Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Secure Payments to Users by Name  (Read 2555 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

Secure Payments to Users by Name
« on: May 23, 2014, 08:51:32 PM »

Given we have a name system in the blockchain that allows you to know the public key of user A.   We can use DH ECC to generate a unique receiving address for user A as so.

Create TempPrivateKey   TEMP.PRIVATE_KEY
TEMP.PRIVATE_KEY * USER.PUBLIC_KEY => SECRET  => ONE_TIME_PRIVATE_KEY => ONE_TIME_ADDRESS

Send a transaction that pays to ONE_TIME_ADDRESS and attaches TEMP.PUBLIC_KEY

Every client on the network will be able to perform the following operation:

USER.PRIVATE_KEY * TEMP.PUBLIC_KEY => SECRET => ONE_TIME_PRIVATE_KEY

If ONE_TIME_PRIVATE_KEY is the one that controls ONE_TIME_ADDRESS  then user will immediately spend the funds from ONE_TIME_ADDRESS to NEW_ADDRESS because the sender retains the ability to cancel the transaction. 


The plus side of this is:
  a) no need to exchange addresses
  b) ability to encode a message and 'from' data into the transaction
  c) the receiver is anonymous to everyone but the sender
  d) potential to cancel/retract a transfer if it is not accepted in a timely manner.
  e) simplifies accounting in the wallet
  f) generates higher fees and dividends

The downside to this:
  a) Uses more space in the blockchain
  b) Requires two transactions
  c) Results in higher fees


Discuss...

Single Transaction Variation

Given an extended public key + index  you can generate a child public key.    If I have the extended private key + index then I can generate the corresponding child private key. 

So we can use the same process as above.

TEMP_PRIVATE_KEY * EXTENDED_PUBLIC_KEY => SECRET
EXTENDED_PUBLIC_KEY.child( SECRET ) =>  RECEIVER_PUBLIC_KEY => RECEIVER_ADDRESS

You then broadcast a transaction that includes TEMP_PUBLIC_KEY + RECEIVER_ADDRESS
The receiver then does the following:

TEMP_PUBLIC_KEY * EXTENDED_PRIVATE_KEY => SECRET
EXTENDED_PRIVATE_KEY.child( SECRET ) => RECEIVER_PRIVATE_KEY => RECEIVER_PUBLIC_KEY => RECIEVER_ADDRESS

Only the receiver has the private key and only the sender & receiver know SECRET and thus the transactions are entirely unlink able.

This process would only expand the transaction size by 33 bytes and allow people to transact entirely by name with automatic unique addresses for every transaction. 

This is a variation on: http://www.coindesk.com/stealth-addresses-secret-bitcoin-privacy   that leverages the name system to solve the first part of the problem.
« Last Edit: May 25, 2014, 06:14:51 PM by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline toast

Re: Secure Payments to Users by Name
« Reply #1 on: May 23, 2014, 08:58:55 PM »
ECDSA is literally magic. There should be a "programming pearls" just for ECDSA algebra.
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12337
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Secure Payments to Users by Name
« Reply #2 on: May 24, 2014, 01:00:29 AM »
As i get it this is basically the idea of bitcoins stealth addreses with usernames ... very cool
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12337
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Secure Payments to Users by Name
« Reply #3 on: May 24, 2014, 01:52:29 AM »
The plus side of this is:
  a) no need to exchange addresses
  b) ability to encode a message and 'from' data into the transaction
  c) the receiver is anonymous to everyone but the sender
  d) potential to cancel/retract a transfer if it is not accepted in a timely manner.
  e) simplifies accounting in the wallet
this is so cool ..
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline luckybit

Re: Secure Payments to Users by Name
« Reply #4 on: May 24, 2014, 07:38:18 AM »
Given we have a name system in the blockchain that allows you to know the public key of user A.   We can use DH ECC to generate a unique receiving address for user A as so.

Create TempPrivateKey   TEMP.PRIVATE_KEY
TEMP.PRIVATE_KEY * USER.PUBLIC_KEY => SECRET  => ONE_TIME_PRIVATE_KEY => ONE_TIME_ADDRESS

Send a transaction that pays to ONE_TIME_ADDRESS and attaches TEMP.PUBLIC_KEY

Every client on the network will be able to perform the following operation:

USER.PRIVATE_KEY * TEMP.PUBLIC_KEY => SECRET => ONE_TIME_PRIVATE_KEY

If ONE_TIME_PRIVATE_KEY is the one that controls ONE_TIME_ADDRESS  then user will immediately spend the funds from ONE_TIME_ADDRESS to NEW_ADDRESS because the sender retains the ability to cancel the transaction. 


The plus side of this is:
  a) no need to exchange addresses
  b) ability to encode a message and 'from' data into the transaction
  c) the receiver is anonymous to everyone but the sender
  d) potential to cancel/retract a transfer if it is not accepted in a timely manner.
  e) simplifies accounting in the wallet
  f) generates higher fees and dividends

The downside to this:
  a) Uses more space in the blockchain
  b) Requires two transactions
  c) Results in higher fees


Discuss...

 +5%

If it is secure then it's excellent. If this feature exists make sure it has good marketing behind it so it's not a hidden feature like with some of Bitcoin's features.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline bytemaster

Re: Secure Payments to Users by Name
« Reply #5 on: May 24, 2014, 07:40:59 PM »
I was talking with Toast in the car on the way to Subway for lunch and came up with an entirely secure, single-transaction, mode of operation.  It is so incredibly simple I could not believe I didn't think of it from the beginning.

Every name can register a single extended public key that allows people to derive public keys from it.  Extended public keys are twice the size of normal public keys.   

Given an extended public key + index  you can generate a child public key.    If I have the extended private key + index then I can generate the corresponding child private key. 

So we can use the same process as above.

TEMP_PRIVATE_KEY * EXTENDED_PUBLIC_KEY => SECRET
EXTENDED_PUBLIC_KEY.child( SECRET ) =>  RECEIVER_PUBLIC_KEY => RECEIVER_ADDRESS

You then broadcast a transaction that includes TEMP_PUBLIC_KEY + RECEIVER_ADDRESS
The receiver then does the following:

TEMP_PUBLIC_KEY * EXTENDED_PRIVATE_KEY => SECRET
EXTENDED_PRIVATE_KEY.child( SECRET ) => RECEIVER_PRIVATE_KEY => RECEIVER_PUBLIC_KEY => RECIEVER_ADDRESS

Only the receiver has the private key and only the sender & receiver know SECRET and thus the transactions are entirely unlink able.

This process would only expand the transaction size by 33 bytes and allow people to transact entirely by name with automatic unique addresses for every transaction. 


For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline toast

Re: Secure Payments to Users by Name
« Reply #6 on: May 24, 2014, 07:52:55 PM »
Quote
Only the receiver has the private key and only the sender & receiver know SECRET and thus the transactions are entirely unlink able.

To be clear, the transaction in/out is still inked, just the addresses are not linked to names even though the user sees it as "send X to Name" (only sender and receiver have info to connect the address to the name).
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline bytemaster

Re: Secure Payments to Users by Name
« Reply #7 on: May 24, 2014, 08:16:48 PM »
Quote
Only the receiver has the private key and only the sender & receiver know SECRET and thus the transactions are entirely unlink able.

To be clear, the transaction in/out is still inked, just the addresses are not linked to names even though the user sees it as "send X to Name" (only sender and receiver have info to connect the address to the name).

More than that if you send 3 payments to the same name no one can tell the payments are linked.  This means that if you have three unspent outputs in your wallet, you can send 3 separate transactions to that name and no one will be able to tell that the funds moved.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

clout

  • Guest
Re: Secure Payments to Users by Name
« Reply #8 on: May 24, 2014, 08:22:25 PM »
absolute genius

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12337
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Secure Payments to Users by Name
« Reply #9 on: May 24, 2014, 09:13:36 PM »
absolute genius
we nees to proberly market this feature in the next newsletter!!!!!!!
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline liondani

Re: Secure Payments to Users by Name
« Reply #10 on: May 25, 2014, 08:47:20 AM »
absolute genius
we nees to proberly market this feature in the next newsletter!!!!!!!

+ 5

Sent from my ALCATEL ONE TOUCH 997D using Tapatalk

  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline bytemaster

Re: Secure Payments to Users by Name
« Reply #11 on: May 25, 2014, 01:27:30 PM »
While laying in bed this morning I had a flash of insight on how to significantly reduce the size of the signatures that prove who a payment is from.

Given Public Information (in blockchain):
Quote
dan => DANS_EXT_PUBLIC_KEY
scott => SCOTTS_EXT_PUBLIC_KEY

Assuming scott wants to send dan a payment anonymously, yet wants dan to know it is from him.

Quote
scott:  Generate OneTimePrivateKey  & OneTimePublicKey Pair
scott:  OneTimePrivateKey * DANS_EXT_PUBLIC_KEY => SECRET
                                        DANS_EXT_PUBLIC_KEY.child( SECRET ) => RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS
scott:  RECEIVE_PUBLIC_KEY * SCOTTS_EXT_PRIVATE_KEY => CHECK_SECRET
                                                                                    => SHORT_HASH(CHECK_SECRET) == SHORT_SIGNATURE

scott-broadcast:   OneTimePublicKey + RECEIVE_ADDRESS + ENCRYPT( from scott + SHORT_SIGNATURE, SECRET )

Quote
dan:   OneTimePublicKey * DANS_EXT_PRIVATE_KEY => SECRET
                                      DANS_EXT_PRIVATE_KEY.child( SECRET ) =>
                                                                RECEIVE_PRIVATE_KEY =>
                                                                  RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS

dan:   DECRYPT( data, SECRET ) => "from scott" + SHORT_SIGNATURE )
dan:   SCOTT_EXT_PUBLIC_KEY * RECEIVE_PRIVATE_KEY => CHECK_SECRET => SHORT_HASH(CHECK_SECRET)

There are only two people in the world who can generate the CHECK_SECRET (dan and scott), because the signature isn't required to verify funds transfer and is only used to prevent 'spoof payments' the SHORT_HASH(CHECK_SECRET) could reduce the signature down to 8 bytes rather than using the 65 bytes required for a normal ECC compact signature. 

Total additional size to send an anonymous payment from a certified address:
33 OneTimePublicKey
4   from id
8   from check
20  [optional fixed size memo]

65 bytes, equal to a single normal signature.   The fixed size memo is there to provide a description.  It must be fixed size to prevent analysis by size.   The memo is 20 bytes so that the entire size of the encrypted data is 32 bytes which is a multiple of the AES block size.  So the encrypted info block is either 16, 32 or 48 bytes long. 

I could probably avoid AES encryption all together and simply XOR data with SHA512(SECRET) as a means of encrypting/decrypting.

I am looking for ideas on what to name this Scheme.... so far Toast has proposed

Send Anonymously To A Name => SATAN

I suggested:

Transfer Invisibly to A Name  => TITAN

Other names are welcome.
« Last Edit: May 25, 2014, 01:31:01 PM by bytemaster »
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline liondani

Re: Secure Payments to Users by Name
« Reply #12 on: May 25, 2014, 01:29:52 PM »
While laying in bed this morning I had a flash of insight on how to significantly reduce the size of the signatures that prove who a payment is from.

Man, you must do that more frequently  ;)
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline bytemaster

Re: Secure Payments to Users by Name
« Reply #13 on: May 25, 2014, 01:38:27 PM »
For added security on the users public keys (ie: to avoid any potential of information leak from using the same key for every single operation... the check signature could use   SCOTTS_EXT_PUBLIC_KEY.child(SECRET) rather than SCOTT_EXT_PUBLIC_KEY directly.     Not sure if this extra indirection has any meaningful security enhancements or not. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12337
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Secure Payments to Users by Name
« Reply #14 on: May 25, 2014, 05:23:57 PM »
I am so flashed of recent upgrates!!! +5%
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

 

Google+