1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
Return-Path: <me@ricmoo.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DA753F58
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 12 Sep 2015 05:38:58 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-io0-f182.google.com (mail-io0-f182.google.com
[209.85.223.182])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E7045124
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 12 Sep 2015 05:38:57 +0000 (UTC)
Received: by iofb144 with SMTP id b144so120103962iof.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 11 Sep 2015 22:38:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ricmoo.com; s=google;
h=from:content-type:subject:message-id:date:to:mime-version;
bh=THjtF1il4xo6cduw3sUC5jqQHpjuyXsXQDQHK6At1a8=;
b=ZQnqXPhW1zMmV7lfcuVIdj0lQnEF3SwpCrx+vmKMjeuiFnQC681jTORXHU9gxjHQuV
H2eAsHjxioUvD7YFWpLDJxctPrTnqtLoJVNRKm4L7IxfFj0UcuKeXXIdDhXsw2VWUGiE
zRDFsc+yVPpZCM0bD1pJpQL/j09i4Kjd9Lk8o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:from:content-type:subject:message-id:date:to
:mime-version;
bh=THjtF1il4xo6cduw3sUC5jqQHpjuyXsXQDQHK6At1a8=;
b=dhq4eNVzrAhmjKNIuVqVIT6OaEmgXV0fk8TzRqyjKH79gGt+19bSX/9ytuGXC0w8g9
Ju2Dh4LKZBozPtexkYiNuy8CzWq7hbe3PaguCa5hHo4rG5St18jVYdgb5O3i6SRvYzS7
fq6WCT3CeQ1B5R5iEs1XIPQA1xd1kDS6ehf+Ma7y6+M25+UjFPAt9ONCWH1Zn6YoIre/
UohDzdlnOQNrkqCdbYbrQcFq70XaQPE1fq4BqVERtnnwsVud152V6g5rND++FuLqyvvr
3W7oRRzUnPUH8N19HJoBsG99xgzS4yR94LrnB/rtdpMD6S90h587ZI6AUH2fQi4Or69R
apEw==
X-Gm-Message-State: ALoCoQk4ngo959Pnyuf/msmY2rW6lC/Hf8kmPkAM0a1ydGFEgwwAyMQ1RjLlcGgDvmkbfNk4LJsQ
X-Received: by 10.107.10.14 with SMTP id u14mr8439104ioi.94.1442036337322;
Fri, 11 Sep 2015 22:38:57 -0700 (PDT)
Received: from [192.168.2.79] (135-23-143-85.cpe.pppoe.ca. [135.23.143.85])
by smtp.gmail.com with ESMTPSA id u4sm1194852igz.8.2015.09.11.22.38.55
for <bitcoin-dev@lists.linuxfoundation.org>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Fri, 11 Sep 2015 22:38:55 -0700 (PDT)
From: Richard Moore <me@ricmoo.com>
Content-Type: multipart/alternative;
boundary="Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E"
Message-Id: <71A8E490-14C5-49F1-8E08-75C0A754B5BB@ricmoo.com>
Date: Sat, 12 Sep 2015 01:38:53 -0400
To: bitcoin-dev@lists.linuxfoundation.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
X-Mailer: Apple Mail (2.2104)
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: [bitcoin-dev] Stealth Address Idea (special-less)
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Sep 2015 05:38:59 -0000
--Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Hey all,
I am throwing out an idea I=E2=80=99ve been toying with, for feedback =
and if it seems like an idea worth pursuing, possibly a BIP number.
The goal is to make straight forward stealth address that are SPV =
friendly and easy to support in software without too much special goop.
I=E2=80=99ve got working code at =
https://github.com/ricmoo/sandbox/tree/master/stealth, and here are some =
example transactions on the block chain:
Target Public Key: =
029ed06e396761c24416cf7323ed4f1cb29763ee9e2b0fccae347d6a2a3eaecbf5
Target Public Key [tentative] Encoding (this is what you would give =
away): 59KkSZsVE7vErdqo8m5gtNoez44CbdwJQ5cSM1AAARzN19vkJ6NU
Revocable Payment made: =
b4ad20cad4cc2fcbbec09bc071dfe8c4a4b1e8e57d1e56bf51947445cfc6c7af
Irrevocable Payment made: =
f600643a1d32152117be0d9c652a86dc6182d2dab3be53340739395f524cd95c
Cleared out all funds from stealth address: =
58eb0fdab108c7add74835466251ffe5c51c7f4cec149f06daf0435d43d9ce55
Idea overview:
There are 2 modes of operation, revocable and irrevocable payments. =
Revocable payments result in both parties knowing the private key, =
allowing for a certain level of plausible deniability when the funds are =
swept, as to whether the funds were actually sent or were revoked=E2=80=A6=
You could imagine WikiLeaks stating they will not claim donations for =
1-3 months after receiving them; if the funds are claimed after 1.5 =
months, did the sender actually send funds? The other option is =
irrevocable, where only the receiver can claim the funds (allowing them =
to leave them in that address until they need to be spent).
The basic idea is (the above code above gets into the nitty gritty), to =
send to targetPublicKey:
Given the UTXO set of inputs into a transaction, choose one at random, =
senderUtxo
Use ECDH(targetPublicKey, senderUtxo.privateKey) as sharedSecret
For revocable payments, you are done; use sharedSecret as your =
privateKey, compute the address
For irrevocable payments, create a sharedPrivateKey from the bytes of =
sharedSecret, use ECC addition (or would multiplication make more sense? =
advantages?) on the public key of sharedPrivateKey and the =
targetPublicKey. The receiver can then use ECC addition (or =
multiplication) on the sharedPrivateKey and the targetPrivateKey to =
generate the coresponding privateKey.
The SPV-able part, is lightly discussed in the top of stealth.js, but I =
haven=E2=80=99t played with bloom filters enough and the idea is still =
all too fresh in my head; the general idea is to make a 1-of-2 multisig =
where the first is the resulting stealth address, and the second is =
something (anything) that looks like a valid public key, but will match =
a bloom filter (given a tweak that is generated deterministically from =
the targetPublicKey) and matches the targetPublicKey. Again, I need much =
more feedback on this.
Thanks,
RicMoo
=
.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=
=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=
=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8><(((=C2=BA>
Richard Moore ~ Founder
Genetic Mistakes Software inc.
phone: (778) 882-6125
email: ricmoo@geneticmistakes.com <mailto:ricmoo@geneticmistakes.com>
www: http://GeneticMistakes.com <http://geneticmistakes.com/>
--Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div class=3D""><span style=3D"font-size: 13px; line-height: =
17px;" class=3D"">Hey all,</span></div><div style=3D"font-size: 13px; =
line-height: 17px;" class=3D""><br class=3D""></div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D"">I am throwing =
out an idea I=E2=80=99ve been toying with, for feedback and if it seems =
like an idea worth pursuing, possibly a BIP number.</div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">The goal is to make straight forward stealth address that are =
SPV friendly and easy to support in software without too much special =
goop.</div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D""><br class=3D""></div><div style=3D"font-size: 13px; =
line-height: 17px;" class=3D"">I=E2=80=99ve got working code at <a =
href=3D"https://github.com/ricmoo/sandbox/tree/master/stealth" =
class=3D"">https://github.com/ricmoo/sandbox/tree/master/stealth</a>, =
and here are some example transactions on the block chain:</div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Target Public =
Key: 029ed06e396761c24416cf7323ed4f1cb29763ee9e2b0fccae347d6a2a3eaecb=
f5</div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Target Public Key [tentative] Encoding (this is what you =
would give =
away): 59KkSZsVE7vErdqo8m5gtNoez44CbdwJQ5cSM1AAARzN19vkJ6NU</div><div=
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Revocable Payment =
made: b4ad20cad4cc2fcbbec09bc071dfe8c4a4b1e8e57d1e56bf51947445cfc6c7a=
f</div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Irrevocable Payment =
made: f600643a1d32152117be0d9c652a86dc6182d2dab3be53340739395f524cd95=
c</div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Cleared out all funds from stealth address: =
58eb0fdab108c7add74835466251ffe5c51c7f4cec149f06daf0435d43d9ce55</div><div=
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D""><br class=3D""></div><div style=3D"font-size: 13px; =
line-height: 17px;" class=3D"">Idea overview:</div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">There are 2 modes of operation, revocable and irrevocable =
payments. Revocable payments result in both parties knowing the private =
key, allowing for a certain level of plausible deniability when the =
funds are swept, as to whether the funds were actually sent or were =
revoked=E2=80=A6 You could imagine WikiLeaks stating they will not claim =
donations for 1-3 months after receiving them; if the funds are claimed =
after 1.5 months, did the sender actually send funds? The other option =
is irrevocable, where only the receiver can claim the funds (allowing =
them to leave them in that address until they need to be =
spent).</div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D""><br class=3D""></div><div style=3D"font-size: 13px; =
line-height: 17px;" class=3D"">The basic idea is (the above code above =
gets into the nitty gritty), to send to targetPublicKey:</div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><ul =
class=3D"Apple-dash-list"><li class=3D"">Given the UTXO set of inputs =
into a transaction, choose one at random, senderUtxo</li><li =
class=3D"">Use ECDH(targetPublicKey, senderUtxo.privateKey) as =
sharedSecret</li><li class=3D"">For revocable payments, you are done; =
use sharedSecret as your privateKey, compute the address</li><li =
class=3D"">For irrevocable payments, create a sharedPrivateKey from the =
bytes of sharedSecret, use ECC addition (or would multiplication make =
more sense? advantages?) on the public key of sharedPrivateKey and the =
targetPublicKey. The receiver can then use ECC addition (or =
multiplication) on the sharedPrivateKey and the targetPrivateKey to =
generate the coresponding privateKey.</li></ul></div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">The SPV-able part, is lightly discussed in the top of =
stealth.js, but I haven=E2=80=99t played with bloom filters enough and =
the idea is still all too fresh in my head; the general idea is to make =
a 1-of-2 multisig where the first is the resulting stealth address, and =
the second is something (anything) that looks like a valid public key, =
but will match a bloom filter (given a tweak that is generated =
deterministically from the targetPublicKey) and matches the =
targetPublicKey. Again, I need much more feedback on this.</div><div =
style=3D"font-size: 13px; line-height: 17px;" class=3D""><br =
class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" =
class=3D"">Thanks,</div><div style=3D"font-size: 13px; line-height: =
17px;" class=3D"">RicMoo</div><div style=3D"font-size: 13px; =
line-height: 17px;" class=3D""><br class=3D""></div><div =
apple-content-edited=3D"true" class=3D"">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: =
0px;">.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=
=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7=
.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8><(((=C2=BA><br =
class=3D""><br class=3D"">Richard Moore ~ Founder<br class=3D"">Genetic =
Mistakes Software inc.<br class=3D"">phone: (778) 882-6125<br =
class=3D"">email: <a href=3D"mailto:ricmoo@geneticmistakes.com" =
class=3D"">ricmoo@geneticmistakes.com</a><br class=3D"">www: <a =
href=3D"http://GeneticMistakes.com/" =
class=3D"">http://GeneticMistakes.com</a></span>
</div>
<br class=3D""></body></html>=
--Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E--
|