📅 Original date posted:2019-07-31
📝 Original message:В Tue, 30 Jul 2019 22:39:14 +0100
Chris Belcher via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
wrote:
> This is where a sacrifice of V bitcoins creates a
> bond of value V^2. The formula provides a strong incentive for
> profit-motivated makers to use all their fidelity bond coins with just
> one maker, not spread them out over many makers.
The attacker derives additional value from the use of
locked utxo - the deanonimyzation capabilities.
An entity M can use all of its locked coins to run a maker, and then
earn value X. It will also incur some operational expenses in the course
of running the maker, so the profit will be less than X.
If these locked coins are given to the attacker A as a package, an
attacker can derive a value of X+D where D is a value of increased
deanonymization capabilities for an attacker. Operational expenses
for an attacker are the same as before (without timelocked bonds),
because they need to operate a lot of makers either way.
If M is profit-driven and non-ideological, it can rent out all of its
coins to A as a package, for the price X, and get the same value without
running a maker and dedicating any resources and time to it, not
incurring any operatinal expenses (thus having a bigger profit in the
end).
Attacker A will run a maker with M's coins, get profit X, pay X to M,
get increased deanonymization capabilities.
If renting out of utxo is done in a way that the owner always gets X
after the lock expires, the operation will be riskless for the owner.
The attacker will need to lock amount X along with owner's coins, but
hopefully makes X back by running a maker operation.
The price for renting out the coins will be determined on the size of
the 'coin package', so it will not be feasible for the owners of the
coins to rent them out separately.
An attacker can even rent coins from several entities and combine them
to create a more 'powerful' maker. If I understand correctly, such
'powerful' maker can have bigger profit than two less 'powerful'
makers. It seems like a centralization risk to me.
Dmitry Petukhov [ARCHIVE] /
npub10r…9afdw
2023-06-07 18:19:43
in reply to nevent1q…vkgl
Author Public Key
npub10r66s2stvnancx9axwnfc5a34asjkwkgmkq7ztm5hf30x7fa4szsv9afdwPublished at
2023-06-07 18:19:43Event JSON
{
"id": "e66296511fb9e3311875a4ef4f854df52012de281b63a4275a0c1e14d863f7cb",
"pubkey": "78f5a82a0b64fb3c18bd33a69c53b1af612b3ac8dd81e12f74ba62f3793dac05",
"created_at": 1686161983,
"kind": 1,
"tags": [
[
"e",
"e5951fd065af963dd1caf477c2dc7ac75e75b8c5de9df2bf7554616176c13878",
"",
"root"
],
[
"e",
"27c70a6f10570d96616746e448ff67e0a1a01e95633c46cbcaac0dba4b413a79",
"",
"reply"
],
[
"p",
"cd99305dce8f7a8772455d28d44a8451787c19b2ffd2c8b1010acecc3c5f95c7"
]
],
"content": "📅 Original date posted:2019-07-31\n📝 Original message:В Tue, 30 Jul 2019 22:39:14 +0100\nChris Belcher via bitcoin-dev \u003cbitcoin-dev at lists.linuxfoundation.org\u003e\nwrote:\n\n\u003e This is where a sacrifice of V bitcoins creates a\n\u003e bond of value V^2. The formula provides a strong incentive for\n\u003e profit-motivated makers to use all their fidelity bond coins with just\n\u003e one maker, not spread them out over many makers.\n\nThe attacker derives additional value from the use of\nlocked utxo - the deanonimyzation capabilities.\n\nAn entity M can use all of its locked coins to run a maker, and then\nearn value X. It will also incur some operational expenses in the course\nof running the maker, so the profit will be less than X.\n\nIf these locked coins are given to the attacker A as a package, an\nattacker can derive a value of X+D where D is a value of increased\ndeanonymization capabilities for an attacker. Operational expenses\nfor an attacker are the same as before (without timelocked bonds),\nbecause they need to operate a lot of makers either way.\n\nIf M is profit-driven and non-ideological, it can rent out all of its\ncoins to A as a package, for the price X, and get the same value without\nrunning a maker and dedicating any resources and time to it, not\nincurring any operatinal expenses (thus having a bigger profit in the\nend).\n\nAttacker A will run a maker with M's coins, get profit X, pay X to M,\nget increased deanonymization capabilities. \n\nIf renting out of utxo is done in a way that the owner always gets X\nafter the lock expires, the operation will be riskless for the owner.\nThe attacker will need to lock amount X along with owner's coins, but\nhopefully makes X back by running a maker operation. \n\nThe price for renting out the coins will be determined on the size of\nthe 'coin package', so it will not be feasible for the owners of the\ncoins to rent them out separately.\n\nAn attacker can even rent coins from several entities and combine them\nto create a more 'powerful' maker. If I understand correctly, such\n'powerful' maker can have bigger profit than two less 'powerful'\nmakers. It seems like a centralization risk to me.",
"sig": "1502ec5f17ed9fb2cdf6a72b6ed4aeb547b09b57655af6042476e485dfd144b85327ef97daaae840ced26a756545c65ba964e15ca202cd97d2f28b8a7106e314"
}