Change Contracts using Atomic Transfers

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Just make the denoms 500, 100, 10, 5, 1, 0.5, 0.25, 0.1, 0.05, 0.025, 0.01 (and even 0.005, 0.0025, 0.001) and get this over with imo. Deal with bloating later if needed - "summary blocks", mini-blockchain, or some other form of pruning that is yet to be discovered.
If that's the case, go with 100, 10, 1, 0.10, 0.01, and .001, anything that is change back from a DS process that isn't able to be denominated is sent to the miners/masternode network as a fee. It's dust that quite frankly isn't worth trying to figure out what to do with. Should DRK increase dramatically in value, then there might be discussion about adding another decimal denomination.

I am curious though in terms of bloat going this direction vs the bloat expected from ring sigs and the like.
 

illodin

Member
Apr 26, 2014
122
71
78
If that's the case, go with 100, 10, 1, 0.10, 0.01, and .001
The reason I suggested 0.5, 0.25, 0.05 and 0.025 denoms as well is to keep the number of inputs somewhat reasonable. Block size is limited as well. It's a trade-off between bloating and time spent searching for mixing partners. But as the change is getting anonymized as well, we should have a good liquidity in those smaller denoms.
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
We have testnet.

Unless Evan or someone else knows for sure, we can model blockchain size at varying denom resolutions, MN load etc. and extrapolate. Some good old fashioned scientific method...?

Put up a testnet build with on the fly adjustable denoms. Test it down to Duffs. Lets go gather some data. Shouldn't even take that long to do.

My gut feeling is that after the initial spike to denom everything, network load will level off then grow linearly with number of users.
 
  • Like
Reactions: strix and UdjinM6

DrkMiner

Member
Jun 7, 2014
204
63
88
This was asked here before "Why can't the sender's wallet just categorize any change as non-anonymized funds?"

That would be the simplest solution! All change could go to "piggy bank" or whatever you want to call it to be re-anon again.

Could someone please explain why we can't implement that?

Thanks!
 

illodin

Member
Apr 26, 2014
122
71
78
Could someone please explain why we can't implement that?
Assume you have a 10 DRK anonymous input, and send 7 of that to Bob, and the 3 DRK change goes to non-anonymous funds. Then you decide to send 5 DRK to an exchange that has your name, email, and bank account info, so you see no reason to use anon funds. So you send that 3 DRK you got from the change and another 2 DRK. Now the exchange (and anyone who has authority over the exchange) knows it was you who sent 7 DRK to Bob.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Assume you have a 10 DRK anonymous input, and send 7 of that to Bob, and the 3 DRK change goes to non-anonymous funds. Then you decide to send 5 DRK to an exchange that has your name, email, and bank account info, so you see no reason to use anon funds. So you send that 3 DRK you got from the change and another 2 DRK. Now the exchange (and anyone who has authority over the exchange) knows it was you who sent 7 DRK to Bob.
Actually the 3 drk is still anonymous even though it doesn't show up in the "Create Darksend Transaction" category. I'm doing some testing on Testnet and found that if we keep using the change from the anonymous fund and don't mix it with the non-anonymous, the transactions still stay anonymous.
 

Minotaur

Well-known Member
Foundation Member
Apr 7, 2014
452
1,079
263
Actually the 3 drk is still anonymous even though it doesn't show up in the "Create Darksend Transaction" category. I'm doing some testing on Testnet and found that if we keep using the change from the anonymous fund and don't mix it with the non-anonymous, the transactions still stay anonymous.
I suppose they still stay anonymous but they are linked together? You know the person that made transaction A is the as the person that made transaction B, even though they are both anonymous?
 

DrkMiner

Member
Jun 7, 2014
204
63
88
Assume you have a 10 DRK anonymous input, and send 7 of that to Bob, and the 3 DRK change goes to non-anonymous funds. Then you decide to send 5 DRK to an exchange that has your name, email, and bank account info, so you see no reason to use anon funds. So you send that 3 DRK you got from the change and another 2 DRK. Now the exchange (and anyone who has authority over the exchange) knows it was you who sent 7 DRK to Bob.
Can't we give a new category to the change (3 DRK in the example) have the wallet Lock it and just re-anon it again.
Re-anon level could be set to, lets say 10 DRK. Once we have 10 DRK from change wallet will auto re-anon it.
 

illodin

Member
Apr 26, 2014
122
71
78
Can't we give a new category to the change (3 DRK in the example) have the wallet Lock it and just re-anon it again.
Re-anon level could be set to, lets say 10 DRK. Once we have 10 DRK from change wallet will auto re-anon it.
No, because then the changes would get linked together, and hence the transactions where the changes originated from.
 

DrkMiner

Member
Jun 7, 2014
204
63
88
No, because then the changes would get linked together, and hence the transactions where the changes originated from.
If Change from transactions A, B and C is placed on a new address and that address is anon. how could that be traced?

Don't forget that change from 3 transactions was already anon before.
What am I missing?
 

illodin

Member
Apr 26, 2014
122
71
78
If Change from transactions A, B and C is placed on a new address and that address is anon. how could that be traced?

Don't forget that change from 3 transactions was already anon before.
What am I missing?
Transactions A, B, and C can be linked together. You don't want A to know you sent money to B and C as well.

Does everyone agree, that each change has to be denominated and mixed separately?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Transactions A, B, and C can be linked together. You don't want A to know you sent money to B and C as well.

Does everyone agree, that each change has to be denominated and mixed separately?
I think at this point, it's the only logical way to go... get the change down to dust and send the dust to the network since it can't be used without linking tx's. Then focus on methods of pruning. While it's great to have a written record of transactions (the block chain), what good is it when it's all fog? Do we really need to have documentation all the way back to inception, no.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Here's what I meant by "if we keep using the change from the anonymous fund and don't mix it with the non-anonymous".

After I spent some money I have change on this screen, they are next to the check marks and I'm going to spend these change amounts for a total of 9.00000015 DRK. Notice these amounts are not listed as anonymous anymore because they're listed as "change", but they still have the little duffs at the ends:

upload_2014-11-26_17-16-44.png

And here is my transaction. Notice it's not "Darksent" because I could only use "Create Normal Transaction":

upload_2014-11-26_17-19-38.png

My transaction ID is: 671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe

Please help me if you can find my origin address from here:
http://test.explorer.darkcoin.fr/tx/671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe
 
Last edited by a moderator:

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,639
3,537
1,183
Here's what I meant by "if we keep using the change from the anonymous fund and don't mix it with the non-anonymous".

After I spent some money I have change on this screen, they are next to the check marks and I'm going to spend these change amounts for a total of 9.00000015 DRK. Notice these amounts are not listed as anonymous anymore because they're listed as "change", but they still have the little duffs at the ends:

View attachment 647

And here is my transaction. Notice it's not "Darksent" because I could only use "Create Normal Transaction":

View attachment 648

My transaction ID is: 671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe

Please help me if you can find my origin address from here:
http://test.explorer.darkcoin.fr/tx/671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe
The "dead change" as I understand it is not about "origin" address but about you previous 4 payments to mmfb6hxTdLT3gQGAEDr2g6Qug8ew2MwKoJ . Actually if you pay to the same merchant as you just did - it's ok but if they where different this would link them all together.
 
  • Like
Reactions: paperThin

paperThin

Member
Jun 13, 2014
106
19
68
Here's what I meant by "if we keep using the change from the anonymous fund and don't mix it with the non-anonymous".

After I spent some money I have change on this screen, they are next to the check marks and I'm going to spend these change amounts for a total of 9.00000015 DRK. Notice these amounts are not listed as anonymous anymore because they're listed as "change", but they still have the little duffs at the ends:

View attachment 647

And here is my transaction. Notice it's not "Darksent" because I could only use "Create Normal Transaction":

View attachment 648

My transaction ID is: 671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe

Please help me if you can find my origin address from here:
http://test.explorer.darkcoin.fr/tx/671ee71ceed558cdb9a66c10860193bb0f239b64037a436c3b88bdb28118b6fe
Moli,
Not sure the point you are driving at... but I can see that your 9.0000015 is related to the address: mmfb6hxTdLT3gQGAEDr2g6Qug8ew2MwKoJ
Which has a balance of 907 tDRK. Everything that mmfb6hxTdLT3gQGAEDr2g6Qug8ew2MwKoJ has done, which is a lot of transactions are tied to the 9.000015 you recently spent.

But what were you trying to show here?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Well this idea got shot to hell in a heartbeat. But, I'm glad it did because the solution implemented needs to work first and foremost, but secondly, shouldn't hinder the functionality of doing tx's (requiring a daemon running, passphrase security, potentially issues surround instantx implementation, etc).

So with it said, scale the denominations down under 1, understand there will be bloat, but look into a more workable solution to curbing a bloated blockchain. As already stated, keeping a fogged blockchain doesn't serve anything practical or meaningful.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
The "dead change" as I understand it is not about "origin" address but about you previous 4 payments to mmfb6hxTdLT3gQGAEDr2g6Qug8ew2MwKoJ . Actually if you pay to the same merchant as you just did - it's ok but if they where different this would link them all together.
I thought this was about how your transactions can be de-anonymized and traced back to your origin address. No?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
I thought this was about how your transactions can be de-anonymized and traced back to your origin address. No?
It has more to do with linking future purchases together with finding one's origin address a possible result.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,639
3,537
1,183
I thought this was about how your transactions can be de-anonymized and traced back to your origin address. No?
I have to remind you Aswan reply ;)
.....
What I mean is that if a dead change never gets used, it's fine, but when it gets used in a transaction that transacts more than the amount of the dead change and therefore needs another output as input, not only that transaction, but also it's change gets linked to the parent transaction of the initial dead change.
If you combine 2 or more dead changes, all the purchases of all of their parent transactions get linked together.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
It has more to do with linking future purchases together with finding one's origin address a possible result.
Then maybe user should only anonymize what he needs for each purchase and use all of that amount as a lump sump for that one-time purchase and be done over with ?
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Then maybe user should only anonymize what he needs for each purchase and use all of that amount as a lump sump for that one-time purchase and be done over with ?
You would need to use coin control on the sends to make sure you are pulling the appropriate denominations that are already anon so no change comes back. If you send normally via a ds tx, you might pull a larger denom and end up with change back.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
You would need to use coin control on the sends to make sure you are pulling the appropriate denominations that are already anon so no change comes back. If you send normally via a ds tx, you might pull a larger denom and end up with change back.
Yes, that's what I would use and have been using all along. It would be nice to have a feature like "How would you want to break down your money? Would you like to have 50 of 1's and 20 of 10's as denominations?" Just more small denoms so users can have less change and might as well just go ahead to give the change as tips to merchants.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Another thing: Maybe we need to create another wallet with the Coin Control open up in users' face and be used in place of the drop down list for "Create Darksend Transaction".. so users have no problem to find it and know they need to choose the exact amount to send, with no change back. Problem solved!
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
I have no idea what else Evan is currently working on, but I'd rather get on with IX and other stuff than spend weeks overanylising this issue. Denominate down to 0.1 or 0.01, bloat be damned, we have time to deal with it if it ever gets to be a problem. What merchants are going to be selling anything in units of less than 0.01 anyway?

Stick a warning popup in the client if a user tries to spend linkable change. Maybe make the auto input choosing a little bit smarter. Move on.

edit: Also, what moli said - make the coin control thing more obvious, make it a routine part of the process. You open your guvpaper wallet, you choose which notes and coins to take out, same thing.
 
Last edited by a moderator:

UdjinM6

Official Dash Dev
Dash Core Team
Moderator
May 20, 2014
3,639
3,537
1,183
I have no idea what else Evan is currently working on, but I'd rather get on with IX and other stuff than spend weeks overanylising this issue. Denominate down to 0.1 or 0.01, bloat be damned, we have time to deal with it if it ever gets to be a problem. What merchants are going to be selling anything in units of less than 0.01 anyway?

Stick a warning popup in the client if a user tries to spend linkable change. Maybe make the auto input choosing a little bit smarter. Move on.
Denomination to 0.1 might be a good temporary solution actually. And I would suggest to pay everything smaller than 0.1 as a tx fee - this will be the cost of the bloat. We can always shift it when price goes up. And we were talking about eliminating 500 and 100 denoms anyway...
The only problem is user have to have enough of these denoms to combine into right amount. If you have 100 DRK anonymized and you want to pay 19.9 you'll need 1x10, 9x1 and 9x0.1. And every time you pay you need to have full set of smaller denoms. So for 5 payments by 19.9 you'll need 5x10, 45x1, 45x0.1. Now imagine you want to pay by 9.9 instead... When you do it ahead-of-time you never know how many of each denoms you'll actually need.
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
Denomination to 0.1 might be a good temporary solution actually. And I would suggest to pay everything smaller than 0.1 as a tx fee - this will be the cost of the bloat. We can always shift it when price goes up. And we were talking about eliminating 500 and 100 denoms anyway...
The only problem is user have to have enough of these denoms to combine into right amount. If you have 100 DRK anonymized and you want to pay 19.9 you'll need 1x10, 9x1 and 9x0.1. And every time you pay you need to have full set of smaller denoms. So for 5 payments by 19.9 you'll need 5x10, 45x1, 45x0.1. Now imagine you want to pay by 9.9 instead... When you do it ahead-of-time you never know how many of each denoms you'll actually need.
Is it possible to allow users some control over this? If most of what I buy costs a few DRK, I'd rather have a lot of 1's, not so much of the 10's and 100's...