📅 Original date posted:2022-05-13
📝 Original message:Hello waxwing,
> A user sacrifices X amount of time-value-of-money (henceforth TVOM)
by committing in Joinmarket with FB1. He then uses the same FB1 in
Teleport, let's say. If he gets benefit Y from using FB1 in Joinmarket,
and benefit Z in Teleport, then presumably he'll only do it if
(probabilistically) he thinks Y+Z > X.
> But as an assessor of FB1 in Joinmarket, I don't know if it's also
being used for Teleport, and more importantly, if it's being used
somewhere else I'm not even aware of. Now I'm not an economist I admit,
so I might not be intuit-ing this situation right, but it fees to me
like the right answer is "It's fine for a closed system, but not an open
one." (i.e. if the set of possible usages is not something that all
participants have fixed in advance, then there is an effective Sybilling
problem, like I'm, as an assessor, thinking that sacrificed value 100 is
there, whereas actually it's only 15, or whatever.)
I don't entirely agree with this. The value of the sacrifice doesn't
change if the fidelity bond owner starts using it for Teleport as well
as Joinmarket. The sacrifice is still 100. Even if the owner doesn't run
any maker at all the sacrifice would still be 100, because it only
depends on the bitcoin value and locktime. In your equation Y+Z > X,
using a fidelity bond for more applications increases the
left-hand-side, while the right-hand-side X remains the same. As
protection from a sybil attack is calculated using only X, it makes no
difference what Y and Z are, the takers can still always calculate that
"to sybil attack the coinjoin I'm about to make, it costs A btc locked
up for B time".
Regarding fidelity bonds being used for both, I expect that most
fidelity bond owners will use their bonds with both Joinmarket and
Teleport, to not do that is just leaving money on the table.
If an attacker locks up the 100k btc or whatever the requirement is now,
and actually does a successful sybil attack against Joinmarket, then
they could at the same time do a successful sybil attack against
teleport with little added cost. So both markets form a single fidelity
bond ecosystem. This is a similar situation to merge-mining bitcoin with
an altcoin that also uses SHA256^2 for proof of work. The two or more
coins form one mining ecosystem. This results in the users of the small
altcoin benefiting from having their transactions protected by bitcoin's
massive hashrate. In this analogy the new small Teleport system can very
quickly benefit from the large amount of fidelity bonds already used in
Joinmarket.
Yes the hypothetical attacker can attack all systems at once, but the
defenders can defend all systems at once (and we can say not just that
they "can" do it, but that they "will" do it, or else they leave money
on the table). The mathematics which gives a huge advantage to the
defender still applies.
----
You've convinced me that specifying the exact form of the fidelity bond
certificate is a bad idea. I'll leave it more general, saying just that
wallets should be able to do SignMessage using the timelocked privkey.
And I'll leave the example signature in the test vectors.
I've made edits to this effect on the gist:
https://gist.github.com/chris-belcher/7257763cedcc014de2cd4239857cd36e/revisions#diff-4f1f364f340b78bdfe9dca2ff50784bd312d49be220e5e5c2e4675447f79c6e8
It's worth noting that even if the certificate message is different
across the two systems, a fidelity bond owner can still create two
signatures over two different messages (e.g.
"fidelity-bond-cert|<pubkey>|<expiry>" and
"fidelity-bond-cert-teleport|<pubkey>|<expiry>").
Chris Belcher [ARCHIVE] /
npub1ek…lnm2u
2023-06-07 23:08:50
in reply to nevent1q…3t52
Author Public Key
npub1ekvnqhww3aagwuj9t55dgj5y29u8cxdjllfv3vgppt8vc0zljhrs6lnm2uPublished at
2023-06-07 23:08:50Event JSON
{
"id": "ff33581aea997d69abf3214eb2412f1971d4adf3ec2bb0b5c1c49e68e6d0eaac",
"pubkey": "cd99305dce8f7a8772455d28d44a8451787c19b2ffd2c8b1010acecc3c5f95c7",
"created_at": 1686179330,
"kind": 1,
"tags": [
[
"e",
"ed87b4a661b1ec563ef35bba3e76c69fedd4dee29f9239e792212ae30f6447d4",
"",
"root"
],
[
"e",
"af0cf41aeb627e4b60b055b8ecb4e213487176d2cc01d4400d6d9f160be49589",
"",
"reply"
],
[
"p",
"9b3cb9066a41d6c59c090531827defe6138e14f8b94a7802a8a183aa309a4e2b"
]
],
"content": "📅 Original date posted:2022-05-13\n📝 Original message:Hello waxwing,\n\n \u003e A user sacrifices X amount of time-value-of-money (henceforth TVOM) \nby committing in Joinmarket with FB1. He then uses the same FB1 in \nTeleport, let's say. If he gets benefit Y from using FB1 in Joinmarket, \nand benefit Z in Teleport, then presumably he'll only do it if \n(probabilistically) he thinks Y+Z \u003e X.\n\n \u003e But as an assessor of FB1 in Joinmarket, I don't know if it's also \nbeing used for Teleport, and more importantly, if it's being used \nsomewhere else I'm not even aware of. Now I'm not an economist I admit, \nso I might not be intuit-ing this situation right, but it fees to me \nlike the right answer is \"It's fine for a closed system, but not an open \none.\" (i.e. if the set of possible usages is not something that all \nparticipants have fixed in advance, then there is an effective Sybilling \nproblem, like I'm, as an assessor, thinking that sacrificed value 100 is \nthere, whereas actually it's only 15, or whatever.)\n\n\nI don't entirely agree with this. The value of the sacrifice doesn't \nchange if the fidelity bond owner starts using it for Teleport as well \nas Joinmarket. The sacrifice is still 100. Even if the owner doesn't run \nany maker at all the sacrifice would still be 100, because it only \ndepends on the bitcoin value and locktime. In your equation Y+Z \u003e X, \nusing a fidelity bond for more applications increases the \nleft-hand-side, while the right-hand-side X remains the same. As \nprotection from a sybil attack is calculated using only X, it makes no \ndifference what Y and Z are, the takers can still always calculate that \n\"to sybil attack the coinjoin I'm about to make, it costs A btc locked \nup for B time\".\n\nRegarding fidelity bonds being used for both, I expect that most \nfidelity bond owners will use their bonds with both Joinmarket and \nTeleport, to not do that is just leaving money on the table.\n\nIf an attacker locks up the 100k btc or whatever the requirement is now, \nand actually does a successful sybil attack against Joinmarket, then \nthey could at the same time do a successful sybil attack against \nteleport with little added cost. So both markets form a single fidelity \nbond ecosystem. This is a similar situation to merge-mining bitcoin with \nan altcoin that also uses SHA256^2 for proof of work. The two or more \ncoins form one mining ecosystem. This results in the users of the small \naltcoin benefiting from having their transactions protected by bitcoin's \nmassive hashrate. In this analogy the new small Teleport system can very \nquickly benefit from the large amount of fidelity bonds already used in \nJoinmarket.\n\nYes the hypothetical attacker can attack all systems at once, but the \ndefenders can defend all systems at once (and we can say not just that \nthey \"can\" do it, but that they \"will\" do it, or else they leave money \non the table). The mathematics which gives a huge advantage to the \ndefender still applies.\n\n----\n\nYou've convinced me that specifying the exact form of the fidelity bond \ncertificate is a bad idea. I'll leave it more general, saying just that \nwallets should be able to do SignMessage using the timelocked privkey. \nAnd I'll leave the example signature in the test vectors.\n\nI've made edits to this effect on the gist:\nhttps://gist.github.com/chris-belcher/7257763cedcc014de2cd4239857cd36e/revisions#diff-4f1f364f340b78bdfe9dca2ff50784bd312d49be220e5e5c2e4675447f79c6e8\n\nIt's worth noting that even if the certificate message is different \nacross the two systems, a fidelity bond owner can still create two \nsignatures over two different messages (e.g. \n\"fidelity-bond-cert|\u003cpubkey\u003e|\u003cexpiry\u003e\" and \n\"fidelity-bond-cert-teleport|\u003cpubkey\u003e|\u003cexpiry\u003e\").",
"sig": "b60cae273658bbc9d99006f2dc20b0b4ea529f149f312536668742c94d62fa4cf455a5181f8f0d8dbd2bdb91376bb047db037a3891d5f2a9a4da5c84c472e56e"
}