|
5w00p
|
 |
March 25, 2015, 05:13:12 PM |
|
You guys refuse to comprehend. That doesn't mean what is stated isn't sound and fact-based.
No matter what is stated, you just keep saying "Explain it more."
|
|
|
|
|
|
|
|
You get merit points when someone likes your post enough to give you some. And for every 2 merit points you receive, you can send 1 merit point to someone else!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
BlockaFett
|
|
March 25, 2015, 05:14:20 PM |
|
Basically, you want to be spoon-fed, despite the fact that you keep spitting out everything that is fed to you.
You want an exact technical analysis of the weaknesses in a system whose blatant and glaring weaknesses have already been pointed out many times, despite the fact that each time these weaknesses are pointed out, you go: "Look over there, a birdy!"
I might as well explain it to my pet fish, as at least he eats what is fed to him and doesn't argue with sound reasoning.
Hi, you seem to be confused and slightly angry... there is a specific question here, throwing insults does not answer this question Fluffy is being asked if he even knows how many MN need to be compromised, to backup his wacky idea that every node in a P2P network needs a failover for the P2P network to be secure. This proposition came from Fluffy himself. All people are asking is to prove what he is saying which for whatever reason is proving to be a bit difficult for him (and you apparently?). |
|
|
|
|
oblox
Legendary
 Offline
Activity: 1442
Merit: 1018
|
|
March 25, 2015, 05:15:39 PM |
|
so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy. fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this  No, you're misunderstanding how cryptocurrency works. Let me use a simplified example. Your wallet balance doesn't actually exist. It's instead a representation of all of the unspent transaction outputs (utxos) in your wallet. Let's say you have the following UTXOs: | Amount | | | Address | | 100 DRK | | | AAAA | | 100 DRK | | | BBBB | | 100 DRK | | | CCCC |
Now you send those off for pre-mixing. Your wallet's UTXOs now look like this: | Amount | | | Address | | 50 DRK | | | ABAB | | 25 DRK | | | CDCD | | 25 DRK | | | EFEF | | 180 DRK | | | GHGH | | 20 DRK | | | IJIJ |
You now buy something on SuperDodgyMarket for 10 DRK, the address you've got to send it to is XXZZ. As you can see, you don't have a 10 DRK output in your utxoset. So you HAVE to use an output > 10 DRK. Thus the resulting transaction looks like this: Inputs:| Amount | | | From Address | | 50 DRK | | | ABAB |
Outputs:| Amount | | | From Address | | 10 DRK | | | XXZZ | | 40 DRK | | | KLKL |
As a result, your wallet's utxoset now looks like this: | Amount | | | Address | | 25 DRK | | | CDCD | | 25 DRK | | | EFEF | | 180 DRK | | | GHGH | | 20 DRK | | | IJIJ | | 40 DRK | | | KLKL |
This is not anything "stupid" you've done, this is through the normal course of things. It doesn't matter what you do next, your entire set of "anonymised" outputs is now at risk because of the 40 DRK in KLKL that you will use in the normal course of things (eg. if you need to send 200 DRK to an exchange your wallet may pick the 180 DRK output and the tainted 40 DRK output, and now you're screwed). This has nothing to do with MasterNode opsec, that's a different matter. This has to do with Darksend's anonymity not being "good enough" (remember I was replying to Macno, so different conversation to the MN threat model) because users can and will be deanonymised after the fact. Thus for users to actually take advantage of Darkcoin's privacy they are required to practice strict opsec of their own, remixing their entire wallet after every transaction. The slightest mistake or relaxation on their part can mean they are instantly compromised (from a privacy perspective). And if you've got to exercise such strict opsec as a user, why not just use Bitcoin? You're not factoring in denominated units (and subsequent rounding at send) and "dead change" being sent to the network to remove linkages in future tx's. |
|
|
|
|
|
BlockaFett
|
|
March 25, 2015, 05:15:47 PM |
|
You guys refuse to comprehend. That doesn't mean what is stated isn't sound and fact-based.
No matter what is stated, you just keep saying "Explain it more."
just more diversions, nothing was stated in response to the question, each of your posts is just more like some frothing nutjob trying to divert away from any normal conversation? ^ MN question still unanswered |
|
|
|
|
|
5w00p
|
|
March 25, 2015, 05:16:30 PM |
|
A chain is only as strong as its weakest link, is it not?
You want a number? 15 is a number. 0FBCDE is a number. 671189.119973 is a number. 001111001111110000001010011010011 is a number.
|
|
|
|
|
majamina
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2015, 05:17:32 PM |
|
so you are saying that if someone is stupid enough to send more coins than they need to a dark market, spend some of them on something illegal, then send unmixed change from the dark market back to their own wallet they compromise their privacy. fair point I suppose, but I don't see a huge 'opsec' challenge to avoid this No, you're misunderstanding how cryptocurrency works. Let me use a simplified example. Your wallet balance doesn't actually exist. It's instead a representation of all of the unspent transaction outputs (utxos) in your wallet. Let's say you have the following UTXOs: | Amount | | | Address | | 100 DRK | | | AAAA | | 100 DRK | | | BBBB | | 100 DRK | | | CCCC |
Now you send those off for pre-mixing. Your wallet's UTXOs now look like this: | Amount | | | Address | | 50 DRK | | | ABAB | | 25 DRK | | | CDCD | | 25 DRK | | | EFEF | | 180 DRK | | | GHGH | | 20 DRK | | | IJIJ |
You now buy something on SuperDodgyMarket for 10 DRK, the address you've got to send it to is XXZZ. As you can see, you don't have a 10 DRK output in your utxoset. So you HAVE to use an output > 10 DRK. Thus the resulting transaction looks like this: Inputs:| Amount | | | From Address | | 50 DRK | | | ABAB |
Outputs:| Amount | | | From Address | | 10 DRK | | | XXZZ | | 40 DRK | | | KLKL |
As a result, your wallet's utxoset now looks like this: | Amount | | | Address | | 25 DRK | | | CDCD | | 25 DRK | | | EFEF | | 180 DRK | | | GHGH | | 20 DRK | | | IJIJ | | 40 DRK | | | KLKL |
This is not anything "stupid" you've done, this is through the normal course of things. It doesn't matter what you do next, your entire set of "anonymised" outputs is now at risk because of the 40 DRK in KLKL that you will use in the normal course of things (eg. if you need to send 200 DRK to an exchange your wallet may pick the 180 DRK output and the tainted 40 DRK output, and now you're screwed). This has nothing to do with MasterNode opsec, that's a different matter. This has to do with Darksend's anonymity not being "good enough" (remember I was replying to Macno, so different conversation to the MN threat model) because users can and will be deanonymised after the fact. Thus for users to actually take advantage of Darkcoin's privacy they are required to practice strict opsec of their own, remixing their entire wallet after every transaction. The slightest mistake or relaxation on their part can mean they are instantly compromised (from a privacy perspective). And if you've got to exercise such strict opsec as a user, why not just use Bitcoin? thanks for that, but my understanding is when you tick the 'darksend' box you will only send from your mixed UTXOS, so the situation you describe doesn't arise. ...this of course requires you to send denominated amounts.... |
|
|
|
|
|
megges
|
|
March 25, 2015, 05:17:37 PM |
|
Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses ...
I understand that, but you will get change the minute you pay for something with a decimal place. Unless you're saying merchants have to price things in multiples of $5.18 (at this moment) and can't deviate from that? nope, please just try it to see its not that way ... thats also why the darksend tx cost is rounded to the next 0.1 so even the txfee is not coming back to any change address. also some arguments about mixing is taking days, i read a few pages back, thats not right, i mix 1000 drk with 15 rounds easily in one day! It looks like much statments in here are based on an old version of darkcoin, or on ideas how coinjoin works, thats not what darkcoin does right now! |
tip me!  XtSrWch1U3BsTBFBHj7acTTzxFo1fy5BMa |
|
|
|
BlockaFett
|
|
March 25, 2015, 05:17:55 PM |
|
lot of words not much content
You're not factoring in denominated units and "dead change" being sent to the network to remove linkages in future tx's. ^ second proposition today from Fluffy proved to be total BS meaning again he has no idea what he is talking about. still waiting on response to the 3rd Fluffy proposition: P2P network nodes need failovers or the P2P network becomes insecure. |
|
|
|
|
|
5w00p
|
|
March 25, 2015, 05:18:34 PM |
|
Yep. A frothing nutjob who understands more than you do about something you are devoted to in a cult-like fashion.
|
|
|
|
|
majamina
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2015, 05:19:05 PM |
|
You guys refuse to comprehend. That doesn't mean what is stated isn't sound and fact-based.
No matter what is stated, you just keep saying "Explain it more."
no, it hasn't been explained...we need to know how many MNs should be compromised before the shit hits the fan....without this info we don't know where the fan is, or the shit trajectory... |
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
March 25, 2015, 05:20:53 PM |
|
The Masternodes are a part of your fucking consensus system if u still don't see how you should secure them the best way possible is beyond anyone with a brain and basic knowledge of it security.
which conversation are you talking about? Fluffy is now saying that every MN owner needs a failover or it's easier to compromise the MN Networkmajamina then asked ergo how many MN need to be compromised to backup that proposition?it's a fair question but instead of getting an answer he is being called 'mentally challenged' for asking someone to prove what they are saying? The problem with the question is that the answer is meaningless. Let's say, for instance, that we determine that 50% of the MasterNode network has to be ultra-secure. How do you enforce that in practicality? Why should MN operator Bob run on a $10/month DigitalOcean VPS, and MN operator Alice runs on $500/month collocated hardware in a DC in Panama with failover in a DC in the Netherlands...but they both earn the same reward? That's why I mean it's all or nothing - if you can't guarantee they are all practicing perfect opsec and massively securing their MN you have to assume that nobody is, in which case our hypothetical attacker can compromise most of the MN infrastructure. I know that this sounds like I'm being evasive or complicated, but this is at the very root of an "assumed maliciousness" type of design instead of an "assumed honesty" design. It's at the heart of anti-fragile design as well, which Nassim Nicholas Taleb's seminal book covers in great detail (and is an excellent read). Maybe a research project you can do in your own spare time, to understand how to design systems that assume malice, is to research the answer to this question: if a Bitcoin node is connected to 8 peers, how many of those peers need to be honest for the node to figure out the honest peers from the malicious peers? You'll find the answer is completely different to what you may instinctively think if you aren't familiar with anti-fragile design. |
|
|
|
|
illodin
|
|
March 25, 2015, 05:21:28 PM |
|
Thats not how darksend is intended to work (or work) ... after mixing the denominations stay in the mixed address, so after you darksend 100 DRK you got for example 100 addresses with 1 DRK i each ... the correlation between these addresses is not there, thats what darksend is made for.
So if you send a darksend with 20 coins, there is no changeaddress used fpr the remaining 80 drk in your wallet, because they are all in other addresses (dominated for 1 drk each) ...
your approach sounds more like the coinjoin method, but thats not how darksend uses, it uses a portion from coinjoin with various additions, like denomination, to get around that problem what you are talking about
Yes, the wallet takes care of this by denominating the outputs to 100, 10, 1, 0.1 (not sure if even down to 0.01) and when you're "darksending" there won't be change. If the amount you're sending isn't divisible by the smallest denominator the leftovers will go to miners. |
|
|
|
|
|
illodin
|
|
March 25, 2015, 05:23:39 PM |
|
it's implementation of gmaxwell's coinjoin is snotty at best
Can you explain the differences between gmaxwell's coinjoin and Darkcoin's mixing, thanks. |
|
|
|
|
|
|
|
illodin
|
|
March 25, 2015, 05:24:47 PM |
|
I'm talking about a game theoretic prisoner's dilemma that exists with highly incentivised MasterNodes. Expressed theoretically: the only ways I can see for the MasterNode structure to achieve Nash equilibrium is to either lower the payout to such a point where any hope of ROI is measured in decades (thus the primary incentive to run a MasterNode is to own a long-term asset and assist the network, not to earn profit) or to have the MN reward decrease if the number of MNs drops below a certain magic threshold (this latter approach suffers from various drawbacks I can think of off the top of my head, but it's at least an attempt).
Drawback being miners will start to take down masternodes in hopes of higher mining rewards as the masternode reward decreases? Another drawback, it's hard to calculate the number so that the whole network agrees? Setting the challenge of trustlessly counting the nodes aside, what if, miners get always 50% of the reward no matter what. The rest 50% goes to masternodes if there are > supply / 2000 masternodes. And masternodes get 0% if there are < supply / 5000 masternodes (numbers pulled out of the ass). Assuming 5,000,000 supply: 0...999 masternodes => 0% rewards 1000...2500 masternodes => interpolated from 0% to 50% 2500+ masternodes => 50% |
|
|
|
|
majamina
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2015, 05:25:35 PM |
|
The problem with the question is that the answer is meaningless. Let's say, for instance, that we determine that 50% of the MasterNode network has to be ultra-secure.
but if you need to take out (arbitrary figure) 75% of the network to kill it, you don't need to ultra-secure any of it if you assess that taking out 75% is impractical... Maybe a research project you can do in your own spare time, to understand how to design systems that assume malice, is to research the answer to this question: if a Bitcoin node is connected to 8 peers, how many of those peers need to be honest for the node to figure out the honest peers from the malicious peers? You'll find the answer is completely different to what you may instinctively think if you aren't familiar with anti-fragile design.
thanks, interesting comment... |
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
March 25, 2015, 05:25:57 PM |
|
You're not factoring in denominated units (and subsequent rounding at send) and "dead change" being sent to the network to remove linkages in future tx's.
It was a simplified example explaining transactions in general. Remember: the issue we're discussing is the average user deanonymising themselves through inadvertently. Dead change and denominated units do not solve the problem when the user has 50 DRK in their account, they send 20.72368 DRK to pay for some dodgy item, and then because they have some crisis they empty their wallet and deposit the entire remaining 29.27632 DRK on an exchange. Normal actions resulting in unavoidable and unwitting deanonymisation. |
|
|
|
|
illodin
|
|
March 25, 2015, 05:26:09 PM |
|
The wallet won't let you "Darksend" funds that have not been through the mixing process. |
|
|
|
|
Macno
Legendary
Offline
Activity: 984
Merit: 1000
|
|
March 25, 2015, 05:27:24 PM |
|
@BlockaFett:
Could you please be a little less confrontational? I actually enjoy the discussion and how fluffpony takes the time to explain everything.
I am an investor and potential end-user, I don`t understand coding and IT stuff and I am interested wether Darksend actually is sophisticated enough to deal with darkmarkets or not (not that I engage in darkmarket trades, as I don`t even know how to access the TOR networt, but as an investor, I`m interested wether Dash is actually safe to use there, without having to worry to much about "opsec").
|
|
|
|
|
|
illodin
|
|
March 25, 2015, 05:27:45 PM |
|
You're not factoring in denominated units (and subsequent rounding at send) and "dead change" being sent to the network to remove linkages in future tx's.
It was a simplified example explaining transactions in general. Remember: the issue we're discussing is the average user deanonymising themselves through inadvertently. Dead change and denominated units do not solve the problem when the user has 50 DRK in their account, they send 20.72368 DRK to pay for some dodgy item, and then because they have some crisis they empty their wallet and deposit the entire remaining 29.27632 DRK on an exchange. Normal actions resulting in unavoidable and unwitting deanonymisation. Yes this is a problem when the wallet can have "standard coins" and "anonymous coins", you can accidentally send wrong coins. There should be two wallets imo, the other one can allow only "Darksending" and the other wouldn't have mixing at all. |
|
|
|
|
|
