delvingbitcoin

Anonymous usage tokens from curve trees or autct

Anonymous usage tokens from curve trees or autct

Original Postby AdamISZ

Posted on: May 14, 2024 13:13 UTC

The potential use of a drop-in replacement for fidelity bonds in a coinjoin protocol without a central coordinator was revisited with a focus on combating Sybil attacks which threaten the anonymity of transactions by allowing an attacker to simulate multiple other participants.

This discussion highlighted that while imposing a cost on participation can deter such attacks to an extent, it's not a foolproof defense because the threat model assumes an attacker with limited resources. A specific method to calculate the costs imposed by this system was mentioned, referencing the time value of money to assess the financial implications of participating based on the age and value of unspent transaction outputs (UTXOs).

Further analysis revealed concerns regarding the practicality and effectiveness of using UTXOs as a form of proof to prevent Sybil attacks within decentralized coinjoin protocols. The suggestion was to significantly increase the age requirement of a UTXO to make it eligible as proof, which, though potentially effective in increasing attack costs, could impractically limit participation and reduce the anonymity set. This approach might make the defense mechanism too cumbersome to be feasible or useful.

A notable structural issue with this method involves the use of zero-knowledge proofs (ZKP) and key images for verifying UTXO ownership without revealing the owner's identity. The unchanged nature of the key image poses a risk of transaction linkage over time, undermining the privacy the system aims to protect. To address this, a proposal for token multi-issuance was discussed. This would involve generating multiple independent tokens per UTXO through a distinct elliptic curve operation, allowing for separate and unlinkable authorizations for system use. This strategy, inspired by practices in Proof of Discrete Log Equivalence (PoDLE), appears promising for maintaining privacy and security in decentralized coinjoin protocols. Further details on this technical solution can be found in the discussion on GitHub.

This exploration underscores the complexity of designing privacy-preserving cryptographic protocols and the balance between usability and security. While the concept of utilizing UTXO characteristics for integrity in transaction systems is intriguing, the practical challenges and potential vulnerabilities necessitate careful consideration and innovative solutions like token multi-issuance.