UTXO probing attack using payjoin

In the realm of Bitcoin development, a notable discourse revolves around the privacy implications and vulnerabilities associated with Payjoin transactions, particularly focusing on UTXO (Unspent Transaction Output) probing attacks. These concerns stem from the inherent functionality of Payjoin, which, while designed as a privacy-enhancing tool, inadvertently opens avenues for attackers to probe for UTXOs within a recipient's wallet without necessarily executing a transaction. This form of attack, detailed in BIP 77-78, capitalizes on the privacy guise provided by Payjoin to discreetly ascertain information about a recipient's wallet contents.

The countermeasures against such probing attempts involve nuanced strategies that both the sender and recipient can employ to safeguard their transaction privacy. One critical defense mechanism highlighted is the recipient's ability to validate and potentially broadcast the initial transaction request made by the sender, even if the latter aborts the Payjoin process. This not only acts as a deterrent but also introduces potential costs and risks for the attacker, thereby complicating the execution of a successful UTXO probing attack. Additionally, maintaining a record of 'seen inputs' could further enhance the detectability of probing attempts, making it more challenging for attackers to exploit Payjoin transactions without being noticed.

Despite these defensive strategies, the dialogue underscores the importance of vigilance among users regarding the privacy trade-offs associated with using Payjoin. The recommendation to limit Payjoin transactions to trusted parties emerges as a prudent approach to mitigating the risks of UTXO probing. Moreover, the discussion includes practical insights derived from tests conducted using the bullbitcoin wallet, which supports Payjoin v2 and testnet3, demonstrating the feasibility and implications of UTXO probing in a controlled environment. The shared demo provides a comprehensive overview of the issue, offering valuable information to users on how to navigate the complexities of Payjoin transactions while being mindful of their privacy.