Author: Dmitry Petukhov 2019-07-31 15:50:18
Published on: 2019-07-31T15:50:18+00:00
A recent discussion on Bitcoin-dev focused on the use of fidelity bonds in the context of coinjoin. The idea is that a sacrifice of V bitcoins would create a bond of value V^2, which provides a strong incentive for profit-motivated makers to use all their fidelity bond coins with just one maker, rather than spreading them out over many makers. However, attackers can derive additional value from the use of locked utxo, specifically the deanonimyzation capabilities. The discussion suggests that an entity M can use all its locked coins to run a maker and earn value X, but it will also incur some operational expenses. If these locked coins are given to an attacker A as a package, an attacker can derive a value of X+D, where D is the value of increased deanonymization capabilities. Operational expenses for an attacker remain the same as before (without timelocked bonds), because they need to operate a lot of makers either way. If M is profit-driven and non-ideological, it can rent out all of its coins to A as a package for the price X and get the same value without running a maker or dedicating any resources and time to it, not incurring any operational expenses (thus having a bigger profit in the end). Attacker A will run a maker with M's coins, get profit X, pay X to M, and get increased deanonymization capabilities. Renting out of utxo should be done in a way that the owner always gets X after the lock expires, making the operation riskless for the owner. The price for renting out the coins will be determined based on the size of the 'coin package,' so it will not be feasible for the owners of the coins to rent them out separately. An attacker can even rent coins from several entities and combine them to create a more 'powerful' maker. This 'powerful' maker can have a bigger profit than two less 'powerful' makers, but it seems like a centralization risk.
Updated on: 2023-06-13T20:25:16.788687+00:00