Bitcoin Forum
December 08, 2019, 11:30:55 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 [38]
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 291699 times)
belcher
Sr. Member
****
Offline Offline

Activity: 261
Merit: 325


View Profile
June 04, 2019, 11:13:21 AM
 #741

Quote
Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.

I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1575804655
Hero Member
*
Offline Offline

Posts: 1575804655

View Profile Personal Message (Offline)

Ignore
1575804655
Reply with quote  #2

1575804655
Report to moderator
RHavar
Legendary
*
Offline Offline

Activity: 1848
Merit: 1486



View Profile
June 04, 2019, 05:57:20 PM
Merited by theymos (2), ETFbitcoin (1)
 #742

It would definitely be interesting to see what the more developed tools say about it.

I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.

Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change).  Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.

---

If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions.  And then (and only then really) you can be cute and do something like a bustapay/p2ep  or import/export a reused address output from/to a friend or something.

Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering Grin).


But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do).
Warranteum
Copper Member
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
June 06, 2019, 07:04:01 AM
 #743

It ends up trivially identifiable whose outputs are whose based on the observed offers?
hv_
Hero Member
*****
Offline Offline

Activity: 1400
Merit: 554

Clean Code and Scale


View Profile WWW
June 06, 2019, 10:59:56 AM
 #744

Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?


Carpe diem  -  understand the White Paper and mine honest.
Memo: 1AHUYNJKPfY7PjVK1hNQFo5LrdGixuiybw  -  https://metanet.icu/
The simple way is the genius way - in Moore's Law and Satoshi's WP we trust.
Carlton Banks
Legendary
*
Offline Offline

Activity: 2576
Merit: 2113



View Profile
June 06, 2019, 03:50:59 PM
Merited by ETFbitcoin (1)
 #745

Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?



Privacy and/or anonymity work both ways round.

  • People use privacy to do bad things because good people are stopping them otherwise
  • People use privacy to do good things because bad people are stopping them otherwise

Vires in numeris
hv_
Hero Member
*****
Offline Offline

Activity: 1400
Merit: 554

Clean Code and Scale


View Profile WWW
June 07, 2019, 09:54:21 AM
 #746

Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?



Privacy and/or anonymity work both ways round.

  • People use privacy to do bad things because good people are stopping them otherwise
  • People use privacy to do good things because bad people are stopping them otherwise

In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 

Carpe diem  -  understand the White Paper and mine honest.
Memo: 1AHUYNJKPfY7PjVK1hNQFo5LrdGixuiybw  -  https://metanet.icu/
The simple way is the genius way - in Moore's Law and Satoshi's WP we trust.
BurtW
Legendary
*
Offline Offline

Activity: 2590
Merit: 1064

All paid signature campaigns should be banned.


View Profile WWW
June 07, 2019, 12:32:33 PM
Merited by ETFbitcoin (1)
 #747

In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 
You obviously do not know your audience.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
TheNewAnon135246
Legendary
*
Offline Offline

Activity: 2170
Merit: 1817


฿uy ฿itcoin


View Profile
June 11, 2019, 10:31:49 AM
 #748

In (coming?) the world wide adoption path all other Banks (except Carlton) will prefere the more transparent blockchains - so all tainted and on purpose more ano chains will be dismissed from that path. 
You obviously do not know your audience.

No need to reply to his post. He's a BSV shill.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1302
Merit: 826


Crypto-Games.net: Multiple coins, multiple games


View Profile
June 14, 2019, 11:40:58 AM
 #749

I believe hv_ has a point. A user must still be careful, and manage his UTXOs well to maintain its privacy after CoinJoin.

Would it create a "dark pool"? I do not know, maybe, but consolidating your coinjoined coins with non-coinjoined coins might remove the privacy gained.


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
garlonicon
Newbie
*
Offline Offline

Activity: 3
Merit: 3


View Profile
July 02, 2019, 11:19:25 PM
 #750

What do you think about BIG CoinJoin transactions? For example as big as adding one more input or output would exceed the maximum block size, so the newly mined block will finally contain nothing more than one huge CoinJoin transaction.
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1848
Merit: 2122

Use SegWit and enjoy lower fees.


View Profile WWW
July 03, 2019, 07:31:47 PM
 #751

What do you think about BIG CoinJoin transactions? For example as big as adding one more input or output would exceed the maximum block size, so the newly mined block will finally contain nothing more than one huge CoinJoin transaction.

I don't see point of create CoinJoin transaction with lots of input & output, if total output and Bitcoin amount of each amount isn't controlled, deanonymization could be easier.

Besides, transaction size above 100KB or 400.000 weight unit isn't allowed by current Bitcoin protocol.

garlonicon
Newbie
*
Offline Offline

Activity: 3
Merit: 3


View Profile
July 04, 2019, 01:10:51 AM
 #752

Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:

A -> B -> C -> D -> E -> F -> G

Then, the miner could create a "CoinJoin proposal" like this:

A -> G

And if A will sign it, the miner will save some space. If not, the miner could propose something else, for example:

A -> B -> G

Of course, when we have N transactions in mempool, there are 2^N-(N+1) possible combinations of such "CoinJoin proposals". To avoid spam, we can add some nonce and difficulty to them (since such proposals are "not-yet-signed-by-all-participants" transactions). And if the miner won't collect all needed signatures, it can still use the original non-CoinJoin transactions.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2898
Merit: 2862



View Profile
July 04, 2019, 05:05:13 AM
 #753

Quote
deanonymization could be easier
I didn't think mainly about deanonymization, rather I thought about confirming more transactions per block without increasing the maximum block size. It could be especially useful when we have something like this in mempool:
https://bitcointalk.org/index.php?topic=281848.0
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 [38]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!