Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: genjix on January 16, 2014, 03:23:40 AM



Title: Stealth address with SX (anonymous payments)
Post by: genjix on January 16, 2014, 03:23:40 AM
SX may release - stealth tools, EC commands, HD keys

See the tutorials on HD keys (http://sx.dyne.org/hdkeys.html) and stealth payments (http://sx.dyne.org/stealth.html).

Code:
$ sx stealth-newkey
Stealth address: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L
Scan secret: af4afaeb40810e5f8abdbb177c31a2d310913f91cf556f5350bca10cbfe8b9ec
Spend secret: d39758028e201e8edf6d6eec6910ae4038f9b1db3f2d4e2d109ed833be94a026
$ sx mktx txfile.tx --output vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L:100
Added output sending 100 Satoshis to 1BjqrpQqr4tY5YPQkL8aG7NGkFbTbiuVu.
$ sx fetch-stealth
ephemkey: 0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd address: 1DUhzP41otHNKijH4B6dZN1SRVuYJyYfrp tx_hash: 63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518
ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9
...

Code:
$ SEED=$(sx hd-seed)
$ echo $SEED
xprv9s21ZrQH143K3YEx9tNjNtm6FJJHWuKRMmnXw42Eq6RiKt7oRpkKViHPJDnVvVZweqnjxEn6UsFLmztqCc5STduaMMGbwxgwMEkR8xM5wbK
$ echo $SEED | sx hd-seed | sx hd-priv 0 | sx hd-priv 0 | sx hd-priv 1 --hard
xprv9zShfTYMrPQdXBs1x4zYcf99DGyvykdvYxfdovarBZTh7RTZZ5vNgrdS4eQDPTxN9YnjSzfjVf6eWvEKuNubwLUoEYNg5cDfKp5RQVmYj2x

Code:
$ sx help
...
EC MATH
   ec-add-modp                Calculate the result of INTEGER + INTEGER.
   ec-multiply                Multiply an integer and a point together.
   ec-tweak-add               Calculate the result of POINT + INTEGER * G.

Install globally:

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ sudo bash install-sx.sh

Install locally (non-root):

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ bash install-sx.sh usr/


Title: Re: Stealth payments with SX
Post by: oakpacific on January 16, 2014, 09:36:51 AM
The most important difference between this and the deterministic wallet is  that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.


Title: Re: Stealth payments with SX
Post by: genjix on January 16, 2014, 12:30:32 PM
The most important difference between this and the deterministic wallet is  that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.

It's fantastic. This combined with CoinJoin = unstoppable anonymous Bitcoin.


Title: Re: Stealth payments with SX
Post by: waxwing on January 16, 2014, 12:35:42 PM
Nice work, Amir :)

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?



Title: Re: Stealth payments with SX
Post by: genjix on January 16, 2014, 12:37:12 PM
Nice work, Amir :)

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

I've changed the link now in the OP.

Original link: https://wiki.unsystem.net/index.php/Sx/Stealth

Alternative link: https://en.bitcoin.it/wiki/Sx/Stealth

All these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written.


Title: Re: Stealth payments with SX
Post by: waxwing on January 16, 2014, 12:43:07 PM
Nice work, Amir :)

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

I've changed the link now in the OP.

Original link: https://wiki.unsystem.net/index.php/Sx/Stealth

Alternative link: https://en.bitcoin.it/wiki/Sx/Stealth

All these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written.

 :D

Imagine it; stealth + coinjoin - no one can trace the transactions. multisig - website can never steal funds. SR website code - open sourced with multiple servers for decentralization (maybe Twister too I don't even know anything about it yet).

Soon we'll reach a point where it doesn't even matter if the FBI run SR from their headquarters - it'll still be safe :D


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on January 16, 2014, 12:50:25 PM
exactly :)

I've written more plans for this: https://wiki.unsystem.net/index.php/DarkWallet/Overview


Title: Re: Stealth address with SX (anonymous payments)
Post by: cr1776 on January 16, 2014, 01:04:27 PM
exactly :)

I've written more plans for this: https://wiki.unsystem.net/index.php/DarkWallet/Overview

This is very nice.


Title: Re: Stealth address with SX (anonymous payments)
Post by: bigb159 on January 16, 2014, 01:14:26 PM
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.


Title: Re: Stealth address with SX (anonymous payments)
Post by: oakpacific on January 16, 2014, 01:18:15 PM
I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on January 16, 2014, 01:19:35 PM
I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?

Nothing is stored on your computer. There's no files involved in this. You are responsible for keeping the secret. I suggest storing it encrypted somewhere or writing it down on a piece of paper.


Title: Re: Stealth address with SX (anonymous payments)
Post by: prof7bit on January 16, 2014, 01:56:39 PM
The github address linked in section 1.3 on sx.dyne.org: https://github.com/genjix/sx/ does not work for me (404)

Otherwise these sx tools seem to be a great project, exactly what I was looking for all the time, why didn't I see this earlier?


Title: Re: Stealth address with SX (anonymous payments)
Post by: kcirazy on January 16, 2014, 02:58:15 PM
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
I think Jemery preferred "Reusable addresses", because this type of address can be re-used by multiple payers, without losing privacy.
- Mike, Wladimir, Odinn and Gregory agreed with this.

Other than that. Excelent work genjix! Great to see that SX is well supported.


Title: Re: Stealth address with SX (anonymous payments)
Post by: agorism on January 16, 2014, 03:30:10 PM
This is AMAZING!!!
Thank you so much for this contribution :D

We have encrypted transactions now.
Can we implement deniable transactions, like OTR?


Title: Re: Stealth address with SX (anonymous payments)
Post by: minorman on January 16, 2014, 04:12:20 PM
Great work, Amir!  :D


Title: Re: Stealth address with SX (anonymous payments)
Post by: waxwing on January 16, 2014, 04:31:14 PM
Can we implement deniable transactions, like OTR?

I think it's a core aspect of Bitcoin that the transaction record is public. So I can't see how OTR can ever work (even if you prune outputs, a record will still exist somewhere). But deniability is addressed via coinjoin, coinswap, mixing and stealth to an incredible extent, if they're all implemented and widely used.

Only Zerocoin (in general, zero knowledge proofs) can address what you hope for fully. Once you can prove possession of a secret without leaking any information, the entire blockchain can go dark.


Title: Re: Stealth address with SX (anonymous payments)
Post by: marcus_of_augustus on January 16, 2014, 09:33:02 PM
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.

Maybe since it is in essence a Diffie-Hellman key exchange technique ... you could call it Forward Privacy Transaction or DH-TX or some such ... i.e. in same name as the original cryptographic technique it is based upon?

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange)


Edit:
Quote
while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

... you could use a stealth address secured in the namecoin blockchain for human-readable authentication, without a 3rd party.


Title: Re: Stealth address with SX (anonymous payments)
Post by: Peter Todd on January 16, 2014, 09:48:42 PM
My thoughts on my stealth addresses should be called stealth addresses:


I'm very against the name "reusable addresses" and strongly believe we
should stick with the name stealth addresses.

You gotta look at it from the perspective of a user; lets take standard
pay-to-pubkey-hash addresses: I can tell my wallet to pay one as many
times as I want and everything works just great. I also can enter the
address on blockchain.info's search box, and every transaction related
to the address, and the balance of it, pops up immediately.

What is that telling me? A: Addresses starting with "1" are reusable. B:
Transactions associated with them appear to be public knowledge.

Now I upgrade my wallet software and it says I now have a "reusable"
address. My reaction is "Huh? Normal addresses are reusable, what's
special about this weird reusable address thing that my buddy Bob's
wallet software couldn't pay." I might even try to enter in a "reusable"
address in blockchain.info, which won't work, and I'll just figure
"must be some new unsupported thing" and move on with my life.

On the other hand, suppose my wallet says I now have "stealth address"
support. I'm going to think "Huh, stealth? I guess that means privacy
right? I like privacy." If I try searching for a stealth address on
blockchain.info, when it doesn't work I might think twig on "Oh right!
It said stealth addresses are private, so maybe the transactions are
hidden?" I might also think "Maybe this is like stealth/incognito mode
in my browser? So like, there's no history being kept for others to
see?" Regardless, I'm going to be thinking "well I hear scary stuff
about Bitcoin privacy, and this stealth thing sounds like it's gonna
help, so I should learn more about that"

Finally keep in mind that stealth addresses have had a tonne of very
fast, and very wide reaching PR. The name is in the public consciousness
already, and trying to change it now just because of vague bad
associations is going to throw away the momentum of that good PR and
slow down adoption. Last night I was at the Toronto Bitcoin Meetup and I
based on conversations there with people there, technical and
non-technical, almost everyone had heard about them and almost everyone
seemed to understand the basic idea of why they were a good thing. That
just wouldn't have happened with a name that tried to hide what stealth
addresses were for, and by changing the name now we risk people not
making the connection when wallet software gets upgraded to support
them.

-http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03725.html


Title: Re: Stealth address with SX (anonymous payments)
Post by: drrussellshane on January 16, 2014, 09:52:27 PM
Nice work Amir!



Title: Re: Stealth address with SX (anonymous payments)
Post by: marcus_of_augustus on January 16, 2014, 10:01:06 PM
My thoughts on my stealth addresses should be called stealth addresses:


I'm very against the name "reusable addresses" and strongly believe we
should stick with the name stealth addresses.
.....

Well done for this work Peter!  :)

good arguments all ... and of course author(s) get naming rights ... so Stealth Addresses they are I say.


Title: Re: Stealth address with SX (anonymous payments)
Post by: waxwing on January 16, 2014, 10:09:36 PM
My thoughts on my why stealth addresses should be called stealth addresses:
<snipped>

Yes, I've just been reading and thinking about this. It is closely related to what I was just discussing with fellowtraveler; are we going to try to hide the fact that Bitcoin can be relatively anonymous? I know the core idea here is just to give some privacy in a certain context, but especially when combined with coinjoin and other techs, what we're doing here is really exploring how close we can get to proper anonymity. I find it really disingenuous when I hear a certain brand of Bitcoin advocate constantly parrot the line "oh, it's nowhere near as anonymous as cash, it's traceable, the blockchain is completely public". This line was trotted out by everyone at the Senate hearings too. To me it's some kind of wishful thinking going on here by many in the bitcoin community (including core devs) that don't wan't to pay attention to the inevitable political consequences of what they're doing. "It's neutral, it's just tech, it's not a challenge to the status quo". This is head-in-the-sand stuff.

I'm sorry if that seems like a bit of a tangent to your point. But I don't think it is. I think the whole reason people leapt into the naming debate is because they're determined not to paint Bitcoin as what it actually is - money independent of external control.

By the way, thanks for your work on this.


Title: Re: Stealth address with SX (anonymous payments)
Post by: spooderman on January 16, 2014, 10:18:22 PM
subscribing


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on January 16, 2014, 11:25:57 PM
https://i.imgur.com/PRz88iq.jpg


Title: Re: Stealth address with SX (anonymous payments)
Post by: johnyj on January 17, 2014, 04:05:42 AM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?


Title: Re: Stealth address with SX (anonymous payments)
Post by: oakpacific on January 17, 2014, 04:11:51 AM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?

Yes


Title: Re: Stealth address with SX (anonymous payments)
Post by: asherp on January 17, 2014, 09:07:33 AM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?

This creates a strong use-case for Twister adoption: Put your stealth address in your twister profile. When you send a payment, send a direct message with the nonce to the receiver. DM's are encrypted in twister. Take it a step further: bake this feature into every bitcoin-twister client so the user never even sees their stealth address. Then, all bitcoin payments reduce to "1.5mB @bob". It takes all the centralization out of the current tipping schemes and makes them forward-anonymous by default.


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on January 17, 2014, 11:57:48 AM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?

This creates a strong use-case for Twister adoption: Put your stealth address in your twister profile. When you send a payment, send a direct message with the nonce to the receiver. DM's are encrypted in twister. Take it a step further: bake this feature into every bitcoin-twister client so the user never even sees their stealth address. Then, all bitcoin payments reduce to "1.5mB @bob". It takes all the centralization out of the current tipping schemes and makes them forward-anonymous by default.

ssshhhh you're giving away my secrets ;)


Title: Re: Stealth address with SX (anonymous payments)
Post by: ssshhh on January 17, 2014, 04:35:34 PM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?

This creates a strong use-case for Twister adoption: Put your stealth address in your twister profile. When you send a payment, send a direct message with the nonce to the receiver. DM's are encrypted in twister. Take it a step further: bake this feature into every bitcoin-twister client so the user never even sees their stealth address. Then, all bitcoin payments reduce to "1.5mB @bob". It takes all the centralization out of the current tipping schemes and makes them forward-anonymous by default.

ssshhhh you're giving away my secrets ;)

I said nothing  ;D


Title: Re: Stealth address with SX (anonymous payments)
Post by: minimalB on January 17, 2014, 04:55:32 PM
I said nothing  ;D

LOL  ;D

BTW: Thanks so much for this development, it really is GREAT!


Title: Re: Stealth address with SX (anonymous payments)
Post by: JoeChmoe on January 17, 2014, 06:15:35 PM
This is a huge development, gotta love the community.


Title: Re: Stealth address with SX (anonymous payments)
Post by: asherp on January 17, 2014, 08:10:05 PM
Cool  ::) ::)

If I understand it correct, the sender must know the stealth address from the receiver and the receiver must know the nonce from the sender, so information need to be exchanged both way, comparing with the standard way of only providing a receiving address?

This creates a strong use-case for Twister adoption: Put your stealth address in your twister profile. When you send a payment, send a direct message with the nonce to the receiver. DM's are encrypted in twister. Take it a step further: bake this feature into every bitcoin-twister client so the user never even sees their stealth address. Then, all bitcoin payments reduce to "1.5mB @bob". It takes all the centralization out of the current tipping schemes and makes them forward-anonymous by default.

ssshhhh you're giving away my secrets ;)

Sorry. I just can't help myself. Haven't even been sleeping since my mind exploded over this. What I just realized is that your client could by default display your balance in your local currency based on geolocation data. This means users wouldn't even know they're using bitcoin!

Alice: +$5.00 @bob
Bob sees his account balance is now 66.35 pesos
Carol: Hey @Alice, @Bob have you heard of bitcoin?
Bob and Alice: wtf is bitcoin?
Carol: it's what made your transaction possible!
Bob: yeah.. And?
Alice: @Carol stop being a smartass


Title: Re: Stealth address with SX (anonymous payments)
Post by: AsymmetricInformation on January 17, 2014, 09:46:27 PM
In a separate post I describe thoughts on how stealth addresses can be used to prevent third parties from learning BOTH the recipient address and the payment amount.

https://bitcointalk.org/index.php?topic=419097.0


Title: Re: Stealth address with SX (anonymous payments)
Post by: alp on January 17, 2014, 10:21:01 PM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.


Title: Re: Stealth address with SX (anonymous payments)
Post by: asherp on January 17, 2014, 11:38:21 PM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

The way things are going with twister integration, it won't even matter whether we call them "stealth" addresses at all, because the average user won't even know they exist! When they make a payment it'll be to an identity - a person - not to some incomprehensible string of numbers. From that perspective, call them whatever you want.


Title: Re: Stealth address with SX (anonymous payments)
Post by: Peter Todd on January 18, 2014, 12:19:35 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

The way things are going with twister integration, it won't even matter whether we call them "stealth" addresses at all, because the average user won't even know they exist! When they make a payment it'll be to an identity - a person - not to some incomprehensible string of numbers. From that perspective, call them whatever you want.

Exactly. Addresses in general are going to be replaced by various payment protocols and identification systems. I think a good analogy is DNS: the vast majority of the time you type a DNS name into your URL bar in your browser. Behind the scenes that gets resolved to an IP address, and the fact that you can type an IP address instead of a DNS name is only possible because sometimes advanced users and developers need to debug things at a lower-level than you normally would use. Just like 95% of users have probably never heard the term "IPv4 address" in the future 95% of users will have never heard the term "stealth address"

As for now, we've got a lot of great press using the term, and changing the name now for vague reasons of "acceptability" will just confuse people when we start rolling out stealth address support in wallets for the early adopters to use.

Anyway, enough with this silly bike-shedding; lets get some work done.


Title: Re: Stealth address with SX (anonymous payments)
Post by: marcus_of_augustus on January 18, 2014, 12:46:19 AM
Quote
Anyway, enough with this silly bike-shedding; lets get some work done.

I think I just got a glimpse of lead dev in waiting ....


Title: Re: Stealth address with SX (anonymous payments)
Post by: alp on January 18, 2014, 01:22:17 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

The way things are going with twister integration, it won't even matter whether we call them "stealth" addresses at all, because the average user won't even know they exist! When they make a payment it'll be to an identity - a person - not to some incomprehensible string of numbers. From that perspective, call them whatever you want.

Exactly. Addresses in general are going to be replaced by various payment protocols and identification systems. I think a good analogy is DNS: the vast majority of the time you type a DNS name into your URL bar in your browser. Behind the scenes that gets resolved to an IP address, and the fact that you can type an IP address instead of a DNS name is only possible because sometimes advanced users and developers need to debug things at a lower-level than you normally would use. Just like 95% of users have probably never heard the term "IPv4 address" in the future 95% of users will have never heard the term "stealth address"

As for now, we've got a lot of great press using the term, and changing the name now for vague reasons of "acceptability" will just confuse people when we start rolling out stealth address support in wallets for the early adopters to use.

Anyway, enough with this silly bike-shedding; lets get some work done.

I'm not pleased with any of the alternative names either, and as long as it is transparent to the user, all is well with me!

There still needs to be a name, though, even if it is the default.  Users do know of "web address" to visit their webpage even if they don't know the magic of how it works underneath.  Even something as bland as Payment Identifier could work for this purpose.  Stealth address would be one specific type of such an identifier that could be used for more technical people who want to understand the guts.

Look at how much damage has to be undone because of a poorly named "Bitcoin Address".  Names are far more than bikeshedding and can lead people to make very incorrect assumptions and lead people astray.  My concern is mostly about mainstreaming the Stealth Address feature while not putting it in some pigeonhole of "oooh scary advanced secret stuff only bad people use".  People that care about privacy are not going to be the target here.  It's the people who say "so what" to the privacy claim.  Stealth buys them nothing.  But make it work without them knowing and you could call it ice cream dump truck and it's just as good.


Title: Re: Stealth address with SX (anonymous payments)
Post by: oakpacific on January 18, 2014, 02:24:12 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

No, everyone cares about privacy, at least to a certain degree. Or maybe you could find me someone who would love to show me his bank transaction history.


Title: Re: Stealth address with SX (anonymous payments)
Post by: alp on January 18, 2014, 02:35:49 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

No, everyone cares about privacy, at least to a certain degree. Or maybe you could find me someone who would love to show me his bank transaction history.

If this were the case, Edward Snowden wouldn't be hiding in Russia, no one would be using Facebook, and Tor would be standard.  For the vast majority, privacy is simply not valued by most people when it comes down to actually put in any effort.  The Bitcoin community in general is going to have a selection bias towards those who care more than the average person.


Title: Re: Stealth address with SX (anonymous payments)
Post by: oakpacific on January 18, 2014, 02:44:48 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

No, everyone cares about privacy, at least to a certain degree. Or maybe you could find me someone who would love to show me his bank transaction history.

If this were the case, Edward Snowden wouldn't be hiding in Russia, no one would be using Facebook, and Tor would be standard.  For the vast majority, privacy is simply not valued by most people when it comes down to actually put in any effort.  The Bitcoin community in general is going to have a selection bias towards those who care more than the average person.

Privacy is valued, when people appear to not care about it the threat is usually not tangible, as in your Snowden, FB and Tor case. When your bank/credit card history is out, or you are caught masturbating you will immediately feel how important it really is. Same happens when your friend/wife just saw your bitcoin transaction to a stripper on blockchain.info.

Also the incognito mode seems so important that every browser maker feels the need to put it in.


Title: Re: Stealth address with SX (anonymous payments)
Post by: alp on January 18, 2014, 03:09:09 AM
My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

No, everyone cares about privacy, at least to a certain degree. Or maybe you could find me someone who would love to show me his bank transaction history.

If this were the case, Edward Snowden wouldn't be hiding in Russia, no one would be using Facebook, and Tor would be standard.  For the vast majority, privacy is simply not valued by most people when it comes down to actually put in any effort.  The Bitcoin community in general is going to have a selection bias towards those who care more than the average person.

Privacy is valued, when people appear to not care about it the threat is usually not tangible, as in your Snowden, FB and Tor case. When your bank/credit card history is out, or you are caught masturbating you will immediately feel how important it really is. Same happens when your friend/wife just saw your bitcoin transaction to a stripper on blockchain.info.

Also the incognito mode seems so important that every browser maker feels the need to put it in.

How often is incognito mode used?  I would say 95% of users never touch it.  How many people stop using credit cards after the account details are hacked?

Do you really think people view being able to see chained transactions as a tangible threat?  Most people won't.  As Bitcoin becomes more mainstream, fewer percentages of people will care as well, EVEN IF bad things happen, which constantly happens.

I'm not denying that it is important, but most people will not take the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.


Title: Re: Stealth address with SX (anonymous payments)
Post by: oakpacific on January 18, 2014, 03:21:58 AM


I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.


Title: Re: Stealth address with SX (anonymous payments)
Post by: alp on January 18, 2014, 10:31:14 PM


I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.

There's a different option you can do that costs more, from what I remember about it.
http://gigaom.com/2013/12/11/atts-gigabit-service-is-70-if-you-let-it-spy-on-your-searches/

And the Bitcoin "threat" is equally as intangible.  Users think that following typical procedures, Bitcoin is anonymous!  Why go the extra step?  There are a lot of misconceptions and misuses today, and we probably have the most educated userbase we will have looking forward, right now.


Title: Re: Stealth address with SX (anonymous payments)
Post by: johnyj on January 20, 2014, 12:27:38 AM
I'd rather use "safe address" or "secure address" instead  8)


Title: Re: Stealth address with SX (anonymous payments)
Post by: mb300sd on January 20, 2014, 01:21:10 AM


I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.

There's a different option you can do that costs more, from what I remember about it.
http://gigaom.com/2013/12/11/atts-gigabit-service-is-70-if-you-let-it-spy-on-your-searches/

And the Bitcoin "threat" is equally as intangible.  Users think that following typical procedures, Bitcoin is anonymous!  Why go the extra step?  There are a lot of misconceptions and misuses today, and we probably have the most educated userbase we will have looking forward, right now.

I'd actually be fine with that ATT service, 1Gbps and all they'll every see is an encrypted VPN tunnel ;D.


Title: Re: Stealth address with SX (anonymous payments)
Post by: jl2012 on January 21, 2014, 02:54:46 AM
As I understand, the payer has to generate a key pair, and lets the payee knows the public key. Without the public key, the payee is unable to spend the fund. There are 2 channels for the payee to learn the payer public key:

1. Including the payer public key as an OP_RETURN output. This will increase the transaction cost and may not be desirable. Could we specify a smaller key size, an therefore a smaller public key? Since the purpose of the key is not to secure the fund, a smaller key size should be okay.

2. Transferring the public key with other channel. This one is more blockchain-friendly. However, there is a risk of losing the public key so the fund is permanently locked. Should we recommend the payer to generate the key pairs in a deterministic way, and backup the root key?


Title: Re: Stealth address with SX (anonymous payments)
Post by: Peter Todd on January 21, 2014, 04:21:49 AM
As I understand, the payer has to generate a key pair, and lets the payee knows the public key. Without the public key, the payee is unable to spend the fund. There are 2 channels for the payee to learn the payer public key:

1. Including the payer public key as an OP_RETURN output. This will increase the transaction cost and may not be desirable. Could we specify a smaller key size, an therefore a smaller public key? Since the purpose of the key is not to secure the fund, a smaller key size should be okay.

You can also use a txin pubkey in the scriptSig, at the cost of reduced privacy, or a txout with a pubkey, e.g. <pubkey> CHECKSIG, again at cost of privacy. I suggested OP_RETURN because the extra size, about 15%, is relatively small. Multi-signature wallets use a lot more extra data than that.

2. Transferring the public key with other channel. This one is more blockchain-friendly. However, there is a risk of losing the public key so the fund is permanently locked. Should we recommend the payer to generate the key pairs in a deterministic way, and backup the root key?

Amir originally suggested using Bitmessage for that task, but losing funds is unacceptable - you really want the transaction to be atomic which forces all relevant information required to spend to be in the transaction itself.


Title: Re: Stealth address with SX (anonymous payments)
Post by: westkybitcoins on January 22, 2014, 12:52:41 AM
Amir originally suggested using Bitmessage for that task, but losing funds is unacceptable - you really want the transaction to be atomic which forces all relevant information required to spend to be in the transaction itself.

EDIT: snipped non-helpful thought caused by my own confusion. Oy!

Oh, and yes, awesome work Amir! Bitcoin needs more people like you!


Title: Re: Stealth address with SX (anonymous payments)
Post by: stenkross on January 27, 2014, 10:04:34 AM
Awsome work!

There's just one detail I don't get; How does the recipient get hold of the "SECRET NONCE" from the sender?


Title: Re: Stealth address with SX (anonymous payments)
Post by: prezbo on January 27, 2014, 10:10:50 AM
Awsome work!

There's just one detail I don't get; How does the recipient get hold of the "SECRET NONCE" from the sender?
It's included in the transaction, encoded in another output.


Title: Re: Stealth address with SX (anonymous payments)
Post by: kcirazy on January 31, 2014, 11:39:35 AM
Could sending many dust transactions to a stealth address be a way to inconvenience the receiver? Or perhaps a way to force them to reveal sensitive details?


Title: Re: Stealth address with SX (anonymous payments)
Post by: d'aniel on January 31, 2014, 09:00:20 PM
Could sending many dust transactions to a stealth address be a way to inconvenience the receiver? Or perhaps a way to force them to reveal sensitive details?
If the value is too small to be worth checking, it could just be ignored.


Title: Re: Stealth address with SX (anonymous payments)
Post by: ShadowOfHarbringer on February 01, 2014, 01:55:47 AM
/me is watching this.


Title: Re: Stealth address with SX (anonymous payments)
Post by: SteamGamesBTC.com on February 01, 2014, 10:02:33 PM
Good work, thank you. Hope in the future it will be builtin in official client. Cheers.


Title: Re: Stealth address with SX (anonymous payments)
Post by: ABISprotocol on February 05, 2014, 06:49:42 PM
Very nice, thank you for this. Have been watching SX / obelisk / libbitcoin development for a while.

Cheers


Title: Re: Stealth address with SX (anonymous payments)
Post by: E.Sam on February 09, 2014, 04:40:07 PM
Just to let everyone know, if you are a Mac user and entertained the idea of using Stealthbit app https://github.com/thomasrevor/StealthBit, then don't. It's a OSX malware that will empty your wallet. Just thought of mentioning it here since it is about stealth addresses.

I mentioned it here: https://bitcointalk.org/index.php?topic=266813.msg4943840#msg4943840

The first victim just came forward: http://www.reddit.com/r/Bitcoin/comments/1xf2qj/my_wallet_just_emptied_into_this_address/

Scam forum section: https://bitcointalk.org/index.php?topic=454903.new#new


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on February 11, 2014, 09:47:38 AM
pity people don't have software to do common tasks and need to resort to installing dodgy malware. anyway that will change with time.

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

testing code for those interested: https://github.com/genjix/stealth

(implementation detail: it's currently using number_bits=0 so not using the prefix optimisation. this is only for my testing purposes.)


Title: Re: Stealth address with SX (anonymous payments)
Post by: marcus_of_augustus on February 11, 2014, 10:09:52 AM

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Quote
Unable to decode input address

Epic!


Title: Re: Stealth address with SX (anonymous payments)
Post by: Rampion on February 11, 2014, 10:37:05 AM

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Quote
Unable to decode input address

Epic!

Sweet. Historic. Go Amir, Go!!


Title: Re: Stealth address with SX (anonymous payments)
Post by: ShadowOfHarbringer on February 11, 2014, 12:13:56 PM

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Quote
Unable to decode input address

Epic!

Sweet. Historic. Go Amir, Go!!
O_O. Truly epic.


Title: Re: Stealth address with SX (anonymous payments)
Post by: e4xit on February 11, 2014, 12:52:03 PM
pity people don't have software to do common tasks and need to resort to installing dodgy malware. anyway that will change with time.

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

testing code for those interested: https://github.com/genjix/stealth

(implementation detail: it's currently using number_bits=0 so not using the prefix optimisation. this is only for my testing purposes.)

Now that's cool!..

Also:
Code:
OP_RETURN 06deadbeef0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd
deadbeef?


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on February 11, 2014, 07:19:12 PM
thanks for appreciation of my work, it's a nice donation. as an opensource coder, I love it when people to steal my work.

e4xit- yeah the deadbeef is a 4 byte nonce. see:
https://wiki.unsystem.net/index.php/DarkWallet/Stealth

it's a (currently) unused scalability feature that will be enabled later once the number of stealth txs goes up.
people will be able to reissue stealth keys and narrow the space of possible candidate txs from the blockchain to reduce the processing and traffic they need. in the beginning we might not even split the space so everyone's transactions can protect each other.
normally you should brute-force different values until you find a hash where the first N bits matches what's specified by the stealth address. Since I'm using N=0, it doesn't matter what I put there - I'm using this for developing the server side stealth features in obelisk.

it's a very smart feature from peter todd. bloom filters is not scalable, efficient nor really that private.


Title: Re: Stealth address with SX (anonymous payments)
Post by: drrussellshane on February 11, 2014, 08:13:34 PM
I tried to install this on Ubuntu using:

Code:
$ wget http://sx.dyne.org/install-sx.sh
$ sudo bash ./install-sx.sh

and it said that I needed some things, so I told it to get and install the packages, and all was going well until it told me how much space was required and asked if I'd like to continue.... when I pressed "Y", it merely returned "Abort."

I tried to use sx after the (failed) installation, but it told me that sx was not installed, and suggested that I install something (which I am quite certain is not the sx/libbitcoin stuff).

Thus, I cannot use sx.

Any ideas?


Title: Re: Stealth address with SX (anonymous payments)
Post by: ColonelCrypto on February 14, 2014, 05:15:52 AM
btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

http://sinsip.com/Jl.jpg


Title: Re: Stealth address with SX (anonymous payments)
Post by: BTC5OOO on February 14, 2014, 05:41:47 AM
pity people don't have software to do common tasks and need to resort to installing dodgy malware. anyway that will change with time.

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

testing code for those interested: https://github.com/genjix/stealth

(implementation detail: it's currently using number_bits=0 so not using the prefix optimisation. this is only for my testing purposes.)

Unable to decode input address

/\off the chain!!!! =) *many thanks & keep up the good work!


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on February 14, 2014, 09:08:04 AM
thx for flattery. I also take donations: 1Fufjpf9RM2aQsGedhSpbSCGRHrmLMJ7yY

Stealth blockchain stuff is now part of libbitcoin, obelisk .etc

More info: https://wiki.unsystem.net/index.php/DarkWallet/Stealth#Toys

You can lookup the transactions in the blockchain, do the comparisons and find candidate results.

Documentation about everything is on the wiki for developers.

Code:
$ sx fetch-stealth
Usage: fetch-stealth NUMBER_BITS BITFIELD [FROM_HEIGHT]
$ sx fetch-stealth 2 deadbeef
DEBUG: ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9
DEBUG: ephemkey: 02828c82feeae6ea5526e1b17adf3a7e9a1ee53680fc0ba651a3e7c1a99529ef24 address: 1QJSNUqt8HRygcNvbyYHQw5NizMCBkixsb tx_hash: 75885e50418cee0e527316df1f740ef6bc6b60a4b325c6d8d20e00a053cd27f9
DEBUG: ephemkey: 03a3e941099eda82cee7727e238e34283611e71debe063ed5029b51336060de080 address: 1KnByqTSjWbh5gb2K74Nkdf6oU5VMtfJqf tx_hash: 6deba5f43c85d881fa88fd40f53ab2c825682d4829db0154982ddf9f60a9a0c7
DEBUG: ephemkey: 024b4d9a7564644deb94743872e6823f87c1ce8cca7c2ba84cd926dea5498a0a53 address: 14DcERFvDPYTr1PHqphqvQuawvAoFTsKgH tx_hash: ba058ad8330e56b5cb18c08d98c465a91d7ce4d1bc5ac10f1384a0619a3559f4


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on February 14, 2014, 09:08:27 PM

This is pretty Cool!  Exchanging private keys is, I think, a pretty powerful way to increase privacy and throw a monkey-wrench into the methods of user tracking.  I suspect that it is a big factor in why the hammer came down on Casascius.

The natural 'solution' to the 'problem' here would be to simply blacklist transactions signed by an un-mapped private key.  To 'get there' we need a working taint authority.  The 'Bitcoin Source Code Co-Author' (Alex Waters) is hard at work on the problem.   Also we need a reasonably healthy exchange economy with operators who can be realistically forced to honor the taint authorities' output (Overstock, TigerDirect, etc.)  Then just a little time to roll things in in a manner which won't cause excessive resistance ['terrorist' -> 'criminals(bad)' - > 'criminal(fraud)' -> 'tax cheats' -> 'unknown users'].

Will this work?  Time will tell I guess.  Economic principles are distinctly on the side of tainting being highly effective if it can be successfully bootstrapped.  My read on things.



Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on February 14, 2014, 11:16:40 PM
good analysis. not many people are reading between the lines or thinking that far ahead. history teaches us much.


Title: Re: Stealth address with SX (anonymous payments)
Post by: ShadowOfHarbringer on February 14, 2014, 11:25:02 PM
good analysis. not many people are reading between the lines or thinking that far ahead. history teaches us much.

So i guess we need this (and CoinSwap/CoinJoin/CoinControl) in reference client ASAP ? Would it be difficult to do ?


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on February 16, 2014, 08:16:41 AM
Hey Genjix,

This thread got me interested enough in your work to try to include some of it in my personal little build system thingy.  Obviously this is sensitive stuff and I'm security conscious and careful about how and what I put on my systems.  I found just identifying your work (and associated work of others) on the global internet to be difficult and confusing.

 - We've got 'en.bitcoin.it/wiki' stuff pointing to dyne.org stuff.

 - We've got dyne.org stuff pointing to github/gengix stuff (which 404's, but as recently as a few days ago you quoted it seems.)

 - We've got github/spesmilo stuff.

 - We've got 'unsystem.net' stuff.

 - We've got a variety of install scripts which run as root and download various dependencies, up-to-date tools, etc.

If you would feel inclined to give bit of a run-down of the history and locations of your work and related work that would be great.  Likewise, trying to chase down loose documentation and delete or update it would also be helpful.

Your work is 'disruptive inside of disruptive', and in my opinion it is especially important to be precise and rigorous insofar as distribution is concerned.  My opinion.


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on February 16, 2014, 09:31:42 AM
Thanks, we're trying to be organised but it's tricky sometimes.

Basically the main production repos are:

https://github.com/darkwallet
https://github.com/spesmilo/

My personal repo contains mostly experimental/testing stuff which later enters into the above repos as it matures (stufflike Obelisk, stealth, databases, .etc). My toys:

https://github.com/genjix/

The wiki contains a lot of our internal documentation for our projects:

https://wiki.unsystem.net/

Also our IRC channel is important- Freenode #darkwallet (would be cool to see you on there and coordinate). We are offering free bouncers BTW if anyone wants one: https://wiki.unsystem.net/index.php/DarkWallet/Bouncer

The unSYSTEM website should be our landing page, and we plan to syndicate a lot more stuff there but it needs work on both content and tech side (https isn't working):

http://unsystem.net/

d3 (admin for our projects) has setup https://libbitcoin.org/ now and I plan to move the website there, but we need to get the builds working, easy for me to push updates .etc

We also have mailing lists:

https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/libbitcoin
https://lists.unsystem.net/cgi-bin/mailman/listinfo/darkwallet

We definitely need to organise all these resources better. Would be cool to talk on IRC so we can plan if you have some ideas, and we can coordinate with the admin / other people.


Title: Re: Stealth address with SX (anonymous payments)
Post by: BTC5OOO on February 17, 2014, 03:11:03 AM
https://libbitcoin.org/

some genius spelled " revoltionary " wrong or is dat on purpose? lol =)


Title: Re: Stealth address with SX (anonymous payments)
Post by: ADgordo on April 24, 2014, 05:54:48 AM
Forgive my ignorance but why was their an undecodable output on that stealth transaction?


Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 25, 2014, 05:43:54 AM
The natural 'solution' to the 'problem' here would be to simply blacklist transactions signed by an un-mapped private key.  To 'get there' we need a working taint authority.  The 'Bitcoin Source Code Co-Author' (Alex Waters) is hard at work on the problem.
So is Mike Hearn.


Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 25, 2014, 03:27:55 PM
If a sender exchanges one secret with the recipient, it's currently my understanding that every payment that sender creates would have the exact same output script.

It would be a useful property if individuals could exchange a secret once, and generate a deterministic series of output scripts from that point on.


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 25, 2014, 08:28:00 PM
The natural 'solution' to the 'problem' here would be to simply blacklist transactions signed by an un-mapped private key.  To 'get there' we need a working taint authority.  The 'Bitcoin Source Code Co-Author' (Alex Waters) is hard at work on the problem.
So is Mike Hearn.

I have to admit that my first thought when he mentioned that he finally quit Google was whether he had hired on at CoinValidation.  I thought it would be rude to ask :)

I also neglected to wish him the best and hope that he feels a sense of relief that one gets from breaking free of the of the legal, moral, and ethical constraints that some people feel in working for an organization such as Google given the priorities which such organizations must adhere to.  This actually would not have been tongue-n-cheek but rather completely earnest.

That said, I do have a legitimate fear that Hearn can do even more 'damage' (as I, and I suspect you also, would define it) on the 'outside'.



Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on April 25, 2014, 10:57:19 PM
yeah he quit google to go work for circle

http://www.coindesk.com/bitcoin-abandons-anti-establishment-wall-street/

these guys are not into bitcoin for freedom and the new tools it gives us to enable new forms of organisation for humans. they see it as a convenience for consumers to paper over the cracks in the current finance system and perpetuate their corporate culture.


Title: Re: Stealth address with SX (anonymous payments)
Post by: piotr_n on April 25, 2014, 11:43:54 PM
Had he been smart, he would have chosen a right team to play for.  :)


Title: Re: Stealth address with SX (anonymous payments)
Post by: marcus_of_augustus on April 26, 2014, 12:29:23 AM
yeah he quit google to go work for circle

http://www.coindesk.com/bitcoin-abandons-anti-establishment-wall-street/

these guys are not into bitcoin for freedom and the new tools it gives us to enable new forms of organisation for humans. they see it as a convenience for consumers to paper over the cracks in the current finance system and perpetuate their corpro-facist culture.

ftfy


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on April 26, 2014, 09:27:59 AM
oh fuck it's really happening... bitcoin is under attack

http://venturebeat.com/2014/03/26/circle-raises-17m-to-bring-bitcoin-out-of-the-shadows-for-merchants-consumers/

"Launching today in closed beta — with a fresh $17 million in its pocket —
Circle claims its first consumer product enables “faster transactions,
lower costs, greater privacy safeguards and increased protection against
fraud and identity theft.” The company plans to provide tools for both
consumers and businesses, with the overall goal of reducing “the friction
and risk that is currently associated with Bitcoin.”"

> faster transactions, lower costs, greater privacy safeguards and
increased protection against fraud and identity theft.
> increased protection against fraud.
> protection against fraud

> provide tools for both consumers and businesses, with the overall goal
of reducing “the friction and risk that is currently associated with
Bitcoin.”
> reducing the friction and risk
> reducing the risk

funny enough mike hearn quit google to work for circle.

http://www.coindesk.com/bitcoin-abandons-anti-establishment-wall-street/

Allaire is blunt about the transition bitcoin is going through, saying
it’s “absolutely” moving away from its libertarian roots.

lovely. they are going to rescue bitcoin from us.

reducing the risk is newspeak for censorship
protection against fraud is codeword for surveillance.


Title: Re: Stealth address with SX (anonymous payments)
Post by: spooderman on April 26, 2014, 10:16:52 AM
oh ffs. :(

I'm with Andreas:

"Fuck off. Bitcoin is fine."


Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 26, 2014, 04:16:08 PM
I'm trying to understand what this is all about.

Does this feature mean I could send to some address,
But no one knows what the address is, except the recipient?



Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 26, 2014, 05:37:11 PM
Oh look. They are talking about fraud and identity theft.

Hey - so are these people: http://www.govtech.com/security/Drivers-License-for-the-Internet.html

What an amazing coincidence!


Title: Re: Stealth address with SX (anonymous payments)
Post by: Mike Hearn on April 26, 2014, 08:03:42 PM
I do not work for Circle. Amir simply made that up. Nor do I intend to work for them. I quit Google to form my own business.

You guys would have a lot more credibility and annoy people a lot less if you didn't define yourselves by who you hate. Especially when to justify it you end up lying to people.


Title: Re: Stealth address with SX (anonymous payments)
Post by: spooderman on April 26, 2014, 08:23:31 PM
Mike, if I am mistaken I apologise, but my understanding is that you want to change various aspects of the bitcoin protocol and that you are in favour of endeavours that would colour coins.

Are you? If you have explained this elsewhere please point me there and don't waste your time explaining again.


Title: Re: Stealth address with SX (anonymous payments)
Post by: Mike Hearn on April 26, 2014, 08:40:55 PM
The last time I posted on this topic was in this thread:

   https://bitcoinfoundation.org/forum/index.php?/topic/505-coin-tracking/

You can just go read that.


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 26, 2014, 08:42:24 PM
Oh look. They are talking about fraud and identity theft.

Hey - so are these people: http://www.govtech.com/security/Drivers-License-for-the-Internet.html

What an amazing coincidence!

Ya, who could have seen this coming???

Of course it would be a wild conspiricy theory to suggest that a population control mechanism like this could ever be used for anything untoward such as interfering with the freedom of action of ideological or political adversaries to those who control the solution.  I'm sure that Mike and Gavin would agree (and would welcome their input.)

Such an 'internet driver's license' solution really is the cat's meow for solving some of the (very real (no BS!)) problems that Bitcoin has.  It is, in fact, a turnkey solution and a great opportunity for Bitcoin to shake it's questionable heritage and climb on-board the mainstream bus.

It's worth note that 'mainstream bus' and 'gravy train' are two workable terms for the same thing to a goodly portion of current Bitcoin stakeholders.  Myself included in the interest of full disclosure.

 - edit: italicize, underline, etc.


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on April 26, 2014, 08:46:02 PM
http://www.coindesk.com/circle-advisory-board-members-burns-appointment/

"Bitcoin Developer Mike Hearn and Amex VP Michael Barrett Join Circle Team"

well at minimum you're friends / buddies / collaborators. it's like you're obsessed with fucking up bitcoin.


Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 26, 2014, 08:51:47 PM
http://www.coindesk.com/circle-advisory-board-members-burns-appointment/

"Bitcoin Developer Mike Hearn and Amex VP Michael Barrett Join Circle Team"
That would be hilarious if it wasn't so insulting to everyone's intelligence.

"I don't work for them, I'm just on their advisory board. That's a huge difference you guys."


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on April 26, 2014, 08:53:59 PM
You guys would have a lot more credibility and annoy people a lot less if you didn't define yourselves by who you hate.

Mike Hearn:
Quote
There were private discussions afterwards you weren't privy to where setting a moderation policy [bitcoin-dev mailing list] was debated (drafts were put together, etc), with temporary bans being a part of that. In the end it didn't come to that - this time - as nobody wants to have to spend time on this and the tools kind of suck anyway. But you should be absolutely sure that it was considered. Your [Peter Todd] emails are in no way worth alienating entire communities of developers who would take part, but don't, because of things like this.

wow you really are a massive fascist sociopath.

http://www.mail-archive.com/bitcoin-development%40lists.sourceforge.net/msg04394.html
Quote
For what it's worth, if I were the moderator of this list I
would have banned you a long time ago because I value a friendly atmosphere
more than your "insights", which are often deeply suspect (as in this case).

derp, lets have mike hearn (inventor of blacklists, censorship technology and compromised "privacy" schemes) ban peter todd the developer who gave us stealth addresses and coinjoin.


Title: Re: Stealth address with SX (anonymous payments)
Post by: Mike Hearn on April 26, 2014, 08:55:24 PM
From the first paragraph:

Quote
and Mike Hearn, a lead bitcoin software developer, have officially joined the advisory board

You do know what the word advisor means, right? It means they came to me and said, "we have lots of questions for you, are you willing to answer them?" and I said yes. I've answered questions about Bitcoin for hundreds of people in the past few years without passing judgement on them or being their buddies. Remember, you were once the one asking me questions about how Bitcoin worked.

So, stop lying. How often do you lie about people like this and not get caught? This behaviour does not help you or your cause.


Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 26, 2014, 09:39:29 PM
wow you really are a massive fascist sociopath.
Speaking of fascist sociopaths, let me tell you a story typical of those I've heard from people who've been involved in the Silicon Valley startup scene:

It's the 90s and a couple of friends take their enthusiasm and ideas with them SV and start pitching. They get a check for a million dollars to fund their startup from an young member of old money family. The friends don't realize it, but their angel investor isn't what he seems. The investor barely talked with them at all, doesn't train them or ask a lot of question about the business. It's almost as if he doesn't care about it at all. A few months into the process of building their startup a few individuals show up. They have business cards from some nondescript company and say they've been retained by the investor to administer "aptitude tests". The young entrepreneurs don't see anything wrong with this and take the test, which turn out to be standard IQ tests with some questions about ethics and empathy thrown in. They never hear anything back from those two again, although later one when of them brings it up to the angel investor all he gets back in return is an offhand comment about them being from "the company".

Years later, when the two friends have moved on to other ventures, they happen to come across a news story about the war in Afghanistan. In this story, a single CIA agent is sent to help some local troops flush out a group of insurgents who are holed up in an underground bunker. The agent orders that the troops to empty the contents of few water truck into the bunker, followed by a truck of gasoline. They then order insurgents to surrender or else have the gasoline ignited around them.

One of the friends turns to the other and says, "Those guys were testing us to see if we were willing to burn people alive, weren't they?"


Title: Re: Stealth address with SX (anonymous payments)
Post by: Peter Todd on April 27, 2014, 12:31:10 AM
From the first paragraph:

Quote
and Mike Hearn, a lead bitcoin software developer, have officially joined the advisory board

You do know what the word advisor means, right? It means they came to me and said, "we have lots of questions for you, are you willing to answer them?" and I said yes. I've answered questions about Bitcoin for hundreds of people in the past few years without passing judgement on them or being their buddies. Remember, you were once the one asking me questions about how Bitcoin worked.

Good to hear. Of course, you realize that the positions I have with Mastercoin, Dark Wallet, Coinkite, and others are advisory positions as well; as Chief Scientist/Chief Naysayer I am not involved in the day to day operations of any of these organizations. Now I hope comments like the following:

Quote
12:31 < jgarzik> But as hearn's most recent link indicated, petertodd has a ton of irons in the fire, and somehow these strenuously argued positions happen to match up with all these contracts behind the scenes
12:32 < jgarzik> Which is fine but IMO deceptive and not in the best interests of all bitcoin users

don't indicate any accusations of personal bias where I might be pushing ideas solely for the benefit of those paying me. So I'd appreciate it if you let Jeff know - I already did but some reinforcement of civility might be appreciated by all.

Along those lines, I've been working to diversify my income and clients sufficiently that would, say, Mastercoin fail I'd have no cause for concern. Similarly I've made a point of not taking significant investment positions in any of these currencies; currently the only non-Bitcoin crypto-assets I own in any significant quantity are about ~$3.5k worth of Litecoins (http://block-explorer.com/address/LZRVtL2tH7wWcob2HGqzNjU4YPnYUj2h8x), and ~$2.5k worth (https://masterchest.info/lookupadd.aspx?address=1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv) of Mastercoins, the latter only due to a misunderstanding about what compensation my contract with Mastercoin included. I'm strongly considering just selling off the latter entirely to maintain my independence, and either changing my contract or simply selling off future MSC as I earn them.

It's only reasonable to ask the same question of you: How is Circle compensating you exactly? Is implementing redlists/blacklists/tying transactions to real-world-identities in their plans? Are you going to financially benefit either directly or indirectly if technologies like that become a success?


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 27, 2014, 12:51:05 AM
I'm trying to understand what this is all about.

Does this feature mean I could send to some address,
But no one knows what the address is, except the recipient?


I'm sorry that nobody has yet answered your on-topic and legitimate question.  It's much more fun to have personal and personality battles.  Even if you do seem like kind of a doofus you deserve an answer, and although I'm not the most qualified person to give it, the answer is, in a nutshell shorthand, 'yes'.



Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 02:00:27 AM
Thanks for the reply!

I do apologize for wading into a conversation
that is a bit over my head.

if I seem like a Doofus, you're probably right.
I'm miles behind many of you when it comes to
Bitcoin technical knowledge.

Still, I would like to learn more and why not learn
by asking questions -- that's what the forum is for.

The page https://en.bitcoin.it/wiki/Sx/Stealth
is somewhat minimal and I don't understand
why someone couldn't follow the inputs and outputs.



Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 27, 2014, 02:37:14 AM
The page https://en.bitcoin.it/wiki/Sx/Stealth
is somewhat minimal and I don't understand
why someone couldn't follow the inputs and outputs.
People could publicly advertise their stealth addresses, but nobody would be able to tell which stealth outputs belong to which stealth addresses by examining the blockchain alone.

This looked like it was going to be a very promising feature until someone decided to cut the size of OP_RETURN data in half at the last minute before releasing 0.9.0.


Title: Re: Stealth address with SX (anonymous payments)
Post by: Carlton Banks on April 27, 2014, 02:48:27 AM
The page https://en.bitcoin.it/wiki/Sx/Stealth
is somewhat minimal and I don't understand
why someone couldn't follow the inputs and outputs.
People could publicly advertise their stealth addresses, but nobody would be able to tell which stealth outputs belong to which stealth addresses by examining the blockchain alone.

This looked like it was going to be a very promising feature until someone decided to cut the size of OP_RETURN data in half at the last minute before releasing 0.9.0.


Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 27, 2014, 02:53:00 AM
Thanks for the reply!

I do apologize for wading into a conversation
that is a bit over my head.

if I seem like a Doofus, you're probably right.
I'm miles behind many of you when it comes to
Bitcoin technical knowledge.

Still, I would like to learn more and why not learn
by asking questions -- that's what the forum is for.

The page https://en.bitcoin.it/wiki/Sx/Stealth
is somewhat minimal and I don't understand
why someone couldn't follow the inputs and outputs.


My 'doofus' comment had nothing to do with technical aspects or even Bitcoin.  I just sort of remember disagreeing with your sentiments on other political or economic bullshit or something.  I respect anyone who wishes to try to understand things from a technical level.

(I suspect that) one of the ways Bitcoin will be attacked is to attempt to use complex analytical techniques to map individuals to addresses (if not simply mandate it and dis-allow mainstream retailers from using Bitcoin unless addresses are mapped...the 'internet drivers license' discussions above.)

A matrix of mapped identities to addresses is a big problem, but nothing that people who have so-called 'big data' capabilities cannot handle.

SX (in my understanding of things) throws a huge monkey-wrench into the types of analysis that are most convenient, and probably have the potential to make certain kinds of analysis and mappings impossible.

As I mentioned in other notes, one of the most amusing things I saw at a Bitcoin convention a year ago was the expression on certain key figure's faces when they realized that an audience question was about exchanging private keys.  Normally such a thing would be dangerous (for one party at least), and that could have accounted for the alarm.  I tend to feel that the alarm was more associated with the thought of what that would do to taint analysis (which was, on that panel at least, very positively promoted as a no-brainer in 'fighting crime.')

What SX does (again, in my read of things) is systematically and safely allow exchange of values using the 'non-standard' method of using private keys.  It also does so in a way which loses some information which would be required in order to have a hope of repairing the user/value_transfer mapping.



Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 27, 2014, 02:58:28 AM
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.


Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 03:08:14 AM
Tvbcof, So it sounds like you are saying SX lets you put money into a separate wallet and then essentially give that wallet to someone.

Justusranvier, your explanation sounds like it's more of an internal tumbler built into bitcoin.

But those 2 ideas sound like different things.


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 27, 2014, 03:23:34 AM
Tvbcof, So it sounds like you are saying SX lets you put money into a separate wallet and then essentially give that wallet to someone.

Justusranvier, your explanation sounds like it's more of an internal tumbler built into bitcoin.

But those 2 ideas sound like different things.

They are not all that different.  One can 'tumble' wallets, though it would be more accurate to characterize things as sending them to someone else through a (potentially) invisible wormhole.

Even if the wormhole is visible (and it theoretically could be ex-network unless one was very careful) it would explode the degrees of freedom in trying to analyze economic activity and hence the cost of doing so.



Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 03:58:13 AM


So if I own wallet A, and move some funds into wallet B1 and secretly give you the private keys to B (now B2) using SX, and then you buy something from a merchant at wallet C, there would an input-output transaction chain from A to B to C.

But going from b1 to b2 doesn't require any inputs or outputs?  Is it simply reusing the same key with a new address?




Title: Re: Stealth address with SX (anonymous payments)
Post by: CoreQ on April 27, 2014, 07:01:35 AM
Nice job. I didnt read all posts but...does anyone tested this? except OP ?


Title: Re: Stealth address with SX (anonymous payments)
Post by: Carlton Banks on April 27, 2014, 01:47:19 PM
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.

Hmmm. Well, there is a fairly good design case for keeping money related uses separate to other blockchain information services. So, cash-like transactions provided by stealth addresses do really belong on the main chain, and not a sidechain. But if and when the sidechain concept becomes operational and useful, alot of the incentive to cram the main chain with every bit information of every block-squatting service becomes alot less. The mainchain will probably be more popular than ever at such a time, and possibly also be enjoying the benefits of the projects that aim to decrease it's density. These kind of circumstances may well provide the rationale for relaxing the arbitrary data amount per transaction.


Title: Re: Stealth address with SX (anonymous payments)
Post by: jl2012 on April 27, 2014, 02:52:33 PM
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.

As I understand the sender can use the public key in one of the inputs to encrypt the nonce. So everything will be on the blockchain permanently, without occupying more space than a normal transaction


Title: Re: Stealth address with SX (anonymous payments)
Post by: Mike Hearn on April 27, 2014, 02:53:17 PM
Good to hear. Of course, you realize that the positions I have with Mastercoin, Dark Wallet, Coinkite, and others are advisory positions as well; as Chief Scientist/Chief Naysayer I am not involved in the day to day operations of any of these organizations.

Yes, I think you made that clear.

Quote
don't indicate any accusations of personal bias where I might be pushing ideas solely for the benefit of those paying me. So I'd appreciate it if you let Jeff know - I already did but some reinforcement of civility might be appreciated by all.

I think Jeff would be happy if you just noted those positions when advocating for things that those projects need/want/have asked for. Sort of like how people sometimes disclose share ownership in articles where they comment about companies and the like. Having interests is not itself a problem as long as things are transparent. I don't think it's a big deal, just best to be explicit.

In your case, you've advocated for things that only projects like Mastercoin really care about (or care about much). Whereas if Circle need anything from the wider Bitcoin community, they haven't told me about it. In fact we don't interact much. I've spent about a day with them in total since they first approached me, and most of that was review of their architecture and general discussion.

Quote
Along those lines, I've been working to diversify my income and clients sufficiently that would, say, Mastercoin fail I'd have no cause for concern. Similarly I've made a point of not taking significant investment positions in any of these currencies; currently the only non-Bitcoin crypto-assets I own in any significant quantity are about ~$3.5k worth of Litecoins (http://block-explorer.com/address/LZRVtL2tH7wWcob2HGqzNjU4YPnYUj2h8x), and ~$2.5k worth (https://masterchest.info/lookupadd.aspx?address=1FCYd7j4CThTMzts78rh6iQJLBRGPW9fWv) of Mastercoins, the latter only due to a misunderstanding about what compensation my contract with Mastercoin included. I'm strongly considering just selling off the latter entirely to maintain my independence, and either changing my contract or simply selling off future MSC as I earn them.

I think that's all good and useful to hear.

Quote
It's only reasonable to ask the same question of you: How is Circle compensating you exactly? Is implementing redlists/blacklists/tying transactions to real-world-identities in their plans? Are you going to financially benefit either directly or indirectly if technologies like that become a success?

A very small amount of equity (0.1%). It's not enough to have any influence on my decision making, in fact it's rather hard to estimate its value at all, given that I know little about their plans and am not in the loop except when they want my advice, which is rare.

What's more, they know that I am generally not in favour of "bitbanks" and other centralised Bitcoin financial institutions. They understand that my personal politics around decentralisation does not align much with their business plans, and we're both OK with that. I do not have to agree with a companies politics to answer questions for them.

If they have any positions on coin tracing then they haven't told me about it. I have been exploring those topics for a long time, since before Circle even existed, so you can rest assured that's all me :p.

The question on my mind is, to what extent is Bitcoin's chances of mainstream success harmed vs helped by a security strategy based entirely on defence? What we see today is a lot of thefts and hacks. Last time I wrote about coin tracing I was worried about extortion, that CryptoLocker might take off and become really big. That didn't happen thank god, but what we are seeing is lots of thefts and hacks. Although there's usually a plan for how to block such attacks, implementing them is slow work. Like, the "zomg chrome extension regexd my address" attack that came up a few days ago was predicted years ago, the TREZOR and payment protocol are all designed to stop it, but the effort required to defend against that is enormous compared to the effort required to do the attack. It's going to be a long time before the defence side really catches up to that but the malware is like 50 lines of code.

In the "offline world" a blended strategy is almost always used. Lots of defence, but then offence to target the attackers who get through. The Bitcoin world only uses defence. Hackers can try their luck against a hundred users and eventually succeed; there is zero risk involved. We've created a paradise for thieves; they can only win. Most people I know would consider that some kind of hell ... a world where they can work hard every day and then some pimply faced hacker the other side of the world just swipes their wages from them, and get away with it every single time. Especially when the victim blaming begins. They would consider the banking system far more just regardless of its failings, because people who try to steal get chased and a lot of them get caught (see how the Zeus guys ended up).

One can believe that a 100% defence based every-man-for-himself strategy is the correct and best solution, but don't be surprised or appalled when other people explore this topic and think about alternatives. Just argue that they're unnecessary instead.


Title: Re: Stealth address with SX (anonymous payments)
Post by: waxwing on April 27, 2014, 03:33:29 PM
Mike,
Re: defence vs attack (hmm am I still allowed to use that spelling?)

It's more subtle than that I think. What we have here is the issue of layering. In the world of banks, it is also the case that there is such a thing as irreversible payment. But it is hidden behind many layers and only accessible to the most powerful financial institutions. Even a SWIFT international transfer is pretty close to irreversible; but it is also heavily censored. That network can only be used if a big list of conditions are met. And above that layer are the real "hard money" layers (to the extent that any fiat money can be "hard"). Interbank settlement (often on a batch basis e.g. Euroclear and Clearstream) and RTGS (where it exists).

So the everyday experience is one of interacting with non-real time and reversible payments. Clearly the average punter wants to use that kind of system, including its time and cost payoffs, even if he's not aware that he does. Because he wants the right to get his money back, which he doesn't always get, but he does in the most clear cut cases of fraud.

There is no reason a Bitcoin economy cannot have these layers.

If people cannot be bothered with the complexities of hardware wallets etc. , then payment services can be provided to them fully featured. Bank accounts, fraud detection, insurance, transparency or privacy in whatever blend required. All of that is possible, and what's more with scripting Bitcoin can offer either more lightweight or cheaper or just out and out better versions of at least some of these features. The attack you refer to - whether it be by law enforcement or by all kinds of other agents, can occur at this level, and that's fine because everyone who joins that level buys into it.

But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

If you try to mix in those higher layers to the underlying protocol, you destroy it.


Title: Re: Stealth address with SX (anonymous payments)
Post by: tvbcof on April 27, 2014, 05:55:57 PM
...
But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

That is hardly 'priceless to everybody'.  To a lot of entities (and specifically those who have the reigns of control under our current monetary systems) the harm of such a solution would be extraordinarily high.

If you try to mix in those higher layers to the underlying protocol, you destroy it.

You don't say...

---

I see one of the fundamental problem as being deeper than Bitcoin.  Data security is being roundly attacked from all quarters, and Joe Sixpack is terribly outgunned.  This is unlikely to change for the better any time soon as almost all forces of consequence are against this happening.

There is also an unrelated problem that trying to make Bitcoin solve the 'realtime' problem (in order to make it a more exact replacement for cash) is trying to hammer a square peg into a round hole.  (IMHO) Both Mike's side and Justus's side make this same mistake albeit for probably very different reason.

A solution which I prefer, and have articulated for some time now, is to have the Bitcoin protocol provide a solid foundation upon which other solutions (either 'aspects of Bitcoin' or not) rest.  Doing so addresses:

 - the 'outgunned Joe Sixpack' problem by removing him from the equation (...at least until and unless he makes a totally welcome effort to insert himself via a secure paper wallet for savings or whatever and is willing to pay a fair price for the services offered.)  The entities who are left find the problem of fraud, theft, etc, quite trivial to solve because they are once a certain learning curve has been overcome.

 - the 'realtime' problem since the need for realtime behavior is drastically reduced.

 - the unmentioned scaling issues which are laughable absurd in the original implementation of Bitcoin (which persists to this day.)

One cannot really argue that is consistent to solve Joe's data security issues having some third-party help him out, but at the same time it is a viable objection that his economic activity on a 'sidechain' or 'offchain' or whatever is undue reliance on third parties.

One also cannot say that reliance on solutions which rely on core Bitcoin is not itself relying on core Bitcoin.  Yes, the reliance on 'true' Bitcoin may be attenuated, but it definitely exists and the attenuation itself can be a good thing in many real-world ways.



Title: Re: Stealth address with SX (anonymous payments)
Post by: justusranvier on April 27, 2014, 07:11:02 PM
I see one of the fundamental problem as being deeper than Bitcoin.  Data security is being roundly attacked from all quarters, and Joe Sixpack is terribly outgunned.  This is unlikely to change for the better any time soon as almost all forces of consequence are against this happening.

There is also an unrelated problem that trying to make Bitcoin solve the 'realtime' problem (in order to make it a more exact replacement for cash) is trying to hammer a square peg into a round hole.  (IMHO) Both Mike's side and Justus's side make this same mistake albeit for probably very different reason.

A solution which I prefer, and have articulated for some time now, is to have the Bitcoin protocol provide a solid foundation upon which other solutions (either 'aspects of Bitcoin' or not) rest.  Doing so addresses:

 - the 'outgunned Joe Sixpack' problem by removing him from the equation (...at least until and unless he makes a totally welcome effort to insert himself via a secure paper wallet for savings or whatever and is willing to pay a fair price for the services offered.)  The entities who are left find the problem of fraud, theft, etc, quite trivial to solve because they are once a certain learning curve has been overcome.

 - the 'realtime' problem since the need for realtime behavior is drastically reduced.

 - the unmentioned scaling issues which are laughable absurd in the original implementation of Bitcoin (which persists to this day.)

One cannot really argue that is consistent to solve Joe's data security issues having some third-party help him out, but at the same time it is a viable objection that his economic activity on a 'sidechain' or 'offchain' or whatever is undue reliance on third parties.

One also cannot say that reliance on solutions which rely on core Bitcoin is not itself relying on core Bitcoin.  Yes, the reliance on 'true' Bitcoin may be attenuated, but it definitely exists and the attenuation itself can be a good thing in many real-world ways.
The economics of Bitcoin mining are all fucked up right now because we're still in the situation of the block reward being large and the transaction volume being tiny. Right now miners aren't in the business of processing transaction - the are in the business of minting new currency and also happen to do some transaction processing on the side. This is not sustainable in the long term.

Bitcoin is only economically viable in the long term if the network can pay for enough security, and ultimately this means miners should get most of the revenue from transaction fees, and the kind of fee revenue we're talking about would need come from a billion people performing transactions on the blockchain every day.

We can't get there, however, until there is a secure way for a billion regular people to hold their own Bitcoins.

Since PC security is probably irrecoverably broken, this means specialized hardware wallets.

As it turns out, there is a new ASIC industry whose ultimate fate is tied to the goal of a Bitcoin blockchain that serves a billion people per day. Before long, they'll figure this out and they'll all be in the secure hardware wallet business because they need those to exist in order to make their main mining hardware business viable.


Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 07:15:56 PM
Mike,
Re: defence vs attack (hmm am I still allowed to use that spelling?)

It's more subtle than that I think. What we have here is the issue of layering. In the world of banks, it is also the case that there is such a thing as irreversible payment. But it is hidden behind many layers and only accessible to the most powerful financial institutions. Even a SWIFT international transfer is pretty close to irreversible; but it is also heavily censored. That network can only be used if a big list of conditions are met. And above that layer are the real "hard money" layers (to the extent that any fiat money can be "hard"). Interbank settlement (often on a batch basis e.g. Euroclear and Clearstream) and RTGS (where it exists).

So the everyday experience is one of interacting with non-real time and reversible payments. Clearly the average punter wants to use that kind of system, including its time and cost payoffs, even if he's not aware that he does. Because he wants the right to get his money back, which he doesn't always get, but he does in the most clear cut cases of fraud.

There is no reason a Bitcoin economy cannot have these layers.

If people cannot be bothered with the complexities of hardware wallets etc. , then payment services can be provided to them fully featured. Bank accounts, fraud detection, insurance, transparency or privacy in whatever blend required. All of that is possible, and what's more with scripting Bitcoin can offer either more lightweight or cheaper or just out and out better versions of at least some of these features. The attack you refer to - whether it be by law enforcement or by all kinds of other agents, can occur at this level, and that's fine because everyone who joins that level buys into it.

But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

If you try to mix in those higher layers to the underlying protocol, you destroy it.

+1. Very well said.  Who would argue with this?


Title: Re: Stealth address with SX (anonymous payments)
Post by: piotr_n on April 27, 2014, 07:19:19 PM
Who would argue with this?

Me.
But it is not that "Bitcoin economy cannot have these layers".
Every society can have sociopaths - no question about it and we cannot help it.
It is just that I despise them and I'm not going to pretend otherwise. They do heir job - I do mine.
We will never be friends with Mr Google - it's quite clear by today.


Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 07:23:17 PM
So what is your counter argument?  You want to change the core of bitcoin to allow intervention, politicization, reversibility? What?


Title: Re: Stealth address with SX (anonymous payments)
Post by: piotr_n on April 27, 2014, 07:25:26 PM
So what is your counter argument?  You want to change the core of bitcoin to allow intervention, politicization, reversibility? What?
The opposite.
Mr Google wants to change the core of bitcoin to allow censorship.
But, let's face it: he is too stupid to achieve this goal, no matter how hard he tries.

He may though achieve a goal of making hard to exchange some bitcoins, at some exchanges, that he had manged to "color" using one of his "innovations".
Except that this guy's achievements are not more innovations than PRISM. He must be very proud of his life's mission :)


Title: Re: Stealth address with SX (anonymous payments)
Post by: jonald_fyookball on April 27, 2014, 07:32:17 PM
I think you maybe misread waxwings message.... We are on the same page.


Title: Re: Stealth address with SX (anonymous payments)
Post by: piotr_n on April 27, 2014, 07:36:07 PM
Probably, sorry.

I only read the highlighted text and I confused it with the argument which I read on a malign list sooner today, that "Bitcoin is a technology, which can and should be
embraced by people of any political affiliation" - and that argument was supporting Mr Google's projects.

Of course that it will be embraced by all kind of sociopaths.
But I don't like sociopaths. :)


Title: Re: Stealth address with SX (anonymous payments)
Post by: genjix on May 10, 2014, 04:19:27 AM
SX may release - stealth tools, EC commands, HD keys

See the tutorials on HD keys (http://sx.dyne.org/hdkeys.html) and stealth payments (http://sx.dyne.org/stealth.html).

Code:
$ sx stealth-newkey
Stealth address: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L
Scan secret: af4afaeb40810e5f8abdbb177c31a2d310913f91cf556f5350bca10cbfe8b9ec
Spend secret: d39758028e201e8edf6d6eec6910ae4038f9b1db3f2d4e2d109ed833be94a026
$ sx mktx txfile.tx --output vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L:100
Added output sending 100 Satoshis to 1BjqrpQqr4tY5YPQkL8aG7NGkFbTbiuVu.
$ sx fetch-stealth
ephemkey: 0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd address: 1DUhzP41otHNKijH4B6dZN1SRVuYJyYfrp tx_hash: 63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518
ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9
...

Code:
$ SEED=$(sx hd-seed)
$ echo $SEED
xprv9s21ZrQH143K3YEx9tNjNtm6FJJHWuKRMmnXw42Eq6RiKt7oRpkKViHPJDnVvVZweqnjxEn6UsFLmztqCc5STduaMMGbwxgwMEkR8xM5wbK
$ echo $SEED | sx hd-seed | sx hd-priv 0 | sx hd-priv 0 | sx hd-priv 1 --hard
xprv9zShfTYMrPQdXBs1x4zYcf99DGyvykdvYxfdovarBZTh7RTZZ5vNgrdS4eQDPTxN9YnjSzfjVf6eWvEKuNubwLUoEYNg5cDfKp5RQVmYj2x

Code:
$ sx help
...
EC MATH
   ec-add-modp                Calculate the result of INTEGER + INTEGER.
   ec-multiply                Multiply an integer and a point together.
   ec-tweak-add               Calculate the result of POINT + INTEGER * G.

Install globally:

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ sudo bash install-sx.sh

Install locally (non-root):

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ bash install-sx.sh usr/


Title: Re: Stealth address with SX (anonymous payments)
Post by: CoreQ on May 10, 2014, 02:30:25 PM
So no more stealth addresses?

Transactions
1GgcE5bj9ugzmWPc*************** to Sealth Address Data
                                                             1GFmtJKoYtG******************   address revealed