Topic: I taint rich! (Raw txn fun and disrupting 'taint' analysis; >51kBTC linked!) - page 4. (Read 22780 times)

I love it!

Ente

Three anonymous-to-me parties collaborated to produce the transaction spending vout:6 on my last list of outputs (I got directed to a pastebin and asked to sign the content).

Another mystery transaction vout:4 was passed through multiple anonymous parties chinese-whisper style to me.

... and a new record: 50kBTC which spends vout:0.

Just a gentle reminder to everyone: playing with raw tx could be very dangerous. You may end up in paying a huge amount of fee (eg. https://bitcointalksearch.org/topic/resolved-111-btc-as-fees-dont-do-raw-txs-when-youre-tired-135665 ). Triple check before and after you sign anything. Quadruple or quintuple check if you are playing with 40k BTC

Yes, it's not new— In fact, I made the first one of these transactions in 2011.  But it's also not widely known.... not widely used enough that people attempting taint analysis get big obvious failures that make them question their premises.

This is essentially: http://blog.ezyang.com/2012/07/secure-multiparty-bitcoin-anonymization/

Welll the application is that websites like blockchain.info post analysis for everyone to see— screwing up the privacy of Bitcoin in practice.  I don't have much need for anonymity, but not having everyone from your nosy neighbors to random thieves knowing all your financial activity is both a matter of human dignity and basic safety.  The basic design of Bitcoin should be reasonably private if used right, but people frequently reuse addresses and do other things that gum it up.

Making joint payments can reclaim some of that privacy (but I'm far from convinced that it would thwart serious forensic analysis) and also reduce the total number of transactions being made. 

Besides, there are already many mixers:  But the issue with them is that they're centralized services. When you deposit your coins there is a risk the operator will steal them (or get them stolen). They charge fees... and the operator may be spying and recording all the linkages anyways. With those kinds of properties they're services which are less useful for casual privacy— and only really attractive to the kind of nefarious activity which I don't endorse.

Joint transactions can also be used to have people securely pool funds to pay for common work.  E.g. "I'll post pics with a shoe on my head if y'all raise 10 BTC" and other neat things especially when you factor in the other scriptsig types.

This is an interesting idea.

Is there a legitimate usage for a bot like this besides confusing taint analysis?  I'm not sure if you guys really care at this point or even at all, but running software designed essentially to launder coins sounds like it could potentially get someone in trouble.

Ideally it should be some meeting point over TOR so that there is no incentive to try to record IPs.  Though I'd prefer instead of opportunistically swapping that it rather had lots of people indicate an intent to swap, and then when you want to make a transaction, you'd jointly create a swap and pay transaction. This avoids bloating the blockchain with a bunch of pure swapping and would further improve privacy as you wouldn't know _which_ outputs were swapping and which were payments.  Payments to common anonymous donation addresses could even be merged.

I am thinking of this as a program that runs all day and night and promiscuously finds random swapping partners, repeatedly swapping coins as soon as they meet a minimum threshold for confirmations. I suppose if such an application wants a dependency on a pastebin site that doesn't mind being polluted with transient traffic and doesn't require a captcha, it would work.

Such traffic could be broken into multiple IRC messages to avoid need for pastebin. It could also do direct client to client communications.

I <3 bitcoin

69d9d66aae4812b6cf156f32267b773fb2118db696bb847ebd3454a198b59fbd

I've handled pricy assets before, but perhaps thats the most I've ever had move on a single keypress. Very cool.  I'll have more outputs up in a minute.

Okay, new coins (sorry for the delay, to get a txn that paid the same address several times I had to write it entirely by hand):

txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 0 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 1 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 2 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 3 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 4 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 5 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 6 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 7 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 8 1BTC
txout: d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59   vout: 9 1BTC

Pick one which is unspent (either look at d127a741 on a block explorer  or on Bitcoin-qt 0.8 (development version) run
gettxout d127a741660be02c01855c679ff8de7755bb6c2b2ceaa4848e02b14f4f0aae59 n

 
Anyone else who wants to be associated with 40k BTC is welcome create a tx using the output of the above to 1B5kWfMmX1rKSwwHhwiiMxjfRRv5o7ZE4p

2409f355c8910721fbbb5c54a01b8f9c692cfb292c3b4f7baf5b8151e44fef21 is the first accepted offer, this one received over GPG-email. Accepting it was a no-brainer: It made a clever and quite generous 10 BTC multi-signature donation the developers.  I've updated the message to  indicate bbeacff94c2d20df8eb4e5556b38977863b4548c79105b10da943cd2eecddd80:0 (also 1 BTC) as the new output of mine to spend.

Loaded: Slightly too slow, 1d7b37fa is now spent.  Compute and sign your very impressive transaction again with bbeacff.

I'll bite.

0100000003c8e2c94e9683ca5ca81d5b971aa518b4cae10c3eff0dbc2128ecdc1e2f2bf67500000 0006c493046022100b1c9911292829374b5e2f82f60060738026714a91de56a38e5d208032348ac 53022100b214c658dd9951dbe9b9f62a2d7ec31370587fc0d09a27788b16d41acd2a7099012102f 115baf06dd46062573d2b929e243bbc798db8c1fb6b04a324fe05063786d02affffffffd3161114 e547413ac20be8f22a4bd3cfe8d7a04ae3bae9a744799414b77fcefd010000006c4930460221008 94c0a5fb790c7de900c6ee74c82fbf946f2409a015f0969e9ce7aaac1a00ae902210099f7d383ef 8dc56346fe2259f9ab94fdef90d568960ad6e0ac70a43f0d980ff3012102f115baf06dd46062573 d2b929e243bbc798db8c1fb6b04a324fe05063786d02affffffffb58749a8dfc5502647062e6d01 05f65b8c7c58252f0853b7260bd01ffa377b1d0000000000ffffffff02286a7254a30300001976a 914aa530a61909a9c2959b52415a211926a53ab37e088ac68b9e304000000001976a91465a03428 5ca12eebfbd533cb013f1394ee11d4f888ac00000000

How to become MtGox: Send e.g. 1 Bitcent to a completely new address, then send half of that + some other change from one of your other addresses to one of your regular ones (or another new oine) and let the other half bitcent be imported to MtGox via the import private key feature. This would make it seem as if MtGox (who probably swipe that half Bitcent asap, most likely together with some other coins) now also owns all of your other addresses...

This should work anywhere that lets you import private keys and subsequently transfers coins off these keys.

Anyways, I guess by doing stuff as you proposed, you just make it a bit harder again, but not impossible to still cluster addresses.

A transaction can have multiple outputs— e.g. when you send some coin to someone and send the rest back in change, or when you pay multiple parties at once. Vout is just an index— in createrawtransaction it indicates which of potentially multiple outputs are being spent.  In the decode you see the indexes of the newly created outputs.

Yes, if threre are multiple addresses there its a multisig output.

If you mean script OPcodes: https://en.bitcoin.it/wiki/Script  if you mean the console commands— run help or help .

Thanks for the howto

I have a few questions:

* What exactly is the meaning of the Vout (Value out?) integer? In the input part of the transaction you specify the vout of your input based on the output of 'listunspend' so I guessed it was a local (wallet specific) identifier however we also specify the vout of your input (as 0) and if this was the case there would be no way to know that. Finally, for the decoded transaction we see that the output after the transaction is signed, broadcasted and added to a block, is also called vout to make it a little more confusing

* Each output in the vout of the decoded raw transaction has an array of addresses (in the example the arrays of both outputs have length 1). Does specifying multiple addresses in this array create a multi sig output? If not, what would it mean?

* Finally, I have never been able to find a quick and easy explanation/howto/whatever of all (or at least the most important) OP Codes. If this exists somewhere I'd love a link.

Thanks, this is very interesting.

gmaxwell and his tx pyramid schemes...

The only reason is privacy— making a joint transaction hides ownership but if the pastebin is made public that sort of undoes the effect.  For a fun project like this it may not matter to you— e.g. my 1GMaxwell address is very public.  But if you don't want people to know that you own 100,000 BTC then you wouldn't want to post the txn under your name. If you send it to me anonymously then even I won't know.

Why bother encrypting it?