Bitcoin Forum
May 24, 2017, 03:45:15 PM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 35 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 250053 times)
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2184



View Profile
July 26, 2014, 02:19:00 AM
 #561

Would using ring signatures work as a method of mixing without having to trust a server even though they are using one? Provably fair mixing?
Please see the fifth post in the thread. Smiley

Bitcoin will not be compromised
1495640715
Hero Member
*
Offline Offline

Posts: 1495640715

View Profile Personal Message (Offline)

Ignore
1495640715
Reply with quote  #2

1495640715
Report to moderator
1495640715
Hero Member
*
Offline Offline

Posts: 1495640715

View Profile Personal Message (Offline)

Ignore
1495640715
Reply with quote  #2

1495640715
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1495640715
Hero Member
*
Offline Offline

Posts: 1495640715

View Profile Personal Message (Offline)

Ignore
1495640715
Reply with quote  #2

1495640715
Report to moderator
1495640715
Hero Member
*
Offline Offline

Posts: 1495640715

View Profile Personal Message (Offline)

Ignore
1495640715
Reply with quote  #2

1495640715
Report to moderator
1495640715
Hero Member
*
Offline Offline

Posts: 1495640715

View Profile Personal Message (Offline)

Ignore
1495640715
Reply with quote  #2

1495640715
Report to moderator
AdNarim
Newbie
*
Offline Offline

Activity: 4


View Profile
August 01, 2014, 05:23:04 PM
 #562

I am currently working on a Java library which facilitates decentralized CoinJoin-ing using a BitcoinJ backend.

As of this moment the library only works with fixed CoinJoin participants, I have yet to implement participant discovery (that's next on the list).
It also is very insecure at the moment, as I hacked together some sections in order to test general principles. It will be some time before the code is solid enough to not be embarrassing :\

Current plan:
1. Implement peer discovery (perhaps using a DHT)
2. Fix error handling and enhance verification of transaction components
3. simplify, refactor, rename
4. post source code (under a permissive OSS license)
5. Make CoinJoin process more anonymous.
6. ALPHA release?

example:
http://tbtc.blockr.io/tx/info/c4d86d7a054e5979172b223a15d5d9594f703d6376ab294ee4b2da45ff77b0eb

This is a test CoinJoin transaction between only 2 users. In this example I set the change and output address to be the same. The general caveats of a CoinJoin transaction still apply: each change address is clearly linked with an output address, and therefore by using blockchain analysis it may still be possible to link addresses. True anonymity requires minimal address reuse and tools for managing taint.

For now, though, I just send an unconfirmed transaction to a new address of fixed size, then use that unconfirmed transaction as part of the CoinJoin. Needless to say, for this scheme 0 confirmation coinjoins should not be accepted! Regardless, I am trying to write the library to be adaptable as possible to different types of CoinJoins, including coinjoins where each user has multiple inputs, casual coinjoins, and coinjoins without any change address.
AdNarim
Newbie
*
Offline Offline

Activity: 4


View Profile
August 05, 2014, 10:16:29 PM
 #563

Currently peer discovery is implemented with a centralized server. The server waits for N users to connect, then sends a message containing the IP Address and port of all participants. This approach is vulnerable to denial of service and is a single point of failure, but on the up-side any compliant server can be used. I still believe distributed peer discovery is ideal, but that can always be added later.

The centralized method is also NAT-friendly if Tor is used. Here is an idea for anonymous peer discovery and communication:

1. Each participant starts a Tor Hidden Service.
2. Using Tor, each participant connects to a peer discovery server, which is itself a Hidden Service. It announces the ID of its Hidden Service and open port.
3. The server then sends each participant a list of the Hidden Services. The participants then connect to these Servers and proceed with the decentralized CoinJoin process.

+ No traffic ever leaves the Tor network
+ No port forwarding / NAT traversal is required (in this sense it is more user-friendly than a non-anonymous

It should be noted that in order to prevent inputs and outputs from being linked by participants more complicated measures such as the blind signatures discussed on the first page must be used.

P.S.
Here is an example of a 10-way CoinJoin I generated using my library:
http://tbtc.blockr.io/tx/info/894d10fea8e017789e80e2965d3421572e42e19ba8c6f51ce4a22b3c40b0f831

This is similar to what a CoinJoin transaction would look like in practice, except a more secure implementation would mix the outputs around better.
BTCfan668
Member
**
Offline Offline

Activity: 88


View Profile
August 06, 2014, 03:52:26 AM
 #564

How safe is doing this bitcoin transaction?
This is very safe, however it is not very private. It is essentially not possible to "lose" your coins doing this, however it has been proven that these types of transactions can be traced by inspecting the blockchain.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2184



View Profile
August 06, 2014, 09:01:03 AM
 #565

This is very safe, however it is not very private. It is essentially not possible to "lose" your coins doing this, however it has been proven that these types of transactions can be traced by inspecting the blockchain.
Don't confuse blockchain.info's completely broken "Shared Send"— they provide no privacy at all for reasons unrelated with this thread. The privacy implications of well constructed CoinJoins are discussed in some depth in the initial post and some other posts in this thread.

Bitcoin will not be compromised
belcher
Full Member
***
Offline Offline

Activity: 224


View Profile
August 08, 2014, 08:23:12 PM
 #566

I have coded a simple implementation of CoinJoin.
https://bitcointalk.org/index.php?topic=730321.msg8254585

It makes no assumptions about how peers communicate but instead provides ascii-armored raw transactions similar to the PGP format which can be shared on any text-based protocol such as a Tor hidden service forums, Bitmessage chans, I2P eepsites, Freenet pages or something like that.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
molecular
Donator
Legendary
*
Offline Offline

Activity: 2282



View Profile
August 08, 2014, 08:37:55 PM
 #567

I am currently working on a Java library which facilitates decentralized CoinJoin-ing using a BitcoinJ backend.

I applaud!

Current plan:
1. Implement peer discovery (perhaps using a DHT)
2. Fix error handling and enhance verification of transaction components
3. simplify, refactor, rename
4. post source code?
5. Make CoinJoin process more anonymous.
6. ALPHA release?

I think it would be good if you removed the "?" from number 4, no?

I don't have much time currently, but let me know if you need testers.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
themgp
Jr. Member
*
Offline Offline

Activity: 56


View Profile
August 12, 2014, 04:48:15 AM
 #568

Currently peer discovery is implemented with a centralized server. The server waits for N users to connect, then sends a message containing the IP Address and port of all participants. This approach is vulnerable to denial of service and is a single point of failure, but on the up-side any compliant server can be used. I still believe distributed peer discovery is ideal, but that can always be added later.

The centralized method is also NAT-friendly if Tor is used. Here is an idea for anonymous peer discovery and communication:

1. Each participant starts a Tor Hidden Service.
2. Using Tor, each participant connects to a peer discovery server, which is itself a Hidden Service. It announces the ID of its Hidden Service and open port.
3. The server then sends each participant a list of the Hidden Services. The participants then connect to these Servers and proceed with the decentralized CoinJoin process.

+ No traffic ever leaves the Tor network
+ No port forwarding / NAT traversal is required (in this sense it is more user-friendly than a non-anonymous

It should be noted that in order to prevent inputs and outputs from being linked by participants more complicated measures such as the blind signatures discussed on the first page must be used.

P.S.
Here is an example of a 10-way CoinJoin I generated using my library:
http://tbtc.blockr.io/tx/info/894d10fea8e017789e80e2965d3421572e42e19ba8c6f51ce4a22b3c40b0f831

This is similar to what a CoinJoin transaction would look like in practice, except a more secure implementation would mix the outputs around better.

If you are writing a Java library and are planning on using a DHT, have a look at TomP2P.  Its what i used in http://coinmux.com.
Wafel16
Member
**
Offline Offline

Activity: 63


View Profile
August 15, 2014, 04:37:08 PM
 #569

This is amazing, i will definitly keep an eye on this.
MarisaFea
Newbie
*
Offline Offline

Activity: 29


View Profile
August 17, 2014, 10:37:10 PM
 #570

So let me try and figure this out this is a little out of my league but here it goes:

Effectively you are creating a mixing service within the Bitcoin network itself? Making privacy better because no one can track where you sent your Bitcoin because it is split up and combined with other peoples transactions. Surely this has already been done by several mixing services?

Wouldn't this create more legal problems for Bitcoin? If this is what you want to achieve surely it's illegal because this can be abused very easily.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2254



View Profile
August 17, 2014, 10:43:50 PM
 #571

So let me try and figure this out this is a little out of my league but here it goes:

Effectively you are creating a mixing service within the Bitcoin network itself? Making privacy better because no one can track where you sent your Bitcoin because it is split up and combined with other peoples transactions. Surely this has already been done by several mixing services?

Wouldn't this create more legal problems for Bitcoin? If this is what you want to achieve surely it's illegal because this can be abused very easily.

It also has technical benefits for the network in terms of reduced overheads.

btw, bitcoin is legal, it has no "legal problems". You are probably confused by the enormous legal complexities of handling government fiat.

MarisaFea
Newbie
*
Offline Offline

Activity: 29


View Profile
August 17, 2014, 10:53:52 PM
 #572

So let me try and figure this out this is a little out of my league but here it goes:

Effectively you are creating a mixing service within the Bitcoin network itself? Making privacy better because no one can track where you sent your Bitcoin because it is split up and combined with other peoples transactions. Surely this has already been done by several mixing services?

Wouldn't this create more legal problems for Bitcoin? If this is what you want to achieve surely it's illegal because this can be abused very easily.

It also has technical benefits for the network in terms of reduced overheads.

btw, bitcoin is legal, it has no "legal problems". You are probably confused by the enormous legal complexities of handling government fiat.

I was talking about how people compare Bitcoin users to criminals we all know it happens because of laundry for one example. Then this would just give those accusers more leverage because with this enabled technically everyone would be breaking the law.


Making Bitcoin illegal in every country if this is enabled. Unless I'm not fully grasping something I think that's what this is all about and could cause a few problems.

I can see why this would be beneficial to the network and the general user of Bitcoin but I can also see it enabling thieves even more.
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
August 17, 2014, 11:26:44 PM
 #573

I was talking about how people compare Bitcoin users to criminals we all know it happens because of laundry for one example. Then this would just give those accusers more leverage because with this enabled technically everyone would be breaking the law.
You're gonna *love* my next blog post...
MarisaFea
Newbie
*
Offline Offline

Activity: 29


View Profile
August 17, 2014, 11:28:42 PM
 #574

I was talking about how people compare Bitcoin users to criminals we all know it happens because of laundry for one example. Then this would just give those accusers more leverage because with this enabled technically everyone would be breaking the law.
You're gonna *love* my next blog post...

Link it to me and I'll tell you if I "love" it or not Wink


/ot

I'm really trying to figure this out and try to address some of my concerns and I believe this would result in a lot of accusations flying out.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2254



View Profile
August 17, 2014, 11:29:04 PM
 #575

... like cash enables thieves "even more" ...  Roll Eyes

money needs to be functional as an economic unit ... rather than fulfill every utopian fantasy bestowed upon it

MarisaFea
Newbie
*
Offline Offline

Activity: 29


View Profile
August 17, 2014, 11:35:15 PM
 #576

... like cash enables thieves "even more" ...  Roll Eyes

money needs to be functional as an economic unit ... rather than fulfill every utopian fantasy bestowed upon it

Well that's always been my defense when explaining Bitcoin to people and they point out the issues with recent happening with mt gox and money laundering. Bitcoin does nothing less than cash does related to the legal side of things.

But, I'm just saying this sort of thing is adding fuel to the engine and could potentially make things a lot worse.


justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
August 18, 2014, 02:57:53 AM
 #577

I was talking about how people compare Bitcoin users to criminals we all know it happens because of laundry for one example. Then this would just give those accusers more leverage because with this enabled technically everyone would be breaking the law.
You're gonna *love* my next blog post...

Link it to me and I'll tell you if I "love" it or not Wink


/ot

I'm really trying to figure this out and try to address some of my concerns and I believe this would result in a lot of accusations flying out.
I'm going to explain how Bitcoin can be used as a defencive weapon that allows the younger generation to avoid paying the debts bestowed upon them by the older generation, and how if they wield it correctly they'll collapse the fiat debt ponzi scheme, the tax base, and the US Dollar itself, with specific instructions for how to get started.

It's going to do great things for the public perception of Bitcoin.
doldgigger
Full Member
***
Offline Offline

Activity: 170


View Profile
August 18, 2014, 03:17:08 PM
 #578

1. Each participant starts a Tor Hidden Service.

This would require all nodes to run Tor! Why not do the CoinJoin negotiation over BTC's network protocol, which the nodes participate in anyway? This way, those who use BTC through Tor also do the negotiation through Tor, but no one has to.

19orEcoqXQ5bzKbzbAnbQrCkQC5ahSh4P9
Feel free to PM me for consulting and development services.
AdNarim
Newbie
*
Offline Offline

Activity: 4


View Profile
August 18, 2014, 05:38:22 PM
 #579

1. Each participant starts a Tor Hidden Service.

This would require all nodes to run Tor! Why not do the CoinJoin negotiation over BTC's network protocol, which the nodes participate in anyway? This way, those who use BTC through Tor also do the negotiation through Tor, but no one has to.

There is little benefit to negotiation over the Bitcoin network protocol for traditional CoinJoin's besides eliminating the need for an additional networking layer.

On the downside, adding additional messages to the network protocol is likely an irksome process, and is not very flexible. A separate network may be rapidly iterated upon, and other shared transactions other that traditional CoinJoins may be added.

In regards to Tor, for Java there exists the Orchid library, which allows Tor to be easily integrated within Java applications. The main benefit of using Tor Hidden Services (to me at least, if I am understanding things correctly) is not really anonymity, but rather NAT traversal. Without Tor, you have to keep a port open to allow users to connect to you node and perform a decentralized CoinJoin. Tor hidden services connect to Tor Relays, and therefore do not require any ports to be open. As long as the NAT/firewall allows outgoing Tor connections, everything works out.

EDIT:
I forgot to mention, a downside of using Tor is that TomP2P and all other Java DHT libraries that I know of require ports to be open to ensure the integrity of DHT (if no nodes are hosting the DHT information, what's the point?). As such, in order to make the DHT robust the code would have to be extended to facilitate Tor Hidden services. This doesn't even address the fact that using a DHT to facilitate CoinJoining between number of users n>2 is a real pain.

Hence, decentralizing peer discovery is a job for another day week month.
Rassah
Legendary
*
Offline Offline

Activity: 1680


Director of Bitcoin100


View Profile
August 21, 2014, 03:28:10 AM
 #580

FYI, Mycelium's development roadmap is

1) Implement HD wallets (about 95%+ done, and works fine in testnet Dev build, but still need to update LocalTrader and other minor things to work with it)
2) Move the entire infrastructure to Tor, meaning our nodes will be run as hidden servers, only accessible through Tor, and Mycelium Wallet will have Tor built in (hopefully this won't cause problems in blocked countries, like China or Iran)
3) Implement CoinJoin, using our nodes that are used for address lookup and broadcasts, to collect and broadcast mixing requests. Likely enable this as a default feature. We'll have to figure out if we'll need to follow the DarkWallet model of letting some users leave their coins to mix, or if we have enough transaction volume to do it on the fly. Maybe we'll even link with DarkWallet servers, and use the people looking to mix there.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [29] 30 31 32 33 34 35 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!