UTXO probing attack using payjoin

The discussion highlights several aspects of Payjoin transactions and their implications for user privacy and the technical challenges they pose. In Payjoin transactions, the visibility of payment outputs by the sender, which could potentially link to the receiver's other transactions and coins, is considered a significant concern. This issue pertains to all on-chain wallets, regardless of whether they support Payjoin or not, unless measures like Coinswap are employed after each transaction to enhance privacy. The critique extends to the user experience (UX) of wallets supporting Payjoin, emphasizing the need for better education on the nuanced nature of privacy, rather than viewing it as a binary attribute.

The conversation also delves into the risks associated with UTXO (Unspent Transaction Output) enumeration in the context of clustering and deanonymization attacks. Such risks are not exclusive to Payjoin but also apply to other transaction methods like lightning dual funding and coordinated Coinjoins, where relatedness of coins can be revealed. This points to a broader challenge of effectively communicating the complexities and trade-offs of privacy tools to non-technical users.

Furthermore, the email references the payjoin protocol specifications outlined in BIP 79, BIP 78, and BIP 77, mentioning how these protocols address the issue of UTXO probing attacks. Specifically, it mentions that such probing isn't costless for attackers, as sending a fully signed transaction to learn about a UTXO incurs a fee. This mechanism introduces a financial disincentive for potential attackers, thereby attempting to minimize trust assumptions and limit information leaks through careful implementation by the receivers. The links to the mentioned BIPs provide detailed insights into the technical specifications and considerations for implementing Payjoin transactions: BIP 79, BIP 78, and BIP 77.

This summary encapsulates the concerns and suggestions raised in the discussion regarding the impact of Payjoin on privacy and security, highlighting the importance of educating users, mitigating risks through technical solutions, and the continuous evolution of protocols to address emerging challenges.