Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
November 14, 2013, 07:22:15 PM |
|
Carlton, you don't reuse addresses. That was your mistake.
I don't reuse addresses. I was proposing a hypothetical situation. Greenlisting schemes suppose that everyone will be happy to reuse one address that is linked to a real world identity. Get with the program.
|
Vires in numeris
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
November 14, 2013, 07:28:39 PM |
|
Obviously, perfect output indistinguishably is best, but even when the outputs are fully distinguishable (and everywhere in between) there is value too. Why not right now encourage a standard that will more often result in the superior case? I'm not particularly thrilled with merely degrading taint calculations when analytic capability is only going to improve over time. I'm not really sure I follow. From my analysis there is zero benefit to mandating common output sizes across multiple transactions. gmaxwell, am I mistaken? Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B. Output A is 5.21875 BTC and Output B is 3.4375. In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it. If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this: Output A can be broken down as follows: 1 x 2 21 x 2 01 x 2 -31 x 2 -41 x 2 -5Output B can be broken down as follows: 1 x 2 11 x 2 01 x 2 -21 x 2 -31 x 2 -4So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC. The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.
|
|
|
|
jquinn
Newbie
Offline
Activity: 42
Merit: 0
|
|
November 14, 2013, 07:50:12 PM |
|
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
November 14, 2013, 07:54:14 PM |
|
Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin. Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
November 14, 2013, 08:01:41 PM |
|
Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin. Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible. This assumes that you opt-in to the listing with your real world ID, then obscure the source of your funds with anonymity schemes as you've denoted. But with CoinJoin, this could get you banned from the listings people, and potentially get all the CoinJoiners you collaborated with blacklisted too. I think the best way is to encourage miners to ban the clean addresses from tx processing. If that doesn't succeed, use or develop another coin.
|
Vires in numeris
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
November 14, 2013, 08:04:30 PM |
|
Apparently people are plotting behind the scenes to put whitelisting, blacklisting and redlisting and other terrible ideas into Bitcoin. Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible. This assumes that you opt-in to the listing with your real world ID, then obscure the source of your funds with anonymity schemes as you've denoted. But with CoinJoin, this could get you banned from the listings people, and potentially get all the CoinJoiners you collaborated with blacklisted too. I think the best way is to encourage miners to ban the clean addresses from tx processing. If that doesn't succeed, use or develop another coin. Another option is to make CoinJoin/CoinSwap really popular. Perhaps make the client suggest mixing like by adding "mix coins with other's users coin" checkbox in the send coins GUI. This way regulators will have no other way than to accept Bitcoin the way it is - mixed and untraceable.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
November 14, 2013, 08:07:38 PM |
|
Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed.
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
November 14, 2013, 08:14:43 PM |
|
Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed. Exactly what I am talking about. We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality.
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
November 14, 2013, 08:17:52 PM |
|
Another option is to make CoinJoin/CoinSwap really popular. Perhaps make the client suggest mixing like by adding "mix coins with other's users coin" checkbox in the send coins GUI.
This way regulators will have no other way than to accept Bitcoin the way it is - mixed and untraceable.
More difficult to popularise anonymising features than it is to find out what colour the biggest miners like their address lists. If they want the lists transparent, instead of red, black blue green or white, then they should prefer to ban any such coloured listed addresses from their transaction inclusions. Let's push to hit these lists right at their fundamentals, make them undesirable and unusable, not the other way around.
|
Vires in numeris
|
|
|
btc4ever
|
|
November 14, 2013, 08:21:00 PM |
|
Yes. Mixing must be the norm, not the exception. If it is the exception, then even the fact that you are engaging in it is suspicious. Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed. Exactly what I am talking about. We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality.
|
Psst!! Wanna make bitcoin unstoppable? Why the Only Real Way to Buy Bitcoins Is on the Streets. Avoid banks and centralized exchanges. Buy/Sell coins locally. Meet other bitcoiners and develop your network. Try localbitcoins.com or find or start a buttonwood / satoshi square in your area. Pass it on!
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
November 14, 2013, 08:22:28 PM |
|
Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed. Exactly what I am talking about. We must make coin mixing almost as common as sending them. This way governments will have no choice but face the reality. I think there are too many compliant goody goodies out there for this to work. You only have to craft a well thought through smear campaign against anonymising and most people will be too anxious to rebel against it, they will believe the nonsense is true. There are fewer miners than users, and they are naturally determined risk takers. They are easier to convince of the drawbacks than average users, especially as they have probably got more BTC balance whose long term value and viability they wish to protect.
|
Vires in numeris
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
November 14, 2013, 08:32:44 PM |
|
Key from Pieter (pgp signature to be provided later):
0292782efcb08d621c360d055f407c8e75ffbbd06f6b7009c1432ca9eaa6732592 Oops, seems that a signature was forgotten . I'll donate half a coin to this as soon as the sig is in place! Please everyone consider donating.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
November 14, 2013, 09:00:36 PM |
|
Perhaps we should seriously speed up initiatives like CoinJoin, CoinSwap and CoinControl so people start massively mixing coins and make such efforts unfeasible.
And/or incorporating it into clients so people wouldn't have to bother. E.g. I wouldn't mind to spend a millibit a week in network fees just to have my coins periodically mixed. Such coins are not at rest, thus can be stolen by a determined cracker.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
November 14, 2013, 09:24:06 PM |
|
Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.
Output A is 5.21875 BTC and Output B is 3.4375.
... The mixing application described in the OP uses same valued outputs for two reasons: (1) to avoid this sort of identification, and (2) to prevent the facilitator from learning identities through blind signatures. This requires that within a single transaction, the mixed outputs must have the same value denominations (or be divided into groups of same-valued denominations). The hypothetical given is a weaker protocol than the OP. That said, there is no reason that the common denomination used by one transaction has to match or be a multiple of the common denomination of another - that gains you nothing as far as I can tell.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
November 15, 2013, 12:28:01 AM |
|
The mixing application described in the OP uses same valued outputs And I believe that drastically reduces its usefulness. It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with.
|
|
|
|
jedunnigan
|
|
November 15, 2013, 12:42:23 AM |
|
The mixing application described in the OP uses same valued outputs And I believe that drastically reduces its usefulness. It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with. Yea, and to that effect there should be a step prior to the CJ where outputs are made uniform.
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
November 15, 2013, 12:45:17 AM |
|
The mixing application described in the OP uses same valued outputs And I believe that drastically reduces its usefulness. It's fine as an academic exercise but how people actually use their bitcoins in the real world is considerably more messy. Unless you can handle situations where the users need to mix differing amounts of coins you'll either degrade the mixing to uselessness or else end up with a double coincidence of wants problem where nobody can find suitable partners top mix with. A decentralised approach would provide enough variety so that the number of people who have to compromise would decrease, but I agree that this harms the effectiveness of the anonymity of inputs. It would also be less easy to convince a nosy listing agency that you were settling several hundred payments in a single transaction... especially when several hundred other CoinJoin participants could be making the same claim to the very same transaction to the same agency. It's not possible that you're all the sole originator of the same transaction.
|
Vires in numeris
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5348
Merit: 13336
|
|
November 15, 2013, 12:59:07 AM Last edit: December 16, 2013, 04:13:06 AM by theymos |
|
CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).
Edit: Paid 5 BTC.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
Trader Steve
|
|
November 15, 2013, 02:27:09 AM |
|
CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).
Theymos, you rock! I've already donated but you've inspired me to send a little more.
|
|
|
|
solex
Legendary
Offline
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
|
|
November 15, 2013, 03:52:43 AM |
|
theymos, gmaxwell, everyone - excellent project! My donation on the way too...
|
|
|
|
|