|
May 11, 2011, 03:24:45 AM |
|
This is the wrong way to do things. The right way is to do it P2P, TOR-style. Have n people rendezvous via TOR and together construct a transaction that takes as input, $X from each of them, and outputs $X-trans fee to n fresh bitcoin addresses. To do this naiively, the n people would each tell each other their pairs (old addr, freshaddr), put them together in a transaction (randomize the order of outputs relative to order of inputs), and then all sign. However, this is bad because you have told the other people that your new addr is linked to your old one. The correct way is to use secure multiparty computation to generate the transaction in such a way that, in the end, all parties only learn the entire transaction (NOT which new addr corresponds to which old one). Furthermore, if any subset of k the n people collude to break the others' anonymity, the best they can do is know that the n-k output addresses not owned by them came from the n-k input addresses not known by them, but nothing more.
|