Bitcoin Forum
April 25, 2014, 03:51:29 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 [2] 3 4 5 6 7 8 9  All
  Print  
Author Topic: Patching The Bitcoin Client To Make It More Anonymous  (Read 24094 times)
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
July 14, 2011, 04:32:52 PM
 #21

This is very interesting... on my work computer's wallet, all addresses except for one are linked together.  Shocked  Haven't checked my home computer's wallet yet.

Yes, welcome to bitcoin ;P
New challenge for you:  Reverse it, so that I can type in any address and find out what other addresses are associated with it.  Smiley

1398397889
Hero Member
*
Offline Offline

Posts: 1398397889

View Profile Personal Message (Offline)

Ignore
1398397889
Reply with quote  #2

1398397889
Report to moderator
1398397889
Hero Member
*
Offline Offline

Posts: 1398397889

View Profile Personal Message (Offline)

Ignore
1398397889
Reply with quote  #2

1398397889
Report to moderator
1398397889
Hero Member
*
Offline Offline

Posts: 1398397889

View Profile Personal Message (Offline)

Ignore
1398397889
Reply with quote  #2

1398397889
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398397889
Hero Member
*
Offline Offline

Posts: 1398397889

View Profile Personal Message (Offline)

Ignore
1398397889
Reply with quote  #2

1398397889
Report to moderator
1398397889
Hero Member
*
Offline Offline

Posts: 1398397889

View Profile Personal Message (Offline)

Ignore
1398397889
Reply with quote  #2

1398397889
Report to moderator
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile

Ignore
July 14, 2011, 05:08:04 PM
 #22

This is very interesting... on my work computer's wallet, all addresses except for one are linked together.  Shocked  Haven't checked my home computer's wallet yet.

Yes, welcome to bitcoin ;P

Hey Coderrr, how many transactions back makes a link? Are C and E linked?:

A -> B -> C

A -> D -> E

I'm asking because I've done a lot of work to 'force' this property by splitting my coins into multiple wallets. I might like to merge many of the wallets (with different keys) if the clients start to behave predictably.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
coderrr
Member
**
Offline Offline

Activity: 63


View Profile WWW

Ignore
July 14, 2011, 06:08:04 PM
 #23

This is very interesting... on my work computer's wallet, all addresses except for one are linked together.  Shocked  Haven't checked my home computer's wallet yet.

Yes, welcome to bitcoin ;P

Hey Coderrr, how many transactions back makes a link? Are C and E linked?:

A -> B -> C

A -> D -> E

I'm asking because I've done a lot of work to 'force' this property by splitting my coins into multiple wallets. I might like to merge many of the wallets (with different keys) if the clients start to behave predictably.

The linking algorithm is pretty simple.  On any outgoing transaction you make, all the inputs as well as the change are linked.  Then I do a recursive expansion meaning if 1 and 2 are linked and 2 and 3 are linked you end up with 1, 2, and 3 all linked.  If that wasn't clear read my blogpost on it http://coderrr.wordpress.com/2011/06/30/patching-the-bitcoin-client-to-make-it-more-anonymous/ .  If it's still not clear ask me a more specific question about it and I'll be happy to answer.

Co-Founder of Private Internet Access VPN Service
Original Co-Founder of MtGox Live and BTC.to
Original Developer of the Bitcoin Anonymity Patch
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
July 14, 2011, 06:55:08 PM
 #24

Question:  How do you know which address is the change address?

coderrr
Member
**
Offline Offline

Activity: 63


View Profile WWW

Ignore
July 14, 2011, 06:58:18 PM
 #25

Question:  How do you know which address is the change address?

Your client knows which part of the transaction is the change because you own the key for that address.

Co-Founder of Private Internet Access VPN Service
Original Co-Founder of MtGox Live and BTC.to
Original Developer of the Bitcoin Anonymity Patch
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
July 14, 2011, 07:02:50 PM
 #26

Question:  How do you know which address is the change address?

Your client knows which part of the transaction is the change because you own the key for that address.
Ahhhh, good point.  From the outside then, it would be much more difficult to 100% associate such addresses.

coderrr
Member
**
Offline Offline

Activity: 63


View Profile WWW

Ignore
July 14, 2011, 07:11:19 PM
 #27

Question:  How do you know which address is the change address?

Your client knows which part of the transaction is the change because you own the key for that address.
Ahhhh, good point.  From the outside then, it would be much more difficult to 100% associate such addresses.

From the outside you have a 50/50 chance AT WORST assuming you're looking at a tx from an official bitcoin client.  My guess is most of the time you have a much better chance at guessing which part of the transaction is the change than 50/50.  For example, on a transaction where the payment is 1 BTC and the change is 2.0291 BTC, it's pretty obvious which part is the change.  I haven't done too much research on how often change amts are obvious but I just decided to be conservative and assume they're always identifiable.

Co-Founder of Private Internet Access VPN Service
Original Co-Founder of MtGox Live and BTC.to
Original Developer of the Bitcoin Anonymity Patch
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
July 14, 2011, 07:19:11 PM
 #28

Question:  How do you know which address is the change address?

Your client knows which part of the transaction is the change because you own the key for that address.
Ahhhh, good point.  From the outside then, it would be much more difficult to 100% associate such addresses.

From the outside you have a 50/50 chance AT WORST assuming you're looking at a tx from an official bitcoin client.  My guess is most of the time you have a much better chance at guessing which part of the transaction is the change than 50/50.  For example, on a transaction where the payment is 1 BTC and the change is 2.0291 BTC, it's pretty obvious which part is the change.  I haven't done too much research on how often change amts are obvious but I just decided to be conservative and assume they're always identifiable.
Oh definitely - I won't disagree with you there.  But that's why I said 100%...

Still, that would be an interesting project to undertake.

QuantumMechanic
Member
**
Offline Offline

Activity: 110


View Profile

Ignore
July 15, 2011, 12:10:54 AM
 #29

I'd like it be be in the main client, but I'd like it to be called "privacy mode", as opposed to "advanced view", for its educational effect. 

For further educational effect, privacy mode could enable informational warnings that let you know which addresses/identites are being linked during a transaction.

If address labels have multiple entries: identity, one to distinguish same-identity addresses, and an "Is Reused?" checkbox for send addresses that you know or expect get reused with multiple people, then the messages generated can be much more personalized and succinct, and will hit home better.

Imagine if when you tried to send some bitcoins you got a warning like this:

Quote
WARNING!

This transaction will reveal to

ShadyDude:

That you own 957 BTC minus the 2 you're currently sending to them, and that you received 955.5 of them from RichMistress on June 2, 2011 at 11:38 AM (for extra effect, assume her identity is public knowledge because you know she reuses addresses with multiple people Wink), and 1.5 from address 1B... on May 1, 2011 at 4:56 PM.

RichMistress:

That you're sending 2 BTC to address 1M... right now, and that you received 1.5 from address 1B... on May 1, 2011 at 4:56 PM.

Wife: 

That you're sending 2 BTC to address 1M... right now, and that you received 955.5 BTC from RichMistress on July 12, 2011 at 11:38 AM.

If this is too revealing, then use the Send To Address tab to manually select the addresses to send from.

Or maybe replace ShadyDude with Wikileaks' public address, and RichMistress with BusinessIPatronize (who happens to reuse the same address and needed to send you a refund one time, and who is now being subpoenaed by the Stasi into identifying you as the owner of the address the sent the refund to in order to prove you donated to Wikileaks).

Clearly address reuse is really bad for privacy, and the consequences are not internalized to the address re-users, so I think new address requests (and labeling) should be automated for all clients, not just privacy-conscious ones.

Sorry if this is obvious or flawed - I'm new to this stuff - but here's an idea for how to do this:

This can be done by having a contacts list, and a single master public key from each of their contacts, from which they can deterministically derive as many addresses as they want.  These addresses can't be associated by outsiders as long as the master public key is kept secret.  See this post by Stefan http://forum.bitcoin.org/index.php?topic=19137.msg318989#msg318989 and the one below by gmaxwell about choosing a sequence of serial numbers for how it might be implemented: .

Of course lost master private keys will be a problem, but this can be mitigated by users having (untrusted) storage servers that serve the master public keys to their contacts (the same one that syncs your everyday-use wallet between devices?).  This way they can be easily changed at any time, all at once, and in one place, if necessary, and the contacts will always check that they're up to date.

Hopefully privacy mode would also turn on Tor as well.

Considering the "Bitcoin is anonymous" spin in the media, I really think we're going to have a lot of people unwittingly find themselves in a lot of trouble with criminals, spouses, friends, governments, etc. if they can't easily learn how Bitcoin is working for them in practice.  Somebody said here that users aren't stupid, but the client is making them stupid, and I completely agree.
Gavin Andresen
Hero Member
*****
qt
Offline Offline

Activity: 1330


Chief Scientist


View Profile WWW

Ignore
July 15, 2011, 12:55:23 AM
 #30

Does this patch give any sort of warning if bitcoin isn't being used through a proxy?

I worry that a user will be REALLY careful keeping all their addresses separated so their ordinary transactions are separate from their fund-the-oppositition transactions, and then will get busted by the Secret Police who were eavesdropping on their bitcoin IP traffic at their ISP.

Will I see you in Amsterdam?
  http://bitcoin2014.com/
coderrr
Member
**
Offline Offline

Activity: 63


View Profile WWW

Ignore
July 15, 2011, 12:59:16 AM
 #31

Does this patch give any sort of warning if bitcoin isn't being used through a proxy?

I worry that a user will be REALLY careful keeping all their addresses separated so their ordinary transactions are separate from their fund-the-oppositition transactions, and then will get busted by the Secret Police who were eavesdropping on their bitcoin IP traffic at their ISP.


I see what you're saying although I don't think that's really a fair criticism of the patch.  Obtaining any really high level of anonymity is a very complex endeavor that no patch alone will get you.

Co-Founder of Private Internet Access VPN Service
Original Co-Founder of MtGox Live and BTC.to
Original Developer of the Bitcoin Anonymity Patch
old_engineer
Sr. Member
****
Offline Offline

Activity: 387


View Profile

Ignore
July 15, 2011, 03:44:08 AM
 #32

Does this patch give any sort of warning if bitcoin isn't being used through a proxy?

I worry that a user will be REALLY careful keeping all their addresses separated so their ordinary transactions are separate from their fund-the-oppositition transactions, and then will get busted by the Secret Police who were eavesdropping on their bitcoin IP traffic at their ISP.


They're clearly separate issues that can be tackled one at a time.  This patch increases privacy with respect to all transaction partners, and those that can identify the transaction partners, but does not change anything with respect to eavesdroppers.  Which is fine - why conflate the two issues?
Gavin Andresen
Hero Member
*****
qt
Offline Offline

Activity: 1330


Chief Scientist


View Profile WWW

Ignore
July 15, 2011, 07:02:03 AM
 #33

why conflate the two issues?

Because to non-technical users, "privacy" is a single feature, not a series of separate technical issues.

Will I see you in Amsterdam?
  http://bitcoin2014.com/
marcus_of_augustus
Hero Member
*****
Offline Offline

Activity: 1134



View Profile

Ignore
July 15, 2011, 07:52:50 AM
 #34

Quote
Does this patch give any sort of warning if bitcoin isn't being used through a proxy?

It raises the valid question whether the satoshi bitcoin client should actually have some kind of warning/button/icon to indicate that it isn't being used through a proxy.

(I mean checking in the Options... is not hard but all browsers now have the little padlock icon when a secure SSL connection is active ... for example.)

Monetary Freedom - a basic human right
"Disarming money as a tool for tyranny."
"Disintermediating the State."
figvam
Jr. Member
*
Offline Offline

Activity: 42


View Profile

Ignore
July 17, 2011, 08:57:23 PM
 #35

Could you also compile a 32-bit Linux binary?
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile

Ignore
July 17, 2011, 11:01:43 PM
 #36

why conflate the two issues?

Because to non-technical users, "privacy" is a single feature, not a series of separate technical issues.

Neither feature impacts nor increases the urgent need for the other and neither could claim to be the final "privacy" feature.

Could you also compile a 32-bit Linux binary?

I've failed to compile wxWidgets 2.9.2 and couldn't compile the patch with wxWidgets 2.8 on 32-bit Ubuntu 11.04  Cry

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile

Ignore
July 18, 2011, 06:48:02 PM
 #37

Does this patch give any sort of warning if bitcoin isn't being used through a proxy?

I worry that a user will be REALLY careful keeping all their addresses separated so their ordinary transactions are separate from their fund-the-oppositition transactions, and then will get busted by the Secret Police who were eavesdropping on their bitcoin IP traffic at their ISP.


I see what you're saying although I don't think that's really a fair criticism of the patch.  Obtaining any really high level of anonymity is a very complex endeavor that no patch alone will get you.

This patch and a tor patch and an integrated laundering patch would just about cover it.

It may even be worthwhile to make a network almost exactly like tor, except only for bitcoin.

Suggester
Member
**
Offline Offline

Activity: 97


View Profile

Ignore
July 23, 2011, 01:39:35 PM
 #38

That's just excellent work. I'm surprised it generated so little buzz and isn't adopted into the official client until now.

On a separate note, Suggester suggests a Redistribute coins button, an option which moves all your funds to a chosen number of new wallets with the desired proportion of your current coins assigned for each. A user would then be able to consolidate his wealth from all his, say, 17 addresses into just 3 new ones, with the first one containing 49% of his coins, the second one 26%, and the third 25% (he will be able to assign those %'s arbitrarily using a simple interface). Similarly, he might want to break up his single wallet into, say, 4 different wallets, using them for 4 different purposes. When the transactions clear after 10 minutes, it'll be harder for anyone to prove that this user still owns the coins previously associated with his identity.

For the suggestion to be practical for anonymity purposes though, I strongly recommend another adjustable option where the user chooses how much time to assign for the whole operation. For example, choosing "63.2 hours" would move random chunks of the coins into their new distribution over that period of time (the client would have to be connected for the whole duration). That would make plausible deniability much stronger because you usually don't have 17 people simultaneously sending all their coins to 3 new addresses! If done correctly, it will be virtually impossible after that for anyone to prove that he still owns the coins. We're essentially simulating a change-of-ownership.

This can all be currently done using windows explorer and separate wallet files, but it'll be a big pain in the butt.
SgtSpike
Hero Member
*****
Offline Offline

Activity: 1106


Firstbits: 18tkn


View Profile WWW

Ignore
July 25, 2011, 08:27:46 PM
 #39

That's just excellent work. I'm surprised it generated so little buzz and isn't adopted into the official client until now.

On a separate note, Suggester suggests a Redistribute coins button, an option which moves all your funds to a chosen number of new wallets with the desired proportion of your current coins assigned for each. A user would then be able to consolidate his wealth from all his, say, 17 addresses into just 3 new ones, with the first one containing 49% of his coins, the second one 26%, and the third 25% (he will be able to assign those %'s arbitrarily using a simple interface). Similarly, he might want to break up his single wallet into, say, 4 different wallets, using them for 4 different purposes. When the transactions clear after 10 minutes, it'll be harder for anyone to prove that this user still owns the coins previously associated with his identity.

For the suggestion to be practical for anonymity purposes though, I strongly recommend another adjustable option where the user chooses how much time to assign for the whole operation. For example, choosing "63.2 hours" would move random chunks of the coins into their new distribution over that period of time (the client would have to be connected for the whole duration). That would make plausible deniability much stronger because you usually don't have 17 people simultaneously sending all their coins to 3 new addresses! If done correctly, it will be virtually impossible after that for anyone to prove that he still owns the coins. We're essentially simulating a change-of-ownership.

This can all be currently done using windows explorer and separate wallet files, but it'll be a big pain in the butt.
That would be a great feature of an online wallet website.  Just send funds with the parameters and addresses, and it'll all be done automatically by the site for a small fee.

coderrr
Member
**
Offline Offline

Activity: 63


View Profile WWW

Ignore
August 10, 2011, 05:29:30 PM
 #40

Just added support for the command line bitcoind RPC interface in v3 of my patch: https://github.com/coderrr/bitcoin/commit/7ae842e33e66db6e0e335b7aac70eedf3ced29fd

Windows binaries will be updated soon.

I modified sendtoaddress to accept FROM address(es):

sendtoaddress <bitcoinaddress>[:<sendfromaddress1>[,<sendfromaddress2>[,...]]] <amount> [comment] [comment-to]

And I added a new command:

listaddressgroupings

... which gives an array of groupings.  Each grouping is an array of address infos.  Each address info is an array of [address, balance, account_name (if it is set)]

Here's an example:

[
    [
        [
            "mgmaJztHmK7ZqH9L8pjNMsiKEarfyFjJzF",
            0.00000000
        ],
        [
            "mm7uXcDSiEmUPCuWo9KJGer3c6Vi9kRoWc",
            0.00000000
        ],
        [
            "msDaDBAkKtSXg5ZQnPLJNEewKGuvhk9PbU",
            0.00000000
        ],
        [
            "mwrDoLQLBZ3jhTin59nUcBBDguUJ7qkj8R",
            0.00000000,
            ""
        ],
        [
            "mxCqchBdiPjDozXNoAJSuVDLo9bTpCtYxe",
            0.00000000
        ],
        [
            "mzWLzYzGij3CqgVuFNH4WYnapp9oZtMr2w",
            0.00000000
        ]
    ],
    [
        [
            "mi7Ytzaa1mVkNGw5yTnDymNZiG6QUcyxQB",
            0.00000000,
            ""
        ],
        [
            "mrFPMjaCiwRmmuYseV3T3BK4LnqciwEcQk",
            0.00000000
        ]
    ],
    [
        [
            "miA5qym1fQh2dQMbUuXK597ux3nt8USd2t",
            0.00000000
        ],
        [
            "mkj1kuwadx1Hk8xPHmJj4faj2wPYJEBdrh",
            0.00000000
        ],
        [
            "mybYnMTUJLNXdrFNyKyRDRYzBAdX9xRnWp",
            0.00000000
        ],
        [
            "mzsqfibpwsvmpy57a2raTAD1w4ufT7A9gX",
            0.00000000
        ],
        [
            "n3LZMCFWA14hT6hKHY1tBAxRAfaRPajwir",
            0.00000000
        ],
        [
            "n4erHaJhUuyxqATYQcHMd3V89mR9GVo4JX",
            0.00000000,
            ""
        ]
    ],
    [
        [
            "midjJ1CfJPuRgLwbxDWTtsUNuhbizgAcsR",
            0.00000000
        ],
        [
            "mkDLdQD5PJySLwxe34YpZZwLZUEAVBSMEg",
            0.00000000
        ],
        [
            "mtNVBwMPMmCDRA8CRup7c8gGoi5PeNrrWt",
            0.00000000
        ],
        [
            "mwARQLDJGatU6gUZLV7d61mjaDU7pWLWB7",
            0.00000000
        ],
        [
            "n443w4qKHiaQfahPtLLDykVymfi6CqtEDB",
            0.00000000
        ],
        [
            "n4nHciGuZwaoSf29eaU2fmPy4KS1PNw6qD",
            0.00000000
        ]
    ],
    [
        [
            "mjxxo77vNG3UaNDZvYmkGSAH8xPMMdcRTp",
            0.00000000,
            ""
        ]
    ],
    [
        [
            "mmU8cu8jgiQRya14BSkNS14C2tTnkoZAet",
            0.00000000
        ],
        [
            "mqyfgjxvu7yyAtiaUKBRWqmopVNNgC3rNu",
            0.00000000,
            "receive #3"
        ],
        [
            "mvUDXraBqVG1SSQsoo5Zhpq1T1wywpTuAh",
            0.49950000
        ],
        [
            "n3xiemRkCYcUfWyJkNWSXChwgGFRSejo4V",
            0.00000000
        ]
    ],
    [
        [
            "mo1RrosCiC2TbbD2p4EazRkC4Rx7rTdeYr",
            0.00000000,
            "receive #1"
        ],
        [
            "mqhzN2HH9Y4s1jDBamAW5JRPrqU6HG78pE",
            0.00000000,
            "receive #2"
        ]
    ],
    [
        [
            "moEXt4K7B7YW6xouLbMuW6RFjRsn7M6Qqv",
            0.00000000,
            ""
        ],
        [
            "mxi7MtYPH28mnfAApScfXR1y1Sozc9qoAM",
            0.00000000
        ],
        [
            "mxw37fhsfYSJYLdkzcTwKBZXhWURQDfCYU",
            0.00000000
        ],
        [
            "mzfzdY3Qonn4mKm6Zpx1MHkEMXgAeYEtgv",
            0.00000000
        ]
    ],
    [
        [
            "moKx6fmMcbSqTuDmoRGYnY8MaM8KCUVK7u",
            0.00000000
        ],
        [
            "n45bXSVYZANguLX1S4yuSwuazzpM46yxZR",
            1.17000800,
            ""
        ]
    ],
    [
        [
            "mspnmxSWgoQBKJQHVhCqsyYNSaoSzs6KjC",
            0.00000000
        ],
        [
            "n2ELawyXdUukYnCNMMfeGyaYVtGCJLLoRh",
            0.00000000,
            ""
        ]
    ],
    [
        [
            "mthpRJvjYgFFKwHzZS7H7BsR26fSi1F3ne",
            0.00000000,
            ""
        ]
    ]
]

Co-Founder of Private Internet Access VPN Service
Original Co-Founder of MtGox Live and BTC.to
Original Developer of the Bitcoin Anonymity Patch
Pages: 1 [2] 3 4 5 6 7 8 9  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!