AWARD-WINNING

CASINO CRYPTO EXCLUSIVE

CLUBHOUSE 1500+

GAMES 2 MIN

CASH-OUTS 24/7

SUPPORT 100s OF

FREE SPINS PLAY NOW Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertised sites arenot endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegalin yourjurisdiction. Advertise here.

BitUsher



Offline



Activity: 994

Merit: 1027







LegendaryActivity: 994Merit: 1027 Re: CoinJoin: Bitcoin privacy for the real world May 23, 2019, 07:31:21 PM #722 Quote from: gmaxwell on May 19, 2019, 07:49:31 PM Repeated dishonesty from Samourai have barred them from ever receiving a payout from the bounty as far as I am concerned: I will not be signing a transaction paying them. Evaluating the privacy of systems is difficult even when the involved parties are honest and easy to work with, it is far too difficult when they are actively misleading. Personally, I would urge my friends to not use that wallet.



As far as other stuff, there has been efforts in progress to do some awarding for a couple months now. It takes time to evaluate things and work with the recipients. If it didn't this bounty would have been gone years ago when "darkwallet" demanded the whole thing then mobbed us with unreasonable demands (including public campaigning which was vigorous to the point of harassment) to pay it all to them when the result didn't provide the advertised privacy and didn't even stay available due to the operating model.



This makes sense and is reasonable. Thank you for updating us that you are still reviewing Wasabi and joinmarket for payouts.



In a sense I can of understand why you are hesitant as Wasabi doesn't allow coinjoining smaller amounts and is profit motivated(understandable considering what happened to darkwallet) benefiting the wallet and joinmarket while great has really lacking UX that wasabi excels at. Thus no ideal solution exists as of yet but we are getting better every month. My opinion doesn't matter as its your bounty to give but IMHO partial rewards should be given to wasabi and joinmarket and half withheld for future projects that creates a better mixing wallet. This makes sense and is reasonable. Thank you for updating us that you are still reviewing Wasabi and joinmarket for payouts.In a sense I can of understand why you are hesitant as Wasabi doesn't allow coinjoining smaller amounts and is profit motivated(understandable considering what happened to darkwallet) benefiting the wallet and joinmarket while great has really lacking UX that wasabi excels at. Thus no ideal solution exists as of yet but we are getting better every month. My opinion doesn't matter as its your bounty to give but IMHO partial rewards should be given to wasabi and joinmarket and half withheld for future projects that creates a better mixing wallet.

Carlton Banks



Offline



Activity: 2856

Merit: 2282









LegendaryActivity: 2856Merit: 2282 Re: CoinJoin: Bitcoin privacy for the real world (someday!) May 28, 2019, 08:26:59 AM Merited by bob123 (1) #724



Quote from: gmaxwell on August 22, 2013, 02:35:24 AM The bounty fund will pay out as funds are available according to the signers best judgment for completed work proposed in this thread that furthers the goal of making improved transaction privacy a practical reality for Bitcoin users.



And, having considered this for a while, my perspective is that no-one has really achieved this.







Coinjoin (as currently implemented) has a problem: coinjoins with a large number of participants and also similar/equal output amounts are easily identifiable on the (public) blockchain. This simply reduces fungiblity in a different way: now, outputs from mass coinjoins can be identified as "coinjoin related" and labelled as such.





Payjoin and PaySwap (link:



Coinjoins must look exactly like any other transaction on the blockchain in order to make Bitcoin transactions truly private. The conditions for the bounty are:And, having considered this for a while, my perspective is that no-one has really achieved this.Coinjoin (as currently implemented) has a problem: coinjoins with a large number of participants and also similar/equal output amounts are easily identifiable on the (public) blockchain. This simply reduces fungiblity in a different way: now, outputs from mass coinjoins can be identified as "coinjoin related" and labelled as such.Payjoin and PaySwap (link: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-April/016888.html ) are the real solution, and they are as of yet unimplemented by anyone.Coinjoinslook exactly like any other transaction on the blockchain in order to make Bitcoin transactions truly private. Vires in numeris

theymos

Legendary



Offline



Activity: 3892

Merit: 7919







AdministratorLegendaryActivity: 3892Merit: 7919 Re: CoinJoin: Bitcoin privacy for the real world May 30, 2019, 03:09:09 AM Merited by Guy Corem (10), TheNewAnon135246 (5), gmaxwell (2), ETFbitcoin (1) #726 highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!



For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".





Further work is still necessary toward achieving default-fungibility, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:



- Improvements to make Wasabi more of a complete wallet.

- CoinJoin integration in other wallets, especially Bitcoin Core.

- Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)

- Other research (and, perhaps more importantly, usable products) for improving day-to-day privacy. Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy ), while Wasabi is the first wallet that implements CoinJoin in both aand sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".Further work is still necessary toward achieving, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:- Improvements to make Wasabi more of a complete wallet.- CoinJoin integration in other wallets, especially Bitcoin Core.- Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)- Other research (and, perhaps more importantly,) for improving day-to-day privacy. 1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD

vit05



Offline



Activity: 672

Merit: 525









Hero MemberActivity: 672Merit: 525 Re: CoinJoin: Bitcoin privacy for the real world May 30, 2019, 03:25:34 AM #727 Quote from: Pieter Wuille on May 30, 2019, 01:31:17 AM Code: -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



Hello all,



this is to announce that we're awarding:

* 10 BTC to JoinMarket, for the first practical CoinJoin solution, and continued research into progressing this domain.

* 10 BTC to Wasabi, for building a more end-user accessible solution and larger adoption.



The remainder of the funds is left for future solutions with more ubiquitous impact on the ecosystem.



For those watching, 822f559df14894bd57bdd1ef0ab983228b7816a69d035cc1c5d18fb569ee5e94 is the payout transaction, crediting

several individual contributors directly as requested by the winning projects, and aggregating the remaining bounty funds

into a single UTXO. It is (obviously) a joined transaction, mixed with other transfers.



Congratulations!

-----BEGIN PGP SIGNATURE-----



iQIzBAEBCgAdFiEErGYmFy4AqCz/rolypjbpdjH3Z+AFAlzvMfkACgkQpjbpdjH3

Z+D2Pw/+IXvHLrQ1IuTicPXQgauzgIGV9F9tOZln6cIgduVW3A2nlenw9uSixh/4

rhV+kPUOjLsswEocKA1zt0pxq1QbSbhKaDRq2Rms3CtYfyvnlBTDvd/bdNDWBr2g

9Koc0QRq0ETKnJ7dXlOtwhUcOaWrW2qJMf8TekOPb6b70BSUSZzJe5YfItdLu8YM

KmmJ02GIr+urcTJDT3O6kEUpRBEUEaKcWPCAm+CVMGiKAisuhBnhKb163TKOKuH5

zoBdCHKd9giHB5obrqeaCKtw5Rg1Q7Q7hDRcFgvk5YN11EzqFyJrrHq6cyDxso8T

DsO5sa38+0aEi1ijAElwhX+7Wh5/AyadIaAq57V+9Y4TQCbDd0jhwjSclSMuiTkb

r1S0Zc6HuU0ztJyddguDKIZdUpvuRLCQXH0dUW27eYkt3NMrJTiUzN39fSNaRLDM

ZS8mHga1aUxv3IhNVf1pnDOlSE9kHrPMfaaWhrEFLROi/zz5idb6xeZ8bLIAo76D

YbY2zJ7BN0AMTI/EPX/ArkAU8qITfSwy0C9MDfZfmqeA9iy5eTj1EUSPcvoFPksg

wY+HvBptA+qaekNqmqZPZnGRx34e8QWTOP8r3NQxib2Nep8ycHB9TQXiIMGcxLvg

V3SXBCz7MCfJsKieBtZUaIOfWFzHvKGwPdjn/KoMCcwoE5rnQco=

=6vff

-----END PGP SIGNATURE-----



Amazing, congratulations. At this point in time where we encounter a lot of difficulties in maintaining a little more privacy and individuality in our lives, and in which governments and companies insist on knowing all our steps, it is very important to see successful initiatives like these that seek to offer greater privacy in our lives.



Congrats and thank you all. Amazing, congratulations. At this point in time where we encounter a lot of difficulties in maintaining a little more privacy and individuality in our lives, and in which governments and companies insist on knowing all our steps, it is very important to see successful initiatives like these that seek to offer greater privacy in our lives.Congrats and thank you all.

MagicByt3



Offline



Activity: 658

Merit: 392





<Insert No Fucks Given Here>







Sr. MemberActivity: 658Merit: 392 Re: CoinJoin: Bitcoin privacy for the real world May 30, 2019, 10:07:16 AM #730 Well deserved reward to both parties congratulations to both.

Having tested both wasabi and join market both being relatively simple to use I can see many people adopting the use of them.

"If you don't believe it or don't get it, I don't have the time to try to convince you, sorry". Satoshi Nakamoto

Micky06



Offline



Activity: 9

Merit: 0







NewbieActivity: 9Merit: 0 Re: CoinJoin: Bitcoin privacy for the real world May 30, 2019, 12:01:10 PM #731 Quote from: theymos on May 30, 2019, 03:09:09 AM highly-usable and sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!



For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".





Further work is still necessary toward achieving default-fungibility, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:



- Improvements to make Wasabi more of a complete wallet.

- CoinJoin integration in other wallets, especially Bitcoin Core.

- Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)

- Other research (and, perhaps more importantly, usable products) for improving day-to-day privacy.

Congratulations to the Wasabi and JoinMarket developers! JoinMarket pioneered a lot of CoinJoin science (and BTW, belcher wrote an excellent & comprehensive wiki article on privacy ), while Wasabi is the first wallet that implements CoinJoin in both aand sound way. As both a signer and a donor to the CoinJoin bounty fund, I'm thrilled that these two pieces of software exist!For everyone looking to improve their privacy, I highly recommend checking out Wasabi, especially over centralized "mixers".Further work is still necessary toward achieving, which is IMO the end goal. Even with Wasabi, you need a fair bit of expertise to maintain privacy, and the vast majority of people are using wallets that are terrible privacy-wise. Without intending to say that the bounty fund will reward people for these specific things, I'd personally like to see:- Improvements to make Wasabi more of a complete wallet.- CoinJoin integration in other wallets, especially Bitcoin Core.- Research on doing CoinJoin in decentralized ways. (Wasabi's method is pretty secure, but requires a centralized coordinator.)- Other research (and, perhaps more importantly,) for improving day-to-day privacy.



Here is a solution for your third point:



Just like Bitcoin a CoinJoin wallet should build a network of nodes with a mempool.

It works like this:



Alice wants to coinjoin a transaction so she sends a message to the mempool



In this message it is specified the listening node which is the communication port for Alice plus eventual informations or conditions releted to the coinjoin she wants (maybe she wants to be paid for the coinjoin and she states the fee or she wants to coinjoin with 3 or 4 participants, etc...)



Alice builds a path of nodes to her listening node just like it happens in the lightning network in which every node of the path is only aware of the 2 nodes communicating with it



Alice --> node A --> node B --> node C --> node D --> Alice's listening node



In this example of path node C will only be aware of node B and node D



Bob sees Alice's message on the mempool and decides he wants to coinjoin with Alice



He construct a path to a Bob's listening node just like Alice did



Now the 2 listening nodes talk to each other and through them Alice and Bob communicate in a secure way



They settle the details for the coinjoin, sign it and then send it to the Bitcoin network.



This is not limited to 2 participants, it can be extended to 3 or more and it could become a standard in which every privacy oriented coinjoin wallet participates.



Of course this is far less efficient than a centralized solution but we already know decentralization is inefficient.



Here is a solution for your third point:Just like Bitcoin a CoinJoin wallet should build a network of nodes with a mempool.It works like this:Alice wants to coinjoin a transaction so she sends a message to the mempoolIn this message it is specified the listening node which is the communication port for Alice plus eventual informations or conditions releted to the coinjoin she wants (maybe she wants to be paid for the coinjoin and she states the fee or she wants to coinjoin with 3 or 4 participants, etc...)Alice builds a path of nodes to her listening node just like it happens in the lightning network in which every node of the path is only aware of the 2 nodes communicating with itAlice --> node A --> node B --> node C --> node D --> Alice's listening nodeIn this example of path node C will only be aware of node B and node DBob sees Alice's message on the mempool and decides he wants to coinjoin with AliceHe construct a path to a Bob's listening node just like Alice didNow the 2 listening nodes talk to each other and through them Alice and Bob communicate in a secure wayThey settle the details for the coinjoin, sign it and then send it to the Bitcoin network.This is not limited to 2 participants, it can be extended to 3 or more and it could become a standard in which every privacy oriented coinjoin wallet participates.Of course this is far less efficient than a centralized solution but we already know decentralization is inefficient.

belcher



Offline



Activity: 261

Merit: 328







Sr. MemberActivity: 261Merit: 328 Re: CoinJoin: Bitcoin privacy for the real world June 03, 2019, 01:10:41 PM

Last edit: June 03, 2019, 01:44:59 PM by belcher Merited by theymos (5), suchmoon (4), ETFbitcoin (3), gmaxwell (2) #734



https://www.walletexplorer.com/wallet/CoinJoinMess?from_address=3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk



The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis. Fun fact: because the CoinJoin bounty payout transaction to JoinMarket and Wasabi wallet was itself a coinjoin transaction with specially chosen inputs, the wallet clustering site walletexplorer.com now thinks that the coinjoin bounty address belongs to the largest wallet cluster (which used to be called MtGoxAndOthers and is now called CoinJoinMess)The cluster contains nearly 9 million transactions and over 3.5 million addresses, including of course the CoinJoin bounty multisig address itself. Another demonstration of the fragility of blockchain analysis.

- CoinJoin that people will actually use.

PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129 1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9 JoinMarket - CoinJoin that people will actually use.PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129

RHavar



Offline



Activity: 2128

Merit: 1670









LegendaryActivity: 2128Merit: 1670 Re: CoinJoin: Bitcoin privacy for the real world June 04, 2019, 06:16:30 AM Merited by ETFbitcoin (1) #735 Quote Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that] While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

belcher



Offline



Activity: 261

Merit: 328







Sr. MemberActivity: 261Merit: 328 Re: CoinJoin: Bitcoin privacy for the real world June 04, 2019, 11:13:21 AM Merited by ETFbitcoin (1) #736 Quote from: RHavar on June 04, 2019, 06:16:30 AM Quote Another demonstration of the fragility of blockchain analysis.

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

While I realize you just meant it as a light "fun fact", I think it's worth pointing out that walletexplorer is very primitive and semi? unmaintained -- and you won't be able to trick any serious analysis tool with a coinjoin like that. [Although coinjoins can do an amazing job at tricking them! But you really need the coinjoin to look like a normal transaction for that]

You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.



I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it. You're right that is fairly primitive but many people still use it and it has some influence. During the QuadrigaCX exchange hack affair in early-2019 some people used walletexplorer to find that exchange's hot wallet, some of the transactions go to and from the CoinJoinMess cluster (which then was called MtGoxAndOthers). When this was found a bunch of people were posting that QuadrigaCX was receiving money from MtGox(!) They carried on until they were informed that it's only the coinjoin cluster.I wouldn't say its completely trivial to detect that something is odd with the coinjoin bounty payout. The inputs use multiple address types, but Samourai wallet and Bitcoin Core also sometimes do this so it's not evidence of non-coinjoin behaviour. Also there are many equal-valued outputs, but the transaction doesn't match the style of JoinMarket or Wasabi transactions (there are far more equal-valued outputs than inputs for example). It would definitely be interesting to see what the more developed tools say about it.

- CoinJoin that people will actually use.

PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129 1HZBd22eQLgbwxjwbCtSjhoPFWxQg8rBd9 JoinMarket - CoinJoin that people will actually use.PGP fingerprint: 0A8B 038F 5E10 CC27 89BF CFFF EF73 4EA6 77F3 1129

RHavar



Offline



Activity: 2128

Merit: 1670









LegendaryActivity: 2128Merit: 1670 Re: CoinJoin: Bitcoin privacy for the real world June 04, 2019, 05:57:20 PM Merited by theymos (2), ETFbitcoin (1) #737 Quote from: belcher on June 04, 2019, 11:13:21 AM It would definitely be interesting to see what the more developed tools say about it.



I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.



Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change). Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.



---



If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions. And then (and only then really) you can be cute and do something like a bustapay/p2ep or import/export a reused address output from/to a friend or something.



Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering ).





But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do). I can pretty much guarantee you that it will have zero effect in confusing more advanced tools. I've tested way more complex and advanced things to try trick up analysis, and it's not easy. Sometimes even I'll momentarily fool it, but later it'll "back propagate" (correct term??) information from how the outputs are spent (and associated clustering), to get a better understanding of the transaction. Like I've seen them reliably determine which outputs are change, in settings that should be impossible.Taking bustabit as an example, it does smart partial batching so it frequently sends transactions with: (1 payment, 1 change) and (2 payments, 0 change). Naively they are indistinguishable, but in reality analysis software has proven to have almost no problems distinguishing once it's been able to collect enough information after they're spent.---If you want to trick analysis software, pretty much a prerequisite is reasonably uniform wallet behavior (now is a joke...) and good practices (e.g. avoiding address reuse as much as possible). This will create an environment where there's a lot less "redundancy" (??) in the analysis, such that it has to lean on increasingly fragile assumptions. And then (and only then really) you can be cute and do something like a bustapay/p2ep or import/export a reused address output from/to a friend or something.Now they'll probably realize you broke their models, but it'll be too hard to figure out (short of having law enforcement contact you for help declustering).But yeah, if you just got two very strongly clustered wallets with different behavior and created a single coinjoin between them (even if it was undetectably a coinjoin...) it's not really going to get you anywhere against advanced analysis (although it'll confuse something like walletexplorer, which maybe is something you want to do).