Pages:
Author

Topic: Burning dust (Read 341 times)

copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
May 07, 2021, 01:01:52 AM
#22
I don't think deanonymizing dust attacks are extremely common but I doubt there is a surefire way to differentiate pure spam and such attacks.

You can definitely "burn" the dust by sending it to a known burn address like 1CounterpartyXXXXXXXXXXXXXXXUWLpVr, 1111111111111111111114oLvT2 , etc. Or else, you can burn it using OP_return which eliminates the UTXO from the chainstate for everyone and doesn't provide additional bloat.

I think the problem lies with the economics of doing so. For some dust transactions, it'll possibly cost more than the dust itself to send and make sure that it confirms. For certain wallets, there are ways to just isolate the UTXO and ensure that your wallet will never attempt to spend it.


Agreed send coin from dust address to 1 address cost you more for fee especially right now high fee + Bitcoin price higher

i mean why OP need burn dust address

mostly wallet that have below 1$ is already thrown away by his owner  Cheesy
legendary
Activity: 3472
Merit: 10611
May 07, 2021, 12:04:50 AM
#21
Isn't that still a risk because once the dust lands on your coins someone can still look up address history and see your coins moving away to a new address?
Transaction history of any address is already visible to everyone who has access to the blockchain, which is basically anyone who runs a full node or can open a block explorer website. Receiving dust spam doesn't change that.

The way dust attack works is that it forces the wallet receiving the dust in lets say address A to have to mix address A with another address like B to be able to spend the dust output received in A which effectively links A and B and invades the privacy of the owner of that wallet.

If address A and B are already linked or you don't care about your privacy then you have nothing to worry about apart from the possible increased fee you'll have to pay to include that dust output in your next transaction. The solution is to freeze that output so that the wallet doesn't spend it ever and always use coin control features that your wallet offers (or use a wallet that does) to manually select or check all outputs being spent.
newbie
Activity: 17
Merit: 0
May 06, 2021, 04:34:24 PM
#20
Sorry for bumping this up, but let's say you have an address with some coins on it but dust lands on it. What do you do when you need to move the coins? Do you do something like this?

Your coins => New address

Dust => Throwaway address

Isn't that still a risk because once the dust lands on your coins someone can still look up address history and see your coins moving away to a new address?
legendary
Activity: 2268
Merit: 18748
December 17, 2020, 12:50:10 PM
#19
AFAIK now 547 is the limit.
546 sats is the lower limit for P2PKH transactions, and 294 sats is the lower limit for SegWit transactions.

The relevant code and a nice explanation is viewable here: https://github.com/bitcoin/bitcoin/blob/143bd108ed6626405b0361c9939a8e1bf6cfc3d2/src/policy/policy.cpp#L16
legendary
Activity: 952
Merit: 1385
December 17, 2020, 12:30:12 PM
#18
Yeah, my main concern would be that most dust attacks are too small to send on their own without including another input, be that another dust input or a regular input. Either way, you are revealing some information to the attacker.

Yep, if you pay the fee from the dust, the rest is too small to be send and is rejected by servers. AFAIK now 547 is the limit.
legendary
Activity: 2268
Merit: 18748
December 17, 2020, 12:16:43 PM
#17
If the information about address is well known, so anyone may send dust, there is no leak, at least not the intended (several addresses sending dust in this same transaction). Or I am missing something?
(I'm ignoring the fact that it's too small to send)
Yeah, my main concern would be that most dust attacks are too small to send on their own without including another input, be that another dust input or a regular input. Either way, you are revealing some information to the attacker.

Even if the dust is large enough to be sent on its own, then you could potentially still leak information. Such a service isn't going to be widely used, so if a bunch of dust outputs were all moved to the service in a relatively short space of time, say over a few hours or days, then that could indicate that they all belonged to the same person, especially if they all use the same transaction characteristics such as nLockTime and nSequence.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 17, 2020, 12:02:23 PM
#16
I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?
There's not much to leak if it's only one dust-transaction, right? Except for the fact that someone still has access to that address. (I'm ignoring the fact that it's too small to send)

Quote
That was the logic behind the NONE and ANYONECANPAY flags on Peter Todd's system. There is no transaction prior to large consolidation transaction including multiple users' inputs.
That does sound much cooler indeed, if I have the time I'll play around with it.
I'm far too paranoid to run this though:
Code:
Dust-B-Gone
===========

Cleans your Bitcoin Core wallet of unwanted dust.

Usage:

./dust-b-gone.py
legendary
Activity: 952
Merit: 1385
December 17, 2020, 11:17:04 AM
#15
I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?

What is wrong with it?
If the information about address is well known, so anyone may send dust, there is no leak, at least not the intended (several addresses sending dust in this same transaction). Or I am missing something?

The cost of using the collected dust later is something different.
legendary
Activity: 2268
Merit: 18748
December 17, 2020, 11:01:51 AM
#14
My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.
I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?

That was the logic behind the NONE and ANYONECANPAY flags on Peter Todd's system. There is no transaction prior to the large consolidation transaction including multiple users' inputs.
legendary
Activity: 952
Merit: 1385
December 17, 2020, 10:03:10 AM
#13
I've thought about creating a service for this for a while, but haven't found an easy way to make sure a Bitcoin address only gets shown once on a website. My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.

Would you like to resurrect this project?
I think it could be easily doable using bitcoinj library. PM me if you think it still makes sense.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 17, 2020, 07:27:36 AM
#12
For certain wallets, there are ways to just isolate the UTXO and ensure that your wallet will never attempt to spend it.
I've seen a locking/freezing feature for inputs (or addresses) in Bitcoin Core, Electrum and Coinomi. Once locked, you can't spend it without unlocking it. Don't forget you have to lock it again if you ever import your mnemonic into a new wallet.

Except for on mobile wallets I always use Coin Control, and if you manually select which inputs to use, you can add 546 sat to a bigger input on the same address as long if you can send with 1 sat/byte fee.
That being said, I've never received any free dust myself Sad

We do not currently have any "burning" option. One thing you can do is send your coins to an address nobody owns (create an empty wallet and send your dust there) or send it to the address from the first (Genesis) block (12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX).
I've thought about creating a service for this for a while, but haven't found an easy way to make sure a Bitcoin address only gets shown once on a website. My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.
legendary
Activity: 2268
Merit: 18748
December 17, 2020, 06:16:08 AM
#11
There was a service set up by Peter Todd several years ago to deal with dust outputs. It involved you signing a transaction spending all your dust using SIGHASH_NONE and SIGHASH_ANYONECANPAY, and then sending that unbroadcast transaction to a central server. Once many people had done this, all the transactions would be combined, spend all the inputs as a mining fee, and then broadcast.

The end result would be one big transaction spending all the dust from dozens of different users all at once, therefore making it impossible to link inputs together. The whole set up is not entirely unlike a coinjoin.

Unfortunately it is no longer active, I assume because of lack of use.

https://github.com/petertodd/dust-b-gone
legendary
Activity: 1134
Merit: 1598
December 17, 2020, 04:17:11 AM
#10
Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?
Electrum. After you set up your wallet, you have the "View" option in the top bar of the app and you can enable "Coins" from there. Then, switch to the Coins tab and you'll be able to freeze/unfreeze any output and/or address you want by right-clicking them and choosing the option you want.
legendary
Activity: 3472
Merit: 10611
December 17, 2020, 04:15:34 AM
#9
My point is - why not to send dust to some charity address. Or make a 'agreement' that everyone sends it to RedCross or sth like this.
The only "agreement" we can come up with is between users and the miners. All those receiving dust transactions can create a single transaction that contains all those dust inputs and pay the entire amount (which probably won't be bigger than 10 bucks) to that miner as fee.
Something like mining all those 1 satoshi 0 satoshi outputs a couple of years ago by I believe Antpool.
legendary
Activity: 952
Merit: 1385
December 17, 2020, 03:51:48 AM
#8

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them.
Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?

Possible in Electrum.
legendary
Activity: 2156
Merit: 2100
Marketing Campaign Manager |Telegram ID- @LT_Mouse
December 17, 2020, 03:51:07 AM
#7

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them.
Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?
legendary
Activity: 1134
Merit: 1598
December 17, 2020, 03:18:25 AM
#6
Or make a 'agreement' that everyone sends it to RedCross or sth like this.
We cannot make that an "agreement". What happens if RedCross loses ownership over the address within an year?

There are charities some people wouldn't want to send their money to. The point of BTC is providing the freedom of choice and being neutral and non-dependent; making some sort of agreement that everyone sends it to a specific organization is not very different to agreeing that Bitcoiners should all support the CCP.

Sending a few hundred satoshis to charity would do more bad than good. If they ever want to send a tx they'd want to be confirmed quickly and your dust is one of the inputs, they'll likely have to spend more on the fees for your input than the amount they received from you.
legendary
Activity: 952
Merit: 1385
December 17, 2020, 03:05:17 AM
#5
Sending the dust to a burn address is exactly what these dust attackers want you to do. Any movement of the dust reveals at least something about the address they sent it to, and since the vast majority of dust attacks are for 546 satoshi (or the equivalent dust limit for other address types), then you need to use another input from elsewhere to be able to pay the fee, thus revealing even more information. Sending the dust anywhere, even to a burn address, is the wrong course of action.

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them. If you get fed up of looking at them in your wallet, then move to a new wallet. Even better would be for wallets to offer the option of blacklisting such outputs, so they can never be spent and are hidden from being displayed altogether.

Ah ok. I see.

My point is - why not to send dust to some charity address. Or make a 'agreement' that everyone sends it to RedCross or sth like this.
But if it is not possible to send just a dust itself (547sat) then in fact it makes no sense, as you must 'add' something from yourself.
legendary
Activity: 2268
Merit: 18748
December 16, 2020, 03:17:19 PM
#4
Sending the dust to a burn address is exactly what these dust attackers want you to do. Any movement of the dust reveals at least something about the address they sent it to, and since the vast majority of dust attacks are for 546 satoshi (or the equivalent dust limit for other address types), then you need to use another input from elsewhere to be able to pay the fee, thus revealing even more information. Sending the dust anywhere, even to a burn address, is the wrong course of action.

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them. If you get fed up of looking at them in your wallet, then move to a new wallet. Even better would be for wallets to offer the option of blacklisting such outputs, so they can never be spent and are hidden from being displayed altogether.
legendary
Activity: 1134
Merit: 1598
December 16, 2020, 10:32:42 AM
#3
We do not currently have any "burning" option. One thing you can do is send your coins to an address nobody owns (create an empty wallet and send your dust there) or send it to the address from the first (Genesis) block (12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX).

EDIT: sending multiple dust to an unused or rarely used address could be a good hint that you're the owner of the said address! If that's a concern for you, send it to more-often used ones.

Also, sending the dust from different addresses at approximately the same time (or even within the same day) could also be a hint that you're the owner of the addresses. If you take a look at the recent history of the first address @ranochigo has given, you will notice that this is when the last 3 txs were received:
 - 12.05.2020
 - 11.11.2020
 - 10.04.2020

If you send multiple transactions to this address within the same day, someone will likely think it's the same owner who sent them. If you have Electrum, you could simply label them as "Dust" and freeze the coins&addresses instead. Sometimes it's better to just leave it.


Other than that, if the dust is worth more than a few thousand satoshis, you could consider supporting some Bitcoin devs or sending them to a charity.
Pages:
Jump to: