Let’s talk some more about the Privacy side of carrying out transactions using the blokchain tech. This is after all, the main argument of crypto lovers – decentralized, completely anonymous payment system that is widely used for buying various illegal things on the darknet and it’s the major reason why the gambling industry has fallen in love with cryptocurrencies, the ability to bypass national laws and get more players is priceless. Crypto casinos, crypto betting sites and a new addition to the Crypto Gambling scene – Bitcoin prediction markets like Fairlay are only the tip of the iceberg. Whole Gambling industry is depending on cryptocurrencies for its future. But lets get back to the topic of privacy shall we?
1. Mergers and breakdowns
Although it would be feasible to distinguish between each coin individually, it would be cumbersome to carry out separate transactions for each cent sent. In order to be able to divide and combine values, transactions contain a multiplied number of outputs and inputs. Usually it will be either a single entry from one large transaction or a multiplied number of entries, combining smaller amounts of money and a maximum of two outputs: one for the payments and the remaining ones for returning the rest of coins, if any, back to the sender.
I should note that a situation in which a transaction depends on several other transactions, which in turn depend on many many others, isn’t a problem here. There’s never been and never will be a need to extract an individual copy of the transaction history.
2. Privacy
The traditional banking model achieves the assumed level of privacy by restricting access to information about both participating parties and a trusted third party. The need to advertise all transactions publicly excludes this method, but privacy can be maintained by interrupting the flow of information elsewhere: by maintaining the anonymity of the public keys. Everyone can trace that someone sends a certain amount of money to someone else, but without the information linking the transaction to specific entities. This is similar to the level of information provided by stock exchanges, where the time and size of individual transactions is made available to the public, but without specifying the identity of the parties trading.
As additional collateral, a new pair of keys should be used for each transaction in order to avoid linking them to the common owner. However, some kind of associations cannot be avoided when dealing with transactions with multiple entries, which inevitably reveal that their entries are the property of the same owner. Therefore, the risk is that if the key owner is disclosed, previous transactions belonging to him can be easily linked and identified.
3. Calculations
Let’s assume a scenario in which an attacker tries to generate an alternative chain faster than an “honest” chain is generated. Even if he succeeds in doing so, it does not mean that the system will at this point be exposed to arbitrary changes, such as aerial value creation or the misappropriation of money that has never belonged to the attacker. Nodes will never approve an erroneous transaction as a payment, and “fair” nodes will never confirm the block that contains such transactions. An attacker can only try one of his own transactions to recover money he recently spent.
The race between the “fair” chain and the chain formed by the attacker can be described as a binomial wandering randomly. The success event will determine the situation when an “honest” chain is extended by one block, increasing its handling by +1, and the failure event will determine the increase in the attacking chain by the value of one block, reducing the differences between the two chains by -1.
The probability of an attacker succeeding in correcting a set deficit is analogous to the problem of the “Gambler’s ruin”. Let’s assume that a gambler with unlimited funds in his account starts with a loss and plays a potentially unlimited number of times in an attempt to bring about financial balance of the parties. We are able to estimate the probability that the attacker will strike a balance, or the probability that the attacker will ever catch up with a fair chain, according to the following formula:
p = probability of finding the next block by an “honest” node
q = probability of finding the next block by the attacker
q2 = probability that the attacker will ever catch up with a fair chain from a loss position equal to that of the blocks.
Considering our assumption that p > q, the probability decreases exponentially as the number of blocks that the attacker has to make up for increases. With probability acting to his disadvantage, if he fails to make up for part of the loss happily early enough, his chances start to border on zero, while his loss begins to grow.
Now let’s look at how many recipients of a new transaction need to wait before they can be sure enough that the sender will not change the transaction. We assume that the sender is an attacker who has the inch of persuading the recipient to believe that he has received the payment, while the attacker changes the transaction after some time and sends the money back to himself. The recipient will be alerted when this happens, but the sender hopes that it will be too late to react.
The recipient generates a new pair of keys, making the public key available to the sender shortly before signing. This prevents the attacker from preparing a chain of blocks in advance by generating it continuously until they are lucky enough to gain an advantage. At this point it executes the transaction. When a transaction is sent, the fraudulent sender starts working in secret on a parallel chain containing an alternative version of his transaction.
The recipient waits until the transaction is added to the blocks and the number of blocks is linked to it. He is not aware of the progress made by the attacker, but assuming that “honest” blocks needed an average time to break individual blocks, the assumed progress of the attacker can be determined on the basis of Poisson’s decomposition, with an expected value:
4. Conclusions
In this three-part article I’ve proposed a system of electronic transactions that doesn’t require the need to rely on trust. We started with the usual structure of digital signature coins, which gives a great deal of control over ownership, but is incomplete without a way to prevent double spending. In order to solve this problem, we have proposed a peer-to-peer network model that uses evidence of the work done to record a public transaction history that, from a computational perspective for a potential attacker, quickly becomes unrealistic to change if only “honest” nodes control most of the computational power. The strength of the network lies in its unstructured simplicity. The nodes work at the same time requiring only a small amount of coordination. There is no need to identify them since the messages are not linked to any particular place and their propagation must be based solely on the principles of the utmost care. Nodes can leave and rejoin the network at any time, accepting the chain of proof of work done as proof of what happened during their absence. Nodes vote with their computing power, expressing their acceptance of the correct blocks by working on their elongation and rejecting the wrong blocks by refusing to do so. Any necessary changes to the rules or incentive system can be implemented using this consensus-building mechanism.