Pieter Wuille [ARCHIVE] on Nostr: 📅 Original date posted:2011-12-16 🗒️ Summary of this message: Temporary ...
📅 Original date posted:2011-12-16
🗒️ Summary of this message: Temporary addresses for anonymity require interaction with the wallet-hosting entity. EC crypto tricks can generate fresh private keys for each transaction.
📝 Original message:On Thu, Dec 15, 2011 at 04:26:38PM +0800, Walter Stanish wrote:
> Interaction is a requirement, since there seems to be a widely felt
> need to preserve anonymity through the use of temporary addresses.
> Generating a temporary address requires some actual processing to
> achieve, since the issuing of the new address cannot be done without
> interacting with the entity hosting the wallet (unless I'm missing
> something?).
Just replying to this one comment: yes, some interaction is always
necessary, but not necessarily directly with the entity hosting the wallet.
There are some EC crypto tricks to do this (often mentioned under
"deterministic wallets" before):
The wallet-hosting entity has a private key x, with public key X.
The address-generating entity knows X, and generates a fresh private
key y for each transaction. For each, it calculates Z=y*X, and asks
the client to pay to hash160(Z). Afterwards, it can send a bunch of
y's to the wallet hosting service, which can reconstruct z=y*x for
each. Alternatively, the y's can be generated according to a predefined
scheme instead.
--
Pieter
🗒️ Summary of this message: Temporary addresses for anonymity require interaction with the wallet-hosting entity. EC crypto tricks can generate fresh private keys for each transaction.
📝 Original message:On Thu, Dec 15, 2011 at 04:26:38PM +0800, Walter Stanish wrote:
> Interaction is a requirement, since there seems to be a widely felt
> need to preserve anonymity through the use of temporary addresses.
> Generating a temporary address requires some actual processing to
> achieve, since the issuing of the new address cannot be done without
> interacting with the entity hosting the wallet (unless I'm missing
> something?).
Just replying to this one comment: yes, some interaction is always
necessary, but not necessarily directly with the entity hosting the wallet.
There are some EC crypto tricks to do this (often mentioned under
"deterministic wallets" before):
The wallet-hosting entity has a private key x, with public key X.
The address-generating entity knows X, and generates a fresh private
key y for each transaction. For each, it calculates Z=y*X, and asks
the client to pay to hash160(Z). Afterwards, it can send a bunch of
y's to the wallet hosting service, which can reconstruct z=y*x for
each. Alternatively, the y's can be generated according to a predefined
scheme instead.
--
Pieter