Topic: Will Bitcoin ever be as fungible as Monero? (Read 358 times)

No hash function is needed here. ECDSA private and public keys can be used instead. So, "a" and "b" could be just private keys, and "H(x)" could mean the public key created from the private key "x". Are there any security problems with that replacement?

Edit: Here, in case of public keys, multiplication may be better, because then without having "a" or "b" you don't even know that "a*b" is not some random key. And then, all that is needed is just sending coins to (a*b)*G, then someone with access to both private keys will be able to move the coins. But then, the question is: how this design is better than just 2-of-2 multisig? Especially when we also use Schnorr signatures and taproot here?

Of course, every user has the moral obligation to perform his transaction in the best state of the art form to preserve his privacy, and to fight back the perilous efforts to track them down put in place by governments their henchmen, namely the  chain analysis firms.

A good read about this matter:

A Treatise on Bitcoin and Privacy

My idea is that the implementation and the widespread use of all the bitcoin anonymising feature is an inarrestabile force.
How to deal with governments, who obviously can’t see those techniques tasca desired outcome?
Is the “all is traceable, bitcoin is not anonymous rethiric used by early bitcoiners now backfiring?

My hope is that the constant user adoption, the building of walled gardens where “government friendly actors” can safely operate (banks, investments funds, regulated derivatives exchanges etc), and the constant grow in the “Bitcoin Treasuries” will make the loss induced by a government ban on bitcoin simply too big for everyone.

If those privacy feature are Introduced cautiously enough, then there will be a critical mass in user adoption, the bitcoin will be so hard rooted in the economy that pulling the plug will be simply impossible.
Then bitcoin finally wins.

The closest it'll get is when Monero's team launches the atomic swaps between BTC and XMR. If you swap from BTC to XMR and back without leaving a fingerprint, think of that as an alternative to CoinJoins. Possibly a better one, in fact.

Bitcoin doesn't have the same main focus that Monero does. XMR is full-on devoted to privacy aspects of a currency, and props to them for doing that but Bitcoin should imho stay away from the privacy aspects of XMR.. if one of them falls, at least let the other stand up, right? Privacy's going to slowly become a thing closer to "criminality" than ever before, and BTC going that route might actually trigger a huge oppression against it.

The point is, it will never get consensus, especially if a hard fork is required. I don't think the Core developers themselves are in the same boat in this proposal.


The term "hack", for me, is good. A "hack" is a solution not thought of before.

Yeah that is why I have also said in my post that Bitcoin's blockchain is build like a public ledger but if we are talking about anonymity here I think there was a presence of it during its earlier launch when only a few people know it and use and the government never bat an eye for what they are doing during the early days, that is why people have a general belief that Bitcoin is anonymous and is also popular in the dark web as a payment method. It has no affect on Bitcoin there is no arguments with that but what the government is doing is affecting the users of Bitcoin because like I said there general belief is that Bitcoin is private but with what the government is issuing with their laws and regulations it is slowly fading away.

OP, NEVER, and Bitcoin doesn't need to be in my opinion. We don't need the additional blockchain bloat through the implementation of ring signatures, and other hacks by the Monero developers. Plus the hard forks necessary? Out of the question.

>It has always been offering a good level of privacy to users while the users sometimes decide to void that privacy by willingly linking their identity to their bitcoins.

I think the default level of privacy is poor. The reason is that people think of Bitcoin transactions as being non-interactive. The sender just sends some money to a receiver.

To avoid address reuse, one must go to the trouble of making transactions interactive. Namely, first have the receiver present a fresh address to the sender. In many cases this interaction is not even feasible. E.g. when asking for donations in Bitcoin.

So many payments end up reusing addresses, resulting in poor privacy. What you describe as willingness to link their identity to their bitcoins, is more often just unwillingness (laziness) or inability to unlink their identity from their bitcoins

Bitcoin has never been anonymous and it has never changed direction. It has always been offering a good level of privacy to users while the users sometimes decide to void that privacy by willingly linking their identity to their bitcoins. What governments are doing are also affecting exchanges and other centralized entities while having no effect on bitcoin itself.

this is exactly the trade-off at hand---fungibility vs liquidity---and it's why bitcoin is best off finding a middle ground.

bittrex just announced they'll be delisting monero, among other privacy coins. they're one of the largest exchanges in the world by volume/balances held. bithumb did the same last year. so did some european, australian, and japanese exchanges.

this is obviously not a black and white issue.

The optionality is a double edged sword though. If private transactions don't become more common, exchanges will become ever more biased in favor of non-private transactions as regulations get stricter (ie. more likely to freeze and audit funds from private inputs), endangering fungibility. From a handful of posts that I've seen, that might already be the case to some extend.

On the other hand being fully opaque might become a liability eventually. I would not be surprise if at one point exchanges will be forced to delist privacy coins due to further regulatory tightening.

Bitcoin is in fact headed in the opposite direction as it is now being adopted by a lot of people the government is trying to catch up with their rules, regulations, and laws that will most likely remove the anonymity of Bitcoin if they haven't done it now. Before maybe you can send a huge amount of Bitcoin anonymously without using a mixer but now you'll be flag with these kinds of transaction especially if you are using a custodial wallet which these companies are known to help the government. If you are thinking that Monero has some kind of special exemption because of its anonymity in nature then think again since right now the government is even offering a cash reward just to help them figure out a way on tracking transactions happening with Monero. Bitcoin is one of the unlucky few since its Blockchain is built like a digital public ledger and not some kind of secret book where only a few can see.

As an example for how feasible and accessible is anonymity and privacy in bitcoin I'd like to introduce you to an elegant concept presented by a newbie in bitcointalk two years ago, to which I was honored to contribute as well as another newbie account who made an excellent contribution too.

The idea is swapping coins using a homomorphic hash function that allows users to claim funds without disclosing a shared/common secret ever!

It is the thread: Anonymous Atomic Swaps Using Homomorphic Hashing

Interestingly you can observe that  how sharing ideas and collaboration makes it possible to do fantastic jobs when everybody is welcoming and humble enough to share and to learn. As far as I am concerned, this proposal is finalized and ready for implementation and provides the basis for serious improvement in bitcoin anonymity and privacy.

Edit:
For those who may be lost in the mathematical details:

Suppose we have support in bitcoin (and for swap purposes in another coin, Xcoin) scripting language for a secure hash function H which is homomorphic in the sense that:
 H(a) + H(b) = H(a+b)  //---> homomorphism


Two chains (two coins) anonymous atomic swap use case
1- Alice privately chooses secret a calculating:
h_a = H(a)

2- Alice privately sends h_a to Bob offering a swap for her bitcoins with Bob's Xcoin

3- Accepting the trade, Bob chooses secret b calculating:
h_b = H(b)
h_s = h_b + h_a

4- Bob generates an HTLC transaction tx_B locked on h_s and publishes it on the Xcoin chain.

5- Bob privately sends h_b  to Alice along with the id of tx_B.

6- Alice verifies that h_s which tx_B is actually locked on is the sum of h_a and h_b.

7- Alice generates an HTLC transaction tx_A locked on h_b publishing it on bitcoin blockchain.

Now for Bob to claim his bitcoins he needs to reveal the secret b, letting alice to compute a+b and use it as the secret necessary for claiming her Xcoins.

The point is that the secrets used to claim bitcoins and the one used for Xcoin are not the same, so there is no way for third parties to track down the relation between Alice and Bob.

Chip Mixing in bitcoin
The protocol can be used as a path for swapping coins anonymously on the same chain where both parties' roles are played by one person, some considerations about tracking down the path using similar amounts should be taken into account while there is potential for making regular transactions by multiple independent users synchronized loosely that can help with anonymization very effectively.

Dash is just an outright scam.  Coinjoin was invented on Bitcoin and doesn't need any protocol features.  All the dash authors did was take something you could already do on Bitcoin and use it as a marketing sales point to dump an instamine on the unsuspecting public.  At least they stopped using my name to promote it (though there are a couple other shitty altcoin scams trying that game currently).

Recently they decided to be honest about it, when it was in their interest to do so.

On topic,  I expect bitcoin will continue to become more private over time as it becomes possible to do so without severe trade-off for those who are less interested in privacy.

The idea of Dash was originally to be a privacy-oriented coin. Their CoinJoin modification is called PrivateSend, but that feature is optional.  
Even their development team isn't claiming it offers 100% anonymity. The transactions are more difficult to trace, but not impossible. One of there team members said:

Source: https://cointelegraph.com/news/dash-should-not-be-considered-a-privacy-coin-dash-team-says

I have read recently about how Dash (also a coin that its transactions can not be traced) compared Dash to Bitcoin. What I will first comment about is that coins (monero, dash and zcash) that can not be tracked will only later be a safe haven for criminals in a way money launderers will make use of it while terrorists will later resort to it to finance terrorism because it is not a traceable coin.

https://bitcointalksearch.org/topic/m.54121333

Bitcoin Privacy Model ¹

If you check both diagram, there should be ways people can still be able to trace fraudulent transactions, this can be known for bitcoin (privacy coin), but will be difficult for anonymous coin like monero and dash which is even practically impossible to be traced.

Bitcoin has ever been the best not even better because better is an understatement, it is the real privacy coin that fulfills what people needs, that is why it can not get banned by governments of most countries unlike anonymous coins like monero that has been facing challenges of being delisted from many exchanges.

Will Monero ever be as scalable as Bitcoin (with txs being an order of magnitude larger, and full nodes unable to forget everything about spent outputs) ?

Or ever have a fully auditable supply?

Is bitcoin not being private just a "temporary" thing or will it never be as private as Monero?