genjix (OP)
Legendary
Offline
Activity: 1232
Merit: 1076
|
|
January 16, 2014, 03:23:40 AM Last edit: May 09, 2014, 01:47:20 PM by genjix |
|
SX may release - stealth tools, EC commands, HD keysSee the tutorials on HD keys and stealth payments. $ sx stealth-newkey Stealth address: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L Scan secret: af4afaeb40810e5f8abdbb177c31a2d310913f91cf556f5350bca10cbfe8b9ec Spend secret: d39758028e201e8edf6d6eec6910ae4038f9b1db3f2d4e2d109ed833be94a026 $ sx mktx txfile.tx --output vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L:100 Added output sending 100 Satoshis to 1BjqrpQqr4tY5YPQkL8aG7NGkFbTbiuVu. $ sx fetch-stealth ephemkey: 0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd address: 1DUhzP41otHNKijH4B6dZN1SRVuYJyYfrp tx_hash: 63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518 ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9 ...
$ SEED=$(sx hd-seed) $ echo $SEED xprv9s21ZrQH143K3YEx9tNjNtm6FJJHWuKRMmnXw42Eq6RiKt7oRpkKViHPJDnVvVZweqnjxEn6UsFLmztqCc5STduaMMGbwxgwMEkR8xM5wbK $ echo $SEED | sx hd-seed | sx hd-priv 0 | sx hd-priv 0 | sx hd-priv 1 --hard xprv9zShfTYMrPQdXBs1x4zYcf99DGyvykdvYxfdovarBZTh7RTZZ5vNgrdS4eQDPTxN9YnjSzfjVf6eWvEKuNubwLUoEYNg5cDfKp5RQVmYj2x
$ sx help ... EC MATH ec-add-modp Calculate the result of INTEGER + INTEGER. ec-multiply Multiply an integer and a point together. ec-tweak-add Calculate the result of POINT + INTEGER * G.
Install globally: $ wget https://sx.dyne.org/install-sx.sh $ sudo bash install-sx.sh
Install locally (non-root): $ wget https://sx.dyne.org/install-sx.sh $ bash install-sx.sh usr/
|
|
|
|
oakpacific
|
|
January 16, 2014, 09:36:51 AM |
|
The most important difference between this and the deterministic wallet is that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.
|
|
|
|
genjix (OP)
Legendary
Offline
Activity: 1232
Merit: 1076
|
|
January 16, 2014, 12:30:32 PM |
|
The most important difference between this and the deterministic wallet is that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.
It's fantastic. This combined with CoinJoin = unstoppable anonymous Bitcoin.
|
|
|
|
waxwing
|
|
January 16, 2014, 12:35:42 PM |
|
Nice work, Amir You seem to have an expired ssl cert on *.unsystem.net, by the way. This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?
|
PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
|
|
|
genjix (OP)
Legendary
Offline
Activity: 1232
Merit: 1076
|
|
January 16, 2014, 12:37:12 PM |
|
Nice work, Amir You seem to have an expired ssl cert on *.unsystem.net, by the way. This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever? I've changed the link now in the OP. Original link: https://wiki.unsystem.net/index.php/Sx/StealthAlternative link: https://en.bitcoin.it/wiki/Sx/StealthAll these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written.
|
|
|
|
waxwing
|
|
January 16, 2014, 12:43:07 PM |
|
Nice work, Amir You seem to have an expired ssl cert on *.unsystem.net, by the way. This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever? I've changed the link now in the OP. Original link: https://wiki.unsystem.net/index.php/Sx/StealthAlternative link: https://en.bitcoin.it/wiki/Sx/StealthAll these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written. Imagine it; stealth + coinjoin - no one can trace the transactions. multisig - website can never steal funds. SR website code - open sourced with multiple servers for decentralization (maybe Twister too I don't even know anything about it yet). Soon we'll reach a point where it doesn't even matter if the FBI run SR from their headquarters - it'll still be safe
|
PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
|
|
|
genjix (OP)
Legendary
Offline
Activity: 1232
Merit: 1076
|
|
January 16, 2014, 12:50:25 PM |
|
|
|
|
|
cr1776
Legendary
Offline
Activity: 4214
Merit: 1313
|
|
January 16, 2014, 01:04:27 PM |
|
|
|
|
|
bigb159
|
|
January 16, 2014, 01:14:26 PM |
|
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
|
|
|
|
oakpacific
|
|
January 16, 2014, 01:18:15 PM |
|
I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?
|
|
|
|
genjix (OP)
Legendary
Offline
Activity: 1232
Merit: 1076
|
|
January 16, 2014, 01:19:35 PM |
|
I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?
Nothing is stored on your computer. There's no files involved in this. You are responsible for keeping the secret. I suggest storing it encrypted somewhere or writing it down on a piece of paper.
|
|
|
|
prof7bit
|
|
January 16, 2014, 01:56:39 PM |
|
The github address linked in section 1.3 on sx.dyne.org: https://github.com/genjix/sx/ does not work for me (404) Otherwise these sx tools seem to be a great project, exactly what I was looking for all the time, why didn't I see this earlier?
|
|
|
|
kcirazy
Newbie
Offline
Activity: 53
Merit: 0
|
|
January 16, 2014, 02:58:15 PM |
|
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
I think Jemery preferred "Reusable addresses", because this type of address can be re-used by multiple payers, without losing privacy. - Mike, Wladimir, Odinn and Gregory agreed with this. Other than that. Excelent work genjix! Great to see that SX is well supported.
|
|
|
|
agorism
Newbie
Offline
Activity: 45
Merit: 0
|
|
January 16, 2014, 03:30:10 PM |
|
This is AMAZING!!! Thank you so much for this contribution We have encrypted transactions now. Can we implement deniable transactions, like OTR?
|
|
|
|
minorman
Legendary
Offline
Activity: 945
Merit: 1003
|
|
January 16, 2014, 04:12:20 PM |
|
Great work, Amir!
|
|
|
|
waxwing
|
|
January 16, 2014, 04:31:14 PM |
|
Can we implement deniable transactions, like OTR?
I think it's a core aspect of Bitcoin that the transaction record is public. So I can't see how OTR can ever work (even if you prune outputs, a record will still exist somewhere). But deniability is addressed via coinjoin, coinswap, mixing and stealth to an incredible extent, if they're all implemented and widely used. Only Zerocoin (in general, zero knowledge proofs) can address what you hope for fully. Once you can prove possession of a secret without leaking any information, the entire blockchain can go dark.
|
PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
January 16, 2014, 09:33:02 PM Last edit: January 16, 2014, 09:59:53 PM by marcus_of_augustus |
|
This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
Maybe since it is in essence a Diffie-Hellman key exchange technique ... you could call it Forward Privacy Transaction or DH-TX or some such ... i.e. in same name as the original cryptographic technique it is based upon? http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchangeEdit: while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever? ... you could use a stealth address secured in the namecoin blockchain for human-readable authentication, without a 3rd party.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1160
|
|
January 16, 2014, 09:48:42 PM |
|
My thoughts on my stealth addresses should be called stealth addresses:
I'm very against the name "reusable addresses" and strongly believe we should stick with the name stealth addresses.
You gotta look at it from the perspective of a user; lets take standard pay-to-pubkey-hash addresses: I can tell my wallet to pay one as many times as I want and everything works just great. I also can enter the address on blockchain.info's search box, and every transaction related to the address, and the balance of it, pops up immediately.
What is that telling me? A: Addresses starting with "1" are reusable. B: Transactions associated with them appear to be public knowledge.
Now I upgrade my wallet software and it says I now have a "reusable" address. My reaction is "Huh? Normal addresses are reusable, what's special about this weird reusable address thing that my buddy Bob's wallet software couldn't pay." I might even try to enter in a "reusable" address in blockchain.info, which won't work, and I'll just figure "must be some new unsupported thing" and move on with my life.
On the other hand, suppose my wallet says I now have "stealth address" support. I'm going to think "Huh, stealth? I guess that means privacy right? I like privacy." If I try searching for a stealth address on blockchain.info, when it doesn't work I might think twig on "Oh right! It said stealth addresses are private, so maybe the transactions are hidden?" I might also think "Maybe this is like stealth/incognito mode in my browser? So like, there's no history being kept for others to see?" Regardless, I'm going to be thinking "well I hear scary stuff about Bitcoin privacy, and this stealth thing sounds like it's gonna help, so I should learn more about that"
Finally keep in mind that stealth addresses have had a tonne of very fast, and very wide reaching PR. The name is in the public consciousness already, and trying to change it now just because of vague bad associations is going to throw away the momentum of that good PR and slow down adoption. Last night I was at the Toronto Bitcoin Meetup and I based on conversations there with people there, technical and non-technical, almost everyone had heard about them and almost everyone seemed to understand the basic idea of why they were a good thing. That just wouldn't have happened with a name that tried to hide what stealth addresses were for, and by changing the name now we risk people not making the connection when wallet software gets upgraded to support them.
-http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03725.html
|
|
|
|
drrussellshane
|
|
January 16, 2014, 09:52:27 PM |
|
Nice work Amir!
|
Buy a TREZOR! Premier BTC hardware wallet. If you're reading this, you should probably buy one if you don't already have one. You'll thank me later.
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
January 16, 2014, 10:01:06 PM |
|
My thoughts on my stealth addresses should be called stealth addresses:
I'm very against the name "reusable addresses" and strongly believe we should stick with the name stealth addresses. .....
Well done for this work Peter! good arguments all ... and of course author(s) get naming rights ... so Stealth Addresses they are I say.
|
|
|
|
|