Hi everyone. I thought I'd make some sense of the work that Chaeplin has done on XC. (Summary:
https://bitcointalksearch.org/topic/m.7270701.)
First, this is what ATCSECURE provided:
- Sender address: ?
- Wallet B: XYyMMG1VQHyRhAQWGdRQ9AEfdwSuG7w18G
- Wallet C: XZvkTGD9hMiRuMByqCkHgRTNAu5J5fWnJV
- Recipient address: XVrqrpe2ZDmykAnjcAHN6McbuDEjBZSvRZ
- Payment process: "The mixer tells the [sender address] to send coins to wallet b, however wallet C is used to send coins to the [recipient address], there is NO link from wallet B to wallet C unless somebody manually moves the coins from C to B."
- Aspect of payment being tested: the assertion that there is no link in the Blockchain from Wallet B to Wallet C. Testers are required to falsify this claim in order to receive a bounty.
This is what Chaeplin did:
1. He utilised a technique known as "Satoshi Spam," which is a matter of sending tiny amounts to addresses. One can use this to watch where the money flows in order to work out which addresses have common ownership.
2. Satoshi Spam is based on the pre-coinjoin principle that, given a transaction with multiple inputs and a single output, it follows that the inputs are owned by the same entity. For example, if 7 addresses were spammed with BTC 0.000001 and then all of these addresses were used to pay the resulting amount to another address, one can thereby conclude that the 7 addresses are owned by one person, and in all likelihood are in the same wallet.
3. However, coinjoin falsifies the assumption behind Satoshi Spam because coinjoin uses input addresses owned by several parties are to pay one or more recipient addresses. Thus if coinjoin is even partly implemented for a given coin, it becomes false to assume that one party owns the input addresses, since it's possible that there could be several owners.
4. Chaeplin implemented Satoshi Spam by sending small amounts to Wallet B and Wallet C.
5. His intention was to watch the blockchain to see where the amounts he sent to Wallets B and C would end up when the wallets spent the money.
6. His observation of the blockchain revealed the following information:
- Wallets B and C sent payments somewhere, but the outputs are not given in the blockchain
- Wallets B and C also paid transaction fees for the payments, but the addresses they're paid to are not given in the blockchain
7. With this information, Chaeplin constructs the following account:
- Once Wallets B and C spend the money sent to them, the transaction is recorded in the blockchain, though the recipient address is not.
- Nonetheless, he has a record that Wallets B and C spent the money.
- On one occasion, Wallet B spends money, and at a similar time, Wallet C pays a transaction fee.
- Therefore Wallets B and C are owned by the same entity.
8. However this is obviously false, because:
- there's no record in the blockchain linking Wallet B's transaction with Wallet C's transaction fee.
- there's no record in the blockchain that a single address received the money that Wallets B and C spent.
Therefore Chaeplin did not establish proof of a link between Wallets B and C.
Additional comments:
- This analysis is tentative. I might be incorrect about what Chaeplin did. He does not explain why he pastes code and blockchain records in his comments, so it's impossible to be certain about what is argument actually is. I've tried to reconstruct his thought process from what he posted.
- Chaeplin appears to have only a vague grasp of the strategy behind Satoshi Spam. Just as it is ineffective when coinjoin is implemented, it is ineffective when output addresses are not shown, as with XC.
- Chaeplin has clearly shown that a payment from Wallet B and another payment (probably a transaction fee) from Wallet C co-occurred.
- However Chaeplin conflates co-occurrence with a "hard link". Just because a payment from one address and a fee from another address appear in a blockchain at similar times, it does not entail that the two are associated in any way. Even if the blockchain was brand new and consisted of only these two payments, this implication would not be established. Co-occurrence is categorically distinct from a record that one address paid another.
- However in my opinion it would be wrong to conclude that Chaeplin is a fudder, since we do not have a "hard link" proving his intentions. There is evidence, sure, but let's not make Chaeplin's mistake of conflating possibility with certainty. We would act honourably by giving him the benefit of the doubt. And in acting honourably, we raise the ethic of this thread, which makes XC's community more attractive. Let's do XC proud.
