Pages:
Author

Topic: Stealth address with SX (anonymous payments) (Read 25919 times)

newbie
Activity: 42
Merit: 0
So no more stealth addresses?

Transactions
1GgcE5bj9ugzmWPc*************** to Sealth Address Data
                                                             1GFmtJKoYtG******************   address revealed
legendary
Activity: 1232
Merit: 1076
SX may release - stealth tools, EC commands, HD keys

See the tutorials on HD keys and stealth payments.

Code:
$ sx stealth-newkey
Stealth address: vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L
Scan secret: af4afaeb40810e5f8abdbb177c31a2d310913f91cf556f5350bca10cbfe8b9ec
Spend secret: d39758028e201e8edf6d6eec6910ae4038f9b1db3f2d4e2d109ed833be94a026
$ sx mktx txfile.tx --output vJmwY32eS5VDC2C4GaZyXt7i4iCjzSMZ1XSd6KbkA7QbGE492akT2eZZMjCwWDqKRSYhnSA8Bgp78KeAYFVCi8ke5mELdoYMBNep7L:100
Added output sending 100 Satoshis to 1BjqrpQqr4tY5YPQkL8aG7NGkFbTbiuVu.
$ sx fetch-stealth
ephemkey: 0276044981dc13bdc5e118b63c8715f0d1b00e6c0814d778668fa6b594b2a0ffbd address: 1DUhzP41otHNKijH4B6dZN1SRVuYJyYfrp tx_hash: 63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518
ephemkey: 024398667c6a11652ae80fe6370e140cc67d4f82fb8310122cdaddae1524dad9e0 address: 1Nw1EKu8Y6mPGhMGyrKPS9TZWDyTPLvi8a tx_hash: 6a6246ccc7cb9427efee85dd3c7b80164f8a61213a7ce357b8cfd3816f59aab9
...

Code:
$ SEED=$(sx hd-seed)
$ echo $SEED
xprv9s21ZrQH143K3YEx9tNjNtm6FJJHWuKRMmnXw42Eq6RiKt7oRpkKViHPJDnVvVZweqnjxEn6UsFLmztqCc5STduaMMGbwxgwMEkR8xM5wbK
$ echo $SEED | sx hd-seed | sx hd-priv 0 | sx hd-priv 0 | sx hd-priv 1 --hard
xprv9zShfTYMrPQdXBs1x4zYcf99DGyvykdvYxfdovarBZTh7RTZZ5vNgrdS4eQDPTxN9YnjSzfjVf6eWvEKuNubwLUoEYNg5cDfKp5RQVmYj2x

Code:
$ sx help
...
EC MATH
   ec-add-modp                Calculate the result of INTEGER + INTEGER.
   ec-multiply                Multiply an integer and a point together.
   ec-tweak-add               Calculate the result of POINT + INTEGER * G.

Install globally:

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ sudo bash install-sx.sh

Install locally (non-root):

Code:
$ wget https://sx.dyne.org/install-sx.sh
$ bash install-sx.sh usr/
legendary
Activity: 2053
Merit: 1356
aka tonikt
Probably, sorry.

I only read the highlighted text and I confused it with the argument which I read on a malign list sooner today, that "Bitcoin is a technology, which can and should be
embraced by people of any political affiliation" - and that argument was supporting Mr Google's projects.

Of course that it will be embraced by all kind of sociopaths.
But I don't like sociopaths. Smiley
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I think you maybe misread waxwings message.... We are on the same page.
legendary
Activity: 2053
Merit: 1356
aka tonikt
So what is your counter argument?  You want to change the core of bitcoin to allow intervention, politicization, reversibility? What?
The opposite.
Mr Google wants to change the core of bitcoin to allow censorship.
But, let's face it: he is too stupid to achieve this goal, no matter how hard he tries.

He may though achieve a goal of making hard to exchange some bitcoins, at some exchanges, that he had manged to "color" using one of his "innovations".
Except that this guy's achievements are not more innovations than PRISM. He must be very proud of his life's mission Smiley
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
So what is your counter argument?  You want to change the core of bitcoin to allow intervention, politicization, reversibility? What?
legendary
Activity: 2053
Merit: 1356
aka tonikt
Who would argue with this?

Me.
But it is not that "Bitcoin economy cannot have these layers".
Every society can have sociopaths - no question about it and we cannot help it.
It is just that I despise them and I'm not going to pretend otherwise. They do heir job - I do mine.
We will never be friends with Mr Google - it's quite clear by today.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Mike,
Re: defence vs attack (hmm am I still allowed to use that spelling?)

It's more subtle than that I think. What we have here is the issue of layering. In the world of banks, it is also the case that there is such a thing as irreversible payment. But it is hidden behind many layers and only accessible to the most powerful financial institutions. Even a SWIFT international transfer is pretty close to irreversible; but it is also heavily censored. That network can only be used if a big list of conditions are met. And above that layer are the real "hard money" layers (to the extent that any fiat money can be "hard"). Interbank settlement (often on a batch basis e.g. Euroclear and Clearstream) and RTGS (where it exists).

So the everyday experience is one of interacting with non-real time and reversible payments. Clearly the average punter wants to use that kind of system, including its time and cost payoffs, even if he's not aware that he does. Because he wants the right to get his money back, which he doesn't always get, but he does in the most clear cut cases of fraud.

There is no reason a Bitcoin economy cannot have these layers.

If people cannot be bothered with the complexities of hardware wallets etc. , then payment services can be provided to them fully featured. Bank accounts, fraud detection, insurance, transparency or privacy in whatever blend required. All of that is possible, and what's more with scripting Bitcoin can offer either more lightweight or cheaper or just out and out better versions of at least some of these features. The attack you refer to - whether it be by law enforcement or by all kinds of other agents, can occur at this level, and that's fine because everyone who joins that level buys into it.

But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

If you try to mix in those higher layers to the underlying protocol, you destroy it.

+1. Very well said.  Who would argue with this?
legendary
Activity: 1400
Merit: 1013
I see one of the fundamental problem as being deeper than Bitcoin.  Data security is being roundly attacked from all quarters, and Joe Sixpack is terribly outgunned.  This is unlikely to change for the better any time soon as almost all forces of consequence are against this happening.

There is also an unrelated problem that trying to make Bitcoin solve the 'realtime' problem (in order to make it a more exact replacement for cash) is trying to hammer a square peg into a round hole.  (IMHO) Both Mike's side and Justus's side make this same mistake albeit for probably very different reason.

A solution which I prefer, and have articulated for some time now, is to have the Bitcoin protocol provide a solid foundation upon which other solutions (either 'aspects of Bitcoin' or not) rest.  Doing so addresses:

 - the 'outgunned Joe Sixpack' problem by removing him from the equation (...at least until and unless he makes a totally welcome effort to insert himself via a secure paper wallet for savings or whatever and is willing to pay a fair price for the services offered.)  The entities who are left find the problem of fraud, theft, etc, quite trivial to solve because they are once a certain learning curve has been overcome.

 - the 'realtime' problem since the need for realtime behavior is drastically reduced.

 - the unmentioned scaling issues which are laughable absurd in the original implementation of Bitcoin (which persists to this day.)

One cannot really argue that is consistent to solve Joe's data security issues having some third-party help him out, but at the same time it is a viable objection that his economic activity on a 'sidechain' or 'offchain' or whatever is undue reliance on third parties.

One also cannot say that reliance on solutions which rely on core Bitcoin is not itself relying on core Bitcoin.  Yes, the reliance on 'true' Bitcoin may be attenuated, but it definitely exists and the attenuation itself can be a good thing in many real-world ways.
The economics of Bitcoin mining are all fucked up right now because we're still in the situation of the block reward being large and the transaction volume being tiny. Right now miners aren't in the business of processing transaction - the are in the business of minting new currency and also happen to do some transaction processing on the side. This is not sustainable in the long term.

Bitcoin is only economically viable in the long term if the network can pay for enough security, and ultimately this means miners should get most of the revenue from transaction fees, and the kind of fee revenue we're talking about would need come from a billion people performing transactions on the blockchain every day.

We can't get there, however, until there is a secure way for a billion regular people to hold their own Bitcoins.

Since PC security is probably irrecoverably broken, this means specialized hardware wallets.

As it turns out, there is a new ASIC industry whose ultimate fate is tied to the goal of a Bitcoin blockchain that serves a billion people per day. Before long, they'll figure this out and they'll all be in the secure hardware wallet business because they need those to exist in order to make their main mining hardware business viable.
legendary
Activity: 4690
Merit: 1276
...
But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

That is hardly 'priceless to everybody'.  To a lot of entities (and specifically those who have the reigns of control under our current monetary systems) the harm of such a solution would be extraordinarily high.

If you try to mix in those higher layers to the underlying protocol, you destroy it.

You don't say...

---

I see one of the fundamental problem as being deeper than Bitcoin.  Data security is being roundly attacked from all quarters, and Joe Sixpack is terribly outgunned.  This is unlikely to change for the better any time soon as almost all forces of consequence are against this happening.

There is also an unrelated problem that trying to make Bitcoin solve the 'realtime' problem (in order to make it a more exact replacement for cash) is trying to hammer a square peg into a round hole.  (IMHO) Both Mike's side and Justus's side make this same mistake albeit for probably very different reason.

A solution which I prefer, and have articulated for some time now, is to have the Bitcoin protocol provide a solid foundation upon which other solutions (either 'aspects of Bitcoin' or not) rest.  Doing so addresses:

 - the 'outgunned Joe Sixpack' problem by removing him from the equation (...at least until and unless he makes a totally welcome effort to insert himself via a secure paper wallet for savings or whatever and is willing to pay a fair price for the services offered.)  The entities who are left find the problem of fraud, theft, etc, quite trivial to solve because they are once a certain learning curve has been overcome.

 - the 'realtime' problem since the need for realtime behavior is drastically reduced.

 - the unmentioned scaling issues which are laughable absurd in the original implementation of Bitcoin (which persists to this day.)

One cannot really argue that is consistent to solve Joe's data security issues having some third-party help him out, but at the same time it is a viable objection that his economic activity on a 'sidechain' or 'offchain' or whatever is undue reliance on third parties.

One also cannot say that reliance on solutions which rely on core Bitcoin is not itself relying on core Bitcoin.  Yes, the reliance on 'true' Bitcoin may be attenuated, but it definitely exists and the attenuation itself can be a good thing in many real-world ways.

sr. member
Activity: 469
Merit: 253
Mike,
Re: defence vs attack (hmm am I still allowed to use that spelling?)

It's more subtle than that I think. What we have here is the issue of layering. In the world of banks, it is also the case that there is such a thing as irreversible payment. But it is hidden behind many layers and only accessible to the most powerful financial institutions. Even a SWIFT international transfer is pretty close to irreversible; but it is also heavily censored. That network can only be used if a big list of conditions are met. And above that layer are the real "hard money" layers (to the extent that any fiat money can be "hard"). Interbank settlement (often on a batch basis e.g. Euroclear and Clearstream) and RTGS (where it exists).

So the everyday experience is one of interacting with non-real time and reversible payments. Clearly the average punter wants to use that kind of system, including its time and cost payoffs, even if he's not aware that he does. Because he wants the right to get his money back, which he doesn't always get, but he does in the most clear cut cases of fraud.

There is no reason a Bitcoin economy cannot have these layers.

If people cannot be bothered with the complexities of hardware wallets etc. , then payment services can be provided to them fully featured. Bank accounts, fraud detection, insurance, transparency or privacy in whatever blend required. All of that is possible, and what's more with scripting Bitcoin can offer either more lightweight or cheaper or just out and out better versions of at least some of these features. The attack you refer to - whether it be by law enforcement or by all kinds of other agents, can occur at this level, and that's fine because everyone who joins that level buys into it.

But Bitcoin offers something else which is priceless to everybody - an intrinsically unpoliticisable base level of value transfer which is far more secure and far cheaper and faster than anything that came before - for those who choose to learn how to use it.
That can be used by individuals, corporations or governments whenever they choose to do so, because nobody can stop them.

If you try to mix in those higher layers to the underlying protocol, you destroy it.
legendary
Activity: 1526
Merit: 1134
Good to hear. Of course, you realize that the positions I have with Mastercoin, Dark Wallet, Coinkite, and others are advisory positions as well; as Chief Scientist/Chief Naysayer I am not involved in the day to day operations of any of these organizations.

Yes, I think you made that clear.

Quote
don't indicate any accusations of personal bias where I might be pushing ideas solely for the benefit of those paying me. So I'd appreciate it if you let Jeff know - I already did but some reinforcement of civility might be appreciated by all.

I think Jeff would be happy if you just noted those positions when advocating for things that those projects need/want/have asked for. Sort of like how people sometimes disclose share ownership in articles where they comment about companies and the like. Having interests is not itself a problem as long as things are transparent. I don't think it's a big deal, just best to be explicit.

In your case, you've advocated for things that only projects like Mastercoin really care about (or care about much). Whereas if Circle need anything from the wider Bitcoin community, they haven't told me about it. In fact we don't interact much. I've spent about a day with them in total since they first approached me, and most of that was review of their architecture and general discussion.

Quote
Along those lines, I've been working to diversify my income and clients sufficiently that would, say, Mastercoin fail I'd have no cause for concern. Similarly I've made a point of not taking significant investment positions in any of these currencies; currently the only non-Bitcoin crypto-assets I own in any significant quantity are about ~$3.5k worth of Litecoins, and ~$2.5k worth of Mastercoins, the latter only due to a misunderstanding about what compensation my contract with Mastercoin included. I'm strongly considering just selling off the latter entirely to maintain my independence, and either changing my contract or simply selling off future MSC as I earn them.

I think that's all good and useful to hear.

Quote
It's only reasonable to ask the same question of you: How is Circle compensating you exactly? Is implementing redlists/blacklists/tying transactions to real-world-identities in their plans? Are you going to financially benefit either directly or indirectly if technologies like that become a success?

A very small amount of equity (0.1%). It's not enough to have any influence on my decision making, in fact it's rather hard to estimate its value at all, given that I know little about their plans and am not in the loop except when they want my advice, which is rare.

What's more, they know that I am generally not in favour of "bitbanks" and other centralised Bitcoin financial institutions. They understand that my personal politics around decentralisation does not align much with their business plans, and we're both OK with that. I do not have to agree with a companies politics to answer questions for them.

If they have any positions on coin tracing then they haven't told me about it. I have been exploring those topics for a long time, since before Circle even existed, so you can rest assured that's all me :p.

The question on my mind is, to what extent is Bitcoin's chances of mainstream success harmed vs helped by a security strategy based entirely on defence? What we see today is a lot of thefts and hacks. Last time I wrote about coin tracing I was worried about extortion, that CryptoLocker might take off and become really big. That didn't happen thank god, but what we are seeing is lots of thefts and hacks. Although there's usually a plan for how to block such attacks, implementing them is slow work. Like, the "zomg chrome extension regexd my address" attack that came up a few days ago was predicted years ago, the TREZOR and payment protocol are all designed to stop it, but the effort required to defend against that is enormous compared to the effort required to do the attack. It's going to be a long time before the defence side really catches up to that but the malware is like 50 lines of code.

In the "offline world" a blended strategy is almost always used. Lots of defence, but then offence to target the attackers who get through. The Bitcoin world only uses defence. Hackers can try their luck against a hundred users and eventually succeed; there is zero risk involved. We've created a paradise for thieves; they can only win. Most people I know would consider that some kind of hell ... a world where they can work hard every day and then some pimply faced hacker the other side of the world just swipes their wages from them, and get away with it every single time. Especially when the victim blaming begins. They would consider the banking system far more just regardless of its failings, because people who try to steal get chased and a lot of them get caught (see how the Zeus guys ended up).

One can believe that a 100% defence based every-man-for-himself strategy is the correct and best solution, but don't be surprised or appalled when other people explore this topic and think about alternatives. Just argue that they're unnecessary instead.
legendary
Activity: 1792
Merit: 1111
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.

As I understand the sender can use the public key in one of the inputs to encrypt the nonce. So everything will be on the blockchain permanently, without occupying more space than a normal transaction
legendary
Activity: 3430
Merit: 3080
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.

Hmmm. Well, there is a fairly good design case for keeping money related uses separate to other blockchain information services. So, cash-like transactions provided by stealth addresses do really belong on the main chain, and not a sidechain. But if and when the sidechain concept becomes operational and useful, alot of the incentive to cram the main chain with every bit information of every block-squatting service becomes alot less. The mainchain will probably be more popular than ever at such a time, and possibly also be enjoying the benefits of the projects that aim to decrease it's density. These kind of circumstances may well provide the rationale for relaxing the arbitrary data amount per transaction.
newbie
Activity: 42
Merit: 0
Nice job. I didnt read all posts but...does anyone tested this? except OP ?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political


So if I own wallet A, and move some funds into wallet B1 and secretly give you the private keys to B (now B2) using SX, and then you buy something from a merchant at wallet C, there would an input-output transaction chain from A to B to C.

But going from b1 to b2 doesn't require any inputs or outputs?  Is it simply reusing the same key with a new address?


legendary
Activity: 4690
Merit: 1276
Tvbcof, So it sounds like you are saying SX lets you put money into a separate wallet and then essentially give that wallet to someone.

Justusranvier, your explanation sounds like it's more of an internal tumbler built into bitcoin.

But those 2 ideas sound like different things.

They are not all that different.  One can 'tumble' wallets, though it would be more accurate to characterize things as sending them to someone else through a (potentially) invisible wormhole.

Even if the wormhole is visible (and it theoretically could be ex-network unless one was very careful) it would explode the degrees of freedom in trying to analyze economic activity and hence the cost of doing so.

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Tvbcof, So it sounds like you are saying SX lets you put money into a separate wallet and then essentially give that wallet to someone.

Justusranvier, your explanation sounds like it's more of an internal tumbler built into bitcoin.

But those 2 ideas sound like different things.
legendary
Activity: 1400
Merit: 1013
Excuse my ignorance also, but how does the SX implementation of stealth addresses work, if it cannot work with Core client when limited to 40 bytes of arbitrary data in a transaction? Using these tricks that embed data in the transaction signature?
As I understand it the secret exchange has to happen out-of-band now instead of happening in the blockchain itself.

It doesn't kill the feature, but does make it less usable.
legendary
Activity: 4690
Merit: 1276
Thanks for the reply!

I do apologize for wading into a conversation
that is a bit over my head.

if I seem like a Doofus, you're probably right.
I'm miles behind many of you when it comes to
Bitcoin technical knowledge.

Still, I would like to learn more and why not learn
by asking questions -- that's what the forum is for.

The page https://en.bitcoin.it/wiki/Sx/Stealth
is somewhat minimal and I don't understand
why someone couldn't follow the inputs and outputs.


My 'doofus' comment had nothing to do with technical aspects or even Bitcoin.  I just sort of remember disagreeing with your sentiments on other political or economic bullshit or something.  I respect anyone who wishes to try to understand things from a technical level.

(I suspect that) one of the ways Bitcoin will be attacked is to attempt to use complex analytical techniques to map individuals to addresses (if not simply mandate it and dis-allow mainstream retailers from using Bitcoin unless addresses are mapped...the 'internet drivers license' discussions above.)

A matrix of mapped identities to addresses is a big problem, but nothing that people who have so-called 'big data' capabilities cannot handle.

SX (in my understanding of things) throws a huge monkey-wrench into the types of analysis that are most convenient, and probably have the potential to make certain kinds of analysis and mappings impossible.

As I mentioned in other notes, one of the most amusing things I saw at a Bitcoin convention a year ago was the expression on certain key figure's faces when they realized that an audience question was about exchanging private keys.  Normally such a thing would be dangerous (for one party at least), and that could have accounted for the alarm.  I tend to feel that the alarm was more associated with the thought of what that would do to taint analysis (which was, on that panel at least, very positively promoted as a no-brainer in 'fighting crime.')

What SX does (again, in my read of things) is systematically and safely allow exchange of values using the 'non-standard' method of using private keys.  It also does so in a way which loses some information which would be required in order to have a hope of repairing the user/value_transfer mapping.

Pages:
Jump to: