Page 1 of 2

[ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 6:41 am
by domob
As you all know (or at least probably should know), Namecoin suffers the same problems of "pseudonymity instead of anonymity" that Bitcoin does. In particular, it can be very hard to get a balance of coins that can not be linked to you via the exchanges, and in consequence, it is also very hard to register names truly anonymously. On the other hand, the very nature and promise of Namecoin for censorship-resistant domain names makes it desirable to be able to anonymously register sites (for instance, for organising protests / letting the world know about things that the local authorities may not want to be published).

Thus I announce Namecoin CoinJoin via Bitmessage as an experiment: I will be organising CoinJoins where everyone can participate via Bitmessage as anonymous communication channel. For now, I will manually collect the participations and will broker the deals - to gauge interest and get some insights into how it will work out. If it is a success, we could think about implementing an automatic system on top of namecoind and Bitmessage (which could then also be used for Bitcoin and other coins as well!).

How it works:

We will use 1 NMC as the CoinJoin'ed amount, because IMHO it is not too expensive so everyone can afford it, and on the other hand, it can be used to register a name and maintain it for quite some time. What you should do:

1) Create a transaction output of 1.005 NMC (balance plus fees) by sending this amount to some address of yours.

2) Use "listunspent" to locate the output (look for "amount: 1.005") and find its txid and vout.

3) Create a new address (preferrably in a fresh wallet used only via Tor).

4) Send both of them to my Bitmessage address, ideally in two separate messages from separate and freshly created addresses. Or use the chan below as sender (but still use two messages a bit apart in time).

5) Subscribe to my Bitmessage address listed below. When some participations are flowing in, I will announce a deadline broadcasted from my address and posted to the chan. Make sure you have submitted both input and output by then.

6) After the deadline, I will create a raw transaction with all the inputs and outputs received in a random order, sending 1 NMC to the provided output addresses. If there are more fees collected than the transaction needs, I will keep the additional fees and use them as (very small) donation for development of an automatic CoinJoin'er based on this concept.

7) The raw transaction will be broadcasted from my address and posted to the chan. I will also provide all output addresses included in it, so you can quickly see whether yours is part of the transaction. Make sure to check the transaction with "decoderawtransaction" yourself, though.

8) Sign the transaction with "signrawtransaction" and send it back to my address. You can use yet another BM address (or the one sending the input originally) or the chan here.

9) When everyone has signed the transaction, I will broadcast it to the network. Have fun!

Note: The procedure described above is prone to DoS by someone submitting outputs but not inputs, thus the CoinJoin will only work if I receive a matching number of inputs and outputs by the deadline (and if later on everyone signs their inputs). As this is just an experiment, I'll try it like this for now and see if it works. If it doesn't work out, I will try a procedure where I can connect inputs to outputs (but we can prevent this kind of DoS) but no one else can. This is at least a little better than nothing if you trust me, and I won't keep any logs. But of course, the end goal would be to use blinded signatures as in the full CoinJoin proposal. We'll hopefully be there at some point (but not yet). ;)

Addresses:

Private address of mine for handing in inputs/outputs: BM-2cVzDFfKBb7yRmTGhB4pPgYgcv2XxFF8ic

Public chan password: NMC CoinJoin
Public chan address: BM-2cV6QFcbApVffSD23mwor6tQWBTvs42PR4

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 6:41 am
by domob
Reserved, possibly I'll include more detailed examples for the necessary commands here in the future.

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 10:24 am
by virtual_master
This is a good initiative to improve transaction privacy and I consider CoinJoin a more mature concept then Zerocoin(where the trusted seed problem is not solved - which raises major security concerns).
However let me enumerate some concerns with CoinJoin:
- Sybil or DOS attacks which will be difficult to counter
- eventually some legal risks in the future (as it counters Coin Trace, which could be used in the USA after Bitcoin ongoing regulation efforts this year) but not more then by mixers is the case
- technical difficulties to implement properly
- implemented on Bitcoin and on other cryptocurrencies doesn't need Namecoin
------------------------
Let me present another privacy solution:
Coin Control + Merge Avoidance
- the privacy efforts are only on the user side so they are no legal concerns
- easier to implement at least if only Coin Control is implemented - which is already working on some Bitcoin clients like Electrum (in this case the receiver needs to publish more addresses and the sender to split his transaction if he has the coins on more addresses)
- Namecoin IDs could be used if an automatic split transaction is implemented
Receivers publish their Namecoin IDs which have more Bitcoin addresses(Namecoin or other altcoins would work similar).
The senders client must have implemented send coins to Namecoin id which can fetch the addresses and then split the transaction in different parts to avoid emergence between the addresses.
- we could implement first Coin Control and use merge avoidance manually
- implementing automated merge avoidance in the Namecoin client with Namecoin IDs
- propose to be implemented by Bitcoin and other altcoins with Namecoin IDs - where the users have to put more receiving addresses for that Bitcoin/or altcoin
-----------------------------
https://medium.com/p/7f95a386692f

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 10:29 am
by domob
That's an interesting solution, but IMHO not nearly as good as CoinJoin. Coin Control (and Merge Avoidance) help combat linking inputs / addresses together, but I think it doesn't help with the initially mentiond usecase: What if I'm a dissident somewhere and want to get a nice .bit domain for my Tor-hosted website without revealing my identity? Whenever I purchase Namecoins from an exchange, the exchange probably needs to follow KYC/AML laws - and in this case it doesn't help me at all if I use your solution. The authorities could still simply follow back the chain of coins from the name purchase to an address of the exchange and get the operator to hand them my details. No merging of inputs involved at all.

Note that I see the potential in Namecoin mostly in this usecase (names) and not in currency (as there are Bitcoin and altcoins already), so this seems like a critical usecase and not a side case.

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 11:39 am
by virtual_master
domob wrote:That's an interesting solution, but IMHO not nearly as good as CoinJoin. Coin Control (and Merge Avoidance) help combat linking inputs / addresses together, but I think it doesn't help with the initially mentiond usecase: What if I'm a dissident somewhere and want to get a nice .bit domain for my Tor-hosted website without revealing my identity? Whenever I purchase Namecoins from an exchange, the exchange probably needs to follow KYC/AML laws - and in this case it doesn't help me at all if I use your solution. The authorities could still simply follow back the chain of coins from the name purchase to an address of the exchange and get the operator to hand them my details. No merging of inputs involved at all.
Note that I see the potential in Namecoin mostly in this usecase (names) and not in currency (as there are Bitcoin and altcoins already), so this seems like a critical usecase and not a side case.
AML is triggered beginning with a minimal amount of money. To register a Namecoin namespace entry is less then 10 cent necessary at the moment. (however that could be different in the future) By this amount(even by 1000 times higher amount) no altcoin exchange will request an identification. So the AML concern exactly by namespace entry doesn't apply - at least now.
So let's say an Iranian dissident will buy 1 NMC to register 2-3 .bit domains to express an alternative political opinion.
He just needs to open accounts without identification by a Russian, a Chinese, an American and a European altcoin exchange and send his 1 namecoin through them.
It is highly improbable that this exchanges will cooperate with each other for 1 NMC and statistical analysis will be also difficult by this amount.
However I consider CoinJoin a good solution and worth implementing it.
To implement Coin Control in the Namecoin-qt client as first step would be easier and would be useful for both transactions and namespace entries.
If a dissident like in the above case already anonymised 1-2 namecoins but later decides to by 10 more coins he has a better control of them and can avoid better merging anonymised coins with not anonymised coins or avoid merging traces between different anonymised name entries. He can send for ex. 1 NMC to his friend which can have another .bit domain without revealing what .bit domains are under his control.

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Fri Mar 14, 2014 1:48 pm
by domob
Yes, I fully agree. Coin Control is also useful, and as you point out, it should "probably" be enough to send the coins through a series of exchanges with anonymous email addresses. I think we should aim for both in the future, just trying to experiment a bit with CoinJoin here. ;)

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Tue Mar 18, 2014 4:30 pm
by virtual_master
domob wrote:Yes, I fully agree. Coin Control is also useful, and as you point out, it should "probably" be enough to send the coins through a series of exchanges with anonymous email addresses. I think we should aim for both in the future, just trying to experiment a bit with CoinJoin here. ;)
Good idea.
We should also follow how is going forward CoinJoin on Bitcoin.
As I see Shared Coin(CoinJoin implementation on blockchain.info) had some problems and was disabled:
http://www.coindesk.com/blockchain-info ... se-glitch/
https://en.bitcoin.it/wiki/Shared_coin
https://sharedcoin.com/

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Mon May 12, 2014 8:39 am
by biolizard89
virtual_master wrote:
domob wrote:Yes, I fully agree. Coin Control is also useful, and as you point out, it should "probably" be enough to send the coins through a series of exchanges with anonymous email addresses. I think we should aim for both in the future, just trying to experiment a bit with CoinJoin here. ;)
Good idea.
We should also follow how is going forward CoinJoin on Bitcoin.
As I see Shared Coin(CoinJoin implementation on blockchain.info) had some problems and was disabled:
http://www.coindesk.com/blockchain-info ... se-glitch/
https://en.bitcoin.it/wiki/Shared_coin
https://sharedcoin.com/
FYI, I took a grad class last year in which I partially implemented a CoinJoin service using Bitmessage. Maybe I'll pull out that code again sometime. Alternatively, we could look at other implementations such as what Darkcoin is using.

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Mon May 12, 2014 9:41 am
by virtual_master
biolizard89 wrote: FYI, I took a grad class last year in which I partially implemented a CoinJoin service using Bitmessage. Maybe I'll pull out that code again sometime. Alternatively, we could look at other implementations such as what Darkcoin is using.
:) Glad to see you back Jeremy.
That's a good idea.
I think we could use both CoinJoin and Stealth Transactions like in Darkcoin or in some similar way.
Instead Bitmessage could be used to transmit the derivation key encrypted assimetric and stored with the transaction. The public key for the assimetric encryption for that can be taken from the Namecoin ID of the receiver.
The derivation key and the the master private key will be used to generate a bip32 private key by the receiver.
The public master key and the derivation key will be used to generate a bip32 address key by the sender. The public master key could be taken also from the Namecoin ID of the receiver.
Beside of this the sender needs to send a trigger key encrypted with the public key of the receiver and the receiver needs to watch all transactions to find when was triggered a transaction for him.(in which case the private key can be decrypted automatically by the wallet and introduced in his holding coin amount.

Re: [ANN] Namecoin CoinJoin via Bitmessage

Posted: Mon May 12, 2014 9:46 am
by biolizard89
virtual_master wrote:
biolizard89 wrote: FYI, I took a grad class last year in which I partially implemented a CoinJoin service using Bitmessage. Maybe I'll pull out that code again sometime. Alternatively, we could look at other implementations such as what Darkcoin is using.
:) Glad to see you back Jeremy.
That's a good idea.
I think we could use both CoinJoin and Stealth Transactions like in Darkcoin or in some similar way.
Instead Bitmessage could be used to transmit the derivation key encrypted assimetric and stored with the transaction. The public key for the assimetric encryption for that can be taken from the Namecoin ID of the receiver.
The derivation key and the the master private key will be used to generate a bip32 private key by the receiver.
The public master key and the derivation key will be used to generate a bip32 address key by the sender. The public master key could be taken also from the Namecoin ID of the receiver.
Beside of this the sender needs to send a trigger key encrypted with the public key of the receiver and the receiver needs to watch all transactions to find when was triggered a transaction for him.(in which case the private key can be decrypted automatically by the wallet and introduced in his holding coin amount.
Happy to be back. :-) Finished up with the school semester a few hours ago.

At some point we should have a thorough review of the various privacy technologies for Bitcoin-like currencies, and figure out what we want to do for Namecoin. It might be wise to wait for the Zerocash guys to release their stuff; if it's usable for our purposes that would be cool. There's so much innovation going on in the Bitcoin privacy space right now, it's hard to tell what might be obsolete in a year.