justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 [Tracker] Stealth Address Support August 04, 2014, 04:02:56 PM

Last edit: September 23, 2014, 05:13:50 PM by justusranvier #1



In order for stealth addresses to be useful, it's necessary for Bitcoin clients to support sending funds to them, even if those clients do not support receiving funds via a stealth address.



To accelerate this process, anyone who would like to see stealth addresses become a standard feature of the Bitcoin landscape should ask the developers of their wallets they use to support at least sending to stealth addresses. Since in some cases the developers may be reluctant to add this feature and may be unwilling (or unable) to explain why, asking them in a public forum is best so that their answer - or refusal to answer - is also public.



Please feel free to create feature requests, etc for clients that aren't in this list and link them in this thread so I can add them to this post.



sx

Status: supports sending and receiving



http://sx.dyne.org/stealth.html



Dark Wallet

Status: supports sending and receiving



https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth



Electrum

Status: Sending support: : https://github.com/spesmilo/electrum/pull/817



Bitcore

Status: Sending support : https://twitter.com/ryanxcharles/status/514224778052243456



https://gist.github.com/ryanxcharles/1c0f95d0892b4a92d70a

https://github.com/ryanxcharles/bitcore2/blob/master/lib/expmt/stealthmessage.js

https://github.com/ryanxcharles/bitcore2/blob/master/lib/expmt/stealthaddress.js



btcwallet

Status: interested, no immediate plans : https://github.com/conformal/btcwallet/issues/90



airBitz

Status: "very interested", no immediate plans https://twitter.com/anonymouscoin/status/496513836133154816



Mycelium

Status: Tentatively interested: https://twitter.com/MyceliumCom/status/500327004022243328



Coinkite

Status: "at some point": https://twitter.com/Coinkite/status/509489249826373632



Armory

Status: no official comment : https://github.com/etotheipi/BitcoinArmory/issues/226



Blockchain

Status: unknown



Bitcoin-Qt

Status: unknown



Multibit

Status: unknown



Coinbase

Status: unknown



This thread is to track the progress of stealth address support in various Bitcoin clients.In order for stealth addresses to be useful, it's necessary for Bitcoin clients to support sending funds to them, even if those clients do not support receiving funds via a stealth address.To accelerate this process, anyone who would like to see stealth addresses become a standard feature of the Bitcoin landscape should ask the developers of their wallets they use to support at least sending to stealth addresses. Since in some cases the developers may be reluctant to add this feature and may be unwilling (or unable) to explain why, asking them in a public forum is best so that their answer - or refusal to answer - is also public.Please feel free to create feature requests, etc for clients that aren't in this list and link them in this thread so I can add them to this post.: unknown: unknown: unknown: unknown

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 04:44:19 PM #2



Quote 2014-08-04T16:12:34 <@jrick>I marked the issue as low prio for now since there are just other things that need to happen first, but I would like to see support for it in btcwallet From IRC:

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4301









StaffLegendaryActivity: 3178Merit: 4301 Re: [Tracker] Stealth Address Support August 04, 2014, 04:47:06 PM #3



New address types should not see widespread use without extensive review for cryptographic and privacy weaknesses and functionality footguns. This really needs a clear specification. Petertodd claimed to be working on a BIP and reserved a number but hasn't proposed any text. https://github.com/bitcoin/bips/blob/master/bip-0063.mediawiki New address types should not see widespread use without extensive review for cryptographic and privacy weaknesses and functionality footguns. This really needs a clear specification.

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 04:57:57 PM #5 In addition, stealth addresses only need to be better than the current standard of "publish a static address that anyone can look up in blockchain.info" in order to represent an improvement. The only thing they could possibly get wrong and be worse than what we have now is leak private keys.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4301









StaffLegendaryActivity: 3178Merit: 4301 Re: [Tracker] Stealth Address Support August 04, 2014, 05:13:01 PM #6 There are a great many things that can be done wrong including the fact that a poorly done reusable-address proposal can preclude adoption of a good and usable one ("We've already got that, low priority to add another one", "We're not going to spent time on that as you can see it's not widely used"). An early flaw was already avoided where it would be incompatible with having a third party scan for you or hardware wallets... lots of stuff to possibly get wrong in this space.



Already we seem to have not learned from the experience with this kind of address in Bytecoin/Monero/etc. Payment IDs are an important feature but also a usability challenge with the way they're implemented in BCN/XMR/.... Right now with the way dark wallet implements this if you ask two different parties to pay you with the same address and only one of them does, you cannot tell which one paid you.

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 05:16:34 PM #7 Quote from: gmaxwell on August 04, 2014, 05:13:01 PM Already we seem to have not learned from the experience with this kind of address in the Bytecoin/Monero space the payment IDs are an important feature but also a usability challenge with the way they're implemented there. Right now with the way dark wallet implements this if you ask two different parties to pay you with the same address and only one of them does, you cannot tell which one paid you. I don't think stealth addresses are ever going to be appropriate for anything other than online tip jars. They do a great job in that role.



If you want to know who has paid you, then you should give them an xpub specific to them and let them use that from that point on.



See my comment on this gist:

https://gist.github.com/ryanxcharles/1c0f95d0892b4a92d70a

I don't think stealth addresses are ever going to be appropriate for anything other than online tip jars. They do a great job in that role.If you want to know who has paid you, then you should give them an xpub specific to them and let them use that from that point on.See my comment on this gist:

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 05:21:27 PM #8 Maybe they need to be renamed to "tip addresses" or something to make sure people don't use them in situations where they are not appropriate.

genjix



Offline



Activity: 1232

Merit: 1000







LegendaryActivity: 1232Merit: 1000 Re: [Tracker] Stealth Address Support August 04, 2014, 06:34:27 PM #9



http://sx.dyne.org/stealth.html



for anonymity I don't want people to differentiate payments sent to me. If it's needed you can already shard payments by grinding the prefix to differentiate.



I prefer a simple proposal that does one thing rather than trying to second guess every possible future use case we're not aware of yet. It's the UNIX philosophy: Hi, sx supports stealth. I wrote these commands to aid developers as a debugging tool:for anonymity I don't want people to differentiate payments sent to me. If it's needed you can already shard payments by grinding the prefix to differentiate. https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth#Comparing_prefixes I prefer a simple proposal that does one thing rather than trying to second guess every possible future use case we're not aware of yet. It's the UNIX philosophy: https://en.wikipedia.org/wiki/Worse_is_better

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 06:39:16 PM #10 Quote from: gmaxwell on August 04, 2014, 05:13:01 PM Already we seem to have not learned from the experience with this kind of address in Bytecoin/Monero/etc. Payment IDs are an important feature but also a usability challenge with the way they're implemented in BCN/XMR/.... Right now with the way dark wallet implements this if you ask two different parties to pay you with the same address and only one of them does, you cannot tell which one paid you. How is this any different than the problem we have right now without stealth addresses?



1) Some merchant uses a blockchain.info wallet containing a single address to accept payments (yes, people really do this).

2) They give the address to two customers.

3) Only one customer pays.

4) Merchant doesn't know which customer paid without asking them.



It doesn't make sense to delay stealth addresses because they don't solve every problem. How is this any different than the problem we have right now without stealth addresses?1) Some merchant uses a blockchain.info wallet containing a single address to accept payments (yes, people really do this).2) They give the address to two customers.3) Only one customer pays.4) Merchant doesn't know which customer paid without asking them.It doesn't make sense to delay stealth addresses because they don't solveproblem.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4301









StaffLegendaryActivity: 3178Merit: 4301 Re: [Tracker] Stealth Address Support August 04, 2014, 06:50:25 PM #11 Quote from: justusranvier on August 04, 2014, 06:39:16 PM Quote from: gmaxwell on August 04, 2014, 05:13:01 PM Already we seem to have not learned from the experience with this kind of address in Bytecoin/Monero/etc. Payment IDs are an important feature but also a usability challenge with the way they're implemented in BCN/XMR/.... Right now with the way dark wallet implements this if you ask two different parties to pay you with the same address and only one of them does, you cannot tell which one paid you. How is this any different than the problem we have right now without stealth addresses?



1) Some merchant uses a blockchain.info wallet containing a single address to accept payments (yes, people really do this).

2) They give the address to two customers.

3) Only one customer pays.

4) Merchant doesn't know which customer paid without asking them.



It doesn't make sense to delay stealth addresses because they don't solve every problem.

How is this any different than the problem we have right now without stealth addresses?1) Some merchant uses a blockchain.info wallet containing a single address to accept payments (yes, people really do this).2) They give the address to two customers.3) Only one customer pays.4) Merchant doesn't know which customer paid without asking them.It doesn't make sense to delay stealth addresses because they don't solveproblem.



"Stealth addresses" as currently proposed break what already works pretty severely using a different address per user makes scanning have a quadratic cpu costs in the number of payments you receive. Bytecoin/monero/etc. have payment IDs which address the issue, though the don't have a way to serialize them with the address so they get accidentally left out a lot, which seems like an easy-to-address shortcoming.



Making stealth addresses "tip jar only" makes them far less interesting. There is no reason that all payments couldn't be done with this kind of address assuming it was well constructed, and users would be much less private if only a narrow usecase uses them. Virtually all merchants (and, by definition, all competent merchants) use unique addresses in Bitcoin. This is widely supported, widely practiced, etc. The fact that you can screw it up and a few people do is no excuse to make an uncommon mistake mandatory."Stealth addresses" as currently proposed break what already works pretty severely using a different address per user makes scanning have a quadratic cpu costs in the number of payments you receive. Bytecoin/monero/etc. have payment IDs which address the issue, though the don't have a way to serialize them with the address so they get accidentally left out a lot, which seems like an easy-to-address shortcoming.Making stealth addresses "tip jar only" makes them far less interesting. There is no reason that all payments couldn't be done with this kind of address assuming it was well constructed, and users would be much less private if only a narrow usecase uses them.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4301









StaffLegendaryActivity: 3178Merit: 4301 Re: [Tracker] Stealth Address Support August 04, 2014, 06:58:07 PM #12 Quote from: uvwvj on August 04, 2014, 05:29:19 PM On the Payment Ids issue - if 2 people are sending to me anonymously why not create a "satoshi" string at the end.

For example

Justus owes me 1 BTC as does you for a service -

I work with Justus and have him send me 1.00001234 string and gmaxwell is 1.00001235

Thats pretty inefficient and not very private. It would be straightforward enough to just allow a suffix on addresses e.g.



B123456789BCDFG-00001 and encrypt the suffix using the negotiated ephemeral key and include it in the aux data. Thats pretty inefficient and not very private. It would be straightforward enough to just allow a suffix on addresses e.g.B123456789BCDFG-00001 and encrypt the suffix using the negotiated ephemeral key and include it in the aux data.

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support August 04, 2014, 06:58:17 PM #13 Quote from: gmaxwell on August 04, 2014, 06:50:25 PM There is no reason that all payments couldn't be done with this kind of address assuming it was well constructed, and users would be much less private if only a narrow usecase uses them. So the entire Bitcoin ecosystem should wait around for your NIH solution to be ready instead of taking advantage of the immediate improvement that's available right now? So the entire Bitcoin ecosystem should wait around for your NIH solution to be ready instead of taking advantage of the immediate improvement that's available right now?

genjix



Offline



Activity: 1232

Merit: 1000







LegendaryActivity: 1232Merit: 1000 Re: [Tracker] Stealth Address Support August 04, 2014, 07:03:13 PM #14 can you explain payment ids? how do users make sense of the data?



say a website posts a single address, users send payments to it... at some point the user has to send something to the website so they know which payment is which... why don't they just transmit the decrypted shared secret that only the sender should have? that way the website knows it was them that sent the payment.



or if the website sends a nonce to the user so they can make repeating payments then the website can issue the same stealth address but with different prefixes for each user. that makes it highly efficient for the website to receive payments by scanning a single stealth address and separating based on their stealth_prefix into different users.

laurentmt



Offline



Activity: 386

Merit: 251







Sr. MemberActivity: 386Merit: 251 Re: [Tracker] Stealth Address Support August 05, 2014, 04:18:47 PM #16 Quote from: gmaxwell on August 04, 2014, 06:50:25 PM "Stealth addresses" as currently proposed break what already works pretty severely using a different address per user makes scanning have a quadratic cpu costs in the number of payments you receive. Bytecoin/monero/etc. have payment IDs which address the issue, though the don't have a way to serialize them with the address so they get accidentally left out a lot, which seems like an easy-to-address shortcoming.

Seems to me that the payment protocol solves this problem. The merchant should look for tx(s) received in Payment messages, not for stealth payments. Seems to me that the payment protocol solves this problem. The merchant should look for tx(s) received in Payment messages, not for stealth payments.

BurtW



Offline



Activity: 2604

Merit: 1078



All paid signature campaigns should be banned.







LegendaryActivity: 2604Merit: 1078All paid signature campaigns should be banned. Re: [Tracker] Stealth Address Support September 18, 2014, 03:25:47 PM #18 If I want to actually use a stealth address right now, for example publish one in my signature, what are my options?



If I were to publish a stealth address in my signature would anyone be able send me BTC?



Has the specification been completed or are the details still being hashed out? If there is a specification where can it be found?



I obviously really like this idea and I just want to get a sense of where we are at on it and learn more about the technical details with an eye to contributing in some way.



Privacy/fungibility is a hot topic item for me. I am a very experienced programmer (>30 years of experienced) with very good cryptographic and Bitcoin knowledge. Where is the most effective and current work being done on this idea? In other words, where would I go to be most effective in my contributions? Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!

justusranvier



Offline



Activity: 1400

Merit: 1006









LegendaryActivity: 1400Merit: 1006 Re: [Tracker] Stealth Address Support September 18, 2014, 03:33:13 PM #19 Quote from: BurtW on September 18, 2014, 03:25:47 PM If I want to actually use a stealth address right now, for example publish one in my signature, what are my options?



If I were to publish a stealth address in my signature would anyone be able send me BTC? Right now I believe you'd have to be using Dark Wallet to receive stealth address payments.



Also, only Dark Wallet is capable of sending to stealth addresses, but as noted above at least one other client is actively working to implement DW-compatible stealth addresses



Quote from: BurtW on September 18, 2014, 03:25:47 PM Has the specification been completed or are the details still being hashed out? If there is a specification where can it be found?

It's complete enough to be implemented in Dark Wallet (which Works For Me, despite it's scary alpha warning)



This the only documentation I know of:



https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth



Right now I believe you'd have to be using Dark Wallet to receive stealth address payments.Also, only Dark Wallet is capable of sending to stealth addresses, but as noted above at least one other client is actively working to implement DW-compatible stealth addressesIt's complete enough to be implemented in Dark Wallet (which Works For Me, despite it's scary alpha warning)This the only documentation I know of: