Replying to Avatar Juraj

Thought experiment. Samourai whirlpool coinjoin is five inputs and five outputs. I guess the participants are selected by the coordinator, which is open source, but there's no way to tell which coordinator they are actually running.

Imagine if they were adversarial. We know they send xpubs to their server if you don't run your own dojo node. How can we be sure they don't let four participants that they know xpub for and one that runs their own node? If every coinjoin is made like this (which it could well be), whole whirpool is a total placebo.

Where am I wrong in this thought? (Excerpt trusting that they are the good guys)?

Could this be happening?

Of course two people who run their own nodes could coordinate and see if they are ever part of one coinjoin. But then the next question is - what if they do this only for "interesting" utxos?

If the coordinator is adversarial, the combination of xpubs and small sets makes this attack easy and very hard to see from the transactions themselves.

I'm just thinking "loud", not accusing anyone, I mainly want to see if I understand this correctly.
Avatar
Seth For Privacy 2y ago

This is true of any centralized coordinator, if you can't trust them not to Sybil then using the tool is pointless.

You have pointed out the only caveat, in that Samourai could do so more cheaply because they can wield non-Dojo users as Sybil attackers in a sense.

Any time there is a centralized coordinator they could easily be all other participants in a mix and de-anon your spend.

Wasabi could do the same, and could do the same only for inputs flagged by whatever chain surveillance company they fund.

It's all trust.

This is the single biggest issue with Bitcoiners not being willing to do privacy at the base layer (like Monero) and instead pushing it to the app layer - we re-introduce trust where we technically do not have to.

And no, JoinMarket is not a solution as it's easier to Sybil.

Reply to this note

Please Login to reply.

Discussion

Avatar
Kruw 2y ago

You can't do the same in Wasabi without being detected because the attack target would have to register their non private input first (out of 150) and the malicious coordinator would have to deny registration from non sybil participants, including the attack target's next input. This allows an attacker coordinator performing a sybil attack to be detected by the target.

A second apprpach is a malicious coordinator that purposely never alllows a round to succeed can passively gather input registrations from multiple unsuccessful rounds in order to try to slowly try to cluster them together. This is somewhat detectable I assume since rounds never actually succeed?

Avatar
Juraj 2y ago

Exactly...

Wasabi has one big round for everyone. People being kicked from the round is noticeable.

Even if you have two utxos, they are registered independently.

So if Wasabi coordinator would do this kind of attack, people would notice being kicked. If Whirlpool coordinator did it, you would never know.

17
xmrk ₿ ⚡️ 2y ago

Could you explain what is wrong with JoinMarket, please? I would expect that the fidelity bonds they use are an incentive to not do Sybil attack, to use just one identity. I see a problem if a taker does not care and takes offers with no or insufficient bonds. Or perhaps chainalysis and friends have enough money to put in the bonds, so it is not a real obstacle for them?