Bitcoin Forum
December 10, 2016, 01:16:27 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Idea-improving btc fungibility  (Read 1746 times)
rini17
Sr. Member
****
Offline Offline

Activity: 340


GO http://bitcointa.lk !!! My new nick: jurov


View Profile WWW
March 06, 2012, 10:20:49 AM
 #1

Hello,

I am certain somebody already thought about it - but can't find it. Why cannot be transactions in block mixed together to make individual transactions indistiguishable? I can think of these strategies:

1. Create 1 big transaction per block from all submitted ones by just adding them together
2. split big transactions into more blocks or amounts
3. Nodes can generate decoy transactions between addresses inside one wallet,to increase noise.

Receiver won't know which sender address(es) were used for its transaction..but it's really a prob'lem?

CoinBr.com: First online MPEx brokerage launched beta! Easy to use interface and reasonable fees. Charts for MPEx stocks: live.coinbr.com * My Blog *
1481332587
Hero Member
*
Offline Offline

Posts: 1481332587

View Profile Personal Message (Offline)

Ignore
1481332587
Reply with quote  #2

1481332587
Report to moderator
1481332587
Hero Member
*
Offline Offline

Posts: 1481332587

View Profile Personal Message (Offline)

Ignore
1481332587
Reply with quote  #2

1481332587
Report to moderator
1481332587
Hero Member
*
Offline Offline

Posts: 1481332587

View Profile Personal Message (Offline)

Ignore
1481332587
Reply with quote  #2

1481332587
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
coinft
Full Member
***
Offline Offline

Activity: 187



View Profile
March 06, 2012, 11:48:43 AM
 #2

I doubt miners can do this (changing transactions) without the original private keys. I definitely don't want anyone able to tamper with my txs.

-coinft
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
March 06, 2012, 03:13:43 PM
 #3

That can't be done now, but I wonder about a system that let a tx essentially say. "This input can be used for any tx as long as the coinbase transaction of that block has an output to [recipient address] equal to [amount].

Feels like there might be problems with it. Multiple people paying the same address in the same block...?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 06, 2012, 03:27:14 PM
 #4

It can't be done with Bitcoin we are talking about a comprehensive change to how transactions are handled.

It could potentially done with a new cryptocurrency.

The main issue with the proposal in OP is that the information between sender & receiver is already known.  It has to be known.

Transaction: I have 10 BTC in A and I want to send 5 to Y and 5 to Z.  

If I submit that to the network then anyone on the network knows that (even if it isn't included in the block).

Say the block ends up looking like this...
Inputs
A -> 10 BTC
B -> 1 BTC
...

L -> 4 BTC

Outputs:
M -> 0.2 BTC
...
Y -> 5 BTC
Z -> 5 BTC

Now to anyone who ONLY has the block there is no way to know which input(s) went to which output(s).  However anyone could simply have kept a copy of my original transaction.  If they do looking at transactions submitted to the network AND the blocks it is trivial to reconstruct the original transaction.

One would need to devise a system where the transactions are hidden from everyone except those who solve the block and only hash of transaction submitted to entire network.  

Thus unless you solved the block you would only be able to see
a) the block level view.
b) the hashes of transactions.

Alternatively one would need a method where inputs and outputs are completely disconnected. 

Something like:
1) You submit input only and it gets hashed to a block.
2) you submit output only and it gets hashed to a block.
3) there is some cryptographic system linking outputs to a prior block (not input).

I am not even sure such a system is possible or even desirable just brainstorming to show the criticial "issue" (delinking inputs and outputs) isn't accomplished by the OP and is a non-trivial problem.

rini17
Sr. Member
****
Offline Offline

Activity: 340


GO http://bitcointa.lk !!! My new nick: jurov


View Profile WWW
March 08, 2012, 11:38:11 PM
 #5

Thanks to everyone for your thoughtful replies! Indeed,if we desire transactions to be combined(or inputs separated from outputs) after they were emitted, we get into trouble. But what if we can do it before transaction gets published? Two or several neighbor nodes can put together bigger mixed transaction with more inputs/outputs, after this is done it can be processed normally. Something like Diffie-Hellman key exchange where two parties without prior information can agree on encryption key over untrusted connection, so here network nodes can agree on one compound transaction. So that individual transactions could be visible only to small part of the network.

CoinBr.com: First online MPEx brokerage launched beta! Easy to use interface and reasonable fees. Charts for MPEx stocks: live.coinbr.com * My Blog *
kronosvl
Full Member
***
Offline Offline

Activity: 134


View Profile
March 08, 2012, 11:45:12 PM
 #6

probably this could be implemented with a modified client.
Clients connected to a central location, all clients send their transaction unsigned, server creates 1 transaction, clients sign it after each verifies that is ok, server sends this to the bitcoin network and deletes individual unsigned requests.

Can something like this be implemented? The money never touch the central location.

Donations are accepted @: 19Uk8zVhdgfrRo5Z6wH9yghWxZUtdiNtX9
OTC: http://bitcoin-otc.com/viewgpg.php?nick=kronosvl
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 09, 2012, 02:30:46 AM
 #7

probably this could be implemented with a modified client.
Clients connected to a central location, all clients send their transaction unsigned, server creates 1 transaction, clients sign it after each verifies that is ok, server sends this to the bitcoin network and deletes individual unsigned requests.

Can something like this be implemented? The money never touch the central location.

Sure however you are sending your private key to a third party and hoping they don't suddenly rob you (and everyone else at the same time).  Also you would need to ensure to never use that private key again even for change again. 
kronosvl
Full Member
***
Offline Offline

Activity: 134


View Profile
March 09, 2012, 07:55:02 AM
 #8

You don't send the private keys, you signed the transaction created by the server, just like a lightweight client.

let's assume that user A wants to send money to address A1 and A2(change).
user B sends to B1 and B2(change)

1. each one creates is own transaction but doesn't sign it and send it to the server.

2. server creates 1 transaction unsigned from these 2.

3. he then send this to user A who verifies his own inputs and outputs and then signs it.

4. I don't know the inner workings of bitcoin protocol and cryptography so I don't know what user B need sto sign (the sign transaction from user A or the unsigned transaction from the server and after that the server append both signatures to transaction).

5. At this point server has 1 bigger transaction signed by all parties. he send it to bitcoin network and deletes individual unsigned transaction which were never meant to be signed.

Donations are accepted @: 19Uk8zVhdgfrRo5Z6wH9yghWxZUtdiNtX9
OTC: http://bitcoin-otc.com/viewgpg.php?nick=kronosvl
Meni Rosenfeld
Donator
Legendary
*
expert
Offline Offline

Activity: 1890



View Profile WWW
March 09, 2012, 08:15:16 AM
 #9

Take a look at this post about oblivious mixing transactions.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2100



View Profile
March 16, 2012, 09:07:39 PM
 #10

You don't send the private keys, you signed the transaction created by the server, just like a lightweight client.

let's assume that user A wants to send money to address A1 and A2(change).
user B sends to B1 and B2(change)

1. each one creates is own transaction but doesn't sign it and send it to the server.

2. server creates 1 transaction unsigned from these 2.

3. he then send this to user A who verifies his own inputs and outputs and then signs it.

4. I don't know the inner workings of bitcoin protocol and cryptography so I don't know what user B need sto sign (the sign transaction from user A or the unsigned transaction from the server and after that the server append both signatures to transaction).

5. At this point server has 1 bigger transaction signed by all parties. he send it to bitcoin network and deletes individual unsigned transaction which were never meant to be signed.

Hmmm, I think you could use blind signing for doing something like this ....

There is also this post by Watson Ladd that claims to have a scheme to include a blinding signature into the protocol with new script OP 'SIG_FUNGIBLE'

http://wbl.github.com/bitcoinanon.pdf

would be interested to get some thoughts on that, and the general question "Can the Bitcoin protocol be made more untraceable (fungibililty improved)?"

HostFat
Staff
Legendary
*
Offline Offline

Activity: 2296


I support freedom of choice


View Profile WWW
May 02, 2012, 10:01:31 AM
 #11


There is also this post by Watson Ladd that claims to have a scheme to include a blinding signature into the protocol with new script OP 'SIG_FUNGIBLE'

http://wbl.github.com/bitcoinanon.pdf

Any news about this topic?

They were talking about it also here:
http://sourceforge.net/mailarchive/forum.php?thread_name=CACsn0cm6wgPdNvVr6Q4yS%2BcGP-kpUJxtXsL1mZS502UTOx8t0g%40mail.gmail.com&forum_name=bitcoin-development

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
Sergio_Demian_Lerner
Hero Member
*****
expert
Offline Offline

Activity: 534


View Profile WWW
May 02, 2012, 02:56:01 PM
 #12

I'm working on a cryptocurrency where miners mix transactions without the need of private keys. I use something like universal re-encryption and a new cryptographic construct that I called "Trapdoor Shuffles".

Also the coin allows coin subdivision and combination without disclosing the amounts (I think it's the first e-cash system with this property).

I will post the paper when it's ready. It already has a name: PAPCash (Practical Anonymous Peer-to-peer e-cash)

Bye! Sergio.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2296


I support freedom of choice


View Profile WWW
May 02, 2012, 03:16:29 PM
 #13

Wow!

I really hope that your ideas can also be ported to the actual Bitcoin protocol Smiley

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
Sergio_Demian_Lerner
Hero Member
*****
expert
Offline Offline

Activity: 534


View Profile WWW
May 02, 2012, 05:55:53 PM
 #14

Alternate protocols do not hurt Bitcoin as Bitcoin can evolve and incorporate these new ideas. Bitcoin value lies on the community size, not on the protocol itself.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2100



View Profile
May 02, 2012, 10:32:31 PM
 #15


There is also this post by Watson Ladd that claims to have a scheme to include a blinding signature into the protocol with new script OP 'SIG_FUNGIBLE'

http://wbl.github.com/bitcoinanon.pdf

Any news about this topic?

They were talking about it also here:
http://sourceforge.net/mailarchive/forum.php?thread_name=CACsn0cm6wgPdNvVr6Q4yS%2BcGP-kpUJxtXsL1mZS502UTOx8t0g%40mail.gmail.com&forum_name=bitcoin-development

Good find. The beat goes on ...

EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 22, 2012, 07:16:37 AM
 #16

I'm working on a cryptocurrency where miners mix transactions without the need of private keys. I use something like universal re-encryption and a new cryptographic construct that I called "Trapdoor Shuffles".

Also the coin allows coin subdivision and combination without disclosing the amounts (I think it's the first e-cash system with this property).

I will post the paper when it's ready. It already has a name: PAPCash (Practical Anonymous Peer-to-peer e-cash)

Bye! Sergio.

Me baffled.
And anxious to see what you've been working on. Smiley
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!