Serverless Payjoin Protocol Design

In the realm of enhancing privacy and security within online transactions, particularly those utilizing payjoin protocols, there arises a notable concern regarding oblivious HTTP relay timing attacks. These attacks leverage the timing of traffic between sender and receiver to potentially correlate their IP addresses, despite efforts to obscure them through the use of OHTTP proxies and payjoin relays. A challenging aspect of this situation is that if both parties involved in a transaction are utilizing the same OHTTP proxy, the timing of their communication may provide enough information for the proxy to link their IP addresses.

A critical strategy for countering such vulnerabilities involves bolstering the adoption of an updated version of the payjoin protocol, referred to as payjoin v2. The rationale behind this approach is that widespread adoption would likely lead to increased traffic and diversity in the usage patterns, making it more difficult for potential attackers to correlate specific pairs of users based on timing analysis alone.

To further mitigate the risks associated with timing attacks while simultaneously encouraging broader use of the protocol, it has been proposed that services which are already familiar with their clients' IP addresses (for example, BitMask, BullBitcoin, Boltz) could take on the responsibility of operating their own OHTTP proxies. In addition, they could appoint external parties to manage the payjoin relays. This structure aims to obscure the correlation between senders and receivers since the service itself may recognize a connection but the payjoin relay would not.

Moreover, three specific technical adjustments are suggested to reduce the feasibility of timing attacks: transitioning from long-polling mechanisms to regular HTTP polling, introducing random delays in the processing of transactions, and moving towards the utilization of larger third-party OHTTP proxies that handle a more substantial volume of traffic. The introduction of random delays is particularly emphasized as a measure that, if adequately implemented, could prevent attackers from gathering sufficient data to effectively analyze and identify the behavior of specific transaction participants. This trio of solutions presents a multifaceted approach to safeguarding user anonymity in payjoin transactions by diluting the reliability of timing-based attack methods.