Well, I'm impressed. Why you went to the trouble to implement your ring signature scheme makes a lot more sense now.Since the vast majority of transactions will be <42.94967295 BTC, almost all transactions will have exponent zero. So, transactions with exponent >0 will stand out and be much less anonymous. And the inputs and outputs to coin joins will need to have the same exponent.Nothing against it, the space saved is worth the loss of anonymity for very large transactions. But it is probably best to warn people about it so that no one uses confidential transactions incorrectly.Also, if I have several inputs with different exponents (let's say 0,1 and 2) and I want join them into a single ouput, will the protocol force me to have two outputs (with exp 0 and 2) or will it round down the amount.
Topic: Confidential Transactions, Content privacy for Bitcoin transactions (Read 14414 times)
January 16, 2018, 07:37:59 AM
January 16, 2018, 02:46:49 AM
Bump.
October 11, 2015, 03:28:27 PM
You might find this doc I wrote useful if you're looking into the details: https://github.com/AdamISZ/ConfidentialTransactionsDoc/blob/master/essayonCT.pdf. For example, the diagram at the end (page 20) of the transaction layout.
Thanks, the doc was very useful for understanding the details.
October 10, 2015, 01:42:18 PM
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required.
Do the wallets still need to connect directly, without touching the blockchain? How the receiver would learn the amount then?They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs.
This is about range proofs but I asked about commitments.You might find this doc I wrote useful if you're looking into the details: https://github.com/AdamISZ/ConfidentialTransactionsDoc/blob/master/essayonCT.pdf. For example, the diagram at the end (page 20) of the transaction layout.
October 08, 2015, 06:00:55 PM
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required.
Do the wallets still need to connect directly, without touching the blockchain? How the receiver would learn the amount then?(E.g. go build elements alpha, and give me an address from it and I'll send you some coins!).
Do I have to be online at the same time as you?They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs.
This is about range proofs but I asked about commitments. 
October 08, 2015, 01:41:10 PM
Does it mean that x and a are to be communicated privately (off-chain) from sender to recipient of coins? Anything else that is communicated privately?
Also, are commitments required for outputs only or you need to include input commitments as well in your transaction data? If including input commitments, I wonder if it makes sense changing their blinding factors, not just copying them from source outputs.
x is private by virtue of being the conveyed by an ECDH key negotiation. No external communication is required. (E.g. go build elements alpha, and give me an address from it and I'll send you some coins!).Also, are commitments required for outputs only or you need to include input commitments as well in your transaction data? If including input commitments, I wonder if it makes sense changing their blinding factors, not just copying them from source outputs.
They're required for outputs only, and technically only when there are multiple outputs. Inputs are already known to be in range by virtue of having been created as outputs.
October 08, 2015, 04:29:12 AM
Given our two generators we can build a commitment scheme like this:
commitment = xG + aH
Here x is our secret blinding factor, and a is the amount that we're committing to.
commitment = xG + aH
Here x is our secret blinding factor, and a is the amount that we're committing to.
Does it mean that x and a are to be communicated privately (off-chain) from sender to recipient of coins? Anything else that is communicated privately?
Also, are commitments required for outputs only or you need to include input commitments as well in your transaction data? If including input commitments, I wonder if it makes sense changing their blinding factors, not just copying them from source outputs.
October 05, 2015, 09:11:07 PM
Hello,
To gmaxwell,
Recently I posted an update to this page at https://abisprotocol.github.io/ABIS/
See commit at: https://github.com/ABISprotocol/ABIS/commit/6cfce05d65bcabe6d8529ac429ea48aee5214e96
Wondering what you think of this development and how the concept could be used for development of both private and small transactions in bitcoin?
To gmaxwell,
Recently I posted an update to this page at https://abisprotocol.github.io/ABIS/
See commit at: https://github.com/ABISprotocol/ABIS/commit/6cfce05d65bcabe6d8529ac429ea48aee5214e96
Wondering what you think of this development and how the concept could be used for development of both private and small transactions in bitcoin?
August 26, 2015, 08:39:15 AM
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains.
I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-)
It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue
All this before technical debates have even started...
What you're underestimating is the duration of the war. Sure, it will spread confusion, anger, defiance etc, but trends are so short these days, it'll probably blow over in a week or two. XT comes to irritate every now and again, but the enthusiasm doesn't last long.
We can only hope....
What i hate the most is today's cat rustling type of journalism. Somehow they can take any issue and whip up the world into a frenzy blowing things way out of proportion and spreading panic. Most of the crashes this week can be attributed to media's doomsday kind of reporting, if they even get a whiff of another issues, we'll all rue the day.
August 26, 2015, 08:23:31 AM
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains.
I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-)
It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue
All this before technical debates have even started...
What you're underestimating is the duration of the war. Sure, it will spread confusion, anger, defiance etc, but trends are so short these days, it'll probably blow over in a week or two. XT comes to irritate every now and again, but the enthusiasm doesn't last long.
August 26, 2015, 08:14:27 AM
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains.
I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-)
It won't be "considerable" this is likely to be all out war, think about the statements made by core devs with regard to alternate coins.....then they go and cook this up.... so they will get immense push back for that, then there is the personal interest vector, then there are those who will oppose a means of getting back @ them for this block size issue
All this before technical debates have even started...
August 26, 2015, 03:16:08 AM
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
In fact, I foresee considerable opposition to implement sidechain hooks in Bitcoin Core. But sidechains can add so much value to Bitcoin that the change is likely to be implemented. If not, Bitcoin might soon become obsolete and give way to an equivalent network that implements extensibility via sidechains.
I wonder what happens when the regulators realize that sidechains can put privacy and anonymity back ;-)
August 25, 2015, 01:42:13 PM
No matter how good this gets, the split over block size has caused a rift in BTC users and developers alike, some will be against this just as others fought the raise in block size. This will never get into core, likely we'll have another person threatening a hardfork.
It's unfortunate how things turned out. only way this makes it in is if a ton of concessions are made or they branch off.
It's unfortunate how things turned out. only way this makes it in is if a ton of concessions are made or they branch off.
But isn't innovation outside core exactly what sidechains are for?
Ah...in theory...
But for this to work it has to be tethered to the BTC chain...and there we'll have our Bitcoin world war II
I fully support undoing the patch that limited blocks down to 1 MB, let's revert to the original plan. But that alone is not enough, which is why i also support ideas like this as well, to create a more rounded and robust solution together.
August 25, 2015, 03:47:01 AM
No matter how good this gets, the split over block size has caused a rift in BTC users and developers alike, some will be against this just as others fought the raise in block size. This will never get into core, likely we'll have another person threatening a hardfork.
It's unfortunate how things turned out. only way this makes it in is if a ton of concessions are made or they branch off.
It's unfortunate how things turned out. only way this makes it in is if a ton of concessions are made or they branch off.
But isn't innovation outside core exactly what sidechains are for?
June 20, 2015, 02:30:54 AM
...
This exactly? No-- but some optimized, mature, and superior version... sometime in the future? I certainly plan to work towards that end. There are other people who work on software in this space which wouldn't support it, however.
...
This exactly? No-- but some optimized, mature, and superior version... sometime in the future? I certainly plan to work towards that end. There are other people who work on software in this space which wouldn't support it, however.
...
Strong of ideals.
Walking the moral road is rarely accomplished without conflict.
Keep walking, Gregory Maxwell - the quality of our children's future may well depend on it.
June 18, 2015, 09:12:07 PM
Will we ever be able to have totally obfuscated transactions that don't even show up in the blockchain (monero style)?
Monero uses Cryptonote which uses ring signatures to hide the sender of any given transaction such that it isn't possible to accurately connect given outputs with given inputs unless the sender revealed that information. Last I knew transactions, and their amounts, definitely were openly visible on their blockchain.Somewhat. Amounts are broken up into power-of-10 denominated pieces and each piece may be payment to one or another payee, or change. So the amount is obfuscated by the number of ways the pieces can be allocated into these bins.
So a payment of 100+20+3 could be a payment of 23 and change of 100, a payment of 120 and change of 3, two separate payments of 100 and 3 along with change of 20, etc. When there are more pieces the number of possible combinations increases.
It isn't true, however, that Monero transactions are something that doesn't even show up on a blockchain. They do show up and the total amount (payments plus change plus fee) can be seen as equal to the total inputs, which helps visible integrity of the money supply. You don't have a complete black box like zerocash where certain types of flaws could mean that infinite coins could be created (as was once possible in Bitcoin due to a bug) and never detected. Although you still do need to rely on the integrity of Monero's key images to ensure coins can't be double spent.
June 16, 2015, 02:58:35 PM
Will we ever be able to have totally obfuscated transactions that don't even show up in the blockchain (monero style)?
Monero uses Cryptonote which uses ring signatures to hide the sender of any given transaction such that it isn't possible to accurately connect given outputs with given inputs unless the sender revealed that information. Last I knew transactions, and their amounts, definitely were openly visible on their blockchain.what is the impact of such improvements in privacy regulations wise? i don't think the government will like the idea of it because they can't tax your shit.
This problem is inversely proportional to how decentralized the system is. Check out "torrents" for reference.Will this be useable within sidechains's "alts" or can you use it within btc transactions too?
This will be available on Bitcoin core after a hard fork. When that happens you'll hear about it.. June 16, 2015, 02:45:21 PM
Quote
Unlike some other proposals, this system is not just speculation or pure cryptography without integration with the Bitcoin system.
How can it be integrated in Bitcoin, to what I have see, it needs a new way to represent the value of a TxOut.It would need a new version of transaction to work with bitcoin right ?
June 16, 2015, 02:18:28 PM
Does this mean that only the amount of the transactions will be obfuscated but the addresses still show up in the blockchain?
You are supposed to use a different address for each transaction anyway.
Each transaction will effectively say "Address X paid Address Y some amount (possibly zero)".
June 16, 2015, 02:07:52 PM
Does this mean that only the amount of the transactions will be obfuscated but the addresses still show up in the blockchain? Im a math and coding retard so I need this in layman words to know what this feature exactly does.
Will this be useable within sidechains's "alts" or can you use it within btc transactions too?
Will we ever be able to have totally obfuscated transactions that don't even show up in the blockchain (monero style)? what is the impact of such improvements in privacy regulations wise? i don't think the government will like the idea of it because they can't tax your shit. If it's difficult now with coin mixers and whatever, imagine in the future.
Will this be useable within sidechains's "alts" or can you use it within btc transactions too?
Will we ever be able to have totally obfuscated transactions that don't even show up in the blockchain (monero style)? what is the impact of such improvements in privacy regulations wise? i don't think the government will like the idea of it because they can't tax your shit. If it's difficult now with coin mixers and whatever, imagine in the future.
Jump to: