UTXO probing attack using payjoin \ stacker news ~bitdevs

pull down to refresh

UTXO probing attack using payjoin uncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin

381 sats \ 3 comments \ @k00b 31 Mar bitdevs

Sender can find recipient’s UTXO(s) in payjoin without even broadcasting the final transaction. This attack is described in BIP 77 and 78 however often ignored by privacy advocates.

In a normal bitcoin transaction, the recipient shares their address to receive bitcoin although payjoin requires more information. Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.

view all related items

220 sats \ 1 reply \ @kruw 31 Mar

Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.

This is a solved problem: The receiver doesn't give any UTXO information out until the payjoin sender has already provided a regular presigned payment as collateral.

Since the spender has already forfeited their coins (without learning any of the merchant's inputs), the receiver can simply reject the payjoin request and take the customer's money as a normal payment without revealing any information to them, causing the attacker to lose all their money.

@1440000bytes is a Monero retard with a terrible track record of purposely publishing false information about coinjoins.

115 sats \ 0 replies \ @petertodd 31 Mar

Yup. Failing to mention the mitigation in this article – when he clearly knows about it – is straight up fraud on the reader.

The guy is clearly an attention seeker at best.

50 sats \ 0 replies \ @OT 31 Mar

That's a bit of a disappointment TBH. It's far beyond my level of understanding but I wonder if blinding the inputs is somehow possible.