Pages:
Author

Topic: payment with a message (Read 2740 times)

legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
March 30, 2012, 01:55:49 PM
#25
  • This does not belong in the block-chain.
  • Money Service business Guidelines Require information about the sender (including "name, address and, if any, the account number or reference number") to be included in the transaction. International SWIFT MT 103 message transfers are excluded. It is not clear (to me) if simply relaying transactions on the network makes you a MSB.
  • Including the above information in the public block-chain would likely violate Canadain Privacy legislation.
  • Given that Bitcoin may be considered illegal in many jurisdictions at some point in the future, we should keep it technically infeasible to include such information in the block-chain.
hero member
Activity: 798
Merit: 1000
March 30, 2012, 07:12:37 AM
#24
Allowing (or at least making standard) a small hash in a transaction would encourage merchant to just use a single address instead of forcing them to use a different address for each transaction. If the hash is too small, it then becomes possible for someone other than the sender of the transactions to impersonate the customer and convince the merchant to "refund" the transaction to their account.

I still don't get it. You make a transaction with a merchant with a hashed receipt in the transaction. This receipt lets the merchant know which payment this is. Refunds will still be handled over the internet as usual and the customer can provide a payment address. There is nothing that a birthday attack on 18 quintillion can accomplish here. This hash is not being used to convince anyone of anything, it is only informative. Perhaps if the transaction were completely anonymous like a silk road purchase (lol refunds) there might be some remote issue here, but the would-be attacker would have to somehow know everything about the existing transaction and somehow intercept communications between user and merchant, and even then all they would have to do is replace the payment address, no attack on the hash required.

Quote
Under the current coin-selection rules used by most clients, this is only presently the case. A business could, instead, make their payments in chunks to several different addresses over several different transactions over multiple days. All except for the last transaction wouldn't contain a change output. However, the other transactions could also include a fake change output that really also just goes to another one of the addresses of the person they're paying, another one of their own wallets that would never again be mixed with the receiving wallet, or even better, someone else that they have to pay.

With such a setup, the most you can learn about are the other transaction outputs that were combined with yours. Even then, they don't even need to do that and just send each output entirely to another unique address.

If you spot any holes in this, I can think of ways to complicate it further.

Businesses are just going to love having to hire someone to configure their bitcoin transactions. Anyways, all it takes is a few legitimate purchases every so often by the company trying to spy, and then if the payment receiver decides to combine inputs that includes one of those purchases, the spy has a direct link. How is a business supposed to make sure everyone they send payments to will be as thorough as they are? The weakest link in the chain and all. And this does bloat the blockchain if every business works this way. Every small transaction can never (or not often) be combined with another lest obscurity be broken for the previous payer. Once lots of transactions are combined into one, that is only one input that need be in the merkle tree. If every transaction stays separate, all inputs must be maintained. Businesses must keep massive amounts of payment wallets for everyone they work with. It is not very elegant.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
March 29, 2012, 11:26:57 PM
#23
derp, you're right, but there is still essentially nothing gained in anonymity, so why bother

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa


I'm the one who added 0.0424242 BTC to the Genesis Block. It's a message. It's my way of thanking Satoshi Nakamoto pseudo-thrice for providing the Ultimate Answer to the Ultimate Question of Life, The Universe, and Everything--Bitcoin.

~Cackling Bear~
legendary
Activity: 1204
Merit: 1015
March 29, 2012, 11:05:48 PM
#22
Someone other than the sender of the transaction can usurp him.

I don't get it.
Allowing (or at least making standard) a small hash in a transaction would encourage merchant to just use a single address instead of forcing them to use a different address for each transaction. If the hash is too small, it then becomes possible for someone other than the sender of the transactions to impersonate the customer and convince the merchant to "refund" the transaction to their account.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.

How does it become impossible? Because it's more obscure? Anyone who wants to partake in bitcoin industrial espionage is not going to have much difficulty following the money. I think the unfortunate eventuality is that businesses will be forced to use bitcoin "banks" that will effectively hide any data specific to them. There will have to be an abstraction layer from the protocol itself. Otherwise the possibility of learning too much about their private data will always be a possibility.
Under the current coin-selection rules used by most clients, this is only presently the case. A business could, instead, make their payments in chunks to several different addresses over several different transactions over multiple days. All except for the last transaction wouldn't contain a change output. However, the other transactions could also include a fake change output that really also just goes to another one of the addresses of the person they're paying, another one of their own wallets that would never again be mixed with the receiving wallet, or even better, someone else that they have to pay.

With such a setup, the most you can learn about are the other transaction outputs that were combined with yours. Even then, they don't even need to do that and just send each output entirely to another unique address.

If you spot any holes in this, I can think of ways to complicate it further.
hero member
Activity: 798
Merit: 1000
March 29, 2012, 05:40:25 PM
#21
Someone other than the sender of the transaction can usurp him.

I don't get it.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.

How does it become impossible? Because it's more obscure? Anyone who wants to partake in bitcoin industrial espionage is not going to have much difficulty following the money. I think the unfortunate eventuality is that businesses will be forced to use bitcoin "banks" that will effectively hide any data specific to them. There will have to be an abstraction layer from the protocol itself. Otherwise the possibility of learning too much about their private data will always be a possibility.
sr. member
Activity: 504
Merit: 250
March 29, 2012, 05:17:33 PM
#20

Clearly this requires a different way of using bitcoin than we currently do, but it is closer to how Satoshi envisioned it (the currently deprecated send-to-IP system was how he intended transactions to take place, not via send-to-address). Still, I believe this is how transactions will happen at some point in the future.


A similar thought pattern let me to make the Friendly address proposal. The address server is always online and records any transaction requests along with their metadata ("payment message"). This info has no place in the blockchain. An interesting twist would be to make the address server responsible for broadcasting the transaction.


Quote from: Eltase2
Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.
donator
Activity: 2058
Merit: 1054
March 29, 2012, 04:55:09 PM
#19
It needs to be impossible to fake.
what would be gained by faking a transaction message? All it needs to do is let the receiver tie a transaction to a purchase.
Someone other than the sender of the transaction can usurp him.

ok broseph if you want to believe having a different address for every transaction you receive adds some significant amount of anonymity go right on ahead
Using different addresses helps casual anonymity. For secure anonymity you need mixing transactions.
hero member
Activity: 798
Merit: 1000
March 29, 2012, 04:38:07 PM
#18
ok broseph if you want to believe having a different address for every transaction you receive adds some significant amount of anonymity go right on ahead

I don't understand why you are so mouth-foamy about bitcoin
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 29, 2012, 04:35:02 PM
#17
So I often claim? I've never claimed that before. And I believe I said it works for private individuals, but not businesses. When and if satoshi decides to crash the market for his big payday, you will certainly be able to link many of his public keys.

Will you? 

Or is it someone who bought coins off Satoshi and hundreds of other early adopters over the course of years? 
Or was it actually Satoshi who moved coins around making it look like someone else acquired coins off him and other early adopters for years?
hero member
Activity: 798
Merit: 1000
March 29, 2012, 04:31:33 PM
#16
It needs to be impossible to fake.

what would be gained by faking a transaction message? All it needs to do is let the receiver tie a transaction to a purchase.

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa


So I often claim? I've never claimed that before. And I believe I said it works for private individuals, but not businesses. When and if satoshi decides to crash the market for his big payday, you will certainly be able to link many of his public keys.
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 29, 2012, 04:29:08 PM
#15
derp, you're right, but there is still essentially nothing gained in anonymity, so why bother

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

hero member
Activity: 798
Merit: 1000
March 29, 2012, 04:24:48 PM
#14
derp, you're right, but there is still essentially nothing gained in anonymity, so why bother
donator
Activity: 1218
Merit: 1079
Gerald Davis
March 29, 2012, 04:23:28 PM
#13
forget about donations, how about running a high volume business? A business simply cannot use a different address for each transaction via common sense. If they are ever going to pay for anything, hundreds or thousands of addresses would be combined into a single transaction costing them lots of money in tx fees. Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.

Paying with 1000 inputs from one address is going to have the same size and face the same fees as it would if you paid using 1000 inputs from 1000 addresses.

Bitcoin works on inputs and outputs.  Ultimately no matter how many addresses are used same # of inputs = same size.
donator
Activity: 2058
Merit: 1054
March 29, 2012, 04:23:05 PM
#12
@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

32 bytes is way overkill. 8 bytes would be more than sufficient. That is 18,446,744,073,709,551,616 possible hash values, unlikely a hashed receipt or message would incur a collision. And it would also be large enough for a reasonable transaction number.
It needs to be impossible to fake.
hero member
Activity: 798
Merit: 1000
March 29, 2012, 04:20:30 PM
#11
While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.

forget about donations, how about running a high volume business? A business simply cannot use a different address for each transaction via common sense. If they are ever going to pay for anything, hundreds or thousands of addresses would be combined into a single transaction costing them lots of money in tx fees. Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.


@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

32 bytes is way overkill. 8 bytes would be more than sufficient. That is 18,446,744,073,709,551,616 possible hash values, unlikely a hashed receipt or message would incur a collision. And it would also be large enough for a reasonable transaction number.
sr. member
Activity: 308
Merit: 250
March 29, 2012, 03:59:47 PM
#10
The simplest way to do this is to SHA256(message) and then send 0.00000001 BTC to this new address in same transaction as your payment.
legendary
Activity: 1072
Merit: 1181
March 29, 2012, 03:19:01 PM
#9
@Meni: I could probably live with a hash of some message being attached to the transaction itself, but I'm still unconvinced it is necessary.
donator
Activity: 2058
Merit: 1054
March 29, 2012, 02:24:05 PM
#8
@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

The amortized cost of storing 32 bytes forever by all nodes is not very high, and can be covered by transaction fees. If anything, we may want to look into how to spread the transaction fees over more than just the first miner.

The receiver can't do anything anyway without the entire network being aware of the transaction (it could be deferred until he wants to spend, but still required), so I don't see the advantage of directly sending transactions.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
March 29, 2012, 01:58:05 PM
#7
While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.
If it is the type of donation that requires documentation, then the benefactor can use an app or service that generates unique addresses.
hero member
Activity: 531
Merit: 505
March 29, 2012, 01:04:55 PM
#6
While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.
Pages:
Jump to: