Author: Tony Churyumoff 2016-08-10 07:51:34
Published on: 2016-08-10T07:51:34+00:00
In a discussion on bitcoin transaction design, James MacWhyte voiced his concerns about the proposed design of hiding entire inputs and outputs. He explained that users would have to back up entire histories of every output that has been sent to them instead of just backing up a single HD private key if they want to secure their funds. Additionally, users would need to be online to receive payments, which may pose challenges in sending the private message containing the coin's history. Tony Churyumoff agreed with these concerns and suggested using hubs to route end-to-end encrypted messages so peers don't have to be online at the same time and don't have to connect directly.The proposed design aims to hide the entire inputs and outputs of a bitcoin transaction and publish only the hash of inputs and outputs in the blockchain, which can be published as OP_RETURN. The plaintext of inputs and outputs is sent directly to the payee via a private message and never goes into the blockchain. To protect against double-spends, the payer has to publish another hash called spend proof, which is the hash of the output being spent. Each new owner of the coin will have to store its entire history, and when they spend the coin, they forward the entire history to the next owner and extend it with their transaction. The proposal forbids any coin merges but still allows coin splits.A user on Bitcointalk.org has proposed a new private coin called 'Black Bitcoin' or 'BBC'. To issue the new private coin, users would burn regular BTC by sending it to one of several unspendable bitcoin addresses, one address per denomination. Burning BTC would entitle one to an equal amount of BBC. BBC would then be transferred from user to user by creating a private transaction, which consists of one input and several outputs. Storing the hash of the transaction and the spend proof of the consumed output into the blockchain in an OP_RETURN, the sender pays the corresponding fees in regular BTC, and sends the transaction, together with the history leading to its input, directly to the payee over a private communication channel.To verify the payment, the payee makes sure that the amount of the input matches the sum of outputs, and all are divisible by the denomination and calculates the hash of the private transaction. They look up an OP_RETURN that includes this hash and is signed by the payee. The bitcoin network protocol can be extended with a new message type to facilitate exchange of private transaction data. However, it lacks encryption, hence private payments are really private only when bitcoin is used over Tor. There are a few limitations, including the fact that after user A sends a private payment to user B, user A will know what the spend proof is going to be when B decides to spend the coin. Therefore, A will know when the coin was spent by B, but nothing more. Over time, larger outputs will likely be split into many smaller outputs, whose amounts are not much greater than their denominations. Exchanges and large merchants will likely accumulate large coin histories. No hard or soft fork is required for BBC, as it is just a separate privacy-preserving currency on top of the bitcoin blockchain, and the same private keys and addresses are used for both BBC and the base currency BTC. Every BCC transaction must be enclosed into by a small BTC transaction that stores the OP_RETURNs and pays for the fees. The proposal has not yet received feedback from the community.
Updated on: 2023-06-11T19:33:48.264274+00:00