• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

CoinJoin not fully anonymous?

vertoe

Three of Nine
I've recently seen this here
http://de.scribd.com/doc/227369807/Bitcoin-Coinjoin-Not-Anonymous-v01

Abstract
Unlike widely claimed, it is shown that CoinJoin is not fully anonymous. We prove this by a simpleexample.Hence, the claim “CoinJoin (or DarkSend) provides full anonymity” is proven wrong. Users of crypto-currencies must be educated to be aware that solely using CoinJoin (as usede.g. in DarkCoin) does not guarantee anonymity at all.
 
I tend to agree that CoinJoin is incapable by design of offering 100% anonymity through technology - it has an obvious flaw if you want mathematically proven anonymity - the Master Nodes - they can be compromised, given an adversary with sufficient determination and resources.

However, it is the best practical solution I have seen realized (or at least nearly realized) so far and it IS practical because of the Master Node price, current interest in the coin and so many other little details.

Zerocoin still is theoretical work mostly and rests on too new to be trusted cryptography according to what I've read. DarkWallet (for BTC) is ridiculous in my opinion, being centralized, or so I've heard. I still don't understand well-enough ByteCoin's and inherently, Monero's mixing scheme, so I can't assess those very well.

This brings me to yet another reason to like DarkCoin - CoinJoin is a natural for humans feature to understand and realize how much trust to put in it themselves - something (a Master Node) mixes coins! True anonymity through decentralization is added by rewarding honest Master Nodes, randomly choosing which one of them will mix now and be paid. Every DarkSend transaction goes through multiple Master Nodes, exponentially lowering the chances of the anonymity to be compromised - one honest Master Node is enough. So, yeah, it never is the absolute 100% certain anonymity, however it is simple to understand how and why it works and to work out the numbers - anonymity is pretty much near 100% if you calculate it. At the moment I don't know through how many Master Nodes does each DarkSend transaction pass, but in case it passes through 10 Master Nodes and given 10% of the Master Nodes are dishonest, this means you have 0.1 (this is the 10% dishonest nodes) to the power of 10 (this is the amount of Master Nodes that a DarkSend transaction passes, please correct me with the right number), so this would be a 0.0000000001 (or 0.00000001%) chance your transaction doesn't pass even one honest Master Node. Given 50% of Master Nodes are compromised the chance is 0.0009765625 (or a bit less than 0.1%). That's the beauty of CoinJoin - it is simple, even for non technical people it obviously works and has very much near 100% anonymity.

EDIT: one last thing - personally I believe there should be greater decentralization among Master Nodes, or in other words, I think that 100-200 DRK should be enough to get one running. This will make people like myself trust the coin better.
 
Last edited by a moderator:
By the way the article I posted is totally crap and is full of sentences like these:
we cannot say for sure
It is very likely that
Hence it is very likely that
Leading to
Hence there is strong evidence that
The evidence is not 100% of course, but
And finally concludes
It has been shown that

It is very non-scientific and mainly FUD. But I agree that full anonymity is still a fallacy.
 
By the way the article I posted is totally crap and is full of sentences like these:

- snip -

It is very non-scientific and mainly FUD. But I agree that full anonymity is still a fallacy.

This isn't FUD, nor is it non-scientific. It shows that CoinJoin isn't fool-proof and that there's a possibility of deanonimization. However, anyone with common sense and a little technical understanding can tell that a thing like this can't be 100% anonymous. This is just how research is done. But people tend to get it the wrong way and don't get that "not 100% safe" can still mean "practically safe".
 
They show transaction 3 not using DarkSend, creating a hole. Also, I don't think they are showing stealth addresses correctly and do denominated amounts show up on the blockchain? I suppose they have to.... Also, they talk about a merchant billing a client, but I don't see any reason why the client has to pay without using Darksend? Is this just obfuscation? Plus, Evan never said it was 100% anonymous, though he did say he figured out a way to make it as anonymous as ring signatures and that we could expect to see it in RC4. He is always cautious not to say absolutes, but he did say it would be as anonymous as using ring signatures without adding bloat to the block chain.

But another great side effect of using a coinjoin based system for anonymity is that it will be quantum computer resistant if not proof. Or I should say it will work as well with QC's as it does with current computers. Cryptographic solutions may be pretty much unbreakable at this time, however in the very near future, when QC's come out, all those encrypted blockchains will easily be broken, and their history will spill out for anyone with a QC to see. Since the first QC's have already been manufactured, this is not science fiction.
 
Last edited by a moderator:
Well, at the doctor's office, I studied this some more, and it proves to me that all transactions must be DarkSend transactions. If a chain of events happens so that all players can be identified except the person being careful, that careful person could also be exposed. So there is a good point here. We must make DarkSend mandatory. But I understand Evan has something up his sleeve so I'm looking forward to hearing what it is, maybe even next week? Exciting!
 
Back
Top