public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] Way to tell that transaction was issued by a specific person/company
@ 2013-08-23  6:26 Maciej Trebacz
  2013-08-23  6:55 ` Gregory Maxwell
  0 siblings, 1 reply; 2+ messages in thread
From: Maciej Trebacz @ 2013-08-23  6:26 UTC (permalink / raw)
  To: bitcoin-development

[-- Attachment #1: Type: text/plain, Size: 2013 bytes --]

As far as I know current Bitcoin protocol doesn't let you to include any
arbitrary data with the transactions (as it would become non-standard and
clients would not relay it). So if you have multiple addresses you can't
sign them with a single private key and include that signature in the
transaction so other party can verify it against your public key. This
could become very handy though - a reputable wallet service could issue
transactions that require zero confirmations from the other party,
because with the added signature they know that the transaction is from
this reputable service and they trust that this service won't try to double
spend. I'm thinking of something like Mt.Gox's "green address", but baked
into protocol (Mt.Gox does this by sending your funds to some known by the
others Bitcoin address and then relaying them to the final destination).

Do you think it's possible/feasible to add a feature like this to the
current protocol without forking the chain? This could be as simple as
adding support for following scripts:

<data block> OP_DROP OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECK
<data block> OP_DROP OP_HASH160 <pubKeyHash> OP_EQUAL

The <data block> should not be longer than 34 bytes (or more, depending if
we want to have some room for future use cases). This is all that needs to
be changed in the Bitcoin client. Now for actually using the feature a
further definition of <data block> is required:

22 AC 20 <32 byte signature>

22 is data block length and "AC 20" is just a sub-opcode that can be either
defined by the protocol (in this case I'm reusing OP_CHECKSIG's opcode but
that's not required since this is all part of data block) or just agreed
upon between people that want to use this feature.

It's possible that the above could be achieved in some simpler way using
other opcodes or mechanisms present in Bitcoin protocol that I'm not aware
of. Either way, I'd like to hear your opinions whether a feature like this
should be considered and added.

[-- Attachment #2: Type: text/html, Size: 2313 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Bitcoin-development] Way to tell that transaction was issued by a specific person/company
  2013-08-23  6:26 [Bitcoin-development] Way to tell that transaction was issued by a specific person/company Maciej Trebacz
@ 2013-08-23  6:55 ` Gregory Maxwell
  0 siblings, 0 replies; 2+ messages in thread
From: Gregory Maxwell @ 2013-08-23  6:55 UTC (permalink / raw)
  To: Maciej Trebacz; +Cc: Bitcoin Development

On Thu, Aug 22, 2013 at 11:26 PM, Maciej Trebacz <maciej@bitalo.com> wrote:
> So if you have multiple addresses you can't
> sign them with a single private key and include that signature in the
> transaction so other party can verify it against your public key. This could
> become very handy though - a reputable wallet service could issue
> transactions that require zero confirmations from the other party, because
> with the added signature they know that the transaction is from this
> reputable service and they trust that this service won't try to double
> spend. I'm thinking of something like Mt.Gox's "green address", but baked
> into protocol (Mt.Gox does this by sending your funds to some known by the
> others Bitcoin address and then relaying them to the final destination).
>
> Do you think it's possible/feasible to add a feature like this to the

It's feasible to do such things but I believe highly undesirable.
You're taking data which is inherently only of short term interest to
a single party in the whole world (the receiver) and enlarging the
transaction and increasing the effective transaction fees while
forcing (say) a hundred thousand other parties to spend effort
transmitting it, processing it, and storing it for all time.

While doing so you also leak to the whole world— who would have
previously had no way or reason to know— who the identity of one of
the parties in the transaction is in a strong cryptographically
non-reputable way... which then lowers the privacy of everyone in the
transaction graph region of that transaction since some coercive force
could send some ninjas out to bust some kneecaps of the identified
party until they tell them where those coins came from and where they
went. If you observe section 10 of Bitcoin.pdf you can see that
privacy in Bitcoin is based _exclusively_ on using pseudonymous
identities on every transaction. If you break that, you remove privacy
from Bitcoin, leaving it at a competitive disadvantage to centeralized
payment systems, which all provide pretty good basic privacy (against
most criminals and nosy neighbors) as a core feature.

Instead: You can simply perform this transaction using the payment
protocol, which could provide along all sorts of additional metadata
including signatures from the relevant parties.  By doing this, only
the parties that need to learn something learn something: privacy is
preserved and bloat is avoided.

If the payment protocol is too heavy handed for you, simply giving the
user a signmessaged txid can show a promise to pay for a transaction
without highly public communication.



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-08-23  6:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-23  6:26 [Bitcoin-development] Way to tell that transaction was issued by a specific person/company Maciej Trebacz
2013-08-23  6:55 ` Gregory Maxwell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox