• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Jump start dash adoption by acquiring 400k users in 4 months

Should we give $1 to everyone who signs up and verifies with SMS OTP ?

  • yes

    Votes: 22 62.9%
  • no

    Votes: 13 37.1%

  • Total voters
    35
If you are going to the SMS route you don't actually need to store the Phone Number. Instead, you can store a Hash of the Phone Number, this way you can still check whether the Number has been used before without needing to store it. Though of course is pre supposed a certain level of trust in you. It's mostly to your own advantage if for example a government comes asking for that data you can honestly answer that you don't have it.

Really bad idea imho, there are only a relatively small number of phone numbers possible so it would be relatively easy to brute force a simple hash. Not sure beyond that though, the hashes re-hashed with another key would work but would put all the trust on the key holder, needs someone with crypto knowhow.
 
If you are going to the SMS route you don't actually need to store the Phone Number. Instead, you can store a Hash of the Phone Number, this way you can still check whether the Number has been used before without needing to store it. Though of course is pre supposed a certain level of trust in you. It's mostly to your own advantage if for example a government comes asking for that data you can honestly answer that you don't have it.
yes thanks that's what we are planning to do anyway ;)
 
If you are going to the SMS route you don't actually need to store the Phone Number. Instead, you can store a Hash of the Phone Number, this way you can still check whether the Number has been used before without needing to store it. Though of course is pre supposed a certain level of trust in you. It's mostly to your own advantage if for example a government comes asking for that data you can honestly answer that you don't have it.

This would be a Solomonic decision.
 
Really bad idea imho, there are only a relatively small number of phone numbers possible so it would be relatively easy to brute force a simple hash. Not sure beyond that though, the hashes re-hashed with another key would work but would put all the trust on the key holder, needs someone with crypto knowhow.

Read the below..

https://security.stackexchange.com/...g-phone-numbers-without-actually-knowing-them
drewbenn said:
"So for a pretty minimal expense an attacker could brute force any 10-digit number and unique salt combination in about a day (less if they only tested real area codes), or all the interesting numbers (those in the target's area code and physically adjacent area codes) in about 5 minutes."
:(


but there is a solution, proposed h-idden

With Isemis mention of "probability of false positives" I thought about Zero-knowledge proof. This answer makes no claims to be secure as it was never reviewed, so others should review and comment it. I am no professional security expert either and I didn't have the time to make sure the low number of possible phone numbers might be a problem.

  1. User A and User B connect to each other (directly or via server) and assign a random identifier (RI) to each contact their contacts and stores it in a list (LA and LB) together with the phonenumber padded with the nonce and after applying a Key derivation function. LA stays at A and LB stays at B.
  2. User A proves one round of knowlege (see Zero-knowledge proof) for each of the numbers in list LA together with RI. User B has to find out by bruteforce to which of the contacts in LB each RI of A might fit. Each contact without fit is dropped out of LB. Possible fits are stored in the list for next round to improve bruteforce speed.
  3. User B proves one round of knowlege for each of the numbers in list LB together with RI. User A has to find out by bruteforce to which of the contacts in LA each RI of B might fit. Each contact without fit is dropped out of LA. Possible fits are stored in the list for next round to improve bruteforce speed.
  4. Repeat step 2 and 3 often enough to be statistically secure that each one has proven each of the numbers to the other user.
  5. Optional: exchange the remainings in lists LA and LB in a secure way mentioned by others or via a secure channel between User A and User B to be sure the matching of RIs was correct.
With this algorithm the server or an observer never learns any relevant information about the contacts of A or B except their count and how many they have in common. User A and B only learn the same information as the server and the common contacts.

Since the first steps of the algorithm are exponential and ressource intensive one should include protection against DOS in implementations.
o_O:)

Or maybe another solution is to ask an authority to blindly sign a message containing your phone number, then implement some kind of a zeroknowlege proof.
 
Last edited:
Why exactly did you do this , I just dont understand why you want to give away our ideas to others which doesn't give anything in return ??.
Can you please explain whats your motivation
 
Why exactly did you do this , I just dont understand why you want to give away our ideas to others which doesn't give anything in return ??.
Can you please explain whats your motivation
We are talking about human lives who need 5$ to survive.
The more cryptocurrencies compete eachother by giving to the poor people some dividend, the better it is.
 
That's a noble idea so I am going to reserve by bashing , but don't do this in future

I am here to promote dash and dash only

If you want to promote your own ideas feel free to do it , but this particular one is my idea , so the minimum you should do is take consent before sharing it with our rivals don't you think ??
 
That's a noble idea so I am going to reserve by bashing , but don't do this in future

I am here to promote dash and dash only

If you want to promote your own ideas feel free to do it , but this particular one is my idea , so the minimum you should do is take consent before sharing it with our rivals don't you think ??

I appreciate your optimism, but I have the bad feeling that the proposal will fail both here and in PIVX.
Your proposal is awesome, but the daemons are the majority in this universe, and the bad always prevails.
 
i am not talking about the idea failing or winning , i am saying , why did you take the privilege of copying my idea ( word -to -word ) and use it elsewhere ?
 
i am not talking about the idea failing or winning , i am saying , why did you take the privilege of copying my idea ( word -to -word ) and use it elsewhere ?
Because this is what I always do. There is not a single idea, not a single word, that originates from me.
 
thats real bad behaviour , please stop copy pasting others ideas .. atleast take consent for the love of internet..
You shouldnt complain. There is a clear reference to you, in the first sentence of the proposal in PIVX. You are priviledged in that sense, this is something I dont usally do in most of my other proposals.
 
just to be clear, this campaign might not sound sexy, but this is one that gives most bang for the buck , when you look at cost per user acquisition
 
Why would somebody want to go to the trouble of brute forcing a list of hashed telephone numbers of people who received Dash?
Even though it may be cheap, the payoff is what?
 
Back
Top