pull down to refresh
0 sats \ 6 replies \ @ZezzebbulTheMysterious 26 Mar \ on: Dust Attack explained bitcoin
I really have my doubts about the value of dusting for tx graph discovery.
An adversary already knows the full tx graph, it’s a transparent ledger!
I don’t think one can learn anything you couldn’t already see onchain. You can see where every sat is locked anyway!
I’ve def had had dust on the old addrs. I always do coin control and leave the old utxos. It might have value to see that an old addr was used in the past — but again, transparent ledger and full tx graph. It’s there for all eternity.
An adversary already knows the full tx graph, it’s a transparent ledger! I don’t think one can learn anything you couldn’t already see onchain. You can see where every sat is locked anyway!
You don’t know the relationship between transactions.
But if I send you a few sats and later you buy something for 1m sats and you include the dust I sent you in the inputs, I can tell that you bought something for 1m sats. If you don’t include my dust, I can’t tell.
reply
Yes you can tell! You watch the address and see where the funds go. You learn nothing by dusting that you couldn’t already see.
reply
You don't understand it.
The receiver likely generates a new address each time.
When you ask someone for an address, the person will give you a virgin address.
The attacker wants to know THE OTHER addresses of the victim.
When the victim spends from that wallet the virgin address and the others will become visibly linked so that you know more about the victim's true bitcoin balance
reply
Yes, which would be visible on the blockchain. The linking occurs from spending, its nothing to do with the dust. Its a marker that doesn't really add much.
You see the source, and the destination of all sats. If you watch an address (the same as dusting), you learn exactly the same thing you would learn without the dusting.
reply
reply
I thought about this and I understand where the misunderstanding is.
I hope if a future reader finds this they understand this concept better.
I think the exactly scenario on this is poorly documented about the dust attack in general.
As written and described most places, its a redundant attack for the reasons I have specified -- the attacker learns nothing additional. Most write ups seem to treat the dust as a "marker", but we don't need to mark things on transparent blockchains, however, we might want to force a certain broken wallet behavior that links addresses.
How much in practice this wallet behavior manifests is dubious too IMHO due to the uneconomical nature of spending dust. In most cases a wallet with sufficient spendable UTXOs is not going to start digging up old dust from other addresses to stuff into inputs.
The nuance is in combining dust, -- but only from an address with no other associated UTXOs (eg balance is just dust). Consider:
Address A and B, and C. A and B are controlled by the target, and C is a 3rd party seller.
There is UTXO uA and uB. uA is 1m sat. uB is 1m sat.
Attacker dusts A and B and generates new UTXOs uA' and uB' of 546 sat each.
If someone wanted to pay ~2m sat (-fees) to C, the attacker learns nothing additional from inputs (uA+uB+uA'+uB')->C, Likewise for (uA+uB+uA')->C or (uA+uB+uB')->C or (uA+uB)->C. This is what I am referring to, and the most likely combination of UTXOs in wallets in practice.
However, lets say in this scenario uB=0s, eg: balance(B)=546s, and we want to send 1m sat to C.
The wallet would have to calculate the optimal tx as:
(uA+uB')->C
[which would very likely be uneconomical vs including another larger UTXO]
Yes, the attacker is learning that A and B are related, assuming uB was spent early on another unrelated transaction. That would not be apparent from the transaction ledger.
Be careful with dust. You can spend dust from an address safely as long as it only contains the same address as the inputs. eg: (uA+uA')->C.
Or is a one of more dusts to the same address. eg: (uA' + uA'')->C.
The attacker learns nothing.
As long as the dust address is also the 'main funds' address, its just reducing the UTXO set.
Spending unrelated dust is leaking a wallet/key relationship that would not be observable otherwise.
eg: (uA+uB')->C, attacker learns A and B are in the same key set.
reply