Wasabi and Samourai Wallets - Reading Assignment

Privacy Coins - Ultimate Course
#103
  1. both share the coinjoin protocol
    2.falsifying a large number of new identities when in reality much less or one person to limit anonymity among the conjoin participants.
  2. Sam uses Whirlpool which makes a sybil attack more expensive so far less likely
  3. All private keys are sent to a backend server making it centralized so an element of trust is needed by the user.
1 Like
#104

  1. They both have their roots in CoinJoin - they just have different implementations of the technology.

  2. A Sybil attack is when somebody produces many false identities and uses them to create harm.

  3. Their pricing mechanism makes it more expensive for somebody using a Sybil attack to break the anonymity of the users.

  4. They use a trusted centralized backend server. Wasasbi is critical of this because it is a trusted centralized server that has access to all of their users addresses - but just the publi addresses right?

1 Like
#105

Correct, but since the main focus of these wallets is privacy it may pose a potential risk. :slight_smile:

1 Like
#106

Cool, thanks again :slight_smile:

#107
  1. Samourai and Wasabi were the same application.

developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.
2.Sybil attack, where a small number of users falsifies new identities and pretends to be much larger in number. This would mean that the anonymity set, or crowd, in which a user can hide their bitcoin transactions is not actually as large as suggested.
3.SW maintains that Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.
4.Samourai relies on a centralized, backend server to process users’ extended public keys therefore hiding users UTXOs and se per maxwell that could be always compromised.

1 Like
#108

1.Being stolen funds (like from a hacking type incident), coming from a dnm, coming from a mixer, coming from terrorist financing, and coming from ransomware payout addresses.”

2.HSI, FBI and IRS (they “seem to have the most licenses, or are, at least, the most active in using our software, since their names come up constantly.”) In addition, “ATF, DEA, SEC, Secret Service, CIA (through In Q Tel), and most of the other federal law enforcement agencies are running the software. Only really large police departments are running the software (it isn’t cheap) like NYPD. I know some district attorney offices have software licenses too, but I don’t know which ones. Oh and RCMP uses the software too. And Europol. The national police (NCA) in the UK, as well.”

3.MONERO

  1. “I would say to avoid mobile wallets, look into Wasabi/Coinjoin and similar efforts, run a VPN/tor at all times, remember that everything you check out on the clear net is being logged by someone.”
1 Like
#109

1.)
At one point in time, Samourai and Wasabi were the same application.

“We just had a difference in implementation desire,” said TDevD. “So we split.
We forked the project and just implemented it the way we wanted to implement it.”

2.)
In a Sybil attack, the attackers falsify identities and pretend to be bigger than they really are.
This means, that the proposed mixing ratio (100 peers) can no longer be adhered to and the anonymity is thereby at risk.

3.)
Samourai’s implementation of ZeroLink (called Whirlpool) has a different pricing mechanism than Wasabi.
Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.

4.)
Anonymity using Whirlpool(Samurai Wallet) can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys.

1 Like
#110

  1. They started as the same project but for divergent opinions they fork the project and became separate.

  2. a small number of participants create a large amount of fake user account.

  3. They make it more expensive for attackers to break the anonymity of users.

  4. Samurai uses a centralized backend server in which you need to trust.

1 Like
#111

  1. Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech called ZeroLink.

  2. its where a small number of users falsify new identities and pretend to be much larger in number. This would mean that the anonymity set, or crowd, in which a user can hide their bitcoin transactions is not actually as large.

  3. to hide your [unspent transaction output] in a ‘sufficiently’ large crowd of peers, current target is 100 peers.

  4. the implementation of zerolink makes it more expensive to hack by using Sybil attacks.

1 Like
#112

  1. How are Wasabi and Samourai wallets related?
    they are developed by the same developers once worked in zerolink, they are two implementation of the same principle

  2. What is a ‘Sybil attack’?
    when fake identities are used by one side which reduce the anonymity set

  3. How does Samourai protect against Sybil attacks?

it hides utxo in a large mix of at least 100 users

  1. What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    it uses a backend server, so it requires users to trust they won’t share their public keys with anyone
1 Like
#113

1.) How are Wasabi and Samourai wallets related?
At one point Wasabi and Samurai were the same application until the two application developers forked the project.

2.) What is a ‘Sybil attack’?
A Sybil attack is a kind of security threat on an online system where one person tries to take over the network by creating multiple accounts, nodes or computers.

3.) How does Samourai protect against Sybil attacks?
Samurais implementation of ZeroLink makes it more expensive for attackers to break the anonymity of users.

4.) What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
Samurai relies on a centralized, backend server to process users’ extended public keys.

1 Like
#114

  1. Wasabi and Samourai are forks of the same original CoinJoin project

  2. A Sybil attack is a small number of users falsifying new identities to pretend to be more people so as to reduce the actual size of the anonymity set while maintaining the appearance that the anonymity set is larger

  3. Samourai has a different pricing mechanism which makes the attacks more expensive

  4. The trade-off to achieve this is that Samourai relies on a centralized back-end server holding the extended public keys of users, hence requiring users to trust Samourai

1 Like
#115

  1. Both projects have the same root but forked later.

  2. Type of the attack. Attackers controls a cluster of addresses pretending owned by a large group => reduces the anonymity set.

  3. No rely on central backend servers to process public keys.

  4. Makes the attacks more expensive.

1 Like
#116

1.- At the beginning, they were the same project working in CoinJoin BTC privacy called Zerolink. At some point they forked the project and implemented each one in different ways. Samourai implementation which is called Whirlpool, makes it more expensive for malicious actors to break anonymity throw a Sybil attack.

2.- When a number of users create new accounts by using fake identities so the other users of the network are mixed by fake accounts, the effect that it creates is a reduction of the anonymity of the rest of the peers.

3.- Samourai wallet, we send all our public keys in the form of unexetended public key (XPUB) that gives Samourai unique access to our current and future addresses, Whirlpool privacy it relies in a centralized server to process users information, which means we have to trust a lot in Samourai.
Wasabi wallet is more efficient-expensive to operate with but doesn’t have access to our TX data, Wasabi hide the UTXOs mixing TX in a large pool of peers.

4.- Samourai protocol implementation (Whirlpool), makes it more expensive for malicious actors to break the anonymity of the users through a Sybil attack.

1 Like
#117

Wasabi and Samourai Wallets

  • How are Wasabi and Samourai wallets related?
    • They both shared originally the the protocol: CoinJoin, and forked away.
  • What is a ‘Sybil attack’?
    • Somebody falsifies a big number of new identities, pretending to represent a considerable number o participants.
  • How does Samourai protect against Sybil attacks?
    • The idea is to hide an individual transaction among a number of at least 100 other transactions.
  • What ‘trade-off’ does Samourai make in order to achieve #3? Why is Wasabi critical of this?
    • It is more expensive to hack the identity of a user by using ZeroLink.
1 Like
#118

They share the same core protocol, coinjoin.

It´s where a small number of users corrupt new identities and pretend to be much larger in number.

To hide utxo´s in a sufficiently large crowd.

It makes sybil attacks more expensive.

1 Like
#119

1 The two wallets are the same in the core and they are the result of a fork in the original wallet created to implement CoinJoin, ZeroLink.
2 One user appears with several identities, and thus in a schizophrenic way attempts to fool the system. https://en.wikipedia.org/wiki/Sybil_(Schreiber_book) The phenomenon is named after the character in this novel. If one user appears with ten identities he reduces the anonymity of the system.
3 Samourai uses a different pricing system that makes it more expensive to break the anonymity by sybil attacks.
4 “When you use the wallet, you send Samourai all of your public keys in the form of an extended public key (XPUB) that let’s Samourai have unique access to all of your current and future addresses,” said Aviv Milner, the community technical support lead for the startup behind Wasabi, zkSNACKs.
Not your keys - not you coins. But in this case: not your keys - not your privacy.

1 Like
#120
  1. Both use coinjoin.
  2. An attack where a small amount of users pretend to be a large amount.
  3. By using at least 100 participants
  4. I don’t know - can’t see this in the article.
1 Like
#121

It relies on a trusted centralized server to process users XPUB keys. :slight_smile:

1 Like
#122
  1. How are Wasabi and Samourai wallets related?
    The share the same core protocol.
  2. What is a ‘Sybil attack’? A Sybil Attack is where a small number of users falsifies new identities and pretends to be much larger in number.
  3. According to the article, what is Wasabi wallet’s main advantage?
    Wasabi’s technique is to hide your unspent transactions in a sufficiently large crowd
  4. According to the article, what is Samourai wallet’s main advantage?
    Samourai’s implementation of ZeroLink has a different pricing mechanism than Wasabi.
1 Like