XMR vs DRK

[majamina]

Nice graph but with CRAVE using adrenaline , drk masternodes , dual key stealth addresses and much much more , things look very intresting. https://bitcointalk.org/index.php?topic=997356.0

This is "XMR vs DRK" not "Come spam coins"

[generalizethis]

As far as metadata is concerned, I'm assuming many mn's will not be using best practices and will leak information unbeknownst to the operator, which could set-up scenarios where they are surreptitiously being observed?

well we covered all that earlier....for the sake of argument, let's go binary and say a masternode is either compromised or it isn't, then consider the numbers in the table. You need to compromise 100% of the network to reliably trace all transactions. This is obviously the most extreme case. A more useful question would be 'where do things start to get interesting'. Well, if we had 1 billion transactions per day, you'd need about 75% of the network compromised to trace just one of those transactions each day. Make of that what you will.

I don't think anyone would argue with cryptonote coins offering the best anonymity set at the moment, the question becomes,"is dark's as advertised or good enough?" The as advertised is a hard sell given the already well discussed insta/accidental mine and the re-names that look like the "under new management" sign at the local dive.

Yep fair enough, as I said I think we've covered the instamine topic

As an investor, you would have to prove to me that your numbers are correct that indeed your management was forthright and had the investor's best interest in mind with every decision, and that you are offering the best product for the service desired. If you want to act like a company, this is what would be expected by most rational investors.

OK well if that's your criteria for investment then fair enough. I disagree with your statement about 'rational investors' though....I know many professional investors, with varied styles and varying attitudes to risk. It's not a one-size-fits-all game, and you can peddle the 'DRK is crooked' argument until you're blue in the face but people are still investing in it. People invest in Enron and Haliburton.

Call DRK a scam, a cult, whatever...the market does not lie.

People investing in Enron or Haliburton, doesn't do anything for my confidence --well, it does, but certainly not in a good way. It seems like everyone involved in your project is focused on profits, but not on any redeemable goal.

[generalizethis]

No cop out--Evan burned the trust bridge, so I have no inclination (nor should I) to give his figures the benefit of the doubt.

[majamina]

People investing in Enron or Haliburton, doesn't do anything for my confidence --well, it does, but certainly not in a good way. It seems like everyone involved in your project is focused on profits, but not on any redeemable goal.

Dude, play fair....you gave your investment criteria, I explained the wider picture....that's all.

[majamina]

Evan burned the trust bridge, so I have no inclination (nor should I) to give his figures the benefit of the doubt.

OK, well like I said I think that's a cop-out. I put it to you that you won't debate the figures because you don't like what they demonstrate about Darksend with Masternode Blinding. If that's wrong and you think the figures do show a good level of security then by all means correct me

[Johnny Mnemonic]

I still don't understand what these "probabilities" illustrate? Either a transaction is traceable or it isn't. What exactly are the probabilities for?

[equipoise]

OK I plotted the curve:




Here are the numbers of nodes behind the graph - sorry, Excel only renders percentages to 30 decimal places so I'll do 2 tables, one with percentages and one with numbers.

1.00%   0.000000000000000000000000000000%
2.00%   0.000000000000000000000000000000%
...

This is just the upper bound of the probability to brake it if there are no flaws at all in the master nodes (but there is no way for you to prove so). With the current Dash "model" you can't know what the lower bound is. The lower bound could be just a straight vertical line at 0. So the best you could say about the probability of braking it with owning no master nodes at all is that it's between 0% and 100%.

[majamina]

I still don't understand what these "probabilities" illustrate? Either a transaction can be traced or it cannot. What exactly are the probabilities of?

If you compromise a masternode and spy on it's activity, you can theoretically start to piece together all the required information to trace a Darksend transaction back to a user's wallet. Since nodes are selected randomly for Darksend, you would need to compromise the correct nodes to do so. These are the probabilities of you having compromised the correct nodes and therefore being able to decode the transaction.

[Johnny Mnemonic]

I still don't understand what these "probabilities" illustrate? Either a transaction can be traced or it cannot. What exactly are the probabilities of?

If you compromise a masternode and spy on it's activity, you can theoretically start to piece together all the required information to trace a Darksend transaction back to a user's wallet. Since nodes are selected randomly for Darksend, you would need to compromise the correct nodes to do so. These are the probabilities of you having compromised the correct nodes and therefore being able to decode the transaction.

Okay that makes sense. Thank you.

[Johnny Mnemonic]

Correct me if I'm mistaken: these are probabilities for tracing a specific transaction.

What are the probabilities of being able to trace any non-specific transaction?

[majamina]

OK I plotted the curve:




Here are the numbers of nodes behind the graph - sorry, Excel only renders percentages to 30 decimal places so I'll do 2 tables, one with percentages and one with numbers.

1.00%   0.000000000000000000000000000000%
2.00%   0.000000000000000000000000000000%
...

This is just the upper bound of the probability to brake it if there are no flaws at all in the master nodes (but there is no way for you to prove so). With the current Dash "model" you can't know what the lower bound is. The lower bound could be just a straight vertical line at 0. So the best you could say about the probability of braking it with owning no master nodes at all is that it's between 0% and 100%.

Fair comment and one of the most interesting points made so far. It's not the number of Masternodes you have to compromise, but how easily you can compromise them. e.g. an exploit could be found and suddenly you have the whole network and can trace the transactions. There are obviously other points to consider there, but I get the idea.

XMR relies on cryptography, DRK relies on secure Masternode code to protect anonymity at any given point in time (since mixing is off-chain).

You could draw parallels with BTC. People have been trying to break it for years, no joy. I'm sure people are trying to break DASH given the effort going into trolling it - will be interesting to see how it plays out.

[majamina]

Correct me if I'm mistaken: these are probabilities for tracing a specific transaction.

What are the probabilities of being able to trace any non-specific transaction?

good point.

thinking out loud.....at 1 billion transactions per day, if you captured all the activity of 75% of the MNs for a whole day, somewhere in that dataset is all the information you need to piece together 1 complete transaction.....go find it

[Johnny Mnemonic]

Correct me if I'm mistaken: these are probabilities for tracing a specific transaction.

What are the probabilities of being able to trace any non-specific transaction?

good point.

thinking out loud.....if you captured all the activity of 75% of the MNs for a whole day, somewhere in that dataset is all the information you need to piece together 1 complete transaction.....go find it

Well that's not the concern. The concern is an adversary spying on a small but significant portion of masternode activity (say 15%). Your one tx might have an astronomically low probability of being revealed, but other transactions on the network won't be so lucky. Meanwhile the NSA*cough*I mean our adversary, is just collecting these unmasked transactions and saving them in a giant database for some time in the future when they might want to extort the revealed parties.

Suddenly those probabilities don't look as good, because the cost of revealing non-specific transactions may be very low, and adversaries can simply "cast a net" and collect their victims.

[majamina]

Well that's not the concern. The concern is an adversary spying on a small but significant portion of masternode activity (say 15%). Your one tx might have an astronomically low probability of being revealed, but other transactions on the network won't be so lucky.

yes they will, that's how probability works

if there is an unbelievably tiny probability or catching a DS transaction with 15% of the network, you will catch an unbelievably tiny number of transactions....i.e. none in any sensible timeframe.

[fluffypony]

Fair comment and one of the most interesting points made so far. It's not the number of Masternodes you have to compromise, but how easily you can compromise them. e.g. an exploit could be found and suddenly you have the whole network and can trace the transactions. There are obviously other points to consider there, but I get the idea.

XMR relies on cryptography, DRK relies on secure Masternode code to protect anonymity at any given point in time (since mixing is off-chain).

So in other words, you've finally come to the same conclusion I've already expressed: everything hinges on the opsec of the MasterNode operators.

[majamina]

Fair comment and one of the most interesting points made so far. It's not the number of Masternodes you have to compromise, but how easily you can compromise them. e.g. an exploit could be found and suddenly you have the whole network and can trace the transactions. There are obviously other points to consider there, but I get the idea.

XMR relies on cryptography, DRK relies on secure Masternode code to protect anonymity at any given point in time (since mixing is off-chain).

So in other words, you've finally come to the same conclusion I've already expressed: everything hinges on the opsec of the MasterNode operators.

Nope, not at all....we went over all that.

It's the 'hardness' of the MN code that's important. How remotely exploitable it is, I would say.

edit: OK, giving this more consideration...remote exploitability of a given MN does have dependencies on Opsec. Let's assume what I think is fair to assume, that basic Opsec is in place similar to what we might expect on the BTC network....i.e MNs are at least behind a firewall and only listening on TCP/9999

[GTO911]

Why do we need masternodes when we have always available on chain cryptographic anonymity?

[majamina]

Why do we need masternodes when we have always available on chain cryptographic anonymity?

why do we need bloaty on-chain anonymity when we have masternodes providing off-chain anonymity that's fit-for-purpose?

[GTO911]

why do we need bloaty on-chain anonymity when we have masternodes providing off-chain anonymity that's fit-for-purpose?

Bloat?? bahahaha

http://www.digitaltrends.com/computing/intel-3d-nand-10tb-solid-state-drive/

We will have smaller size in future

https://bitcointalk.org/index.php?topic=972541.0

[majamina]

why do we need bloaty on-chain anonymity when we have masternodes providing off-chain anonymity that's fit-for-purpose?

Bloat?? bahahaha

http://www.digitaltrends.com/computing/intel-3d-nand-10tb-solid-state-drive/

yep, nice tech coming there...bottleneck on the network then (half-joking)

ok you can remove the word 'bloaty' from my statement if you like