On Fri, Jun 06, 2014 at 09:58:19AM -0700, Gregory Maxwell wrote: > On Fri, Jun 6, 2014 at 9:46 AM, Peter Todd wrote: > > transactions against. Where they differ is that bloom filters has O(n) > > scaling, where n is the size of a block, and prefix filters have O(log n) > > scaling with slightly(1) higher k. Again, if you *don't* use brute forcing > > in conjunction with prefixes they have no different transactional graph > > privacy than bloom filters, > > Huh? How are you thinking that something that gets put in transactions > and burned forever into the blockchain that lets you (statically) link > txout ownership is "no different" from something which is shared > directly with a couple peers, potentially peers you trust and which > are run by yourself or your organization? Again, you *don't* have to use brute-force prefix selection. You can just as easily give your peer multiple prefixes, each of which corresponds at least one address in your wallet with some false positive rate. I explained all this in detail in my original blockchain data privacy writeup months ago. -- 'peter'[:-1]@petertodd.org 000000000000000029d945c3832c7f4afabce11e6cb1c27b6f5e8c0f2bbb356c