https://en.bitcoin.it/wiki/CoinJoin
CoinJoin-------------------------------------------------------------------------------------------------
CoinJoin is a method of bitcoin transaction compression which aims to improve privacy by discarding unnecessary information. A coinjoin transaction is one where multiple people have agreed to form a single transaction where some of the the outputs have the same value. A casual observer of the blockchain cannot tell which output is of interest to each sender. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol.
CoinJoin是一种比特币交易压缩方法,旨在通过丢弃无用信息提高隐私保护能力。
一个CoinJoin交易是指:多个用户同意一个单独的交易,这项交易有多项相同大小的输出。
一个普通的区块链观察人员无法分辨输出和用户的对应关系。
不同于其它隐私保护方案,CoinJoin不需要修改比特币协议。
This type of transaction was first described in posts[1][2] by gmaxwell.
Motivation-------------------------------------------------------------------------------------------------
Bitcoin is often promoted as a tool for privacy but the only privacy that exists in Bitcoin comes from pseudonymous addresses which are fragile and easily compromised through reuse, "taint" analysis, tracking payments, IP address monitoring nodes, web-spidering, and many other mechanisms. Once broken this privacy is difficult and sometimes costly to recover.
Traditional banking provides a fair amount of privacy by default. Your inlaws don't see that you're buying birth control that deprives them of grand children, your employer doesn't learn about the non-profits you support with money from your paycheck, and thieves don't see your latest purchases or how wealthy you are to help them target and scam you. Poor privacy in Bitcoin can be a major practical disadvantage for both individuals and businesses.
Even when a user ends address reuse by switching to BIP 32 address chains, they still have privacy loss from their old coins and the joining of past payments when they make larger transactions.
Privacy errors can also create externalized costs: You might have good practices but when you trade with people who don't (say ones using "green addresses") you and everyone you trade with loses some privacy. A loss of privacy also presents a grave systemic risk for Bitcoin: If degraded privacy allows people to assemble centralized lists of good and bad coins you may find Bitcoin's fungibility destroyed when your honestly accepted coin is later not honored by others, and its decentralization along with it when people feel forced to enforce popular blacklists on their own coin.
隐私保护的意义,不翻译。
Concept-------------------------------------------------------------------------------------------------
The idea is very simple, first some quick background:
A Bitcoin transaction consumes one or more inputs and creates one or more outputs with specified values.
一个比特币交易消耗1个或多个输入和1个或多个输出
Each input is an output from a past transaction. For each input there is a distinct signature (scriptsig) which is created in accordance with the rules specified in the past-output that it is consuming (scriptpubkey).
每一个输入都是前一个交易的输出。对于每一个输入都有一个不同的签名scriptsig。
这个签名是由上一个交易的输出签名根据规则生成的。
The Bitcoin system is charged with making sure the signatures are correct, that the inputs exist and are spendable, and that the sum of the output values is less than or equal to the sum of the input values (any excess becomes fees paid to miners for including the transaction).
比特币系统确保签名的正确性。
输入存在,可以被使用。
输出的总价值小或者等于输入的总价值。额外的金额支付挖矿人员。
It is normal for a transaction to spend many inputs in order to get enough value to pay its intended payment, often also creating an additional 'change' output to receive the unspent (and non-fee) excess.
交易中经常会使用多个输入用于凑够足够的价值支付;
也经常会创建一个额外的输出用于接收找零。
There is no requirement that the scriptpubkeys of the inputs used be the same; i.e., no requirement that they be payments to the same address. And, in fact, when Bitcoin is correctly used with one address per payment, none of them will be the same.
输入的签名没有必要相同;
输出的签名也没有必要相同。
事实上,比特币使用在使用时每一笔交易的地址都不是相同的。
When considering the history of Bitcoin ownership one could look at transactions which spend from multiple distinct scriptpubkeys as co-joining their ownership and make an assumption: How else could the transaction spend from multiple addresses unless a common party controlled those addresses?
当考虑比特币隶属历史时,可以通过查看交易,通过co-joining的方法获得不同签名交易的隶属关系。
但是在交易来自于多个地址时怎么分辨了?除非拥有一个团体控制这些地址。
In the illustration 'transaction 2' spends coins which were assigned to 1A1 and 1C3. So 1A1 and 1C3 are necessarily the same party?
在图交易2中,支付比特币的地址时1A1和1C3,1A1和1C3一定是同一个个体么?
This assumption is incorrect. Usage in a single transaction does not prove common control (though it's currently pretty suggestive), and this is what makes CoinJoin possible:
判断是错误的。使用同一个交易不能证明相同的控制权。
这是CoinJoin方法得意实现的原因。
The signatures, one per input, inside a transaction are completely independent of each other. This means that it's possible for Bitcoin users to agree on a set of inputs to spend, and a set of outputs to pay to, and then to individually and separately sign a transaction and later merge their signatures. The transaction is not valid and won't be accepted by the network until all signatures are provided, and no one will sign a transaction which is not to their liking.
交易中每一个输入的签名对每个用户是独立的。
这意味着,比特币用户可以通过协商允许多个输入和多个输出的交易,然后每个用户独立分散的签名,最后将签名合并允许交易。
这个交易只有等所有签名都提供了,才能被判定合法并被网络接收。
如果有一个用户不同意,则不会签名。
To use this to increase privacy, the N users would agree on a uniform output size and provide inputs amounting to at least that size. The transaction would have N outputs of that size and potentially N more change outputs if some of the users provided input in excess of the target. All would sign the transaction, and then the transaction could be transmitted. No risk of theft at any point.
为了使用这种方法提高隐私保护能力,N个用户将协商同意一个标准的输入大小,并提供至少大于输出的输入。交易将拥有N个这种代销的输出以及潜在的多余N个不同的输出,当某些用户提供的输入大于目标大小。所有人签名交易,然后交易被出传播。
在任何时候都没有被盗窃的风险。
In the illustration 'transaction 2' has inputs from 1A1 and 1C3. Say we beliece 1A1 is an address used for Alice and 1C3 is an address used for Charlie. Which of Alice and Charlie owns which of the 1D and 1E outputs?
在图交易2中,有1A1 和 1C3两个输入地址,我们认为1A1是Alice的地址,1C3是Charlie的地址。
但是不能判断Alice和Charlie与两个输出地址1D和1E的对应关系。
The idea can also be used more casually. When you want to make a payment, find someone else who also wants to make a payment and make a joint payment together. Doing so doesn't increase privacy much, but it actually makes your transaction smaller and thus easier on the network (and lower in fees); the extra privacy is a perk.
这个主意可以使用的更加随意。
当你想进行一次支付时,寻找其他也想做支付的人,然后做一个合并交易。
这种做法不会增加太多的隐私保护能力,但是能够让你的的交易更小,因此更容易被网络接收,支付更少的交易费用。额外的隐私保护是一个额外收入。
Such a transaction is externally indistinguishable from a transaction created through conventional use. Because of this, if these transactions become widespread they improve the privacy even of people who do not use them, because no longer will input co-joining be strong evidence of common control.
这样的交易在常规交易中很难被察觉。
正因为如此,当这种交易被普遍使用时,即使不适用这种策略的用户也会提高隐私保护能力。
因为输入co-joining不会被作为集中控制的强有力证据。
There are many variations of this idea possible, and all can coexist because the idea requires no changes to the Bitcoin system. Let a thousand flowers bloom: we can have diversity in ways of accomplishing this and learn the best.
这种注意有很多变种,而且能够和平共处,因为不需要修改比特币系统。
我们有很多方法可以实现,能够学习到最好的办法。