Does the protocol have any way for participants to negotiate on output size restrictions?
Either make all the outputs the exact same size, or maybe restrict them to something like integer (positive and negative) powers of two?
Topic: CoinJoin: Bitcoin privacy for the real world - page 30. (Read 294649 times)
Is destroying user's financial privacy and Bitcoin's fungiblity the next big business for someone to get rich quick on?
http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/
It doesn't have to be, but preventing this future requires substantial movement in the default behavior of everyday Bitcoin users, not just a minority of people with special interests.
http://www.forbes.com/sites/kashmirhill/2013/11/13/sanitizing-bitcoin-coin-validation/
It doesn't have to be, but preventing this future requires substantial movement in the default behavior of everyday Bitcoin users, not just a minority of people with special interests.
Good stuff piuk ... someone needed to get the ball rolling and centralised 'trusted' CoinJoin is better than none.
Will be interested to see the statistics of how many people voluntarily choose to keep tx private when it is not so stigmatised and a simple, easy to use on/off toggle.
Will be interested to see the statistics of how many people voluntarily choose to keep tx private when it is not so stigmatised and a simple, easy to use on/off toggle.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
thanks for clearing that up maaku.
*tangent warning* blind signatures are amazing. some people talk about how the future will be saved from tyranny through peaceful parenting. others through the political system. some through revolution. but my money is on the efforts of people like yourself and gmaxwell. idk if you ever stop to think about this, but just the hand full of you guys working on these sorts of technologies might be responsible for saving the entire human species from extinction or worse. i know that sounds dramatic but i really think its hard to overstate the importance of this sort of research.
*tangent warning* blind signatures are amazing. some people talk about how the future will be saved from tyranny through peaceful parenting. others through the political system. some through revolution. but my money is on the efforts of people like yourself and gmaxwell. idk if you ever stop to think about this, but just the hand full of you guys working on these sorts of technologies might be responsible for saving the entire human species from extinction or worse. i know that sounds dramatic but i really think its hard to overstate the importance of this sort of research.
+1
thanks for clearing that up maaku.
*tangent warning* blind signatures are amazing. some people talk about how the future will be saved from tyranny through peaceful parenting. others through the political system. some through revolution. but my money is on the efforts of people like yourself and gmaxwell. idk if you ever stop to think about this, but just the hand full of you guys working on these sorts of technologies might be responsible for saving the entire human species from extinction or worse. i know that sounds dramatic but i really think its hard to overstate the importance of this sort of research.
*tangent warning* blind signatures are amazing. some people talk about how the future will be saved from tyranny through peaceful parenting. others through the political system. some through revolution. but my money is on the efforts of people like yourself and gmaxwell. idk if you ever stop to think about this, but just the hand full of you guys working on these sorts of technologies might be responsible for saving the entire human species from extinction or worse. i know that sounds dramatic but i really think its hard to overstate the importance of this sort of research.
Yes, the facilitator gains no extra information about the transaction than is observable from the outside, if blind signing is used (see gmaxwell's posts at the beginning of this thread).
Anon136, there is no need to reduce the set of facilitators in any way, even by distributed consensus. But miners could certainly publish lists of perceived reliable facilitators in their blocks, helping others to find them. There's a proposal along these lines for peer lists that is currently circulating the development mailing list.
what if the majority of the facilitators were actually a single malicious actor using multiple ip exit nodes? have you devised a mechanism for preventing him from being able to deduce information about transactions in this manner? or have you devised an alternative mechanism for insuring that no such actor is ever able to gain that much influence?
Anon136, there is no need to reduce the set of facilitators in any way, even by distributed consensus. But miners could certainly publish lists of perceived reliable facilitators in their blocks, helping others to find them. There's a proposal along these lines for peer lists that is currently circulating the development mailing list.
I think there is a flaw in the blind signing solution. The client doesn't know how many other genuine participants have joined in a transaction so if the server was malicious it could lie, add its own outputs, and force one participant per transaction. With only one genuine participant in the transaction even if the outputs are blind signed it simple to connect the correct inputs.
That's why you use multiple facilitators, and act as act as facilitator yourself 1/N of the time. The implementation I'm working on is fully p2p.
That's no better than the two-party case though - you have no idea if anyone else in the p2p network, facilitator or not, is real or part of a sybil attack, and it's still going to be slower to complete a transaction than the two-party alternative.
how did we solve this with bitcoin? you could solve it here the exact same way. have the facilitators be the 6 most recent miners to contribute new blocks to the blockchain. or atleast the 6 most recent who agree to provide the service.
maaku if you read this also please tell me what you think.
otherwise just making it p2p for the fun of it is not doing anything.
Actually it is doing something - providing a type of plausible deniability.Suppose CoinJoin transactions become a frequent occurrence in the blockchain. I can now spend funds from my wallet using transactions that appear to be CoinJoins, but are actually only my funds. I might only need to use "real" CoinJoin transactions some small percentage of the time.
Exactly.
There's this huge upside to widespread use of coinjoin transactions (no matter how they've been assembled) in general (even affecting people that don't ever use coinjoin), because it torpedoes the assumption that all inputs of a transaction are owned by a single entity that can currently pretty reliably be used to cluster addresses, which is the most common (valid) argument used when arguing that bitcoin isn't as private as many think.
One question piuk: does your servers in any way store records that would allow this mapping to be conducted by some entity gaining access to your databases?
You should never asks this question of any service.Why? Because the answer you receive doesn't matter because you have no way to independently to verify the truth of a response.
A dishonest operator can lie.
An honest operator might not start out keeping logs, but could be ordered to do so and forbidden from telling you the truth via the threat of going to jail.
An honest operator might not realize they are keeping logs because their system has been compromised.
Under no circumstances can you trust someone's word about not keeping logs. This applies to VPN providers, bitcoin mixers, email hosts, or any other privacy-sensitive service. If it's conceivably possible that they are keeping privacy-destroying logs then you must assume they are, and act accordingly.
There's the possiblity he will just say: yes, we keep logs. In that case the question would've made sense.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
Best to use both if you really need to be able to count on the privacy... and hopefully someone will come up with a off-chain transfer system on some Tor site that implements chaum tokens.
Could Open Transactions play a role in any of this?
https://github.com/FellowTraveler/Open-Transactions
otherwise just making it p2p for the fun of it is not doing anything.
Actually it is doing something - providing a type of plausible deniability.Suppose CoinJoin transactions become a frequent occurrence in the blockchain. I can now spend funds from my wallet using transactions that appear to be CoinJoins, but are actually only my funds. I might only need to use "real" CoinJoin transactions some small percentage of the time.
piuk, and my, point is that decentralized P2P systems with anonymous counterparties aren't necessarily any better because you can't know if your counterparties to the coinjoin are the NSA/FBI/whatever.
It turns into a numbers game. If x% of the participants are evil, then you need to mix 1/x times.Best to use both if you really need to be able to count on the privacy... and hopefully someone will come up with a off-chain transfer system on some Tor site that implements chaum tokens.
I agree the ideal solution is a cryptographic protocol in which nobody can cheat, even if all the participants are evil.
to make coinjoin work properly we first need decentralised identity and reputation systems to protect against that. otherwise just making it p2p for the fun of it is not doing anything.
Under no circumstances can you trust someone's word about not keeping logs. This applies to VPN providers, bitcoin mixers, email hosts, or any other privacy-sensitive service. If it's conceivably possible that they are keeping privacy-destroying logs then you must assume they are, and act accordingly.
piuk, and my, point is that decentralized P2P systems with anonymous counterparties aren't necessarily any better because you can't know if your counterparties to the coinjoin are the NSA/FBI/whatever.
At least with a central service if they are honest you're well protected. With P2P stuff every transaction you make may or may not be deanonymized.
Best to use both if you really need to be able to count on the privacy... and hopefully someone will come up with a off-chain transfer system on some Tor site that implements chaum tokens.
Under no circumstances can you trust someone's word about not keeping logs. This applies to VPN providers, bitcoin mixers, email hosts, or any other privacy-sensitive service. If it's conceivably possible that they are keeping privacy-destroying logs then you must assume they are, and act accordingly.
I hate to do this (in fact it might be the first time I actually have) but:
+1
One question piuk: does your servers in any way store records that would allow this mapping to be conducted by some entity gaining access to your databases?
You should never asks this question of any service.Why? Because the answer you receive doesn't matter because you have no way to independently to verify the truth of a response.
A dishonest operator can lie.
An honest operator might not start out keeping logs, but could be ordered to do so and forbidden from telling you the truth via the threat of going to jail.
An honest operator might not realize they are keeping logs because their system has been compromised.
Under no circumstances can you trust someone's word about not keeping logs. This applies to VPN providers, bitcoin mixers, email hosts, or any other privacy-sensitive service. If it's conceivably possible that they are keeping privacy-destroying logs then you must assume they are, and act accordingly.
Blockchain.info's coinjoin implementation (Shared coin) is now available in the wallet interface by default.
Way to go piuk! It's a centralised effort but it's better to have a centralised coinjoin than no coinjoin at all.
I totally agree. However I think it should be made transparent that with this solution, the facilitator can map inputs to outputs easily and you have to trust him with retaining your own personal privacy.
One question piuk: does your servers in any way store records that would allow this mapping to be conducted by some entity gaining access to your databases?
Blockchain.info's coinjoin implementation (Shared coin) is now available in the wallet interface by default.
Way to go piuk! It's a centralised effort but it's better to have a centralised coinjoin than no coinjoin at all.
Jump to: