• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Registering (encrypted?) xpub keys for masternode/miner payouts to improve "hygiene"/Coinjoin

amanda_b_johnson

Well-known member
A brief conversation recently took place on Discord (starting with my comment here) about the feasibility/desirability of updating the Dash protocol to enable MNOs/miners to register xpub / HD addresses/keys (please forgive any technical slips in my wording) for their payouts. The idea here is that address re-use is undesirable not only from the classic "Bitcoin hygiene" perspective, but that it's especially undesirable for the CoinJoin mechanism, as the ease of pinpointing fund origins increases the fewer address inputs that are used.

The initial replies to my post were that registering xpub/HD addresses/keys as payout addresses is, indeed, feasible, but that it would only achieve the stated objective -- that is, obfuscation of multiple addresses stemming from the same payout registration -- if said keys were encrypted by the respective MNO/miner somehow.

Would be interested to hear additional feedback on this, either/both from a desirability perspective (i.e. do you want it?), as well as from a technical perspective (i.e. what would it take to achieve this, exactly?)

Thanks.

@UdjinM6, @QuantumExplorer, @rion, @Pasta, @pshenmic
 
Bottom line:

Yes, feasible.

Yes, better than re-using addresses to guard against the casual YouTuber tracing a payment through the Insights API using existing tools that already exist today - ex: 8m50s

No, would not increase privacy in any meaningful sense to against a motivated investigator operating on a local copy of the blockchain.

The Long Version:

Despite the name "Extended Public Key", XPub keys are meant to be kept private between 2 parties.

The XPrv is kept private by the person who will receive the funds.

The XPub is shared only with the person who will send the funds to the receiver, but generally not made "Public".
(though you could make individual addresses semi-public for merchant payments)

This exchange keeps the receiver's main wallet addresses "safe" from the sender (e.g. if mixed or transferred in an indirect fashion) and it keeps the transaction "private" from others on the network (the keys of each are independent and unrelated - other than by time, block, amount, or other forensic fingerprints - to other transactions).

From what I recall of the MNO registration process, it's perfectly possible to put arbitrary data in the block. If encrypted data were to be put in a block, it would be encrypted with a public key from the sender, who is making the payment to the receiver - and that public key doesn't need to be a payment key or even a secp251k1 key at all.

Without encryption, the layer of obfuscation it provides is on the level of silly. Although you can't tell where an address came from, you can easily find blocks with unencrypted XPubs and just start enumerating them. I could see a BIP-32 / BIP-44 hybrid HD Path approach doing something like adding extensions to the HD Path to allow for more psuedo-entropy - such as a truncated hash of the block height in two extra paths (`m/xx'/5'/a'/0/n/h1/h2`), which would make it slightly more cumbersome... but probably not worth over all.

With encryption, how would a block reward payment take place? How can a secret be public between a group of MNOs and private to the rest of the world?
 
Also, under the current system, everyone in the system (miners, masternodes, full nodes) needs to be able to verify that each block pays the correct masternode. If that is known, payouts are linkable to the receiving party irrespective of address re-use or some other scheme that doesn't re-use addresses (unless there's some zero knowledge magic or something that could be applied - probably non-trivial).
 
what about
"protx update_registrar"

with a new payout address that fires after each MN payout to the prior address? When done properly, each MN payout is made to a different pubkey...
 
For me it don't matter much. I do like to be able to get the reward to 1 specifc address. If privacy would be a concern i would use our coinjoin or use monero :)
 
Back
Top