• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Best practice when mixing masternode rewards

xkcd

Well-known member
Masternode Owner/Operator
As part of our scans over at https://mnowatch.org/ I came across this address XvVwJbTFzVd2FCCVFDg89wWiSS5WBy266n what is interesting about it is the inputs. For example, consider these transactions.

1641682674145.png


When we look at the input side, we see
1641682708118.png


This is a bunch of inputs (MN rewards) being collated into one UTXO, this is what MNOwatch bots scan for. The owner of this address, must also control all those masternodes in order to be able to spend their rewards.

1641682848742.png

The above TX shows a privateSend denominate transaction, this MNO is now mixing his coins, but wait, he made one fatal error and that is to combine all his inputs into one new input which then links all those mastenode nodes together.

From MNOwatch bots we were able to determine that this MNO owns the following masternodes and they are now categorised in our database.

Payout address
XevprsdaprzNQZzjAPWvELsmnx6MoBHkwF
XgX8TULNf9A8jmCKLKuaCNkxtxhuMENsHs
XgzS4YtMY63eVMGsPqfaBbBVk18BwXbJ4X
XinSvdZjEqvPDMPhndr4UEXSsrP2BExbsH
XiZ2tafwbYeNKLVkjb4eiGr2Gc2Z42sUmm
XpejiLrtCttrzMCqHAjocEQD3FJxPpVS9R
Xrjde2tT5JU73BZXJv4Bzf3nur5KxBkzr3
XuuU5MfXNPc6oHfDeuwwj3qbh913QtArUd
XuZU25WEfkRXeCucJ8eGvDGt5vHqiTmUYP
Xwi6LLZD5Ze1ixnCyxQ93981GLjE5dGH5y


So, what did he do wrong? How did he compromise some of his privacy when trying to do the right thing? This MNO likely has his payout addresses on his hardware wallet and is sending the rewards periodically to his desktop QT wallet for mixing. This results in the inputs being combined in this way. The ideal approach is to define/update the masternode to pay to an address (different one for each node!) that is exists in the Desktop QT wallet. That way the payments will arrive in the QT wallet and when he turns on mixing, the algorithm will NEVER combine inputs thus keeping the anonymity of the MNO, and we would never know how many nodes he has. As the mixing progresses, he can then send the mixed inputs back to the hardware wallet or where ever and we will be none the wiser.

Bottom line, when mixing, never combine inputs prior to mixing, doing so proves ownership of all inputs to that transaction and reduces your privacy.
 
CoinJoin is so easy to screw up, I'm sure the vast majority of users fail somewhere, or don't bother in the first place. And, I assume, most privacy breaks down the moment transactions hit the mempool.

Let's just admit it, CoinJoin is so dated it's not even funny. I hope it's not long when masternode payouts will be switched to username wallets.

Unfortunately, there's no way to get ZKPs into dash via DCG.
 
CoinJoin is so easy to screw up, I'm sure the vast majority of users fail somewhere, or don't bother in the first place. And, I assume, most privacy breaks down the moment transactions hit the mempool.

Let's just admit it, CoinJoin is so dated it's not even funny. I hope it's not long when masternode payouts will be switched to username wallets.

Unfortunately, there's no way to get ZKPs into dash via DCG.

We could possibly use a sidechain that runs ZKP for privacy, but that would require community demand. It could operate independently from the security of the Dash protocol and may not need to go through DCG management approval for that. Horizen could work on such a project with non-DCG leadership, but I don't think the energy is there for all this nor should we assume this would be straightforward (or feasible).
 
CoinJoin is so easy to screw up, I'm sure the vast majority of users fail somewhere, or don't bother in the first place. And, I assume, most privacy breaks down the moment transactions hit the mempool.

Let's just admit it, CoinJoin is so dated it's not even funny. I hope it's not long when masternode payouts will be switched to username wallets.

Unfortunately, there's no way to get ZKPs into dash via DCG.

Whoa there cowboy! Let's not throw the baby out with the bath water! The purpose of this post was to educate on the correct use of mixing and alert people to some of the pitfalls. Mixing is still the best privacy solution for Dash and unbreakable when a few simple guidlines are adhered too. We can blame DCG (again!) for not mentioning mixing at all and thus not educating people on the proper use of it. That task now squarely falls on us, the community.
 
I have done a little digging and found that XMR, ZEC and ZEN have all output performed dash in the past two years. Even NANO did better than dash for the same time period. I understand DCGs position but two years of data proves them wrong.

DASH-ratio.png


The chart reads, how much SYMBOL2 can be purchased with SYMBOL1. An ascending line means dash is stronger than SYMBOL2, while a descending line means dash has less purchasing power of SYMBOL2.

Dash's privacy only works on the send side. Receiving dash is not shielded, thus needs mixing before use, and it doesn't stop people observing the total amounts entering the public address before mixing. From a user point of view, it's just not good enough. Usernames will help somewhat, but still, the simplicity of privacy-by-default provides a better user experience, and arguably safer as there are fewer hoops to jump through. Additionally, the use case for transparency-by-default is limited to a small subset of the population e.g. charities and public office. ZKPs on a side-chain would be better than nothing.
 
I understand DCGs position but two years of data proves them wrong.
This is pure bunk, atributing Dash's slide against these shitcoins to our implementation of user privacy is pure nonesense, I won't go into the details of why the slide happened, that is discussed in another thread and your post is already very much off topic and opportunist.
 
This is pure bunk, atributing Dash's slide against these shitcoins to our implementation of user privacy is pure nonesense, I won't go into the details of why the slide happened, that is discussed in another thread and your post is already very much off topic and opportunist.

Well I dunno, you're the one that showed how a 10 node operator messed up. If someone is deep into dash and messes up, what are the odds for an average user?

It's good you went to the trouble of highlighting this, but in the same breath you're making the case that things could be improved.
 
Well I dunno, you're the one that showed how a 10 node operator messed up. If someone is deep into dash and messes up, what are the odds for an average user?

It's good you went to the trouble of highlighting this, but in the same breath you're making the case that things could be improved.
Specifically, the price decline is not due to the fact one needs to exercise some care with mixing. One needs to exercise some care when using Monero, for example if one receives and immediately spends on Monero, it can be traced. Privacy is a process. Dash's privacy can be improved, I have been in discussion with the devs about it, but at the end of the day, the user can still make mistakes, users always will, better guides and education on the matter are needed.
 
Back
Top