Return-Path: <me@ricmoo.com> Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id DA753F58 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 12 Sep 2015 05:38:58 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f182.google.com (mail-io0-f182.google.com [209.85.223.182]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E7045124 for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 12 Sep 2015 05:38:57 +0000 (UTC) Received: by iofb144 with SMTP id b144so120103962iof.1 for <bitcoin-dev@lists.linuxfoundation.org>; Fri, 11 Sep 2015 22:38:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ricmoo.com; s=google; h=from:content-type:subject:message-id:date:to:mime-version; bh=THjtF1il4xo6cduw3sUC5jqQHpjuyXsXQDQHK6At1a8=; b=ZQnqXPhW1zMmV7lfcuVIdj0lQnEF3SwpCrx+vmKMjeuiFnQC681jTORXHU9gxjHQuV H2eAsHjxioUvD7YFWpLDJxctPrTnqtLoJVNRKm4L7IxfFj0UcuKeXXIdDhXsw2VWUGiE zRDFsc+yVPpZCM0bD1pJpQL/j09i4Kjd9Lk8o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:subject:message-id:date:to :mime-version; bh=THjtF1il4xo6cduw3sUC5jqQHpjuyXsXQDQHK6At1a8=; b=dhq4eNVzrAhmjKNIuVqVIT6OaEmgXV0fk8TzRqyjKH79gGt+19bSX/9ytuGXC0w8g9 Ju2Dh4LKZBozPtexkYiNuy8CzWq7hbe3PaguCa5hHo4rG5St18jVYdgb5O3i6SRvYzS7 fq6WCT3CeQ1B5R5iEs1XIPQA1xd1kDS6ehf+Ma7y6+M25+UjFPAt9ONCWH1Zn6YoIre/ UohDzdlnOQNrkqCdbYbrQcFq70XaQPE1fq4BqVERtnnwsVud152V6g5rND++FuLqyvvr 3W7oRRzUnPUH8N19HJoBsG99xgzS4yR94LrnB/rtdpMD6S90h587ZI6AUH2fQi4Or69R apEw== X-Gm-Message-State: ALoCoQk4ngo959Pnyuf/msmY2rW6lC/Hf8kmPkAM0a1ydGFEgwwAyMQ1RjLlcGgDvmkbfNk4LJsQ X-Received: by 10.107.10.14 with SMTP id u14mr8439104ioi.94.1442036337322; Fri, 11 Sep 2015 22:38:57 -0700 (PDT) Received: from [192.168.2.79] (135-23-143-85.cpe.pppoe.ca. [135.23.143.85]) by smtp.gmail.com with ESMTPSA id u4sm1194852igz.8.2015.09.11.22.38.55 for <bitcoin-dev@lists.linuxfoundation.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 11 Sep 2015 22:38:55 -0700 (PDT) From: Richard Moore <me@ricmoo.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E" Message-Id: <71A8E490-14C5-49F1-8E08-75C0A754B5BB@ricmoo.com> Date: Sat, 12 Sep 2015 01:38:53 -0400 To: bitcoin-dev@lists.linuxfoundation.org Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) X-Mailer: Apple Mail (2.2104) X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [bitcoin-dev] Stealth Address Idea (special-less) X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org> List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> X-List-Received-Date: Sat, 12 Sep 2015 05:38:59 -0000 --Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hey all, I am throwing out an idea I=E2=80=99ve been toying with, for feedback = and if it seems like an idea worth pursuing, possibly a BIP number. The goal is to make straight forward stealth address that are SPV = friendly and easy to support in software without too much special goop. I=E2=80=99ve got working code at = https://github.com/ricmoo/sandbox/tree/master/stealth, and here are some = example transactions on the block chain: Target Public Key: = 029ed06e396761c24416cf7323ed4f1cb29763ee9e2b0fccae347d6a2a3eaecbf5 Target Public Key [tentative] Encoding (this is what you would give = away): 59KkSZsVE7vErdqo8m5gtNoez44CbdwJQ5cSM1AAARzN19vkJ6NU Revocable Payment made: = b4ad20cad4cc2fcbbec09bc071dfe8c4a4b1e8e57d1e56bf51947445cfc6c7af Irrevocable Payment made: = f600643a1d32152117be0d9c652a86dc6182d2dab3be53340739395f524cd95c Cleared out all funds from stealth address: = 58eb0fdab108c7add74835466251ffe5c51c7f4cec149f06daf0435d43d9ce55 Idea overview: There are 2 modes of operation, revocable and irrevocable payments. = Revocable payments result in both parties knowing the private key, = allowing for a certain level of plausible deniability when the funds are = swept, as to whether the funds were actually sent or were revoked=E2=80=A6= You could imagine WikiLeaks stating they will not claim donations for = 1-3 months after receiving them; if the funds are claimed after 1.5 = months, did the sender actually send funds? The other option is = irrevocable, where only the receiver can claim the funds (allowing them = to leave them in that address until they need to be spent). The basic idea is (the above code above gets into the nitty gritty), to = send to targetPublicKey: Given the UTXO set of inputs into a transaction, choose one at random, = senderUtxo Use ECDH(targetPublicKey, senderUtxo.privateKey) as sharedSecret For revocable payments, you are done; use sharedSecret as your = privateKey, compute the address For irrevocable payments, create a sharedPrivateKey from the bytes of = sharedSecret, use ECC addition (or would multiplication make more sense? = advantages?) on the public key of sharedPrivateKey and the = targetPublicKey. The receiver can then use ECC addition (or = multiplication) on the sharedPrivateKey and the targetPrivateKey to = generate the coresponding privateKey. The SPV-able part, is lightly discussed in the top of stealth.js, but I = haven=E2=80=99t played with bloom filters enough and the idea is still = all too fresh in my head; the general idea is to make a 1-of-2 multisig = where the first is the resulting stealth address, and the second is = something (anything) that looks like a valid public key, but will match = a bloom filter (given a tweak that is generated deterministically from = the targetPublicKey) and matches the targetPublicKey. Again, I need much = more feedback on this. Thanks, RicMoo = .=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2= =B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8= =C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8><(((=C2=BA> Richard Moore ~ Founder Genetic Mistakes Software inc. phone: (778) 882-6125 email: ricmoo@geneticmistakes.com <mailto:ricmoo@geneticmistakes.com> www: http://GeneticMistakes.com <http://geneticmistakes.com/> --Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D""><div class=3D""><span style=3D"font-size: 13px; line-height: = 17px;" class=3D"">Hey all,</span></div><div style=3D"font-size: 13px; = line-height: 17px;" class=3D""><br class=3D""></div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D"">I am throwing = out an idea I=E2=80=99ve been toying with, for feedback and if it seems = like an idea worth pursuing, possibly a BIP number.</div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">The goal is to make straight forward stealth address that are = SPV friendly and easy to support in software without too much special = goop.</div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D""><br class=3D""></div><div style=3D"font-size: 13px; = line-height: 17px;" class=3D"">I=E2=80=99ve got working code at <a = href=3D"https://github.com/ricmoo/sandbox/tree/master/stealth" = class=3D"">https://github.com/ricmoo/sandbox/tree/master/stealth</a>, = and here are some example transactions on the block chain:</div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Target Public = Key: 029ed06e396761c24416cf7323ed4f1cb29763ee9e2b0fccae347d6a2a3eaecb= f5</div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Target Public Key [tentative] Encoding (this is what you = would give = away): 59KkSZsVE7vErdqo8m5gtNoez44CbdwJQ5cSM1AAARzN19vkJ6NU</div><div= style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Revocable Payment = made: b4ad20cad4cc2fcbbec09bc071dfe8c4a4b1e8e57d1e56bf51947445cfc6c7a= f</div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Irrevocable Payment = made: f600643a1d32152117be0d9c652a86dc6182d2dab3be53340739395f524cd95= c</div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Cleared out all funds from stealth address: = 58eb0fdab108c7add74835466251ffe5c51c7f4cec149f06daf0435d43d9ce55</div><div= style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D""><br class=3D""></div><div style=3D"font-size: 13px; = line-height: 17px;" class=3D"">Idea overview:</div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">There are 2 modes of operation, revocable and irrevocable = payments. Revocable payments result in both parties knowing the private = key, allowing for a certain level of plausible deniability when the = funds are swept, as to whether the funds were actually sent or were = revoked=E2=80=A6 You could imagine WikiLeaks stating they will not claim = donations for 1-3 months after receiving them; if the funds are claimed = after 1.5 months, did the sender actually send funds? The other option = is irrevocable, where only the receiver can claim the funds (allowing = them to leave them in that address until they need to be = spent).</div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D""><br class=3D""></div><div style=3D"font-size: 13px; = line-height: 17px;" class=3D"">The basic idea is (the above code above = gets into the nitty gritty), to send to targetPublicKey:</div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><ul = class=3D"Apple-dash-list"><li class=3D"">Given the UTXO set of inputs = into a transaction, choose one at random, senderUtxo</li><li = class=3D"">Use ECDH(targetPublicKey, senderUtxo.privateKey) as = sharedSecret</li><li class=3D"">For revocable payments, you are done; = use sharedSecret as your privateKey, compute the address</li><li = class=3D"">For irrevocable payments, create a sharedPrivateKey from the = bytes of sharedSecret, use ECC addition (or would multiplication make = more sense? advantages?) on the public key of sharedPrivateKey and the = targetPublicKey. The receiver can then use ECC addition (or = multiplication) on the sharedPrivateKey and the targetPrivateKey to = generate the coresponding privateKey.</li></ul></div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">The SPV-able part, is lightly discussed in the top of = stealth.js, but I haven=E2=80=99t played with bloom filters enough and = the idea is still all too fresh in my head; the general idea is to make = a 1-of-2 multisig where the first is the resulting stealth address, and = the second is something (anything) that looks like a valid public key, = but will match a bloom filter (given a tweak that is generated = deterministically from the targetPublicKey) and matches the = targetPublicKey. Again, I need much more feedback on this.</div><div = style=3D"font-size: 13px; line-height: 17px;" class=3D""><br = class=3D""></div><div style=3D"font-size: 13px; line-height: 17px;" = class=3D"">Thanks,</div><div style=3D"font-size: 13px; line-height: = 17px;" class=3D"">RicMoo</div><div style=3D"font-size: 13px; = line-height: 17px;" class=3D""><br class=3D""></div><div = apple-content-edited=3D"true" class=3D""> <span class=3D"Apple-style-span" style=3D"border-collapse: separate; = border-spacing: = 0px;">.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2= =B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7= .=C2=B8=C2=B8.=C2=B7=C2=B4=C2=AF`=C2=B7.=C2=B8><(((=C2=BA><br = class=3D""><br class=3D"">Richard Moore ~ Founder<br class=3D"">Genetic = Mistakes Software inc.<br class=3D"">phone: (778) 882-6125<br = class=3D"">email: <a href=3D"mailto:ricmoo@geneticmistakes.com" = class=3D"">ricmoo@geneticmistakes.com</a><br class=3D"">www: <a = href=3D"http://GeneticMistakes.com/" = class=3D"">http://GeneticMistakes.com</a></span> </div> <br class=3D""></body></html>= --Apple-Mail=_8B2BBFF4-DD92-44F9-95EA-85512F14B54E--