pull down to refresh

UTXO probing attack using payjoinuncensoredtech.substack.com/p/utxo-probing-attack-using-payjoin
481 sats \ 4 comments \ @k00b 31 Mar bitdevs
Sender can find recipient’s UTXO(s) in payjoin without even broadcasting the final transaction. This attack is described in BIP 77 and 78 however often ignored by privacy advocates.
In a normal bitcoin transaction, the recipient shares their address to receive bitcoin although payjoin requires more information. Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.
write
preview
related posts
271 sats \ 2 replies \ @kruw 31 Mar
Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.
This is a solved problem: The receiver doesn't give any UTXO information out until the payjoin sender has already provided a regular presigned payment as collateral.
Since the spender has already forfeited their coins (without learning any of the merchant's inputs), the receiver can simply reject the payjoin request and take the customer's money as a normal payment without revealing any information to them, causing the attacker to lose all their money.
@1440000bytes is a Monero retard with a terrible track record of purposely publishing false information about coinjoins.
reply
166 sats \ 1 reply \ @petertodd 31 Mar
Yup. Failing to mention the mitigation in this article – when he clearly knows about it – is straight up fraud on the reader.
The guy is clearly an attention seeker at best.
reply
0 sats \ 0 replies \ @1440000bytes 17 Apr
Learn to appreciate the research, so that others will be motivated to do it when you find problems with an implementation or protocol.
reply
50 sats \ 0 replies \ @OT 31 Mar
That's a bit of a disappointment TBH. It's far beyond my level of understanding but I wonder if blinding the inputs is somehow possible.
reply