Darksend - Security Bulletin

eduffield

Core Developer
Mar 9, 2014
1,084
5,320
183
Edit: this has long sense been fixed. There are no known issues with DS Security.

--


We ask that everyone stop using Darksend for the time being, until we’re able to push out a fix to an issue Aswan found. This issue comes from the way fees are paid in Darksend with the combination of the way the client tries to denominate the same amount each round. The result is the possibility to trace a transaction through Darksend.

To fix this issue, we will add a mixing stage to Darksend that only mixes fee’s and we’ll have the client mix random amounts each session.

Regards,

The Darkcoin Team
 
Last edited by a moderator:

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,871
1,863
1,283
A huge thanks to Aswan!

Also, I was gonna send a debug file but mine was so huge, I couldn't get it downloaded, LOL. So I deleted it, and hopefully next time I'll be prepared :D
 

Raico

Well-known Member
Foundation Member
Dash Support Group
May 28, 2014
138
142
193
That's great~! Make our Darkcoin network more robust!

Thanks Aswan~ Thanks Evan and Dev team for the professional quality.
 
  • Like
Reactions: studioz

droptable

Member
May 27, 2014
42
14
48
HI there,
i think i have a more elegant solution.
(if i got the point correct.)

feel free to rip it apart or build on it.
droptable.



to explain this, it feels a little like a hen-egg-problem, please so don´t throw die idea away before finish reeding.


okay.
We start by saying, that you can no longer choose how many rounds your stuff should be mixed. Why? - explained later. We decide that the target for rounds to mix is 8.
The user submits his funds (example 10DRK) to the first masternode and pays a fee.
For the fee his funds are now marked as "payed in advance" an get a flag [double], i will here call RTC (roundsToCome). If the RTC falls below 1, it will be no longer mixed.

The RTC for a newly submittet 10DRK is 13. [8+(2xstandart deviation] (more later)

The masternode now waits for 3 other 10DRK´s and mixes it.

Now one round has to be substracted from the RTC-count. But how, without giving away, which 10drk are which?
easy: ((rtc1+trc2+rtc3+rtc4) / 4) -1

INCOMING
fund1: 10DRK -RTC: 13 <- "our" funds
fund2: 10DRK -RTC: 12
fund3 10DRK -RTC: 11
fund4; 10DRK -RTC 12

OUTGOING
xa: 10DRK -RTC -RTC 11
xb: 10DRK -RTC -RTC 11
xc: 10DRK -RTC -RTC 11
xd: 10DRK -RTC -RTC 11

so the RTC for all funds included in this round is just the average of all (minus one, since it got mixed).



RESTRICTIONS:
1) The masternode only uses funds to mix, if the span between the highest RTC and the lowest RTC in this round is <= 2;

2) (already mentioned:) You can only start with a target of 8 -> RTC of 13.
3) New denomination method (explained below)

why (1,2)? ->
If you are allowed to start multiple low RTC transactions you can artificially shorten the time other funds are in the mixing-period.
So everyone HAS to start with the same RTC. Otherwise you can cheat other funds out of their mixing-period.

The same goes for the max. span of 2.
Otherwise you can bring down a found to an RTC below 3 in less than 3 rounds.

if we start with an RTC of 13 the minimum Rounds is 7.
The average is 13, and the maximum is pretty high.


-> 3) new denomination method:
All funds will be split in to:
5
2
1
1
[1]
and the last 1
split into
5
2
1
1
[1]
and so on.

we can stop at 1 DRK or we go to 0.1

//explanation
you dakrsend 100DRK with a depth of 3:
50, 20, 10, 10, 5, 2, 1, 1, 0.5, 0.2, 0.1, 0.1

-> a) wich meens your funds will be mixed with the 50ts and twentys and tens of the guy who darksends his 1000DRK.
no more "i m mixing 1000DRK, can somebody please do the same"
-> b) since it is "harder" for a masternode to find corresponding funds (rtc1-rtc2 <= |2| ) it is necessary to make more "allike" darksend-funds.
-> c) It makes it even harder to "observe".


*same goes for "not-only-zero-and-ones--numbers":
380 = 100 + 200 + 50 + 20 + [10]

additional:
Y1) The RTC happens offchain, just by masternode cencus.
Y2) Does it take long for all the transactions -> HEY "WE HAVE" instantTX

ps: THANKS EVAN FOR ALL YOUR WORK
 
Last edited by a moderator:
  • Like
Reactions: TsuyokuNaritai

splawik21

Moderator
Dash Core Team
Foundation Member
Dash Support Group
Apr 8, 2014
1,937
1,294
1,283
Yes Tungfa, I knew he will be fast..but not as quick :)
 
  • Like
Reactions: tungfa

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Yes Tungfa, I knew he will be fast..but not as quick :)
Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)
 

splawik21

Moderator
Dash Core Team
Foundation Member
Dash Support Group
Apr 8, 2014
1,937
1,294
1,283
Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)
as always :) ready and steady....
 
  • Like
Reactions: moli

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,902
6,739
1,283
Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)
I am NOT a pandawan !
( I do not even know what that is )
I am a TUNGFA ! and patience is my middle name ...>>
;)
 
  • Like
Reactions: Dr.Crypto

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Tungfa, I know. We all have patience, but at the same time we want to tell Evan this....



LOL.... Just KIdding!!!

EDIT: Just changed the pic. Disclaimer: This meme has nothing to do with any history. I would love to get a key chain with this meme, or this coffee cup:


Would love to see someone make these so I can get them as gifts for coder friends and relatives.
 
Last edited by a moderator:
  • Like
Reactions: tungfa

stonehedge

Well-known Member
Foundation Member
Jul 31, 2014
696
333
233
Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

http://en.wikipedia.org/wiki/The_Blitz

http://bombsight.org/#11/51.5051/-0.0900

EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
 
Last edited by a moderator:
  • Like
Reactions: TanteStefana

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,871
1,863
1,283
Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

http://en.wikipedia.org/wiki/The_Blitz

http://bombsight.org/#11/51.5051/-0.0900

EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
Yah, my grandma, dad, uncle and aunt were in Hamburg during a similar event. Humans really know how to kill, don't they? But I had no idea that saying came from there! Hope it never ever happens again! ::hugs::

Edit, wow, what a cool graph!
 
  • Like
Reactions: tungfa

stonehedge

Well-known Member
Foundation Member
Jul 31, 2014
696
333
233
Yah, my grandma, dad, uncle and aunt were in Hamburg during a similar event. Humans really know how to kill, don't they? But I had no idea that saying came from there! Hope it never ever happens again! ::hugs::

Edit, wow, what a cool graph!
I visit Germany quite a lot. It really is tragic. Plenty of individual heroes on both sides, very much not a heroic outcome. Anyway, apologies for the derail.

I'm really impressed by how quickly Evan is on top of this issue and also how the market's have expressed confidence in Evan and the coin.
 
  • Like
Reactions: tungfa

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,871
1,863
1,283
Did you know that Superman is really a red head? I heard it reported from someone in New York, yes, it's true. They think they've got a track on him with the latest radar. He flies in from the west somewhere at speeds approaching the speed of light, whenever a damsel is in distress. I'm starting to put two and two together......
 
  • Like
Reactions: tungfa

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,902
6,739
1,283
Did you know that Superman is really a red head? I heard it reported from someone in New York, yes, it's true. They think they've got a track on him with the latest radar. He flies in from the west somewhere at speeds approaching the speed of light, whenever a damsel is in distress. I'm starting to put two and two together......
You didn't see the Evan Action Figures from China ?
Man they are selling them in Shenzhen since February ! They knew that this will be big ! .....>

 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

http://en.wikipedia.org/wiki/The_Blitz

http://bombsight.org/#11/51.5051/-0.0900

EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
Hey, I never thought this meme had a history. All I've seen is it's been used as something inspirational or funny so I was never aware it had any meaning other than just that, a "meme". But now you seemed upset and brought it up here, so i just googled and this is what i found from
https://en.wikipedia.org/wiki/Keep_Calm_and_Carry_On

"Keep Calm and Carry On was a motivational poster produced by the British government in 1939 in preparation for the Second World War. The poster was intended to raise the morale of the British public, threatened with widely predicted mass air attacks on major cities.[1][2] Although 2.45 million copies were printed, and although the Blitz happened, the poster was never publicly displayed and was little known about until a copy was rediscovered in 2000. It has since been re-issued by a number of private companies, and has been used as the decorative theme for a range of products."

Pretty interesting, "by the British govt,"... They should go to jail! :D
 

illodin

Member
Apr 26, 2014
122
71
78
HI there,
i think i have a more elegant solution.
(if i got the point correct.)

feel free to rip it apart or build on it.
droptable.



to explain this, it feels a little like a hen-egg-problem, please so don´t throw die idea away before finish reeding.


okay.
We start by saying, that you can no longer choose how many rounds your stuff should be mixed. Why? - explained later. We decide that the target for rounds to mix is 8.
The user submits his funds (example 10DRK) to the first masternode and pays a fee.
For the fee his funds are now marked as "payed in advance" an get a flag [double], i will here call RTC (roundsToCome). If the RTC falls below 1, it will be no longer mixed.

The RTC for a newly submittet 10DRK is 13. [8+(2xstandart deviation] (more later)

The masternode now waits for 3 other 10DRK´s and mixes it.

Now one round has to be substracted from the RTC-count. But how, without giving away, which 10drk are which?
easy: ((rtc1+trc2+rtc3+rtc4) / 4) -1

INCOMING
fund1: 10DRK -RTC: 13 <- "our" funds
fund2: 10DRK -RTC: 12
fund3 10DRK -RTC: 11
fund4; 10DRK -RTC 12

OUTGOING
xa: 10DRK -RTC -RTC 11
xb: 10DRK -RTC -RTC 11
xc: 10DRK -RTC -RTC 11
xd: 10DRK -RTC -RTC 11

so the RTC for all funds included in this round is just the average of all (minus one, since it got mixed).



RESTRICTIONS:
1) The masternode only uses funds to mix, if the span between the highest RTC and the lowest RTC in this round is <= 2;

2) (already mentioned:) You can only start with a target of 8 -> RTC of 13.
3) New denomination method (explained below)

why (1,2)? ->
If you are allowed to start multiple low RTC transactions you can artificially shorten the time other funds are in the mixing-period.
So everyone HAS to start with the same RTC. Otherwise you can cheat other funds out of their mixing-period.

The same goes for the max. span of 2.
Otherwise you can bring down a found to an RTC below 3 in less than 3 rounds.

if we start with an RTC of 13 the minimum Rounds is 7.
The average is 13, and the maximum is pretty high.


-> 3) new denomination method:
All funds will be split in to:
5
2
1
1
[1]
and the last 1
split into
5
2
1
1
[1]
and so on.

we can stop at 1 DRK or we go to 0.1

//explanation
you dakrsend 100DRK with a depth of 3:
50, 20, 10, 10, 5, 2, 1, 1, 0.5, 0.2, 0.1, 0.1

-> a) wich meens your funds will be mixed with the 50ts and twentys and tens of the guy who darksends his 1000DRK.
no more "i m mixing 1000DRK, can somebody please do the same"
-> b) since it is "harder" for a masternode to find corresponding funds (rtc1-rtc2 <= |2| ) it is necessary to make more "allike" darksend-funds.
-> c) It makes it even harder to "observe".


*same goes for "not-only-zero-and-ones--numbers":
380 = 100 + 200 + 50 + 20 + [10]

additional:
Y1) The RTC happens offchain, just by masternode cencus.
Y2) Does it take long for all the transactions -> HEY "WE HAVE" instantTX

ps: THANKS EVAN FOR ALL YOUR WORK
Anyone smart have an opinion on this?