Which Masternode model should we implement?

eduffield

Core Developer
Mar 9, 2014
1,084
5,323
183
There's a couple of competing ideas that have been floating around and I'm not sure which one is superior. The basic question is, should the masternodes show their IPS or not? The answer everyone immediately comes up with is "No", but there are some trade offs to both systems.

Keep in mind, the masternodes individually MUST be able to respond to requests within a few seconds, therefore a anonymity solution such as TOR/I2P is impossible.

1.) One node per IP.
-Higher cost to run a node
-Network will support more computing power
-Zero anonymity for masternode operators
-Much faster response time for Masternode tasks
-Support tasks on direct connection to masternode (Greater security for DS and other tasks like that).
-Highly resistant to DDOS (thousands of machines)
-Less centralization
-Supports Masternode Blinding

2.) Removal of IPS
-Some basic level of anonymity for masternode operators
-Hosts can still be found, it'll just require slightly more work
-Less cost to operate masternodes
-Network as a whole is more slightly more resistant to DDOS
-Will support outbound only masternodes. I.e: How do you attack a node you can't connect to?
-No direct connection to masternodes (DS will be slightly less secure)
-Supports Masternode Blinding

I'm personally leaning toward #1. I don't want Masternode operators to believe their anonymous when they are in fact not at all. They're also incredibly important to the network, so the service must be fast and robust as possible.
 

stonehedge

Well-known Member
Foundation Member
Jul 31, 2014
696
333
233
One vote for 1 from me.

Seems like a no brainer. Option 2 is just too innovative for my old fashioned ways :D
 
  • Like
Reactions: mastermined

fernando

Powered by Dash
Foundation Member
May 9, 2014
1,527
2,059
283
I'm with #1 too. The only real advantage of #2 is about anonymity for masternode owners, but if it is only basic it doesn't make much sense. We are already very resistant to DDOS with around 2.2k masternodes and the cost of running MS is not a big issue atm.
 

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,899
6,744
1,283
# 1
sound more solid for network and security
MN operators have nothing to hide as we are not doing anything illegal
 
  • Like
Reactions: mastermined

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Difficult decision to make.....
I'd still like to see Masternodes be able to have invisible IPs and at the same time able to do all the wonderful tasks...
Decision decision...
 
  • Like
Reactions: r-ando

ErrorId

Member
Mar 9, 2014
158
41
88
Canada
I also vote for 1. Stick with what we know until we can properly hide the masternodes.
 
Last edited by a moderator:

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
It's kinda ironic right now that Masternodes help Darksend transactions to be anonymous but Masternodes themselves can't be anonymous. I hope they will have this chance in the future. :)
 
  • Like
Reactions: r-ando

Aswan

Member
Jun 26, 2014
68
216
73
2.) Removal of IPS
-No direct connection to masternodes (DS will be slightly less secure)
I think this can be fixed by using a bitmessage-like system where communication between mixing participants and the masternode is broadcast to everyone on the network. This communication can be encrypted with a public key only that specific masternode has the private key to. It then answers with an encrypted message only the participant as the private key to.
Since this kind of communication happens just-in-time, no blockchain is needed for it because after a timeout, the whole process has to start over again anyway.

I have not decided if I am for #1 or #2, but I think if we fix the above mentioned, #2 is the better choice


Edit:
OK, #1 it is! Thanks everyone
I think we should think about how we can fix the different disadvantages of the 2 options before deciding =/
 

eduffield

Core Developer
Mar 9, 2014
1,084
5,323
183
I think this can be fixed by using a bitmessage-like system where communication between mixing participants and the masternode is broadcast to everyone on the network. This communication can be encrypted with a public key only that specific masternode has the private key to. It then answers with an encrypted message only the participant as the private key to.
Since this kind of communication happens just-in-time, no blockchain is needed for it because after a timeout, the whole process has to start over again anyway.

I have not decided if I am for #1 or #2, but I think if we fix the above mentioned, #2 is the better choice


Edit:


I think we should think about how we can fix the different disadvantages of the 2 options before deciding =/
That doesn't make the masternode owners anonymous. It just makes the communication a more secure. It doesn't protect the source of the communication at all, just the contents.

Here's how you de-anonymize the masternodes in a system like that:
http://arxiv.org/pdf/1405.7418v1.pdf

Any technology that protects the source of the communication will be very slow.
 

Aswan

Member
Jun 26, 2014
68
216
73
That doesn't make the masternode owners anonymous. It just makes the communication a tad more secure.

Here's how you de-anonymize the masternodes in a system like that:
http://arxiv.org/pdf/1405.7418v1.pdf

Thanks for the link.
It was not a suggested solution for the anonymity issue but for the "-No direct connection to masternodes (DS will be slightly less secure)" part.
 

eduffield

Core Developer
Mar 9, 2014
1,084
5,323
183
Thanks for the link.
It was not a suggested solution for the anonymity issue but for the "-No direct connection to masternodes (DS will be slightly less secure)" part.
Ah, ok. Yes that part can be fixed for sure.
 

strix

Well-known Member
Foundation Member
Sep 14, 2014
140
121
193
The Shadow Lands
Well it's just a suggestion I came up with on the fly since this was about to be decided. I might be totally wrong but I thought it was worth bringing this up.
It is no secret that my tech knowledge is limited, so in a very real sense I am not qualified to vote (besides the decision has been made;)). However, Aswan's comment that IF the referenced problem could be solved, he would vote for option two, AND the fact that our intrepid leader seems to agree that it could, I think the door needs to be left open. Clearly the need today is for stability and speed, and as tungfa pointed out, legality is not an issue at this point. The caveat of course is that "this point" is likely to change. I hope we will be prepared when it does.
 

yidakee

Well-known Member
Foundation Member
Apr 16, 2014
1,812
1,168
283
Assuming the vast majority (ever) of MN Ops are already out in the open, their anonymity is already compromised. IF they are worried about it, they should use anonymous VPS providers like Flokinet that accepts DRK, or other providers that accept cryptos.

I'm not in the US, so I am in a proviledged position to absolutely not care a damn thing what crazy excuse the FED would have to implicate me with illegal activity, which is ridiculously easy to alegate against anyway, before any hearing committee.

We are earning minted coins from an absolutely legitimate business. Ross Ulbricht ran a centralizes websites and earned millions in dirty money. Shreem helped dirty money. We mint coins and do any coins going around MN's are totally uknown to us.

I vote #1 as it clearly improves performance, which is key here.
 
Last edited by a moderator:

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
For those of you advocating the IP's shouldn't shown, try to view it in the context of the existing network. While some owners are certainly willing to setup new masternodes under different IPs (now hidden), the far more probable scenario is the majority of the network stays on the same IP's they already use either due to the fact they are A) lazy or B) committed to their providers for months/years for getting a better rate. This means that even with the masternode network no longer showing IP addresses of the masternodes, the lists of existing masternodes with IP's are already out there. You could dump the whole list from DRK.MN and probably connect to 80% after the IPs are no longer shown. Just some food for thought.

Or, as Evan already mentioned to me--what happens if someone sits on the network long enough to monitor where the nodes are anyway or creates some sort of deanonymizer to show the IP addresses--it would look as though Darkcoin is vulnerable/hacked/weak.

There is nothing inherently illegal (and I say this from a US standpoint) about running a masternode.
 
  • Like
Reactions: Raico

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Assuming the vast majority (ever) of MN Ops are already out in the open, their anonymity is already compromised. IF they are worried about it, they should use anonymous VPS providers like Flokinet that accepts DRK, or other providers that accept cryptos.

I'm not in the US, so I am in a proviledged position to absolutely not care a damn thing what crazy excuse the FED would have to implicate me with illegal activity, which is ridiculously easy to alegate against anyway, before any hearing committee.

We are earning minted coins from an absolutely legitimate business. Ross Ulbricht ran a centralizes websites and earned millions in dirty money. Shreem helped dirty money. We mint coins and do any coins going around MN's are totally uknown to us.

I vote #1 as it clearly improves performance, which is key here.
Just to clarify, no coins from any user flow through any masternode. The coins are mixed intrawallet. There is a misconception going around that anyone that uses Darksend has their coins flow through the masternodes themselves. This is not the case.
 

yidakee

Well-known Member
Foundation Member
Apr 16, 2014
1,812
1,168
283
I know I know, that was just "small talk", but good you mentioned it for further reader reference
 
  • Like
Reactions: Raico

TaoOfSatoshi

Grizzled Member
Jul 15, 2014
2,841
2,649
1,183
Dash Nation
www.dashnation.com
Assuming the vast majority (ever) of MN Ops are already out in the open, their anonymity is already compromised. IF they are worried about it, they should use anonymous VPS providers like Flokinet that accepts DRK, or other providers that accept cryptos.

I'm not in the US, so I am in a proviledged position to absolutely not care a damn thing what crazy excuse the FED would have to implicate me with illegal activity, which is ridiculously easy to alegate against anyway, before any hearing committee.

We are earning minted coins from an absolutely legitimate business. Ross Ulbricht ran a centralizes websites and earned millions in dirty money. Shreem helped dirty money. We mint coins and do any coins going around MN's are totally uknown to us.

I vote #1 as it clearly improves performance, which is key here.
Well said.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
Just to clarify, no coins from any user flow through any masternode. The coins are mixed intrawallet. There is a misconception going around that anyone that uses Darksend has their coins flow through the masternodes themselves. This is not the case.
True. But why are we going to blind the Masternodes? The case is Masternodes can record DS transactions which then can be de-anonymized by taking hold of a majority of the MNs? The MNs are there to support DS. So there's obviously a close relation between the two systems.
 

splawik21

Moderator
Dash Core Team
Foundation Member
Dash Support Group
Apr 8, 2014
1,946
1,306
1,283
Point 1
we need strong DS, this coin is for anonymity so even hiding IP of the MNs is very important.
We can and should think how to use the point 2 things and improve nr 1.
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
True. But why are we going to blind the Masternodes? The case is Masternodes can record DS transactions which then can be de-anonymized by taking hold of a majority of the MNs? The MNs are there to support DS. So there's obviously a close relation between the two systems.
The probabilities of deanonymizing a DS transaction, especially over a large number of rounds is already very slim as the percentage of the majority you would need to own would be substantial (and substantial capital investment behind it). Further blinding masternodes from all the "inputs" completely takes any argument of rogue nodes and throws it out the window.

I fail to see the point you are making, especially if it is surrounding an exposed IP.
 

moli

Grizzled Member
Aug 5, 2014
3,255
1,830
1,183
The probabilities of deanonymizing a DS transaction, especially over a large number of rounds is already very slim as the percentage of the majority you would need to own would be substantial (and substantial capital investment behind it). Further blinding masternodes from all the "inputs" completely takes any argument of rogue nodes and throws it out the window.

I fail to see the point you are making, especially if it is surrounding an exposed IP.
Just in case...
Evan has been doing improvements upon improvements so I believe this will be done in the future.
We'll get there ... :)
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
Just in case...
Evan has been doing improvements upon improvements so I believe this will be done in the future.
We'll get there ... :)
Masternode blinding is happening regardless of what happens with IPs.
 
  • Like
Reactions: Raico

GermanRed+

Active Member
Aug 28, 2014
299
109
113
While we are on this subject of having one IP per MN or not, is there any incentive to change the payment method to round ribbon based on the total number of darksend transactions served by MNs instead of the total number of MNs on the network?

I mean renting a VPS can be cheap too. Would it be better if the MN operators run their MNs on their own machine(s) instead of on some VPS or cloud?

If a MN serves more transactions and has better network response, should we pay that MN more often than some MN that serves fewer transactions? Of course, we need to make sure that MNs are selected with some fair rules during a darksend transaction if we do that.
 

oblox

Well-known Member
Aug 6, 2014
1,032
537
183
While we are on this subject of having one IP per MN or not, is there any incentive to change the payment method to round ribbon based on the total number of darksend transactions served by MNs instead of the total number of MNs on the network?

I mean renting a VPS can be cheap too. Would it be better if the MN operators run their MNs on their own machine(s) instead of on some VPS or cloud?

If a MN serves more transactions and has better network response, should we pay that MN more often than some MN that serves fewer transactions? Of course, we need to make sure that MNs are selected with some fair rules during a darksend transaction if we do that.
I think that's a dangerous path to go down since those mixing right now are so sporadic and with some parts of the day experiencing more activity than others instead of consistency across the board. With such a large masternode population, I think it's safe to say many would be screwed with the window being very narrow for those with more transactions processed.

Further, there isn't anything from stopping you from running a masternode on your home computer if you want. Whether or not you have a stable enough connection and bandwidth (a non-issue for me) is to be seen.