Juraj on Nostr: Thought experiment. Samourai whirlpool coinjoin is five inputs and five outputs. I ...
Thought experiment. Samourai whirlpool coinjoin is five inputs and five outputs. I guess the participants are selected by the coordinator, which is open source, but there's no way to tell which coordinator they are actually running.
Imagine if they were adversarial. We know they send xpubs to their server if you don't run your own dojo node. How can we be sure they don't let four participants that they know xpub for and one that runs their own node? If every coinjoin is made like this (which it could well be), whole whirpool is a total placebo.
Where am I wrong in this thought? (Excerpt trusting that they are the good guys)?
Could this be happening?
Of course two people who run their own nodes could coordinate and see if they are ever part of one coinjoin. But then the next question is - what if they do this only for "interesting" utxos?
If the coordinator is adversarial, the combination of xpubs and small sets makes this attack easy and very hard to see from the transactions themselves.
I'm just thinking "loud", not accusing anyone, I mainly want to see if I understand this correctly.
Published at
2023-04-25 18:45:05Event JSON
{
"id": "c2e29425dfb609e2954f385bbcf0c615ba752f5467b5c2eecaf45aa49dd794e6",
"pubkey": "dab6c6065c439b9bafb0b0f1ff5a0c68273bce5c1959a4158ad6a70851f507b6",
"created_at": 1682448305,
"kind": 1,
"tags": [],
"content": "Thought experiment. Samourai whirlpool coinjoin is five inputs and five outputs. I guess the participants are selected by the coordinator, which is open source, but there's no way to tell which coordinator they are actually running.\n\nImagine if they were adversarial. We know they send xpubs to their server if you don't run your own dojo node. How can we be sure they don't let four participants that they know xpub for and one that runs their own node? If every coinjoin is made like this (which it could well be), whole whirpool is a total placebo.\n\nWhere am I wrong in this thought? (Excerpt trusting that they are the good guys)?\n\nCould this be happening?\n\nOf course two people who run their own nodes could coordinate and see if they are ever part of one coinjoin. But then the next question is - what if they do this only for \"interesting\" utxos?\n\nIf the coordinator is adversarial, the combination of xpubs and small sets makes this attack easy and very hard to see from the transactions themselves.\n\nI'm just thinking \"loud\", not accusing anyone, I mainly want to see if I understand this correctly.",
"sig": "e55048f760d993b6e003775dc6d6ab6d47571a2cba18bca0147c41f27dbc4a9402f3a62759ca02af552b87b0d37b353bed355b0df070a8f97be2c657a5adde67"
}