Localized Musings

Watson Ladd's Weblog

Anonymous transactions in Bitcoin (11 March 2012)

I've written a paper at here about creating anonymity for recipients of bitocoin transactions through blind signatures. The fundamental idea is to introduce a new opcode and signature type that can be used to restrict the order in which outputs of a script can be redeemed.

This may or may not see wide support. It could be used by Bitcoin exchanges to protect their users further, but at a cost in computation time and complexity of redemption. We also need support from the blockchain which will mean some time to go from writing code to implementation

In the future I hope to extend this to creating digital cash that is backed by Bitcoins: such cash would combine the tradtional advantages of digital currency in terms of ease of use and speed with the anti-inflation properties of Bitcoins.

So let's talk about some uses of Bitcoins that aren't obvious. Let's say I want to demonstrate to you that I can spend some Bitcoins. My ability to spend Bitcoins is given by my possession of a public key. How can I demostrate my possession of a key without doing anything that might compromise my key?

The quick answer is for me to send to you a random multiple of my public key, and then you ask me to prove that I know the discrete logarithm with respect to the standard base or with respect to my key. This leaks no information: given any transcript of the transaction, you could fake it.