justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
May 08, 2015, 01:23:42 AM |
|
Both Alice's and Bob's payment codes are known since they are public and in addition the time frame of the notification transaction is also known. Couldn't such an agency then look for all transactions in that specific time frame that might be a notification transaction and try them until finding one that matches? Does such an attack gain information for Eve, or are there reasons this isn't possible or useful? If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much. The attacker won't be able to connect the notification transaction with the actual payments. See: https://www.reddit.com/r/Bitcoin/comments/34prd6/i_made_a_3d_printed_stainless_steel_bitcoin/cqy16lrIf an attacker knows that certain UTXOs are associated with a particular individual (Bob), and if the attacker then sees those outputs used as inputs to a transaction which creates an output at a known notification address (Alice's), then the attacker can assume a probability that the Bob will send some bitcoins to Alice at some point in the future.
Bob might have sent a decoy notification to Alice, so the attacker can never be sure. All the attacker knows that Bob will sent Alice somewhere between 0 and 232 payments to Alice between the time of the notification transaction and forever.
The attacker might assume that any payments appearing in the mempool immediately following the notification transaction are a payment between Bob and Alice, but that's a problem that tends to solve itself as the transaction rate increases and can be addressed by intelligent clients which make sure to put a random amount of temporal separation between the notification transaction and the first payment.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 08, 2015, 01:25:53 AM |
|
notice the MACD turning up strongly. remember that bear mkts turn on bad news. bad in the sense of extreme controversy over Gavin's proposal and seeming chaos of opinion in the Bitcoin community:
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 08, 2015, 01:46:12 AM |
|
on a more general level, this is great news: While the court didn’t reach the crucial question of whether the program violates the Fourth Amendment, the ruling gives civil libertarians good reason to hope that a massive and egregious violation of every American’s privacy will finally come to an end.http://www.cato.org/blog/second-circuit-declares-nsas-telephone-dragnet-unlawful
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 08, 2015, 01:53:34 AM |
|
there is no doubt in my mind that THIS is the very chart, $DJT, some very powerful players are watching and seeking to stick save. or, yes, they could also just be powerful dip buyers of the weakest index around but my pt stands. this is the chart to watch. i count no less than 8 tests of the support line as drawn with someone intervening every single time to prevent a plunge (or dip buy). their problem is, each bounce keeps getting weaker and weaker and we have a non-confirmation on the board:
|
|
|
|
rocks
Legendary
Offline
Activity: 1153
Merit: 1000
|
|
May 08, 2015, 02:06:25 AM |
|
Both Alice's and Bob's payment codes are known since they are public and in addition the time frame of the notification transaction is also known. Couldn't such an agency then look for all transactions in that specific time frame that might be a notification transaction and try them until finding one that matches? Does such an attack gain information for Eve, or are there reasons this isn't possible or useful? If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much. The attacker won't be able to connect the notification transaction with the actual payments. See: https://www.reddit.com/r/Bitcoin/comments/34prd6/i_made_a_3d_printed_stainless_steel_bitcoin/cqy16lrIf an attacker knows that certain UTXOs are associated with a particular individual (Bob), and if the attacker then sees those outputs used as inputs to a transaction which creates an output at a known notification address (Alice's), then the attacker can assume a probability that the Bob will send some bitcoins to Alice at some point in the future.
Bob might have sent a decoy notification to Alice, so the attacker can never be sure. All the attacker knows that Bob will sent Alice somewhere between 0 and 232 payments to Alice between the time of the notification transaction and forever.
The attacker might assume that any payments appearing in the mempool immediately following the notification transaction are a payment between Bob and Alice, but that's a problem that tends to solve itself as the transaction rate increases and can be addressed by intelligent clients which make sure to put a random amount of temporal separation between the notification transaction and the first payment. OK, thanks that helps. So this is saying that the only knowledge gained is that Bob and Alice setup a payment connection, but even with that an attacker couldn't identify what payments happened in the future (or even if any payments happened at all for that matter). So if Bob inadvertently used the notification payments incorrectly, the only information lost is that a payment channel was established between Alice and Bob. Is that right? If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much.
I'm not 100% sure on this. Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments). I understand this situation is a bit of a reach, just trying to understand it though.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
May 08, 2015, 02:10:13 AM |
|
Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments).
I understand this situation is a bit of a reach, just trying to understand it though. An observer will see that Snowden received a payment code, but they won't be able to read whose payment code it is. The only way they learn it was you who set up the channel is if they have some other way to trace the coins you used to do it. A good client would be sure to use mixed coins for notification transactions.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 08, 2015, 02:12:58 AM |
|
When asked if that behavior was typical of OTC IPOs he stated that it was, but only for successful offerings.
“Yeah, new successful offerings. Many simply go down after the first day. Compare it to the first three days of any recent tech IPOs and you should see a similar pattern.”http://www.miningpool.co.uk/gbtc-trading-explodes-order-book-gap-narrowing/
|
|
|
|
rocks
Legendary
Offline
Activity: 1153
Merit: 1000
|
|
May 08, 2015, 02:33:47 AM |
|
Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments).
I understand this situation is a bit of a reach, just trying to understand it though. An observer will see that Snowden received a payment code, but they won't be able to read whose payment code it is. The only way they learn it was you who set up the channel is if they have some other way to trace the coins you used to do it. A good client would be sure to use mixed coins for notification transactions. OK I think I got it. So both parties can individually control their anonymity then. If Alice only uses mixed coins for a notification transaction she can be confident that she can not be tied to the payment channel. Similarly if Bob correctly handles the received notification transactions he can be confident that he can not be tied to the payment channel. Thanks for the explaination
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
May 08, 2015, 02:41:56 AM |
|
Similarly if Bob correctly handles the received notification transactions he can be confident that he can not be tied to the payment channel. Everybody should dispose of their notification transactions via dust-be-gone, but regardless the number of transactions that have been sent to a notification address is publicly visible. What's not visible is who sent them, and whether they are real or not.
|
|
|
|
cypherdoc (OP)
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
May 08, 2015, 03:01:52 AM |
|
|
|
|
|
solex
Legendary
Offline
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
|
|
May 08, 2015, 03:43:20 AM |
|
wow, thanks so much for this. there are no other Bitcoin devs i trust more than Alan & Gavin. he's helped me immensely over the years as i was one of the only two to donate $500 (top level) to his initial Armory crowdfunding campaign what, 3-4 yrs ago now? for that, i got an Armory USB stick, a teeshirt, a coupla bitcoins (i think), & most importantly his old laptop with a sticker on the back with his name and phone #'s, lol. i'm quite sure he forgot to remove them and i've only ever used the # twice he's taught me alot about crypto. i've tried to tailor back my contact with him in the last year or so as i know he is way busier than ever and has grown in stature so it didn't even occur to me to ask his opinion on this matter. best thing about him is he's a great guy. i'm so glad you did and hearing his response is reassuring to me that i am pushing the right direction. thanks again. A pleasure, and snap! I donated $500 to Armory dev as well, but it was easier with BTC at $800+ :-) BTW. the quote is from sourceforge, not a personal communication...
|
|
|
|
fairlay
|
|
May 08, 2015, 05:22:55 AM |
|
Hi, we started a market on the question wether or not the block size will be increased by 2016. https://www.fairlay.com/event/category/bitcoin/blockchain/all/Currently the likelihood is only around 10%. Thant means on the other side that you get about 10 times your money back if you predict on the increase and it actually happens.
|
www.fairlay.com - the Bitcoin prediction market - the future of reliable information
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
May 08, 2015, 05:25:30 AM |
|
Do you guys think March 2016 is a bit late? I do.
Maybe we could divert the discussion to 'when should the 20 mb fork be done', like it sometimes works with children: "Do you want daddy to brush your teeth or would you rather want mommy to do it?"
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
May 08, 2015, 06:19:05 AM |
|
after reading Mike Hearn - Crash Landing, I'm thinking: what would it take to achieve this bad situation right now? An additional 5 tps injected into the network with minimal fee would do it, no? so why not... - go short
- open bitcoin transaction spam floodgates (at cost)
- watch hysteria on internetz
- wait for price to crash
- close part of short
- watch 20 mb block limit implemented in a hurry
- close rest of short
- profit
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
May 08, 2015, 07:59:34 AM |
|
Single transaction can contain 10 kB of script => 10 kB of data
|
|
|
|
Zangelbert Bingledack
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
May 08, 2015, 10:35:09 AM |
|
I'm not too worried about the blocksize debate now that I know even Peter Todd supports an increase "eventually." To me this says the first sign of actual delays and price impact will see all these guys change their tune.
|
|
|
|
afbitcoins
Legendary
Offline
Activity: 2101
Merit: 1061
|
|
May 08, 2015, 10:37:27 AM |
|
I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
May 08, 2015, 10:49:16 AM |
|
I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling
Increasing block size limits is not solution. It is "brute force" ... we are only buying time. 1B people will require 4 GB block size limit.
|
|
|
|
inca
Legendary
Offline
Activity: 1176
Merit: 1000
|
|
May 08, 2015, 11:02:07 AM |
|
I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling
Increasing block size limits is not solution. It is "brute force" ... we are only buying time. 1B people will require 4 GB block size limit. Buying time allows alternate solutions to be properly reviewed and tested. Downtime and network issues are not conducive to the adoption wave we know is coming with the next price hump.
|
|
|
|
Spaceman_Spiff
Legendary
Offline
Activity: 1638
Merit: 1001
₪``Campaign Manager´´₪
|
|
May 08, 2015, 11:04:09 AM |
|
I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling
Increasing block size limits is not solution. It is "brute force" ... we are only buying time. 1B people will require 4 GB block size limit. Maybe 'buying some time' is quite crucial for coming up with and developing the necessary solutions, and it's not 'kicking the can down the road' knowing the issue will never be properly addressed. Although I don't fully understand the lightning network and its risks/tradeoffs, the presentation slides suggest 133MB blocks would be sufficient for unlimited transactions for 7 billion users. That would be freaking awesome, and solve the scaling problem imho (but again, I don't understand it deeply enough). EDIT: Inca beat me to it .
|
|
|
|
|