Topic: Anonymity in the Bitcoin: Splitting Transactions (Read 3321 times)

that's why you move your money through MANY exchanges not just 2.

Those other exchanges you use can trace you if they collude.

This is the same as just withdrawing and depositing to bitcoin casinos or other high-volume websites. The exchanging to altcoin only adds trading fees.

i ever try this method, and it's pretty cool really work, ok the explanation like this
i have some bitcoin then i bought dogecoin on other exchanger like bittrex,poloniex or yobit then i transfer to another wallet and then deposite to my local exchanger then sell it for bitcoin, tadaaaa they can't trace me
dogecoin has a low tx fee btw

Actually money laundering should not be a crime. The only real crime here is government taxation. If there wasn't for taxes no one would care who was the previous owner of the coins you get. It might be easier to strip governments of their powers than to regulate and even ban cryptocurrencies. One should not stop paying taxes because of their own greed but to stop governments from funding wars. If you pay taxes you are more of a criminal than the person who doesn't.

There are many people in our meetups, who wants to sacrifice anonymity for more acceptance from governments and banks. They feel the pseudo-anonymity is hurting our

cause, and should only apply to secure a small degree of financial privacy. I strongly disagree with this train of thought, but I am willing to swap hats to view this from both

sides. We have seen Alt coins like Ripple going this route and they might just get the edge by doing this. If we had 100% anonymity built into the Bitcoin protocol, we would

have attracted a lot more bad characters. { We are already being labelled as Pedo's and drug smugglers and this will just add fuel to the fire }      

Isn't the above paragraph from the wiki undermined by the fact that block hash itself provides us a source of random numbers? For example, Peggy and Victor could agree to decide their action based on the block hash of some future block that has not been mined yet. Neither Peggy nor Victor could fake the outcome of a dice roll based on a block hash.

edit:
to those who are interested in the essence of the zero proof knowledge but find that the wiki page sucks at explaining it, here's a good find:

http://mathoverflow.net/questions/22624/example-of-a-good-zero-knowledge-proof

That is a good point! And I believe it is true, the number of UTXO would increase indeed. But I don't know by which factor (x100? x1000?) and how bad it would be, what is the size of an UTXO? If small, maybe not a problem to have 1000x more UTXOs.


Yeah, and then end up paying 50% of your bitcoins as transfer fees
Aside from that, you still have the hurdle of doing all of this transfer by yourself. (Okay, here one integrated solution would help).


I think it is more about privacy. Just imagine if all the bank transactions were public and not anonymous, which means, anyone could know exactly how much you have in your account and your payment history.
That is not something we want to share.
In today's Bitcoin it is not so easy to do that, but also not impossible. And this technique would only make it more difficult to get to that, and so improving privacy.


In lot of scenarios we face with the tradeoff invariant, but I believe this might not be the case.

There is already a project being developed to implement a system which makes everything anonymous. The key concept behind it is zero-proof (https://en.wikipedia.org/wiki/Zero-knowledge_proof).
The wiki page has a really cool example to understand it.

Zcash is one currency that is implementing it (https://z.cash/). 
I think they were the same guys under the name of Zerocoin, and both use the Zerocash protocol.

Maybe there are other altcoins doing the same, but I think that Zcash is the main one, where the researcher who proposed the Zerochash protocol is working on it.

For now it is under development. So until there we can keep implementing those 'hacks' to enhance current privacy.

Thanks for all the input!

Yes the anonymity part of cryptocurrencies also bothers me a lot. All those altcoins that claim to provide anonymity are scams because none of them has actually implemented true anonymity. There are many very smart cryptography experts involved in cryptocurrencies so the fact that none of them has come up with a truly anonymous coins tells us that it is probably impossible the way we would imagine it to work.

Therefore, I propose that a truly anonymous coin has to make a compromise and somehow be less effective than bitcoin and it's derivatives while beating them at anonymity. Look at the image compression problem, for example. We have to choose between lossless and lossy algorithms such as PNG and JPG. While PNG is lossless, files compressed with PNG are pretty much always larger than files compressed with JPG. So which one to use? As always, it depends.

So, here's my message to all those hard-core cryptography experts trying to figure out how to make a truly anonymous cryptocurrency: be willing to make a sacrifice. Perhaps a truly anonymous coin is not able to send the exact amount of coins to the receiver but instead +- 10% of the amount defined by the sender, depending on some unpredictable factors?

but first of all bitcoin wasnt built to be anonymous, its rather the opposite .

I took a quick look at the NAV Coin website.   The following text is enough to give me major doubts.

I think the best way to stay anonymous is to sell your bitcoins for whatever altcoin, then transfer those altcoins to another exchange and buy back your bitcoins. if the exchange is on Tor there is a good chance that the LEs will never get the data that could lead to your identity.

Hi there,

Are you are aware that NAV coin is has a fully anonymous transaction system and a fully anonymous chat system. Check it out http://www.navajocoin.org/ They are a great coin to invest in at the moment as well as they are in process of decentralising their anonymous system. Happy trading

I like.

I was wondering, will this explode the size of the UTXO set ?

As in, will there be more outputs than inputs generated per txn ? Since normally you spend multiple inputs for just 1 output (+ change)

Now you would be using multiple inputs to fulfil the requests, but there are multiple outputs too..

 

Thank you!

This is pretty much what I was thinking! He calls Merge Avoidance and I called it Splitting Transactions.
Doing a quick search, i think that this was ignored or postponed by the community... I might look up on this and do some research on the effectiveness of this technique.

Blockchain offer anonymity in BTC transfers, just tick your BTC receiving address as not public address and that's all 

CoinJoin is implemented today in the JoinMarket project. It has created an average of 14-15 coinjoin transactions per day in the last 9 months.

https://bitcointalksearch.org/topic/m.10096563

It's not clear that coinjoin is the best way with what you're writing about here. Have you read this blog post about the topic? https://medium.com/@octskyward/merge-avoidance-7f95a386692f (However ignore what's written about CoinJoin here, much of it is now inaccurate)

Yes, blending is an option, but if you don't need to blend, that would be even better.
CoinJoin you need to trust and find some peers. Using this transaction split, you only need to trust the peer you are dealing with.

This arise some questions, like how feasible and reliable are today's CoinJoin transactions.

This is a common misconception. Even here on bitcointalk accounts are linked by spend linked addresses, which could be CoinJoin TX. I would argue that a human could probably identify a CoinJoin (just by the larger number of inputs and outputs), but not reliably. I remember there was a paper about CoinJoin and they just assumed that  5 or more inputs are CoinJoin, because they couldnt be sure and couldnt check all TX by hand either.


But isnt that the point of anonymity? To blend in with the masses in a way that makes your payments intertwined with everyone elses. That way its impossible to find a single person, not because there are no links, but because there are links from (almost) everyone to (almost) everyone.

A CoinJoin implementation in more wallets than just bc.i would be a great step and AFAIK Samourai wallet and/or Mycelium devs are working on that. Mycelium will implement the code once its finished.

I think it would go be good to remove the "only criminals need anonymity" stigma though, as it seems many attempts to get this rolling failed because they required high skill and(!) high user participation to work[1].

[1] e.g. https://bitcointalksearch.org/topic/ann-andytoshis-coinjoin-client-432121

It sounds useful to me as a power user feature.   The change address linking has always bothered me.

It is less powerful than complete coin control, but adds a useful level of convenience/automation.

Also, it seems pretty simple to implement for the command-line.   Eg, the sendtoaddress API could be modified (or wrappered by an external script).

afaik, there is no tool available for using coin control (selecting inputs) on the command-line.

More thoughts:

* If there are N transactions it may be useful to have m change addresses, where m is random.  Just to add variance.

* Ideally the change amounts would resemble the non-change amounts.  ie similar both in quantity and number of digits. 

* this is orthogonal but the software could also have a mode that attempts to send without any change address.  eg, it could prompt the user that the best match from available inputs is 1.234 BTC when the payment amount is 1.1 BTC.   Send without change: Yes/No?      A limit could be supplied so it would auto choose Yes if the difference is under the limit.

Yeah, maybe not hard, but the 'trick' is to arrange with the seller how the transaction is going to be (with multiple transactions with sum of output summing up to original price).


I agree with you, but some scientific support here would be good. This would indicate that using transactions with change addresses is not really a problem.
But I was thinking in the cases where the change address can be easily spotted like say, you buy something from Walmart (and Walmart uses some known address).
That is, it would be nice to know how much of the transactions are like this (easily spotted vs. not so easy).


I think I get you, but it still links all the input addresses. I was working under the assumption that all the input addresses will be linked somehow, and I think this is how naive deanonymizing algorithms work (I was told that BitIodine does that).


Yes sure. This was another thing I thought before, but I was told that mostly transactions on the network with multiple input addresses aren't CoinJoin operations (and from this I was assuming to always link input addresses).

We can also view it this way, instead of trying to use the CoinJoin (which has it's disadvantages) the splitting of the transaction could take place instead.
CoinJoin would mix some entities (and maybe make some algorithms think it its only one entity), while the splitting technique avoids the linking at all.

I will look for some study on this, but I might agree that the case of newly generated change addresses might not be a problem.
However we still have the multi input transaction, where you suggest CoinJoin (which works at some extent) but this here might be another solution.

My goal here is to get more thoughts on the topic and then decide if this is a promising thing or not.
Thanks.