sipa changed the topic of #bitcoin-wizards to: This channel is for discussing theoretical ideas with regard to cryptocurrencies, not about short-term Bitcoin development | http://bitcoin.ninja/ | This channel is logged. | For logs and more information, visit http://bitcoin.ninja
oleganza has quit [Quit: oleganza]
oleganza has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 255 seconds]
PRab has quit [Read error: Connection reset by peer]
oleganza has quit [Ping timeout: 244 seconds]
btcdrak has quit [Quit: Connection closed for inactivity]
oleganza has joined #bitcoin-wizards
vega4 has quit [Excess Flood]
GAit has quit [Quit: Leaving.]
mdavid6131 has quit [Quit: Leaving.]
oleganza has quit [Quit: oleganza]
GAit has joined #bitcoin-wizards
vega4 has joined #bitcoin-wizards
vega4 has quit [Read error: Connection reset by peer]
Lightsword has quit [Quit: ZNC]
Lightsword has joined #bitcoin-wizards
Mazz_ has quit [Remote host closed the connection]
Chris_Stewart_5 has joined #bitcoin-wizards
N0S4A2 has quit [Quit: WeeChat 1.5]
chjj has quit [Ping timeout: 244 seconds]
gsdgdfs has quit [Ping timeout: 276 seconds]
Transisto2 has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 265 seconds]
cyphase has joined #bitcoin-wizards
Giszmo has quit [Quit: Leaving.]
<amiller>
hi e0
<amiller>
trying to understand a few parts of tumblebit better, a) if you want to create N^2 micropayments, from N senders to N receivers, how many blockchain transactions do you need, just 2N or N^2?
pro has quit [Quit: Leaving]
<amiller>
b) you keep saying for unlinkability "we assume T does not collude with the other players" is that really necessary? it would suck if so.... if the tumbler colluded with a few payers/payees, and it wanted to try to deanonymize some other users, would it be able to?
cyphase has quit [Ping timeout: 265 seconds]
<amiller>
i think whats happening is you're defining security with just a simple game A B and T, and clearly A and B must know that a payment is made between them
cyphase has joined #bitcoin-wizards
<amiller>
c) isn't a fully formed question, just trying to undersatnd the fair exchange RSA details better
cyphase has quit [Ping timeout: 260 seconds]
<amiller>
ah it's not really like a gradual fair release or anything
<amiller>
it's in principle the same as ZKCP but with a custom proof scheme rather than a generic scheme
cyphase has joined #bitcoin-wizards
<amiller>
i think you are doing amortized fair exchange though
<amiller>
that's another way of viewing the micropayment channels
NewLiberty has quit [Ping timeout: 250 seconds]
<e0_>
amiller: hi!
<e0_>
you need 4N on-chain transactions: 2 for each payer and 2 for each payee.
GAit has quit [Quit: Leaving.]
<e0_>
If Alice is paying Bob and Bob colludes with T, when they can together figure out which payee Alice is.
<e0_>
The collusion only works if the party being paid works with T to reveal who the payer is.
<e0_>
"if the tumbler colluded with a few payers/payees, and it wanted to try to deanonymize some other users, would it be able to?
<e0_>
"
<e0_>
No, but the payees could be eliminated for the set of suspects.
<e0_>
TumbleBit in payment hub mode is very similar to the unlinkability in eCash. For instance in eCash Alice can tell the Bank the SN of her coin so that when Bob redeems that coin, the bank knows it was Alices coin.
cyphase has quit [Ping timeout: 255 seconds]
<e0_>
In eCash Alice the payer can break the unlinkability of a particular payment that she participates in by colluding with the bank.
<e0_>
In TumbleBit Bob the payee can break the unlinkability of a particular payment that he receives by colluding with the Tumbler.
<amiller>
in TumbleBit that collusion can go in either direction right
<e0_>
amiller We are doing a highly performant ZKCP. The puzzle-promise-protocol is a ZKCP for an RSA encrypted ECDSA signature on a particular Bitcoin transaction. The puzzle-solver-protocol is a ZKCP for an RSA decryption of a value choosen by Alice.
cyphase has joined #bitcoin-wizards
<e0_>
amiller Our does not claim to resist collusion in either direction, but payee can probably protect themself from the payer.
<e0_>
amiller We didn't want to worry about that case in the proofs since it didn't seem that important and there are more important features of the protocol to improve.
<e0_>
tumblebits RSA puzzles are like backwards Chaumian eCash tokens, but unlike basic Chaumian eCash the issuer of the puzzles can inspect ever puzzle it issues (similar in some respects to partially blind eCash).
<e0_>
I'm pretty tired so I might not be making total sense. Shoot me an email and I can provide more thoughtful answers at a moment of more sleep.
<amiller>
ok cheers thanks for the discussion here so far that was super useful :)
<amiller>
also i noticed you used the Ideal/Real modeling approach, i love that :) i'm working as fast as i can on a haskell implementation and a new type system so you can implement Ideal/Real protocols, a) so you can actually run them, b) so you can c) so you can use the type checker as a sanity check and catch many errors d) it's a big step towards formal verification https://github.com/amiller/haskell-saucy
<amiller>
b) was supposd to be: so you can disambiguate some of the unclear/undefined parts, like what happens when you have "reentrant functionalities"
<e0_>
woah! thats awesome!
<e0_>
ttyl
cyphase has quit [Ping timeout: 265 seconds]
<qpm>
tx:<Jeremy_Rand> e0_ / amiller: I realize that the mathematical feasibility of a security property has no correlation to whether I'd like it to exist, but I think a financial anonymity system where someone whom I do business with can collude with a trusted 3rd party to deanonymize me, is a pretty big problem. Not trying to denigrate the excellent work done here, but it does seem like something that I hope is improved in the future.
Chris_Stewart_5 has quit [Ping timeout: 240 seconds]
<amiller>
yeah
e0_ has quit [Ping timeout: 244 seconds]
cyphase has joined #bitcoin-wizards
<amiller>
i remember thinking about this kind of thing when we were working on Mixcoin, i think in a way this is most similar to that
<qpm>
tx:<Jeremy_Rand> amiller: I'm not actually familiar with Mixcoin. (Or if I am, I don't remember it by name.)
<amiller>
we ended up only showing a protocol that had the server see the payer/payee addresses in plaintext
<amiller>
we argued that you could use them in a chain like tor though
<amiller>
blindcoin was an improvement to that that did what we originally wanted to do but didn't think through
Mazz_ has joined #bitcoin-wizards
<qpm>
tx:<Jeremy_Rand> amiller: Yeah, Tor-like chaining would probably help, but Tor-like systems usually only are Sybil-resistant with dirauths as trusted parties.
<amiller>
what the tumblebit paper says matches my memory, which is that blindcoin doesn't automatically ensure you can get your collateral back
<amiller>
i wonder why you can't fix blindcoin to automatically do that?
<amiller>
Mixcoin and Blindcoin provide "accountability" which i think means in general you could do this on Ethereum and make it so that the mix can't see anyone or steal funds, just as good as tumblebit
cyphase has quit [Ping timeout: 276 seconds]
<qpm>
tx:<Jeremy_Rand> Interesting
cyphase has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
<amiller>
you could always just mix your coin whenever you close your channel
cyphase has quit [Ping timeout: 276 seconds]
cyphase has joined #bitcoin-wizards
Mazz_ has quit [Ping timeout: 244 seconds]
luke-jr has quit [Ping timeout: 250 seconds]
cyphase has quit [Ping timeout: 265 seconds]
luke-jr has joined #bitcoin-wizards
Mazz_ has joined #bitcoin-wizards
bitcoin-wizards2 has joined #bitcoin-wizards
molz has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
pero has joined #bitcoin-wizards
mol has quit [Ping timeout: 244 seconds]
bitcoin-wizards2 has quit [Ping timeout: 264 seconds]
Alopex has quit [Remote host closed the connection]
Alopex has joined #bitcoin-wizards
rusty2 has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 264 seconds]
cyphase has joined #bitcoin-wizards
<e0>
qpm To split hairs they wouldn't deanonymize you, they would link your payment. That is the Tumbler would know that a payment from addr A was made to addr B with the assistance of the person receiving the payment at addr B.
<e0>
qpm They won't learn any details of any of your other payments. I agree I wish TB protected against this and it isn't seem like an impossibility (in fact the zCash payment hub BOLT protects against this very attack).
<e0>
doesn't seem like an impossibility
<e0>
night
cyphase has quit [Ping timeout: 250 seconds]
<qpm>
tx:<Jeremy_Rand> e0: I usually use the term "anonymous" to mean "no information is known about the user's identity", which implies unlinkability, whereas "pseudonymous" means that linkability is present between at least some of the user's activity. I realize that there are varying definitions of this.
<qpm>
tx:<Jeremy_Rand> So yes, I think we're talking about the same thing, just using slightly different nomenclature.
<qpm>
tx:<Jeremy_Rand> I'm not incredibly familiar with the high-level differences between TB and BOLT (and perhaps it's not feasible for me to glean that from the papers given that my math knowledge may not be sufficient).
cyphase has joined #bitcoin-wizards
<e0>
qpm BOLT achieves stronger anonymity than TumbleBit, but requires new op codes specifically designed for BOLT to be added to zCash. TumbleBit works with today's Bitcoin and has running code that did a 800 user mix on mainnet.
NewLiberty has quit [Ping timeout: 250 seconds]
<qpm>
tx:<Jeremy_Rand> e0: I see. That's a good high-level explanation, thank you.
<e0>
qpm The real accomplishment with TumbleBit IMO is getting all this complex privacy and fairness machinary to work via a few op_hashes and to be performant (0.6 seconds of CPU time).
<qpm>
tx:<Jeremy_Rand> e0: Yes, it is definitely impressive that TB can do what it does within those script and performance constraints.
cyphase has quit [Ping timeout: 250 seconds]
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 244 seconds]
Samdney has quit [Quit: Verlassend]
oleganza has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 265 seconds]
Ylbam has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
chjj has joined #bitcoin-wizards
assder has joined #bitcoin-wizards
NewLiberty has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 265 seconds]
rusty2 has quit [Ping timeout: 265 seconds]
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 250 seconds]
oleganza has quit [Quit: oleganza]
cyphase has joined #bitcoin-wizards
davec has quit [Ping timeout: 240 seconds]
davec has joined #bitcoin-wizards
rubensayshi has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 255 seconds]
BashCo has quit [Remote host closed the connection]
cyphase has joined #bitcoin-wizards
BashCo has joined #bitcoin-wizards
btcdrak has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 250 seconds]
cyphase has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 265 seconds]
cyphase has joined #bitcoin-wizards
laurentmt has joined #bitcoin-wizards
laurentmt has quit [Client Quit]
molz has quit [Ping timeout: 244 seconds]
Guyver2 has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 264 seconds]
vega4 has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
jannes has joined #bitcoin-wizards
GoonClooney has joined #bitcoin-wizards
Giszmo has joined #bitcoin-wizards
spinza has quit [Ping timeout: 240 seconds]
pro has joined #bitcoin-wizards
kristofferR has joined #bitcoin-wizards
Hunger- has quit [Ping timeout: 244 seconds]
Hunger- has joined #bitcoin-wizards
spinza has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 260 seconds]
cyphase has joined #bitcoin-wizards
moli has joined #bitcoin-wizards
cyphase has quit [Ping timeout: 276 seconds]
cyphase has joined #bitcoin-wizards
daddinuz has joined #bitcoin-wizards
daddinuz has quit [Client Quit]
cyphase has quit [Ping timeout: 265 seconds]
cyphase has joined #bitcoin-wizards
Chris_Stewart_5 has joined #bitcoin-wizards
grubles has quit [Quit: reticulating splines]
cyphase has quit [Ping timeout: 255 seconds]
grubles has joined #bitcoin-wizards
cyphase has joined #bitcoin-wizards
Chris_Stewart_5 has quit [Ping timeout: 265 seconds]
Chris_Stewart_5 has joined #bitcoin-wizards
grubles has quit [Ping timeout: 265 seconds]
Chris_Stewart_5 has quit [Ping timeout: 255 seconds]