Topic: Will the Stealth BIP (Bitcoin Improvement Proposal) ever be done? (Read 7163 times)

When I first responded to this thread DnT was the OP.

I don't know who DeathNTaxes is (if that is, or was, actually a bitcointalk user).  I'm not here all the time.   If it was, I'm not the reincarnation of whoever that was.

The emphasis of my posts (in the latter part of this thread) is that there is a simple process that you can go through if you

(a) have an inquiry about BIP 63 status or when it might be written, or
(b) want to contribute (though I think the funds available for it are ample if I'm not mistaken)

either way, then..

Just contact evoskuil (the evoskuil on github) as I mentioned in my prior comment.  It's not hard.  His PGP is shown on his Github page.
In case reminder is needed for why evoskuil is the right person to contact, please see:
https://github.com/bitcoin-dot-org/bitcoin.org/pull/1129#issuecomment-155680014

A preliminary version of BIP 63 is here: https://github.com/genjix/bips/blob/master/bip-stealth.mediawiki

More historical details can be seen earlier in the thread.

Cheers

I should get a new name. People don't seem to respond well to this one.

So ABISprotocol is the new name for DeathNTaxes.

When has it ever been fortunate or convenient?  Two words.

NEH

(&)

VAH

This is why those who actually do anything about it should be supported.

Meanwhile if someone would like to contact evoskuil (see my above comment) on this, that would be great.  Thank you.

The timing of anything to do with Bitcoin that includes the word "stealth", seems most unfortunate at the moment.

Suggest that someone connect with evoskuil due to that he has indicated in the recent past that he has BIP 63 on his todo list -- his PGP details are at https://github.com/evoskuil

The funding situation has changed since Peter last spoke. Friendly bump?

Brief update / additional info:

See https://github.com/bitcoin-dot-org/bitcoin.org/pull/1129#issuecomment-155680014

Done

Thanks, looks like there is already a post made by someone on the unsystem forum found here-

https://forum.unsystem.net/t/finishing-bip-63-stealth-addresses/546

No responses in 4 days....

but if you can email Amir and show him the links it would be better.

I'll post a link to this portion of the discussion to Unsystem mailing list with cc to Amir with a request for a reply from Amir back to this forum.

I agree that Amir would be the second most appropriate person to pick up on Todd's contribution as Peter has more important priorities now. He has been scarcely heard of lately however. If someone can get ahold of him and see if he has the time I will do my part to help donate money and organize a campaign to fundraise a salary to cover BIP63 being formalized and than tested.

Well, if it blocks adoption, in this case it should be finalized. Genjix started working on that on https://github.com/genjix/bips/blob/master/bip-stealth.mediawiki

Genjix, how can we help pushing BIP63 on what you have done ?

What are your thoughts on why no-one has yet written this up into BIP 63 (though Peter Todd has recently made clear on bitcoin-development mailing list he has no intention of doing it, but indicated someone else should feel free to)?  Again, as per part of my original post, this is one of the reasons that the Electrum wallet developer(s) gave for not finalizing the process of inclusion of stealth address into the wallet - they said they are waiting for BIP 63 to be published (presumably in draft is all it would take).  

Isn't a written formalization probably always just "nice to have"?

A specification for BIP 63 could serve as starting point for alternative implementations.

But FWIW, since it wasn't mentioned before in this thread:

https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth

I implemented stealth payment and address into NBitcoin. (.NET library for Bitcoin dev)

For what I have seen, the BIP is just a formalization on paper of what already exist, I'm not sure this BIP is essential at all, just a nice to have.

To be clear, none of this means that a BIP isn't needed.  The BIP (63) is still needed (and we are still waiting for Peter Todd to publish a donation address so that we can support that effort).

As to mixers, I was referring to coinjoin services, and DIY using altcoins and exchanges.  But yeah you have a good point; exchanges are also potential scams and honeypots.. as indeed are third party mixer services, which also includes "gambling" services (you didn't think that many people really gambled did you?). 

Stealth addresses work already, you just need a way to communicate a nonce to the recipient.  Some wallets (like darkwallet) use op_return, others.. I'm not sure.   

Stealth addresses are usable now.  So are mixers.  What is your problem exactly? 

I was comparing xpub keys and stealth keys when you make either type publicly available, there's a reason to do that for some use cases (e.g. accountability for a charity) and in others to use stealth keys (I don't like that term for them really, doesn't really explain what they do too well). It would be nice if the privacy was better by default, it seems we could get some of the way there on the proposed confidential chain.

How could the sender figure out who else paid money on that master public key if you created it only for him? The idea would be creating a different mpubkey for each individual.
Of course stealth addresses sound really cool and I hope it gets implemented. Right now the anonymity features of BTC are pretty poor and Gmaxwell seems to agree on this too.

Good point, some documentation can't hurt.

You could offer a reward for a nicely written RFC. 

There are some wallets that incorporate stealth address concept to different degrees, the problem comes when there isn't support throughout the whole system, and it's not just a matter in core, but the absence of a BIP also affects other wallet developers such as the Electrum folk as originally mentioned in one of the links in my post which kicked off this thread. 

What needs to be done, if I'm hearing this correctly from Peter Todd's perspective, is get him some financial (bitcoin) support for stealth BIP (63) in order for something to be done on it.

Just waiting for a bitcoin address to be published from him specific for that here.

Peter,

If you publish here a bitcoin address that is specific to funding the stealth BIP (# 63 as currently shown at https://github.com/bitcoin/bips) then I, and others here who support that, will publish that address and I suspect, that you will receive funds at that address, as people will be happy to donate (I certainly will contribute to it.)  The effect of this will be amplified if you mention it on one of your social feed (twitter or wherever else).

-ABISprotocol

Edit:  There are at least a few other people so far who have said in this discussion thread that they'd donate as well - you can see their comments here: https://bitcointalksearch.org/topic/m.11572012

The short answer is no, 3rd party mixers (such as a mixer plugin which presents bitcoin mixing as a feature, and could be "dropped into" Electrum because the feature provided is not mainline in Electrum, as example) don't provide a better level of privacy than what could be provided if stealth address were to be directly supported in the protocol.  

Here I am suggesting that this stealth BIP (BIP 63) be started, it all starts in the draft stage.
There are different kinds of BIPs.

     Standards Track BIPs - Changes to the network protocol, block or transaction validation, or anything affecting interoperability.
    Informational BIPs - Design issues, general guidelines. This type of BIP is NOT for proposing new features and do not represent community consensus
    Process BIPs - Describes or proposes a change in process. Similar to Standards BIPs but apply outside the Bitcoin protocol.

I don't know what kind of BIP this would end up being, but I am kind of assuming it might end up being a Process BIP, but again, I don't really know.  I'm assuming that how it would be tracked and categorized would depend on Greg Maxwell and Peter Todd assuming this moves forward...

That link is actually very helpful with understanding the mechanics of stealth addresses. Thanks.

Hello,

There is a summary response above which I hope covers this, but if you wanted something else, there is a brief but useful description here by some folks who have been developing stealth.js for darkwallet:
https://github.com/darkwallet/stealth.js/blob/master/README.md

Are there a few developers with some free time that just need some funds to pay the bills to finish this? If so, please setup a lighthouse fundraiser and I will gladly contribute and help promote it.

I'll chip in some bits!

Don't several wallets implement stealth addresses already? 
Why do you want this github BIP?  Just go do what you need to already. 

Long story short, right now I think my time is better spent focusing on more fundemental issues with Bitcoin like scalability.

I've also got no-one interested in funding stealth address development right now; I do need to pay rent!

Moved to dev and tech. Bitcoin discussion was an alright place for the thread to be, but you are likely to get better discussion in this section.

Whilst this does not help the bitcoin implementation ... Shadow (see sig) implemented dual key (scan and spent key) stealth address in its code base for those that want to have a play with it.
Lots of great benefits for improving once privacy.

The difference is: with a master public key, the sender can use it to figure out who else paid money to that address, past and future. With stealth addresses, the sender knows only the address they sent to (or maybe not even that... but you could work it out in any case by looking at which block it was confirmed into and how much the transaction was for)

When I saw the Bip number 63... I thought it was a stronger encryption. Thank you for the detailed explanation.

Could the reason be, that 3rd party mixers and built in mixer features within wallet providers void the need for such upgrades?  Or do you think it would be better to implement improved privacy on the protocol levels?

I am ALL for more privacy and would welcome ANY methods to achieve these goals. {Why do the government or a stalker need to know, how I spend my money?}

Thanks for posting this.   

What does it do, and how exactly will this make my transactions more secure or more private?

As I understand it in a basic way, the Stealth Address will help mitigate the problem of address reuse, though this may be an oversimplification of what it does.  
(One socially meaningful function that people could really appreciate right away is that stealth addresses would likely make a straightforward and guilt-free way for a organization (non-profit for example) to post such an address to receive donations, as they would not then be revealing a bunch of information about the donors [and others in the network] every time someone donates to the organization.)

Why should you care?  Essentially it's from a privacy angle, as that address reuse is done then this conveys information about you and others in the network.  One could measure the extent to which you may be compromising privacy of others in the network based on your actions but without getting into that here, suffice it to say, address reuse isn't that great for the privacy of the network, and if wallets had support for stealth addresses, and if people had the ability to choose to use stealth or not to use it, depending upon their preferences of course, then that would be a good thing.

It's actually not what I would call "anonymity" because the use of Stealth as described wouldn't result in anonymity per se (IMHO).  I believe it would actually result in enhanced privacy.    From the original paper by Peter Todd, "The txin's owned by the payor are not revealed to the payee. In fact, they could be held by a third-party who simply makes a transaction with the appropriate txouts on behalf of the payee. (...) Less information about the txouts is leaked."  I don't consider such developments anonymous actually, but it's a pretty good privacy scheme.  Here's what I believe to be the first ever successful stealth transaction:
https://blockchain.info/tx/63e75e43de21b73d7eb0220ce44dcfa5fc7717a8decebb254b31ef13047fa518
Notice that there are things you can see about it.  It's certainly not fully anonymous, from my perspective.

OK, the final part of your question was, BIP.  What is the stealth BIP?  That's the Bitcoin Improvement Proposal.  Stealth has been suggested to be made as a Bitcoin Improvement Proposal so that this would have support in bitcoin / core.  The process lays out ideas that would help improvements happen and the developers vet them.  There's a 'readme' that covers that here:
https://github.com/bitcoin/bips/blob/master/README.mediawiki

Respect,

ABISprotocol

So, in plain english what is the stealth bip and why should the average non-techie noob like me care? Is is a modification to make bitcoins more anonymous?  That is what it sounds like to me but I am not sure.

One never knows.

Wouldn't this get more useful responses in the dev & nerd section?

It seems like there have been endless delays and what appear to be "development arguments" which have hindered what could have been, by now, development of Stealth, or more precisely, the Stealth BIP (BIP number 63).

You can see a recent remark of mine on this subject in the Bitcoin repository here in which I linked to a twitter thread where developers discussed this issue:
https://github.com/bitcoin/bitcoin/issues/5783#issuecomment-109680602

Indeed, here in the Electrum repository, on Jan. 11, 2015, dabura667 remarked,
"Will re-open once Stealth is settled on. It keeps having "its the last change" over and over again... so I'll wait til it is a BIP.
I will keep my branch up to date with the latest Dark Wallet version in case someone wants to use the commits."
https://github.com/spesmilo/electrum/pull/817#issuecomment-69489090

On the other hand, nothing is keeping someone from actually writing the BIP, as it seems like "all they would need to do" is communicate with Peter Todd and Greg Maxwell to ask if they could actually write it up as per the procedure at bitcoin/bips:
https://github.com/bitcoin/bips
Here's the archived proposal from Peter Todd for Stealth Addresses, with acknowledgments:
http://sourceforge.net/p/bitcoin/mailman/message/31813471/

Since it's already been assigned a number, why not just have it now published to github at bitcoin/bips and move ahead, and the other technical issues could be worked on further at the draft stage.  It seems logical to see it move forward at this time.  Please feel free to tell me here why it should not be published at this time or why I am a blithering idiot. :-)

Respectfully,

-ABISprotocol