Bitcoin Forum
May 24, 2017, 03:45:34 PM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 250057 times)
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2184



View Profile
March 12, 2014, 07:06:00 PM
 #461

Surely you understand that the word "unless" means that if UFOs are not a solution,
Actually I think they're fine for this without the UFOs, I only brought them up because you were insisting things that were add odds with their e
Appears you are saying that as a participant when I provide my input, I also specify the amount of my output?

Quote
So how is there unlinking of output amounts from input amounts?
Derp. Your output is equal to your input. Privacy comes from equalizing amounts.

Bitcoin will not be compromised
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1495640734
Hero Member
*
Offline Offline

Posts: 1495640734

View Profile Personal Message (Offline)

Ignore
1495640734
Reply with quote  #2

1495640734
Report to moderator
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518


View Profile
March 12, 2014, 09:25:30 PM
 #462

Derp.

You just can't resist the ad hominem even after I've shown you were wrong all along about DOS attacks on your protocol.

Sigh.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
piotr_n
Legendary
*
Offline Offline

Activity: 1652


aka tonikt


View Profile WWW
March 12, 2014, 10:38:40 PM
 #463

I'm sometimes reading this topic, occasionally, and it seems always the same. Actually, its getting worse.
Like with almost everything: plenty of ideas, but no solution whatsoever.

As for this specific topic, it basically seems like the level of the misery is just increasing.
My advise: talk less, do more - it will solve all your problems, I promise!

Why do people even care to waste their time on pointless discussions?
I could have saved so much of my own time, if I had only known an answer to such a stupid question Smiley
I guess it must be some kind of entertainment, like watching TV, because I cannot believe someone would be wasting his time on this kind of pointless forum arguments, though still thinking that he actually somehow helps the mankind.
We are talking about tens of pages of a "technical" topic (and not only this one!), lasting for years, with practically no actual applications - it must be just an entertainment, what else?
Unless it's a new kind of science: a theoretical engineering... Though I would still rather count it as a stupid kind of philosophy  Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
AnonyMint
Hero Member
*****
Offline Offline

Activity: 518


View Profile
March 13, 2014, 03:57:57 AM
 #464

Quote
So how is there unlinking of output amounts from input amounts?

Derp. Your output is equal to your input. Privacy comes from equalizing amounts.

And thus my original statement was correct:

Comments please on my technical statement herein?

A decentralized CoinJoin will have difficulty forming transactions ... that look like this if anyone can join:

https://blockchain.info/tx/e4abb15310348edc606e597effc81697bfce4b6de7598347f17c2befd4febf3b?show_adv=true

Also my statement that the CoinJoin protocol can be DOS-attacked was correct.

It was a bit difficult to explain these facts w.r.t. to gmaxell's semi-coherent, incomplete explanations of his protocol. But I think I was able to help him to specify the essential requirements of his protocol.

As for this specific topic, it basically seems like the level of the misery is just increasing.
My advise: talk less, do more - it will solve all your problems, I promise!

The solution was provided by gmaxell. Use Zerocoin which is an atomic operation from inputs -> available outputs. But it won't work for Bitcoin's current block chain design, because even if we could (which we currently can't) we don't want to put the Zerocoin accumulator on the block chain because we don't want to trust the PQ thus we want to the accumulator to have a preset short-term lifespan and all inputs and outputs must specify themselves with that time limit. However this can't work in Bitcoin because inputs have to sign the output addresses. Thus in Bitcoin the specification of the output addresses would make it a non-atomic operation thus it can be DOS-attacked.

The solution for an altcoin (or Bitcoin if we can make such a radical change) is to make the transaction id a nonce and have the inputs and outputs sign that nonce. If the outputs are greater than inputs, then the transaction is invalid. In the rare event the outputs are greater than inputs, then we know to throw away and don't reuse the Zerocoin accumulator's PQ (because its trust is compromised) and try again.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
nanobit
Member
**
Offline Offline

Activity: 77


View Profile
March 30, 2014, 12:22:58 PM
 #465

Could someone kindly give a status update on when will we have a real-world, usable CoinJoin (besides the implementation on Blockchain.info)? This thread is huge, and I'm sure many casual readers would like to see a tl;dr to learn will this result in a usable client soon, or what's the plan?

I found the thread when reading this article from 7 months ago. What has happened since?
http://bitcoinmagazine.com/6630/trustless-bitcoin-anonymity-here-at-last/
Suzuki
Jr. Member
*
Offline Offline

Activity: 59


View Profile
March 30, 2014, 04:19:17 PM
 #466

I find it a good idea to create a site where you enter a P2SH address, it gives back a traditional address, and when it receives money at the traditional address, it immediately forwards the unconfirmed BTC to the P2SH address. Hope someone will manage it!
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
March 30, 2014, 04:25:57 PM
 #467

Could someone kindly give a status update on when will we have a real-world, usable CoinJoin (besides the implementation on Blockchain.info)? This thread is huge, and I'm sure many casual readers would like to see a tl;dr to learn will this result in a usable client soon, or what's the plan?

I found the thread when reading this article from 7 months ago. What has happened since?
http://bitcoinmagazine.com/6630/trustless-bitcoin-anonymity-here-at-last/
can someone kindly give a status update when we will havemoney distributed to developers to work on a free and fair and decentralized coin join?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
March 30, 2014, 07:56:56 PM
 #468

Could someone kindly give a status update on when will we have a real-world, usable CoinJoin (besides the implementation on Blockchain.info)? This thread is huge, and I'm sure many casual readers would like to see a tl;dr to learn will this result in a usable client soon, or what's the plan?

I found the thread when reading this article from 7 months ago. What has happened since?
http://bitcoinmagazine.com/6630/trustless-bitcoin-anonymity-here-at-last/

I'm still actively working on the implementation I have started Coinmux.  I have taken a break for the last month after spending 3+ months working on it nights and weekends. Hopefully there is a Bitcoin God that wants to offer me a job to work on it full time. Smiley
solex
Legendary
*
Offline Offline

Activity: 1078


100 satoshis -> ISO code


View Profile
March 30, 2014, 11:37:27 PM
 #469

There is now 42 BTC donated: https://blockchain.info/address/3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

Was the plan to pay 100% to the author of the first complete implementation, or for piece-work in progress?

maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
March 30, 2014, 11:53:51 PM
 #470

@solex, I don't know if it's ever been articulated. That and the fact that the coins haven't moved was basically my gripe, not a specific jab at @nanobit (although, this is open-source software developed by volunteers: asking for time estimates is bad form).

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
March 30, 2014, 11:55:20 PM
 #471

There is now 42 BTC donated: https://blockchain.info/address/3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

Was the plan to pay 100% to the author of the first complete implementation, or for piece-work in progress?


I'd be curious to know what a "complete" implementation is.  I'm guessing no one other than the owners of the donated BTC can say for sure... and AFAIK, they haven't said yet.
solex
Legendary
*
Offline Offline

Activity: 1078


100 satoshis -> ISO code


View Profile
March 31, 2014, 02:17:39 AM
 #472

I'd be curious to know what a "complete" implementation is.  I'm guessing no one other than the owners of the donated BTC can say for sure... and AFAIK, they haven't said yet.

The OP mentions "complete", which I imagine would be a coinjoin implementation which would be considered by Core Dev worthy of inclusion in the reference client (needing cosmetic, standardizing and/or translation changes or only). Now this may remain a theoretical assessment if the goal is to see 3rd party implementations such as blockchain.info's.

Coinmux *seems* very good, and must be a front-runner, subject to informed criticism such as the input from Cryddit.

@solex, I don't know if it's ever been articulated. That and the fact that the coins haven't moved was basically my gripe, not a specific jab at @nanobit (although, this is open-source software developed by volunteers: asking for time estimates is bad form).

Agreed.

themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
March 31, 2014, 03:58:57 AM
 #473

I'd be curious to know what a "complete" implementation is.  I'm guessing no one other than the owners of the donated BTC can say for sure... and AFAIK, they haven't said yet.

The OP mentions "complete", which I imagine would be a coinjoin implementation which would be considered by Core Dev worthy of inclusion in the reference client (needing cosmetic, standardizing and/or translation changes or only). Now this may remain a theoretical assessment if the goal is to see 3rd party implementations such as blockchain.info's.

Coinmux *seems* very good, and must be a front-runner, subject to informed criticism such as the input from Cryddit.

@solex, I don't know if it's ever been articulated. That and the fact that the coins haven't moved was basically my gripe, not a specific jab at @nanobit (although, this is open-source software developed by volunteers: asking for time estimates is bad form).

Agreed.

I'll not take the "seems" statement as an insult. Smiley  Coinmux has got quite a way to go from where it is now to where i envision it when finished.  And if "complete" means that the implementation is merged into the reference client, i'll never get there as i did not write it in C/C++ (and i'd probably end up writing some pretty shitty C/C++ anyway).
solex
Legendary
*
Offline Offline

Activity: 1078


100 satoshis -> ISO code


View Profile
March 31, 2014, 04:28:21 AM
 #474

I'll not take the "seems" statement as an insult. Smiley  Coinmux has got quite a way to go from where it is now to where i envision it when finished.  And if "complete" means that the implementation is merged into the reference client, i'll never get there as i did not write it in C/C++ (and i'd probably end up writing some pretty shitty C/C++ anyway).

My IT experience is not in the area which means I can determine for sure how good it is. It sounds good!! :-)
Shouldn't have to be ready for merging, or in c++, and that's why I mentioned translating. It is the prototype which matters.

nanobit
Member
**
Offline Offline

Activity: 77


View Profile
March 31, 2014, 10:04:04 PM
 #475

Could someone kindly give a status update on when will we have a real-world, usable CoinJoin (besides the implementation on Blockchain.info)? This thread is huge, and I'm sure many casual readers would like to see a tl;dr to learn will this result in a usable client soon, or what's the plan?

I found the thread when reading this article from 7 months ago. What has happened since?
http://bitcoinmagazine.com/6630/trustless-bitcoin-anonymity-here-at-last/

I'm still actively working on the implementation I have started Coinmux.  I have taken a break for the last month after spending 3+ months working on it nights and weekends. Hopefully there is a Bitcoin God that wants to offer me a job to work on it full time. Smiley

Themgp, that looks really interesting! I'm sure others wish you could work on it full time, too! Smiley
How far away is it from being usable for an average Bitcointalker?
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2184



View Profile
April 01, 2014, 12:43:50 AM
 #476

Was the plan to pay 100% to the author of the first complete implementation, or for piece-work in progress?
Any payouts would need to be discussed with the other signers, but my thinking had been to pay most of it to to the most substantive complete and usable implementation, and partial amounts to smaller efforts (e.g. people who built toy tools and things only a developer could love).  I had also planned on doing the payout itself as a coinjoin, and using a small bit of the funds to pay people to join into the coinjoin. Smiley

Bitcoin will not be compromised
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
April 01, 2014, 01:15:15 AM
 #477

Could someone kindly give a status update on when will we have a real-world, usable CoinJoin (besides the implementation on Blockchain.info)? This thread is huge, and I'm sure many casual readers would like to see a tl;dr to learn will this result in a usable client soon, or what's the plan?

I found the thread when reading this article from 7 months ago. What has happened since?
http://bitcoinmagazine.com/6630/trustless-bitcoin-anonymity-here-at-last/

I'm still actively working on the implementation I have started Coinmux.  I have taken a break for the last month after spending 3+ months working on it nights and weekends. Hopefully there is a Bitcoin God that wants to offer me a job to work on it full time. Smiley

Themgp, that looks really interesting! I'm sure others wish you could work on it full time, too! Smiley
How far away is it from being usable for an average Bitcointalker?


The main problem right now is getting an available set of users to do a CoinJoin - the idea doesn't work if no one is using it.  I think if i had a few weeks of solid work on Coinmux, it would be something where a user with a general understanding of bitcoin addresses and public/private keys that wanted to increase their privacy would want to use it.  Hopefully I can find the time soon.
spooderman
Legendary
*
Offline Offline

Activity: 1358


View Profile WWW
April 27, 2014, 03:08:49 PM
 #478

Excellent work. Thank you for this.

As a computer n00b I will not be contributing code, but as an early adopter I can contribute some btc.

Thank you.

Society doesn't scale.
caedes
Jr. Member
*
Offline Offline

Activity: 44


View Profile
May 02, 2014, 03:40:29 PM
 #479

Some coinjoin news from darkwallet:

The alpha version of the coinjoin is just barely working but is allowing us to test the basic usability concepts, we're polishing it during next days, and the wallet is going to take some time to come out of alpha/beta, nonetheless people is playing with it both in testnet and mainnet.

https://blockchain.info/tx/c38aac9910f327700e0f199972eed8ea7c6b1920e965f9cb48a92973e7325046
https://blockchain.info/tx/85f5f2b2e57535b42a30596f8d2a048b0b0c426f953e54dd96c72a77a21a6468

Some description about this:

https://wiki.unsystem.net/index.php/DarkWallet/Alpha#Mixing

More technical details:

The coinjoin now is simple two people coinjoin, as such we just make sure the 2 parties are the only ones who know the outputs correspondence, no need to hide from each other.

This is accomplished by talking over an unsecured channel where each peer publishes their pubkey with coinjoin announces, then others will answer doing ecdh, the initiator will choose one and they will continue talking to each other till they reach an agreement.

Our usability goes like this:

Anyone can set (a branch or pocket in) their wallet in "mixing" state, meaning it will be listening for coinjoin offers to mix available funds into new addresses.

For people sending, the wallet always tries to mix by announcing a coinjoin for the send value. If it can't mix it will send anyways in 60 seconds (at the moment).

Our idea is that this simple form of coinjoin can take off then we can add more complex coinjoin announcements or protocols. It is fully integrated in the normal workings of the wallet and it should work with other features like above you can see a coinjoin that went together with a stealth since the user is just sending stealth.

It seems to work pretty all right as long as at least a few wallets are mixing, and even if the current implementation is almost the simplest trustless mixing implementation i hope you can appretiate the potential.

Also looking forward to implement more advanced forms of coinjoin although our focus now would be to finish off what we have so it will be solid and easily extendable as a platform for development of other protocols. Also to note other wallets or tools can definitely join the same lobby and join together with darkwallets, but there is none yet, we plan to at least make one such simple tool.

Please feedback Smiley
maaku
Legendary
*
expert
Offline Offline

Activity: 905


View Profile
May 02, 2014, 04:03:40 PM
 #480

Is there a central server involved in your implementation? I'm not trying to spread FUD, it's just there is conflicting information out there on the net. What you describe here sounds like it is p2p. Where are the announce messages posted?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [24] 25 26 27 28 29 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!