Burning dust | Bitcointalksearch.org

dansus021

copper member

Activity: 1988

Merit: 905

Part of AOBT - English Translator to Indonesia

Quote from: ranochigo on December 16, 2020, 11:31:15 AM

I don't think deanonymizing dust attacks are extremely common but I doubt there is a surefire way to differentiate pure spam and such attacks.

You can definitely "burn" the dust by sending it to a known burn address like 1CounterpartyXXXXXXXXXXXXXXXUWLpVr, 1111111111111111111114oLvT2 , etc. Or else, you can burn it using OP_return which eliminates the UTXO from the chainstate for everyone and doesn't provide additional bloat.

I think the problem lies with the economics of doing so. For some dust transactions, it'll possibly cost more than the dust itself to send and make sure that it confirms. For certain wallets, there are ways to just isolate the UTXO and ensure that your wallet will never attempt to spend it.

Agreed send coin from dust address to 1 address cost you more for fee especially right now high fee + Bitcoin price higher

i mean why OP need burn dust address

mostly wallet that have below 1$ is already thrown away by his owner Cheesy

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: toroidmonster24 on May 06, 2021, 05:34:24 PM

Isn't that still a risk because once the dust lands on your coins someone can still look up address history and see your coins moving away to a new address?

Transaction history of any address is already visible to everyone who has access to the blockchain, which is basically anyone who runs a full node or can open a block explorer website. Receiving dust spam doesn't change that.

The way dust attack works is that it forces the wallet receiving the dust in lets say address A to have to mix address A with another address like B to be able to spend the dust output received in A which effectively links A and B and invades the privacy of the owner of that wallet.

If address A and B are already linked or you don't care about your privacy then you have nothing to worry about apart from the possible increased fee you'll have to pay to include that dust output in your next transaction. The solution is to freeze that output so that the wallet doesn't spend it ever and always use coin control features that your wallet offers (or use a wallet that does) to manually select or check all outputs being spent.

toroidmonster24

newbie

Activity: 17

Merit: 0

Sorry for bumping this up, but let's say you have an address with some coins on it but dust lands on it. What do you do when you need to move the coins? Do you do something like this?

Your coins => New address

Dust => Throwaway address

Isn't that still a risk because once the dust lands on your coins someone can still look up address history and see your coins moving away to a new address?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: PawGo on December 17, 2020, 01:30:12 PM

AFAIK now 547 is the limit.

546 sats is the lower limit for P2PKH transactions, and 294 sats is the lower limit for SegWit transactions.

The relevant code and a nice explanation is viewable here: https://github.com/bitcoin/bitcoin/blob/143bd108ed6626405b0361c9939a8e1bf6cfc3d2/src/policy/policy.cpp#L16

PawGo

legendary

Activity: 952

Merit: 1367

Quote from: o_e_l_e_o on December 17, 2020, 01:16:43 PM

Yeah, my main concern would be that most dust attacks are too small to send on their own without including another input, be that another dust input or a regular input. Either way, you are revealing some information to the attacker.

Yep, if you pay the fee from the dust, the rest is too small to be send and is rejected by servers. AFAIK now 547 is the limit.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: PawGo on December 17, 2020, 12:17:04 PM

If the information about address is well known, so anyone may send dust, there is no leak, at least not the intended (several addresses sending dust in this same transaction). Or I am missing something?

Quote from: LoyceV on December 17, 2020, 01:02:23 PM

(I'm ignoring the fact that it's too small to send)

Yeah, my main concern would be that most dust attacks are too small to send on their own without including another input, be that another dust input or a regular input. Either way, you are revealing some information to the attacker.

Even if the dust is large enough to be sent on its own, then you could potentially still leak information. Such a service isn't going to be widely used, so if a bunch of dust outputs were all moved to the service in a relatively short space of time, say over a few hours or days, then that could indicate that they all belonged to the same person, especially if they all use the same transaction characteristics such as nLockTime and nSequence.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on December 17, 2020, 12:01:51 PM

I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?

There's not much to leak if it's only one dust-transaction, right? Except for the fact that someone still has access to that address. (I'm ignoring the fact that it's too small to send)

Quote

That was the logic behind the NONE and ANYONECANPAY flags on Peter Todd's system. There is no transaction prior to large consolidation transaction including multiple users' inputs.

That does sound much cooler indeed, if I have the time I'll play around with it.
I'm far too paranoid to run this though:

Code:

Dust-B-Gone
===========

Cleans your Bitcoin Core wallet of unwanted dust.

Usage:

./dust-b-gone.py

PawGo

legendary

Activity: 952

Merit: 1367

Quote from: o_e_l_e_o on December 17, 2020, 12:01:51 PM

I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?

What is wrong with it?
If the information about address is well known, so anyone may send dust, there is no leak, at least not the intended (several addresses sending dust in this same transaction). Or I am missing something?

The cost of using the collected dust later is something different.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: LoyceV on December 17, 2020, 08:27:36 AM

My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.

I'm not sure I follow your logic here. If people have to send their dust to an address you provide, then you've already given the attackers what they want - the dust to move in a transaction. Even if you don't move the dust until you have 200 inputs to consolidate, the information has already been leaked by the first transaction, no?

That was the logic behind the NONE and ANYONECANPAY flags on Peter Todd's system. There is no transaction prior to the large consolidation transaction including multiple users' inputs.

PawGo

legendary

Activity: 952

Merit: 1367

Quote from: LoyceV on December 17, 2020, 08:27:36 AM

I've thought about creating a service for this for a while, but haven't found an easy way to make sure a Bitcoin address only gets shown once on a website. My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.

Would you like to resurrect this project?
I think it could be easily doable using bitcoinj library. PM me if you think it still makes sense.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: ranochigo on December 16, 2020, 11:31:15 AM

For certain wallets, there are ways to just isolate the UTXO and ensure that your wallet will never attempt to spend it.

I've seen a locking/freezing feature for inputs (or addresses) in Bitcoin Core, Electrum and Coinomi. Once locked, you can't spend it without unlocking it. Don't forget you have to lock it again if you ever import your mnemonic into a new wallet.

Except for on mobile wallets I always use Coin Control, and if you manually select which inputs to use, you can add 546 sat to a bigger input on the same address as long if you can send with 1 sat/byte fee.
That being said, I've never received any free dust myself Sad

Quote from: 20kevin20 on December 16, 2020, 11:32:42 AM

We do not currently have any "burning" option. One thing you can do is send your coins to an address nobody owns ~~(create an empty wallet and send your dust there)~~ or send it to the address from the first (Genesis) block (12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX).

I've thought about creating a service for this for a while, but haven't found an easy way to make sure a Bitcoin address only gets shown once on a website. My idea was to provide a list of unique Bitcoin addresses anyone can use to send their dust to, and I promise not to move the funds until there are a. at least 200 inputs or b. 10 years have passed.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

There was a service set up by Peter Todd several years ago to deal with dust outputs. It involved you signing a transaction spending all your dust using SIGHASH_NONE and SIGHASH_ANYONECANPAY, and then sending that unbroadcast transaction to a central server. Once many people had done this, all the transactions would be combined, spend all the inputs as a mining fee, and then broadcast.

The end result would be one big transaction spending all the dust from dozens of different users all at once, therefore making it impossible to link inputs together. The whole set up is not entirely unlike a coinjoin.

Unfortunately it is no longer active, I assume because of lack of use.

https://github.com/petertodd/dust-b-gone

20kevin20

legendary

Activity: 1134

Merit: 1597

Quote from: Little Mouse on December 17, 2020, 04:51:07 AM

Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?

Electrum. After you set up your wallet, you have the "View" option in the top bar of the app and you can enable "Coins" from there. Then, switch to the Coins tab and you'll be able to freeze/unfreeze any output and/or address you want by right-clicking them and choosing the option you want.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: PawGo on December 17, 2020, 04:05:17 AM

My point is - why not to send dust to some charity address. Or make a 'agreement' that everyone sends it to RedCross or sth like this.

The only "agreement" we can come up with is between users and the miners. All those receiving dust transactions can create a single transaction that contains all those dust inputs and pay the entire amount (which probably won't be bigger than 10 bucks) to that miner as fee.
Something like mining all those 1 satoshi 0 satoshi outputs a couple of years ago by I believe Antpool.

PawGo

legendary

Activity: 952

Merit: 1367

Quote from: Little Mouse on December 17, 2020, 04:51:07 AM

Quote from: o_e_l_e_o on December 16, 2020, 04:17:19 PM

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them.

Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?

Possible in Electrum.

Little Mouse

legendary

Activity: 1960

Merit: 1908

Marketing Campaign Manager |Telegram ID- @LT_Mouse

Quote from: o_e_l_e_o on December 16, 2020, 04:17:19 PM

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them.

Which wallet give this feature? I can't remember if I have seen anything like this in electrum. As far as I know, certain address can be freezed but not sure about freezing unspent output. Can you recommend one?

20kevin20

legendary

Activity: 1134

Merit: 1597

Quote from: PawGo on December 17, 2020, 04:05:17 AM

Or make a 'agreement' that everyone sends it to RedCross or sth like this.

We cannot make that an "agreement". What happens if RedCross loses ownership over the address within an year?

There are charities some people wouldn't want to send their money to. The point of BTC is providing the freedom of choice and being neutral and non-dependent; making some sort of agreement that everyone sends it to a specific organization is not very different to agreeing that Bitcoiners should all support the CCP.

Sending a few hundred satoshis to charity would do more bad than good. If they ever want to send a tx they'd want to be confirmed quickly and your dust is one of the inputs, they'll likely have to spend more on the fees for your input than the amount they received from you.

PawGo

legendary

Activity: 952

Merit: 1367

Quote from: o_e_l_e_o on December 16, 2020, 04:17:19 PM

Sending the dust to a burn address is exactly what these dust attackers want you to do. Any movement of the dust reveals at least something about the address they sent it to, and since the vast majority of dust attacks are for 546 satoshi (or the equivalent dust limit for other address types), then you need to use another input from elsewhere to be able to pay the fee, thus revealing even more information. Sending the dust anywhere, even to a burn address, is the wrong course of action.

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them. If you get fed up of looking at them in your wallet, then move to a new wallet. Even better would be for wallets to offer the option of blacklisting such outputs, so they can never be spent and are hidden from being displayed altogether.

Ah ok. I see.

My point is - why not to send dust to some charity address. Or make a 'agreement' that everyone sends it to RedCross or sth like this.
But if it is not possible to send just a dust itself (547sat) then in fact it makes no sense, as you must 'add' something from yourself.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Sending the dust to a burn address is exactly what these dust attackers want you to do. Any movement of the dust reveals at least something about the address they sent it to, and since the vast majority of dust attacks are for 546 satoshi (or the equivalent dust limit for other address types), then you need to use another input from elsewhere to be able to pay the fee, thus revealing even more information. Sending the dust anywhere, even to a burn address, is the wrong course of action.

The correct course of action is to use a wallet which will let you simply freeze those outputs and never spend them. If you get fed up of looking at them in your wallet, then move to a new wallet. Even better would be for wallets to offer the option of blacklisting such outputs, so they can never be spent and are hidden from being displayed altogether.

20kevin20

legendary

Activity: 1134

Merit: 1597

We do not currently have any "burning" option. One thing you can do is send your coins to an address nobody owns ~~(create an empty wallet and send your dust there)~~ or send it to the address from the first (Genesis) block (12c6DSiU4Rq3P4ZxziKxzrL5LmMBrzjrJX).

EDIT: sending multiple dust to an unused or rarely used address could be a good hint that you're the owner of the said address! If that's a concern for you, send it to more-often used ones.

Also, sending the dust from different addresses at approximately the same time (or even within the same day) could also be a hint that you're the owner of the addresses. If you take a look at the recent history of the first address @ranochigo has given, you will notice that this is when the last 3 txs were received:
- 12.05.2020
- 11.11.2020
- 10.04.2020

If you send multiple transactions to this address within the same day, someone will likely think it's the same owner who sent them. If you have Electrum, you could simply label them as "Dust" and freeze the coins&addresses instead. Sometimes it's better to just leave it.

Other than that, if the dust is worth more than a few thousand satoshis, you could consider supporting some Bitcoin devs or sending them to a charity.

Topic: Burning dust (Read 296 times)