwidth, RAM and a few other resources.

@chris-belcher
chris-belcher / improvement-plan-for-joinmarket-tumbler.md
Last active May 26, 2020
Plan to improve the privacy of JoinMarket's tumbler script
View improvement-plan-for-joinmarket-tumbler.md

Plan to improve the privacy of JoinMarket's tumbler script

24/02/2019

JoinMarket has a tumbler application which aims to send bitcoins in a way that delinks the origin and destination.

I have some thoughts on how and why to improve the tumbler algorithm.

Feel free to bikeshed some of these parameters (averages, counts, etc), as my important points are about other stuff.

@chris-belcher
chris-belcher / joinmarket-with-off-chain-fees.md
Last active May 26, 2020
JoinMarket with off-chain fees
View joinmarket-with-off-chain-fees.md

JoinMarket with off-chain fees

17/01/2019

Problem: Single JoinMarket coinjoins aren't private enough

A single JoinMarket coinjoin often doesn't hide which inputs belong to the maker(s) and which belong to the taker. This is because the coinjoin fee is included on-chain.

To tell apart takers' inputs from makers' inputs, subset matching can be used. The taker's subset is

@chris-belcher
chris-belcher / privacy-liquidity-divisibility.md
Last active May 26, 2020
How Wasabi Wallet and Samourai Wallet slightly degrade the divisibility of bitcoin
View privacy-liquidity-divisibility.md

How Wasabi Wallet and Samourai-Wallet-Whirlpool slightly degrade the divisibility of bitcoin

December 2018

I made this claim on twitter recently and many people wanted me to go into more detail.

Lots of privacy tech in bitcoin like coinjoin, coinswap, tumblebit and Lightning Network require many entities to come together to agree to make certain kinds of transactions. This creates a requirement that the right resources (coins) have to be in the right place,

You can’t perform that action at this time.