Bitcoin Forum
November 15, 2019, 07:19:11 AM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 291287 times)
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1001


View Profile
May 03, 2014, 04:23:58 PM
 #481

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
1573802351
Hero Member
*
Offline Offline

Posts: 1573802351

View Profile Personal Message (Offline)

Ignore
1573802351
Reply with quote  #2

1573802351
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573802351
Hero Member
*
Offline Offline

Posts: 1573802351

View Profile Personal Message (Offline)

Ignore
1573802351
Reply with quote  #2

1573802351
Report to moderator
genjix
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1000


View Profile
May 03, 2014, 08:27:06 PM
 #482

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

We're waiting on a spec from Peter Todd.
caedes
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
May 04, 2014, 05:03:17 AM
 #483

@caedes, why not have a peer-to-peer broadcast-flood channel for announcing joint transaction availability? Maybe even reuse one that is already available, well maintained, and has known security properties, like say the bitcoin network itself? And then do direct connections to the followon stages?

Yes as genjix says we're waiting for specific proposal of how to approach it, when we designed the system that was the idea that we could use the bitcoin network to overcome some of the adversary problems.
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1001


View Profile
May 04, 2014, 06:11:50 AM
 #484

Yeah okay. I'll see if I can find time to finish the half-written BIP I've already started.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2870
Merit: 2606



View Profile
May 18, 2014, 10:26:24 PM
 #485

extremely interesting thread...what struck my eye was the slow validations which can cause a major clog with transactions when Dark Coin (based off of CoinJoin) gets bigger, right? The more coins transacted the slower the confirmations am I right in saying that?
No, not in a meaningful sense. Validation is very cheap. You do run into block size limits if you're trying to transact too much at once, but any privacy system is limited in its privacy by transaction volume.

"Dark Coin" really strikes me as pointless. The whole idea in coinjoin is that coinjoin is already part of the design of Bitcoin. There is no advantage in having a new and different system. If you're going to do something incompatible, losing Bitcoin's network effect in the process, then you can do something much stronger.

It also depresses me somewhat to see people talking about darkcoin (or even zerocoin/zerocash) when bytecoin has a privacy system with much better properties than CoinJoin (it's similar to CJ except you safely join with offline coin holders, and all users are participants), something made possible by the fact that it doesn't have to fit within the existing Bitcoin network, and it's completely practical, reasonably performant and deployed for some time now. But strangely, it's virtually unheard of...  Bytecoin's privacy properties are in some sense weaker than zerocoin's— since its like a supercharged coinjoin— but the cryptography is much stronger and much more efficient, so in practice I'd expect it to have better anonymity just due to it being much more practical (also as evidence to it existing as a deployed system).  ... so yea, if you actually are interested in privacy technology in a non-bitcoin system, Bytecoin seems to have pretty much nailed it.
telepatheic
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
May 18, 2014, 11:03:48 PM
 #486

It also depresses me somewhat to see people talking about darkcoin (or even zerocoin/zerocash) when bytecoin has a privacy system with much better properties than CoinJoin (it's similar to CJ except you safely join with offline coin holders, and all users are participants), something made possible by the fact that it doesn't have to fit within the existing Bitcoin network, and it's completely practical, reasonably performant and deployed for some time now. But strangely, it's virtually unheard of...  Bytecoin's privacy properties are in some sense weaker than zerocoin's— since its like a supercharged coinjoin— but the cryptography is much stronger and much more efficient, so in practice I'd expect it to have better anonymity just due to it being much more practical (also as evidence to it existing as a deployed system).  ... so yea, if you actually are interested in privacy technology in a non-bitcoin system, Bytecoin seems to have pretty much nailed it.

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2870
Merit: 2606



View Profile
May 19, 2014, 12:54:58 AM
 #487

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!
Yea, the Bytecoin/Bytecoin thing caused me to not notice it for a long time.

The cryptographically interesting Bytecoin has a reasonable whitepaper: https://bytecoin.org/old/whitepaper.pdf  Some of the things it does appear to be pointless or ill-advised to me and I would have counciled otherwise— but as far as the privacy aspect goes, the ring signature approach appears top notch. The privacy depends on the decisional DH problem, so perhaps you could argue that its privacy has a slightly weaker cryptographic story than the basic discrete log stuff (computational DH) but in the curve they're using its believed to be equally strong.  In any case, anything that has reduced the privacy question to asking about cryptographic assumptions has gone pretty good.

Sorry for the OT tangent here. Though there may be some good bitcoin-relevant privacy things to mine out of the bytecoin design.

anonymousxx1503
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


View Profile
May 19, 2014, 10:58:01 PM
 #488

Thanks for introducing me to Bytecoin/CryptoNote. Some solid cryptography being used (in theory) and some great improvements over bitcoin. Unfortunately the fact that there is another coin called bytecoin is very confusing and bytecoin doesn't really have any formal documentation other than this page. Time to do some source code reading!
Yea, the Bytecoin/Bytecoin thing caused me to not notice it for a long time.

The cryptographically interesting Bytecoin has a reasonable whitepaper: https://bytecoin.org/old/whitepaper.pdf  Some of the things it does appear to be pointless or ill-advised to me and I would have counciled otherwise— but as far as the privacy aspect goes, the ring signature approach appears top notch. The privacy depends on the decisional DH problem, so perhaps you could argue that its privacy has a slightly weaker cryptographic story than the basic discrete log stuff (computational DH) but in the curve they're using its believed to be equally strong.  In any case, anything that has reduced the privacy question to asking about cryptographic assumptions has gone pretty good.

Sorry for the OT tangent here. Though there may be some good bitcoin-relevant privacy things to mine out of the bytecoin design.



It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?

I'd like to thank eduffield and the other developers for this critically important evolution in virtual currency. DarkCoin is what bitcoin should have been. Some might call it "Bitcoin 2.0" but would do better by saying: "DarkCoin is digital cash." - Child Harold - February 28, 2014
https://bitcointalk.org/index.php?topic=421615.msg5424980#msg5424980
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2870
Merit: 2606



View Profile
May 20, 2014, 12:08:03 AM
 #489

It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?
As hard as it is to believe, people other than me do occasionally have really good ideas. Smiley  ... (No, I'd only heard about it a couple months ago and looked into it in depth until the last week).  I think all these altcoins are horribly ill-advised in their altcoinness. You're in the wrong subforum and thread if you want to talk about cryptocurrency speculation— my interest here is just in the techniques— and I'm not going to credit some random code aping fork for other people's work when talking about them.

(In case anyone had the impression that I thought bytecoin was all love and wonder: the implementation is currently really immature and somewhat buggy— and perhaps not likely to improve if its authors are now getting voted off the island in a fork. The POW is very slow to validate, and seems generally ill-advised to me (see https://download.wpsoftware.net/bitcoin/asic-faq.pdf), the adaptive blocksize stuff seems dangerous and the coin burning excuse for it can't work as expected in the long run since miners can get paid out of band, ... but the privacy design is very good, though even there its incompatible with pruning (but so is everything else). Of course, all these concerns also apply to forks that just aped the code.).
telepatheic
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
May 20, 2014, 12:34:46 AM
 #490

Looking through the white paper, it seems like ring signatures don't actually sign the bytecoin transactions, they only sign the inputs.

I wonder if anyone with an expertise in ring signatures has reviewed the paper, its a little out of my comfort zone.
Gyrsur
Legendary
*
Offline Offline

Activity: 2324
Merit: 1205


I, Quant


View Profile WWW
May 25, 2014, 10:12:30 AM
 #491

It's hard to believe you're not a major bytecoin holder of some sort? Monero is a fork without the massive premine/instamine/slowmine without release whatever it was of bytecoin, I imagine your opinion about it is the same if they share cryptonote?
As hard as it is to believe, people other than me do occasionally have really good ideas. Smiley  ... (No, I'd only heard about it a couple months ago and looked into it in depth until the last week).  I think all these altcoins are horribly ill-advised in their altcoinness. You're in the wrong subforum and thread if you want to talk about cryptocurrency speculation— my interest here is just in the techniques— and I'm not going to credit some random code aping fork for other people's work when talking about them.

(In case anyone had the impression that I thought bytecoin was all love and wonder: the implementation is currently really immature and somewhat buggy— and perhaps not likely to improve if its authors are now getting voted off the island in a fork. The POW is very slow to validate, and seems generally ill-advised to me (see https://download.wpsoftware.net/bitcoin/asic-faq.pdf), the adaptive blocksize stuff seems dangerous and the coin burning excuse for it can't work as expected in the long run since miners can get paid out of band, ... but the privacy design is very good, though even there its incompatible with pruning (but so is everything else). Of course, all these concerns also apply to forks that just aped the code.).


did you had the chance to get a look into Darkcoin, too? thank you!

Derivatives like Futures and Options are part of the formation of BTC prices since some time. Whether we like it or not the best way to adapt it is to learn how they are working and how we can profit from them.
dewdeded
Legendary
*
Offline Offline

Activity: 1218
Merit: 1011


Monero Evangelist


View Profile WWW
May 26, 2014, 08:56:13 PM
 #492

http://sharedcoin.com/ is trustless centralized CoinJoin by Greg Maxwell.
Darksend in DarkCoin is dezentralized CoinCoin by Evan Duffield.

Haters/FUDers/trolls hate on DarkCoin saying it's insecure because bad actors like Goverments could run many Masternodes.


Leeds me to the question:

Is dezentralized trustless CoinJoin possible?
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1001


View Profile
May 26, 2014, 10:20:04 PM
Last edit: May 26, 2014, 10:39:42 PM by maaku
 #493

Greg has nothing to do with sharedcoin (and sharedcoin has little to do with coinjoin).

To your question, read the op. This whole thread is a description of how to do decentralized, trustless mixing.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
genjix
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1000


View Profile
May 26, 2014, 10:33:59 PM
 #494

kinda sad darkcoin isnt implementing ring sigs
masternodes are coinjoin servers where miners must pay tax
i'm interested to understand how that differs to federated darkwallet gateways
still, all power to drk... 4th crypto now
dewdeded
Legendary
*
Offline Offline

Activity: 1218
Merit: 1011


Monero Evangelist


View Profile WWW
May 26, 2014, 10:52:05 PM
 #495

maaku: Thank you very much. SharedCoin is based on what technology then?

All: As its basically the same. Any reasons why is DarkCoins DarkSend attacked as insecure, but DarkWallet is not?
maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1001


View Profile
May 27, 2014, 12:00:18 AM
 #496

Sharedcoin is a blockchain.info product. You can read about it on their website, but I don't think it was based on any external design, just a mixing service cooked up by one of their engineers.

Darkcoin and darkwallet also have nothing in common either. Despite co-opting the name, darkcoin's darksend doesn't appear to have anything to do with coinjoin. Their description and illustration in their thread shows some sort of centralized mixing service (more akin to sharedcoin), and indeed their distribution mechanism involves a reward for "masternodes" which perform the mixing with these fresh coins. It would be nice if someone from that project could chime in here and explain just what it is trying to accomplish, because the available technical descriptions are scarce and contradictory.

Darkwallet does indeed implement coinjoin, albeit using a centralized matchmaking service to setup the mixes. I have been informed by the developers that this is a temporary mechanism and they are working towards a fully p2p solution. They do not use the blind signing or ring signature mechanisms which are required to scale to more than 2 participants without revealing ownership of outputs.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
dewdeded
Legendary
*
Offline Offline

Activity: 1218
Merit: 1011


Monero Evangelist


View Profile WWW
May 27, 2014, 12:11:58 AM
 #497

Now I am confused.

e.g. on https://darkcointalk.org/threads/coinjoin-in-bitcoin-and-darksend.560/
or http://www.reddit.com/r/DRKCoin/comments/1zlv36/what_does_darkcoin_offer_that_couldnt_be_done/
or some/alot other sites they talk about CoinJoin in DarkSend
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1002

Let's talk governance, lipstick, and pigs.


View Profile
May 27, 2014, 12:15:57 AM
 #498

Showing a brother he is going the wrong way.

https://bitcointalk.org/index.php?topic=626425.msg6959794#msg6959794

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
genjix
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1000


View Profile
May 27, 2014, 11:08:14 AM
 #499

maaku, the mixers are connected through a p2p protocol so anyone can set one up, however I think the idea (according to Peter Todd) is to use the Bitcoin network as a mixnet.
I don't think we can use ring signatures unless bitcoin adopted ed25519... or am I mistaken?
also it can scale >2 participants, because you do multiple rounds (share outputs, share inputs, give signatures).

cbeast, self-censorship is why threat is so effective. the real people who will adopt our tools won't be yuppie students buying coffee at the bar, it will be new digital black markets & we market to them. the tools go beyond mere payments into governance, markets and new forms of association between humans. the effect is deeper. bitcoin is more than a payments innovation despite what others want to make us believe. I'm not shuffling its massive potential under the carpet through fear of retribution and spending my time making Facebook apps.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
May 27, 2014, 11:47:24 AM
 #500

Let's see.

I think dark cryptocurrencies are too powerful a tool for our civilization in its current state. Governments must use whatever means necessary to control its development for the safety and security of law-abiding citizens.

The problem here is that you don't know the difference between reality and projection. Your apocalypse fantasy (bitcoin=plutonium) is something you should be talking about with a therapist - it has nothing to do with Bitcoin.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [25] 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!