Bitcoin Forum
July 04, 2020, 10:25:37 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [34] 35 36 37 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 291954 times)
dooglus
Legendary
*
Offline Offline

Activity: 2772
Merit: 1217



View Profile
June 19, 2016, 12:26:07 AM
 #661

In that particular example, wouldn't it be more anonymous to just have 6 outputs of 61.04976087 BTC? (That's the total amount less tx fees divided by 6, or 3 yellows and 3 change outputs of all exactly the same amount).

That way, even the "change" outputs can no longer be tied to the three people.

The three people contributed different amounts to the transaction, so they get different amounts of change.

The person paying for the transaction (the 'taker' in JoinMarket terminology) decides the amount of the yellow outputs, and the other two people (the 'makers') go along with that. It's only the yellow amount which is to be considered 'joined'.

Note that we could figure out which of the three people was the taker by summing the inputs and outputs of each colour. We'll find that two of the thee made a small profit on this transaction (the makers) and one took a loss (the taker).

If the maker had wanted to mix his whole wallet in this transaction he could done so. He must have only needed 70 BTC mixed at this time, for whatever reason.

Also, try following the yellow outputs - you'll see that all three of them went on to further coinjoin transactions for different amounts.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
1593901537
Hero Member
*
Offline Offline

Posts: 1593901537

View Profile Personal Message (Offline)

Ignore
1593901537
Reply with quote  #2

1593901537
Report to moderator
1593901537
Hero Member
*
Offline Offline

Posts: 1593901537

View Profile Personal Message (Offline)

Ignore
1593901537
Reply with quote  #2

1593901537
Report to moderator
1593901537
Hero Member
*
Offline Offline

Posts: 1593901537

View Profile Personal Message (Offline)

Ignore
1593901537
Reply with quote  #2

1593901537
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
dserrano5
Legendary
*
Offline Offline

Activity: 1960
Merit: 1021



View Profile
June 19, 2016, 12:54:59 AM
 #662

Are there any easy, straightforward instructions to use joinmarket? Blockchain's shared coin was easy.

Check their thread. There's an electrum plugin under development that, although needs a bit of care at install time, it seems to work (read "worked for me") with a couple of mouse clicks.
Cryddit
Legendary
*
Offline Offline

Activity: 924
Merit: 1044


View Profile
June 24, 2016, 12:58:07 AM
 #663

Getting different amounts of change though doesn't have to mean that one is traceable.

Picture the same set of inputs, but a set of outputs all denominated in 30BTC, 10BTC, 3BTC, 0.1BTC, O.03BTC, etc.  Up to whatever set of denominations you can make at least ten each of and down to whatever denomination people are willing to give up as a mixer fee to enhance their anonymity.

Now some participants get more of one denomination, some participants get more of a different denomination, but with ten of each denomination there will always be a way to split up whatever amounts among three participants, and there's no way for an eavesdropper or block chain snoop to know which is whose.  They can't even use the number of each denomination issued as a guide to what particular amounts were paid out. 
dooglus
Legendary
*
Offline Offline

Activity: 2772
Merit: 1217



View Profile
June 26, 2016, 06:22:50 AM
 #664

Picture the same set of inputs, but a set of outputs all denominated in 30BTC, 10BTC, 3BTC, 0.1BTC, O.03BTC, etc.

I like the idea of using powers of 2 as the change amounts. That way any amount can be created by using at most one of each size of change.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
belcher
Sr. Member
****
Offline Offline

Activity: 261
Merit: 328


View Profile
June 26, 2016, 12:46:21 PM
 #665

Change can be linked if later on the blockchain, change outputs are re-combined with inputs even if they use standard output sizes. That's why JoinMarket has so-called mixing depths which help stop that happening.

The downside of standard output sizes is that it may damage the divisibility of the currency, and also its bad for scalability because it greatly increases the number of outputs. I decided not to implement it in JoinMarket, but it's a tradeoff question so there's no obvious answer really.

A somewhat related idea is this one: https://github.com/JoinMarket-Org/joinmarket/issues/229

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
smoothie
Legendary
*
Offline Offline

Activity: 2128
Merit: 1018


LEALANA Monero Physical Silver Coins


View Profile
July 04, 2016, 08:53:00 AM
 #666

Couldn't you just use poloniex to get monero bought with BTC, then send it to yourself with a mixin of 5 or 100 or whatever you choose, then convert it with XMR.to back to BTC?
That's centralized and you lose control of your coins even if temporarily. Coin Join allows for mixing without ever giving out your coins or control of them.

Any exchange or gambling site or online wallet will do what you suggest. You just have to trust them to be online long enough for you to withdraw, and/or not get hacked, shutdown, or whatever.

I've actually seen a few people deposit to my site, wait a few days (when I "join" all deposits to the cold wallet), then withdraw, without ever playing. Works the same way. But now their coins are "tainted", so don't go try going to coinbase directly from any gambling site. Our wallets are all tagged.

I'm speaking in terms of privacy. What's to stop someone from being all the "other people" in coin join transaction?

Essentially being Sybil attacked in terms of traceability.

The topic was privacy Not security.

The issue you bring up comes back to, how did you acquire the bitcoins you want to "wash" in the first place if you didn't mine them?

Pretty sure there was a "not being in control" aspect to the acquisition of the Bitcoin you are trying to use in a coin join Transaction. Kind of goes against what you just said in terms of centralization and security of your coins.

Concerning your comment about your bitcoins being tagged.
That cannot easily be done in monero due to its protocol based fungibility via ring signatures.

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.                  History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
Cryddit
Legendary
*
Offline Offline

Activity: 924
Merit: 1044


View Profile
July 10, 2016, 10:37:32 PM
 #667

Picture the same set of inputs, but a set of outputs all denominated in 30BTC, 10BTC, 3BTC, 0.1BTC, O.03BTC, etc.

I like the idea of using powers of 2 as the change amounts. That way any amount can be created by using at most one of each size of change.

WRONG plan! 

You want at least ten outputs of each denomination you're creating. 

The whole idea of standardizing denominations is for txOuts to be indistinguishable.  The only one of a given denomination created in a transaction is VERY distinguishable from all other outputs.

dooglus
Legendary
*
Offline Offline

Activity: 2772
Merit: 1217



View Profile
July 11, 2016, 04:26:21 AM
 #668

Picture the same set of inputs, but a set of outputs all denominated in 30BTC, 10BTC, 3BTC, 0.1BTC, O.03BTC, etc.

I like the idea of using powers of 2 as the change amounts. That way any amount can be created by using at most one of each size of change.

WRONG plan! 

You want at least ten outputs of each denomination you're creating. 

The whole idea of standardizing denominations is for txOuts to be indistinguishable.  The only one of a given denomination created in a transaction is VERY distinguishable from all other outputs.

At most one of each size goes to each participant. Each output goes to a different address.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Cryddit
Legendary
*
Offline Offline

Activity: 924
Merit: 1044


View Profile
July 12, 2016, 03:50:18 AM
 #669


At most one of each size goes to each participant. Each output goes to a different address.

Exactly.  And the people figuring out who got what *KNOW* that at most one of each size went to each participant.  That's why we don't do that.
Dabs
Legendary
*
Offline Offline

Activity: 2646
Merit: 1410


The Concierge of Crypto


View Profile
July 12, 2016, 03:32:15 PM
 #670

Summary: Get a hundred participants to send to a thousand addresses the exact same amount. Miner gets the change/fee.

If there is a maker/taker/website/bot that takes a fee, it could be part of the participant list.

This is going to be a headache, but I'm sure software can figure it out.

dwgscale11
Sr. Member
****
Offline Offline

Activity: 334
Merit: 250


View Profile
September 19, 2016, 06:59:28 PM
 #671

Why was Sharedcoin (I'm assuming it utilized CoinJoin?) removed from blockchain.info?  Does CoinJoin exist anymore? (Not JoinMarket) It was super easy to use as it was built into the send of the online wallet on blockchain.info.
Dabs
Legendary
*
Offline Offline

Activity: 2646
Merit: 1410


The Concierge of Crypto


View Profile
September 19, 2016, 07:29:51 PM
 #672

Uh, ShareCoin was a service or feature of blockchain. It wasn't exactly a CoinJoin implementation. JoinMarket does CoinJoin, but I understand why you'd want an easier method.

Which leads me to ask: What qualifies for the bounty? There's 42 BTC up for grabs on the bounty multi-sig address, but JoinMarket doesn't seem to qualify, or maybe it's not considered "practical" enough.

If I make a website that looks like, for example, shapeshift, and you see that you can send coins there, and every hour there is a CoinJoin transaction (even if internal to the site), does that count? Or any form of centralization doesn't count?

See, for CoinJoin to really work the way it was intended, everyone that participates in a CoinJoin transaction needs to be all online and they all need to sign. Perhaps what they're looking for is some Windows Bitcoin Core Qt wallet type that includes a tick box for [X] CoinJoin, then it would automatically look for others.




dwgscale11
Sr. Member
****
Offline Offline

Activity: 334
Merit: 250


View Profile
September 19, 2016, 07:58:24 PM
 #673

Uh, ShareCoin was a service or feature of blockchain. It wasn't exactly a CoinJoin implementation. JoinMarket does CoinJoin, but I understand why you'd want an easier method.

Which leads me to ask: What qualifies for the bounty? There's 42 BTC up for grabs on the bounty multi-sig address, but JoinMarket doesn't seem to qualify, or maybe it's not considered "practical" enough.

If I make a website that looks like, for example, shapeshift, and you see that you can send coins there, and every hour there is a CoinJoin transaction (even if internal to the site), does that count? Or any form of centralization doesn't count?

See, for CoinJoin to really work the way it was intended, everyone that participates in a CoinJoin transaction needs to be all online and they all need to sign. Perhaps what they're looking for is some Windows Bitcoin Core Qt wallet type that includes a tick box for [X] CoinJoin, then it would automatically look for others.





I'm curious as to WHY it was a service that is no longer?  Who shut it down?  Is the code still out there?
u15776
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
January 17, 2017, 09:18:55 PM
 #674

Great post man, thanks! Makes me appreciate more what a cool idea this is.

Here's an actual example of a CoinJoin transaction (click link for blockchain.info link):

http://i.imgur.com/Osuydri.png

There were 3 people involved in the transaction. There are 6 outputs, 2 per person. 3 of the outputs (coloured yellow) are for the exact same amount. It's impossible to know which of these three yellow outputs belongs to which of the 3 people just from looking at this transaction. The other 3 outputs are change amounts. We can easily tie the change outputs to the inputs, which I did by using the coloured arrows.

The guy who spent 82 BTC got back a yellow 70 BTC and 12 BTC of change - indicated by the blue arrow.
The guy who spent 171 BTC got back a yellow 70 BTC and 101 BTC of change - indicated by the orange arrow.
All the other inputs came from the 3rd guy, and he got back a yellow 70 BTC and 41 BTC of change - indicated by all the red lines.

Hopefully that makes it clearer. It's the yellow outputs that have been anonymised by this transaction, not the inputs or the change outputs.

Cool, I first thought that inputs are sent to another bitcoin address and from there to the outputs. But, this seems not to be the case. Is CoinJoin a smart contract or a dAPP as with Ethereum?
687_2
Full Member
***
Offline Offline

Activity: 186
Merit: 102


Trade P2P BTC/USDT Privately with SIBEX


View Profile WWW
February 02, 2017, 07:12:43 AM
 #675

The bounty is still available, and it's pretty significant now:

https://blockchain.info/address/3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

Buy the dip with the security and privacy of your own wallet: use cross chain atomic swaps to trade Bitcoin, USDT, and Ether. Trades are secured and settled on-chain. https://sibex.io
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 3108
Merit: 4065



View Profile
December 12, 2017, 11:18:03 PM
 #676

In order to further incentivize work in this space there is now a multisignature escrow bounty fund:
   3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk
Just a note in case anyone was watching the address: three weeks back the outputs to this address were consolidated in order to take advantage of low fees on the network and to simplify sweeps of further bitcoin spinoffs (as signing for 65 inputs is a bit of a burden); the consolidated funds were moved back to the same address, minus a nominal amount of fee (about 2sat/byte).
Dabs
Legendary
*
Offline Offline

Activity: 2646
Merit: 1410


The Concierge of Crypto


View Profile
December 13, 2017, 02:46:25 PM
 #677

There's a bunch of new tech out there, some with fantasy names or Harry Potter themes, and some alt wallets that have a built in "obfuscation" button but I don't know if they do CoinJoin or not. As well as Huffle Puffle and other funny sounding ones, also Dark Send, Shared Send, Dark Wallet, Stealth Wallet, Dark Chocolate?

Maybe an altcoin that has masternodes that does CoinJoins of bitcoins ...

None of those qualify for the bounty?

wintercooled
Newbie
*
Offline Offline

Activity: 16
Merit: 4


View Profile
December 18, 2017, 07:15:35 PM
Merited by malevolent (3), Coiner.de (1)
 #678

Hi All,

Adam Ficsor (@nopara73) and Myself are currently trying to test an implementation of a Chaumian CoinJoin mixer and client wallet using the ZeroLink framework and HiddenWallet. https://github.com/nopara73/ZeroLink

We are aiming for 100 participants in the first scale testnet test and any participation would be appreciated. The mix is ongoing and currently we have about half the required anonymity set to conclude our test. To participate you basically have to download binaries (or compile from source), get some testnet coins, move them into a bech32 address in HiddenWallet and join the mix.

Many thanks to those that than can help.

A guide to participating in the test:

https://github.com/nopara73/HiddenWallet/blob/master/HiddenWallet.Documentation/TestingTheZeroLinkMixer.md
RobertNykanen
Newbie
*
Offline Offline

Activity: 72
Merit: 0


View Profile
February 26, 2018, 02:09:15 PM
 #679

Yes, the facilitator gains no extra information about the transaction than is observable from the outside, if blind signing is used
alex6464
Newbie
*
Offline Offline

Activity: 188
Merit: 0


View Profile
April 26, 2018, 09:25:34 PM
 #680

Gmaxwell and his bitcoin devs should realise that the IRS has already mapped out all significant bitcoin addresses to social security numbers, whilst they debate the alpha tech of ring sigs but yet are doing nothing to fix the privacy issue
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [34] 35 36 37 38 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!