Topic: I taint rich! (Raw txn fun and disrupting 'taint' analysis; >51kBTC linked!) - page 2. (Read 22832 times)

I don't think I'd be personally doing it. Maybe my example was flawed. If someone paid a million dollars in Bitcoin to assassinate a high government official and the government was highly motivated to find the person would this eliminate the possibility?

It seems to me that "your method" puts all the liability on you. You won't make enough from your fees to pay to your lawyers.

Good luck with that! I mean, tracking down people.

It must be happy hour?

If a bank issues liabilities (e.g. paper notes) and you get yours stolen it doesn't mean that the bank has to render your stolen notes worthless for it would make all the paper notes ever printed to fall in value. Same thing with BTC, if you lost it then it's your fault for being a n00b, it's not his fault for tainting rich.

This is interesting. Let's say I had 10k stolen btc that I wanted to launder. I could send them to you and when they return to me they would be linked to your well known address as well as all of the other addresses in the mixing group. Wouldn't that just give investigators more work instead of eliminating the trail entirely? Possibly make the mixing group accessories to the crime? With thousands of participants would it be very difficult to parse the transactions or impossible? Couldn't you still analyze the transactions and track down individual Bitcoin users that need questioning?

Step 2 in my method is supposed to combine all the unspent inputs into one giant input. That mixes all the coins together. Coins in the same address from different inputs are not necessarily mixed yet.

Bitcoin works with inputs, regardless of addresses. One address can have several unspent inputs, and this is going to be the case when many people send to one address.

Maybe I'm misunderstanding here, or am missing something:
Why the extra step to "send all inputs to one adress" and then split them up again?
As far as I remember, coinjoin does exactly the same thing you suggest, except it creates one huge transaction, where everybody throws inputs at it, defines new, "anonymous" outputs, and signs the whole tx when they are happy with the result. It's either all or nothing, the coins can't be taken in between. Also there is no central point whatsoever. Except, for convenience, a central point to organize all the people and inputs, outputs and the like.
I see a market for such a central point. TOR and anonymity would be fine too, an .onion address would in fact be helpful. I'd throw a small fee at it too.

Ente

that is sort of re-assuring. Maybe I could do this and charge 1.9%.

Like Satoshidice. Except you always win with 100% chance.

And it would still be fun. Heheheh.

This requires handing your funds over to some third party. Who then themselves learns the correspondence, which they could secretly log due to coercive pressure or just for profit. The activity might subject them to various oddball regulations about handling other people's money, and if they're the sort of organization which is hidden from the law— they'll also be hidden from the consequences of vanishing with your money, it makes for a good long con. The cost of gaining confidence would constitute a barrier to enter the market, keeping fees high.

The end result is that you have an "anonymization" service that mostly only fools and criminals would be very inclined to use and thus it wouldn't increase user's privacy a lot.

The point of this thread was to show that transactions could be made with defied and disrupted 'taint analysis' without putting your coins at risk in the hands of a third party, and to have a little fun in the process.

I haven't kept up with the coinjoin thread, but ... assuming people could trust either one individual or one entity or even 2-of-3 multisignature addresses, can a bunch of people just send coins to that one person, and he sends it to himself (consolidating all the unspent inputs into 1 output), then send them all back out to the same bunch of people (at different addresses), and this is effectively mixed?

Let me rephrase that in steps:
1. many people send coins to, for example you, 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB, wait 6 confirmations.
2. you then use some form of raw transaction or coin-control to get all the unspent inputs, then spend them all back to 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB, wait another 6 confirmations.
3. then you send the coins back to their original owners.

Of course, this method is flawed in that they (the people) have to trust you. But a service could do this and charge 1% or something, like blockchain or bitcoin fog used to (they really did mixing by not connecting users to each other.)

I've just made a detailed post about the privacy promoting uses of this technique.

None of this requires that the 'meeting' of the participants be synchronous.  You could happily announce your intention to form a mixing transaction into a long lived broadcast communication channel (gah, even a blockchain, though thats about the worst communication channel for this).   You connect separately to provide your outputs, and later to sign the resulting transactions. Of course, you must anonymize your communications channels— but the same is true for ZC, if a network observer sees you making the redeem they know who redeemed.

The primary limitation is that when the number of participants becomes high in a single joint transaction the failure (and retry) rate would become unacceptably high.  But you don't need enormous mixing operations since you can cascade them.  (How retries compare to systems that require serialization of mints and spends is an interesting question).

Good stuff. One of these anonymity/privacy/fungibility projects is going to be so successful that it will become the default because anything else is just too stupid to contemplate ... like a sharp knife is the default ahead of a blunt one, and all the evil hair-splitting and moral obfuscation of what money needs to be to work properly will be bad memories in the dustbin of history.

Toasting in epic bread.

Seriously, I love this idea and this community.

Huh??? How does a system that is based on meeting with others to forge a mix have anything to do with ZeroCoin? ZeroCoin allows you to add a coin to the mix at any time and pull it out later without the two events being connected by knowable links.

Yes, this transaction style can achieve some similar outcomes but it doesn't require computationally expensive / difficult to trust novel cryptography, and it doesn't require changing the Bitcoin network nor does it require an altchain. Not does it require a trusted initiator. And it should have much better scalability for small mixing groups.

On the flip side, making it into something useful to many people still requires a lot of development, and potentially a little bit of novel cryptography (e.g. even zerocoin itself) to prevent denial of service... but that stuff would be external to Bitcoin— just software the users need to worry about, not everyone. And it would handle large anonymity sets poorly, the practical limit is probably on the order of a hundred or so parties in a transaction... though funds could go through multiple levels of common sending.

I personally think joint transactions a much more realistic technology for improving Bitcoin privacy and preserving Bitcoin fungiblity than Zerocoin is, at this time.  Though zerocoin certainly is more crypto-mathematically exciting.  Though I suspect that people's lack of interest in techniques like this (note the date on the original post) suggests that people don't really consider the privacy/fungiblity problems as bad as the hype around ZC suggests they do.  Maybe if I'd given the thread a snazzy name like "INVISIBLE HAND" people would be more excited.

So basically you created another ZeroCoin, but working using obfuscation technique and easier to perform (without requiring a lot of code) ?
Is this brilliant or what ?

To solve that you need to layer on something to prevent DoS attacks.  There are a bunch of different ways to do that... but they all basically amount to schemes that in order to play you need to have some kind of valuable "identity" (might just be evidence that you paid a lot of bitcoin txn fees or donated to some charity). And if the mix fails you blacklist the identity that jammed it up and you restart. You can adjust how intensive the blacklisting is and how expensive the identity is based on how hard the mixing is being attacked.

Putting your bitcoin in the pool doesn't actually take it out of your control until the transaction is signed by everyone and announced, it's atomic— so if it gets jammed the bitcoin is still yours and you can simply spend it again— either in another attempted mix round or someplace else entirely.  (and spending a coin out from under the process is one of the ways someone might be jamming it, but thats even more reliably detectable than not signing)

Most recently I wrote this on the subject.

Did you ever find out about this, WiW?