Several points, which I disagree with, relating to darksend integration and anonymity protections.
I'm satisfied from my own research, but I didn't see any response to the questions raised...
So, HUGE progress this morning! I have a proof-of-concept of the anonymous transactions working on testnet! Here's some screenshots, these were 3 separate transactions sent to 3 different addresses, at separate times.
Notice how you can't tell who is sending to who. Soon all blocks will only have 2 transactions, 1 for the creation event and a merged transaction with everything else.
http://www.xcoin.co/coinjoin1.pnghttp://www.xcoin.co/coinjoin2.pngThat's so cool you got it working, but could you explain to those of us that aren't knowledgeable what it all means please? I understand how it's supposed to work, I just don't understand how to read the chart,
I also feel that if you were to explain it, there would be great interest from the public! Thanks!
Bitcoin is often promoted as being somewhat anonymous, but the main problem is that if I know your address, I can literally tell everyone you've ever paid. Imagine everyone you met, was able to see everything you bought in your checking account. That's pretty much the situation Bitcoin and other alt-coins are currently in. We need to move quickly to a anonymity-by-default approach.
There are many solutions out there for fixing this and we know how to implement them. But, the developers are very scared of implementing these fixes, with the possibility of bringing down a 10+ billion dollar economy. So it will take years at the very minimum to do this.
So, that's where XCoin comes into play. I want solve many of these problems that Bitcoin and other alt-coins experience, making XCoin the beta to Bitcoin. The goal is to be years ahead in development, with cutting edge features that would be insanely difficult to pull off in their codebase.
So what progress was made this morning? I implemented a rough version of CoinJoin. The idea behind what I'm working on was originally put forward by Gregory Maxwell and it's a great idea (if you want to read more, the original post is here:
https://bitcointalksearch.org/topic/coinjoin-bitcoin-privacy-for-the-real-world-279249).
In short, transactions in the Bitcoin Blockchain are stored like this:
"User1 paid User12 the amount 1.2BTC"
"User4 paid User2 the amount 1.2BTC"
"User11 paid User3 the amount 1.2BTC"
In XCoin they'll look like this:
"Debit User1 the amount 1.2XCO, Debit User4 the amount 1.2XCO, Debit User11 the amount 1.2XCO"
and
"Credit User12 the amount 1.2XCO, Credit User2 the amount 1.2XCO, Credit User3 the amount 1.2XCO"
Notice, in the XCoin you can't tell who paid who. But in Bitcoin the parties are linked together. This will be a large step forward to providing anonymity by default.
There must be some proof that senders sent transactions for all peers on the network to verify before they can accept the block and begin working on the next block solution. Such proof must exist otherwise balances could be stolen by rogue peers.
Thus I must assume you are doing a CoinJoin-like proof for all senders that in that block. And I assume these proofs are transmitted with the block, even if you purge them later (using a proof-of-work chain such as in the mini block chain design).
The problem is that CoinJoin is subject to denial-of-service attack in that if any sender fails to sign in the second step, then no senders can send.
Thus CoinJoin can't scale to a larger number of senders joined. It works best with a few senders and the probability of denial-of-service (rogue sender) is low.
Did you even read the CoinJoin thread carefully?
There is a second insoluble flaw that
CoinJoin does nothing to obscure IP address and thus you have no anonymity against powerful entities.
P.S. I don't have time to read 300 pages of this thread to find out if you already addressed this issue. Please give me a link to any prior reply.
Wow, it's that open eh?
Still, this example implies that one could still link up the amounts of the transactions to find the end users. How unique are transaction amounts, and how hard would it be to hide that level? Is there a breaking up of the payment so that the amounts are harder to compare or something? Or am I missing something due to the simplification of the explanation?
Yes, you could still use the transaction amounts to track money through the system. This combined with some logic to use common transaction amounts or some other logic like that in the wallet could definitely help. Even with the problems, having coinjoin implemented directly into the client is a huge step in the right direction.
And
timing analysis too.
