On Fri, Mar 2, 2012 at 2:57 PM, Watson Ladd <w...@uchicago.edu> wrote: > Dear all, > I am proposing a new opcode for the purposes of anonymous > transactions. This new opcode enables scripts to be given proof that > the receiver can carry out or has carried out a previous transaction. > I'm currently working on a paper that discusses using this opcode for > anonymous transactions.
Here is an alternative protocol: N parties wish to purchase equal amounts of Bitcoin without the exchange being able to link their future transactions, they each put the relevant amount of gold/whatever up at the exchange. The exchange provides the exchanges public key, and the user provides a public key for signing. Externally the N participants agree on a collection of non-cooperating mixers (the mixers may actually just be the participants themselves, independent third parties, etc). Each participant generates a new bitcoin address, and encrypts it with the the public keys of the the exchange and all the mixers using an appropriate communicative homorophic scheme (or just a layers stack of regular encryption keys). The participants then combine their encrypted addresess into a block and hand it off to the mixing chain. Each mixer randomizes the order and decrypts all the messages with its key. At the end of the chain the exchange does the final decryption and presents a list of addresses to the involved users. Users validate that their address is in the set and sign the entire set. Once all involved users have signed, the exchange pays. This requires no changes to the Bitcoin system and could be trivially implemented by anyone interested. It provides anonymity which is strong so long as any one of the mixers is uncompromised. It has very low overhead. It is not directly resistant to disruption, but if participation in an identified round requires a key provided by the exchange, abusive users can be detected and excluded. Have I explained this clearly enough? I could probably implement the whole system it if its unclear. Can you contrast this with your proposal for me? ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development