Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Dash Security-Privacy Paper

Discussion in 'Privacy News & Tools' started by tungfa, Dec 5, 2016.

  1. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,939
    Likes Received:
    6,721
    Trophy Points:
    1,283
    Security-Privacy-Centric Solution For Anonymous DASH (Masternode) Local Wallet Based On Debian GNU/Linux, VirtualBox, Whonix GNU/Linux Including Tor And Tails
    – VERSION 0.1.7 [2016-12-03] –

    [​IMG]

    [​IMG]

    Please Download :
    https://drive.google.com/file/d/0B_yZ4OC682XgS2JjN0pSdDFTcHM/view?usp=sharing
    http://www.filedropper.com/securitypaperversion017
    OnionShare is available - ping me direct for download link [email protected] / or tungfa on dashforum​

    Author: Anonymous
    This very extensive /detailed Security Paper was donated to us by an anonymous source, Core Team members double checked facts and approved for posting and public discussion.
    https://www.dash.org/
    http://dashorg64cjvj4s3.onion

    Copyright:
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).
    http://creativecommons.org/licenses/by-nc-sa/4.0/

    Explanations/Links/Suggestions:
    [​IMG]
    Always use a VPN Service / Safety/ Security 1st Step
    What is a VPN:
    https://en.wikipedia.org/wiki/Virtual_private_network
    Recommended Services:
    (pay in Dash)
    BolehVPN https://bolehvpn.net
    VikingVPN https://vikingvpn.com
    QHoster http://www.qhoster.com
    MultiVPN http://multi-vpn.co.uk/
    AirVPN https://airvpn.org/

    [​IMG]
    https://www.debian.org
    What is ...

    [​IMG]
    https://www.torproject.org
    What is ...

    [​IMG]
    https://tails.boum.org
    What is ....

    [​IMG]
    https://www.virtualbox.org
    What is ...

    [​IMG]
    https://www.whonix.org
    What is ...

    [​IMG]
    Dash Core Wallet on Linux:
    https://www.dash.org/downloads/
    What is ...
     
    #1 tungfa, Dec 5, 2016
    Last edited by a moderator: May 9, 2018
    • Like Like x 10
    • Disagree Disagree x 1
  2. vertoe

    vertoe Three of Nine

    Joined:
    Mar 28, 2014
    Messages:
    2,574
    Likes Received:
    1,656
    Trophy Points:
    1,283
    Reading ...
     
    • Like Like x 7
    • Optimistic Optimistic x 4
    • Disagree Disagree x 1
  3. halso

    halso Active Member

    Joined:
    Apr 27, 2016
    Messages:
    440
    Likes Received:
    235
    Trophy Points:
    113
    Wow, if this solves the MN blinding problem then this is a pretty big development. Great to see significant community contributions like this.
     
    • Agree Agree x 2
    • Like Like x 1
    • Disagree Disagree x 1
  4. studioz

    studioz Well-known Member

    Joined:
    Sep 10, 2014
    Messages:
    540
    Likes Received:
    464
    Trophy Points:
    163
    Look who's back . welcome back
     
    • Like Like x 4
  5. studioz

    studioz Well-known Member

    Joined:
    Sep 10, 2014
    Messages:
    540
    Likes Received:
    464
    Trophy Points:
    163
    Top
     
    • Like Like x 3
    • Disagree Disagree x 1
  6. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Is the IP of a masternode hidden when someone tries to implements the guidelines of this paper?
    How this paper solves the IPv4 reveal of the masternodes?
    How masternodes recognise eachother via this scheme?
    How can you be anonymous if you reveal your IP to a masternode service provider (MNSP)?
    What the heck? What are they talking about? Is your real IP address consider as "very few information"?

    My thoughts on this paper is negative, because the application layer and the network layer are not separated in DASH. TOR may allow your masternode to change its IP. But as long as TOR is slow, there is a sychronization problem between all masternodes that are behind TOR and the masternodes that are not. This will tear the network apart, and will lead to double spending issues e.t.c. So the above paper is not the anonymity solution you are searching for.

    The protocol of dash should change first, and take into account all Masternodes that are behind TOR which may change their ip address in a rate of 5 times in a minute (the 5 is a randomly selected number that should be voted using numbers). You have to deal first with all sychronization problems that may appear (including the double spending issues!).

    The above paper is a general anonymity paper and has a few thing to offer to the Masternodes anonymity problem.
     
    #6 demo, Dec 5, 2016
    Last edited: Dec 5, 2016
    • Disagree Disagree x 1
  7. t0dd

    t0dd Active Member

    Joined:
    Mar 21, 2016
    Messages:
    144
    Likes Received:
    132
    Trophy Points:
    93
    Dash Address:
    XyxQq4qgp9B53QWQgSqSxJb4xddhzk5Zhh
    I don't know what it is, maybe a mental block(?) but demo... every post of yours is nearly incomprehensible to me. In this post... You are saying something about nodes behind tor would be too slow? (or could be too slow -- not sure if you tested this) Is that your criticism? I am having trouble understanding what you are actually trying to say.
     
  8. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    The dash protocol requires the masternodes to be sychronized. If some masternodes cannot communicate fast enough, then they are considered out of order. TOR transfer rates are low, so many TOR nodes (especially those who change their IPs often) they will be rejected by the DASH network due to the current DASH protocol.

    We dont know and we cannot predict how fast or how slow the TOR network may become. So we have to define hardcoded numbers. How many times per minute a masternode is allowed to change its IP? What is the minimum masternode connection speed? Those numbers should be defined by voting using numbers. We should not let the core team to decide that numbers once and for ever, because the correct decision cannot be predicted. We should not also let the core team to be able to change these numbers at will, because this gives them a huge control over the network. If we allow these numbers to be voted, that way the masternode owners will define the optimum numbers that fit to the current state of the TOR network, and this will turn DASH network to as anonymous as it can be and to as fast as it can be.

    All the above require protocol changes.
     
    #8 demo, Dec 5, 2016
    Last edited: Dec 5, 2016
  9. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    any chance you can read it outloud to us ? :rolleyes:
     
    #9 qwizzie, Dec 5, 2016
    Last edited: Dec 5, 2016
    • Funny Funny x 2
  10. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    I suggest we all take the time to digest this rather lengthy Security paper before making hasty comments (hasty comments like a particular person is already demonstrating in here)
     
    • Agree Agree x 1
  11. t0dd

    t0dd Active Member

    Joined:
    Mar 21, 2016
    Messages:
    144
    Likes Received:
    132
    Trophy Points:
    93
    Dash Address:
    XyxQq4qgp9B53QWQgSqSxJb4xddhzk5Zhh
    Interesting. I can't really comment until I read... this 100+ page document though. Ugh.
     
  12. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Dont read it. It has nothing to do with masternodes anonymity. It is a general anonymity guideline. Read it only if you are interested in anonymity in general.

    But if you are searching a solution for DASH anonymity of the masternodes, then reading this paper is a waste of time. Focus on the protocol of DASH, this is where the wrong (regarding anonymity) resides, and where the solution may be discovered.

    Focus on my signature.
     
    #12 demo, Dec 5, 2016
    Last edited: Dec 5, 2016
    • Disagree Disagree x 1
    • Creative Creative x 1
  13. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    This is indeed a very detailed security paper that analyses pretty much anything Dash related
    (it describes all the processes that are important to both users and masternode owners and it ranges
    from wallet use, to protecting masternodes online, to protecting users online.... and much much more).

    Interesting.
     
    #13 qwizzie, Dec 5, 2016
    Last edited: Dec 5, 2016
  14. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    and then this follows.....
    So this paper proposes to give all the network responsibility to the Masternode Service providers!! If the masternode service providers are compromised, then the whole DASH masternode network is compromised! The fewer the MNSP are, the easier it is for the DASH network to be compromised and exposed.

    Is this an advice that can be taken seriously? This paper may (or may not) solve the problem of the dash user anonymity. It has nothing to do with the problem of the masternodes anonymity. The advices the paper gives regarding masternodes anonymity are to the wrong direction.
     
    #14 demo, Dec 5, 2016
    Last edited: Dec 5, 2016
  15. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    I wonder if the recommandations of this security paper could be used to form the core of new to be developed user-friendly hardware solutions, where security and privacy are central.
     
  16. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    I dont think so. It is too complicated for a hardware solution. Too many software. The code used in hardware solutions has to be minimal and simple, in order to be secure.
     
  17. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    Reluctantly i have to agree with demo that this part does needs more discussion and risk evaluation.
    On the other hand it reminds me of how masternode hosting providers like node40 emerged and claimed part of Dash ecosystem.
    These MNSP's could be considered a logical extension on that .. or not.
     
    #17 qwizzie, Dec 5, 2016
    Last edited: Dec 5, 2016
  18. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Username sounds familiar...
     
  19. halso

    halso Active Member

    Joined:
    Apr 27, 2016
    Messages:
    440
    Likes Received:
    235
    Trophy Points:
    113
    Perhaps someone should test the proposed solution. A lot of talk and speculation. Presumably the author has already tested it?

    @demo, do you fancy giving it a go? I'll pay you your very first dash.
     
  20. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,463
    Likes Received:
    705
    Trophy Points:
    183
    Account picture looks familiar too....
     
  21. demo

    demo Well-known Member

    Joined:
    Apr 23, 2016
    Messages:
    3,114
    Likes Received:
    262
    Trophy Points:
    153
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    The solution obviously works because it is nothing else but recommendations of software packages the author believes that they are secure.
    The author suggests for all to try this solution by themselves, he is not suggesting for me demo to try the solution on behalf of another.
     
  22. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,939
    Likes Received:
    6,721
    Trophy Points:
    1,283
    i ad a 2nd download link
    http://www.filedropper.com/securitypaperversion017

    as i imagine google might not be too popular :rolleyes:

    if anybody has a tip where in the onion world i could post this as a Tor Download link please let me know
    (but file sharing/hosting does not really work down there due to speed issues)
    I have OnionShare installed - ping me direct for download link
     
    #22 tungfa, Dec 8, 2016
    Last edited: Dec 9, 2016
  23. GrandMasterDash

    GrandMasterDash Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 12, 2015
    Messages:
    2,666
    Likes Received:
    952
    Trophy Points:
    183
    Page 7

    "There's an entry point in the [Bitcoin] ecosystem and usually the identity of that person is known at that point and then once you get your money into the ecosystem you have a public ledger and all of the transactions that you do are completely available for anyone to look at. And what we're getting to with technology in the Bitcoin ecosystem is where anyone with enough computing power can go through and try to correlate all these addresses and figure out who's doing what and who's transferring money to who and then eventually sell that data which is a gross invasion of privacy. And I would rather get everyone more privacy rather than take it away from everybody because it's really you can only give it to everybody or you have to take it away from everybody in a system like this. And I know that there are going to be things that happen in the ecosystem that are illegal and this is just part of having rights. We have the right to privacy and some people will abuse that and I think there's a fine line to walk but we have to acknowledge that we want these rights and there's gonna be money like this that is on the Internet where everyone can see everything that's going on and I would rather [want] that money have an attribute of privacy for everybody useful."

    Page 9

    "The challenge of the new cypherpunk movement is to make secure and verified end-to-end encryption accessible to everyone, and turned on by default."

    A privacy-first MN network "turned on by default"... good enough for MNs then it's good enough for end-users. Vote Yes for privacy-first.
     
  24. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,939
    Likes Received:
    6,721
    Trophy Points:
    1,283
    #24 tungfa, Jan 3, 2017
    Last edited: Jan 3, 2017
    • Like Like x 1
    • Informative Informative x 1
  25. GrandMasterDash

    GrandMasterDash Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 12, 2015
    Messages:
    2,666
    Likes Received:
    952
    Trophy Points:
    183
    Get with it.. it's been decided that dash doesn't need a privacy-first or "Privacy-Centric" solution.
     
    • Funny Funny x 1
  26. t0dd

    t0dd Active Member

    Joined:
    Mar 21, 2016
    Messages:
    144
    Likes Received:
    132
    Trophy Points:
    93
    Dash Address:
    XyxQq4qgp9B53QWQgSqSxJb4xddhzk5Zhh
    • Like Like x 1
  27. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,939
    Likes Received:
    6,721
    Trophy Points:
    1,283
    corrected , pasted, copied, corrected ,.... god dammit :rolleyes: .... nearly there
    tx
     
    • Like Like x 1

Share This Page