Pages:
Author

Topic: Anonymity (Read 4767 times)

donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
August 11, 2014, 03:06:58 PM
#88
Can web-wallets be used for PoS?

I would assume so, although PoS is so fundamentally broken in all its current form (and detailing the reasons its broken is outside of my wheelhouse, unfortunately) that I'd typically not want to use it either way;)
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 11, 2014, 02:09:11 PM
#87
I'm learning a lot from you. I think it's a good trade off, bigger hard disk space but un-linkable and untraceable transaction. I don't know anything about how blockchain works, but I'm thinking about a wallet which deletes the data which is, for example, a month old and can be used just for send/receive. Another wallet for the network. I haven't read the last posts here, and I guess I will find my answer there.

Wallets themselves don't take up sufficiently large amounts of space, the issue is that the blockchain contains the transactions for EVERY wallet (including mixing transactions in the case of other anonymous coins). As smooth explained, most Bitcoin users are using web wallets (Coinbase, Blockchain.info, GreenAddress, etc.) or SPV-style wallets (Electrum, Multibit, etc.) where you don't store the whole blockchain, only the info relevant to your wallet (which is tiny). All of the backends to those services, though, are running full nodes with the full blockchain by necessity.

Can web-wallets be used for PoS?
member
Activity: 70
Merit: 10
August 10, 2014, 05:06:58 AM
#86
we need anonimity it was what satoshi wanted
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
August 10, 2014, 01:55:48 AM
#85
I'm learning a lot from you. I think it's a good trade off, bigger hard disk space but un-linkable and untraceable transaction. I don't know anything about how blockchain works, but I'm thinking about a wallet which deletes the data which is, for example, a month old and can be used just for send/receive. Another wallet for the network. I haven't read the last posts here, and I guess I will find my answer there.

Wallets themselves don't take up sufficiently large amounts of space, the issue is that the blockchain contains the transactions for EVERY wallet (including mixing transactions in the case of other anonymous coins). As smooth explained, most Bitcoin users are using web wallets (Coinbase, Blockchain.info, GreenAddress, etc.) or SPV-style wallets (Electrum, Multibit, etc.) where you don't store the whole blockchain, only the info relevant to your wallet (which is tiny). All of the backends to those services, though, are running full nodes with the full blockchain by necessity.
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 10, 2014, 01:48:01 AM
#84
BTSX with TITAN is a good candidate https://bitcointalksearch.org/topic/titan-infographic-transfer-invisibly-to-any-name-bitshares-feature-687251

Although I can't compare with other anonymous implementations as I know little of them.

From the first post:
No need to exchange ugly addresses. Instead a Name can be registered with the blockchain which suffices to receive payments. The receiver is anonymous to everyone except the sender.

So, we can assign a username to any address? Can we assign more than a username?

Can someone compare it to other anonymous implementations?
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 10, 2014, 01:38:18 AM
#83
ring signatures used in coins like monero cause blockchain bloat making them unusable for mainstream adoption...so no...XC is what your looking for, read it and weep if your not invested already https://bitcointalksearch.org/topic/xcxcurrency-decentralised-trustless-privacy-platform-encrypted-xchat-pos-630547  Roll Eyes

Can you explain a little about mainstream adoption and its compatibility problem with the ring signatures?

Imagine 2 blockchains processing the same amount of transcations. Now Chain 1 is running with ringsignatures and Chain 2 is not.

Now lets say that every year 500 GB of transaction data gets produced and no blockchain pruning and shrinking is available.
After 1/2/3/4/5 years
Chain 1: 750GB/1.5 TB/2.25TB/3TB/3.75TB
Chain 2: 500GB/1TB/1.5TB/2TB/2.5 TB

And this is under the best case scenario that ringsignatures only produce 50% bigger tx. This number can be higher!

fluffypony's explanation method is comprehensive and with details, your method is "just in one paragraph". I like both methods Smiley
legendary
Activity: 2968
Merit: 1198
August 10, 2014, 01:37:38 AM
#82
ring signatures used in coins like monero cause blockchain bloat making them unusable for mainstream adoption...so no...XC is what your looking for, read it and weep if your not invested already https://bitcointalksearch.org/topic/xcxcurrency-decentralised-trustless-privacy-platform-encrypted-xchat-pos-630547  Roll Eyes


Can you explain a little about mainstream adoption and its compatibility problem with the ring signatures?

Imagine 2 blockchains processing the same amount of transcations. Now Chain 1 is running with ringsignatures and Chain 2 is not.

Now lets say that every year 500 GB of transaction data gets produced and no blockchain pruning and shrinking is available.
After 1/2/3/4/5 years
Chain 1: 750GB/1.5 TB/2.25TB/3TB/3.75TB
Chain 2: 500GB/1TB/1.5TB/2TB/2.5 TB

And this is under the best case scenario that ringsignatures only produce 50% bigger tx. This number can be higher!

I don't really find it that bad. People will still be able to run nodes no problem and regular people can use thin clients. Assuming that standard Bitcoin style thin clients work with ring sig tech. I assume it does but I don't know.

How do thin clients work?

In general terms, you retrieve parts of the block chain you need from a node or server instead of storing the whole thing yourself. There are several different ways of doing that with a range of security and resource compromises. Most users of Bitcoin today are using lightweight wallets (or web wallets).

full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 10, 2014, 01:31:54 AM
#81
ring signatures used in coins like monero cause blockchain bloat making them unusable for mainstream adoption...so no...XC is what your looking for, read it and weep if your not invested already https://bitcointalksearch.org/topic/xcxcurrency-decentralised-trustless-privacy-platform-encrypted-xchat-pos-630547  Roll Eyes


Can you explain a little about mainstream adoption and its compatibility problem with the ring signatures?

Imagine 2 blockchains processing the same amount of transcations. Now Chain 1 is running with ringsignatures and Chain 2 is not.

Now lets say that every year 500 GB of transaction data gets produced and no blockchain pruning and shrinking is available.
After 1/2/3/4/5 years
Chain 1: 750GB/1.5 TB/2.25TB/3TB/3.75TB
Chain 2: 500GB/1TB/1.5TB/2TB/2.5 TB

And this is under the best case scenario that ringsignatures only produce 50% bigger tx. This number can be higher!

I don't really find it that bad. People will still be able to run nodes no problem and regular people can use thin clients. Assuming that standard Bitcoin style thin clients work with ring sig tech. I assume it does but I don't know.

How do thin clients work?
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 10, 2014, 01:05:24 AM
#80
ring signatures used in coins like monero cause blockchain bloat making them unusable for mainstream adoption...so no...XC is what your looking for, read it and weep if your not invested already https://bitcointalksearch.org/topic/xcxcurrency-decentralised-trustless-privacy-platform-encrypted-xchat-pos-630547  Roll Eyes

Can you explain a little about mainstream adoption and its compatibility problem with the ring signatures?

It's a very tired argument that gets pulled out and rebutted each time. The Monero blockchain is currently 5.5x the size of the Bitcoin one for comparable total transactions (so linearly larger than Bitcoin's). So when we've had 44 million transactions (as Bitcoin has over its 5.5 year existence) our blockchain will be about 110gb vs. Bitcoin's current 20gb blockchain. This is, in itself, not a problem, as by the time we get there in a few  years disk space will be appreciably larger, and we'll have the same full node problem Bitcoin has (who seriously keeps the full 20gb Bitcoin blockchain on their laptop, for instance) - the majority of our userbase will use lightweight wallets.

A lot of the people that state that Monero has a "blockchain bloat" problem are picking up snippets of conversation between quite intelligent people on the matter without actually understanding the issue. Monero has exactly the same "bloat" problem as XC, DarkCoin, and anything else that uses a form of mixing - you are going to incur additional entries in the blockchain for every mix (or in Monero's case for every additional signature in a ring), which means the blockchain for all of them is going to be linearly larger than Bitcoin's for the same number of transactions. It is a compromise you accept if you want transaction privacy: it uses more space in the blockchain. However, the advantage that a Bitcoin-derived altcoin has is that it can prune the bloated blockchain, whereas with Monero you can never tell if a utxo has actually been spent or just used in a ring signature, so pruning in the Bitcoin sense is not possible. THIS is what they're actually claiming - that all of the blockchains are going to bloat, but Monero's can't be pruned the way Bitcoin's can. It's very, very important to note alongside this that the Bitcoin blockchain has never been pruned, the code to operate off a pruned blockchain is simply not there (that notwithstanding, as of Bitcoin Core 0.9.0 it does have the ability to prune provably unspendable outputs, but that is not the same as the blockchain pruning we are referring to). Therefore, none of these Bitcoin-derived altcoins are actually able to prune their blockchain, despite their belief that they can flick a switch and voila, magically small blockchain. Not unless they have the ability to write code that the Bitcoin core developers and hundreds of contributors have yet to write.

I'm learning a lot from you. I think it's a good trade off, bigger hard disk space but un-linkable and untraceable transaction. I don't know anything about how blockchain works, but I'm thinking about a wallet which deletes the data which is, for example, a month old and can be used just for send/receive. Another wallet for the network. I haven't read the last posts here, and I guess I will find my answer there.
full member
Activity: 182
Merit: 100
KryptKoin is one of the best!!!
August 10, 2014, 12:57:25 AM
#79
That was clever. So both ends of transaction is needed.
And, per-kb fee is the limiting factor not to set the number of signatures so high, unless we want to transfer a high amount of money, or a very secret one (for instance to Walter White).

Who is the designer of this transaction method? Is this published in a scientific journal, for instance in a cryptography one?

At the moment we're on a flat per-tx fee, so it's still cheap either way, but yes - once we move to per-kb fees it'll be more expensive to use large signature groups (although not prohibitively so).

The original CryptoNote whitepaper is here: https://cryptonote.org/whitepaper.pdf

The CN whitepaper had not been peer reviewed, so we took that job on ourselves.

Our mathematicians and cryptographers raw (and sometimes snarky;) annotations are here: http://monero.cc/downloads/whitepaper_annotated.pdf
The review of the CN whitepaper as presented by one of our mathematicians is here: http://monero.cc/downloads/whitepaper_review.pdf

All worthy reads, and as you can see there's actual mathematics and cryptography and not just pretty pictures:-P

Thanks for the recommendations. I read some parts of the last one, I have M.Sc in Mathematics and it's good to see some mathematics in cryptocurrency. It looked interesting. I will study it completely later.
sr. member
Activity: 406
Merit: 250
August 09, 2014, 02:59:38 PM
#78
I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Why?

Because I'm involved with a project that is a new implementation of the latest version of Bitcoin and I'd like for it to be able to implement some level of anonymity at some point within the next year or two. The focus of the project isn't on anonymity at this point at all but personally I hope that eventually there will be solutions that won't require building everything from scratch like CryptoNote did.

Wishful thinking perhaps. Tongue

There are ways to add anonymity to bitcoin without changing the code. It won't be on source level, but with service providers. You could do something like a DAC mixer.

But even in this case don't you still have to trust the DAC's master or owner or whatever? Unless it was truly independent I guess.

The definition of DAC is that it is 100% autonomous. There are semi-smart contracts that are like those you were just thinking off.

legendary
Activity: 826
Merit: 1002
amarha
August 08, 2014, 12:20:07 PM
#77
I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Why?

Because I'm involved with a project that is a new implementation of the latest version of Bitcoin and I'd like for it to be able to implement some level of anonymity at some point within the next year or two. The focus of the project isn't on anonymity at this point at all but personally I hope that eventually there will be solutions that won't require building everything from scratch like CryptoNote did.

Wishful thinking perhaps. Tongue

There are ways to add anonymity to bitcoin without changing the code. It won't be on source level, but with service providers. You could do something like a DAC mixer.

But even in this case don't you still have to trust the DAC's master or owner or whatever? Unless it was truly independent I guess.
sr. member
Activity: 406
Merit: 250
August 08, 2014, 10:53:03 AM
#76
I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Why?

Because I'm involved with a project that is a new implementation of the latest version of Bitcoin and I'd like for it to be able to implement some level of anonymity at some point within the next year or two. The focus of the project isn't on anonymity at this point at all but personally I hope that eventually there will be solutions that won't require building everything from scratch like CryptoNote did.

Wishful thinking perhaps. Tongue

There are ways to add anonymity to bitcoin without changing the code. It won't be on source level, but with service providers. You could do something like a DAC mixer.
legendary
Activity: 826
Merit: 1002
amarha
August 08, 2014, 10:46:36 AM
#75
I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Why?

Because I'm involved with a project that is a new implementation of the latest version of Bitcoin and I'd like for it to be able to implement some level of anonymity at some point within the next year or two. The focus of the project isn't on anonymity at this point at all but personally I hope that eventually there will be solutions that won't require building everything from scratch like CryptoNote did.

Wishful thinking perhaps. Tongue
legendary
Activity: 1050
Merit: 1000
August 08, 2014, 09:45:08 AM
#74
BTSX with TITAN is a good candidate https://bitcointalksearch.org/topic/titan-infographic-transfer-invisibly-to-any-name-bitshares-feature-687251

Although I can't compare with other anonymous implementations as I know little of them.
legendary
Activity: 1596
Merit: 1030
Sine secretum non libertas
August 08, 2014, 09:41:30 AM
#73
I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Why?
legendary
Activity: 2674
Merit: 2965
Terminated.
August 08, 2014, 09:30:51 AM
#72
@Fluffypony
Very good questions. I'm excited that we're starting to see some higher level questions again.

1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.

2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.

As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.
Any other concerns? Looks like that he is interested in such discussions, which isn't surprising considering the amount of trolling in the coin thread.
legendary
Activity: 826
Merit: 1002
amarha
August 08, 2014, 08:17:35 AM
#71
Well the issue is that the IP and port of the MNs are known to the network and thus making them vulnerable. Well I don't think that all MNs will be able to get knocked down by this, surely there will be a few individuals to host a few MNs with high security. Don't you think so?

Absolutely - but the cost of doing this is extremely high. During a DDoS a datacenter is having their bandwidth saturated, and it's affecting other customers in the datacenter, so they will typically get their upstream bandwidth provider to null-route all traffic bound for that IP address. The upstream bandwidth provider's equipment is all muscle, no brain, on massive amounts of bandwidth, so it can't route things based on the type of data, only on the destination. Typically this means that DDoS mitigation is done, for example, by having round-robin DNS that spreads the load out to different data centers, and when under attack the DNS records can be updated faster than an attacker can reroute his DDoS. If the attack is sufficiently clever and sufficiently large there will be downtime, but it'll be measured in minutes and not in hours.

The only way to mitigate this is to scrub the data at line rate, which means you need your own very powerful, very clever, very expensive routers collocated at the DC. You're also going to need to rent at least 20gbps of the DC's bandwidth, even if you're only using a tiny tiny fraction of that, as a DDoS attack will fill that pipe and your routers will need to scrub it and only let clean data through. It's definitely doable, but it'll cost you tens of thousands of Dollars a month.

Problems like these make problems like Monero's blockchain bloat seem trivial in comparison.

This actually kind of sucks for me because I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

I guess at this point the only hope is XC's closed source solution. But I'm not holding my breath tbh.
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
August 08, 2014, 07:35:20 AM
#70
If a method is implemented where the wallet can determine the number of running masternodes with a certain level of probability before anonymizing its non-anonymized coins, the incentive to dos the masternodes is taken away. You had some ideas here, but even a superpeer group keeping the count would go a long way imo while a totally trustless solution is found.

That's true, although my idea was a little half-baked and not entirely thought through;) It still doesn't solve the problem of masternode operators being willing to attack each other to boost their own profits, though, and it doesn't give you any insight as to whether a masternode has been hacked and is being maliciously controlled. If they're hell-bent on using externally observable transaction mixing / coinjoin-style mixing, then the real solution is for every node to be involved in mixing (as with i2p or BitMessage, for instance), and for there to be no financial incentive to mix and no ability to disable it. That's the only way you avoid Sybil attacks and remove the risk of masternodes destroying each other. Then you'd need to add stealth addresses where output destinations are computed with random data, and hard fork so that any tx that has non-stealth outputs is rejected.
hero member
Activity: 966
Merit: 1003
August 08, 2014, 06:26:16 AM
#69
If a method is implemented where the wallet can determine the number of running masternodes with a certain level of probability before anonymizing its non-anonymized coins, the incentive to dos the masternodes is taken away. You had some ideas here, but even a superpeer group keeping the count would go a long way imo while a totally trustless solution is found.
Pages:
Jump to: