Author: Gregory Maxwell 2012-03-21 19:54:30
Published on: 2012-03-21T19:54:30+00:00
In an email sent on March 2, 2012, Watson Ladd proposed a new opcode for anonymous transactions. The opcode would allow scripts to be given proof that the receiver can carry out or has carried out a previous transaction. Ladd was working on a paper that discussed using this opcode for anonymous transactions.An alternative protocol was suggested for N parties who wished to purchase equal amounts of Bitcoin without the exchange being able to link their future transactions. Each participant put up the relevant amount of gold/whatever at the exchange and provided a public key for signing. Externally, the participants agreed on a collection of non-cooperating mixers, which could be the participants themselves or independent third parties. Each participant generated a new bitcoin address and encrypted it with the public keys of the exchange and all the mixers using an appropriate communicative homomorphic scheme or just a layers stack of regular encryption keys. The participants then combined their encrypted addresses into a block and handed it off to the mixing chain. Each mixer randomized the order and decrypted all the messages with its key. At the end of the chain, the exchange did the final decryption and presented a list of addresses to the involved users. Users validated that their address was in the set and signed the entire set. Once all involved users had signed, the exchange paid.This alternative protocol required no changes to the Bitcoin system and could be easily implemented by anyone interested. It provided anonymity so long as any one of the mixers was uncompromised. It had very low overhead and was not directly resistant to disruption, but abusive users could be detected and excluded if participation in an identified round required a key provided by the exchange.
Updated on: 2023-05-18T23:36:30.322714+00:00