Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Reply to Kristov's paper

Discussion in 'Official Developer Thread' started by eduffield, Sep 11, 2014.

  1. eduffield

    eduffield Core Developer
    Dash Core Team Moderator

    Joined:
    Mar 9, 2014
    Messages:
    1,084
    Likes Received:
    5,308
    Trophy Points:
    183
    In the spirit of transparency we contacted Kristov Atlas to ask him to do a review of our technology, Darksend. Shortly after, our community happily crowd funded it and Kristov got to work.

    Darksend+ is an iterative improvement on the previous version of Darksend and offers greatly improved anonymity. This functionality is directly built into the reference client for ease of use. Kristov reviewed the technology from every angle to give a thorough rundown of everything we needed to focus on in the future.

    What are we trying to fix?

    Bitcoin works with an unprecedented level of transparency that most people are not used to dealing with. Every transaction that has ever happened is stored permanently in a ledger that is made public for the world to see, forever.

    Darkcoin solves this problem by implementing an ahead-of-time CoinJoin implementation called Darksend. A user that wants to be anonymous can use the built in technology to utilize the Masternode network to make their transaction nearly impossible to track.

    How it works, By Kristov Atlas:
    http://blog.anonymousbitcoinbook.com/2014/08/visualizing-one-round-of-darkcoins-darksend/

    An analysis of Darkcoin’s Blockchain Privacy via Darksend+:
    http://cdn.anonymousbitcoinbook.com/darkcoin/darksend-paper/Atlas_Darksend-Analysis-v001.pdf

    Yesterday Kristov Atlas published an exhaustive review of the Darksend technology. It’s the most extensive review of Darksend to date. Below is an overview of the weaknesses that Atlas identified.

    [​IMG]

    Solved Weaknesses, utilizing Darksend+:
    • Contextual Fingerprinting Attack
    • Significand Attack
    • Lonely Denomination Attack
    • Disparate Spending Weaknesses
    • Conjoined Spend Weakness
    • Output Bias Weakness
    • Blockchain Analysis
    • Timing Analysis
    It’s worth noting that our strategy for Darksend+ has mitigated many different kinds of attacks that work on all similar crypto-currencies, while utilizing a trustless and decentralized system unlike anything else in existence.

    Overcoming these weaknesses was not a small feat, but will be our strongest advantage when competing as a privacy centric crypto-currency.

    Sybil Attack

    In a Sybil attack, the attacker subverts the reputation system of a peer-to-peer network by creating a large number of pseudonymous identities. This allows an attacker to gain information by observation.

    One of the most serious attack vectors found was a sybil attack on a two-peer Darksend denominated transaction. Requiring as few as two peers for Darksend transactions was never intended to be used beyond the scope of testing. As of RC5 this issue has been resolved.

    Other sybil-type attacks (such as the active denial to sign) are mitigated by the use of collateral in the core protocol, which is actively used in RC5.

    It’s worth noting that Darksend is not the only technology vulnerable to Sybil attack. All peer-to-peer systems have to deal with Sybil attacks, including Bitcoin and Cryptonote currencies.

    Masternode Snooping

    When Darksend peers mix with each other they use a dedicated node, called a Masternode. This node in the present implementation is required to be able to see the inputs and outputs of the transactions to ensure that parties sign, otherwise the system will charge them collateral fees.

    Peers mix with many different Masternodes in a row, known as “rounds” of anonymity in the client. To follow a transaction through the full process, a user must go through a series of malicious Masternodes. This process is random, so a bad actor would need to control many Masternodes in order to attack in this way.

    The trade off is a sybil resistant system or one with more personal privacy from snooping Masternodes. But in the case where a Masternode is blinded, collateral protection can’t be used. If a Masternode is blind to the submission of outputs and signing, by definition it would not know who to charge the collateral.

    There are other options available, such as banning inputs of users that attempt to break the system. Something like this will have to be utilized in addition to a blinded setup to protect the system from abuse.

    Darksend Queue Gaming

    This can completely be eliminated by utilizing a provably random Masternode using a deterministic algorithm based on the first user who enters the node, spawning the queue message. A Masternode then could detect the gaming and reject the user eliminating the problem altogether.

    Fat Sum Weakness

    This weakness happens when someone spends Darksend denominated funds that could not have come from another party.

    This is partially mitigated by having three participants per Darksend transaction and can be further mitigated by checking outgoing transactions and asking the user “This action will reduce your anonymity, are you sure?”.

    Blockchain Bloat

    Darkcoin utilizes anonymity only where it’s needed in the ecosystem. It’s automatically disabled for daemons, so the highest transaction clients will not be creating any form of bloat (Exchanges, Pools and most other high volume clients don’t require anonymity). This will allow the blockchain to grow at a much slower level than our competitors (i.e. cryptonote).

    Conclusion

    Darkcoin solves the anonymity problem by making the blockchain a fog. There are very few practical ways to attack our system and at it’s core and most of the attacks listed were based solely on the fact that the merged transaction were using only two participants while in the test environment. This has always been a known issue and never was intended to be used beyond testing.

    Privacy offered by Darksend can be thought of as a spectrum. Although no technology can ever be perfect, Darksend is intended to provide nearly complete anonymity. The research shows that while discounting the two-peer issues, the anonymity provided by Darksend is strong and will become stronger with further development.

    This research shows that Darkcoin and Darksend are maturing technologies and are ready for adoption and use by the general public.
     
    #1 eduffield, Sep 11, 2014
    Last edited by a moderator: Sep 11, 2014
    • Like Like x 39
  2. GreyGhost

    GreyGhost Well-known Member
    Foundation Member

    Joined:
    Jun 4, 2014
    Messages:
    303
    Likes Received:
    556
    Trophy Points:
    263
    Seriousness and maturity with which you steer this development is commendable. As a humble investor into this project, I thank you for it.
     
    #2 GreyGhost, Sep 11, 2014
    Last edited by a moderator: Sep 11, 2014
    • Like Like x 3
  3. Coins101

    Coins101 New Member

    Joined:
    May 14, 2014
    Messages:
    20
    Likes Received:
    4
    Trophy Points:
    3
    Great response.

    Can we remove ref to any particular coin that shall not be named, insert instead cryptonote?

    Well done. DRK is ready for prime time.

    edits made
     
    #3 Coins101, Sep 11, 2014
    Last edited by a moderator: Sep 11, 2014
    • Like Like x 2
  4. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,262
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Thank you, Evan, for all your hard work and for clearing some issues. So, MNs can't be blinded... Does it mean transactions can't be encrypted because of this? Is the MN snooping in your next plan to tackle?

    Again, thank you very much for this exciting project.
     
    #4 moli, Sep 11, 2014
    Last edited by a moderator: Sep 11, 2014
    • Like Like x 1
  5. pbleak

    pbleak Active Member

    Joined:
    May 15, 2014
    Messages:
    400
    Likes Received:
    173
    Trophy Points:
    113
    Thanks for the quick response and the transparency.
     
  6. georgem

    georgem Active Member

    Joined:
    Jul 10, 2014
    Messages:
    82
    Likes Received:
    110
    Trophy Points:
    93
    [​IMG]
     
    • Like Like x 5
  7. vertoe

    vertoe Three of Nine

    Joined:
    Mar 28, 2014
    Messages:
    2,574
    Likes Received:
    1,654
    Trophy Points:
    1,283
    All right, flare can close all my tickets on Jira then :D
     
    • Like Like x 2
  8. TanteStefana

    TanteStefana Moderator
    Linguistic Dash Core Team Foundation Member

    Joined:
    Mar 9, 2014
    Messages:
    2,795
    Likes Received:
    1,825
    Trophy Points:
    1,283
    I just posted on BCT how I felt every duff we donated to Kristov was worth it. I really appreciate that he explained all the known attack vectors (I'm assuming he checked every type of attack known, it certainly seemed thorough). He also gave us that wonderful chart from which I'm sure the team can deduce the best way to prioritize what needs to be done.

    Thanks Kristov! Great work, and I'm glad you said you'd update as things change. We really appreciate your keeping your eye on us!

    Note: I think Kristov mentioned that some of these issues would be resolved via a minimum of 3 participants in a mix, but it'd be nice if he could eventually update clearly that it does work. I have difficulty tracking and writing out this info myself, so his charts are a huge help. I'd love to see those same charts updated with 3 participants. I know and can "see" it in my head, how it mitigates many of these issues, but I don't trust my brain, and would love to see it written out and in pictures, LOL. I like picture books ;P
     
    #8 TanteStefana, Sep 12, 2014
    Last edited by a moderator: Sep 12, 2014
    • Like Like x 3
  9. JGCMiner

    JGCMiner Active Member
    Masternode Owner/Operator

    Joined:
    Jun 8, 2014
    Messages:
    300
    Likes Received:
    184
    Trophy Points:
    113
    Evan, this may be a silly question, but if in a blinded setup it is possible to ban malicious peers (as you mention above) then why can't we ban them AND force them to pay collateral. After all, to ban them don't we (the network) need to know who they are?
     
  10. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    701
    Likes Received:
    341
    Trophy Points:
    233
    eduffield

    I have a nagging concern. Last night I got a friend with no altcoin knowledge but with a fairly good grasp of consumer computing to read both Kristov's paper and your response.

    In my friends opinion he felt that Kristov had identified several major flaws in Darkcoin and that you hadn't made it clear on whether you had already fixed the problems or had plans to.

    I think everybody in this community must remember that in order to attract new money and interest we need to be able able to communicate to people with zero knowledge of what the product is.

    I appreciate that this might be an invalid argument as Kristov's paper was not intended for the layman but IMHO I think our public response to it has to be written in terms that anybody can understand.
     
    • Like Like x 4
  11. iHeartSmartArt

    Joined:
    May 2, 2014
    Messages:
    151
    Likes Received:
    59
    Trophy Points:
    88
    What I read, reassures my hunch. Darkcoin is leagues ahead of Bitcoin and other digital currencies. Making me instantly a proud member of this community.

    In terms of development on securing vulnerabilities, Atlas was showing every known attack vector to most cryptocoins. Alot went over my head, but I find and novices must understand Bitcoin attacks continue unmitigated, Duffield makes a better coin then Satoshi; By correcting what matters most and going about it in all the right ways.

    stonehedge I don't think it a valid argument considering this is the form we have had announcements in the past. Darkcoin is to be layman but you can get technical.
     
  12. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    701
    Likes Received:
    341
    Trophy Points:
    233
    Every small step that Evan and the community makes without pitching the success at Joe or Jane Average is a missed opportunity to lure in the lurkers.
     
  13. iHeartSmartArt

    Joined:
    May 2, 2014
    Messages:
    151
    Likes Received:
    59
    Trophy Points:
    88
    I think Evan gave a green light on that.:"This research shows that Darkcoin and Darksend are maturing technologies and are ready for adoption and use by the general public."
    "Get out, spread the word, use social media to relay updates and news of all kinds." vertoe Duffette#2
     
    • Like Like x 1
  14. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,262
    Likes Received:
    1,837
    Trophy Points:
    1,183
    I believe Evan would not let this coin to continue to have the flaws, seeing the progress he's made within just a short time for this project. So I would say we can be confident that perfecting Darkcoin is always in his mind. At the same time, I don't believe there's 100% anonymity in any crypto currency, but achieving 99.9999% or even a little lower is pretty amazing.
     
    #14 moli, Sep 12, 2014
    Last edited by a moderator: Sep 12, 2014
  15. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    701
    Likes Received:
    341
    Trophy Points:
    233
    I believe that too. I'm not questioning the project or Evan's will to deliver.

    I'm just trying to say that imho we're not blowing our own trumpet enough. And when we do blow our own trumpet, we're playing freestyle jazz and putting off the punters ;)
     
  16. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,262
    Likes Received:
    1,837
    Trophy Points:
    1,183
    Oh.. I'm so sorry... lol.. my fault. I meant to respond to your other post and the line you said that, "In my friends opinion he felt that Kristov had identified several major flaws in Darkcoin and that you hadn't made it clear on whether you had already fixed the problems or had plans to."

    Also, right now Evan is trying to roll out RC5, he's probably got too much to do, so i think we can wait and see. :)
     
  17. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    701
    Likes Received:
    341
    Trophy Points:
    233
    Agreed. I apologise if I come across overly negative sometimes. I used to work for a venture capital company that specialised in technology startups. I just can't get it out of my head that PR and comms should be a continual part of a project rather than something that happens from launch. I guess I'm not used to the concept of the development of a service/product being in the public eye. I still believe that the way our dev team works is a USP and that we should be shouting it from the rooftops.

    I feel wary that there are a lot of people reading these threads agonising over whether they want to get involved financially or not and if we want this project to succeed long term, we are going to have to pitch our announcements at the average home computer user.

    We have something awesome and for me, I'd rather attract a lot of smalltime adopters than be pumped and dumped by a whale.
     
    • Like Like x 2
  18. stonehedge

    stonehedge Well-known Member
    Foundation Member

    Joined:
    Jul 31, 2014
    Messages:
    701
    Likes Received:
    341
    Trophy Points:
    233
    For the record, I have never been pumped and dumped by a whale.
     
  19. eduffield

    eduffield Core Developer
    Dash Core Team Moderator

    Joined:
    Mar 9, 2014
    Messages:
    1,084
    Likes Received:
    5,308
    Trophy Points:
    183
    I systematically went through every issue that came up in the paper. Was there a specific question your friend could pose?
     
  20. Probe

    Probe New Member

    Joined:
    May 28, 2014
    Messages:
    25
    Likes Received:
    3
    Trophy Points:
    3
    Is "three participants DS" going to solve the sybil attack issue ?
    Masternode snooping appearing to be easy fix. Is it going to be implemented in RC 5 ?
     
  21. vertoe

    vertoe Three of Nine

    Joined:
    Mar 28, 2014
    Messages:
    2,574
    Likes Received:
    1,654
    Trophy Points:
    1,283
    Maybe re-read the first post in this thread? Most of it is fixed already :)
     
  22. alex-ru

    alex-ru Grizzled Member
    Dash Support Group

    Joined:
    Jul 14, 2014
    Messages:
    2,280
    Likes Received:
    3,201
    Trophy Points:
    1,183
  23. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,525
    Likes Received:
    1,259
    Trophy Points:
    183
  24. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,262
    Likes Received:
    1,837
    Trophy Points:
    1,183
    I have both v.1 and 2. Not sure if it's much use regarding Darksend because Aswan found a serious problem with DS security after Kristov passed it.
     
  25. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,525
    Likes Received:
    1,259
    Trophy Points:
    183
    good point, remind me was this about the transaction charge?
     
  26. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,262
    Likes Received:
    1,837
    Trophy Points:
    1,183
    • Like Like x 2
  27. alex-ru

    alex-ru Grizzled Member
    Dash Support Group

    Joined:
    Jul 14, 2014
    Messages:
    2,280
    Likes Received:
    3,201
    Trophy Points:
    1,183
    • Like Like x 1
  28. lessless

    lessless New Member

    Joined:
    Sep 2, 2015
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    eduffield, Do you have any defined timelines or plans how to address those vulnerabilities?
     
  29. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,085
    Likes Received:
    6,295
    Trophy Points:
    1,283
    Which once are you referring to ?
    The OP is from Sep last year, we are multiple updates and versions ahead of that release Kristof talked about.
     
    • Like Like x 1
  30. lessless

    lessless New Member

    Joined:
    Sep 2, 2015
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    All of them, it'll be good to see which ones are already fixed and which ones are still needed to be fixed
     

Share This Page