XMR vs DRK

[megges]

It boggles my mind that Evan didn't design the protocol around micropayment channels, where every full node could be incentivised to mix transactions or vote on InstantX transactions or whatever. It would make the anonymity set so much larger.

Perhaps he thought it's better to make sybil attacks harder. It's basically free to launch as many full nodes as required.

He may have thought that (I'm not sure I buy it) but it doesn't work, because there is still no irrevocable cost incurred for bad behavior. If masternodes are profitable then the bad ones are more profitable as the good ones. In a competitive market this will mean that only the bad ones are profitable.

The argument about "losing the value of your coins" doesn't work because it make a few false assumptions including that cheating leads to total collapse and the inability to hedge with derivatives. Both of these and certainly the second only apply in an immature cryptocurrency toy, not in a scaled up system.

Are you talking about DDoS attacks?

No I'm talking about masternode spying.

Ok. Let's assume DRK/DASH gets big, and has a value of $100. (Just an arbitrary number, way below a number where a business model that tries to spy information could be profitable.)

5,000 masternodes, 60% of the block reward goes to masternodes (assume year is 2016), block reward = 5 DRK, 17,280 blocks/month  =>  each masternode earns 10 DRK/month  =>  $1,000 / month.

So, the starting point is $1,000 / month for each masternode, and every node is honest. Also let's assume $100 / month for hosting expenses. How will the honest nodes become unprofitable when some of them start turning dishonest?

Also, what is this data that is spied?

And note, I'm not trying to confront/challenge your predictions, I'd just like to see it from all the angles.

Let's assume hypothetically that holding DRK is riskless. In that case you have a riskless investment that has a return on equity of about 10%. Since that is obviously absurd, something must be wrong with this analysis.

It's often hard to argue with people about ponzi schemes because it seems like it should work and proving that it won't is difficult because we don't know the exact mechanism of failure in advance.

The talked ROI is indeed not an ROI, because everyone has invested dollars at the beginning, these figures going around are not a "return of investment",  masternode payments are in DRK and DRK<->Dollar changes. (and your investment was in dollar, so these percentage figures of masternode drk returns are absolutly pointless in the relation to your initial invest because you cant know the price of drk in the future.)

So in the end the 10% has not to be absurd, the price of DRK has just to adjust. And voila it could be also a negative ROI.

So how would this help in answering illodin's question?

you said Since that is obviously absurd, something must be wrong with this analysis.

my point is that you're right and the missing point is that the masternode ROI is not in dollar, so the initial roi can also go negativ in dollars, and there are no false promises it won't so i can't see any ponzi in it.

You are getting fixated on the ponzi question which was a tool of analysis.

His question was

So, the starting point is $1,000 / month for each masternode, and every node is honest. Also let's assume $100 / month for hosting expenses. How will the honest nodes become unprofitable when some of them start turning dishonest?

Care to answer that?

Ah now i see, your right, i was answering out of context and more to the ponzi accusation.

So to the original question, how could unhonest masternodes lead to unprofitable honest nodes?!

Perhaps we could use my previous answer to answer that, too.

If MN get unhonest and collect data, what can they do with that data? - I guess the target is to deanonymize darksend transactions, with the collected data.
So if they succeed and the problem can't be fixed honest people will deinvest from there masternodes because tech is "broken". - The "ROI" cant be achieved anymore because price drops, this will lead to more sells and so on, investment of honest MN is going worthless.
But this is only valid if you see the ROI in dollars, if you see the ROI in drk like it is, they won't devalue because you will always get you drk return.

[1714507889]

1714507889

[1714507889]

1714507889

[BlockaFett]

^ my new wallpaper 

[adhitthana]

If one needs 1000 coins to host a Dark/Dash MasterNode then it must limit the growth, particularly as a currency.
But if say the number of coins was changed to 100 then one musty wonder what that would do to the price of Dark/Dash, with so many coins being freed up
It seems to be a delicate course to navigate, but perhaps I'm missing something?

[megges]

If one needs 1000 coins to host a Dark/Dash MasterNode then it must limit the growth, particularly as a currency.
But if say the number of coins was changed to 100 then one musty wonder what that would do to the price of Dark/Dash, with so many coins being freed up
It seems to be a delicate course to navigate, but perhaps I'm missing something?

If you adjust the colleteral from 1000 to 100 DASH per MN, in my oppinion that wouldn't lead to "freed" coins, they will just x10 there masternodes, and nothing changes for them (we have 10 times more masternodes but everyone gets paid a tenth of it also, so if you just use the 1000 drk to open 10 MN nothing realy changes.)

[smooth]

If one needs 1000 coins to host a Dark/Dash MasterNode then it must limit the growth, particularly as a currency.
But if say the number of coins was changed to 100 then one musty wonder what that would do to the price of Dark/Dash, with so many coins being freed up
It seems to be a delicate course to navigate, but perhaps I'm missing something?

If you adjust the colleteral from 1000 to 100 DASH per MN, in my oppinion that wouldn't lead to "freed" coins, they will just x10 there masternodes, and nothing changes for them (we have 10 times more masternodes but everyone gets paid a tenth of it also, so if you just use the 1000 drk to open 10 MN nothing realy changes.)

This is also possible. Quoting myself above and leaving out the incendiary P-word

it seems like it should work and proving that it won't is difficult because we don't know the exact mechanism of failure in advance.

Now we see another answer to the question of how honest masternodes might not be profitable (see bold in first quote above).

I'm pretty sure there are other possible outcomes, a list that does not include one where people successfully get a 10% risk free return.

[adhitthana]

sure, you are trying to retract from making this implied threat of legal action against me:

if you write a post accusing someone of slander when there is no slander, that is libel. Unless you want to continue doing that, you should stop

unfortunately you typed it already  

EDIT: even how you selectively snip out anything that might put you in a bad light, you are a classic scammer lol

"Implied" threat is your imagination, or perhaps guilty conscience. There was no threat.

there isn't a lawyer on the planet that would say that that wasn't an implied legal threat, so you obviously no nothing about lawyers

Smooth's lawyer would say there was no threat and your's would say there was I imagine, but that's their job.

[smooth]

sure, you are trying to retract from making this implied threat of legal action against me:

if you write a post accusing someone of slander when there is no slander, that is libel. Unless you want to continue doing that, you should stop

unfortunately you typed it already  

EDIT: even how you selectively snip out anything that might put you in a bad light, you are a classic scammer lol

"Implied" threat is your imagination, or perhaps guilty conscience. There was no threat.

there isn't a lawyer on the planet that would say that that wasn't an implied legal threat, so you obviously no nothing about lawyers

Smooth's lawyer would say there was no threat and your's would say there was I imagine, but that's their job.

Heh, exactly.

In any legal case there are two parties and two lawyers; three of them always win.

[adhitthana]

If one needs 1000 coins to host a Dark/Dash MasterNode then it must limit the growth, particularly as a currency.
But if say the number of coins was changed to 100 then one musty wonder what that would do to the price of Dark/Dash, with so many coins being freed up
It seems to be a delicate course to navigate, but perhaps I'm missing something?

If you adjust the colleteral from 1000 to 100 DASH per MN, in my oppinion that wouldn't lead to "freed" coins, they will just x10 there masternodes, and nothing changes for them (we have 10 times more masternodes but everyone gets paid a tenth of it also, so if you just use the 1000 drk to open 10 MN nothing realy changes.)

Maybe. Though as I said it would be a delicate course to navigate.
If you did it now, overnight, it would I think, whilst if you wait then it could stymie the whole process. The transition would involve some timing to say the least IMHO

[Johnny Mnemonic]

I'm actually quite impressed with the somewhat civilized discussion in the last page or two.

My on-topic response: this discussion illustrates that DRK has a number of uncertainties in its design that aren't present in Monero. This is a large part of why I prefer XMR.

I also agree with previous posters that DRK and XMR seem to have different goals, as DRK appears to be transforming more into an investment vehicle within our crypto space. XMR's direction, on the other hand, is admittedly less serving to its traders, but that sacrifice comes with the opportunity for a more robust and decentralized long-term trading solution.

[majamina]

So obviously you want to double your ROI, which means you have to take half of the MasterNodes out of commission. You don't want to take down all or even most of them, you just want the total number of MasterNodes reduces to 1000. So you do this through a variety of tactics:

1. Report US-based and/or US-owned MasterNodes to FinCEN, the FBI, and the SEC, assist them in shutting them down and seizing the coins held by their operators.
2. Repeatedly DDoS MasterNodes at a particular ISP / datacenter until they change their ToS to not allow MasterNodes.

3. Hack into a portion of the remaining MasterNodes and install a rootkit that watches for Darkcoin source code and modifies it when compiled (or just randomly crashes the daemon if they aren't compiling it themselves). This ensures that these daemons appear to be working to the operator, but they receive so few payments they may as well be offline.

This is all very surreptitious, because 1. looks like The Man has got it in for Darkcoin, 2. looks like the ISP is just being problematic, and 3. is mostly undetectable. You can keep doing this ad infinitum to keep half the MasterNodes offline, and nobody will realise what you're doing. It'll look like the sort of attacks the community expects to come, and they'll rationalise it for you by loudly claiming that 1000 MasterNodes is good enough.

At that stage, since you're earning so much you can begin to collude with a handful of other MasterNode holders to start attacking small blocks of the remaining 1000 MasterNodes, replacing them with nodes you control, so the number of MasterNodes doesn't drop below 1000. You can even setup sockpuppet accounts right now in preparation for this, so that there appears to be legitimacy to the ownership. Within a few years the entire MasterNode network can be controlled by a handful of operators who are profiteering from it. You can then relax on the beach whilst your paid staff reinforce propaganda that running a MasterNode is difficult and expensive, discouraging and attacking any new MN operators.

I'm not saying this is definitely how things will play out, but this is what I perceive will happen because of the balance of incentives.

OK I went to get some sleep, now I'm back, somewhat refreshed.

I think you describe an unlikely set of circumstances that would only play out well into the future of DRK, with features on the roadmap to mitigate such issues. OK this isn't a great argument against having an exploitable architecture, but it's a reasonable point since Evan proposes masternode blinding to counter your described risks - perhaps you could comment on this.

Since this is an XMR vs DRK thread, does XMR not suffer from similar issues today thanks to centralised trusted web wallets?

Also, I have to bring up the mining share issue again. It's surely way easier for 'the man' or whoever else to subvert BTC (and DRK, XMR) by controlling the major mining pools? They only have to 'get to' the guys (or servers) that control (or host) 3 or 4 major pools to mount a 51% attack. OK so DRK faces both issues and has a larger attack surface, but that's not really the point. You seem to be arguing against DRK because it has an attack surface at all, when other POW coins do too.

It depends. What if the previous stable version is trivially exploitable, and the sporked code prevented that exploit? Or alternatively, what if the spork is on some key piece of functionality, and disabling it kills InstantX globally during a time when hundreds of thousands of people around the globe are reliant on it? I also think it encourages a "we test in production" attitude. Now, frankly, I am quite fond of the "release early, release often" strategy, also known as the "fail fast, fail often" approach, but only as respects general software projects. For a decentralised, trustless cryptocurrency where a broken change can literally cost user's privacy and money I think a LOT more care and consideration needs to be applied to changes, and they have to be thoroughly tested.

On Monero we have extremely thorough test coverage, and yet still there are subsystems like RPC that have no unit tests at all! Test-driven development is hard to enforce, but our coverage is increasing over time. This is the didactic opposite of "just writing code" with the barest functional testing and then hoping it'll work in production.

There is some contradiction in your idea of a 'perfectly stable version which is trivially exploitable', although I appreciate your point. I wouldn't expect the spork to exist in its present form once there are hundreds of thousands of people reliant on Instant X. Evan has made it clear that he aims for a trustless release model, but has certain features in the early releases to aid rapid development. Your argument around broken changes could be made in favour of the spork, imo, but again I appreciate your point. I think in this case one has to judge Evan on delivery, which has been consistent, and his real world use of the spork, which has been sensible. Also I would say that at this point in cryptocurrency evolution the harsh reality is that any lead dev can pretty much break their coin if they want to, or get it broken through malpractice.

[fluffypony]

Have fun in Europe. Vacation? 

A bit of both:)

[fluffypony]

2. I haven't spent oodles of time analysing MN trafficgrams, but again - layering it behind Tor will lead to a massively degraded experience. I also fail to see how mobile clients will be able to (easily) connect to Tor and then to MasterNodes, I think you're just creating an ever-more-complex design to fix flaws that only exist because of poor design decisions. Complexity doesn't fix bad design, it only makes it more fragile:)

Tor and I2P have been suggested quite vocally earlier, even to the point that the whole network would be ran under Tor/I2P (i.e. they would be built into the wallet). I've heard I2P would perform better?

i2p is designed to be low-latency, but it would be extremely poor performance for miners.

[majamina]

The biggest problem with Monero is that it's being lead by people with zero business sense.

If it were a business your opinion on the matter of our "business sense" might count for something, but it isn't and it isn't trying to be one either. You might reconsider your statement in light of that. I have a pretty good idea you have no clue what you are talking about.

are you not trying to compete in a space where big business is increasingly present....some business smarts would count for something, surely?

I think you are digging yourself into a hole (more like a bottomless pit) if you think there are no "business smarts" on the Monero team.

There is a huge difference between that and suggesting that an open source project be treated as a business rather than an open process including engagement with the broader community (not just true believers) and being not only open to but participating in public criticism and debate. That's way too much like sausage making for most businesses (e.g Starbucks withdrawing from social media recently), but it's how open source works.

Fair enough, you just don't give much impression of 'business smarts', which is perhaps intentional.

I'm not sure you're helping your project much with some of your conduct on these forums.

[majamina]

I'm actually quite impressed with the somewhat civilized discussion in the last page or two.

My on-topic response: this discussion illustrates that DRK has a number of uncertainties in its design that aren't present in Monero. This is a large part of why I prefer XMR.

I agree that XMR is theoretically a better anon implementation, but I prefer DRK because it seems to be working in the real world and has a better chance of  mass-adoption due to BTC compatibility.

Also, isn't the major uncertainty in XMR the fact that Zerocash is better?

I also agree with previous posters that DRK and XMR seem to have different goals, as DRK appears to be transforming more into an investment vehicle within our crypto space. XMR's direction, on the other hand, is admittedly less serving to its traders, but that sacrifice comes with the opportunity for a more robust and decentralized long-term trading solution.

I think DRK is shooting for real-world utility and innovative features rather than being an investment vehicle.

[fluffypony]

I must admit i have not read that wall of text.
And im not a math guru, but just by reading the following i have big questionmarks over my head. Perhaps someone can enlighten me.

the following text in the monero whitepaper:
"to succed in the attack, an event whose probability is considered to be neglible" - sry like said im not a math guru, perhaps im wrong, but how could that be something valid proven. dunno if it was you or smooth but someone of you moneroguys liked to say over and over again that the anonymity of darksend has not been proven.
But isn't that exactly the same like if calculations for example say that to deanomyze a darksend transaction the probability is 0.00000000x if you don't own x or all masternodes. So its probability of this is neglible also and so its proven as anonym?!

Cryptographic negligibility has a very specific meaning. Something like a one-way hash function can still be attacked (ie. the original value corresponding to the hashed value can be determined), but it would typically take more power than in the universe to brute-force it. We normally state negligibility on the basis of a computationally bounded adversary, that is to say an adversary who has access to a reasonable amount of processing power regardless of the cost or speciality of the equipment required.

Put more simply: if there is a 0.000000001 chance of deanonymising a transaction that is only around 2^-30. Comparatively, you have a 2^-256 chance of brute-forcing a single Monero output in a single transaction. 2^-30 is not computationally hard, would you trust a site storing your passwords with a 30-bit hash?

To make matters worse: as we get closer to more practical quantum computing we have to consider the effect they will have on cryptography. Anything that depends on discrete logarithm hardness (eg. RSA) is dead in the water, but symmetric encryption and hash resistance will only be weakened, not completely ground up. For symmetric encryption it's "double the speed", so searching through a 2²⁵⁶ keyspace could be done by a quantum computer in 2¹²⁸ time, so symmetric encryption strength would halve. For one-way hash functions (which cryptocurrencies are deeply reliant on) there's a similar speed up for hash preimage attacks (from 2ⁿ -> 2^n/2) and collision resistance (from 2^n/2 -> 2^n/3). So basically take your "possibility of success" and halve it.

[fluffypony]

And I can't use the official Monero wallet with a mouse because the 5 devs trolling here didnt build a GUI yet in the last 12 months, so i should go get a wallet with gui from a trusted 3rd party?

Do you run Bitcoin Core?

Or do you run Electrum? Blockchain.info? Armory? BreadWallet? MultiBit? GreenAddress? Hive? Mycelium? Circle? Coinkite? Coinapult? Xapo? BitGo? CoinBase? AirBitz?

Nearly nobody runs the Bitcoin Core GUI. They use third-party wallets.

[fluffypony]

Fluffypony, can you confirm whether a double spend is possible in Monero?

It absolutely is - if you control over 51% of the network you can solve a block twice that spends outputs twice (ie. in the normal course, whichever block is received last would fail key image verification) and send one block to one half of the network, the other block to the other half. Practically speaking you wouldn't be able to keep this up (unless you owned 100% of the mining power), and this would be resolved network-wide within a handful of blocks when the balance of the mining network solves a longer chain than you can maintain. So you would have 2, maybe 4 blocks at most, to abuse your double-spend power.

Exchanges won't let you trade deposited coins with only 4 confirms, and I can't foresee merchants packing and shipping an order you've purchased in the space of <5 minutes, so the only real way you can exploit it is to use the double-spend to purchase multiple digital goods simultaneously, and download them before the reorg makes one of your transactions invalid.

[fluffypony]

I'm actually quite impressed with the somewhat civilized discussion in the last page or two.

My on-topic response: this discussion illustrates that DRK has a number of uncertainties in its design that aren't present in Monero. This is a large part of why I prefer XMR.

I agree that XMR is theoretically a better anon implementation, but I prefer DRK because it seems to be working in the real world and has a better chance of  mass-adoption due to BTC compatibility.

Also, isn't the major uncertainty in XMR the fact that Zerocash is better?

I spoke to that on Reddit yesterday, so I'll just cut-and-paste -

ZeroCash is amazing, cutting-edge research. In the far future I fully expect it will make Monero and Bitcoin obsolete.

However, it is somewhat unworkable right now. Firstly, it has a trusted accumulator problem that remains unsolved at this stage (although they posit solving this through an RSA UFO). Even if that is solved there is still the very real danger of it being impossible to see exploits in an absolutely opaque blockchain with relatively new and untested cryptography (ie. an exploit that lets an attacker create, say, 2 000 000 ZeroCash in a single day will go unnoticed). Finally, even with their newer ZKP schemes there is still a significant size impact for each transaction, and absolutely no way you'd be able to run SPV-style wallets or perform blockchain pruning.

Once the cryptography has been more thoroughly tested, corner cases have been solved, and technology is at a point where the size impact is negligible, then I would imagine some future iteration of ZeroCash will become the dominant form for cryptocurrency payments.

[majamina]

I'm actually quite impressed with the somewhat civilized discussion in the last page or two.

My on-topic response: this discussion illustrates that DRK has a number of uncertainties in its design that aren't present in Monero. This is a large part of why I prefer XMR.

I agree that XMR is theoretically a better anon implementation, but I prefer DRK because it seems to be working in the real world and has a better chance of  mass-adoption due to BTC compatibility.

Also, isn't the major uncertainty in XMR the fact that Zerocash is better?

I spoke to that on Reddit yesterday, so I'll just cut-and-paste -

ZeroCash is amazing, cutting-edge research. In the far future I fully expect it will make Monero and Bitcoin obsolete.

However, it is somewhat unworkable right now. Firstly, it has a trusted accumulator problem that remains unsolved at this stage (although they posit solving this through an RSA UFO). Even if that is solved there is still the very real danger of it being impossible to see exploits in an absolutely opaque blockchain with relatively new and untested cryptography (ie. an exploit that lets an attacker create, say, 2 000 000 ZeroCash in a single day will go unnoticed). Finally, even with their newer ZKP schemes there is still a significant size impact for each transaction, and absolutely no way you'd be able to run SPV-style wallets or perform blockchain pruning.

Once the cryptography has been more thoroughly tested, corner cases have been solved, and technology is at a point where the size impact is negligible, then I would imagine some future iteration of ZeroCash will become the dominant form for cryptocurrency payments.

Interesting comments and very honest, thanks...

[nakaone]

The team is infected with this misguided sense of "fairness" or similar garbage ideals. You can see the manifestation of this idiocy in Monero's emission. Among the worst I've ever seen. Instead of releasing quickly, and thus having low inflation, Monero releases over about 4 years, dramatically limiting returns.

The developers don't realize that very few people make investment decisions based on emission schedules.

Maybe some people were too lazy to answer or simply do not get it. Emission is not just important regarding fairness, but has serious implications regarding economic mechanisms: the problem with instamines or also proof of stake is that certain qualities of money like commodities do not work: economic network effects as well as power law do not work properly when the initial distribution is set in stone, or quasi set in stone.
with the inflation hefty emission of monero you at least open the possibility for these mechanism - you have to make sure that your cryptocurrency project does not become a club good