Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: Can Coinjoin transactions be traced? Busting Bitcoin privacy myths!
by
ABCbits
on 25/01/2024, 10:33:31 UTC
Quote from: Poker Player on Today at 04:21:34 AM
Look man, I don't know what you're trying to do here. Don't you have enough with 15 neutral color tags but basically saying you're a piece of shit? Now you want to open a rational debate by quoting someone who is going to die? If it's because Wasabi pays you to represent them on the forum, the best thing you can do is stop doing it. Otherwise you're just going to inspire more hate.

I somewhat agree. People will just assume you shill Wasabi.


Quote from: Kruw on January 24, 2024, 06:15:29 PM
- Can WabiSabi be traced?

Not unless you are the biggest whale in a coinjoin round with insufficient liquidity. Even outputs that do not have matching amounts cannot be traced to an owner on the input side - it’s even possible that the output changed hands as a payment to someone who did not own any funds on the input side at all:

--snip--

Have you checked WabiSabi paper from https://github.com/zkSNACKs/WabiSabi/releases/latest/download/WabiSabi.pdf and read section 7?

Quote from: https://github.com/zkSNACKs/WabiSabi/releases/latest/download/WabiSabi.pdf
A malicious coordinator may tag users by providing them with different issuer parameters. When registering inputs a proof of ownership must be provided. If signatures are used, by covering the issuer parameters and a unique round identifier these proofs allow other participants to verify that everyone was given the same parameters.

A malicious coordinator could also delay the processing of requests in order to learn more through timing and ordering leaks. In the worst case, the coordinator can attempt to linearize all requests by delaying individual to recover the full set of labelled edges. This is possible when k = 1 and users have minimal dependencies between their requests and tolerate arbitrary timeouts but issue requests in a timely manner.

Similarly the coordinator may delay information such as the set of ownership proofs or the final unsigned transaction. In the case of the latter, this can be used to learn about links between inputs. This is because a signature can only be made after the details of the transaction are known. If the unsigned was only known to one user but multiple inputs have provided signatures, it follows that those inputs are owned by the same user.

Since the coordinator must be trusted with regards to denial of service a more practical variant of this attack would involve more subtle delays followed by sabotaging multiple successive rounds during the signing phase in order to learn of correlations between registrations while maintaining deniability.

To be specific, what do you think about sentences i quoted above?