Stealth address with SX (anonymous payments)

[alp]

My concern with the name Stealth Address is that it will end up being a niche feature that most people will not use.  Peter's "Ohh, privacy is good!" argument makes sense among his peers, but will fall flat on most common users.  Most people "Have nothing to hide" and aren't threatened by privacy, even with all the leaks and damage done.  This should be viewed as a standard and non-scary option, and not something for criminals and troublemakers only.  Stealth has those connotations, and I have a feeling it will become put in a corner.  I think he is also a bit biased in that the super-plugged-in people (aka meetup attendees) have heard of this term and it's too late to change it.  I disagree that it's really that well known, even within the Bitcoin community.

Names seem to fall out of describing how something is used or describing what it does.  We should also focus describing traditional addresses as well, to see if there might be a way to relabel them.

No, everyone cares about privacy, at least to a certain degree. Or maybe you could find me someone who would love to show me his bank transaction history.

If this were the case, Edward Snowden wouldn't be hiding in Russia, no one would be using Facebook, and Tor would be standard.  For the vast majority, privacy is simply not valued by most people when it comes down to actually put in any effort.  The Bitcoin community in general is going to have a selection bias towards those who care more than the average person.

Privacy is valued, when people appear to not care about it the threat is usually not tangible, as in your Snowden, FB and Tor case. When your bank/credit card history is out, or you are caught masturbating you will immediately feel how important it really is. Same happens when your friend/wife just saw your bitcoin transaction to a stripper on blockchain.info.

Also the incognito mode seems so important that every browser maker feels the need to put it in.

How often is incognito mode used?  I would say 95% of users never touch it.  How many people stop using credit cards after the account details are hacked?

Do you really think people view being able to see chained transactions as a tangible threat?  Most people won't.  As Bitcoin becomes more mainstream, fewer percentages of people will care as well, EVEN IF bad things happen, which constantly happens.

I'm not denying that it is important, but most people will not take the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

[1715134966]

1715134966

[1715134966]

1715134966

[1715134966]

1715134966

[oakpacific]

I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.

[alp]

I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.

There's a different option you can do that costs more, from what I remember about it.
http://gigaom.com/2013/12/11/atts-gigabit-service-is-70-if-you-let-it-spy-on-your-searches/

And the Bitcoin "threat" is equally as intangible.  Users think that following typical procedures, Bitcoin is anonymous!  Why go the extra step?  There are a lot of misconceptions and misuses today, and we probably have the most educated userbase we will have looking forward, right now.

[johnyj]

I'd rather use "safe address" or "secure address" instead 

[mb300sd]

I'm not denying that it is important, but most people will nottake the steps to protect it, and even actively take steps to give it up if it gives them a small benefit.  AT&T is offering high speed internet if they can spy on your data, how many people do you think will do anything extra to hide their privacy?  It sounds like this is intended to be a mainstream and behind-the-scenes implementation, in which case, it simply becomes your address.

More like they feel there is nothing they can do and are simply giving up. As for AT&T, well the threat is still intangible in that case.

There's a different option you can do that costs more, from what I remember about it.
http://gigaom.com/2013/12/11/atts-gigabit-service-is-70-if-you-let-it-spy-on-your-searches/

And the Bitcoin "threat" is equally as intangible.  Users think that following typical procedures, Bitcoin is anonymous!  Why go the extra step?  There are a lot of misconceptions and misuses today, and we probably have the most educated userbase we will have looking forward, right now.

I'd actually be fine with that ATT service, 1Gbps and all they'll every see is an encrypted VPN tunnel .

[jl2012]

As I understand, the payer has to generate a key pair, and lets the payee knows the public key. Without the public key, the payee is unable to spend the fund. There are 2 channels for the payee to learn the payer public key:

1. Including the payer public key as an OP_RETURN output. This will increase the transaction cost and may not be desirable. Could we specify a smaller key size, an therefore a smaller public key? Since the purpose of the key is not to secure the fund, a smaller key size should be okay.

2. Transferring the public key with other channel. This one is more blockchain-friendly. However, there is a risk of losing the public key so the fund is permanently locked. Should we recommend the payer to generate the key pairs in a deterministic way, and backup the root key?

[Peter Todd]

As I understand, the payer has to generate a key pair, and lets the payee knows the public key. Without the public key, the payee is unable to spend the fund. There are 2 channels for the payee to learn the payer public key:

1. Including the payer public key as an OP_RETURN output. This will increase the transaction cost and may not be desirable. Could we specify a smaller key size, an therefore a smaller public key? Since the purpose of the key is not to secure the fund, a smaller key size should be okay.

You can also use a txin pubkey in the scriptSig, at the cost of reduced privacy, or a txout with a pubkey, e.g. <pubkey> CHECKSIG, again at cost of privacy. I suggested OP_RETURN because the extra size, about 15%, is relatively small. Multi-signature wallets use a lot more extra data than that.

2. Transferring the public key with other channel. This one is more blockchain-friendly. However, there is a risk of losing the public key so the fund is permanently locked. Should we recommend the payer to generate the key pairs in a deterministic way, and backup the root key?

Amir originally suggested using Bitmessage for that task, but losing funds is unacceptable - you really want the transaction to be atomic which forces all relevant information required to spend to be in the transaction itself.

[westkybitcoins]

Amir originally suggested using Bitmessage for that task, but losing funds is unacceptable - you really want the transaction to be atomic which forces all relevant information required to spend to be in the transaction itself.

EDIT: snipped non-helpful thought caused by my own confusion. Oy!

Oh, and yes, awesome work Amir! Bitcoin needs more people like you!

[stenkross]

Awsome work!

There's just one detail I don't get; How does the recipient get hold of the "SECRET NONCE" from the sender?

[prezbo]

Awsome work!

There's just one detail I don't get; How does the recipient get hold of the "SECRET NONCE" from the sender?

It's included in the transaction, encoded in another output.

[kcirazy]

Could sending many dust transactions to a stealth address be a way to inconvenience the receiver? Or perhaps a way to force them to reveal sensitive details?

[d'aniel]

Could sending many dust transactions to a stealth address be a way to inconvenience the receiver? Or perhaps a way to force them to reveal sensitive details?

If the value is too small to be worth checking, it could just be ignored.

[ShadowOfHarbringer]

* ShadowOfHarbringer is watching this.

[SteamGamesBTC.com]

Good work, thank you. Hope in the future it will be builtin in official client. Cheers.

[ABISprotocol]

Very nice, thank you for this. Have been watching SX / obelisk / libbitcoin development for a while.

Cheers

[E.Sam]

Just to let everyone know, if you are a Mac user and entertained the idea of using Stealthbit app https://github.com/thomasrevor/StealthBit, then don't. It's a OSX malware that will empty your wallet. Just thought of mentioning it here since it is about stealth addresses.

I mentioned it here: https://bitcointalk.org/index.php?topic=266813.msg4943840#msg4943840

The first victim just came forward: http://www.reddit.com/r/Bitcoin/comments/1xf2qj/my_wallet_just_emptied_into_this_address/

Scam forum section: https://bitcointalk.org/index.php?topic=454903.new#new

[genjix]

pity people don't have software to do common tasks and need to resort to installing dodgy malware. anyway that will change with time.

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

testing code for those interested: https://github.com/genjix/stealth

(implementation detail: it's currently using number_bits=0 so not using the prefix optimisation. this is only for my testing purposes.)

[marcus_of_augustus]

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Unable to decode input address

Epic!

[Rampion]

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Unable to decode input address

Epic!

Sweet. Historic. Go Amir, Go!!

[ShadowOfHarbringer]

btw first stealth tx: https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518

Unable to decode input address

Epic!

Sweet. Historic. Go Amir, Go!!

O_O. Truly epic.