1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <adam@cypherspace.org>) id 1W3ksJ-0005sD-Jc
for bitcoin-development@lists.sourceforge.net;
Thu, 16 Jan 2014 11:12:39 +0000
X-ACL-Warn:
Received: from mout.perfora.net ([74.208.4.194])
by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1W3ksI-0000aA-58
for bitcoin-development@lists.sourceforge.net;
Thu, 16 Jan 2014 11:12:39 +0000
Received: from netbook (c107-70.i07-27.onvol.net [92.251.107.70])
by mrelay.perfora.net (node=mrus3) with ESMTP (Nemesis)
id 0Lh74Z-1VWpyA2Itj-00oO25; Thu, 16 Jan 2014 06:12:30 -0500
Received: by netbook (Postfix, from userid 1000)
id 66C522E283F; Thu, 16 Jan 2014 12:12:23 +0100 (CET)
Received: by flare (hashcash-sendmail, from uid 1000);
Thu, 16 Jan 2014 12:12:21 +0100
Date: Thu, 16 Jan 2014 12:12:20 +0100
From: Adam Back <adam@cypherspace.org>
To: Drak <drak@zikula.org>
Message-ID: <20140116111220.GA30175@netbook.cypherspace.org>
References: <CANEZrP0huBWqgvQik9Yc26Tu4CwR0VSXcfC+qfzsZqvoU4VJGA@mail.gmail.com>
<20140113133746.GI38964@giles.gnomon.org.uk>
<CANEZrP1KAVhi_-cxCYe0rR9LUSYJ8MyW8=6eSJZ65FeY5ZJNuQ@mail.gmail.com>
<20140114225321.GT38964@giles.gnomon.org.uk>
<CANAnSg0tH_bK_19rsRRHOeZgrGYeWMhW89fXPyS4DQGmS4r_7A@mail.gmail.com>
<CALimQCXgc0eXeOcqFGUaCpSF7gKEe87KzvLqHZwUysV3WyjjGw@mail.gmail.com>
<CAAS2fgShChAQryfUOBp60jB-zxn2tH986fu1HfT+LsNdBYnoYg@mail.gmail.com>
<CAJHLa0P5r2+kxy7w8G=h=TAhdk1jUoW5UOiv-euo47uQY0u9ZA@mail.gmail.com>
<op.w9q6jdsayldrnw@laptop-air.hsd1.ca.comcast.net>
<CANAnSg0iE_ZdbXbkBwsafUJ6_ck4jETQM0o0RY-0am-o7=6Xbg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CANAnSg0iE_ZdbXbkBwsafUJ6_ck4jETQM0o0RY-0am-o7=6Xbg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Hashcash: 1:20:140116:drak@zikula.org::xrBmlJr1Yn3YM38e:00155f
X-Hashcash: 1:20:140116:jeremy@taplink.co::qBWoLiJLj7uw+J3f:00000000000000000000
0000000000000000000000002nh2
X-Hashcash: 1:20:140116:bitcoin-development@lists.sourceforge.net::Ju9jeGW7FSrhi
zMd:000000000000000000009lsD
X-Hashcash: 1:20:140116:adam@cypherspace.org::Q1yQ1+8lKvzXkRYS:00000000000000000
0000000000000000000000000fSc
X-Provags-ID: V02:K0:IVPimoDEfjYfK8x5+9G+TjhcHoNTV3ErfPP8sBu8CbI
tPhWgxqDfdkGMHlC+AM+bO869RDYjzaaBgqA4Z8jzsCPz11sO/
BowKs0H2hnPZ6QGllHjPc184jekBeHA9Dtg46Ezovykf/UWUGH
wEz3gPI+QsIMlqIImyq7iS5tmdWeAj5S0Jx17e+6WRm4JRywq4
ppSEiEkqkUir5Wcb+ikMIZTCovTyha9WD63DAtA3om0yiKVcj+
XFWHvMkr9aFH6vpLYuKvrdH8C/KOAej0pHXF9oI45qlXko/Zp7
RXuvGvrj4OtpJ5v8IBF/+BDuz/lR4rJUWV8yr+fbWR73+W2RrK
SwPRLXl3Esa5aFYbA1Va2+ORm3+LwaXabykUvHooQ
X-Spam-Score: 2.9 (++)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust [74.208.4.194 listed in list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
2.9 FH_RANDOM_SURE SARE Random in one rule.
X-Headers-End: 1W3ksI-0000aA-58
Cc: "bitcoin-development@lists.sourceforge.net"
<bitcoin-development@lists.sourceforge.net>
Subject: [Bitcoin-development] reusable address privacy problems & fuzzy
bait limitations (Re: Stealth Addresses)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 11:12:39 -0000
On Thu, Jan 16, 2014 at 10:14:24AM +0000, Drak wrote:
> On 16 January 2014 00:05, Jeremy Spilman <[1]jeremy@taplink.co> wrote:
> > Might I propose "reusable address".
>
> The problem is all addresses are reusable and to an average user,
> addresses are already reusable so there is little to distinguish the
> address format.
> It might be better to call it a "public address" in common terminology.
Yeah I called my variant "(unlinkable) public" but I also think I prefer
Jeremy's "reusable address" which has the added bonus of being yet another
implied admonishment not to reuse the non-reusable ones :)
Anyway my primary concern so far is that the reusable addresses/(unlinkable)
public addresses are actually worse for privacy than SPV bloom mechanism by
any reasonable definition. So I think we have some work to do yet, on a
tough problem which may not have an efficient index precomputable solution
(or a solution period.) I would also have been promoting this as an
alternative solution to bloom privcy mechanism and address-reuse, if I
could've found a mechansim for the unlinkable public proposal...
Whats different so far I think is that Peter just went with it anyway
despite that problem, where as I put it in the pile of interesting but not
quite workable for privacy reasons ideas. (Bearing in mind that my bloom
bait concept is the same as the prefix concept so I had functional
equivalence). The additional feature of Peter's variant is to stealthify
the payment, which I do think is a useful additioanl consideration, however
as I said I think its fair to say it so far largely fails to do that,
because the exposed P parameter. (And using the input instead of the P
parameter breaks CoinJoin, which is also thereby damaging to privacy).
So also about Greg Maxwell's improved prefix/bloom bait (lets call it fuzzy
bloom bait), while I agree that H(nonce)[rand(32)] ^ prefix is an
interesting incremental improvement, over raw bloom bait/prefix (with an
example 8-bit prefix, and [] being byte index, ^=xor), it is
index-precomputable, but it still publicly allows statistical elimination
which is still nearly as dangerous in lieu of the remarkable success people
have had doing statistical network flow analysis. ie with probability
(255/256)^32=88% it eliminates you as a payee of any given reusable payment.
(And that effect remains with any parameter set and conflicts with bandwidth
efficiency for the requestor - ie lower elimination probability seems
unavoidably to imply higher false positive match, right down to the point of
downloading the entire set, giving with 0 probability).
Thinking-hats time people.
(As I said I still like reusable-addr for full-node recipient scenarios.)
Adam
|
