pull down to refresh

Sender can find recipient’s UTXO(s) in payjoin without even broadcasting the final transaction. This attack is described in BIP 77 and 78 however often ignored by privacy advocates.
In a normal bitcoin transaction, the recipient shares their address to receive bitcoin although payjoin requires more information. Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.
220 sats \ 1 reply \ @kruw 31 Mar
Recipient needs to share their signed UTXO with the sender to finalize the payjoin transaction. Hence, payjoin cannot be used with untrusted senders.
This is a solved problem: The receiver doesn't give any UTXO information out until the payjoin sender has already provided a regular presigned payment as collateral.
Since the spender has already forfeited their coins (without learning any of the merchant's inputs), the receiver can simply reject the payjoin request and take the customer's money as a normal payment without revealing any information to them, causing the attacker to lose all their money.
@1440000bytes is a Monero retard with a terrible track record of purposely publishing false information about coinjoins.
reply
Yup. Failing to mention the mitigation in this article – when he clearly knows about it – is straight up fraud on the reader.
The guy is clearly an attention seeker at best.
reply
50 sats \ 0 replies \ @OT 31 Mar
That's a bit of a disappointment TBH. It's far beyond my level of understanding but I wonder if blinding the inputs is somehow possible.
reply