[bitcoin-dev] Improving JoinMarket's resistance to sybil attacks using fidelity bonds

[Chris Belcher]

Hello list,

Two points:

* The V^2 term is the only thing in the whole scheme that provides any
sybil protection. I've already gone through the reasoning in an earlier
email and the maths is clear; in a scheme with linear V honest makers
have no economic advantage over sybil attackers. This is because only a
sybil attacker needs to split up their money into multiple fidelity
bonds, and that comes with a penalty under the V^2 rule.

It's worth reiterating that including a single evil maker in a
JoinMarket coinjoin does not ruin it's privacy. Privacy is only ruined
if *all* makers in a coinjoin are controlled by the same entity. So if
takers use one maker who has rented TXOs, then its no big deal as long
as the other included makers are controlled by other people. Therefore
when balancing the harms, consolidation into fewer makers is not as bad
as having no sybil protection (which as a reminder means that *all*
makers are controlled by one entity), and so the V^2 term does more good
than harm.

We can't condemn the V^2 rule because of consolidation without
acknowledging the good it does in penalizing sybil attacks.

* Regarding entities like exchanges running makers. They can also do
this today with JoinMarket, the proposed fidelity bond scheme doesn't
make that worse. It's an underlying assumption of JoinMarket that
coinjoining power is proportional to bitcoin ownership (in a similar way
that an underlying assumption of bitcoin is that transaction
confirmation power is proportional to hashpower). If those big exchanges
find that coinjoins involving them included just one maker controlled by
someone else then their aim of deanonymization will have failed. And
then those exchanges have to explain to their regulators why they helped
hide the origin and destination of some black market money.