Topic: [ANN] Bitmsg - A Proof-of-Sacrifice distributed messaging layer over Bitcoin - page 2. (Read 4054 times)

Yup, I thought that was a bit of a WTF when I found it too.

FWIW while code may be added in the future to make sure things that are supposed to be pubkeys start with the right bytes, it's unlikely to go further than that; you might want to make your program drop the first byte of any pubkey-like thing that's either 33 or 65 bytes for forward compatibility in the future.

Another trick is to use the low-order-bits of the txout value to signal which PUSHDATA's in the txout script are or are not part of the message being embedded. If you do this, it's best to encrypt those bits as well for the sake of censorship resistance.

Of course, people will bitch at you before long for putting crap in the blockchain, but from a technical point of view there's nothing that can be done to stop that entirely, just make it more expensive. (which as you say is a good thing from a spam point of view)


You sure about that? I thought you said they were single satoshi outputs - that's definitely under the dust limit. You using an up-to-date client?

Well, I'll be damned. The relevant code is in script.cpp Solver():


I had thought that the code was checking to make sure the pubkeys are actual ecdsa keys (i.e., of length 33 or 64 and starts with 0x02, 0x03, or 0x04).


Yes and no. I'm aware that it exists, that it's part of what determines relaying and standard transactions, however, it doesn't seem to be preventing any of my transactions from confirming.

Look at the IsStandard() function in script.cpp - a pubkey in the standard transaction testing code is defined there. c49b3c445c89d832289de0fd3b0281efdcce418333dacd028061e8de9f0a6f10 is an example of 2x 120 byte PUSHDATA'S, and one actual 33 byte pubkey. 72590fcf0d8021bad77826c5008eaca3541f81d212d55bb7c02ec6a4bf584404 is another example, with 3x 120 byte pushdatas, although it's not spendable.

Are you aware of the dust limit?

All right. I pushed a change that will use multisig transactions (1-of-n, where n can be 1, 2 or 3). Right now, the outputs are still unspendable.

Question though: where can I find information on 120-byte long public keys? Browsing through bitcoind source code seems to indicate only 33 and 65 byte keys are acceptable.

Up to 3 pubkeys, but a pubkey can be any data from 33 to 120 bytes long. (what's actually in the data isn't checked at all)

The main advantage of CHECKMULTISIG is that one of the pubkeys can be real, and your own, which lets you still spend that output and recover the bitcoins sent to it.

This is a pretty cool idea.  Does the reference client limit "standard" multisig transactions to 2-of-3 or can it be much more? Are 19-of-20 txs possible ?

EDIT:

I just checked master branch on bitcoind, and it looks like there are limits on the number of sigs for multisig transactions.  Still, that reduces the amount of outputs by a little bit... I'll try coding it up tomorrow.

You'll find you can get longer and cheaper messages by (ab)using CHECKMULTISIG.

Also, see this library: https://github.com/petertodd/python-bitcoinlib/tree/pythonize (specifically my pythonize branch)

Reserved spot for now.

Hi everyone,

I want to announce a simple utility to do something that I think is quite interesting: to encrypt and send messages using the Bitcoin network and the blockchain.

I know a lot of people are going to find this very controversial because I'm using the blockchain to do something for which it wasn't originally intended. However, I do believe the blockchain is a neutral store of data and something like this is eventual and also serves to affirm the reliability of the blockchain.  I believe in the blockchain!

That being said, I'm willing to donate 5 BTC to a charity or interesting code bounty or any otherwise charitable clause. See the bounty below for details.

The idea behind Bitmsg is to encode data into Bitcoin public keys such that only the intended recipient(s) can decode and read the message. It works on a very similar idea to MasterCoin, in fact, except we use multiple M-of-N multisig transactions.  In many ways, this strategy can be an effective replacement for Bitmessage (where Bitmessage relies on PoW algorithms, Bitmsg is a sacrifice-based system).  

Bitmsg messages, like all Bitcoin transactions, are produced without PoW, so it could allow for faster conversation than Bitmessage.  In fact, communication is as fast as it takes for a transaction to flood-fill the network.

Unfortunately, the current strategy involves throwing away a Satoshi to each of the encoded addresses, something I'd like to eventually improve upon (I'd rather the Satoshis go to the miners).  If the Bitcoin reference client allowed for relaying zero-satoshi outputs, we could instead send the dust to the miners as a better proof of sacrifice system. It also means that every message that gets published gets stored in the Blockchain forever, perhaps that would be quite bad for anonymity.  

The current implementation supports RC4, AES-128 and AES-256 (all symmetric key) encryption and also supports multiple-recipient RSA (of any key size).  It also supports sending public messages where no encryption key is required.

As for the bounty, I would thoroughly appreciate anyone who can start work on a PyQt4 UI.  To the person that writes that code (and it works, and I accept the pull request) I'll donate 5 BTC to a charity of your choice.  I reserve the right to request a different charity but I doubt I'd have any need to do that.  I'll sign a message using the source Bitcoin address as confirmation and proof.

The github repository is here.  It contains a small list of TODO items.  If anyone has suggestions for a better name, I'm all ears:)

And as a friendly reminder:
USE AT YOUR OWN RISK. THIS IS PREMATURE SOFTWARE. DO NOT USE WITH ADDRESSES THAT CONTAIN MORE THAN YOU'RE WILLING TO LOSE.