Bitcoin problem - Address reuse
Bitcoin addresses were never meant to be used twice and the fact that they can is a fluke in the system. There are 1.46 × 10^48 possible bitcoin addresses, which gives every person on Earth 2.05×10^38 different addresses to use if needs be. When addresses are reused, all other transactions performed by that address can be seen by examining the block chain. Address reuse also reduces the security of the bitcoins stored in those addresses. Transaction signing requires 256 bytes of random data (rvalue) so that the private key cannot be reverse engineered. If the rvalue is not truly random then the private key can be determined, which can be used to sign other transactions for that particular bitcoin address. This attack can be negated by not reusing addresses, as once a transaction is signed from a bitcoin address, it remains empty.
https://bitcoin.stackexchange.com/questions/25814/ecdsa%C2%ADsignature%C2%ADand%C2%ADthe%C2%ADz%C2%ADvalue
Solution in XSPEC Dual Key Stealth Addresses
The basic principal with stealth addresses is to avoid address reuse. With a stealth address you can publish ONE stealth address and every payment made to that stealth address will appears as being received by a different normal address.
http://sx.dyne.org/stealth.html
Bitcoin addresses were never meant to be used twice and the fact that they can is a fluke in the system. There are 1.46 × 10^48 possible bitcoin addresses, which gives every person on Earth 2.05×10^38 different addresses to use if needs be. When addresses are reused, all other transactions performed by that address can be seen by examining the block chain. Address reuse also reduces the security of the bitcoins stored in those addresses. Transaction signing requires 256 bytes of random data (rvalue) so that the private key cannot be reverse engineered. If the rvalue is not truly random then the private key can be determined, which can be used to sign other transactions for that particular bitcoin address. This attack can be negated by not reusing addresses, as once a transaction is signed from a bitcoin address, it remains empty.
https://bitcoin.stackexchange.com/questions/25814/ecdsa%C2%ADsignature%C2%ADand%C2%ADthe%C2%ADz%C2%ADvalue
Solution in XSPEC Dual Key Stealth Addresses
The basic principal with stealth addresses is to avoid address reuse. With a stealth address you can publish ONE stealth address and every payment made to that stealth address will appears as being received by a different normal address.
http://sx.dyne.org/stealth.html
But this for receiving, right? While the first case for Bitcoin was about sending coins. In the linked article, it says:
Quote
ECDSA requires a random number for each signature. If this random number is ever used twice with the same private key it can be recovered.
So it's not about "truly random" or not, just not using the same random twice with the same key pair. So it would be enough to simply use a proper signature implementation that generates a new random number for each transaction. You should have fixed that anyway, because stealth addresses are not mandatory (yet). How do stealth addresses help on top of it then? Just for making the inputs unlinkable, as far as I know?
XSPEC takes this one step further by introducing anonymous spectre tokens and introduce transactions signed by what is known as traceable ring-signatures. Do not let the word traceable fool you, it simply means that once a transaction has been signed it will be impossible to use the same signature / spectre token again.
https://eprint.iacr.org/2006/389.pdf
https://eprint.iacr.org/2006/389.pdf
Wikipedia:
Quote
Linkable ring signatures
[4] The property of linkability allows one to determine whether any two signatures have been produced by the same member (under the same private key). The identity of the signer is nevertheless preserved. One of the possible applications can be an offline e-cash system.
Traceable ring signature
[5] In addition to the previous scheme the public key of the signer is revealed (if they issue more than one signatures under the same private key). An e-voting system can be implemented using this protocol.
[4] The property of linkability allows one to determine whether any two signatures have been produced by the same member (under the same private key). The identity of the signer is nevertheless preserved. One of the possible applications can be an offline e-cash system.
Traceable ring signature
[5] In addition to the previous scheme the public key of the signer is revealed (if they issue more than one signatures under the same private key). An e-voting system can be implemented using this protocol.
So according to this, a linkable ring signature would be enough? It explicitly mentions the e-cash application. How does traceability help? It could even be used to deanonymize nodes by tricking them into doing the same signature twice.
Thanks for your work, but if you are making technical arguments they should be sound.
