Incentivise Network Diversity

[adlai]

This commit makes naive sybil attacks more difficult by keying counterparty
deduplication off IRC hostmasks, disincentivising running multiple yield
generators from the same machine or network.

It also fixes a minor bug: the transaction initiator must deduplicate BEFORE
counting the number of liquid counterparties.

It also tidies a bit of suboptimal yapfage, and factors out a rhyming utility.

It is a revival of #313, neé #311

[adlai]

It should be noted that yield generators using the hidden service will be at a disadvantage when transactions are initiated by users of this code, since liquidity providers are incentivised to use unique IPs. If anything, this is a net benefit, because connecting via the hidden service incurs higher latency without tangible privacy benefit: hidden services conceal the location of the server, but provide no better privacy for clients.

[AdamISZ]

Comment also applies to L305-307.

See:

joinmarket/joinmarket/__init__.py

Lines 716 to 729 in dc8cfd0

	ignored_makers=None):
	'''
	choose an order given that we want to be left with no change
	i.e. sweep an entire group of utxos
	solve for cjamount when mychange = 0
	for an order with many makers, a mixture of absorder and relorder
	mychange = totalin - cjamount - total_txfee - sum(absfee) - sum(relfee*cjamount)
	=> 0 = totalin - mytxfee - sum(absfee) - cjamount*(1 + sum(relfee))
	=> cjamount = (totalin - mytxfee - sum(absfee)) / (1 + sum(relfee))
	'''
	if ignored_makers is None:
	ignored_makers = []

@ghtdak explained to me that this change is due to a 'feature' in Python; see: http://docs.python-guide.org/en/latest/writing/gotchas/#mutable-default-arguments

I suggest reverting these changes.

[adlai]

As discussed on IRC:

  adlai | deduping counterparties by hostmask messes up the tests, since all the scripts are on the same host
  adlai | it works fine on an actual server with distinct connections
waxwing | that's a very interesting example of a test failing because the code works correctly
  adlai | my reflex is to just include our own diddled miniircd, for testing
waxwing | adlai: probably, yes, we could keep it in the test folder. i get your point: you might need to diddle the server code to, what, assign random hostmasks?
  adlai | just append host[1] (ie, source port) in https://github.com/jrosdahl/miniircd/blob/ca46821/miniircd#L128

So this PR is pending: fixing this test, alerting in the forum, and an 🆗 from @chris-belcher.

[chris-belcher]

I agree in principle I guess. Although its trivial for an attacker to get around this, at least they have to work for it a bit.
I'm slightly nervous about this being cyberguerilla specific. Other IRC servers might not allow tor connections from exit nodes.

I'd say merge but when the multiirc branch is finalized maybe have some check to make this only fire for cyberguerilla. I haven't even started looking for other IRC networks to use so I don't know how multiirc will end up looking like. The multiirc branch probably makes this kind of attack easier anyway.

[adlai]

Rebased onto develop (e0f7c59)