2015-12-16 11:37:08 +00:00
|
|
|
BSIP: 0007
|
|
|
|
|
Title: Privacy (STEALTH) Mode
|
|
|
|
|
Authors: Daniel Larimer <Dan@cryptonomex.com>
|
|
|
|
|
Fabian Schuh <Fabian@BitShares.org>
|
|
|
|
|
Status: Draft
|
|
|
|
|
Type: Informational
|
|
|
|
|
Created: 2015-12-16
|
|
|
|
|
Discussion: <https://github.com/cryptonomex/graphene/issues/452>
|
|
|
|
|
<https://bitsharestalk.org/index.php/topic,20104.0.html>
|
|
|
|
|
<https://bitsharestalk.org/index.php/topic,20499.0.html>
|
|
|
|
|
Worker: tbd
|
|
|
|
|
|
|
|
|
|
# Abstract
|
|
|
|
|
|
|
|
|
|
Privacy Mode Transfers (a.k.a. Stealth Transfers) are used to maintain user
|
|
|
|
|
privacy. This feature helps set BitShares apart from most other crypto
|
|
|
|
|
currencies and offers tremendous value to the users who are most interested in
|
|
|
|
|
privacy, liberty, and freedom.
|
|
|
|
|
|
|
|
|
|
In practise they combine the techniques of *blinding* for the transfer amount
|
|
|
|
|
and *stealth addresses* (similar to TITAN in BitShares 1) to hide involved
|
|
|
|
|
parties.
|
|
|
|
|
|
|
|
|
|
# Specifications
|
|
|
|
|
|
|
|
|
|
This proposal involves creating a new front-end feature on the account page in
|
|
|
|
|
the wallet to enter the *privacy mode*. Here, users will be able to create
|
|
|
|
|
*private accounts* which are nothing but labeled private keys. They will also be
|
|
|
|
|
able to manage *private contacts* which are nothing more than labeled public
|
|
|
|
|
keys. Neither private accounts nor private contacts are tracked on the
|
|
|
|
|
blockchain since those keys are not used directly.
|
|
|
|
|
|
|
|
|
|
Users will be able to monitor their private balances and take the following
|
|
|
|
|
actions:
|
|
|
|
|
|
|
|
|
|
* Transfer from public account to their own private balance
|
|
|
|
|
* Transfer from one of their private accounts to one of their private contacts
|
|
|
|
|
* Transfer from one of their private accounts to any public account
|
|
|
|
|
* Register a new account using a private balance.
|
|
|
|
|
* Receive a private transfer from a 3rd party given a transfer receipt.
|
|
|
|
|
|
|
|
|
|
# Implementation Aspects
|
|
|
|
|
|
2015-12-16 13:56:42 +00:00
|
|
|
## Backup Considerations
|
2015-12-16 11:37:08 +00:00
|
|
|
|
|
|
|
|
Because private transfers are not recoverable from blockchain data alone,
|
|
|
|
|
backups of your wallet after receiving a new private transfer are required.
|
|
|
|
|
|
2015-12-16 13:56:42 +00:00
|
|
|
## Javascript Implementation
|
|
|
|
|
|
|
|
|
|
This proposal will require the use of this library to perform the necessary
|
|
|
|
|
crypto operations in javascript (see [1]).
|
|
|
|
|
|
|
|
|
|
# Funding
|
|
|
|
|
|
|
|
|
|
BitSharestalk.org forum user `onceuponatime` has proposed to fund the
|
|
|
|
|
development and implementation of this feature in full as a private investor and
|
|
|
|
|
at zero cost to BitShares holders.
|
|
|
|
|
|
|
|
|
|
Contract between `onceuponatime` and Cryptonomex:
|
|
|
|
|
|
|
|
|
|
The purpose of this contract is to develop a Privacy Mode feature, Privacy Mode
|
|
|
|
|
fee accumulation account, Maintenance Account, Initialization Package, and GUI
|
|
|
|
|
interface for BitShares scoped for a firm fixed price of $45K. The following
|
|
|
|
|
requirements apply:
|
|
|
|
|
|
|
|
|
|
1. The Privacy Mode feature shall be implemented as proposed in
|
|
|
|
|
https://github.com/cryptonomex/graphene/issues/452 (as amended).
|
|
|
|
|
2. It shall provide the following fee based services:
|
|
|
|
|
* Transfer from public account to their own private balance
|
|
|
|
|
* Transfer from one of their private accounts to one of their private contacts
|
|
|
|
|
* Transfer from one of their private accounts to any public account
|
|
|
|
|
* Register a new account using a private balance.
|
|
|
|
|
* Receive a private transfer from a 3rd party given a transfer receipt.
|
|
|
|
|
3. Each of these services shall charge a fee initially set at 3x the standard
|
|
|
|
|
transfer fee, but which may be adjusted from time to time by the owner(s) of
|
|
|
|
|
the Privacy Mode fees account
|
|
|
|
|
4. Fees shall be automatically distributed by the blockchain to the following
|
|
|
|
|
accounts:
|
|
|
|
|
* 20% to the BitShares network.
|
|
|
|
|
* 20% to a Maintenance Account.
|
|
|
|
|
* 60% to holder(s) of the Privacy Mode Fees accumulation account
|
|
|
|
|
5. The Maintenance Account shall be controlled by five specified manager
|
|
|
|
|
accounts in a 3 of 5 multisig configuration. These managers will control
|
|
|
|
|
the allocation of this fund to future maintenance and upgrade tasks.
|
|
|
|
|
6. The Initialization Package shall modify the blockchain to make the Privacy
|
|
|
|
|
Mode feature available to users.
|
|
|
|
|
7. The Initialization Package shall make provision for the creation of
|
|
|
|
|
generic Fee Based Assets (FBA) and set the fee for such
|
|
|
|
|
8. A GUI shall be provided in the OpenLedger and Light wallets to allow
|
|
|
|
|
ordinary users to easily use the Privacy Mode features.
|
|
|
|
|
9. Documentation of the Privacy Mode feature and Maintenance and Fee
|
|
|
|
|
Accumulation account shall be provided on the appropriate reference web
|
|
|
|
|
sites.
|
|
|
|
|
10. Resulting software patch to the Graphene library shall have the same
|
|
|
|
|
license as the rest of Graphene subject to the condition that the results
|
|
|
|
|
of the Initialization package and fee distribution mechanisms are not
|
|
|
|
|
modified.
|
|
|
|
|
|
|
|
|
|
# Management Account
|
|
|
|
|
|
|
|
|
|
The STEALTH asset will be issued by the "management account" for this feature.
|
|
|
|
|
`Onceuponatime` will be the initial owner of the issued asset (not the issuer).
|
|
|
|
|
This management account will have multi-sig authority assigned to the 5 largest
|
|
|
|
|
STEALTH holders weighted proportional to stake and will have the power to set
|
|
|
|
|
the fee.
|
|
|
|
|
|
|
|
|
|
# Roadmap
|
|
|
|
|
|
|
|
|
|
* Feedback and discussion of this thread: *December 8 to December 10, 2015*
|
|
|
|
|
* Presentation of an amended Cryptonomex Worker Proposal: *Dec 11, 2015*
|
|
|
|
|
This worker proposal should include Milestones of what is intended to be
|
|
|
|
|
accomplished by the end of week 1, week 2, week 3, week 4 and week 5 so that
|
|
|
|
|
the Community can follow progress in the github.
|
|
|
|
|
* Voting for Worker Proposal: *Dec 11 to January 1, 2016*
|
|
|
|
|
* onceuponatime forwards $45,000 to Cryptonomex: *Jan.2, 2016*
|
|
|
|
|
* Cryptonomex does the development and testing of the feature: *(4 to 6 weeks)*
|
|
|
|
|
* Hard fork for implementation of the feature: *Monday Feb, 15th*
|
|
|
|
|
|
2015-12-16 11:37:08 +00:00
|
|
|
# Discussion
|
|
|
|
|
|
|
|
|
|
For the best user experience this proposal is best combined with proposal for
|
|
|
|
|
*hosted wallets* (to be defined).
|
|
|
|
|
|
2015-12-16 13:56:42 +00:00
|
|
|
## No Participation in Referral Program
|
|
|
|
|
|
|
|
|
|
The referral program does not play with Privacy mode transfers (because it is
|
|
|
|
|
private, we don't know who the parties are or who referred them). This means
|
|
|
|
|
that even if the fee were the same as the basic transfer, on average the
|
|
|
|
|
lifetime member would be paying 5x more a Private Transfer than a Public
|
|
|
|
|
Transfer. If you charge 3x the basic transfer fee, then life time members will
|
|
|
|
|
pay 15x more for a Private transfer than a Public transfer.
|
|
|
|
|
|
|
|
|
|
Percentage based fees are not possible with Private Transfers either because the
|
|
|
|
|
amount being transferred is *private*!
|
|
|
|
|
|
2015-12-16 11:37:08 +00:00
|
|
|
# Copyright
|
|
|
|
|
|
|
|
|
|
This document is placed in the public domain.
|
|
|
|
|
|
|
|
|
|
# See Also
|
|
|
|
|
|
|
|
|
|
* [1] https://github.com/arhag/crypto-experiments/tree/emscripten/emscripten/libsecp256k1-demo
|
