Bitcoin Forum

Do BIP 32 hierarchical deterministic wallets provide true privacy so that none of the transactions to or from the HD wallet can be linked together?  I'm mainly interested in preventing everyone I pay from linking me to my main BTC wallet.

No, the idea behind HD wallets is that you only have to create a single backup. The transactions are made the same with other wallets. If the wallet you are using allows you to craft them by hand you might be able to achieve this, but this has nothing to do with HD or not.


Use a mixer.

Got it, I didn't understand that before.



If a wallet uses a different address for each transaction, how can the addresses/transactions be linked to each other?

Lets say you create a new address for every time you receive bitcoins (as you should and I hope most of us do). You receive several inputs[1] over time, e.g. like below.

0.00369522 and 0.003 on address A
0.10, 0.05 and 0.05 on address B

Now you want to spend 0.2 BTC (and add a fee). For this you will need inputs that you received via A and B. The inputs you received via B are enough for 0.2, but you still need to pay a fee, so you need another input and will also need a change address. When you create a transaction like that the addresses are considered to be related and its commonly accepted that they belong to the same person even though it is possible that several people create a single transaction. On top of that usually you cant cherry pick the inputs either the wallet will just pick them for you, AFAIK Coin Control for bitcoin core/qt is the exception to that. It lets you pick each input before you create a transaction.
You can obfuscate this by using a mixer.


tl;dr you can use different addresses to receive bitcoins, but you have a limited control over the "sending" address.


[1] A transaction is spending formerly received coins (inputs). These inputs have to be spend entirely. If your inputs are higher than your output(s) a wallet will generate a change address for you for the rest. If the inputs have been received on different addresses they appear in blockexplorers as the sending addresses even though technically addresses can not send bitcoins. Example: https://www.blocktrail.com/BTC/tx/b07a2b5647621789d95ae456f3f71f7034fb820e921d9f2e4fea7a3db8b733b9
this TX spends two inputs into two outputs.

My what an excellent grasp you have. :)  Thank you for enlightening me.

I'm trying to figure out a way to spend BTC without tying my main wallet to my transactions.  Should this do it:

https://bitcointalk.org/index.php?topic=955020.msg10453447#msg10453447

Ill quote the post here, to keep it clear.


This should work, but I think you can skip the "private" wallet as it only acts as an intermediary between your "main" wallet and your "public" wallet. The idea behind this was probably that you have to use a bc.i account in order to use shared coin/send, but you can skip this step by using a mixing service or any other high volume wallet. E.g. a big casino/exchange could act as a mixer. The BTC you deposit is usually used for the withdrawal request from someone else and your withdrawal will come from an esentially random input from someone else as well. Another point that speaks for mixing serivce - be it an actual mixer or something that is just used as one - IMHO is that you can use different services from time to time. This will further complicate things for someone that is trying to make sense of your finances.

Monero

Yeah, what about it?

So you're saying I could use a mixing service or an exchange in place of the "private" wallet?  Why would that be better?

Also Blockchain's Shared Coin uses CoinJoin which (from what I can gather) is a (nearly?) trustless method for mixing which gives it an advantage over a conventional mixing service or exchange.

More privacy would probably result in using a wallet that allows for proper coin control. That is a wallet that allows you to specify which addresses that you want to use to sign a particular transaction.

You would essentially want to make sure that you receive no more then one payment into each address and when yo go to spend your coins you want to use no more then one address to send the coins from and use a newly generated address as your change address.

You will eventually end up with a lot of addresses with small inputs so you will need to figure out a way to combine inputs without sacrificing privacy. This is usually where mixers come into play

What if the coins you re receiving are crime coins? im paranoid about that.

Partial privacy can be achieved by receiving funds into a new address every time. All your bitcoins are spread out across a hundred addresses and no one can monitor your total holdings. This is how Satoshi envisioned it.

There's no such thing as “crime coins”. There are crimes, and there are coins, but coins are not capable of committing crimes.

Bitcoins, like any proper form of money, are 100% fungible (http://www.merriam-webster.com/dictionary/fungible).

Its not per se better, but it is more flexible.


I personally dont trust blockchain.info very much, so this might very well be bias on my end.


Yes, but when you want to spend them you might have to combine inputs from several addresses, which would like addresses together.

You combine just enough funds from different addresses to pay for what you need and send the change to a new address. No one can monitor your total holdings. That is what OP wants.

Why is this false, then?

LOL, nope, bitcoin is not 100% fungible. Does that mean bitcoin is not a proper form of money? Nope.
I like bitcoin's traceability as much as I like ring signature's untraceability.
Monero in your definition is proper money but I don't think it will be bigger than bitcoin. Bitcoins are just better for some things and more easily regulated, I think governments will support bitcoin because of this traceability and a perfectly readable public ledger.

Please explain why Bitcoin is not fungible.

Would you buy bitcoins stolen from bter or mtgox for the same price as coins on exchanges? There are sellers out there....
I believe you can get a decent discount ;)

uhmm can you give example of at least one seller? i have never seen one on forum

I have no way of knowing they are stolen. I can trace the transactions (well, as a matter of fact, I don't know how), but that will just be an assumption ready than irrefutable truth.

bter:
7170 BTC got stolen from our cold wallet in this transaction:
https://blockchain.info/tx/f5b0363f03e1ed8bb812c135361ea93590c831ce9f13a3750be1b93575baccc6

if those coins move into your wallet and you try to sell on an exchange, you will be suspect no 1.
bitcoin's transactions are a public ledger, everybody sees where the coins are moving

Edit: "suspect" is a very weak word... it's like you have big pile of cocaine at home and try to tell the cops you know nothing about it

you think hackers that stole millions in bitcoin will advertise here?
such people are usually not stupid.

Thanks for making me a suspect of a crime I didn't commit. Meanwhile, the actual thief of the 7170 BTC will roam free as nothing has happened.

life is hard :) if you bought those coins you had to pay with cash (bank transfer if the hacker is stupid) and i am sure if you are reasonable with the government officials and lead them to the seller, you would not be charged.
that's what's actually nice about bitcoin. thieves can be caught when they start cashing out...

OK, so you're telling me I'm free to buy those bitcoins as long as I help the government catch the bad guys. That seems reasonable, and it also means that Bitcoin remains fungible.

You are a tough nut to crack :)
http://www.coindesk.com/bitcoin-tracking-proposal-divides-bitcoin-community/
http://www.coindesk.com/bonafide-raises-850k-build-reputation-system-bitcoin/

I'm disappointed that Mike Hearn actually believes that coin marking is a good idea.

Yes it is.

Suppose I have one bitcoin on address A (stolen from MtGox), and one on address B (legally purchased from Coinbase). I now transfer them both to address C. And then from C, I transfer one bitcoin to address P and one to address Q (in a single tx). Which one is the stolen bitcoin: the one on P or Q?

It's already true. See my example above.

I think they don't provide privacy, the privacy is only provided by you being careful with your transactions

If Bitcoin is 100% fungible then these guys are doing some crazy magic distinguishing one bitcoin from the another:

Sanitizing Bitcoin: This Company Wants To Track 'Clean' Bitcoin Accounts
It’s a tracking system for Bitcoin ownership that would theoretically weed out ‘bad actors’ – like the Dread Pirate Roberts – from the legitimate Bitcoin business world. Their plan is to compile a database of the known identities associated with Bitcoin addresses in the hope that Coin Validation will become the one-stop-identity shop for law enforcement when trying to find out who’s doing something nefarious with Bitcoin, while providing a red-flag system for businesses who have customers trying to use Bitcoin that’s associated with illicit use.
http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/

-

Lets take your example - if I own the wallet C and try to convert all those bitcoins to cash, do you think everything would go smooth and nobody would ask questions because every bitcoin is like any other bitcoin?

If you said bitcoin is 90% fungible I would have said nothing but 100%?
Obviously not.

Definitely, what they are doing is crazy.

Also, banknotes have serial numbers, and I see nobody saying that the dollar is not fungible.

I'm not considering wallet C, I'm considering P and Q. Or, similar to the step from A+B to P+Q, you can do the same five or ten more times. You'll end up with an arbitrary number of wallets, which can most definitely be converted to Euros or Dollars without any problem. The only involvement of 'tainted' coins is many steps back in the transaction chain (of which nobody can claim they were already yours at that point), and there's no way to tell 'right' from 'wrong' coins.

Besides, you seem to assume you always want to convert bitcoins to fiat. Not true. Any bitcoins I have, legally earned or stolen, I sure as hell would not invest them in feeble, air-funded currencies like EUR or USD.

I think this sums it up well, and who wants to be careful with their transactions?  Sounds inconvenient.  Better to use some kind of a mixer.

BTW, why don't the thieves just use a mixer, maybe a CoinJoin mixer?

If they know what they're doing, they will do just that. And then, how will I know if money they are sending me was related to the robbery or not?

Why is that?  Is this a widely held opinion?

Maybe because of this.

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

Not sure, their Block explorer was unreliable for a long time. There are other options now, so I cant tell if they improved performance. The reused R value incident was the most recent screw up and while their reaction was good it still leaves a bad aftertaste. I think its still the most popular online wallet though.

Do any of the others wallets have a built-in interface to a mixer?

blockchain is by far the most popular online wallet at the moment. The reused R value incident did not leave any of their customers with any actual lost funds (and blockchain actually lost very few funds as a result of this).

On the positive side, customers/users of blockchain's wallet service do have the ease of using a website to manage their funds while having the security of controlling their private keys.

With that being said there are a number of potential security vulnerabilities to using their wallet