public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tony Churyumoff <tony991@gmail.com>
To: James MacWhyte <macwhyte@gmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Hiding entire content of on-chain transactions
Date: Wed, 10 Aug 2016 11:37:37 +0300	[thread overview]
Message-ID: <CAL3p6zpG8dnVju_m0Vh60FcVRywM4r8ymw03Hr4r1sbXgJzEaQ@mail.gmail.com> (raw)
In-Reply-To: <CAH+Axy4J5vsi61eX_w1V=e2DdkttTBsbUcwXdqrgchJ6GXdaow@mail.gmail.com>

> Signed by the key pair that was referenced in the output of the on-chain
> transaction?

Signed by the key pair referenced in the private output.

>  (Bob in my example, actually)

I misread your example.  If it was Bob, then the troll couldn't
generate the correct spend proof because he didn't see the private
output C.  The troll could try to replay the spend proof in the
Alice's transaction as soon as he sees it in the mempool, but then the
spend proof would be signed by the wrong user.

> Doesn't that mean it's easy to
> follow who is paying whom, you just can't see how much is going to reach
> recipient?

Only the recipients of the private outputs can see the previous owners
of the coins they receive (including amounts).  What everybody else
sees, is just meaningless hashes that hide both the recipient of the
coin and the amount.


2016-08-10 7:31 GMT+03:00 James MacWhyte <macwhyte@gmail.com>:
> Signed by the key pair that was referenced in the output of the on-chain
> transaction? (Bob in my example, actually) Doesn't that mean it's easy to
> follow who is paying whom, you just can't see how much is going to reach
> recipient?
>
> On Tue, Aug 9, 2016, 04:40 Tony Churyumoff <tony991@gmail.com> wrote:
>>
>> This troll is harmless.  A duplicate spend proof should also be signed
>> by the same user (Alice, in your example) to be considered a double
>> spend.
>>
>> 2016-08-09 3:18 GMT+03:00 James MacWhyte <macwhyte@gmail.com>:
>> > One more thought about why verification by miners may be needed.
>> >
>> > Let's say Alice sends Bob a transaction, generating output C.
>> >
>> > A troll, named Timothy, broadcasts a transaction with a random hash,
>> > referencing C's output as its spend proof. The miners can't tell if it's
>> > valid or not, and so they include the transaction in a block. Now Bob's
>> > money is useless, because everyone can see the spend proof referenced
>> > and
>> > thinks it has already been spent, even though the transaction that
>> > claims it
>> > isn't valid.
>> >
>> > Did I miss something that protects against this?
>> >


  reply	other threads:[~2016-08-10  8:37 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-08 15:30 [bitcoin-dev] Hiding entire content of on-chain transactions Tony Churyumoff
2016-08-08 15:47 ` Henning Kopp
2016-08-08 16:03   ` Tony Churyumoff
2016-08-08 21:41     ` James MacWhyte
2016-08-08 21:53       ` Peter Todd
     [not found]         ` <CAL3p6zpvv7ph9CJQF6E1VVdwCKKFLNe2EVh=JE=R0Gpt4y=1Tw@mail.gmail.com>
2016-08-10  7:50           ` [bitcoin-dev] Fwd: " Tony Churyumoff
2016-08-08 23:42       ` [bitcoin-dev] " Tony Churyumoff
2016-08-09  0:03         ` James MacWhyte
     [not found]           ` <CAL3p6zr76k1F07dtvxQ8hiOiK_ZvVFBmW=ESYem60udUQmM+Cw@mail.gmail.com>
2016-08-10  7:51             ` [bitcoin-dev] Fwd: " Tony Churyumoff
2016-08-09  0:18         ` [bitcoin-dev] " James MacWhyte
     [not found]           ` <CAL3p6zqdKgkFWSDZYqVERvX2iGyS3qaLZae-kDp3Y-s1rmB2Zg@mail.gmail.com>
2016-08-10  4:31             ` James MacWhyte
2016-08-10  8:37               ` Tony Churyumoff [this message]
2016-08-10  7:53             ` [bitcoin-dev] Fwd: " Tony Churyumoff
2016-08-09  7:26     ` [bitcoin-dev] " Henning Kopp
     [not found]       ` <CAL3p6zqj7bc=qrayBBK=O6p2b2PBNO3n5EMFf_1dR1oMq581hg@mail.gmail.com>
2016-08-10  7:52         ` [bitcoin-dev] Fwd: " Tony Churyumoff

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAL3p6zpG8dnVju_m0Vh60FcVRywM4r8ymw03Hr4r1sbXgJzEaQ@mail.gmail.com \
    --to=tony991@gmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=macwhyte@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox