BitShares Forum
Main => General Discussion => Topic started by: xeroc on June 06, 2014, 09:31:11 am
-
Hey friends,
with all the FUD around Darkcoin and Darksend (which is closed-source and uses coinjoin) we should
let bitcointalk users know about TITAN.
I propose to now draft a forum thread so that these guys can join the discussion.
The testnet now offers a chance to proof and show using practical
examples how TITAN works under the hoods!
I already wrote some lines summing up the development (mostly copy-paste from forum)
- http://pad.bitshares.org/p/TITAN
Let us please join efforts and pimp that article (you can do directly on the above webpage)
Thoughts?
-
For those only participating the board, heres a copy of the current draft (unformated):
The pourpose of this article is to teach bitcointalk users about TITAN.
When SATAN meets TITAN
Original Proposal using ECC
Recently, core developer Danial Larimer revealed "Secure Payments to Users by Name". He descripes, based on ellyptic
curve cryptography (ECC), how to generate a unique receiving address for a user. The scheme works as follows:
Create TempPrivateKey TEMP.PRIVATE_KEY;
TEMP.PRIVATE_KEY * USER.PUBLIC_KEY => SECRET => ONE_TIME_PRIVATE_KEY => ONE_TIME_ADDRESS
The payee can send his transaction that pays to ONE_TIME_ADDRESS and attaches TEMP.PUBLIC_KEY as message to the transaction.
Every client on the network will be able to perform the following operation:
USER.PRIVATE_KEY * TEMP.PUBLIC_KEY => SECRET => ONE_TIME_PRIVATE_KEY
If ONE_TIME_PRIVATE_KEY is the one that controls ONE_TIME_ADDRESS then user will immediately spend the funds from ONE_TIME_ADDRESS to
a new address because the sender retains the ability to cancel the transaction.
Note:
turns out this crypto technique already existed and was called "stealth addresses". The fact that we re-invented it is good news though!
However as the DPOS blockchain allowes for adding the TEMP.PUBLIC_KEY as a comment to the transaction, the receiver does not need to brute-force test
if a particular transaction can be spent by him. This is the case for stealth-addresses
Pros:
The following features result from his proposal:
no need to exchange addresses, instead a Name can be given
ability to encode a message and 'from' data into the transaction for payment details
the receiver is anonymous to everyone but the sender as for each payment a temporary one-time address is generated
potential to cancel/retract a transfer if it is not accepted in a timely manner, which is impossible for any other transaction. To prevent chargeback the receiver simply wipes his temporary one-time address
simplifies accounting in the wallet
generates higher fees and dividends
Cons:
Daniel also listed the basic drawbacks of his approach which are namly:
Uses more space in the blockchain
Requires two transactions
Results in higher fees
Optimized Algorithm
However the first drawback go resolved quickly by the use of hierachical extended public keys.
The basic approach can be seen from Daniels pseudocode:
dan => DANS_EXT_PUBLIC_KEY
scott => SCOTTS_EXT_PUBLIC_KEY
scott: Generate OneTimePrivateKey & OneTimePublicKey Pair
scott: OneTimePrivateKey * DANS_EXT_PUBLIC_KEY => SECRET
DANS_EXT_PUBLIC_KEY.child( SECRET ) => RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS
scott: RECEIVE_PUBLIC_KEY * SCOTTS_EXT_PRIVATE_KEY => CHECK_SECRET
=> SHORT_HASH(CHECK_SECRET) == SHORT_SIGNATURE
scott-broadcast: OneTimePublicKey + RECEIVE_ADDRESS + ENCRYPT( from scott + SHORT_SIGNATURE, SECRET )
dan: OneTimePublicKey * DANS_EXT_PRIVATE_KEY => SECRET
DANS_EXT_PRIVATE_KEY.child( SECRET ) => RECEIVE_PRIVATE_KEY =>
=> RECEIVE_PUBLIC_KEY => RECEIVE_ADDRESS
dan: DECRYPT( data, SECRET ) => "from scott" + SHORT_SIGNATURE
dan: SCOTT_EXT_PUBLIC_KEY * RECEIVE_PRIVATE_KEY => CHECK_SECRET => SHORT_HASH(CHECK_SECRET)
This is a variation of stealth addresses (http://www.coindesk.com/stealth-addresses-secret-bitcoin-privacy ) that leverages the
name system to solve the first part of the problem.
Thus, the protocol allows to
Send Anonymously To Any Name => SATAN
or Transfer Invisibly to Any Name => TITAN
Combining this with well-known techniques like CoinJoin (darkcoin) or ring-signatures allowes to completely send and also receive
anonymous transaction
Furthermore, these recent updates shed light to the power of Keyhotee as then
the use of name@xts can address individuals or DACs.
Mailing Money is within reach!
-
Love the initiative xeroc!
However, I do believe that impact will be much greater if there is a layman introduction, without any technical terms, and a marketing ending that highlights why it is interesting and useful in a larger scheme. The easier it is for a reader to absorb, the more respect we get as teachers.
-
Just FYI, TITAN is our independent re-invention of stealth addresses. I don't think we should say "well we have *named* stealth addresses and so this is a new technology".
We can refer to TITAN in our list of features but don't get carried away advertising this as our invention.
-
So I found a link explaining stealth addresses:
https://blog.coinjar.com/2014/01/16/stealth-addresses-what-are-they-and-do-i-need-one/
So I can surmise that TITAN is basically this? Can I ask how this differs from darksend or zerocoin?
-
So I found a link explaining stealth addresses:
https://blog.coinjar.com/2014/01/16/stealth-addresses-what-are-they-and-do-i-need-one/
So I can surmise that TITAN is basically this? Can I ask how this differs from darksend or zerocoin?
Yep! It's that + "your stealth addressed is registered to a name a la namecoin".
I believe darksend is coinjoin and other laundering techniques - combining normal transactions in a way that is hard to trace.
Zerocoin is entirely new crypto and has *totally* unlinkable transactions.
-
So I found a link explaining stealth addresses:
https://blog.coinjar.com/2014/01/16/stealth-addresses-what-are-they-and-do-i-need-one/
So I can surmise that TITAN is basically this? Can I ask how this differs from darksend or zerocoin?
Yep! It's that + "your stealth addressed is registered to a name a la namecoin".
I believe darksend is coinjoin and other laundering techniques - combining normal transactions in a way that is hard to trace.
Zerocoin is entirely new crypto and has *totally* unlinkable transactions.
Hmm.. which means that we can simply steal the explanation of stealth addresses, talk about how we can register them to a name, and compare the result to Darkcoin and say Anoncoin (++ infographic)! Article done. :D
-
So we need a designer!
-
So we need a designer!
For a forum thread? What do you mean?
I like this idea a lot. In another thread I suggested that the popularity of the Neutrinocoin is due to the current emphasis of privacy. I think it would be a great time to make a thread about TITAN. I also agree to keep it from being too technical. Perhaps the first post could be a simplified version that the average crypto joe will actually read, then a few posts down we stick in the more rigorous explanation. That way you get the best of both worlds. Maximize the # of eyes reading the content + technical innovation for those who read past first post.
I'll post under the beyondbitcoinshow acct asking anyone who has questions or wishes to debate features to show up at the Saturday Dev hangout once you guys do this.
In addition we could plant questions. lol. Just post em here and I'll try to see that they show up on BTT if someone is willing to answer them. :)
-
So we need a designer!
For a forum thread? What do you mean?
I like this idea a lot. In +5% another thread I suggested that the popularity of the Neutrinocoin is due to the current emphasis of privacy. I think it would be a great time to make a thread about TITAN. I also agree to keep it from being too technical. Perhaps the first post could be a simplified version that the average crypto joe will actually read, then a few posts down we stick in the more rigorous explanation. That way you get the best of both worlds. Maximize the # of eyes reading the content + technical innovation for those who read past first post.
I'll post under the beyondbitcoinshow acct asking anyone who has questions or wishes to debate features to show up at the Saturday Dev hangout once you guys do this.
In addition we could plant questions. lol. Just post em here and I'll try to see that they show up on BTT if someone is willing to answer them. :)
+5%
-
Maybe someone (not be because I wrote it) should create a link to the bitshares wiki article about TITAN on the BTT forum ... Would someone pls do so? Here's the link:
https://github.com/BitShares/bitshares_toolkit/wiki/AYNTK_TITAN
Topic may be:
[BitShares] All you need to know about Privacy in BitShares/DPOS (Project: TITAN)
-
Maybe someone (not be because I wrote it) should create a link to the bitshares wiki article about TITAN on the BTT forum ... Would someone pls do so? Here's the link:
https://github.com/BitShares/bitshares_toolkit/wiki/AYNTK_TITAN
Topic may be:
[BitShares] All you need to know about Privacy in BitShares/DPOS (Project: TITAN)
No volunteers?!
-
Maybe someone (not be because I wrote it) should create a link to the bitshares wiki article about TITAN on the BTT forum ... Would someone pls do so? Here's the link:
https://github.com/BitShares/bitshares_toolkit/wiki/AYNTK_TITAN
Topic may be:
[BitShares] All you need to know about Privacy in BitShares/DPOS (Project: TITAN)
No volunteers?!
no problem
https://bitcointalk.org/index.php?topic=663984
might need some backup when people start asking questions though.
-
no problem
Thanks.. maybe you can reformat using the board's formating ..
looks a little ugle atm ..
might need some backup when people start asking questions though.
Gonna help out there .. notification active!