Oddbean new post about | logout
 Glad we can finally have this open conversation:

"Both Samourai & Wasabi attempt to make this type of attack expensive by incorporating a coinjoin fee."

This is incorrect.  In Samourai’s Whirlpool, the attack victims pay the fees for the block space consumed by attackers since the attacker only pays in their the initial round.  In Wasabi, attackers must ALWAYS pay for their own block space.

"Wasabi actually has a reverse incentive that rewards them with higher fee revenue if they attempt to sybil or pump liquidity into the system since fees by users scale up with the number of utxos in a round."

This is an implementation detail that is no longer the case in Wasabi 2.0.  Instead, there’s a flat 0.3% fee (only charged on inputs over 1 million sats) and never any coordinator fee for remixing.

"Wasabi is also setup in a way that allows participants to choose which rounds they participate in which can allow an external sybil attacker to pick and choose which rounds to attack based on their desired target. This reduces the cost of an attempted sybil attack. Samourai on the other hand does not allow users to choose their rounds. Round selection is random."

This is incorrect, in Samourai, round selection is not random, it is performed by a trusted third party.

"Furthermore, if you attempt to run multiple clients simultaneously - which is what an attacker would do - you pay a higher effective fee then if you run a single client."

This is incorrect.  If you split into more UTXOs to enter a smaller pool instead of a larger pool, Samourai charges a lower coordinator fee percentage.  This gives Sybil attackers who want to flood the queue an economic advantage over users who are trying to gain privacy.

"Another important piece of information is that the more coinjoin rounds you do, the more difficult it is to be the victim of a sybil attack since the attacker will need to be in every round. Samourai provides an incentive to remix while remixing in wasabi costs more in fees."

As mentioned before, Whirlpool is uniquely vulnerable to Sybil attacks because the attack victims pay for the block space used by the attackers.  In Wasabi, block space is always paid for by the user who consumes it, fixing this misaligned incentive.

"There are two types of samourai users. Those who use their own node and those who trust samourai's node. If you don't use your own node then you trust samourai with your transaction history but not IP address(es) since the wallet defaults to Tor."

This is incorrect, Samourai has Tor off by default.