Secure Payments to Users by Name

[cass]

I suggested:

Transfer Invisibly to A Name  => TITAN

Other names are welcome.

That's a really great name, isn't it? I really like TITAN

[bytemaster]

Stealth addresses is one thing... eliminating the use of 'addresses' is the real feature... ie: send to a name. 

Does Darkcoin have an internal name system?
[/quote]

Has the Keyhotte id changed in the scheme of things?  It would be strange to have a ID for bitshares x and a ID for Keyhotte?
[/quote]

Yes... keyhotee will now use name@xts to address individuals, DACs are like companies, you can get 'email addresses' at every company. 

[Bitcoinfan]

[/quote]

Stealth addresses is one thing... eliminating the use of 'addresses' is the real feature... ie: send to a name. 

Does Darkcoin have an internal name system?
[/quote]

Has the Keyhotte id changed in the scheme of things?  It would be strange to have a ID for bitshares x and a ID for Keyhotte?

[jae208]

PLUS Bitshares is a/will be a decentralized exchange ie: Bitcoin 2.0

As for Darkcoin... its just a coin 

[xeroc]

No .. they dont :-)

[bytemaster]

Hey guys I think actually this already existed and it's called "stealth addresses"....
All we did is add name->key mapping on top =(

haha nooooooo! a bit tragic for sure, but TITAN/SATAN still sound awesome even if another implementation of stealth addresses already exists... and personally im happy to hear that this innovation is in development for the bitshares ecosystem

Stealth addresses is one thing... eliminating the use of 'addresses' is the real feature... ie: send to a name. 

Does Darkcoin have an internal name system?

[solaaire]

Hey guys I think actually this already existed and it's called "stealth addresses"....
All we did is add name->key mapping on top =(

haha nooooooo! a bit tragic for sure, but TITAN/SATAN still sound awesome even if another implementation of stealth addresses already exists... and personally im happy to hear that this innovation is in development for the bitshares ecosystem 

[toast]

And Darkcoin actually does already do this

[toast]

Hey guys I think actually this already existed and it's called "stealth addresses"....
All we did is add name->key mapping on top =(

[jae208]

I think it is good that other members of other communities 'steal' our ideas and implement them. That way they can take the risk and we can learn if the idea actually works on them. What happens when they steal our ideas and implement them is that we are 'delegating' risk. 

I like SATAN MAUAHAHAHA 

[mf-tzo]

These developments are amazing. I am not a tech guy and I don't understand much of what you guys are talking about most of the time but there are a lot of people from other communities that do understand steal your ideas, come up with a better marketing and boom!!

My point is to bytemaster. You should already know by now who are the tech guys in here that can support you and give you valuable advice for your ideas. I don't understand why you should communicate your ideas to everyone else? It is of course always good for the rest of us to see that you guys have great ideas (I mean seeing that now I want to invest more money that I do not have) but isn't that dangerous?

A suggestion could be for example, some sensitive information and ideas that you have are not posted for the viewing of everyone but only for members of this forums above a specific status?

Maybe all these are not so important and I am being paranoid so if that is the case just ignore me...

[xeroc]

I am so flashed of recent upgrates!!!

[bytemaster]

For added security on the users public keys (ie: to avoid any potential of information leak from using the same key for every single operation... the check signature could use   SCOTTS_EXT_PUBLIC_KEY.child(SECRET) rather than SCOTT_EXT_PUBLIC_KEY directly.     Not sure if this extra indirection has any meaningful security enhancements or not. 

[liondani]

While laying in bed this morning I had a flash of insight on how to significantly reduce the size of the signatures that prove who a payment is from.

Man, you must do that more frequently 

[bytemaster]

While laying in bed this morning I had a flash of insight on how to significantly reduce the size of the signatures that prove who a payment is from.

Given Public Information (in blockchain):

dan => DANS_EXT_PUBLIC_KEY
scott => SCOTTS_EXT_PUBLIC_KEY

Assuming scott wants to send dan a payment anonymously, yet wants dan to know it is from him.

scott:  Generate OneTimePrivateKey  & OneTimePublicKey Pair
scott:  OneTimePrivateKey * DANS_EXT_PUBLIC_KEY => SECRET
                                        DANS_EXT_PUBLIC_KEY.child( SECRET ) => RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS
scott:  RECEIVE_PUBLIC_KEY * SCOTTS_EXT_PRIVATE_KEY => CHECK_SECRET
                                                                                    => SHORT_HASH(CHECK_SECRET) == SHORT_SIGNATURE

scott-broadcast:   OneTimePublicKey + RECEIVE_ADDRESS + ENCRYPT( from scott + SHORT_SIGNATURE, SECRET )

dan:   OneTimePublicKey * DANS_EXT_PRIVATE_KEY => SECRET
                                      DANS_EXT_PRIVATE_KEY.child( SECRET ) =>
                                                                RECEIVE_PRIVATE_KEY =>
                                                                  RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS

dan:   DECRYPT( data, SECRET ) => "from scott" + SHORT_SIGNATURE )
dan:   SCOTT_EXT_PUBLIC_KEY * RECEIVE_PRIVATE_KEY => CHECK_SECRET => SHORT_HASH(CHECK_SECRET)

There are only two people in the world who can generate the CHECK_SECRET (dan and scott), because the signature isn't required to verify funds transfer and is only used to prevent 'spoof payments' the SHORT_HASH(CHECK_SECRET) could reduce the signature down to 8 bytes rather than using the 65 bytes required for a normal ECC compact signature. 

Total additional size to send an anonymous payment from a certified address:
33 OneTimePublicKey
4   from id
8   from check
20  [optional fixed size memo]

65 bytes, equal to a single normal signature.   The fixed size memo is there to provide a description.  It must be fixed size to prevent analysis by size.   The memo is 20 bytes so that the entire size of the encrypted data is 32 bytes which is a multiple of the AES block size.  So the encrypted info block is either 16, 32 or 48 bytes long. 

I could probably avoid AES encryption all together and simply XOR data with SHA512(SECRET) as a means of encrypting/decrypting.

I am looking for ideas on what to name this Scheme.... so far Toast has proposed

Send Anonymously To A Name => SATAN

I suggested:

Transfer Invisibly to A Name  => TITAN

Other names are welcome.