Bitcoin Forum
April 24, 2014, 11:52:31 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: Anonymous Bitcoin Transactions with Coinjoin  (Read 2353 times)
genjix
Hero Member
*****
expert
Offline Offline

Activity: 1064


View Profile

Ignore
August 27, 2013, 08:04:23 AM
 #1

PROOF OF CONCEPT ONLY

http://sx.dyne.org/anontx/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My address: 1H1LP8UhGR5wK9WppBMwewCddwdebYqwwT

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJSHFzwAAoJELvkzMTyLzm16NIQAJZZoLdS1NNW8OfOzV4p9LAO
+u6pQzUm9KuxLuswGaAklrB4KExYmKSbd+kPVfkEsJb7Zu2Txi1ChUnY1xIV4t6/
GjuyM5qNuAD7NrLSJ3sCIKeQnWlwcj35Au9uxQzc7upry4wN9UCkBJjX0bbtDnkY
Yuj9eRNt8z2Mpr/0pyhuCoyoPRFxaPLwcWnkGkXbZzQ/1MsBh0x7s5vH5hs5LHLT
t9WPSE97erEVsnSFXMDhHxQKyNjo9Dm2TKAVFZUsXxnG7nua/c5sxVHxi1VRrvYn
eIWSiAfMk9TIQZZ/mzZrSVUiSfLhyIDbForeCDEmh0ctSITv9GA5Ob/tHF30PyQg
5Z5RCPX3oXFMpTsSwL4BwR9pIaf8rs2iV3YG8Rr3+DyrgMmjwjPnvyoUsw+8cHdC
lSQuPFAT9m7orBsUP7BSVuiuHAakKieg7nVUoswusvYENjVVjKw4mhflVCOkX3HS
ae+3kfGMrRcWEZXjI3K6NeJNt2MzMmc9xl1PTJo2XAr86pI0k7cAf5ke09SloYtm
y+l3ugv6Tl/Y2kWTF7n3N+QvDbg5rvAh7Yvtin84hb9vk4adxZggF1OUYqJDjI1s
Mhjbm9wFI2B+cxjcrWKyMoXK4Ia5wyRIreMFKmYQ18vQDpwncHSTdKI5uSUpEPgT
3UuPRMkRWEoMiqvNSMqh
=o2J/
-----END PGP SIGNATURE-----

https://unsystem.net/static/genjix.gpg.txt

Check out my video about Bitcoin


trifecta of a new world: economy, technology and industry | Freenode IRC #darkwallet
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
1398383551
Hero Member
*
Offline Offline

Posts: 1398383551

View Profile Personal Message (Offline)

Ignore
1398383551
Reply with quote  #2

1398383551
Report to moderator
genjix
Hero Member
*****
expert
Offline Offline

Activity: 1064


View Profile

Ignore
August 29, 2013, 04:58:41 AM
 #2

New "release" of CoinJoin, features:

 * Server now has a public "lobby" to serve as meeting point (front page announcing "open" coinjoins)
 * Creator of coinjoin can choose amount, so its no longer just 0.01, now you can join arbitrary amounts
 * The client can now resume the session in different runs, so you can actually run it in several times to finish the coinjoin and wait for other ppl joining (you had to keep it open before).

You can check the video at (shows using the tool and lobby):

 * http://www.youtube.com/watch?v=rr6DeziHdFs

Test server still at:

 * http://7vxb75tbnszhy2go.onion

We keep working on the implementation and more features so donations welcome at: 1H1LP8UhGR5wK9WppBMwewCddwdebYqwwT
(some ideas: serverless setup, casual use for joining tx and fees...).

trifecta of a new world: economy, technology and industry | Freenode IRC #darkwallet
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 280


View Profile

Ignore
August 29, 2013, 05:01:28 AM
 #3

Once this is tested a bit, will it be easy to eventually integrate into the main Bitcoin clients?
genjix
Hero Member
*****
expert
Offline Offline

Activity: 1064


View Profile

Ignore
August 29, 2013, 05:04:18 AM
 #4

We can develop several protocols for finding peers and jointly creating multisig transactions for different goals.

The protocols can then easily integrated into mainline clients (the one we implemented can easily be included in other clients, just uses POST, GET and some json to pass around the input, outputs, tx and signatures).

Cheers!

trifecta of a new world: economy, technology and industry | Freenode IRC #darkwallet
dillpicklechips
Sr. Member
****
Offline Offline

Activity: 280


View Profile

Ignore
August 29, 2013, 05:18:13 AM
 #5

We can develop several protocols for finding peers and jointly creating multisig transactions for different goals.

The protocols can then easily integrated into mainline clients (the one we implemented can easily be included in other clients, just uses POST, GET and some json to pass around the input, outputs, tx and signatures).

Cheers!

Thanks. Would it be similar to zerocoin in that it's ideal to stick to certain "denominations" like 0.1, 0.01, 1, etc?
genjix
Hero Member
*****
expert
Offline Offline

Activity: 1064


View Profile

Ignore
August 29, 2013, 05:19:58 AM
 #6

Yes we should develop some naming and versioning of different protocols that emerge so different clients and tools can all communicate.


trifecta of a new world: economy, technology and industry | Freenode IRC #darkwallet
drawingthesun
Sr. Member
****
Offline Offline

Activity: 462


View Profile

Ignore
August 29, 2013, 05:38:44 AM
 #7

Will coinjoin eventually offer the same anonymity benefits Zerocoin promised?

ActiveMining Knowledge Thread!

1JqqGRV4VSnowwC7By7wWeiJTB7bvMWnt3
gmaxwell
Moderator
Hero Member
*
qt
Online Online

Activity: 1078


View Profile

Ignore
August 29, 2013, 05:49:12 AM
 #8

Will coinjoin eventually offer the same anonymity benefits Zerocoin promised?
See the thread on the general idea for my thoughts on the general question.
drawingthesun
Sr. Member
****
Offline Offline

Activity: 462


View Profile

Ignore
August 29, 2013, 06:33:37 AM
 #9

Will coinjoin eventually offer the same anonymity benefits Zerocoin promised?
See the thread on the general idea for my thoughts on the general question.

Far out, I had no idea you could have other inputs from other people into transactions and do it in a trustless way.

This is amazing, and it just uses normal transactions.

So essentially this is coin mixing using the inputs of a transaction from lots of people. Of course you like you have said in that thread all the inputs must be the same denomination right?

Question: Is it possible to trace one input to a output?

So inputs 1a,2a,3a,4a in and outputs 1b,2b,3b,4b out. Is it possible to trace 2a ending up as 4b? (Assuming that is the path the transactions took)


ActiveMining Knowledge Thread!

1JqqGRV4VSnowwC7By7wWeiJTB7bvMWnt3
marcus_of_augustus
Hero Member
*****
Offline Offline

Activity: 1134



View Profile

Ignore
August 29, 2013, 06:38:56 AM
 #10

I wonder if this could be added to regular Electrum client as an optional extra module (with extra dependencies libbitcoin, sx) ? Python, client/server ... seems closely aligned.

Monetary Freedom - a basic human right
"Disarming money as a tool for tyranny."
"Disintermediating the State."
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile

Ignore
August 29, 2013, 06:53:24 AM
 #11

Question: Is it possible to trace one input to a output?

So inputs 1a,2a,3a,4a in and outputs 1b,2b,3b,4b out. Is it possible to trace 2a ending up as 4b? (Assuming that is the path the transactions took)


It is absolutely not possible to trace one input to an output in complex transactions. The reason is that, by the protocol, we only check that it all adds up (inputs, outputs, and fees). If it ads up, the transaction is valid. We don't, because we can't, keep track of a bitcoin, much like you cannot keep track of a number when adding numbers: If 3+5=8, you cannot tell which of those eight come from those three. With physical objects you could, but bitcoins are pure abstraction, like numbers in the above example.
You could maybe argue that one of the outputs is, for example, 12.5% related to one of the inputs (previous outputs, that is), but this is far from "tracing" one-on-one.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
drawingthesun
Sr. Member
****
Offline Offline

Activity: 462


View Profile

Ignore
August 29, 2013, 07:20:08 AM
 #12

Question: Is it possible to trace one input to a output?

So inputs 1a,2a,3a,4a in and outputs 1b,2b,3b,4b out. Is it possible to trace 2a ending up as 4b? (Assuming that is the path the transactions took)


It is absolutely not possible to trace one input to an output in complex transactions. The reason is that, by the protocol, we only check that it all adds up (inputs, outputs, and fees). If it ads up, the transaction is valid. We don't, because we can't, keep track of a bitcoin, much like you cannot keep track of a number when adding numbers: If 3+5=8, you cannot tell which of those eight come from those three. With physical objects you could, but bitcoins are pure abstraction, like numbers in the above example.
You could maybe argue that one of the outputs is, for example, 12.5% related to one of the inputs (previous outputs, that is), but this is far from "tracing" one-on-one.

Is it possible to unravel the signed transaction to see where 1a wanted their money to end up?

The network must know the path otherwise how would they get from A to B.

The intention for the money to end up in a certain place is the weak link right?

ActiveMining Knowledge Thread!

1JqqGRV4VSnowwC7By7wWeiJTB7bvMWnt3
gmaxwell
Moderator
Hero Member
*
qt
Online Online

Activity: 1078


View Profile

Ignore
August 29, 2013, 07:41:41 AM
 #13

Is it possible to unravel the signed transaction to see where 1a wanted their money to end up?
The network must know the path otherwise how would they get from A to B.
The intention for the money to end up in a certain place is the weak link right?
No. The whole transaction  ("this group of things to that group of things") is the intention the transaction coveys, and it cannot be separated when using sighash all (the default sighash type).  Thats the point. Smiley There are possible side channels— how different clients encode signatures, for example, but the transaction style itself doesn't leak any information about the mapping when used correctly.

Quote
Of course you like you have said in that thread all the inputs must be the same denomination right?
There is no fundamental requirement in the Bitcoin protocol for them to be the same, but if they are different sizes you likely leak some information about the input to output mapping: If I put in 5 and you put in 50... and addr X gets out 50 and Y gets out 5 ... how do you think they map?
drawingthesun
Sr. Member
****
Offline Offline

Activity: 462


View Profile

Ignore
August 29, 2013, 07:51:00 AM
 #14

Is it possible to unravel the signed transaction to see where 1a wanted their money to end up?
The network must know the path otherwise how would they get from A to B.
The intention for the money to end up in a certain place is the weak link right?
No. The whole transaction  ("this group of things to that group of things") is the intention the transaction coveys, and it cannot be separated when using sighash all (the default sighash type).  Thats the point. Smiley There are possible side channels— how different clients encode signatures, for example, but the transaction style itself doesn't leak any information about the mapping when used correctly.


How about the people partaking in the transaction, is it possible to watch as more and more people add onto the transaction who intended what btc to go where?

Or is the transaction made all at once with many people involved but no one seeing where the people want the coins to go. (I'm talking about watching the process of this coinjoin tx being built)

ActiveMining Knowledge Thread!

1JqqGRV4VSnowwC7By7wWeiJTB7bvMWnt3
Dougie
Full Member
***
Offline Offline

Activity: 210


You are not special.


View Profile

Ignore
August 29, 2013, 07:57:26 AM
 #15

Wow. This is way above my head! I didn't even realise this was possible! I hope this project continues to grow and that anonymous peer networks can be found easily and quickly in the future.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
gmaxwell
Moderator
Hero Member
*
qt
Online Online

Activity: 1078


View Profile

Ignore
August 29, 2013, 08:10:48 AM
 #16

How about the people partaking in the transaction, is it possible to watch as more and more people add onto the transaction who intended what btc to go where?
Or is the transaction made all at once with many people involved but no one seeing where the people want the coins to go. (I'm talking about watching the process of this coinjoin tx being built)
It depends on how it is implemented. The simplest ways of implementing it make either a meeting point "server" learn the correspondence, or all the participating users.  More complicated ways result in no one knowing. (I sketched out at a very high level in the other thread two distinct ways on the more complicated ends of the spectrum, but there are many possible ways with distinct trade-offs in security, implementation complexity, resistance to denial of service attack, etc)
Patches OHulahan
Newbie
*
Offline Offline

Activity: 14


View Profile

Ignore
August 29, 2013, 08:24:23 AM
 #17

This is not good.

If Bitcoin is further anonymized, Dictator Barack Obama will ban it soon.

The first live betting site for Bitcoins! - BitcoinLiveBets.com
-------------------------------------------------------------------------
Live betting on many games now available plus thousands of bets for all major sports!   (http://www.bitcoinlivebets.com/?w=213)
caedes
Newbie
*
Offline Offline

Activity: 6


View Profile

Ignore
August 29, 2013, 12:31:42 PM
 #18


How about the people partaking in the transaction, is it possible to watch as more and more people add onto the transaction who intended what btc to go where?

Or is the transaction made all at once with many people involved but no one seeing where the people want the coins to go. (I'm talking about watching the process of this coinjoin tx being built)

In this implementation the outputs and inputs are collected in two separate stages to avoid easy correlation because the user sent both input and output at the same time. During inputs and outputs stage it's possible to watch a counter of how many participants sent their data, but we don't show the details till everything is collected (we do this to further avoid correlation, but probably wouldn't matter or might even help to show them as it goes).
P_Shep
Hero Member
*****
Offline Offline

Activity: 826


View Profile WWW

Ignore
August 29, 2013, 12:46:22 PM
 #19

So will combining multiple transactions also help with blockchain bloat / sustainablity? Or would the size of the coinjoined transactions be much the same as the separate ones?

Anubis cgminer web frontend: https://bitcointalk.org/index.php?topic=57342.0
Files and instructions for CGminer on DD-WRT: https://bitcointalk.org/index.php?topic=76685.0
Pan handling: 1Fxpijq1NN52LzSzD2WtGbT3ZTWq366ejj
LaudaM
Sr. Member
****
Offline Offline

Activity: 378



View Profile

Ignore
August 29, 2013, 03:01:12 PM
 #20

Good work. Something innovative again, and so interesting.

Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!