Bitcoin Forum
February 29, 2020, 07:45:30 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Taproot proposal  (Read 968 times)
pereira4
Legendary
*
Offline Offline

Activity: 1610
Merit: 1170


View Profile
February 03, 2020, 01:50:51 PM
 #41

obviously, schnorr signatures are on deck. that'll allow for cross-input aggregation to make coinjoins indistinguishable from regular transactions. that's a pretty massive development given that exchanges are beginning to target coinjoin users. estimating based on segwit's activation timeline, that could happen by early 2021 or maybe even the end of this year, optimistically.

but "useless"? that's quite a strong word. Lips sealed

confidential transactions (CT) to obfuscate transaction amounts seems like an attractive next step. but my understanding is it requires extension blocks or a hard fork. so.....probably not gonna be implemented at the consensus layer. there's always sidechains though. liquid (blockstream's sidechain) supports CT for example.

These things have to run at layer 0 to get any traction imo.

taproot/schnorr will run at layer 0. CT could in theory too but there are strong reasons it won't (bloat and lack of support for consensus change).

We should have had better fungibility since day 1. Things should be mixed by default, what should be optional is making a clear A to B transaction. If we are going to have privacy, we want it to be as close to default state as possible.

taproot offers the beginnings of that. amounts and output linkability are still unaddressed at this time, but basically everything under the hood of a transaction can be hidden. cross-input aggregation (once implemented) will further provide strong fee incentives to drive users towards schnorr-based coinjoin and/or adaptor signature-based mixing transactions. wallets could offer these as automatic/default mechanisms. if most of the network is using taproot, these are pretty huge privacy gains for everyone.

unfortunately, we can't approach this issue as if it were day 1. as gmaxwell pointed out, there is uncertainty around being able to deploy even mundane consensus changes---let alone ones that are actually contentious.

What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.
1582962330
Hero Member
*
Offline Offline

Posts: 1582962330

View Profile Personal Message (Offline)

Ignore
1582962330
Reply with quote  #2

1582962330
Report to moderator
1582962330
Hero Member
*
Offline Offline

Posts: 1582962330

View Profile Personal Message (Offline)

Ignore
1582962330
Reply with quote  #2

1582962330
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582962330
Hero Member
*
Offline Offline

Posts: 1582962330

View Profile Personal Message (Offline)

Ignore
1582962330
Reply with quote  #2

1582962330
Report to moderator
fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
February 03, 2020, 02:46:24 PM
 #42


What will be interesting to see is how exchanges and businesses react to this, as well as governments. The only reason governments are allowing Bitcoin to stay legal, or even neutral, is due the fact that they think they have the means to control it with efforts such as chainanalysis. Once/if BTC reached a point of actual fungibility in which the costs of trying something like chainanalysis are bigger than simply outlawing it, that is what I would predict would happen (that governments outlaw it and go into a full front attack), which will only make other governments become tax havens for BTC holders. Ultimately the price would most likely be pushed upwards but there would be an awkward period of, once again, "Bitcoin is dead" all over mainstream media.

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.
 
I am afraid the "chainanalysis stuff" is nothing would hold in a serious trial.

By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.




.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
February 03, 2020, 06:58:09 PM
 #43

I think it is worth noting that chainanalysis is based on very weak heutistics.
The reality is there is nothing linking an address to another one. (taking to the extreme, even a transaction with one input and one output).  And each steps those heuristics become weaker and weaker every step down the chain analysis.

indeed, there are layers upon layers of deniability baked in. there are other privacy pitfalls that could play a role, like browser/cookie analysis and IP address/bloom filter analysis by adversarial nodes. even then, the notion of getting a jury to convict based on this kind of chain of evidence is a tossup at best. blockchain analysis companies are generally working off a huge number of assumptions and that will become obvious to any jurors studying their protocols.
 
By the way batch transactions (output aggregation) togheter with coinjoin (input + output aggregation) are the best practices to transact over the bitcoin protocol. The fact that these techniques aren't implemented in "basic" wallets is not relevant. Everyone should always transact this way for every of his transaction.

in theory (actually this is arguable since coinjoin transactions are always currently more expensive).

in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

fillippone
Hero Member
*****
Offline Offline

Activity: 630
Merit: 2494


I drink wine in glass bottles.


View Profile
February 03, 2020, 07:10:32 PM
 #44


in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.

When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos


.Mix coins.
 
Your BITCOIN Transaction
made Truly ANONYMOUS
 

███████
█████████████████
████████████████████████
█████████████████████████████
██████████                    ██████████
█████████                          █████████
███████                                    ████████
          ███████                                        ███████        ██
          █████████████████████████████████████      ███
          █████████████████████████████████████  █████
          ████████████████████████████████████  ██████
        ██████████████████████████████████████████
  █████████████████████████████████████████
█████                                        ████████████
                                  ██████████████
██                          █████████████████████          ██       
█████              ███████████████████████          ████       
█████████████████████████████            █████████       
██████████████████                      ████████████         
██████████████████████████████████████       
████████████████████████  ███████   
    ██████████              █████
                      ████████
      ████████████████    █
        ██████████████████
                  █████      ███
                      █████
                    ████

Blender
 
The ULTIMATE BITCOIN Mixer
with an ADVANCED TECHNOLOGY
 

███████████     
███████████████████████     
████████████████████████████       
██████████████████████████████       
██████████████████████████████     
 

                                          █████████████
                                          ███████████
██████
                                          ███████████
██████
                                          ███████████
        ██
                                        ████████████
        ██
    ██                              █████████████
        ██
    ████                      ███████████████
        ██
    ██████              █████████████████
        ██
    █████████████████████████████
          ██   
      ███████████████████████████
          ███
      ██████  ████████████████████
        ████
      ██████████████████████████
  ██████
      ██████████████████████████
███████
  █████      ████████████████████
███
████          ████████████████
████ 
████          ████████████████         
████████████████████████
 

   
█████████████████████████         
███████████████████████████         
█████████    ██    ███    ██████████       
███████████    ██    ███     ██████████         
███████████    ██    ███     ███████████       
██████████████████████████████████       
██████████████████████████████████       
figmentofmyass
Legendary
*
Offline Offline

Activity: 1316
Merit: 1153



View Profile
February 03, 2020, 07:42:47 PM
 #45

in theory. in practice, most coinjoins are very obvious on-chain, and some exchange customers are paying the price for it. taproot, cross-input aggregation, and less obvious coinjoin mechanisms will mitigate this in the future, but for now all i can say is, be careful of your proximity to exchanges and AML/KYC enforcing services when engaging in coinjoins.
When an exchange harms your privacy applying weird heuristic to your transaction before or (worst) after using them, just stop using it.
I started a thread on this exact fact: [PAXOS+COINJOIN]Your privacy is a threat to exchange business?#deletepaxos

people should absolutely "vote with their money" and leave such exchanges, if that's a viable option for them.

that doesn't address the larger issue though. we need to consider what people actually do by default. think about why the maker/taker fee model is so prevalent: because the vast majority of market participants are liquidity takers. further, there is zero indication that privacy is a priority for most of them. they will continue seeking out the highest liquidity exchanges, who all seem to be ratcheting up their AML standards one by one.

so while i agree with you, i don't think that's a viable solution long term. privacy advocates will just have less and less services at their disposal, with worse and worse liquidity. what we need are better coinjoin solutions so that we can slip through unnoticed with the the rest of the masses---so we aren't at a constant disadvantage re liquidity. this will take some time.....probably years.

wasabi wallet was groundbreaking as a first step, but its coinjoin implementation obviously puts its users at a great disadvantage re existing blockchain analysis heuristics. that's a problem we can't afford to ignore.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!