There are two forms of Sybil protection in Joinmarket, because of the taker-maker asymmetry. Both forms use utxo ownership. The takers have to produce what we call a "PoDLE", a commitment to a proof of discrete logarithm equivalence - in English, they publish a hash and have to reveal the utxo behind that hash to makers that agree to join with them, revealing the utxo behind it. The attack this dissuades: constantly spamming request to find out maker utxos. If someone can see all the makers' utxos they can deanon coinjoins, so it's a "snooping" attack. With PoDLE you are quite heavily rate limited in how many coinjoin requests you can make.
See the first two articles on my blog (P(o)ODLE and Racing against Snoopers) for more on that. https://reyify.com/blog/racing-against-snoopers-in-joinmarket-0.2
The makers have to publish a fidelity bond, as others have noted. See docs/ subdirectory in joinmarket-clientserver for some explanation and links to further explanation.
Fidelity bonds directly dissuade Sybilling and are much weightier, in general (the size of the utxo involved tends to be large), but note that in neither case are utxos spent, they are just held (for PoDLE) or timelocked (for FB). And FB UTXOs are actually published, which is a bad thing; I've recently spent a lot of time looking for efficient utxo set proofs, partly motivated by that.
(Although it's a bad thing, those utxos can be completely separate from utxos used in coinjoins, so it's not *that* bad.)
waxwing /
npub1vad…nuu7
2024-06-02 15:59:11
in reply to nevent1q…a2cg
Author Public Key
npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7Published at
2024-06-02 15:59:11Event JSON
{
"id": "29d4bf33cdcdce3d9663e6b0bd919bb6c0e196d45a12eec01b996bb6734f1d67",
"pubkey": "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
"created_at": 1717336751,
"kind": 1,
"tags": [
[
"e",
"e7b0cc62f9caf4adfd38f383c77a877fa1bacf7e540603215d7531d3319f182f",
"",
"reply"
],
[
"p",
"675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728"
],
[
"p",
"d8a6ecf0c396eaa8f79a4497fe9b77dc977633451f3ca5c634e208659116647b"
],
[
"r",
"https://reyify.com/blog/racing-against-snoopers-in-joinmarket-0.2"
]
],
"content": "There are two forms of Sybil protection in Joinmarket, because of the taker-maker asymmetry. Both forms use utxo ownership. The takers have to produce what we call a \"PoDLE\", a commitment to a proof of discrete logarithm equivalence - in English, they publish a hash and have to reveal the utxo behind that hash to makers that agree to join with them, revealing the utxo behind it. The attack this dissuades: constantly spamming request to find out maker utxos. If someone can see all the makers' utxos they can deanon coinjoins, so it's a \"snooping\" attack. With PoDLE you are quite heavily rate limited in how many coinjoin requests you can make.\n\nSee the first two articles on my blog (P(o)ODLE and Racing against Snoopers) for more on that. https://reyify.com/blog/racing-against-snoopers-in-joinmarket-0.2\n\nThe makers have to publish a fidelity bond, as others have noted. See docs/ subdirectory in joinmarket-clientserver for some explanation and links to further explanation.\n\nFidelity bonds directly dissuade Sybilling and are much weightier, in general (the size of the utxo involved tends to be large), but note that in neither case are utxos spent, they are just held (for PoDLE) or timelocked (for FB). And FB UTXOs are actually published, which is a bad thing; I've recently spent a lot of time looking for efficient utxo set proofs, partly motivated by that.\n\n(Although it's a bad thing, those utxos can be completely separate from utxos used in coinjoins, so it's not *that* bad.)",
"sig": "9fd89d6552dc00f6574931a0b72ed19310987cd016cc02e7840a81b99c10b30124c36949850b13172af220f1f37cc4e3434c094ce02cc6d1b01ef5e9263aad5e"
}