Bitcoin Forum
September 28, 2020, 03:23:50 AM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [37] 38 »
  Print  
Author Topic: CoinJoin: Bitcoin privacy for the real world  (Read 292091 times)
malevolent
can into space
Staff
Legendary
*
Online Online

Activity: 2702
Merit: 1455



View Profile
May 20, 2019, 01:12:19 PM
Merited by ETFbitcoin (1)
 #721

If anyone's interested, I've found a summary of this thread and the list of proposals submitted to date. A short recap for those who stopped following this thread after a while:

https://medium.com/@6102bitcoin/the-coinjoin-bounty-thread-e6d5e3055e6a
https://medium.com/@6102bitcoin/coinjoin-part-ii-the-proposals-b62853f95e37

There are several different types of Bitcoin clients. Hybrid server-assisted clients like Electrum get a lot of their network information from centralized servers, but they also check the server's results using blockchain header data. This is perhaps somewhat more secure than either server-assisted clients or header-only clients.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1601263430
Hero Member
*
Offline Offline

Posts: 1601263430

View Profile Personal Message (Offline)

Ignore
1601263430
Reply with quote  #2

1601263430
Report to moderator
1601263430
Hero Member
*
Offline Offline

Posts: 1601263430

View Profile Personal Message (Offline)

Ignore
1601263430
Reply with quote  #2

1601263430
Report to moderator
BitUsher
Legendary
*
Offline Offline

Activity: 994
Merit: 1027


View Profile
May 23, 2019, 07:31:21 PM
 #722

Repeated dishonesty from Samourai have barred them from ever receiving a payout from the bounty as far as I am concerned: I will not be signing a transaction paying them. Evaluating the privacy of systems is difficult even when the involved parties are honest and easy to work with, it is far too difficult when they are actively misleading.  Personally, I would urge my friends to not use that wallet.

As far as other stuff, there has been efforts in progress to do some awarding for a couple months now. It takes time to evaluate things and work with the recipients.  If it didn't this bounty would have been gone years ago when "darkwallet" demanded the whole thing then mobbed us with unreasonable demands (including public campaigning which was vigorous to the point of harassment) to pay it all to them when the result didn't provide the advertised privacy and didn't even stay available due to the operating model.

This makes sense and is reasonable. Thank you for updating us that you are still reviewing Wasabi and joinmarket for payouts.

In a sense I can of understand why you are hesitant as Wasabi doesn't allow coinjoining smaller amounts and is profit motivated(understandable considering what happened to darkwallet) benefiting the wallet and joinmarket while great has really lacking UX that wasabi excels at. Thus no ideal solution exists as of yet but we are getting better every month. My opinion doesn't matter as its your bounty to give but IMHO partial rewards should be given to wasabi and joinmarket and half withheld for future projects that creates a better mixing wallet.
layer1gfx
Legendary
*
Offline Offline

Activity: 2058
Merit: 1091

Graphic Design & Translation - BTC accepted here!


View Profile WWW
May 28, 2019, 05:23:31 AM
 #723

are the results out already who got the bounty rewards?
Carlton Banks
Legendary
*
Offline Offline

Activity: 2856
Merit: 2283



View Profile
May 28, 2019, 08:26:59 AM
Merited by bob123 (1)
 #724

The conditions for the bounty are:

The bounty fund will pay out as funds are available according to the signers best judgment for completed work proposed in this thread that furthers the goal of making improved transaction privacy a practical reality for Bitcoin users.

And, having considered this for a while, my perspective is that no-one has really achieved this.




Coinjoin (as currently implemented) has a problem: coinjoins with a large number of participants and also similar/equal output amounts are easily identifiable on the (public) blockchain. This simply reduces fungiblity in a different way: now, outputs from mass coinjoins can be identified as "coinjoin related" and labelled as such.


Payjoin and PaySwap (link: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-April/016888.html) are the real solution, and they are as of yet unimplemented by anyone.

Coinjoins must look exactly like any other transaction on the blockchain in order to make Bitcoin transactions truly private.

Vires in numeris
Pieter Wuille
Legendary
*
qt
Offline Offline

Activity: 1064
Merit: 1039


View Profile WWW
May 30, 2019, 01:31:17 AM
Merited by Guy Corem (10), TheNewAnon135246 (5), Dabs (3), Cyrus (2), bones261 (2), theymos (1), gmaxwell (1), malevolent (1), Quickseller (1), ETFbitcoin (1), pooya87 (1), Anduck (1), o_e_l_e_o (1), morvillz7z (1), e4xit (1)
 #725

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello all,

this is to announce that we're awarding:
* 10 BTC to JoinMarket, for the first practical CoinJoin solution, and continued research into progressing this domain.
* 10 BTC to Wasabi, for building a more end-user accessible solution and larger adoption.

The remainder of the funds is left for future solutions with more ubiquitous impact on the ecosystem.

For those watching, 822f559df14894bd57bdd1ef0ab983228b7816a69d035cc1c5d18fb569ee5e94 is the payout transaction, crediting
several individual contributors directly as requested by the winning projects, and aggregating the remaining bounty funds
into a single UTXO. It is (obviously) a joined transaction, mixed with other transfers.

Congratulations!
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErGYmFy4AqCz/rolypjbpdjH3Z+AFAlzvMfkACgkQpjbpdjH3
Z+D2Pw/+IXvHLrQ1IuTicPXQgauzgIGV9F9tOZln6cIgduVW3A2nlenw9uSixh/4
rhV+kPUOjLsswEocKA1zt0pxq1QbSbhKaDRq2Rms3CtYfyvnlBTDvd/bdNDWBr2g
9Koc0QRq0ETKnJ7dXlOtwhUcOaWrW2qJMf8TekOPb6b70BSUSZzJe5YfItdLu8YM
KmmJ02GIr+urcTJDT3O6kEUpRBEUEaKcWPCAm+CVMGiKAisuhBnhKb163TKOKuH5
zoBdCHKd9giHB5obrqeaCKtw5Rg1Q7Q7hDRcFgvk5YN11EzqFyJrrHq6cyDxso8T
DsO5sa38+0aEi1ijAElwhX+7Wh5/AyadIaAq57V+9Y4TQCbDd0jhwjSclSMuiTkb
r1S0Zc6HuU0ztJyddguDKIZdUpvuRLCQXH0dUW27eYkt3NMrJTiUzN39fSNaRLDM
ZS8mHga1aUxv3IhNVf1pnDOlSE9kHrPMfaaWhrEFLROi/zz5idb6xeZ8bLIAo76D
YbY2zJ7BN0AMTI/EPX/ArkAU8qITfSwy0C9MDfZfmqeA9iy5eTj1EUSPcvoFPksg
wY+HvBptA+qaekNqmqZPZnGRx34e8QWTOP8r3NQxib2Nep8ycHB9TQXiIMGcxLvg
V3SXBCz7MCfJsKieBtZUaIOfWFzHvKGwPdjn/KoMCcwoE5rnQco=
=6vff
-----END PGP SIGNATURE-----

I do Bitcoin stuff.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3892
Merit: 7919


View Profile
May 30, 2019, 03:09:09 AM
Merited by Guy Corem (10), TheNewAnon135246 (5), gmaxwell (2), ETFbitcoin (1)
 #726

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy), while Wasabi is the first wallet that implements CoinJoin in both a highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!

For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".



Further work is still necessary toward achieving default-fungibility, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:

 - Improvements to make Wasabi more of a complete wallet.
 - CoinJoin integration in other wallets, especially Bitcoin Core.
 - Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)
 - Other research (and, perhaps more importantly, usable products) for improving day-to-day privacy.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
vit05
Hero Member
*****
Offline Offline

Activity: 672
Merit: 525



View Profile
May 30, 2019, 03:25:34 AM
 #727

Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello all,

this is to announce that we're awarding:
* 10 BTC to JoinMarket, for the first practical CoinJoin solution, and continued research into progressing this domain.
* 10 BTC to Wasabi, for building a more end-user accessible solution and larger adoption.

The remainder of the funds is left for future solutions with more ubiquitous impact on the ecosystem.

For those watching, 822f559df14894bd57bdd1ef0ab983228b7816a69d035cc1c5d18fb569ee5e94 is the payout transaction, crediting
several individual contributors directly as requested by the winning projects, and aggregating the remaining bounty funds
into a single UTXO. It is (obviously) a joined transaction, mixed with other transfers.

Congratulations!
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErGYmFy4AqCz/rolypjbpdjH3Z+AFAlzvMfkACgkQpjbpdjH3
Z+D2Pw/+IXvHLrQ1IuTicPXQgauzgIGV9F9tOZln6cIgduVW3A2nlenw9uSixh/4
rhV+kPUOjLsswEocKA1zt0pxq1QbSbhKaDRq2Rms3CtYfyvnlBTDvd/bdNDWBr2g
9Koc0QRq0ETKnJ7dXlOtwhUcOaWrW2qJMf8TekOPb6b70BSUSZzJe5YfItdLu8YM
KmmJ02GIr+urcTJDT3O6kEUpRBEUEaKcWPCAm+CVMGiKAisuhBnhKb163TKOKuH5
zoBdCHKd9giHB5obrqeaCKtw5Rg1Q7Q7hDRcFgvk5YN11EzqFyJrrHq6cyDxso8T
DsO5sa38+0aEi1ijAElwhX+7Wh5/AyadIaAq57V+9Y4TQCbDd0jhwjSclSMuiTkb
r1S0Zc6HuU0ztJyddguDKIZdUpvuRLCQXH0dUW27eYkt3NMrJTiUzN39fSNaRLDM
ZS8mHga1aUxv3IhNVf1pnDOlSE9kHrPMfaaWhrEFLROi/zz5idb6xeZ8bLIAo76D
YbY2zJ7BN0AMTI/EPX/ArkAU8qITfSwy0C9MDfZfmqeA9iy5eTj1EUSPcvoFPksg
wY+HvBptA+qaekNqmqZPZnGRx34e8QWTOP8r3NQxib2Nep8ycHB9TQXiIMGcxLvg
V3SXBCz7MCfJsKieBtZUaIOfWFzHvKGwPdjn/KoMCcwoE5rnQco=
=6vff
-----END PGP SIGNATURE-----

Amazing, congratulations. At this point in time where we encounter a lot of difficulties in maintaining a little more privacy and individuality in our lives, and in which governments and companies insist on knowing all our steps, it is very important to see successful initiatives like these that seek to offer greater privacy in our lives.

Congrats and thank you all.
BitUsher
Legendary
*
Offline Offline

Activity: 994
Merit: 1027


View Profile
May 30, 2019, 05:13:12 AM
 #728

Very wise decision and exactly what I was thinking would be fair as both belcher and nopara are deserving but not there 100%
layer1gfx
Legendary
*
Offline Offline

Activity: 2058
Merit: 1091

Graphic Design & Translation - BTC accepted here!


View Profile WWW
May 30, 2019, 09:48:43 AM
 #729

good decision, congrats to both projects!
MagicByt3
Sr. Member
****
Offline Offline

Activity: 658
Merit: 392


<Insert No Fucks Given Here>


View Profile
May 30, 2019, 10:07:16 AM
 #730

Well deserved reward to both parties congratulations to both.
Having tested both wasabi and join market both being relatively simple to use I can see many people adopting the use of them.

"If you don't believe it or don't get it, I don't have the time to try to convince you, sorry". Satoshi Nakamoto
Micky06
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
May 30, 2019, 12:01:10 PM
 #731

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy), while Wasabi is the first wallet that implements CoinJoin in both a highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!

For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".



Further work is still necessary toward achieving default-fungibility, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:

 - Improvements to make Wasabi more of a complete wallet.
 - CoinJoin integration in other wallets, especially Bitcoin Core.
 - Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)
 - Other research (and, perhaps more importantly, usable products) for improving day-to-day privacy.


Here is a solution for your third point:

Just like Bitcoin a CoinJoin wallet should build a network of nodes with a mempool.
It works like this:

Alice wants to coinjoin a transaction so she sends a message to the mempool

In this message it is specified the listening node which is the communication port for Alice plus eventual informations or conditions releted to the coinjoin she wants (maybe she wants to be paid for the coinjoin and she states the fee or she wants to coinjoin with 3 or 4 participants, etc...)

Alice builds a path of nodes to her listening node just like it happens in the lightning network in which every node of the path is only aware of the 2 nodes communicating with it

Alice --> node A --> node B --> node C --> node D --> Alice's listening node

In this example of path node C will only be aware of node B and node D

Bob sees Alice's message on the mempool and decides he wants to coinjoin with Alice

He construct a path to a Bob's listening node just like Alice did

Now the 2 listening nodes talk to each other and through them Alice and Bob communicate in a secure way

They settle the details for the coinjoin, sign it and then send it to the Bitcoin network.

This is not limited to 2 participants, it can be extended to 3 or more and it could become a standard in which every privacy oriented coinjoin wallet participates.

Of course this is far less efficient than a centralized solution but we already know decentralization is inefficient.

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3318
Merit: 1488



View Profile
May 30, 2019, 12:36:21 PM
 #732

Neat outcome.

buwaytress
Legendary
*
Offline Offline

Activity: 1484
Merit: 1407


Join the world-leading crypto sportsbook NOW!


View Profile
May 30, 2019, 12:57:53 PM
 #733

Very happy to see this announcement, and really pleased to see the donors continue to support these efforts: theymos, greg, pieter. Guys like us don't know how good we have it, but this is really the direction we always knew Bitcoin was headed. Further evidence that the scalability issue has long been solved (or in the midst of being addressed) and that the next direction to be tackled is privacy.

Also agree, as much as mixers have been the go-to solution for typical users in past, they're still highly centralised and CJ should, with time, require less of that aspect.

Good job Wasabi and JoinMarket!

belcher
Sr. Member
****
Offline Offline

Activity: 261
Merit: 328


View Profile
June 03, 2019, 01:10:41 PM
Last edit: June 03, 2019, 01:44:59 PM by belcher
Merited by theymos (5), suchmoon (4), ETFbitcoin (3), gmaxwell (2)
 #734

Fun fact: because the CoinJoin bounty payout transaction to JoinMarket and Wasabi wallet was itself a coinjoin transaction with specially chosen inputs, the wallet clustering site walletexplorer.com now thinks that the coinjoin bounty address belongs to the largest wallet cluster (which used to be called MtGoxAndOthers and is now called CoinJoinMess)

https://www.walletexplorer.com/wallet/CoinJoinMess?from_address=3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
RHavar
Legendary
*
Offline Offline

Activity: 2128
Merit: 1670



View Profile
June 04, 2019, 06:16:30 AM
Merited by ETFbitcoin (1)
 #735

Quote
Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]
belcher
Sr. Member
****
Offline Offline

Activity: 261
Merit: 328


View Profile
June 04, 2019, 11:13:21 AM
Merited by ETFbitcoin (1)
 #736

Quote
Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.

I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it.

1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9
JoinMarket - CoinJoin that people will actually use.
PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129
RHavar
Legendary
*
Offline Offline

Activity: 2128
Merit: 1670



View Profile
June 04, 2019, 05:57:20 PM
Merited by theymos (2), ETFbitcoin (1)
 #737

It would definitely be interesting to see what the more developed tools say about it.

I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.

Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change).  Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.

---

If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions.  And then (and only then really) you can be cute and do something like a bustapay/p2ep  or import/export a reused address output from/to a friend or something.

Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering Grin).


But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do).
Warranteum
Copper Member
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
June 06, 2019, 07:04:01 AM
 #738

It ends up trivially identifiable whose outputs are whose based on the observed offers?
hv_
Hero Member
*****
Offline Offline

Activity: 1694
Merit: 607

Clean Code and Scale


View Profile WWW
June 06, 2019, 10:59:56 AM
 #739

Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?


Carpe diem  -  understand the White Paper and mine honest.
Memo: 1AHUYNJKPfY7PjVK1hNQFo5LrdGixuiybw  -  https://metanet.icu/
The simple way is the genius way - Satoshi's Rules: humana veris _
Carlton Banks
Legendary
*
Offline Offline

Activity: 2856
Merit: 2283



View Profile
June 06, 2019, 03:50:59 PM
Merited by ETFbitcoin (1)
 #740

Wouldn't you guys not just create a 'dark' pool here where only dark / gray coins are getting mixxed with each other and no reasonable one will use that  for anything good after ?



Privacy and/or anonymity work both ways round.

  • People use privacy to do bad things because good people are stopping them otherwise
  • People use privacy to do good things because bad people are stopping them otherwise

Vires in numeris
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [37] 38 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!