Re: [Bitcoin-development] Stealth Addresses
Thanks Peter for the paper! I'm just going to restate your 'simple explanation' to make sure I got it... The payee publishes a public key of theirs, which will be a long-standing identifier, public key = 'Q', corresponding private key = 'd'. To pay them, payee generate a keypair, private key = 'e' public key of 'P'. Publish 'P' in the transaction. The payer can calculate S = eQ, where S is a shared secret between payer/payee. The payee calculates the same S as S = dP. So the payee sees 'P' in a transaction, and multiplies by their private key, to get S. Now that we have the shared secret, either side can calculate an offset to Q which becomes the pay-to-address. When you say BIP32-style derivation, Q' = H(S) + Q, does this mean Q + SHA256(33-byte S)? A payee has to check each transaction (or every transaction of a fixed prefix) with 'P', calculate Q' = Q + H(dP) and see if that transaction pays to Q'. If the address matches, then the payee can spend it with private key of d + H(dP). One downside is that you have to hold your private key in memory unencrypted in order to identify new payments coming in. So stealth-addresses may not be suitable for receiving eCommerce payments, since you can't implement a corresponding watch-only wallet, e.g. there's no way to direct-deposit into cold storage. Hope I got that right... On Mon, 06 Jan 2014 04:03:38 -0800, Peter Todd p...@petertodd.org wrote: Using Elliptic curve Diffie-Hellman (ECDH) we can generate a shared secret that the payee can use to recover their funds. Let the payee have keypair Q=dG. The payor generates nonce keypair P=eG and uses ECDH to arrive at shared secret c=H(eQ)=H(dP). This secret could be used to derive a ECC secret key, and from that a scriptPubKey, however that would allow both payor and payee the ability to spend the funds. So instead we use BIP32-style derivation to create Q'=(Q+c)G and associated scriptPubKey. As for the nonce keypair, that is included in the transaction in an additional zero-valued output: RETURN P -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk ___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[Bitcoin-development] Getting trusted metrics from the block chain in an untrusted environment ?
Hello all, I'm designing a program that needs some metrics computed from the Bitcoin block chain (some address balances, or the occurrence or not of a specific transaction). The kind of infos you get from http://blockchain.info/, provided you trust this website (my program do not). My program should run on lightweight/embedded hardware. The execution environment provides access to the Bitcoin network but not enough resources to set up a trusted node along with my program. Also, my program trusts the global Bitcoin network but no individual node. I would need a way to ask an untrusted Bitcoin node to compute some 'metric request' on my behalf and having the result of that metric request validated by the network. Is there any available or work-in-progress projects that would come close to this need ? Or should I do it myself ? :-) Thank you all, Clément Elbaz -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
Re: [Bitcoin-development] Getting trusted metrics from the block chain in an untrusted environment ?
Some more thoughts : If no such project exist yet, I thought it could work with an alternate, small and fixed-length 'metric request block chain' of some sort. It would temporarily stores structures defined as [metric request | current block number when request was made | hash of the response] instead of financial transactions. These structures are verifiable so it could work the same way as a regular financial blochchain. It should not be part of the main Bitcoin protocol but could be a plugin interacting with the data managed by the fullnode bitcoin software. Also, metrics requests can be expensive to compute and validate, so it would make sense to pay a fee everytime you ask one. Does any of this makes any sense to you ? Thanks, Clément -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831iu=/4140/ostg.clktrk___ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
