Hi everyone. I thought I'd make some sense of the work that Chaeplin has done on XC. (Summary:
https://bitcointalksearch.org/topic/m.7270701.)
First, this is what ATCSECURE provided:
- Sender address: ?
- Wallet B: XYyMMG1VQHyRhAQWGdRQ9AEfdwSuG7w18G
- Wallet C: XZvkTGD9hMiRuMByqCkHgRTNAu5J5fWnJV
- Recipient address: XVrqrpe2ZDmykAnjcAHN6McbuDEjBZSvRZ
- Payment process: "The mixer tells the [sender address] to send coins to wallet b, however wallet C is used to send coins to the [recipient address], there is NO link from wallet B to wallet C unless somebody manually moves the coins from C to B."
- Aspect of payment being tested: the assertion that there is no link in the Blockchain from Wallet B to Wallet C. Testers are required to falsify this claim in order to receive a bounty.
This is what Chaeplin did:
1. He utilised a technique known as "Satoshi Spam," which is a matter of sending tiny amounts to addresses. One can use this to watch where the money flows in order to work out which addresses have common ownership.
2. Satoshi Spam is based on the pre-coinjoin principle that, given a transaction with multiple inputs and a single output, it follows that the inputs are owned by the same entity. For example, if 7 addresses were spammed with BTC 0.000001 and then all of these addresses were used to pay the resulting amount to another address, one can thereby conclude that the 7 addresses are owned by one person, and in all likelihood are in the same wallet.
3. However, coinjoin falsifies the assumption behind Satoshi Spam because coinjoin uses input addresses owned by several parties are to pay one or more recipient addresses. Thus if coinjoin is even partly implemented for a given coin, it becomes false to assume that one party owns the input addresses, since it's possible that there could be several owners.
4. Chaeplin implemented Satoshi Spam by sending small amounts to Wallet B and Wallet C.
5. His intention was to watch the blockchain to see where the amounts he sent to Wallets B and C would end up when the wallets spent the money.
6. His observation of the blockchain revealed the following information:
- Wallets B and C sent payments somewhere, but the outputs are not given in the blockchain
- Wallets B and C also paid transaction fees for the payments, but the addresses they're paid to are not given in the blockchain
7. With this information, Chaeplin constructs the following account:
- Once Wallets B and C spend the money sent to them, the transaction is recorded in the blockchain, though the recipient address is not.
- Nonetheless, he has a record that Wallets B and C spent the money.
- On one occasion, Wallet B spends money, and at a similar time, Wallet C pays a transaction fee.
- Therefore Wallets B and C are owned by the same entity.
8. However this is obviously false, because:
- there's no record in the blockchain linking Wallet B's transaction with Wallet C's transaction fee.
- there's no record in the blockchain that a single address received the money that Wallets B and C spent.
Therefore Chaeplin did not establish proof of a link between Wallets B and C.
Additional comments:
- This analysis is tentative. I might be incorrect about what Chaeplin did. He does not explain why he pastes code and blockchain records in his comments, so it's impossible to be certain about what is argument actually is. I've tried to reconstruct his thought process from what he posted.
- Chaeplin appears to have only a vague grasp of the strategy behind Satoshi Spam. Just as it is ineffective when coinjoin is implemented, it is ineffective when output addresses are not shown, as with XC.
- Chaeplin has clearly shown that a payment from Wallet B and another payment (probably a transaction fee) from Wallet C co-occurred.
- However Chaeplin conflates co-occurrence with a "hard link". Just because a payment from one address and a fee from another address appear in a blockchain at similar times, it does not entail that the two are associated in any way. Even if the blockchain was brand new and consisted of only these two payments, this implication would not be established. Co-occurrence is categorically distinct from a record that one address paid another.
- However in my opinion it would be wrong to conclude that Chaeplin is a fudder, since we do not have a "hard link" proving his intentions. There is evidence, sure, but let's not make Chaeplin's mistake of conflating possibility with certainty. We would act honourably by giving him the benefit of the doubt. And in acting honourably, we raise the ethic of this thread, which makes XC's community more attractive. Let's do XC proud.
Your statement is wrong.
You explain exactly, spamming and common ownership.
Xc hasn't implemented coinjoin yet
(May be I am wrong)
So, if outputs of two tx are spent in a single tx, B and C is belong to single entity.
...
This is the single tx, I provided. check blcok no. 29113
http://chainz.cryptoid.info/xc/tx.dws?97299.htmCheck input index 14, 18
ndex Previous output Address Amount
14 d191290208e3...:1 XYyMMG1VQHyRhAQWGdRQ9AEfdwSuG7w18G 0.03 XC
18 c352aeeeaea9...:1 XYyMMG1VQHyRhAQWGdRQ9AEfdwSuG7w18G 0.003 XC
Chaeplin I've just discovered something that establishes the "proof" you are looking for (though it's not yet sufficient). And for this the community is grateful.
You asked us to check indices 14 and 18 on block 29113 (
http://chainz.cryptoid.info/xc/tx.dws?97299.htm). However you should have asked us to check indices 9 and 14:
- In index 9, the input address is XZvkTGD9hMiRuMByqCkHgRTNAu5J5fWnJV, which is wallet C.
- In index 14, the input address is XYyMMG1VQHyRhAQWGdRQ9AEfdwSuG7w18G, which is wallet B.
- They have common outputs, establishing that they are owned by the same entity.
The question now is: how does this impact ATCsecure's test?
Here is the scenario, now updated to include your work:
1. The blockchain reveals that the sender paid wallet B, and wallet C paid the recipient.
2. Your satoshi spamming reveals that wallets B and C are owned by the same entity.
3. Since wallets B and C are owned by the same entity, either:
3a. the owner of wallets B and C passed on a payment to the recipient on behalf of the sender.
3b. the sender paid the owner of wallets B and C for something, and the owner of the wallets then, independently, made a payment to wallet D for something else entirely.
4. If 3b is the case, then it is not true that the sender paid the recipient.
5. Nobody can eliminate the possibility that 3b is the case.
6. Therefore there is no proof that the sender paid the recipient.
Conclusion:
In other words, even though you have a "hard link" on the blockchain proving common ownership of wallets B and C, there is no "hard link" proving that wallet A paid wallet D, since it is possible that 3b is the case.
The bounty was to prove that wallet A paid wallet D. You have not proved this.
In addition you have not found the sender's address.
However I think you have made a substantial contribution to the conversation about XC's design. I think that the dev team will value your work and will use it to continue to improve XC's anonymity. (For example, xnodes could be designed to not use multiple inputs when making payments). so thank you very much for your contribution. I hope you will continue to support XC!
I understand that English is not your first language, but in future please try to state your argument in plain English. Otherwise it is very, very hard to understand what you are saying. It is not sufficient to just paste code or links. You need to explain why.
P.S. I might be mistaken about all this. Anyone, please correct me if I'm wrong.
