XMR vs DRK

[oblox]

You're not factoring in denominated units (and subsequent rounding at send) and "dead change" being sent to the network to remove linkages in future tx's.

It was a simplified example explaining transactions in general. Remember: the issue we're discussing is the average user deanonymising themselves through inadvertently. Dead change and denominated units do not solve the problem when the user has 50 DRK in their account, they send 20.72368 DRK to pay for some dodgy item, and then because they have some crisis they empty their wallet and deposit the entire remaining 29.27632 DRK on an exchange. Normal actions resulting in unavoidable and unwitting deanonymisation.

Assuming the wallet is already denominated, then in your scenario, the DS inputs would be two 10s, nine 1s and three .10s with the rounded up change going to the network... yes, it very much solves the issue you are trying to point out.

You're not factoring in denominated units (and subsequent rounding at send) and "dead change" being sent to the network to remove linkages in future tx's.

It was a simplified example explaining transactions in general. Remember: the issue we're discussing is the average user deanonymising themselves through inadvertently. Dead change and denominated units do not solve the problem when the user has 50 DRK in their account, they send 20.72368 DRK to pay for some dodgy item, and then because they have some crisis they empty their wallet and deposit the entire remaining 29.27632 DRK on an exchange. Normal actions resulting in unavoidable and unwitting deanonymisation.

Assuming the wallet is already denominated, then in your scenario, the DS inputs would be two 10s, nine 1s and three .10s with the rounded up change going to the network... yes, it very much solves the issue you are trying to point out.

How does that solve the issues my post mentioned?

So you can calculate the security of your darksend by yourself with a few assumption you have to take (because you cant know) like

darksend with 50 rounds, masternode network has 2000 masternodes, and i assume for me in worst case 1500 of these are bad actors.

So i got something like:
(1500/2000)^50 = 0.000005 => its a chance of 1 : 1750000 that a bad actor (with 1500 of 2000 MN) statistically can observe my mixing.

For me thats enough secure to say its anonym. But for some it may be not enough, because they cant know if there and how many bad actors are in the net. so if all 2000 out of 2000 are bad actors, you can be sure it won't be anonym anymore. (I think thats the point im reading about MNs are not trustless, because you can't know if they save the sarksend or not)

You can just own the major amount of coinjoin-transactions to trace back what happens; no need to mess with masternodes. Combined with other statical analysis approaches this is quiet powerful?

I wasn't addressing your post but frankly, if you want to play the probabilities game, you're hella paranoid at those odds. Further, it doesn't factor in masternode blinding of inputs, further squashing probabilities out.

It's like you guys posting cryptographic proofs that ring signatures work--yes, I don't think anyone is arguing that (at least I'm not), but I also know that 99% of the people on here and those that will ultimately use the currency won't know what they even mean. You guys posting cryptographic proofs would be no different than Dash posting statistical probabilities of the odds of tracing a DS transaction (with the odds easier to understand than cryptography). At least in my jurisdiction, with proving things without reasonable of doubt, I'll take odds such as those even if you didn't calculate them appropriately.

[1714493235]

1714493235

[1714493235]

1714493235

[1714493235]

1714493235

[megges]

You can just own the major amount of coinjoin-transactions to trace back what happens; no need to mess with masternodes. Combined with other statical analysis approaches this is quiet powerful?

For me that is not such an easy assumption, because even if you own the majority of amount in a darksend mixing process, you can' tell if the other transactions are just one or multiple people.

At least it is a plaussible deniable that you can't know if it was one or more person. Even if you obeserv it for a long time and analyse it like "these addresses are coming up in this block, these in this and so on, than you could conclude, these addresses must be owned by the same person because they come up all together in a timeframe. BUT darksend mixing, doesn't send all your address trough mixing each time a mixing is going on. So your addresses will randomly splitet and an timing analyses would be not working. And its plaussible deniable - just because you could assume it would be the same person, you cant tell for sure. You just can assume.

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.

[Macno]

So to put that in laymens terms: darksend is fine for usage in darkmarkets after all and fluffpony agrees?

Thus far I believe the rest of my assertions to be correct.

Well, I'm still not convinced by your assessment of MN network vulnerability. You seem to be in realms of the theoretical rather than the practical....

Ok, so you could somehow compromise the MN network, but you can`t be de-anonymized because you did not do enough "opsec" other than mixing your coins.

No, I'm not sure you can compromise the MN network in any practical sense, assuming it works as designed.

Sorry, I meant that fluffpony thinks so (and you are not sure about it). Sorry if I keep trying to break things down to a very simple outcome. I just want to understand the practical implications of those discussions. Practical like for users who don`t care about the tech details (like myself...), but who would be extremely pissed (and endangered) if they discovered that they face jailtime because of some problems with the change of their supposedly anonymized Dash. So, yes, Darksend is safe enough and the MN problem is still up for debate (but a potential problem is about as likely as a 51% attack on BTC by the NSA). Correct?

[othe]

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.
   

Where? Yesterday someone here said it's 1000 usd or so... not worth anyone time.

At least it is a plaussible deniable that you can't know if it was one or more person

Meh. if i delete my bitcoin privatekey after i emptied it i have the same...

We don't even want 3-letter agencies to come that close to us..

My original question still is unanswered, how you use that stuff on a mobile phone etc. without the annoying premixing etc; seems unusable.

[oblox]

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.
   

Where? Yesterday someone here said it's 1000 usd or so... not worth anyone time.

So it's easy to continue to lash about how XMR is superior but yet no one wants to take any time to solve the things that would make your case even stronger. And the grand was just a starting basis to my knowledge. I think the goal was to get it close to $5k.

We just continue to enter into a crypto circle jerk where XMR posts cryptographic proof of anonymity and DASH posts statistical probability of anonymity through obscurity. Round and round we go. They tackle things differently. Period.

[othe]

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.
   

Where? Yesterday someone here said it's 1000 usd or so... not worth anyone time.

So it's easy to continue to lash about how XMR is superior but yet no one wants to take any time to solve the things that would make your case even stronger. And the grand was just a starting basis to my knowledge. I think the goal was to get it close to $5k.

Yeah obviously no one wants to make your work for free; What a surprise.

Do you think the 4 MRL whitepapers have written themselves? Thats hundreds of unpaid hours.

[BlockaFett]

lot of words not much content

You're not factoring in denominated units and "dead change" being sent to the network to remove linkages in future tx's.

^ second proposition today from Fluffy proved to be total BS meaning again he has no idea what he is talking about.

still waiting on response to the 3rd Fluffy proposition: P2P network nodes need failovers or the P2P network becomes insecure.  

BlockaFett my friend, I can tell you're passionate about this subject by virtue of the massive amounts of insults you hurl and the sheer amount of bold in your replies. However, please remember that this is a cordial discussion, and if I conclude something based on an incorrect understanding I will absolutely admit that my conclusion was incorrect and based on false assumptions or faulty logic.

I'm not perfect, I will make mistakes, and I do reach conclusions on a regular basis that are incorrect. Over and above that I am analysing a technology I did not create and that has no formal model I can study, and so much of the data I am working with is based on what I have observed and read about the subject matter, and is thus open to change.

All of that does not imply I am talking "total BS" or I have "no idea what I am talking about", it just means that the model I have been forced to construct in my head is in a necessary state of flux.

It's also immensely frustrating when I am trying to reply to comments in the order in which they appear in the thread, and in the time it takes me to thoughtfully reply to one person you've submitted 5 posts that consist of:

- "fluffypony once again proves he knows nothing"
- "why hasn't he answered the simple question?"
- "hah such garbage"
- "obviously wrong and complete BS"
- "still waiting on a reply to that question from 3.7 seconds ago??"

Try and chillax, this is a technical and non-technical back-and-forth, not a personal attack on your family and your second child:)

Hey, i am relaxed thanks, the reason I had to repeat the question 8 times is because you won't answer it.  I am using the bold to make it easier for you to read the actual questions because each time you are avoiding it.

Right now I have asked the same question 5 times as a response to your proposition: why is the masternode network unsecure because there are no failovers.

It sounds like a ridiculous proposition, not something from a serious coin dev, which is why I am asking you to back it up.  but you won't do it (that should be in bold but i don't want to hurt anyone's feelings )

[oblox]

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.
   

Where? Yesterday someone here said it's 1000 usd or so... not worth anyone time.

So it's easy to continue to lash about how XMR is superior but yet no one wants to take any time to solve the things that would make your case even stronger. And the grand was just a starting basis to my knowledge. I think the goal was to get it close to $5k.

Yeah obviously no one wants to make your work for free; What a surprise.

Do you think the 4 MRL whitepapers have written themselves? Thats hundreds of unpaid hours.

The incentive is there both monetarily and from bragging rights to take the challenge.

Monero's anonymity is secured by cryptography.

Dash's anonymity is secured by mathematical probability.

Continuing the circle jerk isn't what I plan on doing. It's obvious that Dash's recent rise was enough for those with agendas to come about and try to be "noble to all the newbs" and save them with the same factset that has been spewed since days after launch and days after the masternode concept came into play. Anyone with half a brain can see it clear as day. I understand Dash is widening its market cap compared to Monero but if your project can stand on its own two legs, then that gap should close, no?

[megges]

But perhaps you can write a whitepaper about your idea, that would be very nice, there is also a big bounty if you get that to work.
   

Where? Yesterday someone here said it's 1000 usd or so... not worth anyone time.

So it's easy to continue to lash about how XMR is superior but yet no one wants to take any time to solve the things that would make your case even stronger. And the grand was just a starting basis to my knowledge. I think the goal was to get it close to $5k.

Yeah obviously no one wants to make your work for free; What a surprise.

Do you think the 4 MRL whitepapers have written themselves? Thats hundreds of unpaid hours.

I understand your point, perhaps the bounty is not enough, but i guess half the monero guys will spent 1000s of dollars if you can prove us (DASH) wrong.

You say its easy and you know how to do it.
And all of you seem to have the mission to safe people from the big DASH scam. Thats why it is called SCAM so often in here.

To accomplish this mission you have to prove it, its not about money, how often have i read that from XMR guys, its about fighting for the good (and so against the DASH scam).

Thats why they come and tell about the scam every page in the DRK thread.

And how often have i read that XMR is not about the money.

But still in the end, you won't prove it because hey there is not enough money in for it ...

And whats the purpose to post in this thread if you won't stand your arguments? That way it looks like cheap trolling.

You have an opportiunity to prove us wrong, and save all that guys from the DASH scam, but you won't take it, why?

[fluffypony]

It's like you guys posting cryptographic proofs that ring signatures work--yes, I don't think anyone is arguing that (at least I'm not), but I also know that 99% of the people on here and those that will ultimately use the currency won't know what they even mean. You guys posting cryptographic proofs would be no different than Dash posting statistical probabilities of the odds of tracing a DS transaction (with the odds easier to understand than cryptography). At least in my jurisdiction, with proving things without reasonable of doubt, I'll take odds such as those even if you didn't calculate them appropriately.

The problem with calculating probabilities without a model is you have unstated assumptions and assume all things to be equal.

For eg.: in Megges example of 50 Darksend rounds with 1500 out of 2000 Masternodes compromised it's easy to calculate the probability as 0.75^50 = 0.000000566321656, but that's the probability of a complete deanonymisation of a specific event at a specific point in time, and that has astronomical odds. That's typical gambler / poker player mentality (and also explains why gamblers make poor cryptographers) - no offence to any gamblers present.

Instead, you have to consider that, in actuality, the malicious attacker observed ~37 of those Darksend rounds. That means that they only need to extrapolate data for 13 rounds, and since there is a great probability they controlled the MasterNodes on either side of each of those unknown rounds, the extrapolation is a lot easier.

Right now I have asked the same question 5 times as a response to your proposition: why is the masternode network unsecure because there are no failovers.

I never said that, at all, you're taking unrelated statements out of context. I have qualified my all-or-nothing statement, and I've even given you a little research task you can do to understand the problem better. At this juncture it is clear that you are goading me instead of making an earnest effort to understand antifragility or assumed malice, and I have neither the time nor the inclination to continue to answer questions I've already answered.

Conclusion:

Look, you don't have to agree with me, at all. You're welcome to write off what I say as bias, overly cautious, paranoid, or whatever. I have stated before, and I will state it one more time for the record: I, along with a number of Bitcoin core developers and cryptography researchers, are of the opinion that Darkcoin/Dash is cryptographically unsound, and that the MasterNode infrastructure will, at worst, collapse in on itself, and at best lead to copious problems.

I do believe I've stated my conclusions with efficacy in this thread, and I have stuck around and spent hours expounding on statements and explaining conclusions, despite the constant badgering and vitriol from certain members. I do appreciate the engagement from those who have remained measured and interested in talking, I have definitely learnt some things I didn't know about Darkcoin before.

I bid this thread farewell.

[othe]

You say its easy and you know how to do it.
And all of you seem to have the mission to beware people of the big DASH scam

Nah - but you are good at flipping words :-)
And nah i have no mission except to debunk the bullshit written about XMR here, i.e. the bullshit claims that its not useable where as it is far more useable for a non-tech savy person currently. Not even mentioning the pseudo GUI FUD.

But we can stop this discussion here once and for all, my points are clear and i don't get answers to my questions here anyway.

But still in the end, you won't prove it because hey there is not enough money in for it ...

That doesn't mean people will work for free on projects they don't even have a stake in.
It's not my job to do your job.

And whats the purpose to post in this thread if you won't stand your arguments? That way it looks like cheap trolling.

I asked questions and wanted to receive an answer for example, i didn't get an answer tho.

[majamina]

Sorry, I meant that fluffpony thinks so (and you are not sure about it). Sorry if I keep trying to break things down to a very simple outcome. I just want to understand the practical implications of those discussions. Practical like for users who don`t care about the tech details (like myself...), but who would be extremely pissed (and endangered) if they discovered that they face jailtime because of some problems with the change of their supposedly anonymized Dash. So, yes, Darksend is safe enough and the MN problem is still up for debate (but a potential problem is about as likely as a 51% attack on BTC by the NSA). Correct?

Hey no problem

My assessment is:

1. Darksend anon works until the masternode network is compromised
2. Comprimising the masternode network appears impractical, so 1. remains sound

A 51% attack would yield different results to a masternode network compromise. With 51% of the mining network you can double-spend, kill transactions etc. With the Masternode network compromised you can potentially unravel darksend anon, but this doesn't appear practical.

edit: it's also worth noting that DRK/DASH anon mixing is off-chain, so if you somehow compromise the MN network you only get to spy on what's happening at that moment, not historical transactions.

[Shrikez]

What's missing in this thread is an actual DRK developer don't you think? The flow of information in here is very one sided.

[BlockaFett]

What's missing in this thread is an actual DRK developer don't you think? The flow of information in here is very one sided.

this is a Monero troll thread, almost no drk people here. why would a drk dev take time off developing to argue with XMR trolls?

EDIT: plus you don't need a dev because Monero dev 'Fluffy' made 3 propositions about DRK being insecure today, the first 2 were proved wrong and the third he is ignoring any replies, scroll back.

[Shrikez]

What's missing in this thread is an actual DRK developer don't you think? The flow of information in here is very one sided.

this is a Monero troll thread, almost no drk people here. why would a drk dev take time off developing to argue with XMR trolls?

EDIT: plus you don't need a dev because Monero dev 'Fluffy' made 3 propositions about DRK being insecure today, the first 2 were proved wrong and the third he is ignoring any replies, scroll back.

Ok so I guess all is fine with DRK then.

I just thought such a big community would be capable and interested to send someone competent to explain their technology.

I, for one, would be interested to actually learn something about DRK although I am a Monero supporter. This was supposed to be the thread where it is possible without having to read 4000+ frankly very noisy pages.

I see a few courteous and interested Darkcoin supporters without much actual knowledge, some more eloquent and competent than others. You, to be honest, should be happy that anyone is talking to you at all.

[BlockaFett]

What's missing in this thread is an actual DRK developer don't you think? The flow of information in here is very one sided.

this is a Monero troll thread, almost no drk people here. why would a drk dev take time off developing to argue with XMR trolls?

EDIT: plus you don't need a dev because Monero dev 'Fluffy' made 3 propositions about DRK being insecure today, the first 2 were proved wrong and the third he is ignoring any replies, scroll back.

Ok so I guess all is fine with DRK then.

I just thought such a big community would be capable and interested to send someone competent to explain their technology.

I, for one, would be interested to actually learn something about DRK although I am a Monero supporter. This was supposed to be the thread where it is possible without having to read 4000+ frankly very noisy pages.

I see a few courteous and interested Darkcoin supporters without much actual knowledge, some more eloquent and competent than others. You, to be honest, should be happy that anyone is talking to you at all.

but DRK has been under attack by Monero people and devs for over a week since the price started rising.  XMR is now toxic in the drk community, just a clone trying to make enough noise on the back of dark. this thread shows that in my opinion.

so the idea drk devs would fuel Monero's latest pump is a bit unrealistic..

plus the fact the Monero dev's are laughing stocks in crypto now for the fact that when you look at their github they are doing no work, and instead throwing around a lot of accusations they can't back up and spending 100s of hours trolling instead of developing. then when you ask what they are working on they send you a marketing graphic with no dates on it.

if you don't believe me, try having Poloniex offline for 1 day and see what the market really thinks of XMR value.

just my opinion from a drk supporter who has been under attack for over a week from a coin he never heard of and wouldn't touch as he remembers all the other crypto-note clones rushed out after dark that are now dead

[xxxgoodgirls]

I believe Eduffield and other DASH experts are dealing full time with the rebranding, they will answer eventually.

[BlockaFett]

I believe Eduffield and other DASH experts are dealing full time with the rebranding, they will answer eventually.

^ as a long-time drk investor i serously doubt it lol.  (a dev responding to xmr trolling that is)

[qvan]

I believe Eduffield and other DASH experts are dealing full time with the rebranding, they will answer eventually.

^ as a long-time drk investor i serously doubt it lol.  (a dev responding to xmr trolling that is)

why don't you block your fetting mouth  ..you worthless blabbing mouth..you're a disgrace to this thread

[Swandeli]

When reading the posts, Fluffypony comes off as someone who is giving both sides of the story simultaneously. Doesn't seem one sided at all to me. It's just that Darkcoin has no attributes and nothing going for it tech wise, so it's getting destroyed that way in conversation. It's like those on the monero team are the 160 IQ nerds and those on the darkcoin team are the half retarded bill boos.