Bitcoin Forum
February 29, 2020, 07:58:23 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 [All]
  Print  
Author Topic: Taproot proposal  (Read 968 times)
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2968
Merit: 3279



View Profile
May 07, 2019, 12:03:27 AM
Merited by Foxpup (3), Carlton Banks (3), LoyceV (2), bones261 (2), Jating (2), hugeblack (2), o_e_l_e_o (2), Coding Enthusiast (2), d5000 (1), ETFbitcoin (1), franckuestein (1), o48o (1), mindrust (1), DroomieChikito (1)
 #1

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-May/016914.html

Quote
Hello everyone,

Here are two BIP drafts that specify a proposal for a Taproot
softfork. A number of ideas are included:

* Taproot to make all outputs and cooperative spends indistinguishable
from eachother.
* Merkle branches to hide the unexecuted branches in scripts.
* Schnorr signatures enable wallet software to use key
aggregation/thresholds within one input.
* Improvements to the signature hashing algorithm (including signing
all input amounts).
* Replacing OP_CHECKMULTISIG(VERIFY) with OP_CHECKSIGADD, to support
batch validation.
* Tagged hashing for domain separation (avoiding issues like
CVE-2012-2459 in Merkle trees).
* Extensibility through leaf versions, OP_SUCCESS opcodes, and
upgradable pubkey types.

The BIP drafts can be found here:
* https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki
specifies the transaction input spending rules.
* https://github.com/sipa/bips/blob/bip-schnorr/bip-tapscript.mediawiki
specifies the changes to Script inside such spends.
* https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
is the Schnorr signature proposal that was discussed earlier on this
list (See https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016203.html)

An initial reference implementation of the consensus changes, plus
preliminary construction/signing tests in the Python framework can be
found on https://github.com/sipa/bitcoin/commits/taproot. All
together, excluding the Schnorr signature module in libsecp256k1, the
consensus changes are around 520 LoC.

While many other ideas exist, not everything is incorporated. This
includes several ideas that can be implemented separately without loss
of effectiveness. One such idea is a way to integrate SIGHASH_NOINPUT,
which we're working on as an independent proposal.

The document explains basic wallet operations, such as constructing
outputs and signing. However, a wide variety of more complex
constructions exist. Standardizing these is useful, but out of scope
for now. It is likely also desirable to define extensions to PSBT
(BIP174) for interacting with Taproot. That too is not included here.

Cheers,

--
Pieter
1582963103
Hero Member
*
Offline Offline

Posts: 1582963103

View Profile Personal Message (Offline)

Ignore
1582963103
Reply with quote  #2

1582963103
Report to moderator
1582963103
Hero Member
*
Offline Offline

Posts: 1582963103

View Profile Personal Message (Offline)

Ignore
1582963103
Reply with quote  #2

1582963103
Report to moderator
1582963103
Hero Member
*
Offline Offline

Posts: 1582963103

View Profile Personal Message (Offline)

Ignore
1582963103
Reply with quote  #2

1582963103
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582963103
Hero Member
*
Offline Offline

Posts: 1582963103

View Profile Personal Message (Offline)

Ignore
1582963103
Reply with quote  #2

1582963103
Report to moderator
1582963103
Hero Member
*
Offline Offline

Posts: 1582963103

View Profile Personal Message (Offline)

Ignore
1582963103
Reply with quote  #2

1582963103
Report to moderator
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
May 07, 2019, 07:15:30 AM
Last edit: May 07, 2019, 07:45:32 AM by fillippone
Merited by mindrust (1)
 #2

Fillippone just  a pawn in the game of Bitcoin, I have enormous amount of respect for Bitcoin developers, and the following statement doesn’t absolutely mean to disrespect the huge work behind this proposal: I fully endorse and how will evolve in a Bitcoin protocol enchantment.
Writing this disclaimer because I got misunderstood in some previous discussions.

The more you build on bitcoin protocol, the more it is difficult to change the protocol itself.
With L2 solution (LN and  Liquid) being more and more widespread, and impacting Btc ecosystem, and L3 solutions peeking over the horizon (see my monthly recap),  I guess those are the last possible chances to get something done at protocol level.
Protocol immutability is a feature, not a bug.
Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
aliashraf
Hero Member
*****
Offline Offline

Activity: 994
Merit: 730

always remember the cause


View Profile WWW
May 07, 2019, 08:58:51 AM
Merited by ETFbitcoin (1), hugeblack (1)
 #3

Fillippone just  a pawn in the game of Bitcoin, I have enormous amount of respect for Bitcoin developers, and the following statement doesn’t absolutely mean to disrespect the huge work behind this proposal I fully endorse and how will evolve in a BItcoin protocol enanchments.
Writing this because I got misunderstood in some previous discussions.

The more you build on bitcoin protocol, the more it is difficult to change the protocol itself.
With L2 solution (LN and  Liquid) being more and more widespread, and impacting Btc ecosystem, and L3 solutions peeking over the horizon (see my monthly recap),  I guess those are the last possible chances to get something done at protocol level.
Protocol immutability is a feature, not a bug.
Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.

Absolutely disagree. Although making an analogy between bitcoin and TCP/IP is void and meaningless it would be worth mentioning how a semi-decentralized infrastructure like TCP/IP was ruined by L2 protocols like SMTP and HTTP giving birth to Internet giants like Google, Facebook, Netflix, YouTube, etc.

It is easy to make void analogies and waste your and other people's valuable time by advocating for L2 and L3 garbage that have nothing to do with basic ideas of cryptocurrency, among them decentralization and anti-censorship. Every shallow minded junior software engineer is able to make fantasies about layers above layers of protocols, feeling smart to understand protocol stacking. They are always prone to this class of mistakes, using design patterns as templates that are applicable to every problem without gap analysis.

There is a gap between bitcoin and a networking protocol like TCP/IP: bitcoin is a decentralized application while TCP/IP is a semi-decentralized transport protocol, a good engineer should beware of this gap and avoid stupid analogies between the two.

What is hard, the real challenge of bitcoin is improving it in consensus level such that it can accomplish its original mission as a p2p electronic cash system in a scalable fashion without compromising security and decentralization measures. Bitcoin Core developers has escalated this hurdle to an upper level by discouraging (even fighting against) hard forks. Unlike them, I don't see any reason to be such dogmatic about chain splits and hard forks, actually I see a handful of good reasons to have an overhaul every one decade or so.

My first impressions about Taproot proposal:
  • A good, still conservative step, forward.
  • So many critical problems not addressed.

Let's read the details and discuss later.


fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
May 07, 2019, 09:13:16 AM
 #4

I am not a software engineer, so I am no way qualified to judge your more technical remarks.
For sure i can criticise the analogy with Facebook, but I won't indulge in that because if the basic analogy Bitcoin (protocol) <=> TCP/IP is not good, every derivate analogy will be bad too.

The point is I always say Bitcoin as a protocol, not as an application, as I said, I am not a software engineer, so I will dig more into this.


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1932
Merit: 2212

Use SegWit and enjoy lower fees.


View Profile WWW
May 07, 2019, 05:09:56 PM
Last edit: May 07, 2019, 06:40:24 PM by ETFbitcoin
 #5

After quick research, i just realized Taproot is combination of Schnorr and MAST. No wonder i never see any news about MAST.

I wonder if HTLC on Lightning Network can use Taproot (which would save fees/reduce tx size when open/close channel)?

Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.

I disagree, if there's way to optimize "lower" layer which also backward-compatible. I don't see anything wrong with it.
I'd agree if we're talking about implement complex feature on "lower" layer.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2660
Merit: 2206



View Profile
May 07, 2019, 06:31:58 PM
Last edit: May 07, 2019, 08:51:16 PM by Carlton Banks
Merited by Foxpup (3), bones261 (2), gmaxwell (1), fronti (1), ETFbitcoin (1), hugeblack (1), darosior (1)
 #6

I wonder if HTLC on Lightning Network can use Taproot (which would save fees/reduce tx size when open/close channel)?

Yes

Lightning channels have 2 scripts branches ("update" and "close"). If one were using these proposed taproot enabled segwit v1 outputs, the update branch will only ever be processed when the channel is open, and does not need to be written to the blockchain at all when closing the channel. Conversely, the close branch is not written to the chain when opening the channel.

This not only optimises space usage on-chain, but also makes lightning open/close transactions more closely resemble regular transactions, and so improves fungibility. I think it's possible with taproot and signature aggregation (which is not in this proposed fork) to make channel open/close tx's indistinguishable from regular tx's on chain (and potential changes to aid scaling of lightning routing will mean that only a small subset of LN nodes will be aware of the existence of a given channel, so knowing where and when BTC enters and exits payment channels will be a much more difficult problem to solve)

Edit: it's better than I thought, it seems only a specific form of sig aggregation ("cross input aggregation") is not in this fork proposal, but the basic type is (where signatures in a single transaction are summed together). No idea how cross input form differs from the basic type, still reading...


Vires in numeris
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
May 07, 2019, 06:35:33 PM
 #7

After quick research, i just realized Taproot is combination of Schnorr and MAST. No wonder i never see any news about MAST.

I wonder if HTLC on Lightning Network can use Taproot (which would save fees/reduce tx size when open/close channel)?
But if Bitcoin use rolling-release/progressive approach (which is very unlikely)

Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.

I disagree, if there's way to optimize "lower" layer which also backward-compatible. I don't see anything wrong with it.
I'd agree if we're talking about implement complex feature on "lower" layer.
Sure, I agree on that, but what I mean is that if you build multiple protocol layers over the fundamental layer of Bitcoin protocol, if you modify anything on the lower one, the risk of getting something wrecked in the upper layers increases dramatically.
So when you build many layers over Bitcoin protocol, this get “compressed as a Jenga piece” and becomes immutable, as the risk of touching it and wrecking something somewhere becomes too high.


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1932
Merit: 2212

Use SegWit and enjoy lower fees.


View Profile WWW
May 07, 2019, 06:44:11 PM
Merited by fillippone (1)
 #8

Yes
--snip--

Thanks for detailed explanation Smiley

Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.

I disagree, if there's way to optimize "lower" layer which also backward-compatible. I don't see anything wrong with it.
I'd agree if we're talking about implement complex feature on "lower" layer.
Sure, I agree on that, but what I mean is that if you build multiple protocol layers over the fundamental layer of Bitcoin protocol, if you modify anything on the lower one, the risk of getting something wrecked in the upper layers increases dramatically.
So when you build many layers over Bitcoin protocol, this get “compressed as a Jenga piece” and becomes immutable, as the risk of touching it and wrecking something somewhere becomes too high.

Can't disagree with that, but :
1. That's why we always wait years for new improvement, due to through-full testing
2. Many improvement add new feature rather than modify existing feature, such as creating P2SH address for scripting and Bech32 for SegWit.

gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2968
Merit: 3279



View Profile
May 07, 2019, 10:20:10 PM
Merited by Foxpup (2), hugeblack (1), fillippone (1)
 #9

Sure, I agree on that, but what I mean is that if you build multiple protocol layers over the fundamental layer of Bitcoin protocol, if you modify anything on the lower one, the risk of getting something wrecked in the upper layers increases dramatically.
The Bitcoin protocol has specific carve outs for extension. New extensions are done using these carve-outs. This largely avoids impact on things not using the new functionality.

One can not guarantee a complete lack of interaction-- after all, things built on bitcoin could be full of terrible bugs just waiting to be exploited, and any new behaviour might trigger one of those bugs--, but nothing new shows up in transactions that wasn't permitted all along which at least guarantees that nothing changed that some party couldn't have unilaterally done to you.

The reason technical commentators don't express your concern isn't because it hasn't occurred to them, it's because it has occurred and is largely addressed.

I find it kinda frustrating that no one bothers mentioning concerns like this in the crazy "bitcoin should hardfork once a quarter" threads. Sad -- why must this kind of concern be conserved for sane proposals where it doesn't really apply?
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 880


Crypto-Games.net: Multiple coins, multiple games


View Profile
May 08, 2019, 08:16:01 AM
Merited by gmaxwell (1), hatshepsut93 (1), hugeblack (1)
 #10

Fillippone just  a pawn in the game of Bitcoin, I have enormous amount of respect for Bitcoin developers, and the following statement doesn’t absolutely mean to disrespect the huge work behind this proposal I fully endorse and how will evolve in a BItcoin protocol enanchments.
Writing this because I got misunderstood in some previous discussions.

The more you build on bitcoin protocol, the more it is difficult to change the protocol itself.
With L2 solution (LN and  Liquid) being more and more widespread, and impacting Btc ecosystem, and L3 solutions peeking over the horizon (see my monthly recap),  I guess those are the last possible chances to get something done at protocol level.
Protocol immutability is a feature, not a bug.
Nobody in her right mind would change the TCP/IP and Bitcoin is the TCP/IP of the internet money.

Absolutely disagree. Although making an analogy between bitcoin and TCP/IP is void and meaningless it would be worth mentioning how a semi-decentralized infrastructure like TCP/IP was ruined by L2 protocols like SMTP and HTTP giving birth to Internet giants like Google, Facebook, Netflix, YouTube, etc.

It is easy to make void analogies and waste your and other people's valuable time by advocating for L2 and L3 garbage that have nothing to do with basic ideas of cryptocurrency, among them decentralization and anti-censorship. Every shallow minded junior software engineer is able to make fantasies about layers above layers of protocols, feeling smart to understand protocol stacking. They are always prone to this class of mistakes, using design patterns as templates that are applicable to every problem without gap analysis.


But every junior developer could also feel smart, and make fantasies of a perfect blockchain-based cryptocurrency too, without any regard for externalities, or without any regard for the risks in messing up the consensus layer.

Quote

There is a gap between bitcoin and a networking protocol like TCP/IP: bitcoin is a decentralized application while TCP/IP is a semi-decentralized transport protocol, a good engineer should beware of this gap and avoid stupid analogies between the two.

What is hard, the real challenge of bitcoin is improving it in consensus level such that it can accomplish its original mission as a p2p electronic cash system in a scalable fashion without compromising security and decentralization measures.


Says who?

Quote

Bitcoin Core developers has escalated this hurdle to an upper level by discouraging (even fighting against) hard forks. Unlike them, I don't see any reason to be such dogmatic about chain splits and hard forks, actually I see a handful of good reasons to have an overhaul every one decade or so.


That's your opinion. An opinion that many in the community do not share.

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
aliashraf
Hero Member
*****
Offline Offline

Activity: 994
Merit: 730

always remember the cause


View Profile WWW
May 08, 2019, 09:37:52 AM
Last edit: May 08, 2019, 10:08:45 AM by aliashraf
Merited by hugeblack (1)
 #11

Sure, I agree on that, but what I mean is that if you build multiple protocol layers over the fundamental layer of Bitcoin protocol, if you modify anything on the lower one, the risk of getting something wrecked in the upper layers increases dramatically.
The Bitcoin protocol has specific carve outs for extension. New extensions are done using these carve-outs. This largely avoids impact on things not using the new functionality.

One can not guarantee a complete lack of interaction-- after all, things built on bitcoin could be full of terrible bugs just waiting to be exploited, and any new behaviour might trigger one of those bugs--, but nothing new shows up in transactions that wasn't permitted all along which at least guarantees that nothing changed that some party couldn't have unilaterally done to you.

The reason technical commentators don't express your concern isn't because it hasn't occurred to them, it's because it has occurred and is largely addressed.

I find it kinda frustrating that no one bothers mentioning concerns like this in the crazy "bitcoin should hardfork once a quarter" threads. Sad -- why must this kind of concern be conserved for sane proposals where it doesn't really apply?

I hope it wouldn't cause more frustrations but I think both Ethereum approach (hard-forking like quarterly) and yours (do it never ever) to cryptocurrency governance should be categorized as extremism and need to be reconsidered.

Above-thread I objected to @fillippone not to the problem he has brought up but to his solution. He pushes your extremism to its limits and its destiny: leave bitcoin as is! When you abandon radical improvements they need to be implemented on upper layers and besides the centralization and censorship threats involved there will be always a push like that: Don't touch my infrastructure please!

I am against L2 solutions, I think both mining/state-verification in a decentralized ecosystem and on-chain scalability of bitcoin are not achievable without applying revisions in some crucial choices Satoshi made from the first beginning: winner-takes-all approach to mining and linear structure of the blockchain. There is no soft way to do such revisions and no L2 solution would ever solve both scaling and centralization.

Issuing anathema statements against radical improvement proposals that typically involve hard-fork requirements is nothing less than condemning bitcoin.
aliashraf
Hero Member
*****
Offline Offline

Activity: 994
Merit: 730

always remember the cause


View Profile WWW
May 08, 2019, 10:04:07 AM
 #12

But every junior developer could also feel smart, and make fantasies of a perfect blockchain-based cryptocurrency too, without any regard for externalities, or without any regard for the risks in messing up the consensus layer.
And senior developers, (like you and Greg  Tongue) should remain open to such proposals and use them at least as an inspiration to confront the real problems instead of sticking with false analogies with a networking protocol and being happy with minor improvements, Right?


Quote
There is a gap between bitcoin and a networking protocol like TCP/IP: bitcoin is a decentralized application while TCP/IP is a semi-decentralized transport protocol, a good engineer should beware of this gap and avoid stupid analogies between the two.

What is hard, the real challenge of bitcoin is improving it in consensus level such that it can accomplish its original mission as a p2p electronic cash system in a scalable fashion without compromising security and decentralization measures.


Says who?
I say  Cool
Carlton Banks
Legendary
*
Offline Offline

Activity: 2660
Merit: 2206



View Profile
May 08, 2019, 01:10:35 PM
 #13

Says who?
I say  Cool

right, and you make up your own facts

("miners broke the SHA-2 algorithm" which is demonstrably nonsense)

Vires in numeris
aliashraf
Hero Member
*****
Offline Offline

Activity: 994
Merit: 730

always remember the cause


View Profile WWW
May 08, 2019, 05:49:01 PM
Last edit: May 08, 2019, 06:04:06 PM by aliashraf
 #14

Says who?
I say  Cool

right, and you make up your own facts

("miners broke the SHA-2 algorithm" which is demonstrably nonsense)
This is an act of trolling,  Cheesy
@Wind_Fury started it by asking for ethos instead of logus and now you are accomplishing his job by directly questioning my right to say anything about bitcoin. Very interesting.

If you are mentioning my criticism about ASICs, it is indisputable. PoW is a cryptographic problem, it hates efficiency, any cryptographic scheme does. bitcoin basically was designed for owners of commodity devices with almost average efficiency who join and leave the network freely and voluntarily and pay fairly for blocks they mine:
Quote from: Satoshi Nakamoto, Bitcoin whitepaer
Nodes can leave   and   rejoin   the   network   at   will,   accepting   the   proof-of-work   chain   as   proof   of   what happened while they were gone.  They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them.  Any needed rules and incentives can be enforced with this consensus mechanism.

I think a better practice would be making your own argument about what I said above-thread:
What is hard, the real challenge of bitcoin is improving it in consensus level such that it can accomplish its original mission as a p2p electronic cash system in a scalable fashion without compromising security and decentralization measures. Bitcoin Core developers have escalated this hurdle to an upper level by discouraging (even fighting against) hard forks. Unlike them, I don't see any reason to be such dogmatic about chain splits and hard forks, actually I see a handful of good reasons to have an overhaul every one decade or so.

As a pro you might have noticed that I'm directly questioning Buterin's claim about the existence of a trilemma and suggesting that refuting this claim is the most important job of any serious bitcoin developer and the main agenda for any development project.

What do you think?
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2968
Merit: 3279



View Profile
May 08, 2019, 08:28:31 PM
 #15

Can y'all please stop derailing this thread?
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 880


Crypto-Games.net: Multiple coins, multiple games


View Profile
May 09, 2019, 07:01:50 AM
 #16

Can y'all please stop derailing this thread?

Sorry.

aliasharf let's continue in this topic, https://bitcointalk.org/index.php?topic=5140929.0

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
Xieta
Member
**
Offline Offline

Activity: 60
Merit: 40


View Profile
November 07, 2019, 10:56:44 AM
 #17

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-May/016914.html

Quote
Hello everyone,

Here are two BIP drafts that specify a proposal for a Taproot
softfork. A number of ideas are included:

* Taproot to make all outputs and cooperative spends indistinguishable
from eachother.
* Merkle branches to hide the unexecuted branches in scripts.
* Schnorr signatures enable wallet software to use key
aggregation/thresholds within one input.
* Improvements to the signature hashing algorithm (including signing
all input amounts).
* Replacing OP_CHECKMULTISIG(VERIFY) with OP_CHECKSIGADD, to support
batch validation.
* Tagged hashing for domain separation (avoiding issues like
CVE-2012-2459 in Merkle trees).
* Extensibility through leaf versions, OP_SUCCESS opcodes, and
upgradable pubkey types.

The BIP drafts can be found here:
* https://github.com/sipa/bips/blob/bip-schnorr/bip-taproot.mediawiki
specifies the transaction input spending rules.
* https://github.com/sipa/bips/blob/bip-schnorr/bip-tapscript.mediawiki
specifies the changes to Script inside such spends.
* https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
is the Schnorr signature proposal that was discussed earlier on this
list (See https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-July/016203.html)

An initial reference implementation of the consensus changes, plus
preliminary construction/signing tests in the Python framework can be
found on https://github.com/sipa/bitcoin/commits/taproot. All
together, excluding the Schnorr signature module in libsecp256k1, the
consensus changes are around 520 LoC.

While many other ideas exist, not everything is incorporated. This
includes several ideas that can be implemented separately without loss
of effectiveness. One such idea is a way to integrate SIGHASH_NOINPUT,
which we're working on as an independent proposal.

The document explains basic wallet operations, such as constructing
outputs and signing. However, a wide variety of more complex
constructions exist. Standardizing these is useful, but out of scope
for now. It is likely also desirable to define extensions to PSBT
(BIP174) for interacting with Taproot. That too is not included here.

Cheers,

--
Pieter


It's a shame this thread derailed.
Is this still the current proposal or has the discussion on this moved elsewhere?

Best Regards,
-Xi
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
January 23, 2020, 11:55:52 AM
Last edit: January 23, 2020, 12:17:46 PM by fillippone
Merited by Carlton Banks (1), squatter (1)
 #18

A Pull Request from Sipa (Pieter Wuille) for Taproot/Schnoorr consensus rules has been opened on the Bitcoin Core repository:
[WIP] Implement BIP 340-342 validation (Schnorr/taproot/tapscript) #17977

Quote
This is an implementation of the Schnorr/taproot consensus rules proposed by BIPs 340, 341, and 342 (see current bitcoin/bips#876).

It consists of:

#16902 to avoid the O(n^2) behavior in IF/ELSE/END handling that would be exacerbated by the BIP 342 changes.
Addition of Schnorr signatures and 32-byte pubkey support to libsecp256k1 subtree (bitcoin-core/secp256k1#558 PR 558), following BIP 340.
The taproot validation specified in BIP 341.
Script validation under taproot (aka tapscript), specified in BIP 342.
Addition of signing logic for Schnorr/Taproot to the Python test framework, and tests for the above.
This does not include any wallet support.

Merging this is obviously conditional on getting community support for the proposal. It's opened here to demonstrate the code changes that it would imply.

This is the first step toward  the most important protocol change since Segwit, I dare to state.



.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
DooMAD
Legendary
*
Offline Offline

Activity: 2268
Merit: 1466


Leave no FUD unchallenged


View Profile WWW
January 23, 2020, 02:14:31 PM
 #19

This is the first step toward  the most important protocol change since Segwit, I dare to state.

Excellent news.  I suspect a number of people will be watching with keen interest.  Have there been any elaborations on timescales?  Or are the waters still a little murky for that with so much stuff to figure out on the technical side?  Obviously with a significant change like this, they'll be treading carefully.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2660
Merit: 2206



View Profile
January 23, 2020, 03:42:25 PM
Merited by DooMAD (2), ETFbitcoin (1), o_e_l_e_o (1), fillippone (1)
 #20

A Pull Request from Sipa (Pieter Wuille) for Taproot/Schnoorr consensus rules has been opened on the Bitcoin Core repository:

big news indeed.


any elaborations on timescales?

the pull request is marked WIP (work in progress), so my guess would be no. I think sipa is just soliciting early feedback on his implementation of the BIPs (the details of which we can assume are essentially final)

Vires in numeris
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
January 24, 2020, 12:36:54 AM
Last edit: January 24, 2020, 09:32:07 AM by fillippone
Merited by Carlton Banks (1), o_e_l_e_o (1)
 #21

the pull request is marked WIP (work in progress), so my guess would be no. I think sipa is just soliciting early feedback on his implementation of the BIPs (the details of which we can assume are essentially final)

Officially BIP!
Pieter Wuille on Twitter:
Quote
The Schnorr/Taproot proposal is now published as BIPs 340, 341, and 342; see github.com/bitcoin/bips/

Note that the assignment of BIP numbers is not any kind of stamp of approval; it just means the process was followed (which includes some amount of public discussion).
https://twitter.com/pwuille/status/1220502956023283718?s=21

EDIT:
For the non technical and casual reader an article surfaced on Coindesk:
Bitcoin’s Privacy and Scaling Tech Upgrade ‘Taproot’ Just Took a Big Step Forward


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 880


Crypto-Games.net: Multiple coins, multiple games


View Profile
January 24, 2020, 08:36:19 AM
 #22

This would clearly be the biggest Bitcoin update since Segwit on 2017. Are there some people within the community who are against it?

I hope no more drama ensues. Haha.

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
Carlton Banks
Legendary
*
Offline Offline

Activity: 2660
Merit: 2206



View Profile
January 24, 2020, 01:53:39 PM
Merited by fillippone (1)
 #23

the pull request is marked WIP (work in progress), so my guess would be no. I think sipa is just soliciting early feedback on his implementation of the BIPs (the details of which we can assume are essentially final)

Officially BIP!
Pieter Wuille on Twitter:
Quote
The Schnorr/Taproot proposal is now published as BIPs 340, 341, and 342; see github.com/bitcoin/bips/

Note that the assignment of BIP numbers is not any kind of stamp of approval; it just means the process was followed (which includes some amount of public discussion).

very positive that BIPs 340-342 are progressing, however mundane that is! I think though that the door is not shut on amendments, but this is still a milestone nevertheless.

I might add that I consider the Taproot soft-fork to be more significant than segwit, the improvement to BTC's money properties and the consequential impact to the overall bitcoin economy are far more substantial than the changes conferred by BIPs 140-144 (despite segwit providing several prerequisites that make taproot possible)

Vires in numeris
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
January 24, 2020, 02:02:23 PM
 #24


very positive that BIPs 340-342 are progressing, however mundane that is! I think though that the door is not shut on amendments, but this is still a milestone nevertheless.

I might add that I consider the Taproot soft-fork to be more significant than segwit, the improvement to BTC's money properties and the consequential impact to the overall bitcoin economy are far more substantial than the changes conferred by BIPs 140-144 (despite segwit providing several prerequisites that make taproot possible)
I am not the most technical user on this board but I have the feeling this time everyone is well aware of how this improvement is for bitcoin protocol and segwit adoption path drama is a lesson learned on how to manage the BIP process: keeping everyone onboard and proceeding step by step is a way of gathering consensus on the proposal.
do you share this view?


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
DooMAD
Legendary
*
Offline Offline

Activity: 2268
Merit: 1466


Leave no FUD unchallenged


View Profile WWW
January 24, 2020, 02:15:45 PM
 #25

This would clearly be the biggest Bitcoin update since Segwit on 2017. Are there some people within the community who are against it?

I hope no more drama ensues. Haha.

I'd anticipate that any conflicts would be purely verbal/written and not even remotely a threat to implementation.  I doubt we'll see any alternative codebases popping up in opposition or anything like that.

The usual detractors will follow their predictable routine of trash-talk and stirring the pot, but I suspect that's about as far as it'll go.

Carlton Banks
Legendary
*
Offline Offline

Activity: 2660
Merit: 2206



View Profile
January 24, 2020, 07:23:04 PM
Merited by gmaxwell (5)
 #26

I am not the most technical user on this board but I have the feeling this time everyone is well aware of how this improvement is for bitcoin protocol and segwit adoption path drama is a lesson learned on how to manage the BIP process: keeping everyone onboard and proceeding step by step is a way of gathering consensus on the proposal.
do you share this view?

really, I think that it's unfair to everyone to discuss attempts to de-rail this proposal before any such attempts have occurred. it's certainly ironic considering this thread has already been drawn into personality clashes, which the OP was unhappy with seeing as this is the dev & technical board (for which I share some responsibility, regrettably)

Vires in numeris
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
January 24, 2020, 07:33:04 PM
 #27

I am not the most technical user on this board but I have the feeling this time everyone is well aware of how this improvement is for bitcoin protocol and segwit adoption path drama is a lesson learned on how to manage the BIP process: keeping everyone onboard and proceeding step by step is a way of gathering consensus on the proposal.
do you share this view?

really, I think that it's unfair to everyone to discuss attempts to de-rail this proposal before any such attempts have occurred. it's certainly ironic considering this thread has already been drawn into personality clashes, which the OP was unhappy with seeing as this is the dev & technical board (for which I share some responsibility, regrettably)
Point taken.
I wasn’t in any case suggesting anyone to derail anything or clash to anyone.


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1170


View Profile
January 24, 2020, 11:42:43 PM
Merited by fillippone (3)
 #28

How far are we from rendering efforts like "chainanalysis" useless? As it stands, interacting with fiat exchanges is a risk by default. Most of us are regular people, we aren't criminals, yet, what those blacklisting services do is basically putting yourself into the insane liability of ending up in a risk linked to criminal activity because some of your addresses once pertained to an address that it's on their blacklists. On a long enough timeline, everyone's chances of having coins that are "tainted" increase to the point that it's absurd putting your coins in an exchange.

Every single wallet should be sending transactions that by default obfuscate things so no one is liable of this bullshit idea of having "tainted coins", in other words, actual fungibility. Until then, how is one supposed to deposit coins on exchanges? Again, as of right now, you are playing a sick lottery in which your coins may or not have traces of being tainted, and as time goes on and coins move, everyone's chances just keep going up.
figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
January 25, 2020, 02:06:13 PM
 #29

How far are we from rendering efforts like "chainanalysis" useless?

Every single wallet should be sending transactions that by default obfuscate things so no one is liable of this bullshit idea of having "tainted coins", in other words, actual fungibility.

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 880


Crypto-Games.net: Multiple coins, multiple games


View Profile
January 26, 2020, 07:31:44 AM
 #30

I am not the most technical user on this board but I have the feeling this time everyone is well aware of how this improvement is for bitcoin protocol and segwit adoption path drama is a lesson learned on how to manage the BIP process: keeping everyone onboard and proceeding step by step is a way of gathering consensus on the proposal.
do you share this view?

really, I think that it's unfair to everyone to discuss attempts to de-rail this proposal before any such attempts have occurred. it's certainly ironic considering this thread has already been drawn into personality clashes, which the OP was unhappy with seeing as this is the dev & technical board (for which I share some responsibility, regrettably)


But, without intending to derail, what would be a good technical debate against this proposal? Is there one? I believe there's none, or else we would already hear about it from people like franky1.

▄▄█████████▄▄
▄█████████████████▄
▄████▀▀▀▀█████▀▀▀▀████▄
████▀██████▀█▀██████▀████
██████████████████████████
▐█████▄███████████████▄█████▌
▐███████▄▄█████████▄▄███████▌
▐██████▀█████████████▀██████▌
▐███████████████████████████▌
▀██████████████████████▀
▀████▄████▄▀▀▄████▄████▀
▀███████▀███▀███████▀
▀▀█████████████▀▀
  ▀▀▀▀▀▀▀▀▀
|
★.★.★   8 GAMES   ★   WAGERING CONTEST   ★   JACKPOTS   ★   FAUCET   ★.★.★
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▄█▀█▀█▄

 ▀███▀
  ▄▄▄
▄██▀▄█▄
██▀▄███
 ▀▄▄▄▀
  ▄▄▄
▄█ ▄▀█▄
██ █ ██
 ▀▄▄█▀
  ▄▄▄
▄▀▄▄▄▀▄
█▀▀▀▀▄█
 ▀███▀
  ▄▄▄
▄▀   ▀▄
█  █▄ █
 ▀▄██▀
  ▄▄▄
▄█▀ ▀█▄
██   ██
 ▀█▄█▀
  ▄▄▄
▀ █ ▀
▀▀▄▀▀
 ▀▄█▄
  ▄▄▄
▄█ ▄▀█▄
██ ▄▀██
 ▀▄▄█▀
|
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1932
Merit: 2212

Use SegWit and enjoy lower fees.


View Profile WWW
January 26, 2020, 07:49:38 AM
Merited by fillippone (2), Husna QA (1)
 #31

Looking at the title of BIP 341 (Taproot: SegWit version 1 spending rules), does that mean we'll see address with prefix bc1p?

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

Not only hardfork, but CT have bigger size compared with regular transaction (even if you combine CT with Bulletproof, just like what Monero did), so i doubt it'll gain massive support.

pooya87
Legendary
*
Offline Offline

Activity: 1932
Merit: 2391


Remember tonight for it's the beginning of forever


View Profile
January 26, 2020, 10:56:09 AM
Merited by fillippone (2), ETFbitcoin (1), Husna QA (1)
 #32

Looking at the title of BIP 341 (Taproot: SegWit version 1 spending rules), does that mean we'll see address with prefix bc1p?

yes. in a Bech32 encoding when you set the witness version to 1 the first character after the separator (ie. 1) is going to become letter "p".
BIP 173 doesn't mention this but it is easy to use one of the libraries to encode an arbitrary length byte array to see what the first character is. https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki
empty 32 bytes= bc1pqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq5us4ke

figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
January 27, 2020, 08:39:19 PM
 #33

has there been discussion about cross-input aggregation and when it might be implemented? i was under the (apparently mistaken) impression it was gonna be included with taproot. it does not appear to be included anywhere in BIP 340-342.

o_e_l_e_o
Legendary
*
Offline Offline

Activity: 854
Merit: 3694


Decent


View Profile
January 27, 2020, 09:16:24 PM
Merited by fillippone (2)
 #34

It's mentioned in BIP 341 as essentially not being ready yet:
Quote
Combining all these ideas in a single proposal would be an extensive change, be hard to review, and likely miss new discoveries that otherwise could have been made along the way. Not all are equally mature as well. For example, cross-input aggregation interacts in complex ways with upgrade mechanisms, and solutions to that are still in flux.


gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2968
Merit: 3279



View Profile
January 28, 2020, 05:56:13 AM
Merited by Welsh (15), suchmoon (7), fillippone (5), Foxpup (4), ETFbitcoin (3), figmentofmyass (2), Husna QA (1)
 #35

The main problem for cross input aggregation is that normally you can just soft-fork in new signature types (e.g. including new sighash types) just by creating a new checksig operator (or having a pubkey of a different length).

But a new signature type added in a backwards compatible softfork couldn't be aggregated with other signatures even if the underlying crypto is the same.  This is especially relevant because there is a current interest in adding some new sighash types, also graftroot which is also effectively a new sighash type.

Aggregation could have been done for basic taproot alone, and then any new types would have to be separately aggregated... but probably along the way we'd come up with different optimizations in how aggregation works, and then the consensus rules would have two implementations of aggregation. Worse, if taproot originally has aggregation people will probably upgrade slowly to a later tapgraftroot since mixed transactions would have higher overhead from the inability to aggregate them both, and fungibility would be hurt by the slow upgrade.

There are also some ideas that could allow for better backwards compatibility.  In particular,  if a new witness-like p2p extension were made that allowed transmitting the concrete sighash values as witness data to old nodes that don't know how to generate those sighashes (but otherwise not keep them in blocks),  then aggregation could be preserved even with future softforked in sig hashes.   But witness-like p2p extensions are a real pain to design and deploy, and no one seemed particularly eager to do that work right now. If one is done it should probably pick up some other improvements other than just backwards compatible aggregation.

So essentially, aggregation is conceptually ready but there are very strong incentives to deploy it in combination with other features which are not currently ready.  Trying to do everything at once is just too big an engineering project to pull off safely, and we're likely to learn a lot from actual usage of taproot which would help improve the design of other features (particularly of graftroot/g'root).

Right now I don't think the current amount of engineering interest in Bitcoin is particularly healthy.  Many long time contributors, including myself, have essentially stopped contributing for a variety of reasons (including uncertainty around political disruption of deploying even fairly boring new consensus changes, concern that too much bitcoin hashpower is controlled by bitcoin adversarial parties who would attempt to block protocol improvements, etc. on top of more generic factors).  Lightning is also easier, faster, and often more interesting to work on and so it has diverted a lot of new blood.
pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1170


View Profile
January 28, 2020, 01:27:31 PM
 #36

How far are we from rendering efforts like "chainanalysis" useless?

Every single wallet should be sending transactions that by default obfuscate things so no one is liable of this bullshit idea of having "tainted coins", in other words, actual fungibility.

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

These things have to run at layer 0 to get any traction imo. We should have had better fungibility since day 1. Things should be mixed by default, what should be optional is making a clear A to B transaction. If we are going to have privacy, we want it to be as close to default state as possible. The internet went throught this already. We would have avoided the spying clusterfuck that it has become if it ran private by default. Only now ages later Tor is becoming more known as well as VPNs, but thats far from ideal. It's still nothing in the grand scheme of things.

Looking at the title of BIP 341 (Taproot: SegWit version 1 spending rules), does that mean we'll see address with prefix bc1p?

yes. in a Bech32 encoding when you set the witness version to 1 the first character after the separator (ie. 1) is going to become letter "p".
BIP 173 doesn't mention this but it is easy to use one of the libraries to encode an arbitrary length byte array to see what the first character is. https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki
empty 32 bytes= bc1pqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq5us4ke

Can't regular bech32 addresses begin with a p?
bulminer
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
January 28, 2020, 01:38:32 PM
 #37

Right now I don't think the current amount of engineering interest in Bitcoin is particularly healthy.  Many long time contributors, including myself, have essentially stopped contributing for a variety of reasons (including uncertainty around political disruption of deploying even fairly boring new consensus changes, concern that too much bitcoin hashpower is controlled by bitcoin adversarial parties who would attempt to block protocol improvements, etc. on top of more generic factors).  Lightning is also easier, faster, and often more interesting to work on and so it has diverted a lot of new blood.

The bips 340 341 and 342 if there is in the community a large consensus for their implementation, will in my opinion be one of the most important upgrades to Bitcoin. However, this implementation will also be a test of the community and its future, because if Bitcoin was already advertised by governments as a facilitation of money laundering, as well as the financing of criminal and terrorist organizations, with this upgrade, we will see strong attacks by political power.

Regarding to the hashpower, the new stratum v2 protocol, aims to further decentralization and break, in part, with the pools decision-making regarding to block protocol improvements.
pooya87
Legendary
*
Offline Offline

Activity: 1932
Merit: 2391


Remember tonight for it's the beginning of forever


View Profile
January 28, 2020, 01:53:52 PM
 #38

Can't regular bech32 addresses begin with a p?

I don't know what you have in mind when you say "regular address".
Bech-32 encoding is a rather simple encoding of any data that takes an octet string (8 bits) convert it to 5 bit chunks and then converts each chunk to one of 32 characters defined by BIP-173 (that is qpzry9x8gf2tvdw0s3jn54khce6mua7l).
For an address we add the witness version as its first 5-bit chunk without needing any conversion so when it is 0 you choose the first char that is "q" and when it is 1 you choose the second that is "p" and so on.
they are all "regular addresses" with a different version.

pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1170


View Profile
January 28, 2020, 02:08:57 PM
Last edit: January 28, 2020, 03:45:53 PM by pereira4
Merited by fillippone (2)
 #39

Can't regular bech32 addresses begin with a p?

I don't know what you have in mind when you say "regular address".
Bech-32 encoding is a rather simple encoding of any data that takes an octet string (8 bits) convert it to 5 bit chunks and then converts each chunk to one of 32 characters defined by BIP-173 (that is qpzry9x8gf2tvdw0s3jn54khce6mua7l).
For an address we add the witness version as its first 5-bit chunk without needing any conversion so when it is 0 you choose the first char that is "q" and when it is 1 you choose the second that is "p" and so on.
they are all "regular addresses" with a different version.

By regular I meant what you point to be as bc1q. So bc1p is it for the new one. I didn't realize it was bc1q, but bc1 then random string. Im not a segwit user myself, still only use legacy. There's no way in hell the regular average joe user will notice any of these changes. That's why I insist: we need everything to be "mixed by default" somehow, and optional would be the clear transactions, ideally. What I mean is, the end user should just have to click "send" and that would be by default a mixed transaction. Then have some box you can check to not mix it optionally. This would be the standardized functionality of all wallets. That's how we reach proper fungibility. Otherwise we are going to start seeing horror stories regarding chainanalysis and innocent people ending up with BTC that was "tainted" attached to their names when they deposit in exchanges and whatnot. The only way to avoid this is that everyone by default mixes coins.

figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
January 28, 2020, 10:29:39 PM
Merited by Welsh (2), fillippone (2), ETFbitcoin (1)
 #40

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

These things have to run at layer 0 to get any traction imo.

taproot/schnorr will run at layer 0. CT could in theory too but there are strong reasons it won't (bloat and lack of support for consensus change).

We should have had better fungibility since day 1. Things should be mixed by default, what should be optional is making a clear A to B transaction. If we are going to have privacy, we want it to be as close to default state as possible.

taproot offers the beginnings of that. amounts and output linkability are still unaddressed at this time, but basically everything under the hood of a transaction can be hidden. cross-input aggregation (once implemented) will further provide strong fee incentives to drive users towards schnorr-based coinjoin and/or adaptor signature-based mixing transactions. wallets could offer these as automatic/default mechanisms. if most of the network is using taproot, these are pretty huge privacy gains for everyone.

unfortunately, we can't approach this issue as if it were day 1. as gmaxwell pointed out, there is uncertainty around being able to deploy even mundane consensus changes---let alone ones that are actually contentious.

pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1170


View Profile
February 03, 2020, 01:50:51 PM
 #41

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

These things have to run at layer 0 to get any traction imo.

taproot/schnorr will run at layer 0. CT could in theory too but there are strong reasons it won't (bloat and lack of support for consensus change).

We should have had better fungibility since day 1. Things should be mixed by default, what should be optional is making a clear A to B transaction. If we are going to have privacy, we want it to be as close to default state as possible.

taproot offers the beginnings of that. amounts and output linkability are still unaddressed at this time, but basically everything under the hood of a transaction can be hidden. cross-input aggregation (once implemented) will further provide strong fee incentives to drive users towards schnorr-based coinjoin and/or adaptor signature-based mixing transactions. wallets could offer these as automatic/default mechanisms. if most of the network is using taproot, these are pretty huge privacy gains for everyone.

unfortunately, we can't approach this issue as if it were day 1. as gmaxwell pointed out, there is uncertainty around being able to deploy even mundane consensus changes---let alone ones that are actually contentious.

What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
February 03, 2020, 02:46:24 PM
 #42


What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.
 
I am afraid the "chainanalysis stuff" is nothing would hold in a serious trial.

By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.




.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
February 03, 2020, 06:58:09 PM
 #43

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.

indeed, there are layers upon layers of deniability baked in. there are other privacy pitfalls that could play a role, like browser/cookie analysis and IP address/bloom filter analysis by adversarial nodes. even then, the notion of getting a jury to convict based on this kind of chain of evidence is a tossup at best. blockchain analysis companies are generally working off a huge number of assumptions and that will become obvious to any jurors studying their protocols.
 
By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.

in theory (actually this is arguable since coinjoin transactions are always currently more expensive).

in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
February 03, 2020, 07:10:32 PM
 #44


in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
February 03, 2020, 07:42:47 PM
 #45

in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.
When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos

people should absolutely "vote with their money" and leave such exchanges, if that's a viable option for them.

that doesn't address the larger issue though. we need to consider what people actually do by default. think about why the maker/taker fee model is so prevalent: because the vast majority of market participants are liquidity takers. further, there is zero indication that privacy is a priority for most of them. they will continue seeking out the highest liquidity exchanges, who all seem to be ratcheting up their AML standards one by one.

so while i agree with you, i don't think that's a viable solution long term. privacy advocates will just have less and less services at their disposal, with worse and worse liquidity. what we need are better coinjoin solutions so that we can slip through unnoticed with the the rest of the masses---so we aren't at a constant disadvantage re liquidity. this will take some time.....probably years.

wasabi wallet was groundbreaking as a first step, but its coinjoin implementation obviously puts its users at a great disadvantage re existing blockchain analysis heuristics. that's a problem we can't afford to ignore.

Pages: 1 2 3 [All]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!