Bitcoin Forum
June 20, 2021, 11:19:03 PM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 »  All
  Print  
Author Topic: Taproot proposal  (Read 8939 times)
pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1177


View Profile
February 03, 2020, 01:50:51 PM
 #41

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

These things have to run at layer 0 to get any traction imo.

taproot/schnorr will run at layer 0. CT could in theory too but there are strong reasons it won't (bloat and lack of support for consensus change).

We should have had better fungibility since day 1. Things should be mixed by default, what should be optional is making a clear A to B transaction. If we are going to have privacy, we want it to be as close to default state as possible.

taproot offers the beginnings of that. amounts and output linkability are still unaddressed at this time, but basically everything under the hood of a transaction can be hidden. cross-input aggregation (once implemented) will further provide strong fee incentives to drive users towards schnorr-based coinjoin and/or adaptor signature-based mixing transactions. wallets could offer these as automatic/default mechanisms. if most of the network is using taproot, these are pretty huge privacy gains for everyone.

unfortunately, we can't approach this issue as if it were day 1. as gmaxwell pointed out, there is uncertainty around being able to deploy even mundane consensus changes---let alone ones that are actually contentious.

What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.
1624231143
Hero Member
*
Offline Offline

Posts: 1624231143

View Profile Personal Message (Offline)

Ignore
1624231143
Reply with quote  #2

1624231143
Report to moderator
1624231143
Hero Member
*
Offline Offline

Posts: 1624231143

View Profile Personal Message (Offline)

Ignore
1624231143
Reply with quote  #2

1624231143
Report to moderator
1624231143
Hero Member
*
Offline Offline

Posts: 1624231143

View Profile Personal Message (Offline)

Ignore
1624231143
Reply with quote  #2

1624231143
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1624231143
Hero Member
*
Offline Offline

Posts: 1624231143

View Profile Personal Message (Offline)

Ignore
1624231143
Reply with quote  #2

1624231143
Report to moderator
1624231143
Hero Member
*
Offline Offline

Posts: 1624231143

View Profile Personal Message (Offline)

Ignore
1624231143
Reply with quote  #2

1624231143
Report to moderator
fillippone
Legendary
*
Online Online

Activity: 1106
Merit: 5626


Merit Rascal wannabe Merit Cycler


View Profile
February 03, 2020, 02:46:24 PM
 #42


What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.
 
I am afraid the "chainanalysis stuff" is nothing would hold in a serious trial.

By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.



figmentofmyass
Legendary
*
Offline Offline

Activity: 1652
Merit: 1480



View Profile
February 03, 2020, 06:58:09 PM
 #43

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.

indeed, there are layers upon layers of deniability baked in. there are other privacy pitfalls that could play a role, like browser/cookie analysis and IP address/bloom filter analysis by adversarial nodes. even then, the notion of getting a jury to convict based on this kind of chain of evidence is a tossup at best. blockchain analysis companies are generally working off a huge number of assumptions and that will become obvious to any jurors studying their protocols.
 
By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.

in theory (actually this is arguable since coinjoin transactions are always currently more expensive).

in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

fillippone
Legendary
*
Online Online

Activity: 1106
Merit: 5626


Merit Rascal wannabe Merit Cycler


View Profile
February 03, 2020, 07:10:32 PM
 #44


in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos

figmentofmyass
Legendary
*
Offline Offline

Activity: 1652
Merit: 1480



View Profile
February 03, 2020, 07:42:47 PM
 #45

in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.
When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos

people should absolutely "vote with their money" and leave such exchanges, if that's a viable option for them.

that doesn't address the larger issue though. we need to consider what people actually do by default. think about why the maker/taker fee model is so prevalent: because the vast majority of market participants are liquidity takers. further, there is zero indication that privacy is a priority for most of them. they will continue seeking out the highest liquidity exchanges, who all seem to be ratcheting up their AML standards one by one.

so while i agree with you, i don't think that's a viable solution long term. privacy advocates will just have less and less services at their disposal, with worse and worse liquidity. what we need are better coinjoin solutions so that we can slip through unnoticed with the the rest of the masses---so we aren't at a constant disadvantage re liquidity. this will take some time.....probably years.

wasabi wallet was groundbreaking as a first step, but its coinjoin implementation obviously puts its users at a great disadvantage re existing blockchain analysis heuristics. that's a problem we can't afford to ignore.

fillippone
Legendary
*
Online Online

Activity: 1106
Merit: 5626


Merit Rascal wannabe Merit Cycler


View Profile
August 19, 2020, 10:29:25 AM
Merited by gmaxwell (1)
 #46

Nice article by Aaron Van Wirdum to non-technically sum up all the recent development in Taproot and how  Payment Pools could be used as as Layer 1 scaling solutions and privacy feature.

I don't want to cross-post, so I am linking it here.

gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3458
Merit: 5264



View Profile
August 19, 2020, 10:57:05 PM
 #47

Pieter has posted about changing BIP340 to us a different R tiebreaker: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-August/018081.html

This is some signature algorithm behavioural minutia. Basically BIP340 did an unconventional thing because we believed it was faster enough to be worth a small increase in implementation complexity but it turns out that our belief was based on a both a broken benchmark and a supporting (wrong) assumption and it's not actually faster and might, in fact, be slightly slower in the long run.  Changing to the more conventional thing would simplify implementations and make them somewhat faster.

He tells me that he's received a bunch of positive commentary on it, so I expect the change will be made soon!


gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3458
Merit: 5264



View Profile
September 01, 2020, 01:18:29 AM
 #48

The above mentioned improvements have been applied and now the BIP340 support for libsecp256k1 is ready to be merged: https://twitter.com/pwuille/status/1300572711312265218
DooMAD
Legendary
*
Online Online

Activity: 2730
Merit: 1817


Leave no FUD unchallenged


View Profile WWW
September 05, 2020, 11:14:47 AM
 #49

The above mentioned improvements have been applied and now the BIP340 support for libsecp256k1 is ready to be merged: https://twitter.com/pwuille/status/1300572711312265218

Honestly thought this news deserved a little more attention than it seems to be getting.  A hardy "Good work!" to all involved.  Is the lack of fanfare purely because people are more excited about the aggregation part that isn't quite ready yet?

Carlton Banks
Legendary
*
Offline Offline

Activity: 3122
Merit: 2488



View Profile
September 14, 2020, 05:56:31 AM
Merited by fillippone (2), gmaxwell (1), ETFbitcoin (1), Wind_FURY (1)
 #50

it's now merged: https://github.com/bitcoin/bitcoin/pull/19944

Smiley

(and this is the secp256k1 subtree merged into the bitcoin core repository, it now looks that 0.21.1 will very likely include the taproot/schnorr activation code)

Vires in numeris
Wind_FURY
Legendary
*
Offline Offline

Activity: 1862
Merit: 1121


www.Crypto.Games: Multiple coins, multiple games


View Profile
September 15, 2020, 11:18:49 AM
 #51

it's now merged: https://github.com/bitcoin/bitcoin/pull/19944

Smiley

(and this is the secp256k1 subtree merged into the bitcoin core repository, it now looks that 0.21.1 will very likely include the taproot/schnorr activation code)


There's no drama from the trolls/big-blockers so far. Here's to hoping that this is activated as smoothly, and quickly as possible. Onward!

████  ███████  ███
██████████
███      ███████
███      ███████████
██████████████████
████████
███   ████  ███████████
███ ███████████████
█████████
█████████████████
███  ███████
██████████████
███        ████████
███████████▀▀███▀▀███████████
██████▀▀     ███     ▀▀██████
████▀   ▄▄█████████▄▄   ▀████
████▄▄▄███▀  ▀█▀  ▀███▄▄▄████
██▀▀▀██▀      ▀      ▀██▀▀▀██
█▀  ▄██               ██▄  ▀█
█   ████▄▄         ▄▄████   █
█▄  ▀██▀             ▀██▀  ▄█
██▄▄▄██▄             ▄██▄▄▄██
████▀▀▀███▄ ▄█ █▄ ▄███▀▀▀████
████▄   ▀▀███▄█████▀▀   ▄████
███████▄     ███     ▄███████
███████████▄▄███▄▄███████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
..PLAY NOW..
███  ███████  ████
██████████
███████      ███
███████████      ███
██████████████████
████████
███████████  ████   ███
███████████████ ███
█████████
█████████████████
███████  ███
██████████████
████████        ███
DooMAD
Legendary
*
Online Online

Activity: 2730
Merit: 1817


Leave no FUD unchallenged


View Profile WWW
September 15, 2020, 03:36:46 PM
Merited by gmaxwell (2)
 #52

There's no drama from the trolls/big-blockers so far.

I wasn't expecting any.  It's not particularly controversial and there aren't really any coherent arguments to be made against it.

Carlton Banks
Legendary
*
Offline Offline

Activity: 3122
Merit: 2488



View Profile
September 18, 2020, 03:47:22 PM
 #53


we may well see some


The most important point:

taproot only hides things that do not even happen. The script that is executed always appears on the blockchain when BTC is sent from a taproot address


stick to that argument, i say

(the troll reply is obvious: "no, the taproot secret script is encrypted with SHA256, not even Einstein and Hawking together could crack it and tell what's in the secret script. and money launderers, and Kazakh warlord gangsters. and people smoking Tide pods". Or something to that effect)

Vires in numeris
Carlton Banks
Legendary
*
Offline Offline

Activity: 3122
Merit: 2488



View Profile
September 18, 2020, 04:00:06 PM
 #54

we also have a new BIP 340-342 pull request to github.com/bitcoin/bitcoin (which makes small adjustments to the older pr): https://github.com/bitcoin/bitcoin/pull/19953

positive comments are accumulating already, the case for taproot activation code in 0.21.1 just became that little bit more promising Cool

Vires in numeris
Carlton Banks
Legendary
*
Offline Offline

Activity: 3122
Merit: 2488



View Profile
October 15, 2020, 08:58:47 AM
Merited by gmaxwell (1), Karartma1 (1), Wind_FURY (1)
 #55

we also have a new BIP 340-342 pull request to github.com/bitcoin/bitcoin (which makes small adjustments to the older pr): https://github.com/bitcoin/bitcoin/pull/19953

it's now merged Cool

the schnorr/taproot code will be in 0.21.0, so it's almost certain that activation parameters will be released as a part of 0.21.1 Smiley

Vires in numeris
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 3458
Merit: 5264



View Profile
October 15, 2020, 11:05:57 AM
Merited by Wind_FURY (1), darosior (1)
 #56

the schnorr/taproot code will be in 0.21.0, so it's almost certain that activation parameters will be released as a part of 0.21.1 Smiley
That would be really cool, but I dunno that it's almost certain.  One thing you can be certain of is that they'll be ready when they're released.
Karartma1
Legendary
*
Offline Offline

Activity: 2240
Merit: 1377


Be Revolutionary or Die Trying


View Profile WWW
October 15, 2020, 01:13:58 PM
 #57

So let me see if I got this right: after Taproot is activated will it be possible to know if a payment is the opening/closing/mutual closing of LN channel? As far as I understand this, it will be impossible to distinguish if such payment is, let's say, me opening a LN channel. Which is cool.
Right?

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
Wind_FURY
Legendary
*
Offline Offline

Activity: 1862
Merit: 1121


www.Crypto.Games: Multiple coins, multiple games


View Profile
October 16, 2020, 06:10:51 AM
 #58

we also have a new BIP 340-342 pull request to github.com/bitcoin/bitcoin (which makes small adjustments to the older pr): https://github.com/bitcoin/bitcoin/pull/19953

it's now merged Cool

the schnorr/taproot code will be in 0.21.0, so it's almost certain that activation parameters will be released as a part of 0.21.1 Smiley

This might be another big trial for the network and its participants after the scaling debate in my opinion. Let's wait, and see if some entities from the mining-cartel play nice.

████  ███████  ███
██████████
███      ███████
███      ███████████
██████████████████
████████
███   ████  ███████████
███ ███████████████
█████████
█████████████████
███  ███████
██████████████
███        ████████
███████████▀▀███▀▀███████████
██████▀▀     ███     ▀▀██████
████▀   ▄▄█████████▄▄   ▀████
████▄▄▄███▀  ▀█▀  ▀███▄▄▄████
██▀▀▀██▀      ▀      ▀██▀▀▀██
█▀  ▄██               ██▄  ▀█
█   ████▄▄         ▄▄████   █
█▄  ▀██▀             ▀██▀  ▄█
██▄▄▄██▄             ▄██▄▄▄██
████▀▀▀███▄ ▄█ █▄ ▄███▀▀▀████
████▄   ▀▀███▄█████▀▀   ▄████
███████▄     ███     ▄███████
███████████▄▄███▄▄███████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
..PLAY NOW..
███  ███████  ████
██████████
███████      ███
███████████      ███
██████████████████
████████
███████████  ████   ███
███████████████ ███
█████████
█████████████████
███████  ███
██████████████
████████        ███
Carlton Banks
Legendary
*
Offline Offline

Activity: 3122
Merit: 2488



View Profile
October 16, 2020, 09:00:13 AM
Merited by fillippone (2), ETFbitcoin (1)
 #59

This might be another big trial for the network and its participants after the scaling debate in my opinion. Let's wait, and see if some entities from the mining-cartel play nice.

no-one's voiced any objections up to now. You keep saying it's going to be a problem though, like maybe 5 times already?


why would anyone care about a new scripting type that prevents choices in those scripts from being written to the blockchain?

  • everything that _actually_ happens is written to the blockchain, for all to see
  • everything that _does not_ happen is unrecorded

I'd be fascinated to hear the arguments that could possibly be mounted against excising unused script paths from transactions, all it does is make multi-path scripts more economical. Secondary effects of this don't change the fact that the chosen script path is still publicly available.




ot: You're very negative/pessimistic these days WindFURY, are you feeling ok?

Vires in numeris
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1904
Merit: 2821


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
October 16, 2020, 11:25:00 AM
 #60

we also have a new BIP 340-342 pull request to github.com/bitcoin/bitcoin (which makes small adjustments to the older pr): https://github.com/bitcoin/bitcoin/pull/19953

it's now merged Cool

the schnorr/taproot code will be in 0.21.0, so it's almost certain that activation parameters will be released as a part of 0.21.1 Smiley

This might be another big trial for the network and its participants after the scaling debate in my opinion. Let's wait, and see if some entities from the mining-cartel play nice.

You really like drama and/or conflict, don't you? Unlike SegWit and various idea to increase block size (e.g. BIP 100-109), there are very few discussion, article or news which oppose Taproot and it's derivative (e.g. Schnorr and SegWit version 1/a.k.a bc1p).

The "worst" i could remember are these 3 mailing which is quite civil:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-February/017614.html
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-February/017615.html
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-February/017616.html

Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!