Bitcoin Forum
January 19, 2025, 10:45:45 PM *
News: Community Awards voting is open
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 294684 times)
solex
Legendary
*
Offline Offline

Activity: 1078
Merit: 1006


100 satoshis -> ISO code


View Profile
November 15, 2013, 09:15:09 PM
 #241

In what way is it being discouraged? Is it anything beyond informing people that it's bad practice? I'd like to see some anti-address-reuse measure become baseline, maybe even in the protocol itself if possible. Does CoinJoin have anything to do with address reuse then?

https://bitcointalk.org/index.php?topic=334316.0

This might be a premature decision, and only is effective per block, but hopefully the side-effect is faster adoption of BIP32

https://en.bitcoin.it/wiki/BIP_0032

BigJohn
Member
**
Offline Offline

Activity: 116
Merit: 10


View Profile
November 15, 2013, 09:24:44 PM
 #242

Awesome. Thanks for the information. That seems like a great idea putting that on the miners.

I have another question, I've asked this before but I don't quite understand why it wouldn't work. Couldn't the protocol be changed so that once an address is spent, it also becomes invalid? That way someone couldn't use an address to pay for something more than once, but he could still receive any number of incoming transactions to it before he decides to spend it. Transactions going to an invalid address would just not be accepted by miners and thus bounced back. This would mean that any attempts to whitelist addresses would be moot because an address disappears after use. What am I missing? Wouldn't this work?
solex
Legendary
*
Offline Offline

Activity: 1078
Merit: 1006


100 satoshis -> ISO code


View Profile
November 15, 2013, 09:47:54 PM
 #243

Awesome. Thanks for the information. That seems like a great idea putting that on the miners.

I have another question, I've asked this before but I don't quite understand why it wouldn't work. Couldn't the protocol be changed so that once an address is spent, it also becomes invalid? ... What am I missing? Wouldn't this work?

The place for this is in wallet software, not the protocol.
There should still be freedom of choice where someone who loves their vanity address more than their privacy can still use it (send from it) as long as they like.





ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470
Merit: 1006


Bringing Legendary Har® to you since 1952


View Profile
November 15, 2013, 10:05:21 PM
 #244

Already donated.

maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1014


View Profile
November 16, 2013, 12:49:40 AM
 #245

Does CoinJoin have anything to do with address reuse then?

No, nothing at all. Completely orthogonal issues.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
niniyo
Member
**
Offline Offline

Activity: 118
Merit: 10


View Profile
November 16, 2013, 01:07:03 AM
 #246

I'd like it if someone could address a concern I raised in another thread, but is relevant to mention here:

The outputs of a CoinJoin transaction will have an amount of red taint equal to the amount of red taint on the inputs.  So basically half of the participants will get cleaner coins and half will get dirtier coins.  There is no net reduction in red taint.

Unless you are assuming that number-of-hops somehow makes your redcoins less red, but I don't believe this to be the case.  The redness factor is really about the source transactions that lead into your transaction, and if a high % of those are red then your coins are tainted.

What incentive is there for clean coins to participate in CoinJoin?  Wouldn't it tend to be the case that CoinJoin inputs are all quite red?
gmaxwell (OP)
Moderator
Legendary
*
expert
Offline Offline

Activity: 4326
Merit: 8979



View Profile WWW
November 16, 2013, 01:15:35 AM
 #247

What incentive is there for clean coins to participate in CoinJoin?  Wouldn't it tend to be the case that CoinJoin inputs are all quite red?
Because the whole concept of "red" to begin with is a human imposed concept which is senseless in a world where people are widely and casually using coinjoin. This is why its important that it be made as easy and as cheap as possible, because its not really useful to anyone unless its usable by everyone.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
November 16, 2013, 01:38:43 AM
 #248

I'd like it if someone could address a concern I raised in another thread, but is relevant to mention here:

The outputs of a CoinJoin transaction will have an amount of red taint equal to the amount of red taint on the inputs.  So basically half of the participants will get cleaner coins and half will get dirtier coins.  There is no net reduction in red taint.

Unless you are assuming that number-of-hops somehow makes your redcoins less red, but I don't believe this to be the case.  The redness factor is really about the source transactions that lead into your transaction, and if a high % of those are red then your coins are tainted.

What incentive is there for clean coins to participate in CoinJoin?  Wouldn't it tend to be the case that CoinJoin inputs are all quite red?

If you are a Bitcoin investor, then you really should give a damn about Coinjoin. Destroying its fungibility would allow Wall Street's money masters to separate Bitcoin into assets of different sorts, like "good bitcoins" and "bad bitcoins", and manipulate their values while giving themselves unfair advantages like they have always been doing(e.g., with gold). The bitcoins they control will obviously be A+ grade, and yours may become entirely worthless someday even if you just hoard them and do nothing, to ensure your asset doesn't get depreciated is a pretty big incentive I guess.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
LightRider
Legendary
*
Offline Offline

Activity: 1500
Merit: 1022


I advocate the Zeitgeist Movement & Venus Project.


View Profile WWW
November 16, 2013, 07:22:40 AM
 #249

But if you mix all of the coins, how can I blacklist them and allow governments to intervene? - Mike Hearn

Bitcoin combines money, the wrongest thing in the world, with software, the easiest thing in the world to get wrong.
Visit www.thevenusproject.com and www.theZeitgeistMovement.com.
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
November 16, 2013, 08:50:40 AM
 #250

I'd like it if someone could address a concern I raised in another thread, but is relevant to mention here:

The outputs of a CoinJoin transaction will have an amount of red taint equal to the amount of red taint on the inputs.  So basically half of the participants will get cleaner coins and half will get dirtier coins.  There is no net reduction in red taint.

Unless you are assuming that number-of-hops somehow makes your redcoins less red, but I don't believe this to be the case.  The redness factor is really about the source transactions that lead into your transaction, and if a high % of those are red then your coins are tainted.

What incentive is there for clean coins to participate in CoinJoin?  Wouldn't it tend to be the case that CoinJoin inputs are all quite red?

If you are a Bitcoin investor, then you really should give a damn about Coinjoin. Destroying its fungibility would allow Wall Street's money masters to separate Bitcoin into assets of different sorts, like "good bitcoins" and "bad bitcoins", and manipulate their values while giving themselves unfair advantages like they have always been doing(e.g., with gold). The bitcoins they control will obviously be A+ grade, and yours may become entirely worthless someday even if you just hoard them and do nothing, to ensure your asset doesn't get depreciated is a pretty big incentive I guess.
Exactly. Redlisting will turn into blacklisting and it will turn into whitelisting if not stopped.
Herbert
Hero Member
*****
Offline Offline

Activity: 488
Merit: 500


View Profile
November 16, 2013, 10:38:41 AM
 #251

In light of the recent strange discussions/opinions by leading bitcoin foundation members this is even more important. Just added 0.5 BTC to the bounty. Wish I had more time to work on this myself...
HBBZ
Sr. Member
****
Offline Offline

Activity: 570
Merit: 250


View Profile
November 16, 2013, 02:57:03 PM
 #252

Privacy is the lifeline, otherwise there is no competition with traditional banking system. Thanks a lot for your contributions.
dawie
Member
**
Offline Offline

Activity: 115
Merit: 10


BTC for a better world


View Profile
November 16, 2013, 07:45:44 PM
 #253

Guys, this is one immensely valuable undertaking.  Spread the word and let's secure fungibility like Satoshi intended.

Fascinated by BTC
BTC: 1HWUnvZ3xQykdSJsfyGiGQpZG16uFe8DXJ
XMR: 44fJ52WJGUmceBX6iARnfW6k9p2MFrwkb9AeXRDvQDaZYM8zkA2uuysE164GBGrhkvGh8PAxGUFU5Fq eEmk82Cww3CHdeRS
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
November 16, 2013, 08:02:27 PM
 #254

I dont understand the advantage of using tor. unless of course you wanted to, in addition to hiding information about your transaction, actually hide the fact that you are participating in the bitcoin system entirely. Wouldn't the coinjoin facilitator just publish a public key that all other participants could use to encrypt their transaction?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
gmaxwell (OP)
Moderator
Legendary
*
expert
Offline Offline

Activity: 4326
Merit: 8979



View Profile WWW
November 16, 2013, 08:10:57 PM
 #255

I dont understand the advantage of using tor. unless of course you wanted to, in addition to hiding information about your transaction, actually hide the fact that you are participating in the bitcoin system entirely. Wouldn't the coinjoin facilitator just publish a public key that all other participants could use to encrypt their transaction?
If you don't use tor (or another similar network) then the peers you're talking to could record your IP, which you presumably want to keep private too. I mostly pointed it out to head off comments like "OMG YOUR PEERS CAN RECORD YOUR IP!" ... yes, they can, other things fix that. This is intended to address privacy in the blockchain. Smiley
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1014



View Profile
November 16, 2013, 08:23:29 PM
 #256

Figuring out how to construct CoinJoin transactions is just the first step in having a usable system.

The rest of the work is the nuts and bolts of how users actually find suitable mixing partners.

Based on how users are likely going to want to employ CoinJoin, there are going to be two general classes of clients:

  • Opportunistic clients which are configured to wait for suitable conditions and perform mixing in the background. These will necessarily be clients where the private keys are stored on a online machine. Mixing is not time sensitive at all for them.
  • Immediate clients who want to use a CoinJoin transaction to send bitcoins. They need to be able to complete the protocol quickly, within a few seconds, because they using an Armory-style offline wallet where they need to save an unsigned transaction to a suitable medium, cross the air gap, sign the transaction, and broadcast it all before the BitPay timer runs out.

In order for the immediate clients to be able to operate, you need a lot of opportunistic clients. Also, some of the opportunistic clients will be FBI honeypots, so there's that too.

Right off the bat, a CoinJoin negotiation protocol should be work over Tor. The TorChat system is a good model for this - they actually bundle a Tor binary directly into their application so that a TorChat user doesn't need to download, install, and configure Tor separately. They also use the hidden service URL as a user name, which means you don't need some additional name mapping system.

It's too bad the Tor project hasn't separated their core functionality library into a library that could be used by third-party applications, despite repeated calls to do so.

Perhaps CoinJoin clients could just work through the libpurple plugin for TorChat.

Once the clients all meet up, they need a way to negotiate parameters like output sizes. If an immediate client wants to use CoinJoin for a purchase, it's not likely that any other immediate clients are going to have the exact same output size needs, so they'll have to rely on opportunistic clients who have specified a compatible range of acceptable output sizes.

tl;dr: Clients need a protocol by which they can register their willingness to participate in a CoinJoin, and any relevant constraints which determine who is and is not a suitable partner, over a secure channel (because even though you might theoretically do it in the clear, people who want CoinJoin are also going to want to have IP address-level privacy too).
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
November 16, 2013, 08:47:58 PM
 #257

I dont understand the advantage of using tor. unless of course you wanted to, in addition to hiding information about your transaction, actually hide the fact that you are participating in the bitcoin system entirely. Wouldn't the coinjoin facilitator just publish a public key that all other participants could use to encrypt their transaction?
If you don't use tor (or another similar network) then the peers you're talking to could record your IP, which you presumably want to keep private too. I mostly pointed it out to head off comments like "OMG YOUR PEERS CAN RECORD YOUR IP!" ... yes, they can, other things fix that. This is intended to address privacy in the blockchain. Smiley


Supposing you did nothing to obfuscate your ip, would the peers you are talking to have any means by which to link your ip address to the outputs of the transactions that belonged to you? or would they simply be recording the fact that your ip address participated in that particular coinJoin session?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
November 16, 2013, 09:19:27 PM
Last edit: November 16, 2013, 09:52:59 PM by Come-from-Beyond
 #258

The idea can also be used more casually. When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together.

This thread is so big. Could anyone, who managed to read it, tell me what prevents CIA/FBI/MI6 from taking part in most of such transactions? This would let them to "break" privacy, coz they know which inputs and outputs r their own. Bitcoin network is already flooded with a lot of "spying" nodes, the same approach can be used against CoinJoin.
User705
Legendary
*
Offline Offline

Activity: 896
Merit: 1006


First 100% Liquid Stablecoin Backed by Gold


View Profile
November 16, 2013, 09:48:54 PM
 #259

CoinJoin needs to be nicely implemented in Bitcoin-Qt before any of these ridiculous blacklist proposals take off. So for the next 30 days, I will match donations to the CoinJoin bounty fund (3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk), up to a maximum of 5 BTC. Just donate to that address, and in 30 days I'll donate the difference between the current received amount (16.21420773) and the received amount at that time (max 5 BTC).
Would like to donate 1BTC and possibly more.  blockchain.info says invalid address though.   Angry

maaku
Legendary
*
expert
Offline Offline

Activity: 905
Merit: 1014


View Profile
November 16, 2013, 10:11:23 PM
 #260

It's a perfectly valid address. You just need to use Bitcoin-Qt or another sane wallet application.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!