Topic: Would it be feasible to create transactrions that reject processing on IP basis? (Read 874 times)

It's a problem to implement in fully decentralised way, but not yet confirmed to be an impossible problem. The issue with centralised CoinJoin isn't so much with privacy or security. If done transparently and correctly as per gmaxwells spec, the central provider cannot infringe your privacy or steal money. The issue then becomes the providers own safety from getting targeted for "enabling criminality" and suchlike slurs.

I suppose that my wording was bad, I was more meaning trust in another party.

That's a hell of an assumption though, that all clients would CoinJoin all transactions and users could not choose to turn it off and on at will. What's to stop Yifu or whoever else promoting the "Anti-Criminal" version, the details of which people won't generally appreciate. All they want is to be certified "Good Guys", and they can be tricked into being bad for all Bitcoiners this way.

Miners refusing clean address transactions is the only way to solve this problem properly. They are properly incentivised to understand the basis of the problem, and they have the means to kill the issue altogether, not just mitigate for it.

I understand how CoinJoin works. My point is, I couldn't satisfy their requirement to sign a message with my addresses, in fact nobody could do it because CoinJoin would be the bread and butter of transactions. Blocks would be (almost-)full of CoinJoins and coins would get so quickly mixed that everybody could be considered a criminal, thus rendering any blacklisting attempt useless. It would be like sprinkling all our banknotes with coke, so either they would have to be accepted or the economy would come to a halt (please ignore virtual money in this example).

No. You've misunderstood.

Once the situation you're talking about becomes reality, then there will be two uses of multi-output transactions: bulk transactions to save on fees, and CoinJoin. To prove to the address-listing people that you are NOT doing CoinJoin, they can ask you to prove you were doing a bulk transaction, by asking you to sign messages from all the addresses in any multi-output transaction. Which you can't do, if it's actually a Coinjoin transaction, because other people own some of the other addresses. Other people owning the addresses in a transaction you took part in is sort of the whole point of CoinJoin.

No if it's done in a P2P way.

Mixing coins requires more centralization that a lot of people re comfortable with though.

I understand that the attractiveness of CJ comes from the fact that it could be incorporated into clients so it would be performed automatically and maybe even invisibly to users. So when I make a payment I could actually be joining other people making other payments and all of that would be cleared in a single transaction. Or without need to wait for a payment, I'd just tell my client Hey mix my coins, and go to bed. If we continuously mix our coins there won't be "clean" coins anymore (newly generated coins won't last forever and miners could mix them anyway upon getting them).

This all suggests a different tactic: blacklist the greenlist. Encourage all pools, p2poolers and soloists to refuse to include transaction involving any greenlist public keys.

The trouble with CoinJoin is the issue of multiple outputs. This type of transaction is rarely used, or certainly not by those just using the standard features of vanilla Qt or something like Multibit. And this is for a good reason; the fees are cheap enough as it is, there's not a huge amount to be gained from saving 0.1 mBTC here and there (the only non-privacy centered use of multi-outs being bulk payments in one tx). Therefore, it's always going to be an option for advanced users, or users of wallet software with an advanced slant (like Armory).

So, what happens when the greenlist authorities start e-mailing you (with the email you are required to supply them, of course) about "suspicious multi-out transactions invloving your green address"? You then end up in an explaining game, and you won't be able to sign messages from all the public keys involved if you have indeed been CoinJoin-ing to obscure which addresses you do and don't own, unless you always Coinjoin with known others, which presents a host of privacy issues in itself.

You could then end up blackballed from the greenlist agency. And there might even be a blacklist ("irregular usage" addresses) by then, you may find that all the addresses involved in your suspicious greenlist transaction will themselves become blacklisted (that could possibly include addresses belonging to anonymous CoinJoiners that still contain unspent input).

Subverting the greenlist system through confusing analysis of the inputs to it may just end up validating and encouraging such a system, and leaving you permanently on the outside. I think fighting back with denying the processing of greenlist transactions, plus encouraging a cultural use of the future Identity Protocol would be more effective at maintaining security, privacy and fungibility.

Not just the miners direct interest (say, related to 'tainted' fees), but it could even be argued as doing the users a favor: In a world with fungibility destroyed by blacklisting anytime you get paid you have to perform a query of the blacklist before deciding to accept the payment, or risk ending up with more black coins yourself.  But if miners enforce the blacklist then some of their burden is outsourced. Bonus for the users but you can't count on it unless its behavior required of all miners, under penalty of orphaning…

Yes, HD wallets will of course be step in the right direction. I would be much happier to submit a deterministic keychain (that is only used for mining) to mining pools to receive payments, this will be a crucial privacy enhancement.


This only serves to remind me that time is very much a factor. We need time for developers to implement a whole plethora of new features, not just these privacy focused ones. I worry for the kind of environment that something like CoinWitness or these One Way Aggregate Signatures may end up being deployed in.

And you're also alluding to something I hadn't considered: miners dropping transactions that come from blacklisted public keys. And, of course, this will make a great deal of sense to the miner, as they can't spend that output where they might like, so why bother creating the problem of having a whole host of unspendable inputs (well, increasingly more difficult to spend), taunting them from the bottom of their wallet.

The things I could suggest here have more negative uses than positive ones, I fear.

I think its more important that we do all we can to preserve and improve mining privacy and decentralization so that misguided regulatory attempts can be met by miners disappearing into the mists.

I've been recently excited by some far out cryptographic techniques which can be used to bind transactions together so that miners can't mine them separately... but I think we're a long way from having anything like that in a Bitcoin like system.  ... but we can approximate it somewhat if non-blacklisted people start joining coinjoins with possibly blacklisted people, so miners must choose to take all or none.

The press launch today of the CoinValidation agency is highlighting the need (to me, at least) for a mechanism that lets the user ostracize miners that do not align with whatever the current bone of contention is. Maybe you just dislike the owner in general, for instance (I know I'd prefer to never allow EMC to include my transaction in a block they solve).

Obviously, this does not yet affect miners, but I can imagine a few steps ahead whereby all miners and pools are compelled to submit to licensing and all identities of parties are to be collected and associated with the addresses they are mining to. This will, for instance, make p2pool inpracticable to use for anyone living in a jurisdiction who is affected by such measures. OTOH, large pools with an entrenched share of the market will possibly welcome an opportunity to consolidate their position further. If we could use a mechanism to starve them of transaction revenue going forward, they may consider more carefully their compliance with any future attempts to put a legislative or licencing framework around mining.