Bitcoin Forum
June 28, 2017, 04:08:05 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 252771 times)
solex
Legendary
*
Offline Offline

Activity: 1078


100 satoshis -> ISO code


View Profile
November 15, 2013, 03:52:43 AM
 #221

theymos, gmaxwell, everyone - excellent project! My donation on the way too...

1498666085
Hero Member
*
Offline Offline

Posts: 1498666085

View Profile Personal Message (Offline)

Ignore
1498666085
Reply with quote  #2

1498666085
Report to moderator
According to NIST and ECRYPT II, the cryptographic algorithms used in Bitcoin are expected to be strong until at least 2030. (After that, it will not be too difficult to transition to different algorithms.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
coinft
Full Member
***
Offline Offline

Activity: 187



View Profile
November 15, 2013, 04:18:38 AM
 #222

theymos, gmaxwell, everyone - excellent project! My donation on the way too...


IMHO we should motivate miners to operate liquid CoinJoin pools and pass all their new block rewards through it. Then integrate CoinJoin in as many clients as possible, for automatic or semi-automatic use. When everything is tainted, nothing is, and all list operators will look pretty stupid.

It's in the best interest of miners that bitcoins remain fungible long term, but some short sighted individual miners might object to getting slightly tainted coins. This could be offset by a small fee paid by CoinJoin users, and shared between pools and miners.
oakpacific
Hero Member
*****
Offline Offline

Activity: 798


View Profile
November 15, 2013, 04:31:23 AM
 #223

theymos, gmaxwell, everyone - excellent project! My donation on the way too...


IMHO we should motivate miners to operate liquid CoinJoin pools and pass all their new block rewards through it. Then integrate CoinJoin in as many clients as possible, for automatic or semi-automatic use. When everything is tainted, nothing is, and all list operators will look pretty stupid.

It's in the best interest of miners that bitcoins remain fungible long term, but some short sighted individual miners might object to getting slightly tainted coins. This could be offset by a small fee paid by CoinJoin users, and shared between pools and miners.

I tend to think that Coinjoin pools should be like Tor flashproxies, ephemeral, ad-hoc and untrackable.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
CIYAM
Legendary
*
Offline Offline

Activity: 1848


Ian Knowles - CIYAM Lead Developer


View Profile WWW
November 15, 2013, 04:46:29 AM
 #224

Have sent some BTC and would be more than happy to set up a project on CIYAM Open for this (free of charge for its lifetime of course).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
November 15, 2013, 06:58:54 AM
 #225

Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.

Output A is 5.21875 BTC and Output B is 3.4375.

In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it.

If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this:

Output A can be broken down as follows:
1 x 22
1 x 20
1 x 2-3
1 x 2-4
1 x 2-5

Output B can be broken down as follows:

1 x 21
1 x 20
1 x 2-2
1 x 2-3
1 x 2-4

So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC.

The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.


Hmm. It might simplify things by "approximating" powers of 2: 1, 2, 5, 10, 25, 50, 100, 250, 500, etc. Similarly, 0.5, 0.2, 0.1, 0.05, 0.02, 0.01, etc.

The downside is there's somewhat more risk of analysis matching inputs to outputs, but I would think the increased risk is very slight.

Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.)

For example, your above outputs, after removing small transactions fees, might break down to

 A) 5.21872289 (prior output after removing a randomized 0.00002711 txn fee) =
  5 + 0.2 + 0.01 + 0.005 + 0.002 + 0.001 + 0.0005 + 0.0002 + 0.0002289 BTC

 B) 3.43742991 (prior output after removing a randomized 0.00007039 txn fee) =
  2 + 1 + 0.2 + 0.2 + .02 + 0.01 + 0.005 + 0.002 + 0.0002 + 0.0002 + 0.00002991 BTC

Almost all of the privacy, and the coins are less noticeable (as opposed to values like 0.03125 BTC) even just sitting in the wallet. And this would be a much better result too for those of us managing coins in paper wallets who need to determine how many change addresses to grab to spend X bitcoins.

Just a thought.

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
November 15, 2013, 07:11:25 AM
 #226

Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.)
If outputs are in the form of Xn, then you can easily implement a cutoff by specifying a minimum value for n. Leftovers just get added to the transaction fee.

I really don't care if there is a recommended standard of X=2, or X=5, or if an explicit negotiation step is added to the protocol to choose a value for X, just as long as there's some way to do it that actually gets implemented.
dserrano5
Legendary
*
Offline Offline

Activity: 1834



View Profile
November 15, 2013, 07:27:03 AM
 #227

CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC.

Way to go!

I'm upping my offer from 0.50 to 0.75 but please tell Pieter to sign his pubkey in the second message of this thread.

Thank you!

NewLiberty
Legendary
*
Offline Offline

Activity: 1148


Gresham's Lawyer


View Profile WWW
November 15, 2013, 08:25:53 AM
 #228

interesting...

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
phelix
Legendary
*
Offline Offline

Activity: 1680


nmc:id/phelix


View Profile
November 15, 2013, 10:05:27 AM
 #229

CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).
Cool.

blockchained.com ■ bitcointalk top posts
Arksun
Full Member
***
Offline Offline

Activity: 133


View Profile
November 15, 2013, 03:26:27 PM
 #230

Ok so most of this goes way over my head of understanding, so can someone just tell me. Using such a system as this, if I make a payment to an address, does the receiver still see my address as the address the payment came from, or do they receive the correct amount of Bitcoins, but from some other unknown address?
Hawkix
Hero Member
*****
Offline Offline

Activity: 519



View Profile WWW
November 15, 2013, 03:48:03 PM
 #231

CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
Anon136
Legendary
*
Offline Offline

Activity: 1218



View Profile
November 15, 2013, 04:11:03 PM
 #232

theymos you rock! here is some more donation for you to generously match Grin

transaction id: a2ce643656a516784dbb32547408831226b3fc737552377cfd64cc8066fff850

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? Is there any process, procedure or ritual through which an immoral action can be legitimately transformed into a moral one with out changing the character of the action itself?
Arksun
Full Member
***
Offline Offline

Activity: 133


View Profile
November 15, 2013, 04:55:33 PM
 #233

CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.

Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it.  I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods.
jl2012
Legendary
*
Offline Offline

Activity: 1624


View Profile
November 15, 2013, 04:57:57 PM
 #234

CoinJoin is like collecting 20 of 100 USD bills into a hat and then passing the hat to another group of 20 people, each one takes its 100 USD bill. Noone knows who gives you which bill.

Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it.  I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods.

The merchant doesn't need to know who paid because every time they issue a bill they use a brand new address. Forget address reuse

Donation address: 1CxPk7mhhe2uCDosQraSMeCdgvwWHfLSQx
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Bitcoin Wizards Wiki: https://8333.info/
jquinn
Jr. Member
*
Offline Offline

Activity: 42


View Profile
November 15, 2013, 05:22:50 PM
 #235

Even if you can't afford to donate BTC, anyone who has a reddit account can help out by upvoting and commenting on this fundraising drive I posted:

http://www.reddit.com/r/Bitcoin/comments/1qmhkh/coinjoin_fundraising_drive/

If we can get this onto the front page of r/bitcoin I think we could get some decent coin.

Also, I'm getting a report of a problem sending coin to the address. I originally tried to use the reddit bitcoin tip bot to send it, but kept getting rejected. I eventually just used Coinbase. Now someone is commenting saying that bitcoin tip bot, Mt. Gox, and even Armory all rejected their attempts to send coin.

Here is the Armory error: "You have entered 1 invalid addresses. The errors have been highlighted on the entry screen."

Does anyone have any idea why that would be happening?

EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network"

Not an Alt-Coin: Mastercoin! A new protocol layer on top of bitcoin.
Peter Todd
Legendary
*
expert
Offline Offline

Activity: 1078


View Profile
November 15, 2013, 05:35:43 PM
 #236

Does anyone have any idea why that would be happening?

EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network"

Armory and Mt Gox, and all bitcoinj-derived wallets, don't support P2SH addresses yet. Electrum does support P2SH, and so does Bitcoin-QT.

P2SH was added about two years ago - about time wallets upgrade...

maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
November 15, 2013, 05:47:30 PM
 #237

Ah ok, so this would basically be useless for any kind of eCommerce, or paying in restaurant with bitcoins etc because they wouldn't know who paid for it.  I sincerely hope this would then be an optional way of transferring rather than a replacement right?, otherwise it would pretty much destroy Bitcoin as a means for paying for goods.

No, you have a misunderstanding of how bitcoin works. There is no "from" address. A merchant knows when they've been paid because they receive payment to a one-time-use address they generated specifically for the transaction. The way this would work in CoinJoin is that you pretend that you are mixing X coins, where X is the amount that you are paying the merchant, and then use the key id provided by the merchant for your blinded output.

And yes, this is a PURELY higher-level protocol that makes no changes to how bitcoin currently operates.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
November 15, 2013, 05:53:35 PM
 #238

Does anyone have any idea why that would be happening?

EDIT: The commenter just posted the Mt Gox error: "This address is not on the right network"

Armory and Mt Gox, and all bitcoinj-derived wallets, don't support P2SH addresses yet. Electrum does support P2SH, and so does Bitcoin-QT.

P2SH was added about two years ago - about time wallets upgrade...
Armory will get P2SH "soon", at least: https://github.com/etotheipi/BitcoinArmory/issues/127
BigJohn
Member
**
Offline Offline

Activity: 116


View Profile
November 15, 2013, 08:34:29 PM
 #239

This does sound great. But I'm not sure I understand how this helps the Blacklist/Whitelist issue. If TPTB still make some kind of Whitelist where merchants are only allowed to accept coins from certain "white" addresses, what does something like CoinJoin offer against that?
solex
Legendary
*
Offline Offline

Activity: 1078


100 satoshis -> ISO code


View Profile
November 15, 2013, 08:38:29 PM
 #240

This does sound great. But I'm not sure I understand how this helps the Blacklist/Whitelist issue. If TPTB still make some kind of Whitelist where merchants are only allowed to accept coins from certain "white" addresses, what does something like CoinJoin offer against that?

Address re-use is being actively discouraged now. Once this becomes the norm then whitelists will be irrelevant.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 [12] 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!