• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Development Updates - July 7th

I as posted earlier, I think that this is great work and a big improvement even over the denominated change idea discussed on bitcointalk months ago. However allow me to play devil's advotcate here...

The most obvious knock on this solution is that all Darksend+ has done is make it mathematically less likely to be de-anonymized.

As I am sure the dev team knows that you can still be exposed by a bad actor if both the masternodes elected are owned by said actor or if two masternode owners collude. I know this is a good deal less likely than before, but it is far from impossible.

My question is what are the future plans regarding this issue?

Encryption of data flowing through masternodes? Clever use of I2P? Something else entirely? Or... Is the dev team of the opinion that Darksend+ is anonymous enough?

Thanks for any responses.
 
Last edited by a moderator:
  • Like
Reactions: ImI
Not yet, but we'll put that information out here, on twitter (and other social media outlets) as well as via email as soon as the timeframe is narrowed down. You can sign up for the mailing list here.
Thanks eltito, I have been signed up for those and I will keep an eye out for when to update.
 
I as posted earlier, I think that this is great work and a big improvement even over the denominated change idea discussed on bitcointalk months ago. However allow me to play devil's advotcate here...

The most obvious knock on this solution is that all Darksend+ has done is make it mathematically less likely to be de-anonymized.

As I am sure the dev team knows that you can still be exposed by a bad actor if both the masternodes elected are owned by said actor or if two masternode owners collude. I know this is a good deal less likely than before, but it is far from impossible.

My question is what are the future plans regarding this issue?

Encryption of data flowing through masternodes? Clever use of I2P? Something else entirely? Or... Is the dev team of the opinion that Darksend+ is anonymous enough?

Thanks for any responses.

You are right. If someone controlling both masternodes can deanonymize transactions (haven't checked with devs, maybe there is some measure in that area already), the risk is still there. However, thanks to the high number of masternodes, it is extremely low. I've done some numbers for 600 masternodes (we are at 605 now), 800 and 1000. At 600 you need 61 masternodes (now about 436k USD) coordinated to act roguely to get a 1% chance of deanonymize a transaction. With 1000 masternodes you need more than 100 masternodes for that 1%.

Of course, if you are just looking for any transaction, even a low percentage maybe good enough, but I'm sure devs can do something in the communication with MNs so the probability goes to zero. Something needs to be left for Darksend++ or the fun is going to be over too fast :wink:

You can check the numbers at the table below or in Google Docs: http://j.mp/1mEtWz4

MB53tkJ.png
 
You are right. If someone controlling both masternodes can deanonymize transactions (haven't checked with devs, maybe there is some measure in that area already), the risk is still there. However, thanks to the high number of masternodes, it is extremely low. I've done some numbers for 600 masternodes (we are at 605 now), 800 and 1000. At 600 you need 61 masternodes (now about 436k USD) coordinated to act roguely to get a 1% chance of deanonymize a transaction. With 1000 masternodes you need more than 100 masternodes for that 1%.

Of course, if you are just looking for any transaction, even a low percentage maybe good enough, but I'm sure devs can do something in the communication with MNs so the probability goes to zero. Something needs to be left for Darksend++ or the fun is going to be over too fast :wink:

You can check the numbers at the table below or in Google Docs: http://j.mp/1mEtWz4

MB53tkJ.png

Good stuff. I knew it was going to be rare, but nice to see some numbers. Just to be clear this was not a major concern of mine, but somebody has to play devil's advocate :wink:. Mind posting this over on bitcointalk as well. Might head off some of the FUD we are bound to get as America/Europe wake up to the DarkSend+ news.
 
Good stuff. I knew it was going to be rare, but nice to see some numbers. Just to be clear this was not a major concern of mine, but somebody has to play devil's advocate :wink:. Mind posting this over on bitcointalk as well. Might head off some of the FUD we are bound to get as America/Europe wake up to the DarkSend+ news.

I believe this is the problem of most anonymizing services. Look at TOR and you have the exact same issue, which is why it is so important to spread the network out as much as possible and to integrate as many nodes and servers as humanly possible. The more people we have to cloak our identity, the less likely we would get exposed by bad actors inside the network :)
 
Good stuff. I knew it was going to be rare, but nice to see some numbers. Just to be clear this was not a major concern of mine, but somebody has to play devil's advocate :wink:. Mind posting this over on bitcointalk as well. Might head off some of the FUD we are bound to get as America/Europe wake up to the DarkSend+ news.
Thanks, it is already there. I barely post at btctalk lately because it is too time consuming to read all the FUD and keep up with the thread, but chaeplin took care... I feel honored! :smile:

I completely understood you were just playing devil's advocate and I believe it is a very healthy exercise. Everyone shouting to-the-moon would turn this into a religion and I would quit the next minute.
 
We really need a way to make it impossible for transactions to be unmasked through node collusion. Having only a small chance isn't good enough. If we can get that, along with ip obfuscation, I'd say we're set.
 
I as posted earlier, I think that this is great work and a big improvement even over the denominated change idea discussed on bitcointalk months ago. However allow me to play devil's advotcate here...

The most obvious knock on this solution is that all Darksend+ has done is make it mathematically less likely to be de-anonymized.

As I am sure the dev team knows that you can still be exposed by a bad actor if both the masternodes elected are owned by said actor or if two masternode owners collude. I know this is a good deal less likely than before, but it is far from impossible.

My question is what are the future plans regarding this issue?

Encryption of data flowing through masternodes? Clever use of I2P? Something else entirely? Or... Is the dev team of the opinion that Darksend+ is anonymous enough?

Thanks for any responses.
One potential solution I think might be interesting would be use zerocoin-style zero knowledge proofs for passing outputs to a masternode. A sender could give his input transaction and another piece of data to the masternode, then after the inputs are collected, the masternode can calculate an accumulator based off the other data it received, then senders can send to the masternode their outputs along with a proof that allows the masternode to verify that the sender is part of the group who gave inputs, without revealing which one. The masternode then wouldn't be able to link inputs and outputs, and only a single node is required, instead of cooperation. The accumulator and proofs can just be discarded after the transaction is finished, as their only purpose is for the masternode to find out the outputs, so no blockchain bloat or increased computation in block verification occurs.
 
This has probably been addressed before but how does darkcoin get around de-anonymizing by simply looking at times and balances, i.e address A got 53 DRK poorer at the same instant address B got 53 DRK richer?
 
This has probably been addressed before but how does darkcoin get around de-anonymizing by simply looking at times and balances, i.e address A got 53 DRK poorer at the same instant address B got 53 DRK richer?
Let's say you want to send 25 DRK. The client will remove 50 from your wallet, then it will create new addresses with denominated amounts of DRK. From these, 25 DRK will be sent to masternode #2. The other 25 DRK will remain in your wallet under the new addresses. So it looks like you sent 50 ,but in reality your recipient received 25.
 
Let's say you want to send 25 DRK. The client will remove 50 from your wallet, then it will create new addresses with denominated amounts of DRK. From these 25 DRK will be sent to masternode #2. The other 25 DRK will remain in your wallet under the new addresses. So it looks like you sent 50 and the recipient received 25.
.
Oh ok, that's pretty neat. Thanks for explaining that, I was always confused about that
 
.
Oh ok, that's pretty neat. Thanks for explaining that, I was always confused about that
It's actually better than that. Since masternodes group transactions, and they all use the same input size of 10 coins, at that one moment 3 addresses get 10 coins poorer each, and 6 addresses get richer.
 
Back
Top