W3C home > Mailing lists > Public > public-webpayments@w3.org > September 2014

Re: FYI - Anon TX??

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 20 Sep 2014 20:38:56 -0400
Message-ID: <541E1E20.7000406@digitalbazaar.com>
To: Timothy Holborn <timothy.holborn@gmail.com>, Web Payments CG <public-webpayments@w3.org>
On 09/20/2014 01:12 PM, Timothy Holborn wrote:
> http://www.neoscoin.com/

>From the whitepaper:


What is the true meaning of anonymous? Being unknown. The approach taken
with Neos for anonymous transactions, completely eliminates any
possibility of the transaction surfacing on the blockchain. With a
multi-homed farm of secure nodes, transactions sent using “Arbitrush”
send from the original sender, through the nodes, and to the recipient.
Proof of Transaction is an option that can be either enabled or disabled
in the Neos settings, or on-the-fly selectively during the send process.
After our initial announcement, someone in the community requested the
feature of selective PoT. Within 2 hours it was implemented.

And from the Cryptoarticles story:

For those of you wondering how ArtbitRush would work :

Sender -> multi-homed farm -> Recipient (the sender "never sent" the
coins, or so the blockchain thinks, it just came from "somewhere")

In order to allow users to verify these anonymous transactions, a
separate ArbitRush Transactions tab has been made available. Only the
sender can see the status on the blockchain , because of a one-time
key-pairing in the ArbitRush system.

Who runs the "secure nodes"/"multi-homed farm"?

Do they use UDP, TCP/IP, or a completely new protocol?

Is there any form of SSL between the sending node and the "secure node"?
Is the message encrypted to each secure node so an attacker doesn't know
that it's a arbitrush transaction? How easy is it to spoof a secure node?

I remain skeptical, I couldn't find anything in their whitepaper
explaining how they achieve non-traceability. Seems that all an attacker
would need to do would be to compromise one of the "secure nodes", or
tap the network traffic. There is no "security considerations" section
that I could find anywhere. Seems like /far less than/ Tor-like
protections are being offered /and/ we're talking about a completely
public ledger.

Seems like it's pseudo-anonymity at best (which isn't a bad feature,
just that people might be duped into thinking that it could actually
protect them against organizations with modest resources). Does anyone
know where we can read about the technical implementation behind the
arbitrush stuff?

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
Received on Sunday, 21 September 2014 00:39:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:03:39 UTC