Bitcoin Forum
April 20, 2018, 05:28:28 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: What's the situation with Bitcoins privacy/anonymity?  (Read 333 times)
justone123
Sr. Member
****
Offline Offline

Activity: 392
Merit: 254


View Profile
February 26, 2018, 12:11:57 AM
Merited by DannyHamilton (2), malevolent (1)
 #1

So yeah i've read some things about confidentional transactions to enhance privacy in Bitcoin, but i don't really know what it means.

Will Bitcoin enable anonymous transactions&addresses? So you could have an address and nobody knows how much Bitcoins you have/nobody can see your transactions/worth of transactions...?

What level of privacy/anonymity will these implementations provide?
1524202108
Hero Member
*
Offline Offline

Posts: 1524202108

View Profile Personal Message (Offline)

Ignore
1524202108
Reply with quote  #2

1524202108
Report to moderator
1524202108
Hero Member
*
Offline Offline

Posts: 1524202108

View Profile Personal Message (Offline)

Ignore
1524202108
Reply with quote  #2

1524202108
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524202108
Hero Member
*
Offline Offline

Posts: 1524202108

View Profile Personal Message (Offline)

Ignore
1524202108
Reply with quote  #2

1524202108
Report to moderator
1524202108
Hero Member
*
Offline Offline

Posts: 1524202108

View Profile Personal Message (Offline)

Ignore
1524202108
Reply with quote  #2

1524202108
Report to moderator
Colorblind
Member
**
Offline Offline

Activity: 196
Merit: 31

This text is irrelevant


View Profile
February 26, 2018, 07:40:41 AM
 #2

So yeah i've read some things about confidentional transactions to enhance privacy in Bitcoin, but i don't really know what it means.

Will Bitcoin enable anonymous transactions&addresses? So you could have an address and nobody knows how much Bitcoins you have/nobody can see your transactions/worth of transactions...?

What level of privacy/anonymity will these implementations provide?

For people to be able to answer those questions we need first to make some definitions:

Define Anonimity?
Define "levels" of anonymity?

Bitcoin in itself is pretty anonymous i.e. you don't really need to identify yourself (by any other means besides you bitcoin address) to send or receive bitcoins (unless you want to). However being anonymous does not mean untraceable.  I.e. anyone can see the your transaction can follow the funds. So in order to deanonymyze you investigator need to deanonimyze people you sent transaction to first and then it will still be tough to get to you (unless you gave away your privacy at a transaction step it will be hard to bind your identity to your address). In most cases this gives pretty good "level" of anonymity. If you are looking to have more then that you may be want to check Zcash or Monero - coins that provide additional layers of anonymity to transactions, making it harder to track back to you.

Blockchain architecture won't allow complete anonymity in trustless system because of how it's designed to function. All it can offer is a way to use network without need to actually identify yourself - so biggest chunk of your anonymity is your own responsibility.
btchump
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
February 26, 2018, 08:53:47 AM
Merited by DannyHamilton (2)
 #3

So yeah i've read some things about confidentional transactions to enhance privacy in Bitcoin, but i don't really know what it means.

Will Bitcoin enable anonymous transactions&addresses? So you could have an address and nobody knows how much Bitcoins you have/nobody can see your transactions/worth of transactions...?

What level of privacy/anonymity will these implementations provide?

When the dev's are asked this question the response is 'we don't care'

Most ppl just want to pump&dump btc to the moon, and don't consider privacy as means to the end of 'getting rich quick & easy'

As to the nature of your question, there is MONERO ( which claims to be secure ), and there is the z-cash coin family which have z-obfuscated addressses to backup the public address scheme, the thing with MONERO is its choice of ECDSA is known to be weak and have a back-door, while MONERO may be 'secure', its not secure from the ppl you should fear ( NSA wrote the ecdsa curves for monero ), like NSA wrote Secp256k1 for btc, like NSA wrote sha-256 for btc, ... THE ONLY real privacy is a coin that has no link to NSA, I think zen-cash fits that case Smiley

Again, over the years when dev's have been asked its always "We don't care about privacy"

That's ok, it opens the market up for other coins that DO CARE ABOUT PRIVACY
Mr. Net
Hero Member
*****
Offline Offline

Activity: 519
Merit: 502



View Profile
February 26, 2018, 10:41:24 AM
 #4

We are going to see different blockchains for different use cases this also applies to anonymity / confidentiality.

Something we might see are dedicated decentralised services designed to mix Bitcoins. We have had existing ones but these have been centralised and often shut down by governments. BTC-e for example was involved in these kinds of activities and have been taken down by the FBI some time ago.

JacobWilliami
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0


View Profile
February 26, 2018, 10:54:51 AM
 #5

well right now i see that that transaction fees is really low
justone123
Sr. Member
****
Offline Offline

Activity: 392
Merit: 254


View Profile
February 26, 2018, 01:34:20 PM
 #6

You are not even answering my questions... I am asking for bitcoin and bulletproofs, confidential transactions and not other coins.
HeRetiK
Hero Member
*****
Offline Offline

Activity: 714
Merit: 591


the forkings will continue until morale improves


View Profile
February 26, 2018, 05:15:18 PM
 #7

You are not even answering my questions... I am asking for bitcoin and bulletproofs, confidential transactions and not other coins.

The idea behind bulletproof transactions is that the content of the transaction is encoded in a way that only the sender and the receiver know the amount being sent, with an external observer merely being able to verify that no money has been generated out of thin air (ie. input minus output equals zero). Since the balances are only the sum of inbound and outgoing transactions it follows that the balance of addresses that receive / send bulletproof transactions will not be known to an external observer.

For MimbleWimble, which uses a similar technique, not even the sending and receiving addresses are visible to external observers. To be honest I'm not sure if that's the case with Bitcoin bulletproofs as well. Either way it will probably still take a while until we see bulletproof transactions coming to Bitcoin, if this approach will actually be pursued at all.

A bit closer to real life usage is the privacy that comes with Lightning Network. In this case it's more of a side-effect and the settlement balances of each respective address is still public, but at least the transactions that lead to the final state are not. Given enough data an adversary could probably correlate at least part of the transactions that are happening, but it at least gives slightly more privacy than mere on-chain transactions.

There's also CoinJoin btw, which is basically a built-in tumbler / mixer for Bitcoin transactions. Not sure what the state on that front is though.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1288
Merit: 1029


Use SegWit and enjoy lower fees


View Profile
February 26, 2018, 05:42:29 PM
 #8

You're talking about Bulletproof which is more efficient than confidentional transactions (size and confirmation speed), but it's still prototype. More info : https://blockstream.com/2018/02/21/bulletproofs-faster-rangeproofs-and-much-more.html

Most likely users won't be forced to use Bulletproof (if it's implanted to Bitcoin) and exchanges/services don't bother to support it,  so i think it will be useless just like optional privacy features in Zcash. As far as i know, you could get privacy/anonymity level similar with Monero (unknown output, unknown receiver and unknown amount sent) if both sender and receiver use Bulletproof.
So in reality, there won't be any significant privacy/anonymity in real life usage.

bitbunnny
Legendary
*
Offline Offline

Activity: 1302
Merit: 1006



View Profile
February 26, 2018, 06:31:42 PM
 #9

Over the years Bitcoin has lost a great deal of privacy and anonimity. I would dare to say that it isn't almost anonimous at all. Therefore the need for bulletproof transactions has emerged. But at the moment I'm not sure how efficient this will function if it will at all. And if you want to trade and use exchanges you can't stay anonimous because exchanges are legaly obliged to collect users data in order to keep legitimate business.
But for some deal of anonimity you can always try to use Bitcoin mixers.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
RGBKey
Hero Member
*****
Offline Offline

Activity: 700
Merit: 589


PGP: 5688A943


View Profile WWW
February 27, 2018, 04:43:56 AM
 #10

Over the years Bitcoin has lost a great deal of privacy and anonimity. I would dare to say that it isn't almost anonimous at all. Therefore the need for bulletproof transactions has emerged. But at the moment I'm not sure how efficient this will function if it will at all. And if you want to trade and use exchanges you can't stay anonimous because exchanges are legaly obliged to collect users data in order to keep legitimate business.
But for some deal of anonimity you can always try to use Bitcoin mixers.

Bitcoin has never been anonymous, only pseudo-anonymous. Addresses are completely traceable identifiers. You could make an argument that Bitcoin may have gained privacy due to changes in wallets (generating a new address for every receipt of coins instead of re-using them). Excluding exchanges, which aren't directly a part of Bitcoin, I think the privacy situation may have gotten slightly better.

However, with the rise of Bitcoin there's been the rise of chain analytics groups trying to trace coins. So I think it's important that privacy improvements to Bitcoin on a protocol level are still being considered.

bob123
Sr. Member
****
Offline Offline

Activity: 532
Merit: 379



View Profile
February 27, 2018, 03:08:02 PM
 #11

You could make an argument that Bitcoin may have gained privacy due to changes in wallets (generating a new address for every receipt of coins instead of re-using them).

The privacy of Bitcoin has nothing to do with updates of wallets.
Addresses technically don't exist in the bitcoin network. Its just a form of representation in an (accepted) human-readable format.

Additionally 'addresses' should be used as a form of invoice number. Thats effectively the best way regarding any possible trade-offs.
The way the bitcoin protocol is used has no influence on the privacy of the technology (and the coin) itself.

pebwindkraft
Full Member
***
Offline Offline

Activity: 208
Merit: 159


View Profile
February 27, 2018, 04:21:51 PM
 #12

...
Addresses technically don't exist in the bitcoin network. Its just a form of representation in an (accepted) human-readable format.

Which is technically correct. The tx leave only hashes and pubkeys in the blockchain. Not addresses. But: the pubkeys can easily be hashed, checksum’d and base58check encoded, to finally have the same thing as the addresses in the wallets. so there is no big distinction between what is in the blockchain, and what is in the wallet. This holds true for P2SH as well.
When forensic analysis is done, what does it matter, if you use the hash, the pubkey or the address.you don‘t even need the addresses, and could work through the tx and create a picture of their relationship(s). To see how bitcoins are assigned from pubkey to pubkey or hash to hash. Essentially it will be the same as saying „address to address“.
Hence I see the need for anonymization or programs/extensions to provide more privacy.
CodeCoinICO
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0

support@codecoinico.com


View Profile WWW
February 27, 2018, 08:57:03 PM
 #13

Well basically bitcoin is not a private coin and your transactions will always be recorded on blockchain with ur address, permanently.

CodingMarket-World's first decentralized coding service marketplace
ICO Live Now!
www.codecoinico.com
monsterer2
Member
**
Offline Offline

Activity: 182
Merit: 66


View Profile
February 27, 2018, 09:20:27 PM
 #14

Privacy/anonymity consists of:

A. unlinkability (can't tell two transactions are to the same recipient): stealth (or just not reusing addresses)
B. untraceability (can't trace paths between tranasctions): ring signatures (or coinjoin, coinswap, though with many complications and hazards, etc.)
C. content privacy (can't see amount being spent): CT (or limited ambiguity of which outputs are change)

I'm not sure if there is any existing crypto which satisfies all three of these requirements.

sjyi
Jr. Member
*
Offline Offline

Activity: 98
Merit: 1


View Profile
February 28, 2018, 04:00:02 AM
 #15

Privacy/anonymity consists of:

A. unlinkability (can't tell two transactions are to the same recipient): stealth (or just not reusing addresses)
B. untraceability (can't trace paths between tranasctions): ring signatures (or coinjoin, coinswap, though with many complications and hazards, etc.)
C. content privacy (can't see amount being spent): CT (or limited ambiguity of which outputs are change)

I'm not sure if there is any existing crypto which satisfies all three of these requirements.

DeepOnion (DO) provides all three.
The contents are obfuscated with obfs4 on top of Tor.
The transactions are obfuscated through coinjoin and multi-sig.

❍ E t h e r a f f l e ❍ The worlds first & only decentralized charitable lottery ❍ ICO Live Now! ❍ (https://etheraffle.com)
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1288
Merit: 1029


Use SegWit and enjoy lower fees


View Profile
February 28, 2018, 04:39:31 PM
 #16

Privacy/anonymity consists of:

A. unlinkability (can't tell two transactions are to the same recipient): stealth (or just not reusing addresses)
B. untraceability (can't trace paths between tranasctions): ring signatures (or coinjoin, coinswap, though with many complications and hazards, etc.)
C. content privacy (can't see amount being spent): CT (or limited ambiguity of which outputs are change)

I'm not sure if there is any existing crypto which satisfies all three of these requirements.

You just mentioned what Monero can do. But you need to do proper full nodes configuration and use secure connection for maximum privacy/anonymity.

Privacy/anonymity consists of:

A. unlinkability (can't tell two transactions are to the same recipient): stealth (or just not reusing addresses)
B. untraceability (can't trace paths between tranasctions): ring signatures (or coinjoin, coinswap, though with many complications and hazards, etc.)
C. content privacy (can't see amount being spent): CT (or limited ambiguity of which outputs are change)

I'm not sure if there is any existing crypto which satisfies all three of these requirements.

DeepOnion (DO) provides all three.
The contents are obfuscated with obfs4 on top of Tor.
The transactions are obfuscated through coinjoin and multi-sig.


You have no idea what you're talking about, DeepOnion blockchain is public and everyone can see the sender, the receiver and the amount send. Most coins with right full nodes configuration, use secure connection and use one-time address are more private/secure than DeepOnion.
I've no idea about obfs4, but CoinJoin require trust and multi0sig have no correlation with anonymity.

LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 672
Merit: 754

Bitcoin Ninja Blockchained | Unregulated Banker


View Profile
February 28, 2018, 11:29:01 PM
 #17

is its choice of ECDSA is known to be weak and have a back-door, while MONERO may be 'secure', its not secure from the ppl you should fear ( NSA wrote the ecdsa curves for monero )

Can you elaborate what you mean?
ECDSA is maybe 25 years old and the cryptographer who offered ECDSA solution passed away years back...
And from I have read I quote: "a large number of brains have studied the possibility of designing a quantum computer to attack the security of algorithms such as RSA or ECDSA. In the case of ECDSA on 256 bits however, it seems that the laws of thermodynamics do not make it possible, in the current state of knowledge" translated from here

monsterer2
Member
**
Offline Offline

Activity: 182
Merit: 66


View Profile
March 01, 2018, 09:03:03 AM
 #18

You just mentioned what Monero can do. But you need to do proper full nodes configuration and use secure connection for maximum privacy/anonymity.

Monero has made good strides towards proper privacy. I thought there were some lingering questions around the ring signatures, though?

Can the receiver of a private transaction prove a link to the sender? That's another biggy.

pebwindkraft
Full Member
***
Offline Offline

Activity: 208
Merit: 159


View Profile
March 01, 2018, 10:57:06 AM
Merited by DooMAD (2), LeGaulois (2)
 #19

...
As to the nature of your question, there is MONERO ( which claims to be secure ), and there is the z-cash coin family which have z-obfuscated addressses to backup the public address scheme, the thing with MONERO is its choice of ECDSA is known to be weak and have a back-door, while MONERO may be 'secure', its not secure from the ppl you should fear ( NSA wrote the ecdsa curves for monero ), like NSA wrote Secp256k1 for btc, like NSA wrote sha-256 for btc, ...

These are quite blunt statements without any reference to its origin. Also it is posted by a new member in the forum, where it is difficult to understand his level of reputation. Looking at his others post, there is no single reference, rude wording, and "look it up yourself". So credibility is low, very low.
I am wondering why @Danny Hamilton gave it some merits (probably to start a discussion on it, maybe I did not understand his merit policy correctly).

secp256k1
I skimmed through some older posts, which talk about security of secp256k1, and it is not recognizable, that NSA wrote the curves for bitcoin. The NIST recommends usage of secp256r1 (see the "r" for random), and NIST provides recommendations to NSA. The randomness is the factor, where people think, it is not "random" enough and includes the backdoor (implemented by the NSA). It looks like the "k1" curve has been chosen, becuase it was known, that "r1" is used by NSA. This is quite a complex theme, and these two links might provide more inside view:

https://bitcointalk.org/index.php?topic=937058.0
https://bitcointalk.org/index.php?topic=151120.0
https://bitcointalk.org/?topic=2699.0

From what I can read (or even understand), secp256k1 was used for performance reasons, knowing it will loose a bit of security.

SHA256
There is this thread (https://bitcointalk.org/index.php?topic=2680267.0), which is also full of statements, but without any proof or link. Already the OP choose a name, which make the content doubtful, and the headline doesn't count at all for scientific proofs. It is good to start a discussion, but luckily this post remained unanswered.
This thread (https://bitcointalk.org/index.php?topic=288545.0) has many links to SHA256 and NSA, but it doesn't become obvious, if there is a backdoor or not. It also looks more like speculation.
And then one can search vor NSA [secp256k1|sha256|ripemd|ECC|ECDSA] in the forum, just to find an overwhelmingly amount of non scientific comments and speculation.

This doesn't withstand scientific proofs. So I can sit more or less comfortably back, happy to know that at current point in time bitcoin is fairly secure, for the following 3 reasons:

1.) to break bitcoin, you need to crack sha256 and ripemed and ECDSA - if NSA had only one of them broken, bitcoin would be the smallest problem
2.) there is only speculation by newbies with low reputation, that NSA has hacked things. Good for bollywood movies and entertainment (and newbies), but doesn't reflect reality.
3.) Maybe there will be no mathematical proof, "only" empirical proof. A bitcoin blockchain with values in the billion dollar range gives me more trust than any centralized system that we are dependant on nowadays. It is based on hashing and signing algos, which are publicly verifiable. And you can't do this with organizations in the FIAT world...


Fantastic33
Member
**
Offline Offline

Activity: 182
Merit: 12


View Profile
March 01, 2018, 11:27:50 AM
 #20

Bitcoin transactions is not completely anonymous, rather a pseudo anonymous one. Personal information about the sender or receiver are kept confidential. Within every transactions, only the btc address and the amount of btc that was transferred or received can be seen, and no one knows whose the owner of that address unless someone knows your btc address. Every transactions are also listed on a ledger called blockchain and is publicized.
When talking about bitcoin bulletproof, it is a technology which is designed to enable efficient confidential transactions wherein amount that was tranferred is kept hidden. These confidential transactions contains cryptographic proof that the transaction that was made was valid.

https://news.bitcoin.com/stanfords-applied-cryptography-group-aims-to-bulletproof-bitcoin/
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!