Author

Topic: CoinSwap + CT = Truly Anonymous (Read 221 times)

hero member
Activity: 718
Merit: 545
April 03, 2018, 04:11:33 AM
#12
CoinSwap :

https://bitcointalksearch.org/topic/coinswap-transaction-graph-disjoint-trustless-trading-321228

In laymans..

Alice wants to pay Carol.

What actually happens is that Bob pays Carol, and then Alice pays Bob (sound familiar?). There is no link between any of the transactions, as the rules are enforced using off chain transactions, which never get published.

It uses a technique almost identical to LN to make sure Bob can't lose his money. (he doesn't pay unless he knows he's getting paid)

Honestly - Mr Maxwell invented off chain crypto-concepts  / atomic transfers / HTLC contracts right there. Even LN was hiding behind the punctuation. We just didn't realise it.. lol
legendary
Activity: 1316
Merit: 1004
April 02, 2018, 04:40:34 PM
#11
This idea has already been implemented and used in Monero with ring signatures and you can get a basic ELI5 version of it with this video some guy in the community made.

The only difference with what you are saying is that you aren't sending a transaction through only one person, but rather you are sending a transaction that is made possible by using past signatures on the blockchain as decoys, and only key images can help the recipient verify that the payment hasn't been sent before.

CT came afterward in terms for Monero, so before you were able to tell the coin amounts being transacted... but how the code is right now with everything in place and also about to be upgrading to a mandatory ring signature of 5 to 7, I'm not ashamed to be colored impressed every time I learn more about it.  Only problems is scalability, but with the possibility of adding bullet proofs on the horizon, it looks like it won't last that long.

Not trying to shill, just trying to say that your idea already sort of exists.

Hmm.. nope, I don't think so. CoinSwap is very different to Ring Signatures / CoinJoin.

In a Ring Signature ( or a CoinJoin ) the anonymity set is still the size of the inputs to the transaction. The inputs match the outputs in some fashion.

With CoinSwap the anonymity set is the size of ALL CoinSwap transactions going on at that time on the whole chain. This is potentially MUCH larger, especially if everyone started using it by default. So that ALL transactions were CoinSwaps.

With CoinSwap + CT - there would be ZERO information on-chain about who was sending what to who. You would pay X in secret, and they would pay Y (all done in such a way that no one can scam each other). There would be nothing linking your payment to Y.

The CT is required, because Without it, either you all send the same amounts ( not cool ) or it is obviously trivial to see which transactions are linked (check the amounts). But With it.. BOOM!


Hmm, ok I just assumed you were just talking about coinjoin and didn't realize "coinswap" was talking about a different method of allow anonymity of the sender.  Is there a paper on this that you can link to me?

Also I'm curious how this could scale at all.  I mean I couldn't even fathom trying to scale something that takes every tx in the chain history (or possibly just block??)... I mean I guess bulletproofs could maybe help but still... things would get so exponentially big.  Not to mention coinswap + CT hides sender and amount, but does nothing for the recipient from what it sounds like.
hero member
Activity: 718
Merit: 545
April 02, 2018, 03:28:54 PM
#10
.. your idea already sort of exists.

PS. It's not my idea.

It's just

B.I.T.C.O.I.N

..

 Grin

..

..

god I love that bastard
hero member
Activity: 718
Merit: 545
April 02, 2018, 01:42:15 PM
#9
This idea has already been implemented and used in Monero with ring signatures and you can get a basic ELI5 version of it with this video some guy in the community made.

The only difference with what you are saying is that you aren't sending a transaction through only one person, but rather you are sending a transaction that is made possible by using past signatures on the blockchain as decoys, and only key images can help the recipient verify that the payment hasn't been sent before.

CT came afterward in terms for Monero, so before you were able to tell the coin amounts being transacted... but how the code is right now with everything in place and also about to be upgrading to a mandatory ring signature of 5 to 7, I'm not ashamed to be colored impressed every time I learn more about it.  Only problems is scalability, but with the possibility of adding bullet proofs on the horizon, it looks like it won't last that long.

Not trying to shill, just trying to say that your idea already sort of exists.

Hmm.. nope, I don't think so. CoinSwap is very different to Ring Signatures / CoinJoin.

In a Ring Signature ( or a CoinJoin ) the anonymity set is still the size of the inputs to the transaction. The inputs match the outputs in some fashion.

With CoinSwap the anonymity set is the size of ALL CoinSwap transactions going on at that time on the whole chain. This is potentially MUCH larger, especially if everyone started using it by default. So that ALL transactions were CoinSwaps.

With CoinSwap + CT - there would be ZERO information on-chain about who was sending what to who. You would pay X in secret, and they would pay Y (all done in such a way that no one can scam each other). There would be nothing linking your payment to Y.

The CT is required, because Without it, either you all send the same amounts ( not cool ) or it is obviously trivial to see which transactions are linked (check the amounts). But With it.. BOOM!
legendary
Activity: 1316
Merit: 1004
April 02, 2018, 10:03:28 AM
#8
This idea has already been implemented and used in Monero with ring signatures and you can get a basic ELI5 version of it with this video some guy in the community made.

The only difference with what you are saying is that you aren't sending a transaction through only one person, but rather you are sending a transaction that is made possible by using past signatures on the blockchain as decoys, and only key images can help the recipient verify that the payment hasn't been sent before.

CT came afterward in terms for Monero, so before you were able to tell the coin amounts being transacted... but how the code is right now with everything in place and also about to be upgrading to a mandatory ring signature of 5 to 7, I'm not ashamed to be colored impressed every time I learn more about it.  Only problems is scalability, but with the possibility of adding bullet proofs on the horizon, it looks like it won't last that long.

Not trying to shill, just trying to say that your idea already sort of exists.
legendary
Activity: 1624
Merit: 2481
April 02, 2018, 03:51:42 AM
#7
I think we have now all the missing pieces for the puzzle. Not it will just take some clever engineering to make it all work in practice, and of course will go through some more drama to activate this, just like segwit, I just hope it's easier to get implemented but I doubt it will be smooth.

The people working/optimizing the bitcoin network/protocol/software are smart people.
I am confident we will see a lot of improvements to BTC in the coming years.



Also it must be optional. Maybe enabled by default (because generally you want as much people as possible using it for it to work better) but there's a problem: if you want to buy some real estate with your bitcoin gains, you'll need to prove your trades. If your trading history is hidden, then how do you prove that you obtained your BTC gains legally and not trading drugs or whatever? this is why I think it must be optional, even if enabled by default.

There are several approaches possible to handle this kind of situations.
For example, monero has a very smart way of handling this: private view keys.

Those can be handed out to the government to prove when/where your coins came from.
legendary
Activity: 1372
Merit: 1252
March 31, 2018, 12:59:31 PM
#6
For anonymity in bitcoin we will have to wait for at least two improvements:



Schnorr as a basis for coinjoin can bring a pretty decent privacy level to bitcoin.
This, of course, requires the majority of people making use of this feature. But with lower transaction fees this should be incentive enough.

I think both is going to happen in the short-mid future.






And don't forget this:

https://www.coindesk.com/aim-fire-bulletproofs-breakthrough-privacy-blockchains/

I think we have now all the missing pieces for the puzzle. Not it will just take some clever engineering to make it all work in practice, and of course will go through some more drama to activate this, just like segwit, I just hope it's easier to get implemented but I doubt it will be smooth.

Also it must be optional. Maybe enabled by default (because generally you want as much people as possible using it for it to work better) but there's a problem: if you want to buy some real estate with your bitcoin gains, you'll need to prove your trades. If your trading history is hidden, then how do you prove that you obtained your BTC gains legally and not trading drugs or whatever? this is why I think it must be optional, even if enabled by default.
hero member
Activity: 718
Merit: 545
March 31, 2018, 03:20:14 AM
#5
I'd rather CT a CoinSwap than Schnorr a CoinJoin.. romantic fool that I am.
legendary
Activity: 1624
Merit: 2481
March 30, 2018, 01:47:21 PM
#4
For anonymity in bitcoin we will have to wait for at least two improvements:



Schnorr as a basis for coinjoin can bring a pretty decent privacy level to bitcoin.
This, of course, requires the majority of people making use of this feature. But with lower transaction fees this should be incentive enough.

I think both is going to happen in the short-mid future.




hero member
Activity: 718
Merit: 545
March 29, 2018, 01:59:42 PM
#3
CoinSwap already works on Bitcoin.

Once CT is activated.. It's ready.

The Only tricky bit is finding the person to participate with you in the CoinSwap, but this problem is FAR easier than the Lightning Network, so it shouldn't be too hard to sort out.

At a pinch, you could simply ask your direct peers on the BTC network if they have the funds available, and just use one of them.

Simples.
member
Activity: 238
Merit: 38
March 29, 2018, 01:52:51 PM
#2
Concept is good, however I am not sure how can be this achieved in a secured manner. This idea is better than coinJoin because with this one you basically will send every time to empty wallets with it being really hard to link transactions if you show inputs/outputs in graphical presentation with using graphs for instance.

Is this just an idea or it is being worked on?
hero member
Activity: 718
Merit: 545
March 29, 2018, 01:31:24 PM
#1
If every on-chain transaction, or most, was a CoinSwap, and they all used Confidential Transactions.. 

You could send any amount, via somebody else (within reason as you need to find someone who has that amount), without it being traceable, as the inputs/outputs are CT. You are no longer stuck having to send the same amounts.. same as CoinJoin+CT but with a far greater anonymity set, and yet you only have to find 1 other participant

This means that no-one would actually ever send money directly to anyone else, it would always go via somebody else. And you can't tell which transactions are linked.

Would you count that as Anonymous ? .. only the 2 people involved in the coinswap would know..

( I'm working on something and this popped up.. made me think )

Jump to: