Bitcoin Forum
October 14, 2024, 12:06:15 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 294629 times)
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
November 14, 2013, 07:22:15 PM
 #201

Carlton, you don't reuse addresses. That was your mistake.

I don't reuse addresses. I was proposing a hypothetical situation. Greenlisting schemes suppose that everyone will be happy to reuse one address that is linked to a real world identity. Get with the program.

Vires in numeris
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
November 14, 2013, 07:28:39 PM
 #202

Obviously, perfect output indistinguishably is best, but even when the outputs are fully distinguishable (and everywhere in between) there is value too.
Why not right now encourage a standard that will more often result in the superior case?

I'm not particularly thrilled with merely degrading taint calculations when analytic capability is only going to improve over time.

I'm not really sure I follow. From my analysis there is zero benefit to mandating common output sizes across multiple transactions. gmaxwell, am I mistaken?
Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.

Output A is 5.21875 BTC and Output B is 3.4375.

In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it.

If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this:

Output A can be broken down as follows:
1 x 22
1 x 20
1 x 2-3
1 x 2-4
1 x 2-5

Output B can be broken down as follows:

1 x 21
1 x 20
1 x 2-2
1 x 2-3
1 x 2-4

So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC.

The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.
jquinn
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
November 14, 2013, 07:50:12 PM
 #203

I'm trying to get a fundraiser rolling on reddit.

http://www.reddit.com/r/Bitcoin/comments/1qmhkh/coinjoin_fundraising_drive/

Donated a $100.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
November 14, 2013, 07:54:14 PM
 #204

Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin.

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
November 14, 2013, 08:01:41 PM
 #205

Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin.

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

This assumes that you opt-in to the listing with your real world ID, then obscure the source of your funds with anonymity schemes as you've denoted. But with CoinJoin, this could get you banned from the listings people, and potentially get all the CoinJoiners you collaborated with blacklisted too.

I think the best way is to encourage miners to ban the clean addresses from tx processing. If that doesn't succeed, use or develop another coin.

Vires in numeris
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
November 14, 2013, 08:04:30 PM
 #206

Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin.

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

This assumes that you opt-in to the listing with your real world ID, then obscure the source of your funds with anonymity schemes as you've denoted. But with CoinJoin, this could get you banned from the listings people, and potentially get all the CoinJoiners you collaborated with blacklisted too.

I think the best way is to encourage miners to ban the clean addresses from tx processing. If that doesn't succeed, use or develop another coin.
Another option is to make CoinJoin/CoinSwap really popular. Perhaps make the client suggest mixing like by adding "mix coins with other's users coin" checkbox in the send coins GUI.

This way regulators will have no other way than to accept Bitcoin the way it is - mixed and untraceable.

dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 14, 2013, 08:07:38 PM
 #207

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
November 14, 2013, 08:14:43 PM
 #208

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.
Exactly what I am talking about.

We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality.

Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
November 14, 2013, 08:17:52 PM
 #209

Another option is to make CoinJoin/CoinSwap really popular. Perhaps make the client suggest mixing like by adding "mix coins with other's users coin" checkbox in the send coins GUI.

This way regulators will have no other way than to accept Bitcoin the way it is - mixed and untraceable.

More difficult to popularise anonymising features than it is to find out what colour the biggest miners like their address lists. If they want the lists transparent, instead of red, black blue green or white, then they should prefer to ban any such coloured listed addresses from their transaction inclusions.

Let's push to hit these lists right at their fundamentals, make them undesirable and unusable, not the other way around.

Vires in numeris
btc4ever
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250


View Profile
November 14, 2013, 08:21:00 PM
 #210

Yes.  Mixing must be the norm, not the exception.

If it is the exception, then even the fact that you are engaging in it is suspicious.

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.
Exactly what I am talking about.

We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality.

Psst!!  Wanna make bitcoin unstoppable? Why the Only Real Way to Buy Bitcoins Is on the Streets. Avoid banks and centralized exchanges.   Buy/Sell coins locally.  Meet other bitcoiners and develop your network.   Try localbitcoins.com or find or start a buttonwood / satoshi square in your area.  Pass it on!
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
November 14, 2013, 08:22:28 PM
 #211

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.
Exactly what I am talking about.

We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality.

I think there are too many compliant goody goodies out there for this to work. You only have to craft a well thought through smear campaign against anonymising and most people will be too anxious to rebel against it, they will believe the nonsense is true.

There are fewer miners than users, and they are naturally determined risk takers. They are easier to convince of the drawbacks than average users, especially as they have probably got more BTC balance whose long term value and viability they wish to protect.

Vires in numeris
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 14, 2013, 08:32:44 PM
 #212

Code:
Key from Pieter (pgp signature to be provided later):

0292782efcb08d621c360d055f407c8e75ffbbd06f6b7009c1432ca9eaa6732592

Oops, seems that a signature was forgotten Wink. I'll donate half a coin to this as soon as the sig is in place!

Please everyone consider donating.
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
November 14, 2013, 09:00:36 PM
 #213

Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.

And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.

Such coins are not at rest, thus can be stolen by a determined cracker.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1012


View Profile
November 14, 2013, 09:24:06 PM
 #214

Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.

Output A is 5.21875 BTC and Output B is 3.4375.

...

The mixing application described in the OP uses same valued outputs for two reasons: (1) to avoid this sort of identification, and (2) to prevent the facilitator from learning identities through blind signatures. This requires that within a single transaction, the mixed outputs must have the same value denominations (or be divided into groups of same-valued denominations). The hypothetical given is a weaker protocol than the OP.

That said, there is no reason that the common denomination used by one transaction has to match or be a multiple of the common denomination of another - that gains you nothing as far as I can tell.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
November 15, 2013, 12:28:01 AM
 #215

The mixing application described in the OP uses same valued outputs
And I believe that drastically reduces its usefulness.

It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with.
jedunnigan
Sr. Member
****
Offline Offline

Activity: 279
Merit: 250


View Profile
November 15, 2013, 12:42:23 AM
 #216

The mixing application described in the OP uses same valued outputs
And I believe that drastically reduces its usefulness.

It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with.

Yea, and to that effect there should be a step prior to the CJ where outputs are made uniform.
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
November 15, 2013, 12:45:17 AM
 #217

The mixing application described in the OP uses same valued outputs
And I believe that drastically reduces its usefulness.

It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with.

A decentralised approach would provide enough variety so that the number of people who have to compromise would decrease, but I agree that this harms the effectiveness of the anonymity of inputs. It would also be less easy to convince a nosy listing agency that you were settling several hundred payments in a single transaction... especially when several hundred other CoinJoin participants could be making the same claim to the very same transaction to the same agency. It's not possible that you're all the sole originator of the same transaction.

Vires in numeris
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5348
Merit: 13336


View Profile
November 15, 2013, 12:59:07 AM
Last edit: December 16, 2013, 04:13:06 AM by theymos
 #218

CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).

Edit: Paid 5 BTC.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Trader Steve
Hero Member
*****
Offline Offline

Activity: 836
Merit: 1007


"How do you eat an elephant? One bit at a time..."


View Profile
November 15, 2013, 02:27:09 AM
 #219

CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).

Theymos, you rock! I've already donated but you've inspired me to send a little more.



solex
Legendary
*
Offline Offline

Activity: 1078
Merit: 1006


100 satoshis -> ISO code


View Profile
November 15, 2013, 03:52:43 AM
 #220

theymos, gmaxwell, everyone - excellent project! My donation on the way too...

Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!