What
A private mailing application could be created utilizing Monero, couldn't it? It might work as follows
Important note: - Alternatives utilizing payloads and range proofs have been proposed by community members; these alternatives seem to be better solutions, thus we might use one of them instead of the original method I describe below).
Alice wants to send a private message to Bob.
Bob and Alice already have each others' public wallet addresses (and thus they can easily derive each others' public spend keys).
Alice writes an ASCII message M that she wishes to send to Bob. M is also the concatenation of k substrings, IOW M = M_1 + M_2 + ... + M_k
Let A_sign(x) mean "the result of Alice signing x with her private spend key".
Let B_crypt(y) mean "the result of encrypting y using Bob's public spend key"
Then for each i in [1..k], let PrivMsgChunk_i = B_crypt(A_sign(M_i)).
We chose k large enough such that each PrivMsgChunk_i is small enough to fit in a payment ID.
Alice stores an alphanumeric timestamp in variable A_Time
Alice sends k transactions T_1, ... T_k to Bob, where the payment ID of T_i is (letting '+' denote concatenation) "MAIL" + PrivMsgChunk_i + A_Time + i, where i is just the integer index.
Bob receives the transactions, extracts PrivMsgChunk_i, A_Time, and i from each payment ID, decrypts and verifies each PrivMsgChunk_i (yielding M_i), then arranges the message chunks according to i, yielding Alice's message M!
Note: The purpose of A_Time is to indicate that all "MAIL" transactions with that exact timestamp are part of the same message. Notes from /u/gingeropolous:
I know various mail ideas have been discussed. apparently you can pack a message in the range proof of a ringct transaction. it could also be possibl to attach payloads to transactions that arent included in the blockchain
Notes from /u/knaccc
The best place to put messages is the range proof, and this storage is effectively free (if you're making a transaction anyway) because a range proof has to exist for each output. The payload that the range proof can carry will be automatically encrypted using the shared secret. Luigi is working on a new, more compact range proof. Therefore if you spend time adapting the current range proof to carry data, you might incur some wasted effort. It would be therefore worth dropping luigi1111 a message on IRC to coordinate. I'd imagine that after the range proof is adapted to carry an encrypted payload, all Monero wallets will allow for a freeform text area which will accompany each transaction. It will be able to contain a message, a payment ID, JSON text, whatever you want. It'd be about 1800 characters, and it would not add to the cost of a transaction. It'd also not make the transaction stand out on the blockchain, which it would if you'd put the message in the txextra.
Scope
Either a separate command line monero-mail utility or we build it as an extension of monero-wallet-cli, pending feedback. GUI integration An included "contacts list" allowing users to add/remove nicknames and their associated XMR addresses. Motivation
It seems that this is something only Monero can do, e.g. Bitcoin could encrypt a message and send from Alice's address to Bob's, but even if eavesdroppers cannot read the encrypted message contents they still see that Alice is sending mails to Bob. That in itself is a violation of Alice & Bob's privacy.
/u/gingeropolous - You have been summoned in this thread by /u/Blow-that-Doge.
This convenience is brought to you by AutoMod. Submissions do not automatically summon users like comments do. AutoMod is trying to be helpful.
For others, it should no longer be necessary to summon the referenced user in a comment any more. AutoMod has done the heavy lifting for you. You're welcome. Bow before me.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.