Coin Validation misunderstands fungibility and could destroy bitcoin

[adam3us]

all its for is to increase the ability to see the source of funds. much like banks look at serial numbers of bank notes to see if they come up with flags that funds once got blacklisted/marked as part of a drugs cartel blackmarket

This is not about crime, nor identifying perpetrators, its about fungibility, they are (perhaps surprisingly) orthogonal payment system properties.


An electronic cash system, must have irrevocability, which as we discussed here is how bitcoin can achieve low cost and efficiency relative to credit cards & paypal.   Coin anonymity is necessary for fungibility, but that is strictly about fungibility, identity level privacy is separate.

Bitcoin makes attempts to achieve irrevocability via blockchain hardening (so it is expensive to undo or change the transaction) and also via using fresh addresses to add coin-level anonymity.  CoinJoin and mixes are technical solutions to improve on just using fresh addresses.


However that does not mean the user is anonymous.  The user is identified  because they have an identity, they interact with multiple coins and identify themselves to businesses.  Police investigators can ask normal businesses they interact with to identify them.  And users identify themselves via street address for delivery, IP address (unless using Tor), username/password on web site, and email address for receipt, bank account for exchange, AML/KYC identities at the exchanges, geo-location of their smart phone, IP address log of their DSL connection, and (without CoinJoin) because their payments link different addresses when a transaction is made using multiple coins, and change is given.

The bitcoin user is far from anonymous.  The full transaction log is public.  (Bitcoin really is not that private nor anonymous: if someone offered to make your bank account or credit card statement as public as bitcoin does we would be angry about it.)

As I said in the original post:

If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.

Now in an ideal world how it is supposed to work is the fungibility/anonymity is secure like zerocoin.   And identity is managed between people sending and receiving bitcoin.  Many variants are possible:

1. public (everyone can see amount, and sender/recipient addresses - current bitcoin)
2. private (encrypted so only recipients see value and address information)
3. private but identified (encrypted between recipients, but recipient and/or sender is identified)

I prefer user choice of 2 or 3. We use SSL for web commerce for a reason, confidentiality of the transaction, and bitcoin does not encrypt transactions.  It means only parties to the communication see the value and decide what level of identification they want if any.  This supports buying ebooks without a dossier of what books you read.  Its no ones business.  And it supports AML/KYC for large for regulated businesses.  And identifying the customer account so the business can account eg with repeat customers.   And it supports criminal investigation also.  The police go subpoena information from businesses the criminal interacted with to track him down.  Same as in real life.

(This is what committed transactions try to do, though it so far has inefficiencies for SPV, and has imperfect privacy as people on the transaction see previous transactions; however it is much more efficient than zerocoin.)


The problem with Coin Validation arises because bitcoins coin-level fungibility/anonymity is imperfect, so it is somewhat possible to correlate users via coins.  It depends if the user follows technical advice, what wallet they use, and if they use coin privcacy enhancing tools like coinjoin.
There are two approaches: cryptography like zerocoin/committed tx; and stirring coins together like coinjoin and mixes - so their whitelist attempts see a jumble of spagetti and reject all transactions and so are ignored.  CoinJoin works now the others are future projects.

Bitcoin identification is also adhoc.  However any regulated bitcoin processor asks for AML.  Most business sites will have an address for delivery, an email for a receipt, an IP address from the web, cookies linking to other sites.  Hence my suggestion to them: issue AML certs in their jurisdiction that the user can show when requested its the sane way to do it within the architecture of an ecash system without destroying its fungibility and hence destroying the currency itself.

(btw fungibility to the other reader, has a second standard meaning: that each coin should be considered equal value).

the only difference is that coinvalidation will make it easier for bitstamp to recognise a 1-2-3-4-or 5 hop TXID as coming from a notorious website to then assess the requirement to report it to fincen.

I hope contrarily that to quote John Gilmore the internet views Coin Validation as censorship and routes around it.  Meaning the coin graph is stirred to a blur via coinjoin integration in all major clients, or Matthew Green & Ian Miers figure out a faster zerocoin or something else figures something else out.

Please do not feed the "oh but the criminals" meme.  We're not encouraging or facilitating crime.  Before it was shutdown silk road accounted for < 1% of transaction volume/month and falling.  Paper cash has worse statistics and is less traceable.   HSBC laundered $880m of dirty money for drug cartels and worse, and walked away with a fine, no sanctions.  http://www.reuters.com/article/2012/12/11/us-hsbc-probe-idUSBRE8BA05M20121211  

We just want an efficient fungible payment system that works without the reputation (equifax etc) costs and revocability (credit card charge backs, paypal freezes etc) that come with credit cards and paypal.   Do NOT invite currency destruction via fungibility attacks it WILL pull the costs up to credit cards and paypal levels.

Adam

[1713582191]

1713582191

[1713582191]

1713582191

[1713582191]

1713582191

[1713582191]

1713582191

[1713582191]

1713582191

[1713582191]

1713582191

[Luckybit]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Transactions should be private but not secret. If an investigation takes place it should be possible to follow a money trail. If there is secrecy in a system such as then then the secret money would have to show up somewhere.

So if politicians start dressing nice and driving in brand new cars, living beyond their means, then of course it's reasonable to consider the possibility that they could be taking a bribe. If you were a journalist trying to uncover all this then secrecy wouldn't help you. If information is private but not secret then it can be uncovered if you interview the right people or ask the right questions, but as a considerable enough cost that it couldn't be a situation where everyone is investigated by a machine.

At the same time most of us don't want to be associated with corrupt social networks, but that has nothing to do with fungibility. If Bitcoin is not fungible then you have dirty and clean Bitcoins and that cannot work. If Bitcoin is fungible then it means we don't have to care where our Bitcoins come from and this is a necessary requirement for Bitcoin.

[Carlton Banks]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Um, whatever you want to believe, then.

[Luckybit]

how can we have transparency with privacy?

They're the logical opposite of one another. The likely answer is, not with this design.

No they are not logical opposites. Secrecy is the opposite of transparency. Privacy is not the same as secrecy.

Um, whatever you want to believe, then.

It's semantic pedantry but it's still fact. Private information is your name, address, social security number, or whatever you don't want everyone to know. Secret information is a level higher than that. People will kill each other to protect secret information because the level of seriousness is higher.

Usually when you have networks of people in authority keeping secrets you have corruption of whatever that institution is. That is because you cannot vet anyone without a background check and you cannot trust anyone who has secrets. If a human being is in a position of authority then secrecy is risk.

While we don't need to know exactly what was transacted it's a good thing that we can see the movement of money. If a lot of people give money to a particular address that is something which should be known to anyone. We don't have to know who they all are to know that.

Personal information is your identity. Public information is a lot of people who use Bitcoins like to buy books. Private information is the particular books that you chose to buy. If you don't want the world to see what you chose to buy then you need pseudo-anonymity to mask your email address, personal information, etc. It is still important for a society to know that certain books are popular without knowing which individuals are buying the books.

[adam3us]

I don't really like the idea of tainting coins but no one is offering a better alternative either. So what is an alternative idea which does not involve tainting coins which can preserve privacy, pseudo-anonymity and fungibility while also removing bank secrecy and providing transparency?

Its a subtle point but there should ideally be two layers. 

A. Coin layer, the coin is anonymous and fungible (like zerocoin if they can get the CPU & storage efficiency and another issue fixed). 

B. User layer: the users send each other encrypted transactions for commercial sensitivity and user privacy, within the encryption the users identify to the degree they choose, if any.   If the recipient is a regulated, it asks for AML/KYC level identification.

Bitcoin is not so far able to meet this normal ecash design.

Bitcoin is cutting edge, the blockchain design is an elegant all-new design to handle double-spend protection for distributed ecash.   But it lost some crypto ecash features of fungibility via cryptographic blinding (Chaum) because they are harder to do in a distributed system.  As close as we have so far is the ZeroCoin proposal of Matthew Green & Ian Miers which improves on a 1999 paper by Sanders & Ta-Shma.

It is very complex to improve bitcoin features, to do it with practical efficiently, and to get them implemented securely, tested as rigorously as a jumbo jet autopilot, and deployed.  There are hard cryptography problems.  People are working on it as hard and as fast as they can, most of them volunteers but enthralled by the new possibilities bitcoin enables for society, with smart-contracts, user self-determination etc.

I think in order to have democracy we cannot have bank secrecy and must have transparency.

I think you have been reading too much David Brin    While corruption is bad, as Assange says, there should be transparency for the powerful, and privacy for the weak.  Current financial systems have the reverse.

In fact a further future, smart-contracts (that bitcoin includes an early version of) should allow rules to be apriori enforced.  This is because smart-contracts act like a scrupulously honest virtual AI that always follows the rules and cant be influenced.  Technically its just that all recipients of proceeds of contracts, and he network itself validate the transactions before they rely on the money.  But its a very powerful effect.  Mike Hearn made a presentation on smart contracts www.youtube.com/watch?v=mD4L7xDNCmA

I do think in principle we could build a future with less systemic risk, less scope for fraud with more sophisticated smart-contracts apriori enforcing rules.  It is better to prevent a crime than occasionally catch these people, and mostly they are smart-enough and connected-enough to avoid sanctions anyway.

In order to combat institutionalized corruption we must have the ability to follow the money trail and this means transparency.

Or strong legal protections and government funded support for whistle-blowers.  Whistle-blowers of corporate and government crimes should be lauded as heroes.  Take Snowden: should be nominated for Nobel prize, not grounded in Russia.

So I don't want to remove the ability of the community to use the tactic of sousveillance to investigate itself and I do not want to remove the ability of law enforcement to investigate (with the cooperation of the global Bitcoin community).

I think investigation should work as at present.  Subpoena people and businesses the criminal interacted with to track down.

I want the ability to be able to claim my transactions under a pseudo-anonymous but verified identity so that I can be cleared if there is an investigation. Is it possible to do this?

Typically the user can keep receipts and present them afterwards in event of dispute or to prove what happened.

Adam

[adam3us]

This is what I thought too, but now I am looking closer and it appears that Forbes may have misrepresented the tech. Read Alex's reddit posts from the previous day: http://www.reddit.com/user/alex_waters :

He probably is spinning PR or focusing on short-term implementation plans to avoid discussing the longer term plans discussed in the article.  If you read it with the PR-interpretation mindset its not so good.  

Whatever his intentions, he is not thinking through the implications or just selfishly doesnt care for quick buck reasons,  I dont know him so I cant tell.  Either way I think this will not end well.  I've been in the privacy tech / crypto business for 15 years, its quite common to encounter and have to navigate around people of all stripes: well meaning, neutral, dont care, and anti-privacy.  Even the ones that are neutral or well meaning often dont think about the long or even mid-term implications of what they are doing.  Thinking about implications is complex, requires concentration, deep understanding across many fields, and may conflict with short term objectives (ie rush something ill-thought-out but  "pragmatic" to get something out the door).  Sometimes making a buck even conflicts with user interests, or even the survival of the system.  Some of these people might even show concern and genuine remorse afterwards when it predictably blows up (to their genuine surprise because they didnt think more than the first chess move.)  Most probably though they'll be onto their next venture and pretend it never happened or more likely not even make the connection between their actions and the outcome.

The technology space is littered with implications from ill considered decisions.  Eg web pages are not signed, and jscript is not signed; a single server key is used for combined tunnel auth/encryption but no transferable signature on the content.  So people can hack servers and modify and replace code and steal eg jscript bitcoin wallets.

These things matter because architecture defines the internet.

“We don’t want to be the sheriff of the Bitcoin community. We just want to create an ecosystem of clean addresses.”

So first they want to identify clean addresses (from the forbes article).

Please stop confusing "clean coins" with KYC'd Bitcoin addresses.

And then they want to distance themselves from clean addresses (from reddit).

So whats a clean address?  Its one that according to them has not got taint on it according to some threshold they decide against some blacklist.  Seems squarely what we are talking about.
Thats my interpretation.  Waters or the other people at CoinValidation are welcome to clarify.

It is beginning to sound a bit more like what you proposed Adam.

The KYC part yes, the clean coins I am not so sure - they really do seem to think longer term that tracing coins is somehow a useful thing to do, which can only harm fungibility.  We may need a priority deployment of CoinJoin option into multiple clients before they get far with that.

DarkWallet could probably do with some funding help also.

Adam

[BittBurger]

How do we get Adams suggestions before the people who can make it happen?

-Burger-

[DoomDumas]

It is also a ridiculous approach.  If they want to certify users, they should do that as optional KYC, AML certificates that regulated merchants in respective jurisdictions can request, which could be attached to wallets/identities, not to fully fungible coins.  The certificates should be non-transitive they attest to the identity of the user, not the coins.  They should be optionally sent - if the recipient does not request it, it is privacy destructive and a security risk to send identifying information to unregulated businesses and individuals.

Their technical representatives of Coin Validation should be ashamed.  How can someone who doesnt understand a concept as basic as fungibility and its relation to transaction costs, and the difference between identity and coins hope to exist in this ecosystem.  

What they are proposing so far at least as explained by the Forbes article is stupid, dangerous and just wrong.  

Oh man, I'm sooooooo supporting you.

+1

This

Doing any sort of redlisting would destroy the essence of Bitcoin.

[charleshoskinson]

As a cryptographer who worked for a government agency that shall remain nameless, I agree completely with Adam's statements. Fungibility is a core tenet of our ecosystem and attacks upon it present massive challenges for us.

We need to take this threat seriously and react quickly with both innovation and education.

[kwest]

All I can say is that if we (the bitcoin community) survive this very serious threat, we will come out the other side much stronger and safer than we ever were before. Here's hoping we do.

This is a test of our abilities to stand together and solve our problems.. a bump in the road, but hopefully it won't make us crash and burn.

[charleshoskinson]

We will  survive and  get stronger. Bitcoin is an idea. Nothing is stronger than ideas that are necessary for both freedom and liberty. 

[Carlton Banks]

We will  survive and  get stronger. Bitcoin is an idea. Nothing is stronger than ideas that are necessary for both freedom and liberty. 

Novel use of cryptography will save us yet again. It will take many forms, and may be alot of work in some cases. But this brand of toothpaste will not go back in the tube.

[tvbcof]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

[n8rwJeTt8TrrLKPa55eU]

For anyone in doubt as to what these guys are angling for.  Look how within hours of their first public appearance they are being solicited into the inner chamber at Mordor.  Opt-in, my arse.  Their endgame is personal fame and profit via endorsement and imposition through governments.

Matthew Mellon ‏@asliceofmellon
#coinvalidation meeting with Homeland Senate Comittee regarding Bitcoin http://instagram.com/p/gtm7bdvQHE/

https://twitter.com/asliceofmellon/status/401122715605934080

[Carlton Banks]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

[gmaxwell]

We have a legitimate requirement for transparency

Transparency is completely orthogonal. There is nothing preventing you from keeping transcripts of your own transactions, along with the signatures with the relevant keys to show that they are yours and present them to whomever you want.

The distinction is that you control that, it's not something being broadcast to the entire world... to every thief, every competitor, every nosy neighbor, every ex-spouse, etc.

The highly public transaction record in Bitcoin is unprecedented in financial systems. It is a weakness, but one that can be patched around, and not a virtue.

[tvbcof]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

[Carlton Banks]

Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
...

Baloney.

Mike has shown probably the highest level grasp of the system and foresight about things then almost anyone to date.  Much beyond Gavin's, for instance.  This dates back to before my interest in the system which happened in mid 2011.

Early on in some thread which was musing about how to destroy Bitcoin, I posited that an effective way might be to grow it and burn it out of it's (happily still) current phase as a distributed system.  Everything tells me that Mike's efforts have been to promote this outcome.  Unfortunately or fortunately depending on one's outlook, this is not going well.  The system is naturally moving to an 'off-chain' form because that is how it remains safe and scalable.  The low and defensible transaction rate remains sufficient to service the load even without 'excessive' fees.

I can't tell from how you've worded this whether or not you're implying that Mike Hearn is actively seeking to undermine Bitcoin. Clarify.

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

I agree that preservation of the distributed model should be the main long term goal. But this will have to be dictated by the limits of the tools we can use at a given point in time; without the development of SPV, alot of the real world utility would be missing from the picture right now. There is serious practical impediment to people downloading gigabytes of blockchain data to their phones, and Mike's work has bridged around the problem. But we can, of course, re-popularise full mobile nodes when technology catches up. The work-around will have served it's purpose, and supported a valuable bit of uptake and usability right when it was needed. We can hardly begrudge Mike for that.

If having Mike Hearn talking to the Washington control freaks is the bulwark we need between us and them for the medium term, then I'd rather it was someone who will do a believable job like he will, than someone doing a bad job of faking it. Unless he is actually Satoshi just enacting an elaborate gameplan  . Because he may as well be, the reality is that we can innovate our way out of whatever corner the government tries to paint us into, the discussions that have come out of this listing business have convinced me of that.

[tvbcof]

Yes, that is what I am implying, but with the caveat it really depends on one's frame of reference.

Mike has been clear for years that a desirable solution is one with fairly fine-grained control of who uses the system and how, and a distributed system is obviously not a good way to achieve this.  This is not necessarily an invalid point of view.  I just strongly dis-agree that it is the right way to go.  It would damage the real utility of the solution in my conception of things.

I agree that preservation of the distributed model should be the main long term goal. But this will have to be dictated by the limits of the tools we can use at a given point in time; without the development of SPV, alot of the real world utility would be missing from the picture right now. There is serious practical impediment to people downloading gigabytes of blockchain data to their phones, and Mike's work has bridged around the problem. But we can, of course, re-popularise full mobile nodes when technology catches up. The work-around will have served it's purpose, and supported a valuable bit of uptake and usability right when it was needed. We can hardly begrudge Mike for that.

I don't downplay Mike's work on this at all.  It was highly impressive and much needed.  Especially the database re-implementation which I believe he at least had a lot to do with.  That, in particular, was badly needed, but I kind of got the impression that it was mostly out of frustration because nobody else was doing it and he wanted the system to thrive so it could move on to the next stage.  The one we are looking down the barrel of now in fact.

I'm luke-warm about the SPV, but not because it isn't good work.  It just works against my personal philosophies of how I would like to see Bitcoin evolve.

If having Mike Hearn talking to the Washington control freaks is the bulwark we need between us and them for the medium term, then I'd rather it was someone who will do a believable job like he will, than someone doing a bad job of faking it. Unless he is actually Satoshi just enacting an elaborate gameplan  . Because he may as well be, the reality is that we can innovate our way out of whatever corner the government tries to paint us into, the discussions that have come out of this listing business have convinced me of that.

My point is that there is absolutely nothing new about Mike's proclivities here.  It matches perfectly with pretty much everything else he's said and done since I've been paying attention.  At least that is my read on things, and I pretty much always call it as I see it.

[btc4ever]

hear.  hear.    In fact, I wish that the 0.9 release had been focused on getting real anonymity into the system rather than a bunch of merchant tools.

coinjoin, privacy and fungibility need to be our priorities.  Mixing should be automatic and the common case, not the exception.

When that is solidly in place, then we can think about more tools for mass adoption.

I hope the dark wallet people get their system up fast, and also provide a nice API for developers.

I encourage anyone with technical skills to put their thinking caps on to find ways to increase fungibility in the short term like CoinJoin, coin control in wallets, helping less technical people migrate to better wallets, educating people about privacy practices that defend fungibility.  And longer term privacy technologies like zero coin, homomorphic encrypted value and committed (hidden) transactions.