Bitcoin Forum
November 15, 2019, 08:08:11 AM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 291287 times)
waxwing
Sr. Member
****
Offline Offline

Activity: 469
Merit: 250


View Profile
May 23, 2016, 08:38:53 AM
 #641

I have an idea, and guys, let me know if this is decent or crazy or whatever: or if this is already what is being done by JoinMarket, Shuffle, Whatever.

1. I make a website or a server for this purpose.
2. It asks users to create their transactions, and a given time limit, say 30 minutes or 1 hour.
3. Every 30 minutes, or every hour, it gets back to all the users with the giant CoinJoin transaction formed thus far and asks all the people to sign.
4. The site itself takes a fee, and that's some how inserted into the process.
5. Assuming the site is "trustable", then only outsiders are "attackers" and they're not going to learn much except "I see 100 inputs and 200 outputs, and I own 20 of them. I dunno who the other 80 are."
6. Repeat every hour or every whenever. Or every 100 people. Or once a day.
7. Java script or open source client side signing thingy that can sign for you if you're away from your computer so the site doesn't have to wait an hour when it reaches the minimum number of people.

I don't know if you're aware, but joinmarket exists (has done for a year on mainnet now), it's doing maybe 50-100 transactions per day (hard to get numbers without running the blockchain analysis mentioned above; and false positives there will confuse it). You can see the orderbook at https://joinmarket.me/ob

As for the description above, it's fine (it's the first, simplest design mentioned by gmaxwell in the OP) but having the server know all the linkages is a bit much. Joinmarket has one participant act as the coordinator for each transaction, and pay for the privilege of knowing the linkages for that transaction (I'm repeating myself now, I said this a few posts back). Instead of one server with a global history. To go further, you add Coinshuffle or blind signing so that no-one needs to know the linkages (assuming no Sybil case, i.e. other participants are really distinct).

The economic incentive, while small, helps create more participants. Most joinmarket coinjoins involve 3-6 participants although 10+ is not unheard of  (I myself had a couple of 9,10 party joins recently, e.g. e701bc57fa663eaef4d57a9ea20b3212a90a8be71a32bd3bcb84062e864bdab0).


PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
1573805291
Hero Member
*
Offline Offline

Posts: 1573805291

View Profile Personal Message (Offline)

Ignore
1573805291
Reply with quote  #2

1573805291
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573805291
Hero Member
*
Offline Offline

Posts: 1573805291

View Profile Personal Message (Offline)

Ignore
1573805291
Reply with quote  #2

1573805291
Report to moderator
1573805291
Hero Member
*
Offline Offline

Posts: 1573805291

View Profile Personal Message (Offline)

Ignore
1573805291
Reply with quote  #2

1573805291
Report to moderator
CohibAA
Full Member
***
Offline Offline

Activity: 217
Merit: 100



View Profile WWW
May 23, 2016, 08:51:34 AM
 #642


I have an idea, and guys, let me know if this is decent or crazy or whatever: or if this is already what is being done by JoinMarket, Shuffle, Whatever.

1. I make a website or a server for this purpose.
2. It asks users to create their transactions, and a given time limit, say 30 minutes or 1 hour.
3. Every 30 minutes, or every hour, it gets back to all the users with the giant CoinJoin transaction formed thus far and asks all the people to sign.
4. The site itself takes a fee, and that's some how inserted into the process.
5. Assuming the site is "trustable", then only outsiders are "attackers" and they're not going to learn much except "I see 100 inputs and 200 outputs, and I own 20 of them. I dunno who the other 80 are."
6. Repeat every hour or every whenever. Or every 100 people. Or once a day.
7. Java script or open source client side signing thingy that can sign for you if you're away from your computer so the site doesn't have to wait an hour when it reaches the minimum number of people.

The other idea I had, which I mentioned a long time ago, is like a traditional mixer, in that the mixer site itself has to be trusted, but it does everything internally, and you just send your coins. Instead of the traditional mixing of unrelated inputs and outputs, it's basically a CoinJoin mixer that gets all deposits and spits out the transactions just like a traditional mixer. The only downside is having to trust the site.

I think it's at least a decent idea, although implementation might be tricky.  One limitation with JoinMarket is the ability to easily facilitate a transaction with a very large number of parties.  As of right now, there are only about 50 "makers" on the orderbook, and likely many of those are actually the same people, running multiple yield generator bots.  The largest coinjoin done using JoinMarket that I am aware of had 17 parties. (that might not even be the most interesting thing about that transaction...)

 Huh

I think something like this would be possible to build within JoinMarket, such that "takers" are given an option to delay and group their transaction with other takers (and makers, maybe), but again, I'm sure the coding would be substantial.  A better solution for JoinMarket will likely be simple growth.  The GUI is probably helping to bring in more users.  An Electrum plugin could also be potentially huge for JoinMarket, bringing fungibility (is that a word?) to many more users.  I think some privacy conscious websites may also benefit from implementing JoinMarket transactions into their wallet structure (online casinos, darknet markets, etc.) which will also help the current limitations.

Interesting times.

belcher
Sr. Member
****
Offline Offline

Activity: 261
Merit: 325


View Profile
May 23, 2016, 11:44:29 AM
 #643

New paper on address closures / clustering.

http://arxiv.org/abs/1605.06369



Sorry for bumping this thread ... I'm just curious.

...

3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

...

The bounty fund will pay out as funds are available according to the signers best judgment for completed work proposed in this thread that furthers the goal of making improved transaction privacy a practical reality for Bitcoin users.

If JoinMarket did not qualify, and CoinShuffle (or ShuffleCoin?) did not also qualify, what would do it? Does it have to be completely decentralized? Can it be something that relies on a "super-node" or even a third party website, bot or api? (Someone collects possible transactions and makes everyone sign it once a day or once an hour or something.)

How do you define "practical reality for Bitcoin users"?

Did I miss any other attempts at implementing this aside from CoinShuffle and JoinMarket?

Would be interested to know as well.
Six months ago I sent a PM to theymos, Pieter Wuille, gmaxwell asking for (some of) the bounty.



I think something like this would be possible to build within JoinMarket, such that "takers" are given an option to delay and group their transaction with other takers (and makers, maybe), but again, I'm sure the coding would be substantial.  A better solution for JoinMarket will likely be simple growth.  The GUI is probably helping to bring in more users.  An Electrum plugin could also be potentially huge for JoinMarket, bringing fungibility (is that a word?) to many more users.  I think some privacy conscious websites may also benefit from implementing JoinMarket transactions into their wallet structure (online casinos, darknet markets, etc.) which will also help the current limitations.


This could be done with a script called patientsendpayment.py, https://github.com/JoinMarket-Org/joinmarket/wiki/Sending-payments-with-CoinJoin#patient-send-payment
Although because the current protocol is flawed and needs updating, you can only send to addresses for which you know the private key.

Using JoinMarket for bitcoin websites could be done today, I've written a brief explanation on how here https://github.com/JoinMarket-Org/joinmarket/issues/293

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
Dabs
Legendary
*
Offline Offline

Activity: 2506
Merit: 1324


The Concierge of Crypto


View Profile WWW
May 23, 2016, 04:47:15 PM
 #644

(that might not even be the most interesting thing about that transaction...)

I looked at that, and this one looked interesting to me:

https://btc.blockr.io/address/info/1PavedWithGodAndSomeTeensionXudq5X

It would seem someone intentionally destroyed 1.6 BTC.

waxwing
Sr. Member
****
Offline Offline

Activity: 469
Merit: 250


View Profile
May 24, 2016, 10:00:54 AM
 #645

It would seem someone intentionally destroyed 1.6 BTC.

Phi to be (more) precise Smiley

PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
mangox
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250



View Profile
May 31, 2016, 07:07:59 PM
 #646

Quote
BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
May 31, 2016, 07:38:41 PM
 #647

Quote
BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.

K1773R
Legendary
*
Offline Offline

Activity: 1792
Merit: 1008


/dev/null


View Profile
June 06, 2016, 08:18:33 AM
 #648

Quote
BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.
Just use joinmarket.

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
Mr.Broker
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
June 07, 2016, 11:17:47 AM
 #649

People appear to have been sending very large numbers of addresses dust as a way to break anonymity. Granted, they also may have been doing it as a way to get signatures from scriptPubKeys due to the 'R' re-use issue, but the script would use bitcoind to spend the dust which is known to not be vulnerable.

Also there's lots of pretty much unspendable dust out there from Satoshidice and others, and again such a script can help.
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
June 08, 2016, 07:08:05 AM
 #650

People appear to have been sending very large numbers of addresses dust as a way to break anonymity. Granted, they also may have been doing it as a way to get signatures from scriptPubKeys due to the 'R' re-use issue, but the script would use bitcoind to spend the dust which is known to not be vulnerable.

Also there's lots of pretty much unspendable dust out there from Satoshidice and others, and again such a script can help.

Check with Peter Todd before using (not sure if up to date exactly because was last updated November 2015) but, this could be useful if you are trying to deal with some dust issue (Core)

https://github.com/petertodd/dust-b-gone

I also happen to think that dust isn't as big a deal as people think it is.  It is a gift, not a curse, and it should be treated as such, people just haven't been innovative enough yet to address it well or meaningfully.  See project referred to in my signature.

Also, see BlockCypher's API http://dev.blockcypher.com/#microtransaction-api

(I do not work for BlockCypher, but I consider their work innovative)

ABISprotocol (Github/Gist)
http://abis.io
Rampion
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
June 08, 2016, 01:37:41 PM
 #651

Quote
BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.
Just use joinmarket.

Are there any easy, straightforward instructions to use joinmarket? Blockchain's shared coin was easy.

Cryddit
Legendary
*
Offline Offline

Activity: 910
Merit: 1042


View Profile
June 08, 2016, 07:59:29 PM
 #652

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds.  50 of them pay out double (minus the house cut) and 50 disappear.  So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.
ABISprotocol
Sr. Member
****
Offline Offline

Activity: 278
Merit: 250

ABISprotocol on Gist


View Profile WWW
June 08, 2016, 09:50:52 PM
 #653

Quote
BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.
Just use joinmarket.

Are there any easy, straightforward instructions to use joinmarket? Blockchain's shared coin was easy.

Actually, yes, there are -

Joinmarket has a reddit:  https://www.reddit.com/r/joinmarket  May not be a bad place to have questions answered, but you may want to do tor and create a disposable account for it.  I won't use reddit anymore because of this - they are getting NSLs all the time, read in depth into comments... https://www.reddit.com/r/announcements/comments/4cqyia/for_your_reading_pleasure_our_2015_transparency/

However, if you don't want to deal with that, you could just view / lurk in the reddit discussions without having to log in and find out some of what you need, or just check out the right-hand side of the screen (under 'How do I get Started') which has the links you need.

There's also a very handy set of instructions right on github, for the GUI version of it, here:

https://github.com/JoinMarket-Org/JMBinary

Pretty damn handy.  :-)

ABISprotocol (Github/Gist)
http://abis.io
Dabs
Legendary
*
Offline Offline

Activity: 2506
Merit: 1324


The Concierge of Crypto


View Profile WWW
June 09, 2016, 06:06:34 PM
 #654

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds.  50 of them pay out double (minus the house cut) and 50 disappear.  So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.

Most gambling sites do off-chain transactions. If you want to mix 10 BTC, you simply deposit. Wait a few days. And then Withdraw. No need to actually gamble or play.

The problem is if you need to exchange the mixed coins, they are tagged as "gambling" coins by such exchanges as coinbase. So you need to bounce them around a few times among your own wallets.

Carlsen
Hero Member
*****
Offline Offline

Activity: 910
Merit: 501


View Profile
June 10, 2016, 09:00:17 AM
 #655

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds.  50 of them pay out double (minus the house cut) and 50 disappear.  So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.

In this case I would be just too scared to loose 75 or more of my bets.
That would be a relatively high mixing fee. Personally I would not take that risk.

  It's me!!!
savobaby
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile WWW
June 11, 2016, 12:14:03 AM
 #656

May I just say, I am so fucking impressed with what everyone has been posting here. That. Is. All.
smoothie
Legendary
*
Offline Offline

Activity: 2128
Merit: 1018


LEALANA Monero Physical Silver Coins


View Profile
June 13, 2016, 11:35:33 AM
 #657

Couldn't you just use poloniex to get monero bought with BTC, then send it to yourself with a mixin of 5 or 100 or whatever you choose, then convert it with XMR.to back to BTC?


███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.                  History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
PantminerS7
Full Member
***
Offline Offline

Activity: 165
Merit: 100


View Profile
June 13, 2016, 01:26:44 PM
 #658

Somebody please "CoinJoin for Dummies".

Basically, you join payments together to 'anonymize' coins, while trading coins for other coins to make proving someones ownership of a specific coin harder.

Using Joinmarket as an example;
There are makers and takers in the Joinmarket network. Makers run a script that offers their coin for coinjoin transactions in exchange for a small fee. They sit around on the network, looking for a taker who needs coins mixed.

Takers, on the other hand, pay the makers to trade coins with them. Takers will come into Joinmarket announcing that they want to mix a certain amount of coins. Eventually a maker will accept his offer, and the maker and taker (and possibly more parties) all make one big Bitcoin transaction with lots of outputs to different addresses.

Joinmarket is just one of many ways a coinjoin can happen, but this should give you the general idea. 

The whole taker-maker process aims to mix the coins for the takers and the makers, making it harder to tell who owns which coins after the coinjoin-transaction. It will be hard to tell who now owns each output, if someone owns several outputs etc., which is the end goal of the transaction.

Users can run this process as many times as they like, the assumption being that more coinjoin transactions = better privacy.
Equilux
Sr. Member
****
Offline Offline

Activity: 347
Merit: 250


View Profile
June 13, 2016, 01:41:43 PM
 #659

Somebody please "CoinJoin for Dummies".

Basically, you join payments together to 'anonymize' coins, while trading coins for other coins to make proving someones ownership of a specific coin harder.

Using Joinmarket as an example;
There are makers and takers in the Joinmarket network. Makers run a script that offers their coin for coinjoin transactions in exchange for a small fee. They sit around on the network, looking for a taker who needs coins mixed.

Takers, on the other hand, pay the makers to trade coins with them. Takers will come into Joinmarket announcing that they want to mix a certain amount of coins. Eventually a maker will accept his offer, and the maker and taker (and possibly more parties) all make one big Bitcoin transaction with lots of outputs to different addresses.

Joinmarket is just one of many ways a coinjoin can happen, but this should give you the general idea. 

The whole taker-maker process aims to mix the coins for the takers and the makers, making it harder to tell who owns which coins after the coinjoin-transaction. It will be hard to tell who now owns each output, if someone owns several outputs etc., which is the end goal of the transaction.

Users can run this process as many times as they like, the assumption being that more coinjoin transactions = better privacy.

Great post man, thanks! Makes me appreciate more what a cool idea this is.

Dabs
Legendary
*
Offline Offline

Activity: 2506
Merit: 1324


The Concierge of Crypto


View Profile WWW
June 13, 2016, 01:42:48 PM
 #660

Couldn't you just use poloniex to get monero bought with BTC, then send it to yourself with a mixin of 5 or 100 or whatever you choose, then convert it with XMR.to back to BTC?
That's centralized and you lose control of your coins even if temporarily. Coin Join allows for mixing without ever giving out your coins or control of them.

Any exchange or gambling site or online wallet will do what you suggest. You just have to trust them to be online long enough for you to withdraw, and/or not get hacked, shutdown, or whatever.

I've actually seen a few people deposit to my site, wait a few days (when I "join" all deposits to the cold wallet), then withdraw, without ever playing. Works the same way. But now their coins are "tainted", so don't go try going to coinbase directly from any gambling site. Our wallets are all tagged.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!