Bitcoin Forum
November 10, 2024, 07:45:09 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 »  All
  Print  
Author Topic: Stealth address with SX (anonymous payments)  (Read 25921 times)
genjix (OP)
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
January 16, 2014, 03:23:40 AM
Last edit: May 09, 2014, 01:47:20 PM by genjix
 #1

SX may release - stealth tools, EC commands, HD keys

See the tutorials on HD keys and stealth payments.

Code:
$ sx stealth-newkey
Stealth address: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L
Scan secret: af4afaeb40810e5f8abdbb177c31a2d310913f91cf556f5350bca10cbfe8b9ec
Spend secret: d39758028e201e8edf6d6eec6910ae4038f9b1db3f2d4e2d109ed833be94a026
$ sx mktx txfile.tx --output vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L:100
Added output sending 100 Satoshis to 1BjqrpQqr4tY5YPQkL8aG7NGkFbTbiuVu.
$ sx fetch-stealth
ephemkey: 0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd address: 1DUhzP41otHNKijH4B6dZN1SRVuYJyYfrp tx_hash: 63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518
ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9
...

Code:
$ SEED=$(sx hd-seed)
$ echo $SEED
xprv9s21ZrQH143K3YEx9tNjNtm6FJJHWuKRMmnXw42Eq6RiKt7oRpkKViHPJDnVvVZweqnjxEn6UsFLmztqCc5STduaMMGbwxgwMEkR8xM5wbK
$ echo $SEED | sx hd-seed | sx hd-priv 0 | sx hd-priv 0 | sx hd-priv 1 --hard
xprv9zShfTYMrPQdXBs1x4zYcf99DGyvykdvYxfdovarBZTh7RTZZ5vNgrdS4eQDPTxN9YnjSzfjVf6eWvEKuNubwLUoEYNg5cDfKp5RQVmYj2x

Code:
$ sx help
...
EC MATH
   ec-add-modp                Calculate the result of INTEGER + INTEGER.
   ec-multiply                Multiply an integer and a point together.
   ec-tweak-add               Calculate the result of POINT + INTEGER * G.

Install globally:

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ sudo bash install-sx.sh

Install locally (non-root):

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ bash install-sx.sh usr/
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
January 16, 2014, 09:36:51 AM
 #2

The most important difference between this and the deterministic wallet is  that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
genjix (OP)
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
January 16, 2014, 12:30:32 PM
 #3

The most important difference between this and the deterministic wallet is  that you may never need to publicize your address(defense against Google data mining) to receive payments, which has to be spelled out somewhere I think.

It's fantastic. This combined with CoinJoin = unstoppable anonymous Bitcoin.
waxwing
Sr. Member
****
Offline Offline

Activity: 469
Merit: 253


View Profile
January 16, 2014, 12:35:42 PM
 #4

Nice work, Amir Smiley

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?


PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
genjix (OP)
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
January 16, 2014, 12:37:12 PM
 #5

Nice work, Amir Smiley

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

I've changed the link now in the OP.

Original link: https://wiki.unsystem.net/index.php/Sx/Stealth

Alternative link: https://en.bitcoin.it/wiki/Sx/Stealth

All these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written.
waxwing
Sr. Member
****
Offline Offline

Activity: 469
Merit: 253


View Profile
January 16, 2014, 12:43:07 PM
 #6

Nice work, Amir Smiley

You seem to have an expired ssl cert on *.unsystem.net, by the way.

This whole system is very reminiscent of ssl, since I'm on the subject.. Initial handshake with shared secret. But of course the purpose is different in various ways. If we think of a scenario where a customer wants to pay to a Silk Road merchant, I guess you'd say that this part (stealth addresses) is a kind of substitute for the encryption part of ssl (well, not a complete substitute but part) (because obviously you can't encrypt the blockchain but this serves to seriously obfuscate the meaning of txs), while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

I've changed the link now in the OP.

Original link: https://wiki.unsystem.net/index.php/Sx/Stealth

Alternative link: https://en.bitcoin.it/wiki/Sx/Stealth

All these new innovations are great. Especially when you start thinking about systems like Twister and their implications. Writing functions like initiate_stealth() is probably the coolest thing I've ever written.

 Cheesy

Imagine it; stealth + coinjoin - no one can trace the transactions. multisig - website can never steal funds. SR website code - open sourced with multiple servers for decentralization (maybe Twister too I don't even know anything about it yet).

Soon we'll reach a point where it doesn't even matter if the FBI run SR from their headquarters - it'll still be safe Cheesy

PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
genjix (OP)
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
January 16, 2014, 12:50:25 PM
 #7

exactly Smiley

I've written more plans for this: https://wiki.unsystem.net/index.php/DarkWallet/Overview
cr1776
Legendary
*
Offline Offline

Activity: 4214
Merit: 1313


View Profile
January 16, 2014, 01:04:27 PM
 #8

exactly Smiley

I've written more plans for this: https://wiki.unsystem.net/index.php/DarkWallet/Overview

This is very nice.
bigb159
Full Member
***
Offline Offline

Activity: 163
Merit: 100



View Profile
January 16, 2014, 01:14:26 PM
 #9

This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
oakpacific
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


View Profile
January 16, 2014, 01:18:15 PM
 #10

I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?

https://tlsnotary.org/ Fraud proofing decentralized fiat-Bitcoin trading.
genjix (OP)
Legendary
*
expert
Offline Offline

Activity: 1232
Merit: 1076


View Profile
January 16, 2014, 01:19:35 PM
 #11

I guess sx erases the payee's pubkey and encrypts the payer's privkey after the stealth payment right? If say FBI breaks into Alice's house and seizes her computer, they should not be able to figure out she has paid Bob isn't it?

Nothing is stored on your computer. There's no files involved in this. You are responsible for keeping the secret. I suggest storing it encrypted somewhere or writing it down on a piece of paper.
prof7bit
Hero Member
*****
Offline Offline

Activity: 938
Merit: 500


https://youengine.io/


View Profile WWW
January 16, 2014, 01:56:39 PM
 #12

The github address linked in section 1.3 on sx.dyne.org: https://github.com/genjix/sx/ does not work for me (404)

Otherwise these sx tools seem to be a great project, exactly what I was looking for all the time, why didn't I see this earlier?

kcirazy
Newbie
*
Offline Offline

Activity: 53
Merit: 0



View Profile
January 16, 2014, 02:58:15 PM
 #13

This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.
I think Jemery preferred "Reusable addresses", because this type of address can be re-used by multiple payers, without losing privacy.
- Mike, Wladimir, Odinn and Gregory agreed with this.

Other than that. Excelent work genjix! Great to see that SX is well supported.
agorism
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile
January 16, 2014, 03:30:10 PM
 #14

This is AMAZING!!!
Thank you so much for this contribution Cheesy

We have encrypted transactions now.
Can we implement deniable transactions, like OTR?
minorman
Legendary
*
Offline Offline

Activity: 945
Merit: 1003



View Profile
January 16, 2014, 04:12:20 PM
 #15

Great work, Amir!  Cheesy


 ██▄                ██        ▄███████▄        ██                  ██      ▄█████████▄ 
 ████              ██      █                  █      ██                  ██      ██                ██
 ██  ▀█            ██    ▄█                  █▄    ██                  ██    ██                  ██
 ██    █▄          ██    ██                  ██    ██                  ██    ▀█                     
 ██      █▄        ██    ██                  ██    ██                  ██      ██                   
 ██        █▄      ██                                  ██                  ██       ▀████████▄   
 ██          █▄    ██    ██                  ██    ██                  ██                        ██ 
 ██            █▄  ██    ██                  ██    ██                  ██                          ██
 ██              █▄██    ██                  ██    ▀█                  █▀    ▄▄                  █▀
 ██                ███      █                  █        █                  █      ██                ██ 
 ██                  ▀█        ▀███████▀            ▀███████▀         ▀█████████▀   











Nousplatform Youtube     
waxwing
Sr. Member
****
Offline Offline

Activity: 469
Merit: 253


View Profile
January 16, 2014, 04:31:14 PM
 #16

Can we implement deniable transactions, like OTR?

I think it's a core aspect of Bitcoin that the transaction record is public. So I can't see how OTR can ever work (even if you prune outputs, a record will still exist somewhere). But deniability is addressed via coinjoin, coinswap, mixing and stealth to an incredible extent, if they're all implemented and widely used.

Only Zerocoin (in general, zero knowledge proofs) can address what you hope for fully. Once you can prove possession of a secret without leaking any information, the entire blockchain can go dark.

PGP fingerprint 2B6FC204D9BF332D062B 461A141001A1AF77F20B (use email to contact)
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
January 16, 2014, 09:33:02 PM
Last edit: January 16, 2014, 09:59:53 PM by marcus_of_augustus
 #17

This concept is awesome, but needs some PR reworking. Can we consider renaming this to something like "restricted," "confidential," "personal," "private" or "nonpublic" . "Stealth" has an off-the-books connotation that doesn't fit what govs. want to see in Crypto right now.

Maybe since it is in essence a Diffie-Hellman key exchange technique ... you could call it Forward Privacy Transaction or DH-TX or some such ... i.e. in same name as the original cryptographic technique it is based upon?

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange


Edit:
Quote
while the authentication part of ssl would have to be dealt with separately through some pgp stuff or x509 or whatever?

... you could use a stealth address secured in the namecoin blockchain for human-readable authentication, without a 3rd party.

Peter Todd
Legendary
*
expert
Offline Offline

Activity: 1120
Merit: 1160


View Profile
January 16, 2014, 09:48:42 PM
 #18

My thoughts on my stealth addresses should be called stealth addresses:


I'm very against the name "reusable addresses" and strongly believe we
should stick with the name stealth addresses.

You gotta look at it from the perspective of a user; lets take standard
pay-to-pubkey-hash addresses: I can tell my wallet to pay one as many
times as I want and everything works just great. I also can enter the
address on blockchain.info's search box, and every transaction related
to the address, and the balance of it, pops up immediately.

What is that telling me? A: Addresses starting with "1" are reusable. B:
Transactions associated with them appear to be public knowledge.

Now I upgrade my wallet software and it says I now have a "reusable"
address. My reaction is "Huh? Normal addresses are reusable, what's
special about this weird reusable address thing that my buddy Bob's
wallet software couldn't pay." I might even try to enter in a "reusable"
address in blockchain.info, which won't work, and I'll just figure
"must be some new unsupported thing" and move on with my life.

On the other hand, suppose my wallet says I now have "stealth address"
support. I'm going to think "Huh, stealth? I guess that means privacy
right? I like privacy." If I try searching for a stealth address on
blockchain.info, when it doesn't work I might think twig on "Oh right!
It said stealth addresses are private, so maybe the transactions are
hidden?" I might also think "Maybe this is like stealth/incognito mode
in my browser? So like, there's no history being kept for others to
see?" Regardless, I'm going to be thinking "well I hear scary stuff
about Bitcoin privacy, and this stealth thing sounds like it's gonna
help, so I should learn more about that"

Finally keep in mind that stealth addresses have had a tonne of very
fast, and very wide reaching PR. The name is in the public consciousness
already, and trying to change it now just because of vague bad
associations is going to throw away the momentum of that good PR and
slow down adoption. Last night I was at the Toronto Bitcoin Meetup and I
based on conversations there with people there, technical and
non-technical, almost everyone had heard about them and almost everyone
seemed to understand the basic idea of why they were a good thing. That
just wouldn't have happened with a name that tried to hide what stealth
addresses were for, and by changing the name now we risk people not
making the connection when wallet software gets upgraded to support
them.

-http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03725.html

drrussellshane
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


View Profile
January 16, 2014, 09:52:27 PM
 #19

Nice work Amir!


Buy a TREZOR! Premier BTC hardware wallet. If you're reading this, you should probably buy one if you don't already have one. You'll thank me later.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2349


Eadem mutata resurgo


View Profile
January 16, 2014, 10:01:06 PM
 #20

My thoughts on my stealth addresses should be called stealth addresses:


I'm very against the name "reusable addresses" and strongly believe we
should stick with the name stealth addresses.
.....

Well done for this work Peter!  Smiley

good arguments all ... and of course author(s) get naming rights ... so Stealth Addresses they are I say.

Pages: [1] 2 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!