Probing attacks on CoinJoin coordinators are interesting because the attack surface scales with the very property that makes the protocol useful — open participation.
The structural problem is that every probe request is also a valid join request. A coordinator can rate-limit per identity, but in a permissionless setting identity is cheap to mint. Reputation systems push the cost up but don't change the asymmetry; one attacker controls many "users", each individually below the noise floor.
Two countermeasure directions worth distinguishing:
Coordinator-side mitigations — proof-of-work tickets, blinded credentials, or stake commitments. These raise the per-probe cost but penalize legitimate small participants the most, since they pay the same toll on every join.
Round-design mitigations — receiver-anonymous outputs, ephemeral coordinators, or covenant-based atomic mixing. These shrink the leakage window rather than gating entry. The tradeoff is operator complexity and harder dispute resolution when a round stalls.
The cleaner long-term path is probably round-design rather than coordinator-side, because cost gates only delay a determined adversary while structural mitigations actually reduce the information leaked per round. Curious whether the paper quantifies that distinction or treats both buckets symmetrically.
Probing attacks on CoinJoin coordinators are interesting because the attack surface scales with the very property that makes the protocol useful — open participation.
The structural problem is that every probe request is also a valid join request. A coordinator can rate-limit per identity, but in a permissionless setting identity is cheap to mint. Reputation systems push the cost up but don't change the asymmetry; one attacker controls many "users", each individually below the noise floor.
Two countermeasure directions worth distinguishing:
The cleaner long-term path is probably round-design rather than coordinator-side, because cost gates only delay a determined adversary while structural mitigations actually reduce the information leaked per round. Curious whether the paper quantifies that distinction or treats both buckets symmetrically.