Bitcoin Forum
December 11, 2017, 03:32:30 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 269379 times)
piotr_n
Legendary
*
Offline Offline

Activity: 1778


aka tonikt


View Profile WWW
February 18, 2014, 01:26:05 PM
 #421

What about adding this into server based clients with matching via the server? (Electrum, Blockchain.info, Mycelium...)
And make them to not store the logs?
That would probably be the quickest way to get whoever run these servers arrested by US nazi law enforcement (aka national security services) - at some airport somewhere in the world... Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
1513006350
Hero Member
*
Offline Offline

Posts: 1513006350

View Profile Personal Message (Offline)

Ignore
1513006350
Reply with quote  #2

1513006350
Report to moderator
1513006350
Hero Member
*
Offline Offline

Posts: 1513006350

View Profile Personal Message (Offline)

Ignore
1513006350
Reply with quote  #2

1513006350
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Rassah
Legendary
*
Offline Offline

Activity: 1680


Director of Bitcoin100


View Profile
February 20, 2014, 10:19:08 PM
 #422

What about adding this into server based clients with matching via the server? (Electrum, Blockchain.info, Mycelium...)
And make them to not store the logs?
That would probably be the quickest way to get whoever run these servers arrested by US nazi law enforcement (aka national security services) - at some airport somewhere in the world... Smiley

I think Mycelium has CoinJoin as one of the things on their future To Do list. If not, I'll add it  Grin

piotr_n
Legendary
*
Offline Offline

Activity: 1778


aka tonikt


View Profile WWW
February 20, 2014, 11:25:06 PM
 #423

Yeah, but I'm just saying that it's pretty worthless if they store the logs.
And if they don't store the logs... well, that's probably illegal, at least in US and Russia Smiley

The only safe CoinJoin solution I see is p2p based, with some tricky encryption.

But still I think this will never beat services like bitcoinfog, assuming that they indeed remove the logs as they claim.
I mean: you deposit your money and withdraw ~98% of it, while your deposit is still unspent - destroying a log at this moment leaves absolutely no traces and it's actually a perfect "privacy for the real world".
Though it has two big disadvantages, over p2p coin mixing:
1) You need to trust the service to really destroy the logs
2) It doesn't come for free.

So I also find CoinJoin as a nice and possibly useful project, but IMHO centralizing it around a server would just defeat the purpose.
Not to mention that it would be dangerous for whoever runs this server.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
okashira
Jr. Member
*
Offline Offline

Activity: 45


View Profile
February 20, 2014, 11:28:30 PM
 #424

Yeah, but I'm just saying that it's pretty worthless if they store the logs.
And if they don't store the logs... well, that's probably illegal, at least in US and Russia Smiley

The only safe CoinJoin solution I see is p2p based, with some tricky encryption.

But still I think this will never beat services like bitcoinfog, assuming that they indeed remove the logs as they claim.
I mean: you deposit your money and withdraw ~98% of it, while your deposit is still unspent - destroying a log at this moment leaves absolutely no traces and it's actually a perfect "privacy for the real world".
Though it has two big disadvantages, over p2p coin mixing:
1) You need to trust the service to really destroy the logs
2) It doesn't come for free.

So I also find CoinJoin as a nice and possibly useful project, but IMHO centralizing it would just defeat the purpose.

Is that exactly what Darkcoin is doing? Decentralized and encrypted coinjoin.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
February 20, 2014, 11:34:44 PM
 #425

Yeah, but I'm just saying that it's pretty worthless if they store the logs.
And if they don't store the logs... well, that's probably illegal, at least in US and Russia Smiley

The only safe CoinJoin solution I see is p2p based, with some tricky encryption.

But still I think this will never beat services like bitcoinfog, assuming that they indeed remove the logs as they claim.
I mean: you deposit your money and withdraw ~98% of it, while your deposit is still unspent - destroying a log at this moment leaves absolutely no traces and it's actually a perfect "privacy for the real world".
Though it has two big disadvantages, over p2p coin mixing:
1) You need to trust the service to really destroy the logs
2) It doesn't come for free.

So I also find CoinJoin as a nice and possibly useful project, but IMHO centralizing it around a server would just defeat the purpose.
Not to mention that it would be dangerous for whoever runs this server.
Piotr_n, you seem to be an intelligent and experienced low level (C++ or lower) programmer.

Wouldn't it suit you better simply to write your own CoinJoin implementation instead of just talking about it ?

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?

themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
February 20, 2014, 11:48:05 PM
 #426

Yeah, but I'm just saying that it's pretty worthless if they store the logs.
And if they don't store the logs... well, that's probably illegal, at least in US and Russia Smiley

The only safe CoinJoin solution I see is p2p based, with some tricky encryption.

But still I think this will never beat services like bitcoinfog, assuming that they indeed remove the logs as they claim.
I mean: you deposit your money and withdraw ~98% of it, while your deposit is still unspent - destroying a log at this moment leaves absolutely no traces and it's actually a perfect "privacy for the real world".
Though it has two big disadvantages, over p2p coin mixing:
1) You need to trust the service to really destroy the logs
2) It doesn't come for free.

So I also find CoinJoin as a nice and possibly useful project, but IMHO centralizing it around a server would just defeat the purpose.
Not to mention that it would be dangerous for whoever runs this server.

The CoinJoin client I wrote, Coinmux https://github.com/michaelgpearce/coinmux is P2P and open source.  Its still in its early development phase though.  Having spent the last 10 years building web applications, building a true P2P application is definitely more difficult than building a server-side solution (which you have to trust).
piotr_n
Legendary
*
Offline Offline

Activity: 1778


aka tonikt


View Profile WWW
February 21, 2014, 12:04:34 AM
 #427

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?
Honestly, I just don't need it, so I don't really feel the urge to create such a thing.

If the solution was easy I would have probably done it even when not needing it, but in such case someone else would have already done it before me. The problem is that it doesn't seem so much straight forward. At the other hand providing feedback on the forum is easy - this I can do by the way of having another beer before sleep, nothing hard about it Smiley

Still I believe it can be done and since it can be done, someone will do it one day - it is just a matter of time.
But to design it well, you first need to define what kind of privacy this technology is supposed to target.
I mean you can identify a different kind of threads.
The first one is of course that all the internet traffic is recorded.
The second: that the peers with who you are sharing your transaction may (and surely will, after you launch the project) be malicious - e.g I can imagine a network of bots flooding the p2p system with many txs to themselves, just to learn about your transactions.
A third... probably also something.

But if you just want to do a "p2p CoinJoin", without caring about any of these things, then you might just as well look for people to share your tx with at IRC; you all make a joined tx and each party signs manually its part. There already is a software that can do it - not only mine, for what I know.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Cryddit
Legendary
*
Offline Offline

Activity: 840


View Profile
February 21, 2014, 12:38:10 AM
 #428


It's possible to implement coinjoin that can be trusted, even if nobody deletes the logs.  You can secure it against the ability to associate inputs or outputs with each other, or with IP addresses, to an opponent using blockchain evidence, server logs, or realtime packet sniffing. 

The "tricky cryptography" is a stream cipher with multiple keys, each key being known to exactly two participants  (aka, a dc-net).  There is a requirement that there must be more than one honest participant in the "join" whose stream key is unknown to the opponent.   An opponent listening to packet traffic can associate inputs/outputs with any participant whose key that opponent has compromised, so if there is only one honest participant whose key is uncompromised, the opponent can associate inputs/outputs with that participant by process of elimination.

I'll implement it if nobody else has by the time I get around to it, but it isn't my highest priority right now; I have a higher-paying bounty to pursue in programming, which is (arguably) even more important to Bitcoin in terms of adoption and remaining decentralized, and that is to limit the size of the blockchain download needed to run a full node.



maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
February 21, 2014, 02:00:10 AM
 #429

Cryddit, did you read the op? Blind signatures require no honest nodes.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Cryddit
Legendary
*
Offline Offline

Activity: 840


View Profile
February 21, 2014, 09:21:21 AM
 #430

Cryddit, did you read the op? Blind signatures require no honest nodes.

True.  But Blind signatures alone are not sufficient to implement reliably untraceable coinmixing.

In the solution with blind signatures, you still have someone listening to the packet traffic able to associate inputs and outputs with particular IP addresses - and therefore with each other. 
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
February 21, 2014, 09:53:52 AM
 #431

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?
Honestly, I just don't need it, so I don't really feel the urge to create such a thing.
(...)
Still I believe it can be done and since it can be done, someone will do it one day
Ok then, so you prefer to sit and wait for someone to do it for you.

Wow
So laziness
Much not giving fuck
Such a shame
Wow

maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
February 21, 2014, 10:36:08 AM
 #432

In the solution with blind signatures, you still have someone listening to the packet traffic able to associate inputs and outputs with particular IP addresses - and therefore with each other. 

Yes, you need an anonymous network. But we have solutions for that...

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Cryddit
Legendary
*
Offline Offline

Activity: 840


View Profile
February 21, 2014, 06:38:25 PM
 #433


The extant solution for anonymous networks (Tor) requires extra steps that many users won't do, many of those who do will get wrong, and many of those who get wrong won't be aware that they've got wrong.  It is subject to attacks where the compromises of a few selected machines outside your control (your route and exit nodes) can cause your privacy to be sacrificed even if every other node in the mix is honest.  And it is subject to traffic rerouting in transit on the backbone, which is known to be done by at least one sophisticated attacker specifically in response to the fact that it is Tor traffic in the first place. That attacker, and presumably others, specifically reroutes Tor traffic through attack sites which use browser flaws to compromise the machines that originate the traffic.

Tor was a good design once; but the attacks on it are in place, sophisticated, only getting worse, and not easily detectable from the originating node.  So I think that its usefulness is closer to its end than to its beginning.  While Tor may still be good more than 90% of the time, I'm not willing to trust it in the long run. Nor am I willing to trust that people using it can keep their machines from getting compromised by reroutes to attack sites which are using zero-day exploits against their browsers.  Most of them don't even fully disable scripts and cookies in their Tor browser sessions.

The dc-net solution requires you to trust only that there exists at least one other node (ANY participating node) that is not compromised; that's a strictly stronger guarantee than Tor.  If it's built into the protocol then it involves no steps that many users will not do, nor steps that users will attempt but do wrongly.  It is not dependent on the security of machines other than those directly participating, and does not expose machines to attack via a browser as Tor in normal use generally does.

Further, its guarantees are orthogonal to those provided by a (properly functioning) Tor network;  With Tor alone, (if the critical path machines and your own remain uncompromised) you can't associate nodes with IP addresses, but if you're sniffing packet traffic you can associate inputs and outputs with particular nodes.  With the DC-net alone, you can't associate inputs or outputs with particular nodes, but if you're sniffing packet traffic you can produce a list of the IP addresses of the nodes.   So I claim the proper solution is to implement the DC-net as the "fundamental" basis of the protocol, and then let people use it over Tor if they want the extra layer of obfuscation and can correctly use Tor.   That way, even if they fail at configuring Tor, or get unlucky with their Tor network routing, or fail in keeping their own machines secure while using Tor, they still have some fundamental amount of protection.  And if they use Tor correctly, they get additional protection that the DC-net alone could not provide.


randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
February 21, 2014, 08:22:53 PM
 #434

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?
Honestly, I just don't need it, so I don't really feel the urge to create such a thing.
(...)
Still I believe it can be done and since it can be done, someone will do it one day
Ok then, so you prefer to sit and wait for someone to do it for you.

Wow
So laziness
Much not giving fuck
Such a shame
Wow

Wtf maybe you should contribute something on your own (code, money) instead of telling other people which type of unpaid work they should do for you in their free time.
hozer
Sr. Member
****
Offline Offline

Activity: 271


View Profile WWW
February 22, 2014, 01:40:49 AM
 #435

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?
Honestly, I just don't need it, so I don't really feel the urge to create such a thing.
(...)
Still I believe it can be done and since it can be done, someone will do it one day
Ok then, so you prefer to sit and wait for someone to do it for you.

Wow
So laziness
Much not giving fuck
Such a shame
Wow

Wtf maybe you should contribute something on your own (code, money) instead of telling other people which type of unpaid work they should do for you in their free time.

My thoughts exactly. If you are serious about anonymity and privacy, PAY FOR IT. Cause you have this big problem of how do you test it to make sure it's working. I'm sure the EFF or some other non-profit could be found to hold some money to pay for development and testing.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
February 22, 2014, 01:43:02 PM
 #436

After studying your posts on these forums, I am fairly certain that you have the skill. The question is, whether you want to do something with it, or just keep discussing the topic ?
Honestly, I just don't need it, so I don't really feel the urge to create such a thing.
(...)
Still I believe it can be done and since it can be done, someone will do it one day
Ok then, so you prefer to sit and wait for someone to do it for you.

Wow
So laziness
Much not giving fuck
Such a shame
Wow

Wtf maybe you should contribute something on your own (code, money) instead of telling other people which type of unpaid work they should do for you in their free time.
WTF, I already did. Look at my sig, genius.

And that is NOT what I am talking about. I am actually criticising piotr_n for coming to this thread and complaining, instead of coding it himself.
And (as he confirmed himself) he could actually do it, he just does not care.

I cannot code CoinJoin anyway, too complex for my skill level.

therealbigcoin
Full Member
***
Offline Offline

Activity: 222


Best IoT Platform Based on Blockchain


View Profile
March 02, 2014, 04:58:35 PM
 #437

Is this the thing darkcoin will implement?

philipmicklon
Full Member
***
Offline Offline

Activity: 175


View Profile
March 02, 2014, 06:52:53 PM
 #438

Is this the thing darkcoin will implement?
Yes, I believe this is the general idea behind the darksend feature. But the darksend feature hasn't been rolled out yet.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2366



View Profile
March 03, 2014, 01:46:22 AM
 #439

The extant solution for anonymous networks (Tor) requires extra steps that many users won't do,
Tor is actually quite easy to bundle, and some other programs (like torchat) already do. I'd assume that someday there would be bitcoin clients offered with bundled tor.

Bitcoin will not be compromised
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
March 03, 2014, 01:52:39 AM
 #440

The extant solution for anonymous networks (Tor) requires extra steps that many users won't do,
Tor is actually quite easy to bundle, and some other programs (like torchat) already do. I'd assume that someday there would be bitcoin clients offered with bundled tor.

I was looking at Orchid (a Tor library) today and saw Mike Hearn's name on a github pull request: https://github.com/subgraph/Orchid/pull/9 with the comment: "I need this fix for bitcoinj."
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [22] 23 24 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!