CoinJoin: Bitcoin privacy for the real world - page 6.

dooglus

legendary

Activity: 2940

Merit: 1333

Quote from: Equilux on June 13, 2016, 08:41:43 AM

Great post man, thanks! Makes me appreciate more what a cool idea this is.

Here's an actual example of a CoinJoin transaction (click link for blockchain.info link):

There were 3 people involved in the transaction. There are 6 outputs, 2 per person. 3 of the outputs (coloured yellow) are for the exact same amount. It's impossible to know which of these three yellow outputs belongs to which of the 3 people just from looking at this transaction. The other 3 outputs are change amounts. We can easily tie the change outputs to the inputs, which I did by using the coloured arrows.

The guy who spent 82 BTC got back a yellow 70 BTC and 12 BTC of change - indicated by the blue arrow.
The guy who spent 171 BTC got back a yellow 70 BTC and 101 BTC of change - indicated by the orange arrow.
All the other inputs came from the 3rd guy, and he got back a yellow 70 BTC and 41 BTC of change - indicated by all the red lines.

Hopefully that makes it clearer. It's the yellow outputs that have been anonymised by this transaction, not the inputs or the change outputs.

PantminerS7

full member

Activity: 165

Merit: 100

Quote from: Equilux on June 13, 2016, 08:41:43 AM

Quote from: PantminerS7 on June 13, 2016, 08:26:44 AM

Quote from: twinkletoes007 on May 21, 2016, 05:04:55 PM

Somebody please "CoinJoin for Dummies".

Snip

Great post man, thanks! Makes me appreciate more what a cool idea this is.

If you like the idea and concept, I encourage you to download the blockchain and get your own Joinmarket-maker script running. Estimates are that the avg. maker gets about a 1% annual increase in their coin. All you need is a computer that can run the script and bitcoind.

You can get the private keys for your addresses, so you are actually in control of your coins the entire time, unlike all other similar services I've seen.

In addition, you'll get that good feeling of supporting both the bitcoin network and Joinmarket!

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: smoothie on June 13, 2016, 06:35:33 AM

Couldn't you just use poloniex to get monero bought with BTC, then send it to yourself with a mixin of 5 or 100 or whatever you choose, then convert it with XMR.to back to BTC?

That's centralized and you lose control of your coins even if temporarily. Coin Join allows for mixing without ever giving out your coins or control of them.

Any exchange or gambling site or online wallet will do what you suggest. You just have to trust them to be online long enough for you to withdraw, and/or not get hacked, shutdown, or whatever.

I've actually seen a few people deposit to my site, wait a few days (when I "join" all deposits to the cold wallet), then withdraw, without ever playing. Works the same way. But now their coins are "tainted", so don't go try going to coinbase directly from any gambling site. Our wallets are all tagged.

Equilux

sr. member

Activity: 353

Merit: 251

Quote from: PantminerS7 on June 13, 2016, 08:26:44 AM

Quote from: twinkletoes007 on May 21, 2016, 05:04:55 PM

Somebody please "CoinJoin for Dummies".

Basically, you join payments together to 'anonymize' coins, while trading coins for other coins to make proving someones ownership of a specific coin harder.

Using Joinmarket as an example;
There are makers and takers in the Joinmarket network. Makers run a script that offers their coin for coinjoin transactions in exchange for a small fee. They sit around on the network, looking for a taker who needs coins mixed.

Takers, on the other hand, pay the makers to trade coins with them. Takers will come into Joinmarket announcing that they want to mix a certain amount of coins. Eventually a maker will accept his offer, and the maker and taker (and possibly more parties) all make one big Bitcoin transaction with lots of outputs to different addresses.

Joinmarket is just one of many ways a coinjoin can happen, but this should give you the general idea.

The whole taker-maker process aims to mix the coins for the takers and the makers, making it harder to tell who owns which coins after the coinjoin-transaction. It will be hard to tell who now owns each output, if someone owns several outputs etc., which is the end goal of the transaction.

Users can run this process as many times as they like, the assumption being that more coinjoin transactions = better privacy.

Great post man, thanks! Makes me appreciate more what a cool idea this is.

PantminerS7

full member

Activity: 165

Merit: 100

Quote from: twinkletoes007 on May 21, 2016, 05:04:55 PM

Somebody please "CoinJoin for Dummies".

Basically, you join payments together to 'anonymize' coins, while trading coins for other coins to make proving someones ownership of a specific coin harder.

Using Joinmarket as an example;
There are makers and takers in the Joinmarket network. Makers run a script that offers their coin for coinjoin transactions in exchange for a small fee. They sit around on the network, looking for a taker who needs coins mixed.

Takers, on the other hand, pay the makers to trade coins with them. Takers will come into Joinmarket announcing that they want to mix a certain amount of coins. Eventually a maker will accept his offer, and the maker and taker (and possibly more parties) all make one big Bitcoin transaction with lots of outputs to different addresses.

Joinmarket is just one of many ways a coinjoin can happen, but this should give you the general idea.

The whole taker-maker process aims to mix the coins for the takers and the makers, making it harder to tell who owns which coins after the coinjoin-transaction. It will be hard to tell who now owns each output, if someone owns several outputs etc., which is the end goal of the transaction.

Users can run this process as many times as they like, the assumption being that more coinjoin transactions = better privacy.

smoothie

legendary

Activity: 2492

Merit: 1473

LEALANA Bitcoin Grim Reaper

Couldn't you just use poloniex to get monero bought with BTC, then send it to yourself with a mixin of 5 or 100 or whatever you choose, then convert it with XMR.to back to BTC?

savobaby

newbie

Activity: 1

Merit: 0

May I just say, I am so fucking impressed with what everyone has been posting here. That. Is. All.

Carlsen

hero member

Activity: 910

Merit: 501

Quote from: Cryddit on June 08, 2016, 02:59:29 PM

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds. 50 of them pay out double (minus the house cut) and 50 disappear. So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.

In this case I would be just too scared to loose 75 or more of my bets.
That would be a relatively high mixing fee. Personally I would not take that risk.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: Cryddit on June 08, 2016, 02:59:29 PM

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds. 50 of them pay out double (minus the house cut) and 50 disappear. So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.

Most gambling sites do off-chain transactions. If you want to mix 10 BTC, you simply deposit. Wait a few days. And then Withdraw. No need to actually gamble or play.

The problem is if you need to exchange the mixed coins, they are tagged as "gambling" coins by such exchanges as coinbase. So you need to bounce them around a few times among your own wallets.

ABISprotocol

sr. member

Activity: 278

Merit: 252

ABISprotocol on Gist

Quote from: Rampion on June 08, 2016, 08:37:41 AM

Quote from: K1773R on June 06, 2016, 03:18:33 AM

Quote from: Rampion on May 31, 2016, 02:38:41 PM

Quote from: mangox on May 31, 2016, 02:07:59 PM

Quote

BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.

Just use joinmarket.

Are there any easy, straightforward instructions to use joinmarket? Blockchain's shared coin was easy.

Actually, yes, there are -

Joinmarket has a reddit: https://www.reddit.com/r/joinmarket May not be a bad place to have questions answered, but you may want to do tor and create a disposable account for it. I won't use reddit anymore because of this - they are getting NSLs all the time, read in depth into comments... https://www.reddit.com/r/announcements/comments/4cqyia/for_your_reading_pleasure_our_2015_transparency/

However, if you don't want to deal with that, you could just view / lurk in the reddit discussions without having to log in and find out some of what you need, or just check out the right-hand side of the screen (under 'How do I get Started') which has the links you need.

There's also a very handy set of instructions right on github, for the GUI version of it, here:

https://github.com/JoinMarket-Org/JMBinary

Pretty damn handy. :-)

Cryddit

legendary

Activity: 924

Merit: 1132

Bitcoin gambling sites are entirely functional as (probabilistic) mixers, if you trust the gambling sites.

Wanna mix 10BTC? Just make a hundred 0.1BTC bets at even odds. 50 of them pay out double (minus the house cut) and 50 disappear. So you get your 10BTC back, minus the house cut, and the house cut in that case is just a mixing fee.

But that's not really what coinjoin is supposed to accomplish.

Rampion

legendary

Activity: 1148

Merit: 1018

Quote from: K1773R on June 06, 2016, 03:18:33 AM

Quote from: Rampion on May 31, 2016, 02:38:41 PM

Quote from: mangox on May 31, 2016, 02:07:59 PM

Quote

BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.

Just use joinmarket.

Are there any easy, straightforward instructions to use joinmarket? Blockchain's shared coin was easy.

ABISprotocol

sr. member

Activity: 278

Merit: 252

ABISprotocol on Gist

Quote from: Mr.Broker on June 07, 2016, 06:17:47 AM

People appear to have been sending very large numbers of addresses dust as a way to break anonymity. Granted, they also may have been doing it as a way to get signatures from scriptPubKeys due to the 'R' re-use issue, but the script would use bitcoind to spend the dust which is known to not be vulnerable.

Also there's lots of pretty much unspendable dust out there from Satoshidice and others, and again such a script can help.

Check with Peter Todd before using (not sure if up to date exactly because was last updated November 2015) but, this could be useful if you are trying to deal with some dust issue (Core)

https://github.com/petertodd/dust-b-gone

I also happen to think that dust isn't as big a deal as people think it is. It is a gift, not a curse, and it should be treated as such, people just haven't been innovative enough yet to address it well or meaningfully. See project referred to in my signature.

Also, see BlockCypher's API http://dev.blockcypher.com/#microtransaction-api

(I do not work for BlockCypher, but I consider their work innovative)

Mr.Broker

newbie

Activity: 8

Merit: 0

People appear to have been sending very large numbers of addresses dust as a way to break anonymity. Granted, they also may have been doing it as a way to get signatures from scriptPubKeys due to the 'R' re-use issue, but the script would use bitcoind to spend the dust which is known to not be vulnerable.

Also there's lots of pretty much unspendable dust out there from Satoshidice and others, and again such a script can help.

K1773R

legendary

Activity: 1792

Merit: 1008

/dev/null

Quote from: Rampion on May 31, 2016, 02:38:41 PM

Quote from: mangox on May 31, 2016, 02:07:59 PM

Quote

BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.

Just use joinmarket.

Rampion

legendary

Activity: 1148

Merit: 1018

Quote from: mangox on May 31, 2016, 02:07:59 PM

Quote

BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

That really sucks.

mangox

sr. member

Activity: 364

Merit: 250

Quote

BTW (and sorry for being slightly off-topic): did blockchain.info remove "shared coin", their coinjoin implementation? Cannot find it anymore!

does not exist anymore Sad

waxwing

sr. member

Activity: 469

Merit: 253

Quote from: Dabs on May 23, 2016, 11:47:15 AM

It would seem someone intentionally destroyed 1.6 BTC.

Phi to be (more) precise

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: CohibAA on May 23, 2016, 03:51:34 AM

(that might not even be the most interesting thing about that transaction...)

I looked at that, and this one looked interesting to me:

https://btc.blockr.io/address/info/1PavedWithGodAndSomeTeensionXudq5X

It would seem someone intentionally destroyed 1.6 BTC.

belcher

sr. member

Activity: 261

Merit: 523

New paper on address closures / clustering.

http://arxiv.org/abs/1605.06369

Quote from: Dabs on May 14, 2016, 10:41:21 PM

Sorry for bumping this thread ... I'm just curious.

Quote from: gmaxwell on August 21, 2013, 09:35:24 PM

...

3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

...

The bounty fund will pay out as funds are available according to the signers best judgment for completed work proposed in this thread that furthers the goal of making improved transaction privacy a practical reality for Bitcoin users.

If JoinMarket did not qualify, and CoinShuffle (or ShuffleCoin?) did not also qualify, what would do it? Does it have to be completely decentralized? Can it be something that relies on a "super-node" or even a third party website, bot or api? (Someone collects possible transactions and makes everyone sign it once a day or once an hour or something.)

How do you define "practical reality for Bitcoin users"?

Did I miss any other attempts at implementing this aside from CoinShuffle and JoinMarket?

Would be interested to know as well.
Six months ago I sent a PM to theymos, Pieter Wuille, gmaxwell asking for (some of) the bounty.

Quote from: CohibAA on May 23, 2016, 03:51:34 AM

I think something like this would be possible to build within JoinMarket, such that "takers" are given an option to delay and group their transaction with other takers (and makers, maybe), but again, I'm sure the coding would be substantial. A better solution for JoinMarket will likely be simple growth. The GUI is probably helping to bring in more users. An Electrum plugin could also be potentially huge for JoinMarket, bringing fungibility (is that a word?) to many more users. I think some privacy conscious websites may also benefit from implementing JoinMarket transactions into their wallet structure (online casinos, darknet markets, etc.) which will also help the current limitations.

This could be done with a script called patientsendpayment.py, https://github.com/JoinMarket-Org/joinmarket/wiki/Sending-payments-with-CoinJoin#patient-send-payment
Although because the current protocol is flawed and needs updating, you can only send to addresses for which you know the private key.

Using JoinMarket for bitcoin websites could be done today, I've written a brief explanation on how here https://github.com/JoinMarket-Org/joinmarket/issues/293

Topic: CoinJoin: Bitcoin privacy for the real world - page 6. (Read 294649 times)