• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Darksend - Security Bulletin

eduffield

Core Developer
Edit: this has long sense been fixed. There are no known issues with DS Security.

--


We ask that everyone stop using Darksend for the time being, until we’re able to push out a fix to an issue Aswan found. This issue comes from the way fees are paid in Darksend with the combination of the way the client tries to denominate the same amount each round. The result is the possibility to trace a transaction through Darksend.

To fix this issue, we will add a mixing stage to Darksend that only mixes fee’s and we’ll have the client mix random amounts each session.

Regards,

The Darkcoin Team
 
Last edited by a moderator:
A huge thanks to Aswan!

Also, I was gonna send a debug file but mine was so huge, I couldn't get it downloaded, LOL. So I deleted it, and hopefully next time I'll be prepared :D
 
A huge thanks to Aswan!

Also, I was gonna send a debug file but mine was so huge, I couldn't get it downloaded, LOL. So I deleted it, and hopefully next time I'll be prepared :D


if it's a larger file you can use - - >>>> wetransfer
 
That's great~! Make our Darkcoin network more robust!

Thanks Aswan~ Thanks Evan and Dev team for the professional quality.
 
HI there,
i think i have a more elegant solution.
(if i got the point correct.)

feel free to rip it apart or build on it.
droptable.



to explain this, it feels a little like a hen-egg-problem, please so don´t throw die idea away before finish reeding.


okay.
We start by saying, that you can no longer choose how many rounds your stuff should be mixed. Why? - explained later. We decide that the target for rounds to mix is 8.
The user submits his funds (example 10DRK) to the first masternode and pays a fee.
For the fee his funds are now marked as "payed in advance" an get a flag [double], i will here call RTC (roundsToCome). If the RTC falls below 1, it will be no longer mixed.

The RTC for a newly submittet 10DRK is 13. [8+(2xstandart deviation] (more later)

The masternode now waits for 3 other 10DRK´s and mixes it.

Now one round has to be substracted from the RTC-count. But how, without giving away, which 10drk are which?
easy: ((rtc1+trc2+rtc3+rtc4) / 4) -1

INCOMING
fund1: 10DRK -RTC: 13 <- "our" funds
fund2: 10DRK -RTC: 12
fund3 10DRK -RTC: 11
fund4; 10DRK -RTC 12

OUTGOING
xa: 10DRK -RTC -RTC 11
xb: 10DRK -RTC -RTC 11
xc: 10DRK -RTC -RTC 11
xd: 10DRK -RTC -RTC 11

so the RTC for all funds included in this round is just the average of all (minus one, since it got mixed).



RESTRICTIONS:
1) The masternode only uses funds to mix, if the span between the highest RTC and the lowest RTC in this round is <= 2;

2) (already mentioned:) You can only start with a target of 8 -> RTC of 13.
3) New denomination method (explained below)

why (1,2)? ->
If you are allowed to start multiple low RTC transactions you can artificially shorten the time other funds are in the mixing-period.
So everyone HAS to start with the same RTC. Otherwise you can cheat other funds out of their mixing-period.

The same goes for the max. span of 2.
Otherwise you can bring down a found to an RTC below 3 in less than 3 rounds.

if we start with an RTC of 13 the minimum Rounds is 7.
The average is 13, and the maximum is pretty high.


-> 3) new denomination method:
All funds will be split in to:
5
2
1
1
[1]
and the last 1
split into
5
2
1
1
[1]
and so on.

we can stop at 1 DRK or we go to 0.1

//explanation
you dakrsend 100DRK with a depth of 3:
50, 20, 10, 10, 5, 2, 1, 1, 0.5, 0.2, 0.1, 0.1

-> a) wich meens your funds will be mixed with the 50ts and twentys and tens of the guy who darksends his 1000DRK.
no more "i m mixing 1000DRK, can somebody please do the same"
-> b) since it is "harder" for a masternode to find corresponding funds (rtc1-rtc2 <= |2| ) it is necessary to make more "allike" darksend-funds.
-> c) It makes it even harder to "observe".


*same goes for "not-only-zero-and-ones--numbers":
380 = 100 + 200 + 50 + 20 + [10]

additional:
Y1) The RTC happens offchain, just by masternode cencus.
Y2) Does it take long for all the transactions -> HEY "WE HAVE" instantTX

ps: THANKS EVAN FOR ALL YOUR WORK
 
Last edited by a moderator:
Yes Tungfa, I knew he will be fast..but not as quick :)
 
Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)
as always :) ready and steady....
 
30938524.jpg
 
Be patient, young padawan! It will be all good, just be prepared to get on Testnet when the bell rings. We'll roll it out in no time. :)

I am NOT a pandawan !
( I do not even know what that is )
I am a TUNGFA ! and patience is my middle name ...>>
:wink:
 
Tungfa, I know. We all have patience, but at the same time we want to tell Evan this....

keep-calm-and-code-faster-14.png


LOL.... Just KIdding!!!

EDIT: Just changed the pic. Disclaimer: This meme has nothing to do with any history. I would love to get a key chain with this meme, or this coffee cup:

mugs-r7bbfd3a5b7f74d7eb22d000b017967bd_x7jgr_8byvr_500.png

Would love to see someone make these so I can get them as gifts for coder friends and relatives.
 
Last edited by a moderator:
Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

http://en.wikipedia.org/wiki/The_Blitz

http://bombsight.org/#11/51.5051/-0.0900

EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
 
Last edited by a moderator:
Whoever came up with the idea of using "Keep calm and...." on everything from tshirts to tea towels should be thrown in jail for creating an annoying meme over something created to try to raise morale after 40,000 civillians were killed and 1 million homes destroyed in just 37 weeks.

http://en.wikipedia.org/wiki/The_Blitz

http://bombsight.org/#11/51.5051/-0.0900

EDIT: Ok, maybe tarred and feathered. Bit of a raw nerve for a Londoner.
Yah, my grandma, dad, uncle and aunt were in Hamburg during a similar event. Humans really know how to kill, don't they? But I had no idea that saying came from there! Hope it never ever happens again! ::hugs::

Edit, wow, what a cool graph!
 
Yah, my grandma, dad, uncle and aunt were in Hamburg during a similar event. Humans really know how to kill, don't they? But I had no idea that saying came from there! Hope it never ever happens again! ::hugs::

Edit, wow, what a cool graph!

I visit Germany quite a lot. It really is tragic. Plenty of individual heroes on both sides, very much not a heroic outcome. Anyway, apologies for the derail.

I'm really impressed by how quickly Evan is on top of this issue and also how the market's have expressed confidence in Evan and the coin.
 
Did you know that Superman is really a red head? I heard it reported from someone in New York, yes, it's true. They think they've got a track on him with the latest radar. He flies in from the west somewhere at speeds approaching the speed of light, whenever a damsel is in distress. I'm starting to put two and two together......
 
Back
Top