Bitcoin Forum
August 18, 2017, 05:43:05 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 256997 times)
prezbo
Sr. Member
****
Offline Offline

Activity: 430


View Profile
January 18, 2014, 10:07:48 PM
 #381

However, sellers not reusing addresses that receive payments does solve the problem even in the centralized case as Alice and Bob cannot simultaneously think that they are paying Steve.

That is true, but the protocol shouldn't limit users in such a way. But you are correct, in a world with perfect information this is not a problem.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1503034985
Hero Member
*
Offline Offline

Posts: 1503034985

View Profile Personal Message (Offline)

Ignore
1503034985
Reply with quote  #2

1503034985
Report to moderator
1503034985
Hero Member
*
Offline Offline

Posts: 1503034985

View Profile Personal Message (Offline)

Ignore
1503034985
Reply with quote  #2

1503034985
Report to moderator
piotr_n
Legendary
*
Offline Offline

Activity: 1722


aka tonikt


View Profile WWW
January 18, 2014, 10:12:12 PM
 #382

Of course you cannot trust any service more than to provide you the entire transaction you get to sign - not only its hash.
Then you make sure that at least one of its outputs satisfies your input.
And then you get to know more about a possible connections between the txs inputs and output. Which inforamtion, who knows, maybe you'll be able to sell one day in a future so you may want to keep it Smiley

Its really not as cool as you think, unless you build a huge and anonymous infrastrtuctere for it.
Who's going to do it? Jesus is dead for all I know. We're talking about tor at least, otherwise it dont make no sense. And what: SR style, or p2p? Is there even a p2p in tor? Who's going to pay for it to profit from it? Or it won't happen...

Anyway, understand that the weakest link here is the ip that sends your money to the network. Sharing the tx with your pals or strangers picked by some system to increase privacy - give me a break

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Crowex
Member
**
Offline Offline

Activity: 111


View Profile
January 18, 2014, 10:52:28 PM
 #383

However, sellers not reusing addresses that receive payments does solve the problem even in the centralized case as Alice and Bob cannot simultaneously think that they are paying Steve.

That is true, but the protocol shouldn't limit users in such a way. But you are correct, in a world with perfect information this is not a problem.

the example was a donation address, it would be difficult to imagine this changing for each donation

Quote
As I said I don't really understand how maaku solves this problem

nor me, his approach seems to be more de-centralised, but I can't quite grasp how he can guarantee that this problem can't occur
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
January 19, 2014, 02:06:00 AM
 #384

Quote
maaku's solution does not seem to work as it requires communication between the participants

No, the server can include this signed information in the message it sends to participants.

The solution is simple: each participants sign what outputs they want to see on the chain. No participant signs the transaction unless they receive invoices separately signed by every single input which cumulatively add up to the transaction. Cryptographic blinding is used to make sure that users can specify hidden outputs not subject to this check.

Quote
the example was a donation address, it would be difficult to imagine this changing for each donation

Google "bitcoin stealth address"

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
January 19, 2014, 06:58:34 AM
 #385

Rather than adding more steps and layers to the system, I propose ignoring the chance of the joiner operator skimming merges.

If it bothers anyone, they can send their donation to a new address in their own wallet, then send that to the donation address in the normal way.  This operation could even be scripted.  (Your wallet searches google for your payment address.  If there are no results, it is more or less impossible for another coin join user to be sending to that address.  If there are results for it outside of the explorer sites, it automatically switches into 2-stage mode.)

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Crowex
Member
**
Offline Offline

Activity: 111


View Profile
January 19, 2014, 05:17:12 PM
 #386

Quote
maaku's solution does not seem to work as it requires communication between the participants

No, the server can include this signed information in the message it sends to participants.

The solution is simple: each participants sign what outputs they want to see on the chain.
Are they signing a set of all outputs randomly mixed up? This wouldn't solve the problem.
Or are they signing their individual outputs? There is no anonymity now.

Quote
No participant signs the transaction unless they receive invoices separately signed by every single input which cumulatively add up to the transaction.
I can't see how this helps to solve the problem.

Quote
Cryptographic blinding is used to make sure that users can specify hidden outputs not subject to this check.
I'm not really sure what you're saying here. If you're talking about a blind signature protocol can you be more specific about how it can work in this case.

Quote
the example was a donation address, it would be difficult to imagine this changing for each donation
Quote

Google "bitcoin stealth address"
I didn't say that it wasn't possible to change the address for each donation. This could be done without stealth addresses. I just think that most people asking for donations will just put up an address and ask people to send coins to it. Smiley
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
January 19, 2014, 08:27:28 PM
 #387

They sign a list of their outputs, some of which are explicit, some of which are blinded. The blind signed outputs are separately checked (the server blind signed them without knowing what they were, so couldn't later skim them without detection). So each participant has a list of non-mixed outputs signed by their owners, and a list of blinded outputs signed by the server before it had a chance to do any funny business. Together these should add up to the entire transaction (modulo facilitator and miner fees).

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Murphant
Jr. Member
*
Offline Offline

Activity: 35


View Profile
January 30, 2014, 10:35:31 PM
 #388

I am looking to compare different implementations of CoinJoin, but I don't feel like going through 20 pages. Would someone be considerate enough to list them here, or maybe in the original post?
ajsubtronic
Newbie
*
Offline Offline

Activity: 2


View Profile
January 31, 2014, 08:25:55 AM
 #389

where can i find a comparison of coinjoin? is there a website?  Shocked Huh
Amitabh S
Legendary
*
Offline Offline

Activity: 995


View Profile
January 31, 2014, 07:01:34 PM
 #390

Is the bounty still open? I can see the funds are still there.

How do I cite CoinJoin?

Coinsecure referral ID: https://coinsecure.in/signup/refamit (use this link to signup)
gaston909
Sr. Member
****
Offline Offline

Activity: 350



View Profile
February 01, 2014, 07:18:26 PM
 #391

This is a great idea!
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 02, 2014, 03:07:04 AM
 #392

Hey all,

I've spent the last two/three months working on a CoinJoin implementation that I call Coinmux.  It is open source and mostly P2P / decentralized.

The source is in Ruby (JRuby) and on Github: https://github.com/michaelgpearce/coinmux.  The project home page has quite a bit of information so its worth reading through.

Here is an example transaction created with Coinmux for 3 participants: http://test.webbtc.com/tx/963d6a87c2f0c3e715d0550539ffa3fed0731abd4b3b081d52f29891592f400d.  (You'll notice some change address re-use due to this making my testing easier.)  The commands used were:
bin/coinmux --participants 3 --amount 0.0625 --output-address muTpTtZSGyEbH2xt47SS3J45XG4Dx5F9DE --change-address mwU8DyTw2fBQmyCDJNRyHBDXk7KUDJ7vEA
bin/coinmux -p 3 -a 0.0625 -o mynWtUyX3UmEfvbU6oESCuXWJXA2vjbJw8 -c mjfCi3t1jBsizt9MKtNDxpn3qdd73CRyhQ --data-store p2p?port=14142
bin/coinmux -p 3 -a 0.0625 -o mpexwCiUhDVNYEMWqzoLn8C4UkMdDdZCQo -c mjfCi3t1jBsizt9MKtNDxpn3qdd73CRyhQ --data-store p2p?port=14143


Its setup to use Testnet (i have not tried it on mainnet as its alpha software!).  It can be easily configured to use either a local filesystem to communicate or P2P over the Internet.  The filesystem communication is fairly robust while the P2P Internet mode works reasonably well, but will require a lot more testing and work to prevent bad actors.

There is a protocol specification: https://github.com/michaelgpearce/coinmux/blob/master/docs/spec.md
The peers communicate using JSON messages.  None of the connected peers can associate input with output ownership from the messages themselves, only by IP addresses.  This is a pretty big privacy leak, but can be solved by integrating Tor or Freenet to communicate the messages.

I've only implemented a command line interface for now, but the CLI is event driven and built with a GUI in mind.  I don't want non-developers trying it yet so a CLI seems like a good place to start.

The easiest way to try it out locally is to use "--data-store filesystem" and invoke the command from a couple of different terminal sessions on your computer.  Again, its setup to use Testnet, so you need a Testnet wallet / private keys.
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 02, 2014, 04:08:03 AM
 #393

... and of course, you can generate an address from bitaddress.org and get some Testnet coins from TP's faucet.

https://www.bitaddress.org/bitaddress.org-v2.6.5-SHA1-fa763c2bbc97e1b37bc6d3945647aed869ec8c18.html?testnet=true
http://tpfaucet.appspot.com/
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 06, 2014, 04:50:27 AM
 #394

Hey all, i just released v0.1.0 of Coinmux (followed quickly by 0.1.1 to fix a couple of minor UI issues) which is my milestone for having things functional on Testnet.  I'm ready to move on to building a GUI to sit on top of the code already there and make it easier to use.

But before I do that, I want to try it out on the Bitcoin MAINNET and with some STRANGERS on the Internet!  I've never done either!

I'm hoping a couple of you are brave enough to try it with me.  I want to do a small CoinJoin transaction, 0.001 BTC (a little less than 1USD) .  To get a suitable wallet, I simply went to bitaddress.org, created a new wallet for the CoinJoin input, and then sent 0.0015 BTC to it from my main wallet (a little extra for miner fees).  Any address with a balance > 0.0015 will work, but I would not recommend using your primary wallet.  There shouldn't be any issues, but better to be safe than sorry.

If you are interested, there is a link to download the latest Java client here: https://github.com/michaelgpearce/coinmux.  To use the Mainnet Bitcoin network instead of Testnet, you'll simply need to set an environment variable COINMUX_ENV=production.  On a Unixy OS, you should be able to just type this command in the terminal/console where you run the Java command.  On Windows, i believe you use the SET command, but its been years since i've used Windows.

I'm on Freenode IRC at #coinmux via webchat: https://webchat.freenode.net.  Hopefully one or two people will come find me.

Thanks!!
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 06, 2014, 06:08:04 AM
 #395

Hey all.  Short update, here is the first transaction that Coinmux has created on the main Bitcoin network and a transcript of the output as shown on the console from one of the peers.

https://blockchain.info/tx/b5b8c60836d22964138d05c0bd42f9f06ccef81cd3150641a9436f6173ded6c0

(Its kinda cool that it confuses Blockchain.info's "Estimated BTC Transacted" for the transaction!)

Code:
~/Downloads $ COINMUX_ENV=production java -jar coinmux-latest.jar -p 2 -a 0.001 -o 1GQypfLSim1xndF5jupFrNoJi9U9LFLLzp -c 1Jd7Hiv43MeHMkPKU4bbSJqvQeZxqLj5iu
Enter your private key:
***************************************************
Starting...
[Participant]: Finding coin join message
[Participant]: No available coin join
   [Director]: Inserting coin join message
   [Director]: Inserting status message
   [Director]: Waiting for inputs
[Participant]: Finding coin join message
[Participant]: Inserting input
[Participant]: Waiting for other inputs
   [Director]: Inserting message verification message
   [Director]: Waiting for outputs
[Participant]: Inserting output
[Participant]: Waiting for other outputs
   [Director]: Inserting transaction message
   [Director]: Waiting for signatures
[Participant]: Inserting transaction signatures
[Participant]: Waiting for completed
   [Director]: Publishing transaction
   [Director]: Completed
[Participant]: Completed - Transaction ID: b5b8c60836d22964138d05c0bd42f9f06ccef81cd3150641a9436f6173ded6c0
CoinJoin successfully created!
Rassah
Legendary
*
Offline Offline

Activity: 1680


Director of Bitcoin100


View Profile
February 07, 2014, 09:47:00 PM
 #396

How does Coinmux find other users? And if it doesn't, can it implement a Bitmessage chan?

gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
February 07, 2014, 09:53:55 PM
 #397

How does Coinmux find other users? And if it doesn't, can it implement a Bitmessage chan?

It uses a java p2p library http://tomp2p.net/ to create DHT of users.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 07, 2014, 10:36:48 PM
 #398

How does Coinmux find other users? And if it doesn't, can it implement a Bitmessage chan?

It uses a java p2p library http://tomp2p.net/ to create DHT of users.

Yep. It uses TomP2P. My initial implementation was going to use Freenet, but I didn't want to require needing any external applications running.

In Coinmux, I call the communication layer a Data store in the code. There is an implementation using TomP2P, the file system and one that uses only memory for testing purposes. It's straight forward to implement these and I did also consider Bitmessage. Unfortunately, the Bitmessage JSON API looked to be very heavily tied to a specific user in the UI with no way to create a new user via API or send messages as a specific user. This lead me to stop investigating it further.
piotr_n
Legendary
*
Offline Offline

Activity: 1722


aka tonikt


View Profile WWW
February 07, 2014, 10:51:11 PM
 #399

Good stuff - I hope it will explode

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 08, 2014, 01:24:49 AM
 #400

Good stuff - I hope it will explode

Thanks! There's a bit of a trust issue with any new Bitcoin software project (especially with one that asks you to enter your private key!), so i'm having a hard time finding people to try it out. Hopefully time will be the solution to that.  I'm planning on giving a presentation at the SF Bitcoin Meetup to increase CoinJoin and Coinmux awareness.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [20] 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!