Genesis mining doesn't let you sign up with a password longer than 16 characters 

Does this mean that the addresses cannot be deterministically computed from the above transaction data?

There are what I usually name "from" addresses and change addresses. A typical bitcoin transaction can look like this:

https://blockchain.info/tx/72e3dd987cc0cc31def333577e7539b85687d90db922698c08f5d4fef9bb9ade

Here we have, I think, one "from" address and two "to" addresses one of which is (probably?) a change address, i.e. an address that belongs to the sender, so the sender sends the "change" back to itself.

Edit: It this case it appears that the change address is the same as the sender address. Guess it depends on the wallet software which practices are used.

I think most sophisticated analyses of the blockchain would fundamentally be probability based.

Lets say a crime is under investigation, and one wants to find out who is behind a certain transaction, or alternatively, to find which transaction a known person is behind if one already suspects a certain person. Then combining known "meatspace" data with blockchain data, one can compute probabilities for different scenarios. For example is one suspects that a transaction has taken place in a certain time interval and that the transaction has a certain size, one can reduce the number of suspected transactions on the blockchain, and in the process one gets a more "spiky" probability distribution concentrated on those transactions.

Also, lets say one wants to find out to who bitcoin from a known address has been sent. It is impossible to know if bitcoin is sent to another person or if the person has sent it to himself using a new address.  However if coupled with meatspace data and/or the probability that people actually sent bitcoins to themselves some information could be gathered (gaining information is equivalent to changing probability distribution to a more "spiky" one roughly speaking)

The "perfect" cryptocurrency blockchain would be one where no additional information could be gathered from it. Or stated in conditional probabilities:

Prob(hypothesis | meatspace data and blockchain data) = Prob(hypothesis | meatspace data)

There is a thread where this is elaborated upon:

https://bitcointalk.org/index.php?topic=1011959.msg10978620

Is it technically possible for miners to "freeze" certain bitcoin addresses by rejecting all transactions to/from a list of addresses? For example if all (or 50%+) miners agree or are forced to by some new regulation to block any transaction from an address that is known to contain stolen funds. If this is possible, then it would open up for all types of regulations forcing miners to become gatekeepers and blocking "bad" transactions.

I just don't know enough about ring signatures - I wish someone would explain them to me.

My impression of ring signatures is that only a limited number of people can participate in each ring signature (I'm not sure of how it is arranged which ones participate). For example, in one instance when I tried only 10 could participate, so the probability is 1/10 that a member of the ring did the transaction, which is far less anonymous than the theoretical 1/N, where N=all users of the coin.

Also, I'm not sure to what extent one can analyze standard denominations and sums of them etc with Cryptonote coins. One problem is that some transaction sizes (small or large) might be less common than others, reducing anonymity. Is the transaction size hidden in a ring signature?

Also, when ring signatures includes old transactions, can this be arbitrarily far back in time?

Could it in theory be possible to create the perfectly anonymous coin?

Note the below example is completely unrealistic because of the growth in blockchain size it would imply, but it is still interesting as a theoretical construction or a way to take anonymity to the limit.

I am aware of systems such as Cryptonote, Shadowcoin and BitcoinDark, but I'm no expert on them and I'm not sure to what extent they achieve the "perfect anonymity" described below.

First, my definition of anonymous simply means that the probability that a certain person did something is the same for all persons. So if there are N people using the system, then the probability that a certain act was done by any person is 1/N. Here the key concept is "any act" for example it could be sending a transaction of a certain size (and/or amount) in a time interval or just sending any transaction in a time interval or sending something to a certain adress.

The below coin is not meant so much for practical use, but as a pure anonymization tool. For example:

Bitcoin ->(exchange)-> Perfectly anonymous coin ->(super anonymous transaction)-> Perfectly anonymous coin ->(exchange)-> Bitcoin in a new unused wallet.

As I see it the following conditions would have to be satisfied:
("Analyze" here means statistically correlate, deducing probabilities that are not equal to 1/N for everyone etc)

0) Enough people (N)
1) Impossible to analyze transaction amounts and sizes.
2) Impossible to analyze address usage
3) Impossible to analyze timestamps
4) Hide IP adresses


Here are the conditions in more detail:

0) Enough people (N) must use the coin. This cannot be enforced and is not part of the technology as such.


1) It should be impossible to track transactions of certain sizes (both size in bytes and amount in coins). This could be accomplished by forcing all transactions to be of the form: "1 coin from A to B", where A and B are addresses. For example if you want to send 100 coins, you must sent 100 transactions of 1 coin each. Transactions less than 1 are not allowed. Messages are not allowed. I guess this would mean that the price of 1 coin should not be too high - but maybe that will be self-regulating? It the price of 1 coin was too high less people would use it and the price would go down.
That the only allowed transaction is "1 coin A to B" could be enforced by miners - every other transaction is treated as invalid and is ignored. Of course I'm completely ignoring the issue of fees.


2) Tracking adresses should be impossible. Every address should be deposited to only once and can only contain 1 coin. When the coin is sent the adress must never be used again.
How to enforce? One way is with the software, but this still leaves open the possibility of someone making their own client that re-uses adresses which might ruin anonymity for themselves, but also others. Maybe the miners could ignore all transactions that uses an adress that has been used up (received and sent 1 coin). However the list of used addresses for them to keep track of would be staggering? (They are stored on the blockchain)
An example:
So if you receive 56 coins from someone, the only allowable way to do that would be to receive 1 coin at a time each to a different address that has never been used before. The problem is that the sender knows that these addresses is probable to all belong to the same receiver which would allow the sender to further analyze that persons transactions in the future. Maybe one must use some sort of stealth addresses like in Cryptonote or similar?

edit: Because of 3) below, the sender cannot analyze what happens to the money sent, because the receiver is forced to send the money to new addresses, either his own or somebody else.


3) Analysis of timestamps must be impossible: If a transaction takes place when it is daytime in the pacific, then it is more probable that a person living there has made the transaction - hence ruining the perfect 1/N probability which is anonymity. If you know when someone comes home each day, a persons habits with respect to time, then timestamps would ruin anonymity, but only if the users themselves can choose when to make transactions. Therefore:
All users are forced to send precisely 1 coin every x minutes, either to themselves or someone else following the above rules. The problem here is enforcement - the client software could do this automatically, but anyone could make their own client not following these rules. If x is too long a time, then you would only be able to send and receive every so often, and if x is small, the blockchain would grow rapidly. Still maybe one cannot rule out the idea of such a currency being used for a limited amount of time for pure anonymization purposes and then stop using it when the blockchain is too large and start over again?
Another problem is that the timestamps will not necessarily be exactly equally divided because of differences in network speed for different people, which could be used to create profiles, hence contributing to de-anonymization. Another option is to send in randomly distributed times, but they must be truly random in that the time intervals must not be serially correlated or in any other way non-random.


4) Hiding IP adresses: This I simply assume that all users can do themselves using suitable proxies/TOR/I2P etc, or alternatively that the client has a builtin proxy. I don't consider this as an interesting part of the coins protocol as such but I'm more interested in a completely non-analyzable blockchain.  



If the above assumptions are met the entire blockchain would look something like this:

1 coin A->B  Time: T0 + x*1
1 coin C->D  Time: T0 + x*1
1 coin E->F  Time: T0 + x*1
1 coin G->H  Time: T0 + x*1
....
1 coin I->J  Time: T0 + x*2
1 coin B->L  Time: T0 + x*2
1 coin M->N  Time: T0 + x*2
1 coin O->P  Time: T0 + x*2
....

.......



As I see it this would be completely impossible to analyze. You cannot see just by looking at the blockchain which addresses belong to the same person (unless you have the private key) and every address is used for only one input and one output. You don't know which transactions are people sending to another person or to themselves because everyone sends all the time. You cannot track transaction sizes because they are all equal.

I just noticed the following similarity of the following webpages:

http://bitshares.org/

http://thepiratebay.se/

They both countdown to 1 Feb. Coincidence? 

Since most people use six sided dice and since I don't trust any function within operating systems that claims to collect sufficient entropy for cryptography, I have made a table to choose randomly and uniformly a word from the electrum wordlist using a six sided die or dice. The table can be downloaded here as a .htm file:

https://mega.nz/#!uY5BnDjT!3ak0BqR5aujJMpQDzi3kPDkVd-FVwecXUDP-yTNAnro

Feel free to spread this file.

The table can be used to generate 12 random words using true randomness (dice) thus allowing you to create a private key with electrum. This can for example be used for a brainwallet.