Author

Topic: Paying Jack & Jill in same tx - do they see the other payee & change balance? (Read 792 times)

newbie
Activity: 23
Merit: 0
There is no description field in a transaction output.

You're quite right - I was mistaking the description field in the wallet as an integral part of the transaction record in the blockchain. It isn't.
hero member
Activity: 910
Merit: 509
Say Julie pays Jack and Jill 0.10 BTC each in the same transaction, from an address with 2 BTC in it. Can Jack and Jill both see that the another address got paid, and that Julie has ~1.8 BTC left over? Am I understanding that right?
Yes, Jack and Jill can see the other payee and change balance, that’s if they’re likely to follow the little process involved.

If Jack had the address that Jill was using to accept the payment, then he can head over to Blockchain to see if it has been credited, and same thing applies to Jill.

He can also do the same thing to know about Jack's. And for you they already see your balance if they click to view transaction in Blockchain. So the answer to your question is yes.
legendary
Activity: 3472
Merit: 4794
Generating customized addresses at the press of a button for each payer/donor, may be optimal from a transactional POV, and the technical know-how to do so may exist, but if I am not mistaken, today, it would be beyond the reach of an average fundraiser or barista.

There are already pre-packaged plugins for services such as WordPress. It will only get easier in the future.

My understanding was that the blockchain is all about the chain of transactions themselves, not what the transaction's purpose is?

Correct. For that matter there are no actual addresses used in the blockchain for payments. A payment has an output script. That output script was built using information taken from the address. If you know what address that output script was based on, and if you only gave that address to a single person for a single purpose, then the address is an easy way to identify who created the output and why.  As such, as an analogy, the address is much like an invoice number.

You could easily accomplish the business needs of identifying payers and transactions by asking them to include their invoice or customer ID number in the 'description' when sending a payment.

There is no description field in a transaction output.

Maybe that increases bytes and the transaction fee but not by much. If they forget, they don't get pie or get very stale pie after sorting out the oversight.

This has nothing to do with forgetting. There is no description field in a transaction output.

My sense is that the level of granularity that you are describing is typical of a smoothly functioning business, but trying to achieve that at the level of addresses would make it unattractively complex and unworkable, I would think, if anyone tried to do it today.

Most bitcoin accepting businesses already do this.  It's easy and wise to do so.  Repeatedly using the same address will cause a business to lose customers such as myself that would refuse to send my bitcoins to such a business.

For starters, there seem to be some very smart people here on this site, but I am pretty sure the bitcoin address on their profile page is not customized for each visitor to their page; it's exactly like Julie's flyer with a single address being served up to all visitors.

If you are talking about the profile page on this forum, then the forum unfortunately doesn't provide a method for users to do so.  Most of those "very smart people here on this site" would provide a new address for each visitor to their profile if the forum provided a way to do so. Some of us therefore refuse to put an address on our profile at all. Others begrudgingly put in a static address, while realizing that its making the best they can of a bad situation.

While I see the privacy enhancements that can come with adopting single use addresses, I would imagine there is a balance to be struck with effort+cost of privacy. If Julie were selling sex toys, say, then privacy becomes that much more important to her and to her customers. But if she were just passing around a collection plate, she may get nothing if the process is much more complicated than pulling out your wallet (the cowhide kind) and grabbing a coin or two (the metal kind) and tossing them in. Same for the go-go boys and topless dancers of tomorrow - scanning a QR code and picking a suggested donation amount on their phone is within the capacity of most people who are still not too intoxicated to walk and talk. Add more clicks to the process - there go the tips.

If I believe they aren't providing me a unique single-use address, then they won't get any tips from me at all.
newbie
Activity: 23
Merit: 0
If you don't want one of them to know the other got paid because it's top secret, then use a bitcoin mixer like Bitblender. Even using different addresses from the same wallet might be able to linked.

I will explore Bitblender and, not that I am trying to pay anyone but if I were paying two people, and don't want either to know how much the other was paid, the simpler way from what I gathered in this forum/discussion is to pay in two separate transactions using two different 'from' addresses.
newbie
Activity: 23
Merit: 0

I would argue that Julie should have a QR code that results in a link to a web page instead of just encoding a bitcoin address in the code.  The web page could provide more information about her fund raising purposes than a simple flyer, and could have a link or button that would generate a brand new unique address for every potential contributor.

Generating customized addresses at the press of a button for each payer/donor, may be optimal from a transactional POV, and the technical know-how to do so may exist, but if I am not mistaken, today, it would be beyond the reach of an average fundraiser or barista.

Quote
In general it is better to think of a bitcoin address as an invoice number instead of an account number.  At the technical level it operates much more like an invoice number. It is a unique number used to identify the purpose of a payment.

My understanding was that the blockchain is all about the chain of transactions themselves, not what the transaction's purpose is? You could easily accomplish the business needs of identifying payers and transactions by asking them to include their invoice or customer ID number in the 'description' when sending a payment. Maybe that increases bytes and the transaction fee but not by much. If they forget, they don't get pie or get very stale pie after sorting out the oversight.

My sense is that the level of granularity that you are describing is typical of a smoothly functioning business, but trying to achieve that at the level of addresses would make it unattractively complex and unworkable, I would think, if anyone tried to do it today. For starters, there seem to be some very smart people here on this site, but I am pretty sure the bitcoin address on their profile page is not customized for each visitor to their page; it's exactly like Julie's flyer with a single address being served up to all visitors.

While I see the privacy enhancements that can come with adopting single use addresses, I would imagine there is a balance to be struck with effort+cost of privacy. If Julie were selling sex toys, say, then privacy becomes that much more important to her and to her customers. But if she were just passing around a collection plate, she may get nothing if the process is much more complicated than pulling out your wallet (the cowhide kind) and grabbing a coin or two (the metal kind) and tossing them in. Same for the go-go boys and topless dancers of tomorrow - scanning a QR code and picking a suggested donation amount on their phone is within the capacity of most people who are still not too intoxicated to walk and talk. Add more clicks to the process - there go the tips.

Quote


It slightly increases the security for the recipient:

When you receive a payment to an address that has never been used before, that payment is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160).  The ECDSA public key is not available to anyone yet.

As soon as you spend a payment that was received at an address, the ECDSA public key is available to the entire world. Any other payments that have ever been received at that address in the past, or ever will be received at that address in the future will forevermore only be protected by the ECDSA algorithm.

Additionally, there have been poorly written wallets in the past that generated the transactions in such a way that after funding two transactions, both with bitcoins that had been received at the same address, it became possible to calculate the private key.  If there had never been more than 1 payment received at that address, then that bug wouldn't have resulted in the loss of any funds.  Unfortunately, the poorly written wallets also tended to encourage users to repeatedly re-use the same address for receiving bitcoins.

Most of that flew over my head, but I do recall reading some years ago about private keys being deciphered with sloppy wallets.  This has been an enlightening discussion, thank you, I learned a lot.
newbie
Activity: 23
Merit: 0

but technically you can create a new cryptocurrency, a government issued one if you will, and have that option in it. for example after LockTime, add a new 4 byte thing called ID that requires you to include an unique ID or even your IP address before signing the whole thing. i don't know who would use such a thing and what would be the point of it but i suppose it is possible. Smiley

Yes, I was talking about a new cryptocurrency issued by a governmental authority. I believe the Bank of England studied or is studying the practicality of issuing one. If BCH ends up being predominantly a Chinese cryptocurrency, it's not a far stretch to see the authorities coerce a "replacement" cryptocurrency that also builds in an individual ID trace. Or even if the US Fed issues one, if it ever gets there, any input from DHS and NSA will, I think, likely lean very heavily towards stripping anonymity out of the cryptocurrency - just the nature of the beast.
sr. member
Activity: 252
Merit: 250
Sure you could. You have the ability to see how much money as moved through any BTC address as well as how much it currently holds. Also, you are able to see the amount and to where BTC was moved to and from from different addresses using the transaction ID
sr. member
Activity: 532
Merit: 250
Say Julie pays Jack and Jill 0.10 BTC each in the same transaction, from an address with 2 BTC in it. Can Jack and Jill both see that the another address got paid, and that Julie has ~1.8 BTC left over? Am I understanding that right?

Essentially.

All records on the bitcoin blockchain is public to see. If Jack receives something from a transaction that has multiple recipients then he is able to see all the other recipients that got sent money, and how much.

Furthermore he can see how much tx fees you paid, the specific inputs that you used, etc. etc.

However there is really no way that he can be 100% sure that the 1.8 BTC wasn't sent to someone else, but rather sent to a change address if you do use change addresses. If you don't then yeah, everyone can see that to.

If you don't want one of them to know the other got paid because it's top secret, then use a bitcoin mixer like Bitblender. Even using different addresses from the same wallet might be able to linked.
legendary
Activity: 3472
Merit: 4794
I have a follow-up:

Why should Julie have used a separate address for each payment she received?  Julie is raising funds to pay for the education of people who ask silly questions about Jack and Jill, and while she may post flyers around campus, each with a unique QR code, each of those addresses will, she hopes, wind up getting multiple donations/payments.

I would argue that Julie should have a QR code that results in a link to a web page instead of just encoding a bitcoin address in the code.  The web page could provide more information about her fund raising purposes than a simple flyer, and could have a link or button that would generate a brand new unique address for every potential contributor.

In general it is better to think of a bitcoin address as an invoice number instead of an account number.  At the technical level it operates much more like an invoice number. It is a unique number used to identify the purpose of a payment.

By using a new address for every transaction received:
  • It is much easier to identify the purpose of each payment.
  • It increases the privacy of everyone involved
  • It slightly increases the security for the recipient

Examples...



It is much easier to identify the purpose of each payment:
  • Julie decides that as part of her fund raising efforts, she is going to take orders for her homemade apple pie at 0.01 BTC each.
  • Jason calls up Julie and tells her he'd like to buy 2 pies.
  • Julie provides Jason with a bitcoin address: 1LN7KU6tKM48dSc8pAyn96agBr7Y63Zgfz
  • Joe calls up Julie and tells her he'd like to buy 2 pies.
  • Julie provides Joe with the same bitcoin address: 1LN7KU6tKM48dSc8pAyn96agBr7Y63Zgfz
  • 20 minutes later, Julie receives a payment of 0.02 BTC to the address 1LN7KU6tKM48dSc8pAyn96agBr7Y63Zgfz
Who should she deliver the pies to?

Lets look at how that should have happened:
  • Julie decides that as part of her fund raising efforts, she is going to take orders for her homemade apple pie at 0.01 BTC each.
  • Jason calls up Julie and tells her he'd like to buy 2 pies.
  • Julie informs Jason that the pies will be delivered as soon as a payment is received at bitcoin address: 1LN7KU6tKM48dSc8pAyn96agBr7Y63Zgfz
  • Joe calls up Julie and tells her he'd like to buy 2 pies.
  • Julie informs Joe that the pies will be delivered as soon as a payment is received at bitcoin address: 1KNufj65JUNnHpYwNsEj52wfyaMkyqugzK
  • 20 minutes later, Julie receives a payment of 0.02 BTC to the address 1KNufj65JUNnHpYwNsEj52wfyaMkyqugzK
Julie delivers 2 pies to Joe.



It increases the privacy of everyone involved:

  • Julie receives dozens of donations each at a unique address
  • One of those payments is 0.21 BTC received with 1NoigAWxttwoK78L1BX1kdqdoCe9Tp2Rak.
  • Another of those payments is 0.12 received with 18GJ9cd4SNLsVjabDV5vhDqDYsf7UGxxvQ
  • Both senders used new addresses every time they received a transaction

Therefore, since Julie wasn't the one that originally sent those bitcoins to either of those donors, she has no way of knowing who the donations came from.  The only people that know how the donors got those funds are the donors themselves, and whomever sent the funds to them.  Those that sent the funds to the donors don't know anything about the donation addresses (since they aren't printed on flyers, and are unique to those donors), and therefore don't know that the funds were used to make donations to Julie. Additionally, neither donor knows anything about the other donor, nor do they know anything about the total funds raised by Julie so far.

  • A short while later, Julie makes the 2 payments you described in your original post
  • Jack and Jill each generate a unique address that they tell only to Julie
  • Julie uses the 0.21 BTC received with 1NoigAWxttwoK78L1BX1kdqdoCe9Tp2Rak to make the 2 payments (with a 0.01 BTC transaction fee)

Jack sees that he has received 0.1 BTC, and that 0.1 BTC went to another unknown address.  He doesn't know that other address is Jill's, and he has no way of knowing if that is a 0.1 BTC payment to someone else, or just 0.1 BTC change back to Julie. Jack has no way of knowing who donated those 0.21 BTC to Julie. Jack knows that Julie had at least 0.21 BTC, but doesn't know anything about any of the other addresses that Julie received donations at. He doesn't know if that was her last 0.21 BTC, or if she's sitting on 3,000,000 BTC in donations.

Jill sees that she has received 0.1 BTC, and that 0.1 BTC went to another unknown address.  She doesn't know the other address is Jack's, and she has no way of knowing if that is a 0.1 BTC payment to someone else, or just 0.1 BTC change back to Julie. Jill has no way of knowing who donated those 0.21 BTC to Julie. Jill knows that Julie had at least 0.21 BTC, but doesn't know anything about any of the other addresses that Julie received donations at. She doesn't know if that was her last 0.21 BTC, or if she's sitting on 3,000,000 BTC in donations.

The first donor knows that Julie has now accessed his donation. He does not know if Julie is simply moving some of the bitcoins to cold storage, or if she has paid someone. He has no way to know who the bitcoins went to, if anyone.

The second donor doesn't know that Julie has paid anyone anything yet at all



It slightly increases the security for the recipient:

When you receive a payment to an address that has never been used before, that payment is protected by 3 cryptographic algorithms (ECDSA, SHA256, and RIPEMD160).  The ECDSA public key is not available to anyone yet.

As soon as you spend a payment that was received at an address, the ECDSA public key is available to the entire world. Any other payments that have ever been received at that address in the past, or ever will be received at that address in the future will forevermore only be protected by the ECDSA algorithm.

Additionally, there have been poorly written wallets in the past that generated the transactions in such a way that after funding two transactions, both with bitcoins that had been received at the same address, it became possible to calculate the private key.  If there had never been more than 1 payment received at that address, then that bug wouldn't have resulted in the loss of any funds.  Unfortunately, the poorly written wallets also tended to encourage users to repeatedly re-use the same address for receiving bitcoins.

sr. member
Activity: 882
Merit: 297
this is what you see when you receive a transaction:



lets say you were waiting to get paid 0.1BTC and your address is 15z4u....
obviously you now know that 1FqxiUs..... belongs to person who was supposed to pay you (Julie).
you can never know who the other addresses belong to (this is what bitcoin anonymity means).

otherwise if you know 1CrEP9s... belongs to Jack and 3Q8euJ... belongs to Jill you can see they have also been paid. and you can guess that the only left address receiving the biggest amount (1Km5tu....) belongs to Julie (sender) and that is her change.

Perfectly answered the query what OP is having and i think after this OP dont have any doubt. When ever a Multi Address Transaction is done who ever is receiving the payment will know that the sender have sent to multi address , each one can only see the sent address but they cannot know who is the receiving address owner.
legendary
Activity: 3472
Merit: 10611
~
Why should Julie have used a separate address for each payment she received?  ~

https://en.bitcoin.it/wiki/Address_reuse

...
you can never know who the other addresses belong to (this is what bitcoin anonymity means).

otherwise if you know 1CrEP9s... belongs to Jack and 3Q8euJ... belongs to Jill you can see they have also been paid. and you can guess that the only left address receiving the biggest amount (1Km5tu....) belongs to Julie (sender) and that is her change.

Thank you, yes, I see the last part is where the veil can get lifted - when you can match an address to a person. So, in theory, you can break the anonymity if a digital currency is issued by governmental authority  and allows/requires embedding unique individual IDs into the receiving addresses as they are generated.

well that is not how bitcoin works. a bitcoin transaction has a clear structure and each part of it is clear: https://bitcoin.org/en/developer-guide#transactions
none of these has anything to do with individual ID.

but technically you can create a new cryptocurrency, a government issued one if you will, and have that option in it. for example after LockTime, add a new 4 byte thing called ID that requires you to include an unique ID or even your IP address before signing the whole thing. i don't know who would use such a thing and what would be the point of it but i suppose it is possible. Smiley
newbie
Activity: 23
Merit: 0
...
you can never know who the other addresses belong to (this is what bitcoin anonymity means).

otherwise if you know 1CrEP9s... belongs to Jack and 3Q8euJ... belongs to Jill you can see they have also been paid. and you can guess that the only left address receiving the biggest amount (1Km5tu....) belongs to Julie (sender) and that is her change.

Thank you, yes, I see the last part is where the veil can get lifted - when you can match an address to a person. So, in theory, you can break the anonymity if a digital currency is issued by governmental authority  and allows/requires embedding unique individual IDs into the receiving addresses as they are generated.
newbie
Activity: 23
Merit: 0

...

  • If Julie received it as several smaller payments, then why is she re-using an address? She should have used a separate address for each payment that she received.

...


Wow, that is a very meticulous, detailed, and thought-out reply!  To my embarrassingly sloppy and semi-articulate question. Nevertheless, your reply answers my question (and then some)  - which was if two people can see the components of a bundled transaction; yes, they can, and they can piece together more, based on who knew what and when.

I have a follow-up:

Why should Julie have used a separate address for each payment she received?  Julie is raising funds to pay for the education of people who ask silly questions about Jack and Jill, and while she may post flyers around campus, each with a unique QR code, each of those addresses will, she hopes, wind up getting multiple donations/payments.  

legendary
Activity: 3472
Merit: 10611
this is what you see when you receive a transaction:



lets say you were waiting to get paid 0.1BTC and your address is 15z4u....
obviously you now know that 1FqxiUs..... belongs to person who was supposed to pay you (Julie).
you can never know who the other addresses belong to (this is what bitcoin anonymity means).

otherwise if you know 1CrEP9s... belongs to Jack and 3Q8euJ... belongs to Jill you can see they have also been paid. and you can guess that the only left address receiving the biggest amount (1Km5tu....) belongs to Julie (sender) and that is her change.
newbie
Activity: 23
Merit: 0
... like my wallet where I have 0 balance but the truth is I have a balance in my wallet.

This is neither intuitive nor does it make sense. An address was created and never used and is empty; or if used, it has a transaction history that nets out to its current contents (0 or greater). What you are saying is that an address can hold greater than 0 but can be masked to show 0?
legendary
Activity: 3472
Merit: 4794
Say Julie pays Jack and Jill 0.10 BTC each in the same transaction, from an address with 2 BTC in it. Can Jack and Jill both see that the another address got paid, and that Julie has ~1.8 BTC left over? Am I understanding that right?

That depends.

To answer your question accurately, I'd need to know...

  • Does Jack know that Jill is getting paid in that transaction?
  • Does Jack know what address Jill is using?
  • Does Jack know how much Jill is likely to be paid?
  • Does Jill know that Jack is getting paid in that transaction?
  • Does Jill know what address Jack is using?
  • Does Jill know how much Jack is likely to be paid?
  • Did Julie receive the entire 2 BTC as a single payment, or did she receive it as several smaller payments?
  • If Julie received it as several smaller payments, then why is she re-using an address? She should have used a separate address for each payment that she received.

As an example...

  • Lets assume that Julie received the entire 2 BTC as a single payment.
  • Lets assume that Jack doesn't know that Jill is being paid.
  • Lets assume that Jack doesn't know that Jill gave Julie an address.
  • Lets assume that Jack doesn't know what address Jill would have given to Julie.
  • Lets assume that Jill doesn't know that Jack is being paid.
  • Lets assume that Jill doesn't know that Jack gave Julie an address.
  • Lets assume that Jill doesn't know what address Jack would have given to Julie.
  • Lets assume that Jill is using a wallet that sends change to a new address that has never been used before

Jack will see that Julie had access to 2 BTC.  He won't know if she has additional bitcoins on other addresses in other wallets. He will see that he got paid 0.1 BTC. He will also see that the same transaction paid another 0.1 BTC to an address, but he won't know whose address it is, why they are getting paid, or if it is just 0.1 BTC of change back to a new address in Julie's own wallet. He will also see that the same transaction paid another 1.8 BTC to an address, but he won't know whose address it is, why they are getting paid, or if it is just 1.8 BTC of change back to a new address in Julie's own wallet.

Jill will see that Julie had access to 2 BTC.  She won't know if Julie has additional bitcoins on other addresses in other wallets. Jill will see that she got paid 0.1 BTC. Jill will also see that the same transaction paid another 0.1 BTC to an address, but she won't know whose address it is, why they are getting paid, or if it is just 0.1 BTC of change back to a new address in Julie's own wallet. Jill will also see that the same transaction paid another 1.8 BTC to an address, but she won't know whose address it is, why they are getting paid, or if it is just 1.8 BTC of change back to a new address in Julie's own wallet.

sr. member
Activity: 546
Merit: 257
Say Julie pays Jack and Jill 0.10 BTC each in the same transaction, from an address with 2 BTC in it. Can Jack and Jill both see that the another address got paid, and that Julie has ~1.8 BTC left over? Am I understanding that right?

I think if Julie paid .10 each of Jack and Jill, 1.8 will be the estimating balance of Julie because there will always be a fee. Also, if you want to check someone's address, you can check the site of Blockchain.info. You can put their address and see it yourself, though there are timesthat it can't be seen in blockchain like my wallet where I have 0 balance but the truth is I have a balance in my wallet.
newbie
Activity: 23
Merit: 0
Say Julie pays Jack and Jill 0.10 BTC each in the same transaction, from an address with 2 BTC in it. Can Jack and Jill both see that the another address got paid, and that Julie has ~1.8 BTC left over? Am I understanding that right?
Jump to: