Wasabi and Samourai Wallets - Reading Assignment

Privacy Coins - Ultimate Course
#83
  • They run on the same base protocol.
  • Small group of users creates identities and pretends to larger. Users become less anonymous
  • It does not use a backend server to process public keys.
  • It makes Sybil attacks more expensive.
#84

  1. How are Wasabi and Samourai wallets related?
    at one point in time, Samourai and Wasabi were the same application.
    Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.

  2. What is a ‘Sybil attack’?
    a small number of users falsifies new identities and pretends to be much larger in number

  3. How does Samourai protect against Sybil attacks?
    Samourai’s implementation of ZeroLink (called Whirlpool) has a different pricing mechanism than Wasabi, though this is not the only difference between the two wallet applications. As a result, SW maintains that Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.

  4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    anonymity using Whirlpool can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys.

#85

  1. the 2 main developers worked together but later split (over coinjoin implementation)

  2. a small group of users falsifies identities to appear as a large group of users and then attack

  3. Wasabi hides your utxo with around 100 others to give you more anonymity.

  4. more expensive to hack, but Whirlpool can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys.

1 Like
#86
  1. They both work together to solve the CoinJoin issue for privacy.
  2. Sybil attack is way to infiltrate the mixing process through cheap identities makeup that link to not trusted entities.
  3. Samourai use a feature called (ZeroLink) or whirlpool to mitigate the sybil attack.
  4. The trade off is hosting the pubkey of users at their backend server which may compromised due to its centralized nature.
  5. Because its not a privacy feature if its centralized.
#87
  1. How are Wasabi and Samourai wallets related? At one point in time the wallets had the same application and were created by two developers who worked together on building a long-standing privacy tech conjoin called ZeroLink. They forked the project and went their separate ways due to implementation differences.
  2. What is a ‘Sybil attack’? A sybil attack is where a small number of users falsify new user identities, pretending to comprise a larger number of users than actually exists.
  3. How does Samourai protect against Sybil attacks? Samourai implemented ZeroLink called ‘Whirlpool’ relying in a backend server to process users extended public keys (XPUB), and has a different pricing mechanism than Wasabi.
  4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this? The trade off is that the assumption is made that users of Samouri trust the developers and thereby the central servers. Although both wallet implementations are the same.
2 Likes
#88
  1. How are Wasabi and Samourai wallets related?
  • They have founders who worked on the same project but forked due to a difference in opinion.
  • Their basic operating principle is the same(CoinJoin).
  1. What is a ‘Sybil attack’?
  • This is where a single attacker fills an anonymity set with their own accounts and makes it seem like it is a large one but in truth they have a large percentage of the accounts in the anonymity set.
  1. How does Samourai protect against Sybil attacks?
  • Samourai implements a Zerolink(called WhirlPool) which has a different pricing mechanism than Wasabi. which is supposed to make it costly for a Sybil attack by making is costly for an attacker to have too many account in the set.
  1. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
  • Samourai store their users Public Key in a central server and Wasabi is critical to this because these Keys can later on be sold for profit or an attacker who gains access to their server can gain access to these public keys and track transactions in the blockchain.
1 Like
#89

1.Speaking to CoinDesk, the co-founder of Samourai Wallet, who goes by the initials SW, said that at one point in time, Samourai and Wasabi were the same application. Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.“We just had a difference in implementation desire,” said SW. “So we split. We forked the project and just implemented it the way we wanted to implement it.”
2.a small number of users falsifies new identities and pretends to be much larger in number. This would mean that the anonymity set, or crowd, in which a user can hide their bitcoin transactions is not actually as large as Wasabi suggests.
3.“As the Wasabi team has described it, the goal of the Wasabi mixing technique, is to hide your [unspent transaction outputs] in a ‘sufficiently’ large crowd (peers),”
4. Samourai’s implementation of ZeroLink (called Whirlpool) has a different pricing mechanism than Wasabi, though this is not the only difference between the two wallet applications. As a result, SW maintains that Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.

1 Like
#90

1. How are Wasabi and Samourai wallets related?
The lead developers once worked on a project called ZeroLink together. They then had a difference of opinions on some aspects of the program so they split it.

2. What is a ‘Sybil attack’?
A small group of users create new identities in order to appear like a much larger group or enterprise.

3. How does Samourai protect against Sybil attacks?
By making it very expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.

4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
Samourai relies on a centralized system to process the public keys. Wasabi does not like the idea of a centralized system having all the public keys.

1 Like
#91

  1. Wasabi and Samorai wallets were originally the same wallet, but the lead developers had a difference in implementation desire so they forked the project.

  2. A Sybil attack is where a small number of users falsifies new identities and pretends to be much larger in number, which would reduce the anonymity set.

  3. Samuorai protects against Sybil attacks by implementing ZeroLink called whirlpool which has a different pricing mechanism than Wasabi that makes Sybil attacks more expensive.

  4. The trade off Samourai makes to achieve #3 is that you send Samourai all of your public keys in the form of an extended public key that lets them have unique access to your current and future addresses. Wasabi is critical of this because the keys can be sold for profit or hacked by an attacker.

#92

  • How are Wasabi and Samourai wallets related?
    The two wallets were at the beginning one application. Due to different implementation desires the developers split.

  • What is a ‘Sybil attack’?
    When a small number of users falsify new identities and pretend to be much larger in number. The make reduces the anonymity of the user.

  • How does Samourai protect against Sybil attacks?
    It implemented Whirlpool which makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.

  • What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    Samourai claims it is more cost effect to distribute the costs in later processes

1 Like
#93

1. How are Wasabi and Samourai wallets related?
The share the same core protocol.

2. What is a ‘Sybil attack’?
A small number of users falsifies new identities and pretends to be much larger in number

3. How does Samourai protect against Sybil attacks?
Wasabi’s technique is to hide your unspent transactions in a sufficiently large crowd

4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
Due to a different price mechanism, it makes it more expensive for malicious actors in the system to break the anonimity of other users through a Sybil attack.

1 Like
#94

1. How are Wasabi and Samourai wallets related?
By using bitcoin privacy tech [CoinJoin] called ZeroLink.

2. What is a ‘Sybil attack’?
Means breaking the anonymity of users.

3. How does Samourai protect against Sybil attacks?
Samourai relies on a backend server, meaning that all users need to offer their entire public key to Samourai so that Samourai can enter their wallet at any time.

1 Like
#95
  1. How are Wasabi and Samourai wallets related? At one point in time, Samourai and Wasabi were the same application. Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.
  2. What is a ‘Sybil attack’? Sybil attack is a small number of users falsifies new identities and pretends to be much larger in number. This would mean that the anonymity set, or crowd, in which a user can hide their bitcoin transactions is not actually as large as Wasabi suggests.
  3. How does Samourai protect against Sybil attacks? Samourai implementation of ZeroLink (called Whirlpool) makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.
  4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this? The trade-off is that anonymity using Whirlpool can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys. This matter of Samourai’s reliance on a backend server is one that SW admits does require the trust of users.
    Wasabi was critical because sending Samourai all of your public keys in the form of an extended public key (XPUB) that let’s Samourai have unique access to all of your current and future addresses. Wasabi thinks this is a “stupid” design decision.
1 Like
#96
  1. How are Wasabi and Samourai wallets related?
  • They were initially the same application, but had different opinions on pricing mechanism.
  1. What is a ‘Sybil attack’?
  • Making fake accounts to simulate anonimity set. If there is an anonimity set of 100 and user’s transaction is mixed with 99 fake ones, the attacker knows which transaction belongs to the user as he knows all the fake ones.
  1. How does Samourai protect against Sybil attacks?
  • Their pricing mechanism makes it expensive to make Sybil attacks.
  1. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
  • Samourai has a central server where your public key is kept, and this server knows all your public addresses. Of course, they claim that they will never sell your data, but you have to trust them. Also, would they give your data to tax authorities if asked?
1 Like
#97

  1. How are Wasabi and Samourai wallets related?
    At one point in time, Samourai and Wasabi were the same application.
    Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.

  2. What is a ‘Sybil attack’?
    when a small number of real identities creates a large number of fake identities to gain influence

  3. How does Samourai protect against Sybil attacks?
    Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack. through other pricing mechanisms

  4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    divvying up costs later on in the process is actually more “cost-effective”.
    And anonymity using Whirlpool can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys.

1 Like
#98
  1. Wasabi and Samourai wallet is a fork of ZeroLink.
  2. A small number of users falsifies new identities and pretends to be much larger in number.
  3. They hide your UTXO in a sufficiently large crowd
  4. Samourai has a different pricing mechanism than Wasabi. Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other uses. Wasabi’s Adam Ficsor, who goes by the alias nopara73, counters that divvying up costs later on in the process is actually more “cost-effective”
1 Like
#99

ZeroLink is the tech both use, but both wallets were also the same at one point and diverged each into its own. :slight_smile:

1 Like
#100

Ah, I see! Thank you very much for that Alko89 :smiley:

#101

wasabi and Samourai Wallets are both offspring of the same original code devepment. a disagreement about how and when to enact and distribute fees led the two developrs to create two separate renditions of the same codebase. A sybil attack occurs when validators effectively create multiple identities and control a much larger percentage of the validator nodes than perceived. This drastically reduces anonymity set and also allows for a potential brute force attack.
Samourai provides a bit more security than Wasabi by using extended key technology. It also strores these keys on a centralized server, making it potentially vulnerable, The main problem, is that extended private keys make it possible for one to know all future possible keys, based on the address generation framework of deterministic wallets. Wasabi contends that the use of this centralized server system really destroys any virtual privacy that might have been created in the first place.
Samurai’s implementation of whirlpool and its fee structure forces a cost onto the validations and thereby price controlling the likelihood of a sibyl attack that basically renders the attack financially infeasable.

1 Like
#102

  1. How are Wasabi and Samourai wallets related?
    They are forks of the same code

  2. What is a ‘Sybil attack’?
    a small number of users falsifies new identities and pretends to be much larger in number. This means that I, for example, can have 20 different wallets and my friend too, and another friend too … so if we mix those 60 wallets with other 40 users, the anonimity set is greatly reduced, not only for us 3, but also for the other 40 users that have no idea of whats happening

  3. How does Samourai protect against Sybil attacks?
    with their own implementation of Coinjoin, which is called Zerolink. Samourai’s implementation of ZeroLink (called Whirlpool), suposedly, Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack

  4. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    Because in order to do this, SW sends all the private keys of the wallets involved in mixing the coins to a backend server, which is suceptible to attacks from hackers, that means that even if SW owners or workers are not interested in gaining access to the funds in those wallets, they are still exposing their customers to a HUGE risk

1 Like