Bitcoin Forum

I am concerned that the blockchain is in plaintext.  Before responding quickly, please read what I have to say.

An unencrypted blockchain invites snooping by governments and other suspicious types.  

Each transaction COULD be encrypted in the block, with keys provided by the parties involved.  All transactions with the sender's address are opened to the recipient for verification using a key of course.  I understand that the miner requires access as well; that can be granted once (the miner re-encrypts with a key provided in the transaction itself).  As far as I can tell, this satisfies the requirements of the transaction system and keeps the blockchain completely opaque to snooping.  The miner is the weak link, but I think there is a way to deal with that as well by distributing the verification or having the recipient do it and having the miner include the encrypted transaction without checking.

While transactions are anonymous, a determined adversary (NSA, or FinCEN or google, for instance) can easily correlate web access logs to the exposed transaction logs.  Since most transactions start by copying an address from the web, each transaction can be uniquely pinned to an individual.

If I were to put on my paranoid hat, I would say that the network was specifically designed to track individuals.  While everyone is concentrating on the double-spend issues and integrity of the network, the entire transaction log is sitting there with more information than your bank account provides.  The reason for carrying the entire blockchain around (especially unencrypted) escapes me

Please elucidate me.

the IP address is just the node that relayed your transaction, not necessarily YOU.  is my first thought

The blockchain is a public ledger. That is a crucial part of the design. If the transactions were encrypted, then there would be no way to validate them and prevent double-spending.

Not so. As I stated, the recipient has access to all transactions involving the sending address, preventing any possible double-spend issues.  So does the miner.  I asked you to read my question before answering.

If you think that the public ledger is a crucial part of the design, please explain.  I see no reason why transactions should not be encrypted and visible only to the parties involved.

Your "system" is nothing more than feel good security.  If miners can decrypt the tx for verification then so can someone acting as a miner ... say the NSA and create an identical bit for bit decrypted copy of the blockchain.

Of course if only miners and keyholder could decrypt a tx it would mean that "normal" nodes couldn't perform any verification.  This would leave the network very vulnerable to collusion by miners or any attack node attempting to recreate an alternate history of coins.  

The reason for making the blockchain accessible to all nodes is that Bitcoin works on a "trustless" model.  Your node doesn't trust any other node.  Actually by default it assumes every other node is trying to feed it nonsense garbage.  Your node will validate every block and every tx back to the genesis block so that once it is synced it has an identical independently verified copied.  This makes attacks which attempt to feed nodes "false history" all but impossible to pull off.

My guess is you are part of the DRM generation.   You can use cryptography to keep secrets from the entity which needs to know the secret.  It wasn't designed for that and it NEVER works.  

Still if you feel an "encrypted" blockchain is desirable or superior well the project is open source make a fork of it and may the best chain win. 

No. 

There is no encryption method that would work that wouldn't simply be a waste of resources, since the key would have to be widely known anyway.

No need to get testy, I am definitely not of the DRM generation.

My concern is valid.  There is a way to accomplish everything you suggest, such as authenticating the veracity of each transaction without seeing the actual contents, addresses and amounts.  The miner problem can be solved with a key exchange.  I don't even see why the miners have anything to do with the transaction to be honest other than including it into the block; the recipient should be the one verifying everything.

When I ask this question, everyone seems to get upset very quickly and yell at me.  But really, think about this for a minute.

Who benefits from knowing every transaction that ever happened if there is a pretty easy way to encrypt them away?

You can still assume a completely hostile environment.  And no, the network would not be any weaker for it.  In case you missed my point, a transaction can be encrypted and hashed to make sure it's real without anyone knowing the contents.  The only reason to know the contents is for the parties involved to provide verification.

To prevent a double spend when your node receives a tx it traces the lineage of the tx back to the block where it was minted (coinbase tx).  If the tx history was encrypted you would be unable to do so.  Essentially the security model becomes "well this one miner said it is good so trust me it is good".  It would be trivial to attack the network under such a limited security model.  Still like I said if you feel encrypted blockchain makes sense write some code (or pay someone to write some code) or at the very least write a white paper.

My guess is you have no understanding of how Bitcoin tracks "coins", prevents double spends, or ensures a tx is authentic.  You can't make a replacement until you understand the current version.  

Hint: there is no such thing as coins, or address "value".  There are only outputs.  Nothing but outputs.  Outputs are either spent or unspent.  The input of a tx is always the unspent output of a prior tx.  You can't authenticate a tx without being able to authenticate the unspent output being used as an input.

BTW: there are methods to make a digital currency more anonymous.  Double blind signature are one example.  It would require some novel design to combine double blind signatures into a robust secure decentralized network which is secured by proof of work.  Still this would be real security not some DRM the blockchain for the winz!

Care to elaborate?

Not really worth my time.  Prove that you understand how the system actually works, and then I might consider hearing out your theories.

I am not talking about DRM, for god's sake.  I am talking about public key cryptography. 

My main message is still the same - no one needs to see the contents of the transactions other then the parties involved.

This is a newbie area.  Why such hostility?

I understand enough to know that when I make a transaction, there is enough information between the blockchain and google's records of me visiting the recipient's website to copy the address, to completely and uniquely tie me to that transactions.

That is enough for me to be concerned about the security of the system.  I am not a moron, and I am not of the "DRM generation".  I am an opensource developer with projects on github.

The fact that no one will even admit that this is an issue and instead chooses to butt heads with me is alarming.

I did read your post. When a miner validates a transaction, he must verify that the input hasn't been spent in a previous transaction. If the miner can't see all the previous transactions, he can't verify it.

It is well-known (by the people that know the details) that the anonymity of bitcoin is limited. I would agree that people should stop saying that bitcoin is anonymous because it mostly isn't.

My concern is that it's beyond not anonymous, but designed to finger the exact parties of all transactions.  A honeypot of sorts.

Part of the idea is, you don't just give out your wallets so people know who's wallet it is.

I'm not too technical on this type of thing.

Re-using an address is a bad practice for anonymity.  You are welcome to do so if you wish, but if you care about anonymity you should use a brand new address for EVERY TRANSACTION.  That address should only be shared between the sender and the receiver.  In that way, only the sender and receiver have any idea who the parties to the transaction are.  This satisfies your concerns about only the involved parties knowing who participated, while maintaining a public ledger that provides every participant to verify the validity of the bitcoins that they receive without needing to trust any other peer.

How often do you verify random transactions of others?

If you are not using Bitcoin technology then the answer would be *never* but as this is a fundamental part of what Bitcoin IS the answer with Bitcoin is *always*.

I sweep all my 10,000,000 coins into one giant address, then send them back to random addresses. Not all at once, and not in any particular order. I mean, I could just play Satoshi Dice to launder my coins (play the 97% game so you only have a 3% chance of losing). That would be a pain to track.

The wallet that I run (Bitcoin-Qt) verifies EVERY transaction that it relays to any peers.  It also verifies EVERY transaction in every block that it receives to be added to the blockchain.  As has been said already:


So far you are only proving that you don't understand what bitcoin is, how it works, and what longstanding crypto-currency issues it solves.

You could use tor.


We didn't say it wasn't an issue, we said that the way that you want to do it can't be done without breaking the zero trust requirement of the main blockchain.  However, your idea did spark my own....

The root problem isn't that the openness of the blockchain permits some transactions to be seen in cleartext, it's that it permits all of them to be seen.  But this isn't entirely true, as off-network transactions do occur and hiding services (commonly called bitcoin laundries or bitcoin mixers) also exist.  Examples include transactions that occur directly between users of MtGox, or directly between users of Silk Road.  The advantage of such services, particularly with large user bases, is that it's impossible to track the flow of funds among the membership without access to the server itself; and the disadvantage is that users must have trust in the sysadmins to 1) not steal their coins, 2) not be bested by motivated hackers and 3) not roll-over when the MiB show up at tehir door.

But what if you could run a decentralized service?  Sort of a hybrid between the full blockchain and a hosted wallet service.  Take this one, for starters...

An alt-chain, wherein the headers contain all the info that Bitcoin's headers contain, plus some additional info that ties each block to a recent transaction on the main chain, namely that the miner of the alt-chain first creates a send-to-self transaction, then references both the block number that included that transaction, the transaction ID#, and signs something in the block with that addresses private key.  The point is that 1) it establishes a timestamp in lockstep with the main bitcoin chain, 2) leverages the difficulty level of the main blockchain since in order to alter that block later, the alt-chain attacker should have to also alter the main blockchain and 3) establishes the miner's Proof of Stake. 

Once that has been established, the structure of the alt-chain block is as follows.  There is still a merkel tree, but instead of each pair of transactions being hashed, blocks of encrypted data is being hashed into the tree, and the miner's only job is to verify that the blocks of data are 1) not corrupted and 2) are signed by at least two other alt-miners.  Heres the overall idea.  Instead of a running ledger, each miner is effectively a trusted supernode that manages a limited userbase.  The data blocks are updates on the values of their users' accounts.  Each of these miners have traded keypairs with at least two other miners, so that they can 1) negotiate transfers between users of each others userbase and 2) verify and sign their submitted data blocks.  This means that, although the compromise of any single miner by hackers/MiB would open that set of users/transactions to view, it would be practically impossible for any single node to decrypt an entire alt-block.  Thus, some portion of that block would remain unknowable, and insomuch as this system would be a popular off-blockchain transfer system, funds that pass through it would break the chain of visable custody.

Even writing it down, I'm not conviced it can even work, as users must be able to trust the miners/supernodes and those miners would have to be able to trust each other.

Oh. Wow.

Why aren't you using a VPN?


http://www.youtube.com/watch?v=LovYNScgReY&t=7m57s

I have only rudimentary knowledge of how the blockchain works, but have always used a new wallet address from a different VPN ip address for each and every transaction. This seemed logical to maintain a modicum of anonimity. Am I wrong in this assumption?

I think that's extreme. Unless you were not paying for each different VPN ip address (and that's essentially what TOR does.)

Zerocoin may be of interest in terms of this discussion.

Fincen Spying Plan Invites Privacy Workarounds

http://www.americanbanker.com/bankthink/fincen-spying-plan-invites-privacy-workarounds-1057728-1.html?zkPrintable=1&nopagination=1 (http://www.americanbanker.com/bankthink/fincen-spying-plan-invites-privacy-workarounds-1057728-1.html?zkPrintable=1&nopagination=1)

Not using TOR, but a private VPN with a lot of nodes worldwide and no logging. It may be extreme, but I still ask is it effective in making transactions more anonymous and harder to trace?

It is more effective. You could post the raw transactions on blockchain or brainwallet.org through your VPN and you'd essentially be anonymous. If someone makes an email-to-transaction-broadcast thingie, that works with OpenPGP, you could make truly anonymous transactions. Or if someone operates a hidden service (on TOR) that does this.

But, just using the plain reference client already allows you a certain anonymity, because you only broadcast your transaction to a limited number of nodes, and they relay it to the rest of the world.

Go to satoshidice.com.  Note that Google+1 tracker is placed into your page.  Note the scripts from Google that are in the page.

Are you still convinced that it would be hard to track your transaction?

Please consider that TOR and vpns do not solve the problem.

If you access satoshidice through tor or vpn and allow google trackers to log you - which you HAVE TO in order to play - unless you are very, very careful to not leave a fingerprint, delete all cookies, flash cookies etc, not log in to read your email or do anything else during the session, chances are high that google knows exactly who you are.

If bitcoin is adopted en masse (and I still hope it does, I think), not too many people are going to take really serious precautions just to be anonymous.  The end result is that google, for instance, has access to the bank accounts for pretty much all transactions.  The rest it can consider suspicious.

I don't claim technical knowledge.  I am presenting a problem that's much bigger.  Really, I am simply asking a question you should be asking as well, instead of witch-hunting.

• A financial transaction system is proposed by an unknown party.  It solves pretty much all technical issues with double-spends, network integrity and provides for safe transactions. 
• It also leaves a permanent and verified-correct record of all transactions ever made.
• Most transactions originate by copying a web address from the web.   
• Another party has access to very accurate web logs of pretty much all web transactions.

This makes me uncomfortable.  I am not suggesting that bitcoin doesn't work and proposing half-assed fixes.

You seem kinda paranoid.

Google is not the Cylons. Trust me. Number 6 told me so.

Interesting that everyone jumped on me for being a DRM addict and not understanding anything for suggesting that the open blockchain is a security threat to individuals.  MoonShadow apparently is allowed to propose ideas that completely subvert the zero-trust nature of bitcoin.

My father learned the hard way, in a concentration camp, that whenever someone makes a long list of people, things end badly.

Also consider that we are in a world of crypto-idiots.  People still don't encrypt their email, even though in the US at least, agencies have access to it without a warrant.

Yes I am paranoid.  You should be too.

So you're about 60? Sure sounds like DRM Generation to me.

Triple posting isn't necessary, we have a magical "edit" button for this

Really now.  How low.  Let's use the dreaded D word again.

Actually I was lying about my father. For effect.

So you're basically saying that google can see the website you get served?
How the hell is ANY account safe from google?
Anyway, you're having a cool fantasy, i'll let you at it..

I know. Don't pull the Hitler card on Germans. It'll fail miserably.

Thanks, mobo.
Seriously, go to satoshidice and observe the google script and the 'google+1' tracker.  You are using no-script and something like ghostery, I would imagine.

It was my grandfather.

You don't need to invoke Hitler.  The Asian population on the West coast of the US was hauled off based on census records.

/etc/hosts
Safe.

I use both.

Anyway, google doesn't get to see the actual content of your session.
If SD produces, say,  an URL with your address or something then its SD that does it wrong.
But googles cookies and scripting code should have no way of connecting you to some BTC address.
Maybe you can post the code fragment where it is clear that google knows more than the url you are on?

<script src="js/jquery-1.7.2.min.js"></script>
<script src="js/jquery.tools.min.js"></script>
<script src="js/jquery.qtip.min.js"></script>
<script src="js/jquery.stylish-select.min.js"></script>
<script src="js/jquery.equalheights.js"></script>
<script src="js/script.js"></script>

Can you be sure there is nothing in there that compromises your privacy or transaction security?

It would be smart not to use bitcoin addresses from pages that require scripts or carry web bugs.

With scripts disabled, noscript reports
-google.com
-satoshidice.com

Allowing satoshidice.com makes google no longer necessary, which is freaky all by itself.

I do it too.  Not safe, just a little something extra.

LOL.,
I hope you understand that those scripts were put there by SD.
If you trust SD with your credits you may as well trust them with their scripts.
I mean, come on, this is the internet. The safest place on earth.

I approve this message

Web developers don't think twice about using ajax, loaded from google.  In effect, that turns over your access log, your customer list and provides per-user scripting capability.

Seriously, I was yelled at here for a lot less than running untrusted scripts from an organization with questionable goals.

Given the state of bitcoin, I would bet that pretty much everyone has visited satoshidice and turned over at least their IP, browser signature and a cookie to google.  You don't have to be very paranoid to think of what that means.

Isn't bitcoin all about zero-trust?  Just because I am willing to risk .01BTC, does it mean I am willing to trust them with other things?

I have an interesting further discussion topic on this.  As far as I can tell there are ways to protect your anonymity when using bitcoin (i.e. ewallet mixing strategy as discussed here https://en.bitcoin.it/wiki/Anonymity).  Unfortunately, it is very inconvenient.  In this sense I agree with the initial post.  However, an argument could be made that a more open transaction record could actually be a strength to the currency.

1. It could make it easier for us to fight back against hackers or bitcoin thieves.

2. The governments may be less threatened by the currency if they feel they can track where money is going.  With bitcoin in its early stages it is vulnerable to massive government attacks.

Please reply with any thoughts you may have on this.  Agree or disagree.  I'm just looking for different points of view.

I totally agree.  Transparency is great for us to establish the system and check for ongoing issues.  Keeping windowshades open allows people to see when a robbery is happening.
Agreed.

I am concerned more about option 3:
The government or a trusted agency/corporation introduces a crypto-currency that satisfies all security requirements.  The backdoor is in plain site,  a 100% accurate record of all the transactions in the system.  With a little extra information that is available to them, this provides unrestricted access to all the individual transactions linked to their identity in a very high probability manner.

No the purpose of bitcoin is to allow commerce without needing to trust a THIRD PARTY. You always need to trust your counterparty.  Bitcoin or xCoin isn't going to change that.   If you don't trust the persons you are doing business with ... don't do business with them.  If I promise to sell you gold for x BTC and you pay and I don't then you lose.  Bitcoin can't prevent that.  Taken to the extreme if I mail you some gold you are trusting that I won't follow the mailman, attack you and take the gold back.  Bitcoin eliminates the need to trust a central authority it doesn't eliminate the need for trust ... just ask Pirate's "investors".

Of course your SD example is even more silly when you realize the website isn't needed.  Send 0.01 BTC or more to this address 1dice97ECuByXAvqXpaYzSaQuPVvrtmz6  and you have a 50/50 chance of winning.  If you win winnings are sent back to you and if you lose a losing amount if sent back to you.  See now you can play without google ever knowing you visisted SD.

Thanks, Dabs. I will probably continue with new wallet and IP address for each transaction as I've been doing it since I started in Bitcoin and it's just habit now.

What about a blockchain wallet that one would use for small amounts? Would there be any advantage to moving empty (0.0 BTC) once-used addresses to the archive section and the deleting them and the private key after a few days (well after many confirmations)?

But you still fail to prove that your online identity can be linked by google to your bitcoin identity.
What if SD just sells your personal information to facebook? You would have no way to know.
So the only real question is, do you trust satoshidice?
If not, just don't go to there.

There are levels of trust.  Just because I trust satoshidice with 0.01BTC does not imply that I trust them with my identity.

I ment that in an informational sense.
You trust some information to them and they can technically track that transaction throughout the blockchain. So they have some information that can link googles profile to a bitcoin address you own. So taking a risk of 0.01BTC means you already trust them with a lot of things.
Note that it is SD that has the power to make the link. Google could not do it on their own (and survive the shitstorm).

So all i'm saying is that to anyone worried about these things it is pretty obviously obvious that they are on the internet and what consequences that has.
This problem has absolutely nothing to do with bitcoin itself.

I generally agree with you.  Except for the darn unencrypted blockchain, a log of every transaction ever made.  That is a marketer's (or spy's) dream. 

For individual players, there is of course no hope to use it.  For a government or a large corporation with a ton of additional information, it's a goldmine.

Meh, these eentities have far better ways to track information.
Do you know that all your communication on the internet is logged by several entities?
Not the actual content (altho it wouldn't surprise me in some cases) but i think they store packet headers or something.
That's already a reality.

And i don't think it was never the intention of bitcoin to pretend to be anonymous.
From Bitcoin.org:
_____________
Bitcoin is not anonymous without efforts

All Bitcoin transactions are stored publicly and permanently on the network, which means anybody can see the balance and the transactions of any Bitcoin address. However, it is not possible to associate a Bitcoin address with its physical owner unless the owner demonstrated that they own it. This is why it is recommended to use many different Bitcoin addresses; in fact, you should create a new one each time you receive money. This is especially important for public uses such as websites. You might also want to consider hiding your computer's IP address with a tool like Tor so that it cannot be logged by others.
_____________

So there you have it.

True enough, they track internet traffic, but at least your billpay session is encrypted.  With bitcoin they can track every transaction.

EDIT: Before I wasn't even talking about those with access to traffic.  If they can monitor network packets, we are completely naked, way worse then Chase Online Banking.

I don't really get what your concerns really are. Please give a precise example of what you fear will happen.

I know for a fact that there are "quiet mode" full clients running on Tor that act as bridges from all Tor clients to the open Internet.  You have to use a full client, and it has to be "quiet mode" and well locked down to prevent leakage, but it's possible to transact in Bitcoin without leaving a mark.

Don't gamble on SatoshiDice?

Nonsense, I proposed a system that offers users a choice.  There is a significant difference.

Right. What did I propose, a system that forces privacy on you?

Ah, I see you just want to argue.  Topic closed.

No, you proposed altering the blockchain to be encrypted, which as many have pointed out, would break the zero trust rule.  My alternative doesn't do any such thing, as I presented a method to do it outside of the main blockchain.  Furthermore, I've since discovered that some group has already annouced that they have developed a parrallel p2p netowrk to work with Bitcoin to do pretty much what I proposed, in practice, and intend to present the system at some upcoming confrence.  It's being called Zerocoin.


You can decide to quit, but you can't close the topic from me.  I hope you learned something, at least.

Did you just compare the blockchain to the Nazis?

Dude, don't try to deliberately Godwin the thread.

I compare the blockchain to a census list.  Keeping records has its hazards.

A census list has names and addressses.

All right, since I can't close the topic from you, I did not propose any such thing.  Let's summarize:

I suggested that it is possible to encrypt transactions to keep them from prying eyes (which you think is a not a problem, apparently).
I asked a question: if it is possible to encrypt the blockchain (and here is my half-baked idea), why is it not encrypted
I pointed out that bitcoin transactions are less secure than an SSL web page when it comes to snooping.
I got answers like 'go start your own f**ng currency' or 'you are an idiot and know nothing about bitcoin and encryption'
EDIT: Oh, I forgot the 'I won't talk to you until you prove to me that you know every detail of bitcoin'.  I am asking a question.  Really?

This is a newbie thread and I am indeed a newbie.  I am not an adversary.  I am a strong supporter of bitcoin, actually.

Your responses have been rude, largely uninformed and argumentative.  I would suggest that you rethink how this board presents itself to the community.  

I hope that you learned something from this.

With all due respect, I have better things to do than have a pissing contest here.
Best wishes.

I was wondering, could homomorphic encryption be used to encrypt the block chain?

Wouldn't it allow transactions to be verified without needing to decrypt them first? Or am I missing something?

Well, in theory it may work.
But the blockchain is such a centralized piece of information that any single weakness in its protection could give someone a lot of power. Better play in the open than risk a weakness that nobody knows of.

I am perfectly comfortable with all transactions available in the ledger as open text.  The concerns stated in the OP are already valid without Bitcoin - powerful entities, from governments to corporations can and do track my spending behavior, and everyone else's. What bothers me is that I can't track theirs, and that I can't access the information they can about me and everyone else. Bitcoin is the way to make system more fair, and less panopticonish. A tool to empower the people. The problem is, people don't seem to be ready yet.

Those were not my responses, except the requirement that you prove you understand the topic before you propose sweeping changes.  You will find that I'm not alone in this regard.

If the encryption of individual transactions is compromised, the worst case is that someone could see a part of or the entire blockchain.   How would that give someone a lot of power? 

I think Timo is suggesting the same thing as I did: there is a way to use crypto to protect the actual transaction data and participants, leaving the details of verifying funding to the transaction participants and allowing the entire system to verify the validity of the transaction to avoid double spends and creation of money out of thin air.

Niko, I think you arrive at the wrong conclusion.  Sure they can see my bank statements with a warrant, which is a pain in the butt.  They may snoop on my connection but with SSL they can't see the content.  With bitcoin, they can have direct and immediate access to my financial information then and there, without access to third parties, just by snooping on me and referring to the public transaction log.

When I hear crap about money laun***ing with bitcoin, I am often amused.  You would have to really know your stuff to try that, since it's pretty much like sending postcards to the government about your transactions if you make even a simple miscalculation.

I don't think the system is any more fair than it would be if no one could see my transactions except me and the parties involved.  'I don't have anything to hide' argument against encryption is generally flawed.

You can play Satoshi Dice without ever connecting to their website. But then you couldn't use their long-poll api. All you need are the addresses.

I guess we were talking about different "them." My credit card companies collect and share information about my spending habits. Getting them to stop is often harder than it is for a government to get a warrant. For example, every time they change the privacy policy, I need to learn about it and opt out, and in the mean time the info is shared around.