From: Adam Back <adam@cypherspace•org>
To: Jeremy Spilman <jeremy@taplink•co>
Cc: "bitcoin-development@lists•sourceforge.net"
<bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] unlinakble static address? & spv-privacy (Re: Stealth Addresses)
Date: Thu, 16 Jan 2014 12:42:42 +0100 [thread overview]
Message-ID: <20140116114242.GA30432@netbook.cypherspace.org> (raw)
In-Reply-To: <op.w9q85wkhyldrnw@laptop-air.hsd1.ca.comcast.net>
On Wed, Jan 15, 2014 at 05:02:10PM -0800, Jeremy Spilman wrote:
>The second pubKey is useful [...] even just being able to scan for
>transactions yourself without keeping bitcoin-encumbered private keys
>decrypted in memory.
Agreed.
>On Wed, 15 Jan 2014 15:09:01 -0800, Adam Back <adam@cypherspace•org> wrote:
>>But I think its moderately expensive for the full node because it has to
>>do a DH calculation per transaction and its not precomputable so there is
>>IO per query. (In the P version in fact only payments which are thereby
>>reconizable as unlinkable static need to be processed).
>
>And of course, if you have multiple reuseable addresses, then you're
>doing this calculation separately to check each one.
>
>So the load on a popular centralized service would be quite high,
>which you may consider a feature.
Well only a linear increase, which is not any kind of realistic security
defense for even an academic researcher analysing flows. More concern is
that it could be expensive enough discourage adoption by full-nodes as an
open/free service to support SPV clients in finding their reusable address
payments. Its possibly an I/O DoS multiplier: send requests to the full
nodes at a moderate network rate and and watch as its disk thrashes.
>But I think it's great people can choose how to trade privacy for
>computation/bandwidth however they want, and services can compete to
>offer monitoring for 0+ bit prefixes.
Its not a decision with user localised effect. If most users use it with
parameters giving high elimination probability, that affects everyone else's
privacy also. Also statistical effects are accumulative as more plausibly
related addresses are eliminated at each potentially linked transaction. I
think once the network flow analysis guys are done with incorporating it,
and if reusable addresses saw significant use, my prediction is the result
will be pretty close to privacy game over and it will undo most if not all
of the hard-won privacy benefit of CoinJoin. (Recalling CoinJoin is only
adding a bit or two of entropy per join, this elimination effect could
easily undo more than that).
>>(And also there is proposed a version of the prefix computed via
>>brute-force to make it somewhat stealthy still).
>
>I think in this case the hash grinding of the prefix would only being
>used if thats how transactions are being indexed. I don't think it
>adds any privacy, it's just added work we're forced to do in order
>for the prefix to work as designed.
The point of the stealth security objective is to avoid creating a new and
smaller anonymity set. If all reusable addresses are easily recognizable as
reusable, thats far more revealing and useful to the network flow analysis.
Adam
next prev parent reply other threads:[~2014-01-16 11:43 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-06 12:03 [Bitcoin-development] Stealth Addresses Peter Todd
2014-01-08 10:20 ` Jeremy Spilman
2014-01-10 10:20 ` Peter Todd
2014-01-10 11:28 ` Drak
2014-01-10 12:00 ` Peter Todd
2014-01-12 10:33 ` Jeremy Spilman
2014-01-12 12:51 ` Mike Hearn
2014-01-12 18:20 ` Jeremy Spilman
2014-01-12 18:26 ` Mike Hearn
2014-01-13 9:13 ` Jeremy Spilman
2014-01-14 14:15 ` Peter Todd
2014-01-14 17:54 ` Odinn Cyberguerrilla
2014-01-12 21:18 ` Gavin Andresen
2014-01-13 9:52 ` Gregory Maxwell
2014-01-13 10:39 ` Mike Hearn
2014-01-13 13:37 ` Roy Badami
2014-01-13 15:58 ` Mike Hearn
2014-01-13 20:11 ` Roy Badami
2014-01-14 22:53 ` Roy Badami
2014-01-15 0:19 ` Drak
2014-01-15 20:22 ` Ben Davenport
2014-01-15 20:38 ` Gregory Maxwell
2014-01-15 20:44 ` Jeff Garzik
2014-01-15 22:38 ` [Bitcoin-development] Static addresses on chains encouraging address *RE* use Troy Benjegerdes
2014-01-15 23:01 ` [Bitcoin-development] Stealth Addresses Mike Hearn
2014-01-15 23:04 ` Roy Badami
2014-01-15 23:07 ` Jeff Garzik
2014-01-15 23:17 ` Roy Badami
2014-01-15 23:19 ` Roy Badami
2014-01-15 23:09 ` [Bitcoin-development] unlinakble static address? & spv-privacy (Re: Stealth Addresses) Adam Back
2014-01-16 1:02 ` Jeremy Spilman
2014-01-16 1:32 ` Gregory Maxwell
2014-01-18 17:44 ` Troy Benjegerdes
2014-01-18 20:25 ` Christophe Biocca
2014-01-20 11:11 ` Peter Todd
2014-01-21 4:00 ` Jeremy Spilman
2014-01-24 9:17 ` Peter Todd
2014-01-16 11:42 ` Adam Back [this message]
2014-01-16 18:19 ` Troy Benjegerdes
2014-01-16 0:05 ` [Bitcoin-development] Stealth Addresses Jeremy Spilman
2014-01-16 0:10 ` Gregory Maxwell
2014-01-16 0:24 ` Mark Friedenbach
2014-01-16 0:44 ` Eric Martindale
2014-01-16 6:26 ` Gary Rowe
2014-01-16 9:48 ` Wladimir
2014-01-16 1:16 ` Odinn Cyberguerrilla
2014-01-16 10:14 ` Drak
2014-01-16 10:19 ` Mike Hearn
2014-01-16 11:12 ` [Bitcoin-development] reusable address privacy problems & fuzzy bait limitations (Re: Stealth Addresses) Adam Back
2014-01-16 21:28 ` [Bitcoin-development] Stealth Addresses Peter Todd
2014-01-17 2:30 ` Johnathan Corgan
2014-01-17 3:13 ` Jeremy Spilman
2014-01-17 7:49 ` Drak
2014-01-17 9:15 ` Mike Hearn
2014-01-17 9:19 ` Mark Friedenbach
2014-01-17 9:23 ` Natanael
2014-01-17 9:59 ` Drak
2014-01-17 20:16 ` Cameron Garnham
2014-01-17 14:46 ` Peter Todd
2014-01-17 19:21 ` Ben Davenport
2014-01-18 4:55 ` Alan Reiner
2014-01-18 5:09 ` Gregory Maxwell
2014-01-18 23:12 ` Jeremy Spilman
2014-01-18 23:50 ` Gregory Maxwell
2014-01-20 11:08 ` Peter Todd
2014-01-13 19:53 ` Roy Badami
2014-01-13 19:57 ` Mike Hearn
2014-01-13 20:01 ` Roy Badami
2014-01-13 19:40 ` Roy Badami
2014-01-13 19:44 ` Drak
2014-01-13 19:59 ` Alan Reiner
2014-01-13 20:10 ` Gregory Maxwell
2014-01-13 20:15 ` Peter Todd
2014-01-13 22:02 ` Jeremy Spilman
2014-01-14 14:19 ` Peter Todd
2014-01-14 19:12 ` Jeremy Spilman
2014-01-14 20:48 ` Peter Todd
2014-01-14 21:51 ` Adam Back
2014-01-14 22:34 ` Jeremy Spilman
2014-01-13 20:14 ` Peter Todd
2014-01-13 20:41 ` Alan Reiner
2014-01-13 20:47 ` Gregory Maxwell
2014-01-13 21:02 ` Roy Badami
2014-01-13 21:15 ` Alan Reiner
2014-01-13 21:27 ` Peter Todd
[not found] ` <op.w9ne31oqyldrnw@laptop-air.hsd1.ca.comcast.net>
2014-01-14 12:10 ` Peter Todd
2014-03-06 12:23 ` Dan Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140116114242.GA30432@netbook.cypherspace.org \
--to=adam@cypherspace$(echo .)org \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=jeremy@taplink$(echo .)co \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox