Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Darksend - Security Bulletin

Discussion in 'Official Announcements' started by eduffield, Nov 10, 2014.

  1. eduffield

    eduffield Core Developer

    Joined:
    Mar 9, 2014
    Messages:
    1,084
    Likes Received:
    5,319
    Trophy Points:
    183
    Edit: this has long sense been fixed. There are no known issues with DS Security.

    --


    We ask that everyone stop using Darksend for the time being, until we’re able to push out a fix to an issue Aswan found. This issue comes from the way fees are paid in Darksend with the combination of the way the client tries to denominate the same amount each round. The result is the possibility to trace a transaction through Darksend.

    To fix this issue, we will add a mixing stage to Darksend that only mixes fee’s and we’ll have the client mix random amounts each session.

    Regards,

    The Darkcoin Team
     
    #1 eduffield, Nov 10, 2014
    Last edited by a moderator: Sep 13, 2015
    • Like Like x 22
  2. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    eduffield, thank you. I was a little concerned today.
     
  3. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,916
    Likes Received:
    1,273
    Trophy Points:
    1,283
    Evan will be there a new wallet release with pool police needed?
    If so I`m on duty ;)
     
    • Like Like x 3
  4. TanteStefana

    TanteStefana Grizzled Member
    Foundation Member

    Joined:
    Mar 9, 2014
    Messages:
    2,860
    Likes Received:
    1,854
    Trophy Points:
    1,283
    A huge thanks to Aswan!

    Also, I was gonna send a debug file but mine was so huge, I couldn't get it downloaded, LOL. So I deleted it, and hopefully next time I'll be prepared :D
     
  5. souptacular

    souptacular Well-known Member
    Foundation Member

    Joined:
    Jun 7, 2014
    Messages:
    62
    Likes Received:
    73
    Trophy Points:
    158
    Glad to see the team is on top of it. :cool:
     
    • Like Like x 1
  6. MangledBlue

    MangledBlue Well-known Member

    Joined:
    Jun 28, 2014
    Messages:
    1,246
    Likes Received:
    678
    Trophy Points:
    183

    if it's a larger file you can use - - >>>> wetransfer
     
  7. Raico

    Raico Well-known Member
    Foundation Member Dash Support Group

    Joined:
    May 28, 2014
    Messages:
    138
    Likes Received:
    142
    Trophy Points:
    193
    That's great~! Make our Darkcoin network more robust!

    Thanks Aswan~ Thanks Evan and Dev team for the professional quality.
     
    • Like Like x 1
  8. droptable

    droptable Member

    Joined:
    May 27, 2014
    Messages:
    42
    Likes Received:
    14
    Trophy Points:
    48
    HI there,
    i think i have a more elegant solution.
    (if i got the point correct.)

    feel free to rip it apart or build on it.
    droptable.



    to explain this, it feels a little like a hen-egg-problem, please so don´t throw die idea away before finish reeding.


    okay.
    We start by saying, that you can no longer choose how many rounds your stuff should be mixed. Why? - explained later. We decide that the target for rounds to mix is 8.
    The user submits his funds (example 10DRK) to the first masternode and pays a fee.
    For the fee his funds are now marked as "payed in advance" an get a flag [double], i will here call RTC (roundsToCome). If the RTC falls below 1, it will be no longer mixed.

    The RTC for a newly submittet 10DRK is 13. [8+(2xstandart deviation] (more later)

    The masternode now waits for 3 other 10DRK´s and mixes it.

    Now one round has to be substracted from the RTC-count. But how, without giving away, which 10drk are which?
    easy: ((rtc1+trc2+rtc3+rtc4) / 4) -1

    INCOMING
    fund1: 10DRK -RTC: 13 <- "our" funds
    fund2: 10DRK -RTC: 12
    fund3 10DRK -RTC: 11
    fund4; 10DRK -RTC 12

    OUTGOING
    xa: 10DRK -RTC -RTC 11
    xb: 10DRK -RTC -RTC 11
    xc: 10DRK -RTC -RTC 11
    xd: 10DRK -RTC -RTC 11

    so the RTC for all funds included in this round is just the average of all (minus one, since it got mixed).



    RESTRICTIONS:
    1) The masternode only uses funds to mix, if the span between the highest RTC and the lowest RTC in this round is <= 2;

    2) (already mentioned:) You can only start with a target of 8 -> RTC of 13.
    3) New denomination method (explained below)

    why (1,2)? ->
    If you are allowed to start multiple low RTC transactions you can artificially shorten the time other funds are in the mixing-period.
    So everyone HAS to start with the same RTC. Otherwise you can cheat other funds out of their mixing-period.

    The same goes for the max. span of 2.
    Otherwise you can bring down a found to an RTC below 3 in less than 3 rounds.

    if we start with an RTC of 13 the minimum Rounds is 7.
    The average is 13, and the maximum is pretty high.


    -> 3) new denomination method:
    All funds will be split in to:
    5
    2
    1
    1
    [1]
    and the last 1
    split into
    5
    2
    1
    1
    [1]
    and so on.

    we can stop at 1 DRK or we go to 0.1

    //explanation
    you dakrsend 100DRK with a depth of 3:
    50, 20, 10, 10, 5, 2, 1, 1, 0.5, 0.2, 0.1, 0.1

    -> a) wich meens your funds will be mixed with the 50ts and twentys and tens of the guy who darksends his 1000DRK.
    no more "i m mixing 1000DRK, can somebody please do the same"
    -> b) since it is "harder" for a masternode to find corresponding funds (rtc1-rtc2 <= |2| ) it is necessary to make more "allike" darksend-funds.
    -> c) It makes it even harder to "observe".


    *same goes for "not-only-zero-and-ones--numbers":
    380 = 100 + 200 + 50 + 20 + [10]

    additional:
    Y1) The RTC happens offchain, just by masternode cencus.
    Y2) Does it take long for all the transactions -> HEY "WE HAVE" instantTX

    ps: THANKS EVAN FOR ALL YOUR WORK
     
    #8 droptable, Nov 11, 2014
    Last edited by a moderator: Nov 11, 2014
    • Like Like x 1
  9. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,916
    Likes Received:
    1,273
    Trophy Points:
    1,283
    • Like Like x 1
  10. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
  11. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,916
    Likes Received:
    1,273
    Trophy Points:
    1,283
    Yes Tungfa, I knew he will be fast..but not as quick :)
     
    • Like Like x 1
  12. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)
     
  13. splawik21

    splawik21 Grizzled Member
    Dash Core Team Foundation Member Dash Support Group Moderator

    Joined:
    Apr 8, 2014
    Messages:
    1,916
    Likes Received:
    1,273
    Trophy Points:
    1,283
    as always :) ready and steady....
     
    • Like Like x 1
  14. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    [​IMG]
     
    • Like Like x 2
  15. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    I am NOT a pandawan !
    ( I do not even know what that is )
    I am a TUNGFA ! and patience is my middle name ...>>
    ;)
     
    • Like Like x 1
  16. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Tungfa, I know. We all have patience, but at the same time we want to tell Evan this....

    [​IMG]

    LOL.... Just KIdding!!!

    EDIT: Just changed the pic. Disclaimer: This meme has nothing to do with any history. I would love to get a key chain with this meme, or this coffee cup:

    [​IMG]
    Would love to see someone make these so I can get them as gifts for coder friends and relatives.
     
    #16 moli, Nov 12, 2014
    Last edited by a moderator: Nov 12, 2014
    • Like Like x 1
  17. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

    http://en.wikipedia.org/wiki/The_Blitz

    http://bombsight.org/#11/51.5051/-0.0900

    EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
     
    #17 stonehedge, Nov 12, 2014
    Last edited by a moderator: Nov 12, 2014
    • Like Like x 1
  18. TanteStefana

    TanteStefana Grizzled Member
    Foundation Member

    Joined:
    Mar 9, 2014
    Messages:
    2,860
    Likes Received:
    1,854
    Trophy Points:
    1,283
    Yah, my grandma, dad, uncle and aunt were in Hamburg during a similar event. Humans really know how to kill, don't they? But I had no idea that saying came from there! Hope it never ever happens again! ::hugs::

    Edit, wow, what a cool graph!
     
    • Like Like x 1
  19. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    696
    Likes Received:
    333
    Trophy Points:
    233
    I visit Germany quite a lot. It really is tragic. Plenty of individual heroes on both sides, very much not a heroic outcome. Anyway, apologies for the derail.

    I'm really impressed by how quickly Evan is on top of this issue and also how the market's have expressed confidence in Evan and the coin.
     
    • Like Like x 1
  20. TanteStefana

    TanteStefana Grizzled Member
    Foundation Member

    Joined:
    Mar 9, 2014
    Messages:
    2,860
    Likes Received:
    1,854
    Trophy Points:
    1,283
    Did you know that Superman is really a red head? I heard it reported from someone in New York, yes, it's true. They think they've got a track on him with the latest radar. He flies in from the west somewhere at speeds approaching the speed of light, whenever a damsel is in distress. I'm starting to put two and two together......
     
    • Like Like x 1
  21. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    You didn't see the Evan Action Figures from China ?
    Man they are selling them in Shenzhen since February ! They knew that this will be big ! .....>

    [​IMG]
     
    • Like Like x 6
  22. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Hey, I never thought this meme had a history. All I've seen is it's been used as something inspirational or funny so I was never aware it had any meaning other than just that, a "meme". But now you seemed upset and brought it up here, so i just googled and this is what i found from
    https://en.wikipedia.org/wiki/Keep_Calm_and_Carry_On

    "Keep Calm and Carry On was a motivational poster produced by the British government in 1939 in preparation for the Second World War. The poster was intended to raise the morale of the British public, threatened with widely predicted mass air attacks on major cities.[1][2] Although 2.45 million copies were printed, and although the Blitz happened, the poster was never publicly displayed and was little known about until a copy was rediscovered in 2000. It has since been re-issued by a number of private companies, and has been used as the decorative theme for a range of products."

    Pretty interesting, "by the British govt,"... They should go to jail! :D
     
    • Like Like x 2
  23. TanteStefana

    TanteStefana Grizzled Member
    Foundation Member

    Joined:
    Mar 9, 2014
    Messages:
    2,860
    Likes Received:
    1,854
    Trophy Points:
    1,283
    LOL, that's so AWESOME! You caught him in the act! LOL
     
    • Like Like x 2
  24. r-ando

    r-ando Well-known Member
    Foundation Member

    Joined:
    Jun 22, 2014
    Messages:
    411
    Likes Received:
    250
    Trophy Points:
    233
  25. illodin

    illodin Member

    Joined:
    Apr 26, 2014
    Messages:
    122
    Likes Received:
    71
    Trophy Points:
    78
    Anyone smart have an opinion on this?
     
  26. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183