BitShares Forum
Main => General Discussion => Topic started by: bytemaster on August 23, 2014, 01:22:00 am
-
I wanted to take a moment to set the record straight on the current state of TITAN so that people don't rely on it too much at this point in time.
Today
TITAN is first and foremost a tool to aid in the usability of the system and automate the best practice of generating a new address for every transfer. As it exists today, TITAN transfers can be analyzed very much like Bitcoin transfers because underneath the fancy elliptic curve crypto is a simple blockchain based upon keys and addresses. Transactions still combine inputs and send the "change" back to the address the funds came from.
What this means is that while you cannot tie account names to balances, you can tie transactions together just like you can in Bitcoin.
In the Near Future
While it is possible to perform network analysis on transactions that combine multiple addresses. If you were to always make transactions that transfer the full balance from one address to another and never combine balances from two or more addresses then you do not leak information about the relationship between addresses. BitShares currently implements a "multi-part" transfer feature in the console. This feature will generate as many transactions as necessary to transfer the desired amount from one person to another. These independent transactions are unlinkable and could be going to One person, N people, or simply back to yourself assuming they were broadcast at random intervals rather than "all at once".
Over time this process will fragment the balances as large chunks are only ever divided and never combined. It is critical that we have a means of recombining balances into larger chunks so that the number and size of transactions on the blockchain can be kept to a minimum. After enough 1-1 transfers the ownership is sufficiently ambiguous that balances can be combined without leaking information. The management of this can be automated on the blockchain to ensure that your privacy is sufficiently protected.
The challenge with multi-part transactions is that they cost more fees (one per transaction) and they take more time because they need to be spread out to sufficiently disassociate them and lastly, the receiver needs to be able to recombine them. Fortunately the TITAN memo feature can facilitate the regrouping of the multi-part transactions in the receivers client.
What this means today is that you should not assume your balances are untraceable. It is only as private as using Bitcoin best practices.
-
Can someone get this on the Wiki?
-
Bitcoin best practices is pretty dang private.
Analysis is possible but if you can't link it to a name what is the threat?
I think until something like timing analysis becomes practical and can actually affect people why worry about it? I do think you can theoretically achieve more privacy for TITAN by continuously improving upon it so I support that initiative but I don't think many people are capable of attacking it.
Analysis might reveal what kinds of activities are taking place but it doesn't reveal who is doing it. This capability has pros and cons.
-
I'll get this on the Wiki. Good write up. B
-
Analysis might reveal what kinds of activities are taking place but it doesn't reveal who is doing it. This capability has pros and cons.
I was thinking about this.
1) Since it's unlikely you'll send your entire BTSX balance to one person other than yourself your change comes back to the same address
2) At some point you're going to make a transfer to a centralized exchange and the receiving address can be linked to an account.
The question is can you know which addresses belong to an exchange that can be subpoenaed. Or more likely they'd go to an exchange they have jurisdiction over and get your deposit addresses. There are only a handful of exchanges so the net wouldn't have to be that wide. Once they have that they can monitor the flow of funds in and trace them back to your address in #1.
Someone please tell me this would never work .
-
Analysis might reveal what kinds of activities are taking place but it doesn't reveal who is doing it. This capability has pros and cons.
I was thinking about this.
1) Since it's unlikely you'll send your entire BTSX balance to one person other than yourself your change comes back to the same address
2) At some point you're going to make a transfer to a centralized exchange and the receiving address can be linked to an account.
The question is can you know which addresses belong to an exchange that can be subpoenaed. Or more likely they'd go to an exchange they have jurisdiction over and get your deposit addresses. There are only a handful of exchanges so the net wouldn't have to be that wide. Once they have that they can monitor the flow of funds in and trace them back to your address in #1.
Someone please tell me this would never work .
That would work just like it would with bitcoin.
If you want to prevent funds from being linked then you can use different accounts in your wallet.
-
Mabe we can come up with a few best-practice articles on the use of accounts for private, company, exchange, etc.
-
Bitcoin best practices is pretty dang private.
Analysis is possible but if you can't link it to a name what is the threat?
I think until something like timing analysis becomes practical and can actually affect people why worry about it? I do think you can theoretically achieve more privacy for TITAN by continuously improving upon it so I support that initiative but I don't think many people are capable of attacking it.
Analysis might reveal what kinds of activities are taking place but it doesn't reveal who is doing it. This capability has pros and cons.
Would off-chain mixing serve the same purpose here as it does with bitcoin? Would it be just as secure?
-
Would off-chain mixing serve the same purpose here as it does with bitcoin? Would it be just as secure?
Here it will be much securer as you will hold all private keys that are involved in the progress ...
off-chain mixing is so last century .. 8)
-
That would work just like it would with bitcoin.
If you want to prevent funds from being linked then you can use different accounts in your wallet.
What about a "Secure Send" option (perhaps a red button beside the green) that costs twice the transaction fee and creates a few new "burner" address, sends the money there first, then sends it to the intended recipient. Would take two blocks (a whopping 15 seconds) but would add a level of obscurity. Maybe it already works like this?
-
That would work just like it would with bitcoin.
If you want to prevent funds from being linked then you can use different accounts in your wallet.
What about a "Secure Send" option (perhaps a red button beside the green) that costs twice the transaction fee and creates a few new "burner" address, sends the money there first, then sends it to the intended recipient. Would take two blocks (a whopping 15 seconds) but would add a level of obscurity. Maybe it already works like this?
As it takes 2 blocks it automaticaly costs more fees ... Bytemaster quickly described what he wants to do with his multi-sig and extreme privacy .. but I couldn't follow 100%.... let's stay excited ;-)
-
I imagine eventually "send" "include memo" and "send privately" .. appropriate fees
-
I imagine eventually "send" "include memo" and "send privately" .. appropriate fees
In TITAN "send to a name" and "include memo" are the same thing .. AFAIK
the name of the sender is part of the memo .. (when I recall that correctly)
-
As it takes 2 blocks it automaticaly costs more fees ...
Indeed, I just wanted it made clear in the interface. However that dialog box comes up (which much better detail now) so that's all good.
-
BitShares currently implements a "multi-part" transfer feature in the console. This feature will generate as many transactions as necessary to transfer the desired amount from one person to another. These independent transactions are unlinkable and could be going to One person, N people, or simply back to yourself assuming they were broadcast at random intervals rather than "all at once".
Is this already implemented as of 0.4.6? What is the command syntax? I can't find anything in the console help.
-
Apparently that call is not exposed via RPC (probably good because it isn't heavily tested).
-
OK, I'll be patient until you release it.
Keep up the good work!