Author: Tamas Blummer 2019-07-26 08:10:15
Published on: 2019-07-26T08:10:15+00:00
JoinMarket is a project that creates a market for coinjoins, which can be sybil attacked at low cost, destroying its privacy. However, Bitcoins can be sacrificed with burner outputs and time-locked addresses (also called fidelity bonds) to improve JoinMarket's resistance to sybil attacks. Fidelity bonds are a mechanism where bitcoin value is deliberately sacrificed to make a cryptographic identity expensive to obtain. This system could dramatically increase the cost of a sybil attack. Under this scheme, makers would need to publish the transactions of their fidelity bonds to the entire world. Those transactions could be subject to blockchain analysis. With real-world data and realistic assumptions, it can be calculated that a sybil attacker would need to lock up 30,000-80,000 bitcoins for 6 months or send 45-120 bitcoins to burner addresses to have a good chance of attacking the system by being all the counterparties in everyone's coinjoin. Makers with higher valued fidelity bonds will demand higher coinjoin fees, and it is expected that takers will accept paying higher coinjoin fees because additional privacy is well worth the cost.The private keys of fidelity bonds can be kept offline, allowing JoinMarket's sybil resistance to increase without the hot wallet risk. Burned coin signatures should still have a lifetime, in case the private key associated with the IRC nick is stolen, so that the thief of that privkey can't impersonate the maker indefinitely. The JoinMarket project also proposed creating time-locked addresses that can be used to prove ownership of bitcoin while keeping the coins offline in cold storage. These addresses would have fixed locktimes and correspond to 12 addresses per year, making it practical for them to be monitored as watch-only addresses. The timelocked address public key could be used to sign an IRC nickname, proving ownership of the TXO. The system also includes an intermediate keypair that is held online and signed by the time-locked address keypair with an expiry date. The existence of UTXOs can be proven by revealing the TXID and vout. Burned coins and spent time-locked coins can have their existence proved by sharing the transaction which created them along with a block height and transaction position for an unpruned node, or a merkle proof for a pruned node or SPV client.Links and references are provided for further reading on fidelity bonds, cost of sybil attacks, and combining fidelity bonds with mixers.
Updated on: 2023-06-13T20:26:53.385565+00:00