Sybil attacks are an inherent threat to privacy in mixing schemes because a transaction between n apparent participants n − 1 of which are controlled by an attacker will fully link the victim’s coins on both sides of the coinjoin while giving the impression that the victim’s privacy has been improved.
Wabisabi
Section 7.2.2 in Wabisabi paper describes sybil attacks although the implementation does not provide resistance to these attacks. The attacker would need enough inputs in a coinjoin transactions and pay fees.
The coordinator with the highest liquidity currently does not charge a coordinator fee.
Since WabiSabi is a coinjoin implementation based on centralized coordinator, a user must also trust the coordinator not to link inputs and outputs.
Joinmarket
Joinmarket uses fidelity bonds for sybil resistance. This requires market makers to lock some bitcoin hence it increases the cost of sybil attack.
Joinstr
Joinstr uses aut-ct as the primary mechanism for sybil resistance, however fidelity bonds can also be used with aut-ct. There is an initiator who creates the pool and adds sybil requirements to join the pool. Everyone (maker and takers) needs to provide the proof for a successful coinjoin.
There is enough freedom for initiators to add different conditions for aut-ct. Example: Prove ownership of a UTXO with certain amount, age etc. This isn’t the UTXO which will be used for coinjoin. It isn’t possible in joinmarket with the protocol used right now. Another thing that makes it easier to provide liquidity while still resisting sybil attacks is that nobody needs to lock bitcoin.
Members need to pay a fee before joining a pool that uses paid nostr relay in joinstr. This isn’t the case with other coinjoin implementations.
Example:
- Alice creates a pool with
- Bob and Carol join the pool
- Everyone shares aut-ct proof that proves they own a P2TR UTXO worth 0.1-0.2 BTC that is unspent until last block and aged more than 2016 blocks
- Alice creates a pool with
JM=True because she already has a fidelity bond and using it for Joinmarket- Bob and Carol join the pool
- Everyone shares aut-ct proof that proves they own a P2TR UTXO worth 0.1-0.2 BTC that is unspent until last block and aged more than 2016 blocks
I have shared other details in an earlier post:
5 October 2024
Joinmarket is based on maker-taker model and market makers offer liquidity for coinjoin. They get free coinjoin and earn fees from offers. Fidelity bonds are used for sybil resistance and makers lock some bitcoin while creating offers.
Conclusion
Wabisabi is vulnerable to sybil attacks. Sybil resistance in joinmarket is good enough as it increases the cost of the attack. However, joinstr provides the best sybil resistance among all the coinjoin implementations.