Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    [Dev] Private Blockchain Addresses (Dark Blockchain)

    Technical Development
    10
    53
    19551
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrapper
      wrapper Moderators last edited by

      Just reading thing in **electrum **Github:

      Re: [electrum] Added ability to send TO stealth addresses. (#817) space.gif

      That is not how the Stealth Address protocol works.

      1 output to stealth requires 1 OP_RETURN directly before it. (so if stealth send p2kh/p2sh is vout 3 then OP_RETURN with that send’s ephemeral key MUST be vout 2. If 2 stealth sends are at vout 3 and vout 7, then vout 2 MUST be the ephemeral key for vout 3 and vout 6 MUST be the ephemeral key for vout 7.

      https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth#Transaction_format
      reference

      In lib/wallet.py:
      > if type == ‘op_return’:
      > assert len(data) < 41, “string too long”
      > assert value == 0
      > if type == ‘address’:
      > assert is_address(data), “Address " + data + " is invalid!”
      > + if is_stealth_address(data):
      > + newaddr, op_ret = get_stealth_send(data)
      > + lst = list(outputs[i])
      > + lst[1] = newaddr
      > + outputs[i] = tuple(lst)
      > + outputs.insert(i, [‘op_return’, op_ret, 0])
      > + stealth_ops.append(i)

      â€"
      Reply to this email directly or view it on GitHub.4609536__eyJzY29wZSI6Ik5ld3NpZXM6QmVhY29

      1 Reply Last reply Reply Quote 0
      • wrapper
        wrapper Moderators last edited by

        The Dark wallet paper on Wiki shows how the cryptography might be used to acheive privcy via Multisig stealth and Dual-key stealth

        Dual-key stealth

        Say we want to keep our stealth spending key private, yet still be able to scan for payments to us. Normally to scan a stealth payment, we need to decrypt our stealth key to see if payments are received. This is unacceptable for wallets to do without user interaction as it risks compromising their wallet.

        We can instead use a dual-key stealth scheme.

        This is the scheme that DarkWallet implements as it’s main stealth functionality.

        Receiver:

        Q = public scan key (EC point, 33 bytes)
        d = private scan key (integer, 32 bytes)
        R = public spend key
        f = private spend key
        
        Q = dG
        R = fG
        
        stealth address: 
        

        Sender (has Q, not d):

        P = eG
        

        By publishing P, only sender and receiver have access to c:

        c = H(eQ) = H(dP)
        

        Sender:

        R' = R + cG
        

        Receiver:

        R' = R + cG     [without decrypting wallet]
           = (f + c)G   [after decryption of wallet]
             [Remember: mod curve.order and pad with 0x00s where necessary]
        

        In this scheme, we can use the scan keypair (Q, d) to generate the shared secret c, and then hence derive the address from the public part R.

        Ref: https://wiki.unsystem.net/en/index.php/DarkWallet/Stealth#Dual-key_stealth

        1 Reply Last reply Reply Quote 0
        • wrapper
          wrapper Moderators last edited by

          Electrum is doing some Github changes with Stealth Addresses.

          As I understand it it, this implementation of privacy is a meta level above Bitcoin. The wallet itself adds any addition fields or processes and uses additional systems and Electrum code to store and initiate the process.

          As such SAs are different to the PBA (Private Blockchain Address) possibility, which is intrinsic to the system.

          The idea that the encrypted address is a “semi valid” or even a “valid Address”, and the investigation of how that could be implemented still seems novel. It gives an extra level of privacy to PBAs, it may be made be difficult to identify an Address is private.

          If I print my stealth address on a business card, how do I know which of my clients paid the retainer?

          I already mentioned that it is not for merchants. If it was a personally known business acquaintance, you could call him up on the phone or send an email and say “oh btw I send x BTC for y.” and that would suffice up to a certain amount, I’m sure. Not to mention if the self-proclaimed sender knows the txid, then he’s already slightly more likely to be telling the truth, as the only people knowing the txid with stealth are the sender and the receiver. (or anyone who can view their tx histories)

          Asking this sounds like: “If one of my clients e-mails me, how do I know which client is the one that e-mailed me? He could be someone pretending to be my client with a spoofed mail address, or a co-worker that’s using his workstation.”

          This is why we don’t use e-mail for earth shattering important conversations and we don’t use stealth addresses to transfer 30,000 bitcoins.

          If you want to, Electrum 2.0 allows generic OP_RETURN message writing with OP_RETURN “TEXT” and the user could put some identifying number in there or their name if they want to.

          If you’re trying to argue against the existence of static non-reusable address protocols, this is not the place. spesmilo/sx would be better place to voice concerns.

          However, if you have a reason for this to not be merged that isn’t “This is dumb, so we don’t need it in Electrum” then I am all ears. Also, if you find something fundamentally wrong with my code, please feel free to say so.

          Re: [electrum] Added ability to send to stealth addresses. (#817)

          I’m not objecting merging this, rather suggesting it gain some additional functionality. That could very well be a future pull request, but it might make sense to add it on here.

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User last edited by

            This guy has really got my interest… Wrapper, do you think it’s worthwhile contacting him and seeing if he can help us do it?

            From what I understand this is kinda what we want…

            https://medium.com/@octskyward/ecdh-in-the-payment-protocol-cb2f81962c1b

            Once the above is implemented, it would be useful to define more BIP70 extensions to let people put (unauthenticated) names/pseudonyms, pictures and contact details into a payment request. People can then populate their wallets address books by loading up such files, and community run directory sites can make paying someone as easy as looking them up online. This does not require ECDH/stealth addresses of course because a wallet can always just constantly upload new versions of the payment request whenever a payment is received, but it does simplify things and avoids small amounts of reuse that could occur if a wallet was offline for a while.

            The infrastructure I just talked about can be easily implemented by any reasonable programmer one step at a time, in layers. If you’re interested in experimenting with this, drop me a line: [email protected]

            Also, is there a way we can tie light addresses into this project at the same time?

            Could we ask “Mike” if he thinks it could be achievable at the same time?

            1 Reply Last reply Reply Quote 0
            • lizhi
              lizhi last edited by

              If I have time, I will promote this work.

              1 Reply Last reply Reply Quote 0
              • wrapper
                wrapper Moderators last edited by

                Cheers Calem - interesting read,

                I agree with him ([email protected]) in his critique of stealth addresses. He certainly has thought about the subject from a technical point of view.

                https://medium.com/@octskyward/ecdh-in-the-payment-protocol-cb2f81962c1b

                I’d be interested to see how quickly he can trash private addresses. Although, PAs do seem to get over many of the problems he sees with the very similar “large public key” method of privacy.

                e.g. being able to index the address, so the wallet can find relevant transactions. Also, where one option is to make the private addresses indistinguishable from normal transaction addresses.

                As you know, I’ve outlined the idea in the best detail I can and the next step would be to some test coding to see if it at all viable.

                I’m just getting round to learning more about the history and state of multi-signature wallets and BIP’s. Although that is to look at whether we can change the multisignature address start values, doing that work would get us more up to speed on how private addresses might be implemented.

                I sent Mike an email to see what he thinks.

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User last edited by

                  The main thing we need with private addreses etc, is that there needs to be an Audit Key that can be used to give to tax agents accountants or tax agencies/gov etc.

                  1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User last edited by

                    Just thought I would mention, on the opposite end of the spectrum here…

                    https://github.com/opennamesystem/openname-directory
                    https://openname.org/about

                    OVERVIEW

                    The Openname System (ONS) is a protocol that extends DNS by supporting the registration and resolution of:

                    1. user handles on the blockchain (DNS for people)
                    2. domains on the blockchain (decentralized DNS)

                    …all with full DNS backwards-compatibility.
                    ONS = ICANN DNS + blockchain handles + blockchain domains

                    ONS currently uses namecoin as a key-value store but the system is blockchain-agnostic.

                    I don’t want to add yet another project, but this is something that we need to sort out in time as well.

                    1 Reply Last reply Reply Quote 0
                    • wrapper
                      wrapper Moderators last edited by

                      Develop a wallet option to have individual addresses for each transaction.

                      Mike says he thinks you can’t encrypt the address, in order to make each transaction individual, (he doesn’t explain why), but that we could use the same idea to make transactions more private, without encryption.

                      We could just do the “make it easier to have individual addresses” part of private addresses white paper. I can’t quite see how this would work, as my mechanism was to have an extra layer, that the receiver and sender would have access to, via their keys, to show the link behind the encrypted address.

                      As with private addresses, if each transaction uses individual addresses then there is much less information leaked. This would make each transaction more like cash, as Satoshi envisaged. It would depend how the individual address could be made and decoded by the wallet whether it would remove the need for a cryptographer to be involved with the software development to make any progress.

                      https://medium.com/@octskyward/ecdh-in-the-payment-protocol-cb2f81962c1b

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User last edited by

                        Is this what Bush is currently working on?

                        1 Reply Last reply Reply Quote 0
                        • lizhi
                          lizhi last edited by

                          Yes, Stealth Address start , me and Bush.

                          1 Reply Last reply Reply Quote 0
                          • lizhi
                            lizhi last edited by

                            Stealth Address will was created in wallet, The use of it in much the same way as normal. Stealth Address ,The length of more than 35 .

                            stealth1.png

                            1 Reply Last reply Reply Quote 0
                            • lizhi
                              lizhi last edited by

                              after my pool confirm a stealth transaction, but I find a problem , I can not receive coin.
                              I check logfile.
                              FindStealthTransactions show a error “StealthSecret failed” in wallet.cpp,

                              StealthSecret(sScan, vchEphemPK, it->spend_pubkey, sShared, pkExtracted)
                              

                              StealthSecret show a error “StealthSecret(): Q EC_POINT_bn2point failed” in stealth.cpp

                              if (!(Q = EC_POINT_bn2point(ecgrp, bnQ, NULL, bnCtx))) 
                              

                              my a stealth transaction on blockchain.
                              http://block.ftc-c.com/tx/137455e27de1c7b3302c3b0c462fb0d904a831339aebf468e6e85c224362f51b
                              Block number:556535

                              SX address f5QuGW2S8TvSqszejNxxTATHh4AgJC2VVvMf5Lc2tk6uR4k3F361kwM8oiLecHT4z4q7qmUgnUE47HsqpGX6uZnUghvgLN7iiSpeA7

                              1 Reply Last reply Reply Quote 0
                              • ?
                                A Former User last edited by

                                Bugger…

                                1 Reply Last reply Reply Quote 0
                                • lizhi
                                  lizhi last edited by

                                  Yes, I have fixed the bugger. I develop Stealth Address successful.

                                  Look , This is first stealth transaction in blockchain ,It is at 566321 (Mainchain)

                                  http://block.ftc-c.com/tx/85568ae1dacfdc6730b0d2ddeb2c4d7d07b0ac702e6d9a7f408293e2cd628d57

                                  MyStealth Address is f5QuGW2S8TvSqszejNxxTATHh4AgJC2VVvMf5Lc2tk6uR4k3F361kwM8oiLecHT4z4q7qmUgnUE47HsqpGX6uZnUghvgLN7iiSpeA7

                                  sx2.png

                                  sx1.png

                                  I send 0.01FTC to my Stealth Address ,then I receive them successful. :)

                                  1 Reply Last reply Reply Quote 0
                                  • ?
                                    A Former User last edited by

                                    It’s working?

                                    Amazing Job…

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User last edited by

                                      Yes, I have fixed the bugger.

                                      FE62.gif 467a1c5c71e418299c86644fa7988bcb.png

                                      1 Reply Last reply Reply Quote 0
                                      • ?
                                        A Former User last edited by

                                        We need to start testing this… Testnet time?

                                        1 Reply Last reply Reply Quote 0
                                        • MrWyrm
                                          MrWyrm administrators last edited by

                                          Count me in.

                                          Like what I do: 6uuy6isbrW1SBF191Bzgui1gWxPdNKx2PB

                                          1 Reply Last reply Reply Quote 0
                                          • lizhi
                                            lizhi last edited by

                                            We need to start testing this… Testnet time?

                                            No, It is working on main_net. Some SX transactions have been confirmed.

                                            List:

                                            Block # 556535 (Mainchain)

                                            http://block.ftc-c.com/tx/137455e27de1c7b3302c3b0c462fb0d904a831339aebf468e6e85c224362f51b

                                            http://block.ftc-c.com/tx/ff6179824ddad55fe0666b2f7f7a25958d12644a5563f776ddfda7aeda20cf12

                                            Block #566321 (Mainchain)

                                            http://block.ftc-c.com/tx/843cf93bebad1682b6385ba4c8b19f137d40d3f0808330b196057eaa6b445a98

                                            http://block.ftc-c.com/tx/85568ae1dacfdc6730b0d2ddeb2c4d7d07b0ac702e6d9a7f408293e2cd628d57

                                            Block #569270 (Mainchain)

                                            http://block.ftc-c.com/tx/4305587958876434ba60af536a108f2adf2e99f3616b90ed8a1aec96b398817a

                                            Block #582187 (Mainchain)

                                            http://block.ftc-c.com/tx/530c29dffffeb8fe24a8b03f4ccbef0adc7008f5bdfbb29c8a3cf6f9cdcaf9a7

                                            http://block.ftc-c.com/tx/1de36440571edf827920007704f9987389d1f9c7fe597377ae93c29508f70013

                                            http://block.ftc-c.com/tx/d5005bb2cf68dbbdf23aa348742bf62e3056ab05bfc62f00a358b45c24e41a12

                                            Block #556535,566321,569270,582187 make in my 0.9.3 core pool(pool.ftc-c.com). If my miners find a block, SX transactions will been confirmed.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post