Bitcoin Forum
December 04, 2016, 10:25:21 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: payment with a message  (Read 2335 times)
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 09:40:25 PM
 #21

Someone other than the sender of the transaction can usurp him.

I don't get it.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.

How does it become impossible? Because it's more obscure? Anyone who wants to partake in bitcoin industrial espionage is not going to have much difficulty following the money. I think the unfortunate eventuality is that businesses will be forced to use bitcoin "banks" that will effectively hide any data specific to them. There will have to be an abstraction layer from the protocol itself. Otherwise the possibility of learning too much about their private data will always be a possibility.

1480847121
Hero Member
*
Offline Offline

Posts: 1480847121

View Profile Personal Message (Offline)

Ignore
1480847121
Reply with quote  #2

1480847121
Report to moderator
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480847121
Hero Member
*
Offline Offline

Posts: 1480847121

View Profile Personal Message (Offline)

Ignore
1480847121
Reply with quote  #2

1480847121
Report to moderator
1480847121
Hero Member
*
Offline Offline

Posts: 1480847121

View Profile Personal Message (Offline)

Ignore
1480847121
Reply with quote  #2

1480847121
Report to moderator
1480847121
Hero Member
*
Offline Offline

Posts: 1480847121

View Profile Personal Message (Offline)

Ignore
1480847121
Reply with quote  #2

1480847121
Report to moderator
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
March 30, 2012, 03:05:48 AM
 #22

Someone other than the sender of the transaction can usurp him.

I don't get it.
Allowing (or at least making standard) a small hash in a transaction would encourage merchant to just use a single address instead of forcing them to use a different address for each transaction. If the hash is too small, it then becomes possible for someone other than the sender of the transactions to impersonate the customer and convince the merchant to "refund" the transaction to their account.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.

How does it become impossible? Because it's more obscure? Anyone who wants to partake in bitcoin industrial espionage is not going to have much difficulty following the money. I think the unfortunate eventuality is that businesses will be forced to use bitcoin "banks" that will effectively hide any data specific to them. There will have to be an abstraction layer from the protocol itself. Otherwise the possibility of learning too much about their private data will always be a possibility.
Under the current coin-selection rules used by most clients, this is only presently the case. A business could, instead, make their payments in chunks to several different addresses over several different transactions over multiple days. All except for the last transaction wouldn't contain a change output. However, the other transactions could also include a fake change output that really also just goes to another one of the addresses of the person they're paying, another one of their own wallets that would never again be mixed with the receiving wallet, or even better, someone else that they have to pay.

With such a setup, the most you can learn about are the other transaction outputs that were combined with yours. Even then, they don't even need to do that and just send each output entirely to another unique address.

If you spot any holes in this, I can think of ways to complicate it further.

Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
March 30, 2012, 03:26:57 AM
 #23

derp, you're right, but there is still essentially nothing gained in anonymity, so why bother

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa


I'm the one who added 0.0424242 BTC to the Genesis Block. It's a message. It's my way of thanking Satoshi Nakamoto pseudo-thrice for providing the Ultimate Answer to the Ultimate Question of Life, The Universe, and Everything--Bitcoin.

~Cackling Bear~
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 30, 2012, 11:12:37 AM
 #24

Allowing (or at least making standard) a small hash in a transaction would encourage merchant to just use a single address instead of forcing them to use a different address for each transaction. If the hash is too small, it then becomes possible for someone other than the sender of the transactions to impersonate the customer and convince the merchant to "refund" the transaction to their account.

I still don't get it. You make a transaction with a merchant with a hashed receipt in the transaction. This receipt lets the merchant know which payment this is. Refunds will still be handled over the internet as usual and the customer can provide a payment address. There is nothing that a birthday attack on 18 quintillion can accomplish here. This hash is not being used to convince anyone of anything, it is only informative. Perhaps if the transaction were completely anonymous like a silk road purchase (lol refunds) there might be some remote issue here, but the would-be attacker would have to somehow know everything about the existing transaction and somehow intercept communications between user and merchant, and even then all they would have to do is replace the payment address, no attack on the hash required.

Quote
Under the current coin-selection rules used by most clients, this is only presently the case. A business could, instead, make their payments in chunks to several different addresses over several different transactions over multiple days. All except for the last transaction wouldn't contain a change output. However, the other transactions could also include a fake change output that really also just goes to another one of the addresses of the person they're paying, another one of their own wallets that would never again be mixed with the receiving wallet, or even better, someone else that they have to pay.

With such a setup, the most you can learn about are the other transaction outputs that were combined with yours. Even then, they don't even need to do that and just send each output entirely to another unique address.

If you spot any holes in this, I can think of ways to complicate it further.

Businesses are just going to love having to hire someone to configure their bitcoin transactions. Anyways, all it takes is a few legitimate purchases every so often by the company trying to spy, and then if the payment receiver decides to combine inputs that includes one of those purchases, the spy has a direct link. How is a business supposed to make sure everyone they send payments to will be as thorough as they are? The weakest link in the chain and all. And this does bloat the blockchain if every business works this way. Every small transaction can never (or not often) be combined with another lest obscurity be broken for the previous payer. Once lots of transactions are combined into one, that is only one input that need be in the merkle tree. If every transaction stays separate, all inputs must be maintained. Businesses must keep massive amounts of payment wallets for everyone they work with. It is not very elegant.

phillipsjk
Legendary
*
Offline Offline

Activity: 1008

Let the chips fall where they may.


View Profile WWW
March 30, 2012, 05:55:49 PM
 #25

  • This does not belong in the block-chain.
  • Money Service business Guidelines Require information about the sender (including "name, address and, if any, the account number or reference number") to be included in the transaction. International SWIFT MT 103 message transfers are excluded. It is not clear (to me) if simply relaying transactions on the network makes you a MSB.
  • Including the above information in the public block-chain would likely violate Canadain Privacy legislation.
  • Given that Bitcoin may be considered illegal in many jurisdictions at some point in the future, we should keep it technically infeasible to include such information in the block-chain.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!