-
Notifications
You must be signed in to change notification settings - Fork 80
ZeroLink v2? #59
Comments
10$ fees are a bad estimation: fees are much, much higher because they are paid to offchain services to accelerate the inclusion of an otherwise stuck transaction. Anyway, I have a question: what is needed to port ZeroLink to Bitcoin Cash? I would like to make some experiments there, since fees are about 1 cent per transaction and that means we can do a lot of mixing paying very little. |
Higher fees for DoS and Sybil protection. ZeroLink assumes around $1 BTC fees. There are other defenses, but they are complex and must be figured out. |
So it's unusable in Bitcoin where fees are way higher, in the range from 50 too 100$ (probably more in the future, if Bitcoin will still be relevant). To make it work on Bitcoin Cash so you could just require transactions with a minimum satoshis per byte, would it work as an antispam measure? (i.e.: simply ignore transactions with a lower fee) |
For DoS protection the higher the fees are the better it is.
It's the other way around. Consider someone registers to a round with the intention of pulling out to DoS and break this round for everyone else. In this case the server bans that utxo that's been registered with and some relative utxos as well. Nevertheless, the main takeaway is: the attacker must make Bitcoin transactions to be able to register new coins into the mix. This DoS protection depends on if these outside of the mix transactions are expensive enough. As I said, there are many workable ideas (#6) on DoS defense, yet, because fees are high, there is no need to overcomplicate it. Simple utxo banning can go a long way. |
can you expand on point 5? I did not see that explanation from your post-article. |
@darkrevive, just to make sure do you mean the issue #5 or the point number 5 ( |
Note: bitcoin tx fees have dropped and stayed quite low for several weeks: https://bitinfocharts.com/comparison/bitcoin-transactionfees.html#6m |
@jonathancross It was unexpected and I worried about it, but then I realized fees will eventually go over $1 and stay there. Or in other words, if they don't that's the equivalent of the failure of Bitcoin, since that'd mean people don't want to use it.
Anyway, there are many strategies explained in the README.md that works against DoS attacks and if another DoS protection is needed, then so be it. |
@nopara73 Sorry, I edited my post. I meant point 5: We already knew that it wasnt practical, but I'd like to know more about the conclusions about preventing post-mix input joining. For example, is it hard to prevent or is it not as necessary after so many hops (eg 2 inputs from the mix could eventually fall into the same address but under control from 2 different people) |
@darkrevive
The reasoning is: they need to have a bunch of UTXOs. However I was doing some napkin calculations about privacy loss of not MyMonero users against MyMonero. I've came to the realization that such privacy loss is tiny, even if MyMonero would do a big chunk of the on chain transactions. As you may have noticed there are "maybe-s and probablies" in this answer of mine, it is because I was doing napkin calculations and to come to a strong conclusion I need to look into it deeper. |
are there any studies about the growing number of hops from one address to another final address makes chain analysis more expensive? I think i remember something like that by reading about the Richochet feature that Samourai wallet uses. I was thinking after so many hops post mix that it would be unproductive/expensive to come to conclusions about the original participants in the mix. in terms of UI, that could happen automatically. |
I'm not entirely convinced if that's useful. |
Revisiting the original assumptions on ZeroLink may result in ZeroLink v2:
Originally, ZeroLink relied on the Bitcoin network fees to be at least $1. Today the fees are hitting $10, they are rapidly growing with no sign of stopping.
A. High fees bring up the need for more elaborate fee estimation, because in a ZeroLink transaction everyone must agree on the fee rate. Loosely related issue about RBF: Add RBF ratio idea #56
B. High fees probably can simplify our current DoS and Sybil protection strategies.
In ZeroLink's prototype, its performance was unexpectedly good. A ZeroLink transaction happened within 30 seconds. Works are underway in the underlying Tor library that will likely result in near instant transactions.
New research directions they may be game changers: SNICKER Research SNICKER #46 , Byzantine Cycle Mode Research Byzantine Cycle Mode #50 , Clusterfuck Wallet Work out Clusterfuck Wallet idea #42
Byzantine Cycle Mode Research Byzantine Cycle Mode #50 may relax the constraint of common denominations for CoinJoins.
In practice, it turned out completely preventing inputs to be joined together after the mix is not practical.
A Clusterfuck Wallet Work out Clusterfuck Wallet idea #42 may relax the prevention of input joining constraint.
Opening Lightning Network channels Research: Open Lightning Channel with CoinJoin #58 via coinjoin is another interesting research territory. LN channel openings with common coinjoin denominations rarely results any convenience loss for the user. This can also help relaxing the input joining constraint. At this point, more research is needed about its pros and cons.
At the beginning ZeroLink was intended to work with both low and high anonymity sets. However for low anonymity set privacy solutions there is already JoinMarket, Monero and with its current usage patterns, ZCash. ZeroLink could compete much more effectively if its anonymity set would be high (100ish) from the beginning.
Huge anonymity set also helps mitigating the risk of input joining.
There is a need to be able to send coinjoins into specified custom addresses. The Clusterfuck Wallet can mitigate the risk of possible privacy loss due to this.
While the community support was unprecedented, adoption from other developers were not as expected. Samourai wallet is aiming to build its own implementation, Breeze is written in the same programming language as HiddenWallet, so there are little to no costs to keep two implementations in sync, the DarkWallet developer who contacted me doesn't seem to be active anymore, other wallet developers were showing no interest.
ZeroLink made many tradeoffs in order to facilitate its implementations across competing wallets.
Also to maintain compatibility ZeroLink also specified many uniformity requirements, for example utilization of extpubkeys and the whole set of Wallet Uniformity Requirements. Such requirements can be safely removed.
ZeroLink needs more specific networking mechanism to be specified. Such works are underway, see ToT protocol.
It seems like there is a trend of people starting to be able to afford running their own full node. As the transaction fees are growing, people who can afford to use the first layer of Bitcoin are increasingly the ones who can afford to run a full node. If this trend keeps up, works on privacy preserving light wallets may be unneccessary.
The text was updated successfully, but these errors were encountered: