From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VrAwQ-0007Oa-DF for bitcoin-development@lists.sourceforge.net; Thu, 12 Dec 2013 18:24:54 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.178 as permitted sender) client-ip=209.85.214.178; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f178.google.com; Received: from mail-ob0-f178.google.com ([209.85.214.178]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1VrAwO-000360-Ex for bitcoin-development@lists.sourceforge.net; Thu, 12 Dec 2013 18:24:54 +0000 Received: by mail-ob0-f178.google.com with SMTP id uz6so833469obc.37 for ; Thu, 12 Dec 2013 10:24:47 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.60.51.161 with SMTP id l1mr1390467oeo.69.1386872687016; Thu, 12 Dec 2013 10:24:47 -0800 (PST) Sender: mh.in.england@gmail.com Received: by 10.76.92.72 with HTTP; Thu, 12 Dec 2013 10:24:46 -0800 (PST) In-Reply-To: References: Date: Thu, 12 Dec 2013 10:24:46 -0800 X-Google-Sender-Auth: XpUUmB9HabKsX-tofoZ40Bsa5yw Message-ID: From: Mike Hearn To: Paul Rabahy Content-Type: multipart/alternative; boundary=001a11c2f3ecdbc17b04ed5a755f X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: doubleclick.net] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1VrAwO-000360-Ex Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Merge avoidance and P2P connection encryption X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Dec 2013 18:24:54 -0000 --001a11c2f3ecdbc17b04ed5a755f Content-Type: text/plain; charset=UTF-8 I think the right way to integrate BIP32 and BIP70 would be to specify output scripts as normal for backwards compatibility, and then allow each output to have an additional xpubkey and iteration count field. The iteration counts could be unsigned. Unfortunately to add data that isn't signed requires a backwards incompatible change to the protocol :( There isn't currently any area that isn't covered by the signature. We would have to add one, and then have a matching array of iteration counts for each xpubkey that was specified in the output. I wonder if we should make a last minute change to BIP70 before wallets have shipped and merchant support starts, something like message PaymentRequest { optional byte unsigned_data = 6; } that would be deleted like the signature is before reserialization. On Thu, Dec 12, 2013 at 9:28 AM, Paul Rabahy wrote: > First off, nice article. Very clear and informative. > > I don't know if this is the best place to post this, but it seems related > to me. > > As more wallets implement BIP32, I believe that bitcoin wallets should > begin to encourage people to use > https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#recurrent-business-to-business-transactions-mi0style address instead of traditional addresses. In the end, this would > improve privacy because users never need to merge coin if they had one of > these "super addresses". > > In addition, "super addresses" would fit nicely into BIP70. Right now, the > PaymentDetails message allows the merchant to provide multiple outputs. If > instead the PaymentDetails provide 1 traditional output (for reverse > compatibility) and 1 "super address", the payment could be broken into as > many pieces as is needed to match unspent outputs already in the customers > wallet. Finally, the refund_to address in Payment could also be upgraded to > a "super address" to enhance privacy there. > > I am not sure if there is a large memory requirement for "super > addresses", but to me, it seems that a lot of these privacy enhancing > possibilities will be simple to implement once BIP32 is widely deployed. > > > On Thu, Dec 12, 2013 at 11:03 AM, Mike Hearn wrote: > >> I wrote an article intended for a broad/non-developer audience on a few >> Bitcoin privacy topics: >> >> - P2P connection encryption >> - Address re-use/payment protocol >> - CoinJoin and merge avoidance >> >> I don't think there's anything much new here for people who were involved >> with the BIP70 design discussions, but it may prove a useful resource when >> talking about privacy features in the payment protocol. Specifically the >> ability to request multiple outputs and submit multiple transactions that >> satisfy them. The article elaborates on how to use that feature to achieve >> some useful privacy outcomes. >> >> I also analyze what using SSL for P2P connections would buy us and what >> it wouldn't. >> >> https://medium.com/p/7f95a386692f >> >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most IT >> organizations don't have a clear picture of how application performance >> affects their revenue. With AppDynamics, you get 100% visibility into your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics >> Pro! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk >> _______________________________________________ >> Bitcoin-development mailing list >> Bitcoin-development@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development >> >> > --001a11c2f3ecdbc17b04ed5a755f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I think the right way to integrate BIP32 and BIP70 would b= e to specify output scripts as normal for backwards compatibility, and then= allow each output to have an additional xpubkey and iteration count field.= The iteration counts could be unsigned.

Unfortunately to add data that isn't signed requires a b= ackwards incompatible change to the protocol :( There isn't currently a= ny area that isn't covered by the signature. We would have to add one, = and then have a matching array of iteration counts for each xpubkey that wa= s specified in the output.

I wonder if we should make a last minute change to BIP7= 0 before wallets have shipped and merchant support starts, something like

message PaymentRequest {
=C2=A0 optional = byte unsigned_data =3D 6;
}

that would be deleted like the signature is= before reserialization.



On Thu, Dec 12, 2013 at 9:28 AM, Paul= Rabahy <prabahy@gmail.com> wrote:
First off, nice articl= e. Very clear and informative.

I don't know if this is the best = place to post this, but it seems related to me.

As more wallets implement BIP32, I believe that bitcoin wallets should = begin to encourage people to use https://github.com/bitcoin/bips/blob/master/bip-003= 2.mediawiki#recurrent-business-to-business-transactions-mi0 style addre= ss instead of traditional addresses. In the end, this would improve privacy= because users never need to merge coin if they had one of these "supe= r addresses".

In addition, "super addresses" would fit nicely into BIP70. R= ight now, the PaymentDetails message allows the merchant to provide multipl= e outputs. If instead the PaymentDetails provide 1 traditional output (for = reverse compatibility) and 1 "super address", the payment could b= e broken into as many pieces as is needed to match unspent outputs already = in the customers wallet. Finally, the refund_to address in Payment could al= so be upgraded to a "super address" to enhance privacy there.

I am not sure if there is a large memory requirement for "su= per addresses", but to me, it seems that a lot of these privacy enhanc= ing possibilities will be simple to implement once BIP32 is widely deployed= .


On Thu, Dec 12, 2013 at 11:03 AM, Mike Hearn <mike@plan99.ne= t> wrote:
I wrote an article intended for a broad/non-developer audi= ence on a few Bitcoin privacy topics:

- P2P connection e= ncryption
- Address re-use/payment protocol
- CoinJoin = and merge avoidance

I don't think there's anything much new here fo= r people who were involved with the BIP70 design discussions, but it may pr= ove a useful resource when talking about privacy features in the payment pr= otocol. Specifically the ability to request multiple outputs and submit mul= tiple transactions that satisfy them. The article elaborates on how to use = that feature to achieve some useful privacy outcomes.

I also analyze what using SSL for P2P connections would= buy us and what it wouldn't.


-----------------------------------------------------------= -------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance=
affects their revenue. With AppDynamics, you get 100% visibility into your<= br> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynami= cs Pro!
http://pubads.g.doubleclick.net/gam= pad/clk?id=3D84349831&iu=3D/4140/ostg.clktrk
___________________= ____________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment



--001a11c2f3ecdbc17b04ed5a755f--