Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add secret change addresses. #2037

Closed
nathan-at-least opened this issue Jan 23, 2017 · 3 comments
Closed

Add secret change addresses. #2037

nathan-at-least opened this issue Jan 23, 2017 · 3 comments
Labels
F-selective-disclosure Feature: Selective disclosure of shielded transaction details. I-SECURITY Problems and improvements related to security. note selection and shielded tx construction
Projects
JoinSplit privacy Payment Disclosure

Comments

@nathan-at-least
Copy link
Contributor

In order to improve a privacy leak in the 'payment disclosure' feature, we need to prevent anyone from learning change addresses, because knowing both the payment disclosure and the change address will reveal a js output's plaintext.
@nathan-at-least nathan-at-least added note selection and shielded tx construction I-SECURITY Problems and improvements related to security. F-selective-disclosure Feature: Selective disclosure of shielded transaction details. labels Jan 23, 2017
@nathan-at-least nathan-at-least mentioned this issue Jan 23, 2017
Open
@daira daira mentioned this issue Feb 8, 2017
Closed
@daira
Copy link
Contributor

daira commented Feb 14, 2017

We could generate the change address achangesk as PRFaddrask(2).

@jackgavigan jackgavigan added this to Work Queue in JoinSplit privacy Feb 14, 2017
@jackgavigan jackgavigan moved this from Work Queue to In Progress in JoinSplit privacy Feb 14, 2017
@jackgavigan jackgavigan moved this from In Progress to Work Queue in JoinSplit privacy Feb 14, 2017
@daira daira mentioned this issue Feb 14, 2017
Closed
@nathan-at-least
Copy link
Contributor Author

nathan-at-least commented Feb 14, 2017
edited by daira

We're leaning towards an alternative which is a new [symmetric] encryption key derivation for change outputs, rather than separate change addresses. #2102

@jackgavigan jackgavigan removed this from Work Queue in JoinSplit privacy Feb 15, 2017
@str4d str4d added this to TODO in JoinSplit privacy Feb 20, 2017
@str4d str4d removed this from Work Queue in JoinSplit privacy Feb 20, 2017
@str4d str4d added this to Work Queue in JoinSplit privacy Feb 20, 2017
@daira daira added this to Discussion in Payment Disclosure Apr 20, 2017
@daira daira mentioned this issue Apr 27, 2017
Closed
@nuttycom
Copy link
Contributor

This is fixed by use of separate derivation for change addresses as part of ZIP 316

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F-selective-disclosure Feature: Selective disclosure of shielded transaction details. I-SECURITY Problems and improvements related to security. note selection and shielded tx construction
Projects
No open projects
JoinSplit privacy
  
Discussion
Payment Disclosure
  
Discussion
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nuttycom @daira @nathan-at-least