|
coinft
|
 |
November 15, 2013, 04:18:38 AM |
|
theymos, gmaxwell, everyone - excellent project! My donation on the way too...
IMHO we should motivate miners to operate liquid CoinJoin pools and pass all their new block rewards through it. Then integrate CoinJoin in as many clients as possible, for automatic or semi-automatic use. When everything is tainted, nothing is, and all list operators will look pretty stupid. It's in the best interest of miners that bitcoins remain fungible long term, but some short sighted individual miners might object to getting slightly tainted coins. This could be offset by a small fee paid by CoinJoin users, and shared between pools and miners. |
|
|
|
|
|
|
|
|
|
|
|
"The nature of Bitcoin is such that once version 0.1 was released, the
core design was set in stone for the rest of its lifetime." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
oakpacific
|
|
November 15, 2013, 04:31:23 AM |
|
theymos, gmaxwell, everyone - excellent project! My donation on the way too...
IMHO we should motivate miners to operate liquid CoinJoin pools and pass all their new block rewards through it. Then integrate CoinJoin in as many clients as possible, for automatic or semi-automatic use. When everything is tainted, nothing is, and all list operators will look pretty stupid. It's in the best interest of miners that bitcoins remain fungible long term, but some short sighted individual miners might object to getting slightly tainted coins. This could be offset by a small fee paid by CoinJoin users, and shared between pools and miners. I tend to think that Coinjoin pools should be like Tor flashproxies, ephemeral, ad-hoc and untrackable. |
|
|
|
CIYAM
Legendary
 Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
November 15, 2013, 04:46:29 AM |
|
Have sent some BTC and would be more than happy to set up a project on CIYAM Open for this (free of charge for its lifetime of course).
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
November 15, 2013, 06:58:54 AM |
|
Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.
Output A is 5.21875 BTC and Output B is 3.4375.
In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it.
If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this:
Output A can be broken down as follows:
1 x 22
1 x 20
1 x 2-3
1 x 2-4
1 x 2-5
Output B can be broken down as follows:
1 x 21
1 x 20
1 x 2-2
1 x 2-3
1 x 2-4
So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC.
The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.
Hmm. It might simplify things by "approximating" powers of 2: 1, 2, 5, 10, 25, 50, 100, 250, 500, etc. Similarly, 0.5, 0.2, 0.1, 0.05, 0.02, 0.01, etc. The downside is there's somewhat more risk of analysis matching inputs to outputs, but I would think the increased risk is very slight. Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.) For example, your above outputs, after removing small transactions fees, might break down to A) 5.21872289 (prior output after removing a randomized 0.00002711 txn fee) = 5 + 0.2 + 0.01 + 0.005 + 0.002 + 0.001 + 0.0005 + 0.0002 + 0.0002289 BTC B) 3.43742991 (prior output after removing a randomized 0.00007039 txn fee) = 2 + 1 + 0.2 + 0.2 + .02 + 0.01 + 0.005 + 0.002 + 0.0002 + 0.0002 + 0.00002991 BTC Almost all of the privacy, and the coins are less noticeable (as opposed to values like 0.03125 BTC) even just sitting in the wallet. And this would be a much better result too for those of us managing coins in paper wallets who need to determine how many change addresses to grab to spend X bitcoins. Just a thought. |
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
November 15, 2013, 07:11:25 AM |
|
Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.) If outputs are in the form of X n, then you can easily implement a cutoff by specifying a minimum value for n. Leftovers just get added to the transaction fee. I really don't care if there is a recommended standard of X=2, or X=5, or if an explicit negotiation step is added to the protocol to choose a value for X, just as long as there's some way to do it that actually gets implemented. |
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
November 15, 2013, 07:27:03 AM |
|
CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC.
Way to go! I'm upping my offer from 0.50 to 0.75 but please tell Pieter to sign his pubkey in the second message of this thread. Thank you! |
|
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
November 15, 2013, 08:25:53 AM |
|
interesting...
|
|
|
|
phelix
Legendary
Offline
Activity: 1708
Merit: 1019
|
|
November 15, 2013, 10:05:27 AM |
|
CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).
Cool. |
|
|
|
|
|
Arksun
|
|
November 15, 2013, 03:26:27 PM |
|
Ok so most of this goes way over my head of understanding, so can someone just tell me. Using such a system as this, if I make a payment to an address, does the receiver still see my address as the address the payment came from, or do they receive the correct amount of Bitcoins, but from some other unknown address?
|
|
|
|
|
Hawkix
|
|
November 15, 2013, 03:48:03 PM |
|
CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
November 15, 2013, 04:11:03 PM |
|
theymos you rock! here is some more donation for you to generously match  transaction id: a2ce643656a516784dbb32547408831226b3fc737552377cfd64cc8066fff850 |
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
Arksun
|
|
November 15, 2013, 04:55:33 PM |
|
CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.
Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it. I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods. |
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1092
|
|
November 15, 2013, 04:57:57 PM |
|
CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.
Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it. I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods. The merchant doesn't need to know who paid because every time they issue a bill they use a brand new address. Forget address reuse |
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
jquinn
Newbie
Offline
Activity: 42
Merit: 0
|
|
November 15, 2013, 05:22:50 PM |
|
Even if you can't afford to donate BTC, anyone who has a reddit account can help out by upvoting and commenting on this fundraising drive I posted: http://www.reddit.com/r/Bitcoin/comments/1qmhkh/coinjoin_fundraising_drive/If we can get this onto the front page of r/bitcoin I think we could get some decent coin. Also, I'm getting a report of a problem sending coin to the address. I originally tried to use the reddit bitcoin tip bot to send it, but kept getting rejected. I eventually just used Coinbase. Now someone is commenting saying that bitcoin tip bot, Mt. Gox, and even Armory all rejected their attempts to send coin. Here is the Armory error: "You have entered 1 invalid addresses. The errors have been highlighted on the entry screen." Does anyone have any idea why that would be happening? EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network" |
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1149
|
|
November 15, 2013, 05:35:43 PM |
|
Does anyone have any idea why that would be happening?
EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network"
Armory and Mt Gox, and all bitcoinj-derived wallets, don't support P2SH addresses yet. Electrum does support P2SH, and so does Bitcoin-QT. P2SH was added about two years ago - about time wallets upgrade... |
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1011
|
|
November 15, 2013, 05:47:30 PM |
|
Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it. I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods.
No, you have a misunderstanding of how bitcoin works. There is no "from" address. A merchant knows when they've been paid because they receive payment to a one-time-use address they generated specifically for the transaction. The way this would work in CoinJoin is that you pretend that you are mixing X coins, where X is the amount that you are paying the merchant, and then use the key id provided by the merchant for your blinded output. And yes, this is a PURELY higher-level protocol that makes no changes to how bitcoin currently operates. |
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP |
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
November 15, 2013, 05:53:35 PM |
|
Does anyone have any idea why that would be happening?
EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network"
Armory and Mt Gox, and all bitcoinj-derived wallets, don't support P2SH addresses yet. Electrum does support P2SH, and so does Bitcoin-QT. P2SH was added about two years ago - about time wallets upgrade... Armory will get P2SH "soon", at least: https://github.com/etotheipi/BitcoinArmory/issues/127 |
|
|
|
|
BigJohn
Member
Offline
Activity: 116
Merit: 10
|
|
November 15, 2013, 08:34:29 PM |
|
This does sound great. But I'm not sure I understand how this helps the Blacklist/Whitelist issue. If TPTB still make some kind of Whitelist where merchants are only allowed to accept coins from certain "white" addresses, what does something like CoinJoin offer against that?
|
|
|
|
|
solex
Legendary
Offline
Activity: 1078
Merit: 1002
100 satoshis -> ISO code
|
|
November 15, 2013, 08:38:29 PM |
|
This does sound great. But I'm not sure I understand how this helps the Blacklist/Whitelist issue. If TPTB still make some kind of Whitelist where merchants are only allowed to accept coins from certain "white" addresses, what does something like CoinJoin offer against that?
Address re-use is being actively discouraged now. Once this becomes the norm then whitelists will be irrelevant. |
|
|
|
BigJohn
Member
Offline
Activity: 116
Merit: 10
|
|
November 15, 2013, 08:39:37 PM |
|
In what way is it being discouraged? Is it anything beyond informing people that it's bad practice? I'd like to see some anti-address-reuse measure become baseline, maybe even in the protocol itself if possible. Does CoinJoin have anything to do with address reuse then?
|
|
|
|
|
|
