chris-belcher

Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility

25/5/2020

Abstract

Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.

Now imagine another user, Carol, who isn't too bothered by privacy and sends her bitcoin using a regular wallet which exists today. But because Carol's transaction looks exactly the same as Alice's, anybody analyzing the blockchain must now deal with the possibility that Carol's transaction actually sent her coins to a totally unconnected address. So Carol's privacy is improved even though she didn't change her behaviour, and perhaps had never even heard of this software.

chris-belcher

r/btc markets itself as a "censorship-free" sub. In reality it attempts to silence the voices of people it disagrees with.

A few screenshot examples of censorship https://imgur.com/a/rHrtC

this article was deleted when posted, which describes how the mods of r/btc are roger ver's employees at bitcoin.com https://medium.com/@WhalePanda/the-curious-relation-between-bitcoin-com-anti-segwit-propaganda-26c877249976#.4mfo9qn3e

"Exploit code for the recent BTU attack - apparently this was posted to /r/btc, and of course, got censored. :)"

chris-belcher

Chris Belcher's Work Diary

I keep a diary of all the work I do on bitcoin privacy.

It may also be interesting to my collaborators and donors, and anyone who wants to follow how my projects are going (these days I'm almost exclusively working on developing CoinSwap, see https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964).

Support this work with a donation: https://bitcoinprivacy.me/coinswap-donations

chris-belcher

The Problem

JoinMarket has a problem where it assumes different nicknames have different bitcoin wallets. This can be exploited by people running multiple yield generator bots from the same wallet, so they get a higher rate of profit at the expense of de-legitimizing the system for privacy.

Crypto primitive 1: Merkle Tree

A merkle tree is a way of producing a commitment to a set, which can later can prove that elements are contained within the set using only O(logN) data, and only revealing one other element in the set.

For example here is a merkle tree commiting to a set of numbers {6, 3, 9, 0, 8, 4, 7, 2}

chris-belcher

list of links for quick copypasting when debating on forums, also useful as a reading list

this was posted on reddit, link is https://www.reddit.com/r/Bitcoin/comments/7mh8c2/long_live_decentralized_bitcoin_a_reading_list/

some of these links may be subject to linkrot, try looking on archive.org or archive.is

Summary / The fundamental tradeoff

a trip to the moon requires a rocket with multiple stages by gmaxwell https://www.reddit.com/r/Bitcoin/comments/438hx0/a_trip_to_the_moon_requires_a_rocket_with/

chris-belcher

Financial mathematics of JoinMarket fidelity bonds

13/7/2019

4/4/2021 (edited fixing formula and adding two graphs)

7/5/2021 (added appendix 1)

To read the context see the main document Design for improving joinmarket's resistance to sybil attacks using fidelity bonds.

chris-belcher

Edit 14/09/2016

JoinMarket release 0.2.0 ameliorates this snooping attack. It is a protocol-breaking change so everyone must update which we anticipate may take some time.

https://github.com/JoinMarket-Org/joinmarket/blob/master/doc/release-notes-0.2.0.md

Edit2

Looks like enough people have updated and there's plenty of liquidity now.

chris-belcher

See latest version at https://github.com/bitcoin/bips/blob/master/bip-0326.mediawiki

chris-belcher

Design for improving JoinMarket's resistance to sybil attacks using fidelity bonds

13/7/2019

tl;dr

JoinMarket can be sybil attacked today at relatively low cost which can destroy its privacy. Bitcoins can be sacrificed with burner outputs and time-locked addresses (also called fidelity bonds), and this can be used to greatly improve JoinMarket's resistance to sybil attacks.

With real-world data and realistic assumptions we calculate that under such a fidelity bond system an adversary would need to lock up 30,000-80,000 bitcoins for months, or send 45-120 bitcoins to burner addresses to have a good chance of sybil attacking the system if it were added to JoinMarket.

chris-belcher

#jsonrpc.py from https://github.com/JoinMarket-Org/joinmarket/blob/master/joinmarket/jsonrpc.py
#copyright # Copyright (C) 2013,2015 by Daniel Kraft <d@domob.eu> and phelix / blockchained.com

import base64
import httplib
import json

class JsonRpcError(Exception):
    def __init__(self, obj):
        self.message = obj