[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[camosoul]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

Can't the difference between signing and sending be identified?

Yes.

How does this obfuscate anything?

It doesn't matter, because we don't know who/where the coins came from (the sending addresses aren't associated with anyone). You still need IP obfuscation to avoid a node associating a TX with your IP.

This is rewinding the conversation a bit. No longer focusing on the mixing/denominating technique, but on the fundamental idea of whether or not anything is actually being obfuscated by MNs at all...

OK, I thought I was right about that, but the announcement sounded almost like it was saying "this fixes everything" and it's really just a very large step int eh right direction with what I count as 5 small loose ends to be tied up yet.

One would still need to TX with denominated inputs AND peel off randomly timed change and intermix denominations to hide the quantity in/out. Oh, and IP obfuscation...

This lump of clay is really starting to come together.

[1715219434]

1715219434

[1715219434]

1715219434

[1715219434]

1715219434

[1715219434]

1715219434

[coinzcoinzcoinz]

Looks like we are about to make history. I take my hat off to Evan. Genius.

[thelonecrouton]

I agree that this makes sense for an objective, BUT:

Do the wallet-sent TX stand out in that mist? I still think the client should denominate before it sends to a masternode. This might happen by default per the pre-mix. But, sends from wallets are still not sends from identified MNs, so it's something identifiably not mist going into the mist... Thus, it might be identified coming out. I'd like to see a denominated multi-point-exit to shore this up.

No !  

That's the beauty of it - the transaction itself is now crystal clear which is what you want for verification, but the terminals are completely anonymous. He's separated completely the anonymising process from the transaction process which is a far more powerful configuration.

There's now no practical chance of ever tracing anything because the start and end points are effectively virgin each time. You don't need to ever worry about how "visible" the transaction is because the network precipitates your holdings into a fresh address before you even send them. That's why I said he's "moved the goalposts" because instead of the emphasis being on anonymising the transaction (which is the weak link in the chain) it's now the addresses that are continually recycled and anoymised.

That gives the network a *massive* level of redundancy in terms of anonymity. Even if another "algo" (e.g. cryptonote or whatever) were twice as reliable as DRK's, the DRK process would still blow it away because of the massive redundancy it has.

Superb.

If everyone's wallet will now contain nothing but 100,50,25,10,5,1 etc. amounts all in randomly generated addresses, this is the problem well and truly fucking solved, timing analysis becomes impossible.

Want more anonymity than this? Start shopping for wigs and sunglasses.

It's going to make rich-list bragging pretty hard though. The whole blockchain is going to look like homogenous heat death.

Ahahahaha, fucking brilliant.

 

[chaeplin]

Kristov Atlas said DarkSend+ is Revolutionary Coinjoin Approch.

[luigi1111]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

Can't the difference between signing and sending be identified? Yes. How does this obfuscate anything? It doesn't matter, because we don't know who/where the coins came from (the sending addresses aren't associated with anyone). You still need IP obfuscation to avoid a node associating a TX with your IP.

This is rewinding the conversation a bit. No longer focusing on the mixing/denominating technique, but on the fundamental idea of whether or not anything is actually being obfuscated by MNs at all...

OK, I thought I was right about that, but the announcement sounded almost like it was sying "this fixes everything" and it's really just a very large step int eh right direction with what I count as 5 small loose ends to be tied up yet.

To me, what you're suggesting (requesting?) basically requires zerocoin/cash-type opaqueness; it goes beyond simple anonymity. In the new DRK, the blockchain is still very transparent, there's just *hopefully* no useful information to be gleaned from it.

IP obfuscation is a separate and still very real vector that needs addressing.

[sharkbyte093]

I think timing becomes less of an issue because of the (relatively) long mixing process. Beyond that, I'm not quite sure what you're asking? "Normal" TXs will always be identifiable as such; this is by design and definition. It's just the senders' addresses aren't associated with anyone or anything. IP obfuscation should still be needed, though.

Ah I see. Got hung up on the timing thing I see now how that point is moot. Thanks.

[GhostPlayer]

Kristov Atlas said DarkSend+ is Revolutionary Coinjoin Approch.

I don't believe you. Link ? 

(oh shit, I just confronted El Presidente! I may be shot any second !!! )

[toknormal]

I don't believe you. Link ?

I think it's this...

https://www.youtube.com/watch?v=ohiCNDT7W08

[DarthMuffin]

Great to hear another update from the darkcoin team!

Development on RC4 is nearing an end and we expect that we’ll be firing up testnet in the coming week. Depending on what we find, testing and QA should take 2 to 4 weeks.

I'm all for taking the time needed to do it right, but, ugh.  Does that mean no RC4 in late July as originally planned, then?  Don't know how much more of this price slide I can stomach.

[luigi1111]

I agree that this makes sense for an objective, BUT:

Do the wallet-sent TX stand out in that mist? I still think the client should denominate before it sends to a masternode. This might happen by default per the pre-mix. But, sends from wallets are still not sends from identified MNs, so it's something identifiably not mist going into the mist... Thus, it might be identified coming out. I'd like to see a denominated multi-point-exit to shore this up.

No !  

That's the beauty of it - the transaction itself is now crystal clear which is what you want for verification, but the terminals are completely anonymous. He's separated completely the anonymising process from the transaction process which is a far more powerful configuration.

There's now no practical chance of ever tracing anything because the start and end points are effectively virgin each time. You don't need to ever worry about how "visible" the transaction is because the network precipitates your holdings into a fresh address before you even send them. That's why I said he's "moved the goalposts" because instead of the emphasis being on anonymising the transaction (which is the weak link in the chain) it's now the addresses that are continually recycled and anoymised.

That gives the network a *massive* level of redundancy in terms of anonymity. Even if another "algo" (e.g. cryptonote or whatever) were twice as reliable as DRK's, the DRK process would still blow it away because of the massive redundancy it has.

Superb.

If everyone's wallet will now contain nothing but 100,50,25,10,5,1 etc. amounts all in randomly generated addresses, this is the problem well and truly fucking solved, timing analysis becomes impossible.

Want more anonymity than this? Start shopping for wigs and sunglasses.

It's going to make rich-list bragging pretty hard though. The whole blockchain is going to look like homogenous heat death.

Ahahahaha, fucking brilliant.

 

No one can force you to denominate your coins though, so the rich list can be alive and well if its participants want it to be so. (if anyone is thinking the client could always do it without your permission, it really can't; there's no way to enforce it, besides having the clients discard addresses holding non-homogeneous coins after a certain period, which seems a *bit* harsh)

[camosoul]

There's now no practical chance of ever tracing anything because the start and end points are effectively virgin each time. You don't need to ever worry about how "visible" the transaction is because the network precipitates your holdings into a fresh address before you even send them.

I think this is the very thing I'm taking issue with... Being "virgin" is the very thing that creates the problem I see.

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info, and that is essentially the same problem BTC has that DRK is supposed to be solving.

If I'm wrong, help me understand.

The MNs might be a fog, but that actually makes it even more obvious when a non-denominated send goes in, and the 10 block cycle shows a denominated stack of exactly the same size coming back out in a single block. The variability of the mix depth doesn't really help, because it's all in at one block, all out at another. It could be 20 blocks. Or 1000. Doesn't make a difference.

I think timing becomes less of an issue because of the (relatively) long mixing process. Beyond that, I'm not quite sure what you're asking? "Normal" TXs will always be identifiable as such; this is by design and definition. It's just the senders' addresses aren't associated with anyone or anything. IP obfuscation should still be needed, though.

Ah I see. Got hung up on the timing thing I see now how that point is moot. Thanks.

It's still at issue. The clock isn't the timing that matters. It's block pattern. X goes into the fog, X comes out of the fog. Even with IP obfuscation, we still can follow X because it wasn't denominated the same way and occurred at an observable interval. It could take 3 weeks and it wouldn't matter. X went in, X came out, and it happened on 1 block for each. How far apart they are doesn't matter.

If X went in on 4 different blocks, and the MNs peeled it off a little at a time... What we really have is X, Y, and Z go in at different blocks, and come out at potentially even more points as B, C D, E, F and G, all on different block heights. Nothing adds up.

[chaeplin]

I don't believe you. Link ?

I think it's this...

https://www.youtube.com/watch?v=ohiCNDT7W08

Start 16:00

Maybe evolution ;(

[ImI]

Great to hear another update from the darkcoin team!

Development on RC4 is nearing an end and we expect that we’ll be firing up testnet in the coming week. Depending on what we find, testing and QA should take 2 to 4 weeks.

I'm all for taking the time needed to do it right, but, ugh.  Does that mean no RC4 in late July as originally planned, then?  Don't know how much more of this price slide I can stomach.

I'd expect end of august.

[toknormal]

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info

Do you mean that the nature of the transaction could be identified simply from the amount being transacted ?

[rentahash]

Live, kristof atlas DARK NEWS talks about darkcoin etc..

https://www.youtube.com/watch?v=ohiCNDT7W08

Kristov said that he has already been having conversations with Evan regarding Darksend, and will review the code, but can't really do it full-time obviously, but he will perhaps set up a drk donation address so if people will donate he will be able to spend more time with it.

Donation or no donation it does not matter.
People can easily see that adding 8 MNs for a transaction gives easy/clean anonymity level.

When something is obvious and easy to understand, review should not take much of his time

GREAT WORK Evan and dev team!

[Kyune]

You're asking if a coin that is being built for anonymity can be easily traced?

I respectfully disagree with you, the final transaction the person to person transaction occurs directly so that you can see the coins leave your wallet directly to the recipient's address and you can see the address getting the coins in the blockchain. So you can verify any transaction between buyer and seller just like you do now, but you are using previously mixed and denominated coins so that it is really a fog for everyone else! It is just brilliant, basically ecash! Great for business applications and way better than Bitcoin for B2B.

Thanks for your responses.  I'm probably not conveying my concern very well.

I'm a big fan of Darkcoin's anonymity features and I agree with Minotaur26 that even after RC4, a blockchain explorer can still be used to confirm a specific payment took place.  My worry is that, if there is no way to shield certain coins in your wallet from automatic premixing, RC4 will actually go a step too far in removing the benefits of a public accounting ledger from the coin's features.  There are many common everyday uses of the blockchain explorer to prove to others the history of coins that you currently control, and these are sometimes quite useful in the real world.  Pre-RC4 (if I am not mistaken) these were all available to Darkcoin, since using Darksend was just an optional choice -- as an individual user you COULD mix your coins, but you didn't HAVE to.  

Thus, pre-RC4, Darkcoin let you keep certain coins entirely outside the mixing process, and you could use a blockchain explorer to, say, prove the date you mined or acquired your coins for tax purposes (e.g. U.S. long-term capital gains), or prove that you haven't moved or spent coins you are holding on behalf of someone else (e.g., escrow), or prove how coins sent to a donation address were spent (i.e., allow an audit).  My concern is that, if RC4 forces pre-mixing of all coins, these uses of the blockchain as an accounting ledger become harder, and the paths to Darkcoin adoption narrow.   I see this as a bad outcome -- while I want Darkcoin to be a form of anonymous ecash, I also want it to be able to function as a full-fledged cryptocurrency.  Perhaps your vision is different.

TLDR: Should background mixing be opt-out so Darkcoin can still function as a full-fledged cryptocurrency even while providing anonymous transactions?

[camosoul]

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info

Do you mean that the nature of the transaction could be identified simply from the amount being transacted ?

I'm saying that the send can be correlated to the receive. The nature of it, who knows.

I'm saying that it's too much information. The blockchain is still transparent, and always should be. Information always adds up. Put as little correlative data out there as possible. The same script that correlates BTC could still correlate DRK.

It's less information, but it's still enough for a 3rd party to gather that A sent X to B.

[thelonecrouton]

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info

Do you mean that the nature of the transaction could be identified simply from the amount being transacted ?

An outside observer will have no idea whatsoever of the amount being transacted, because ALL transactions will use denominated amounts. It's just one big sea of zero useful information.

[camosoul]

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info

Do you mean that the nature of the transaction could be identified simply from the amount being transacted ?

An outside observer will have no idea whatsoever of the amount being transacted, because ALL transactions will use denominated amounts. It's just one big sea of zero useful information.

That doesn't appear to be true from where I am standing.

If I am standing in the wrong place, help me relocate.

[Brilliantrocket]

The quantity going in and out of the mix is still obvious. Maybe it can't be tied to me with IP obfuscation, but block timing will still give away too much info

Do you mean that the nature of the transaction could be identified simply from the amount being transacted ?

I'm saying that the send can be correlated to the receive. The nature of it, who knows.

I'm saying that it's too much information. The blockchain is still transparent, and always should be. Information always adds up. Put as little correlative data out there as possible. The same script that correlates BTC could still correlate DRK.

It's less information, but it's still enough for a 3rd party to gather that A sent X to B.

You won't be able to tell that the change addresses from which A sends belong to A. So you'll see that B received X coins, but there's no way to link A and B. When you open your wallet, your DRK will be sent ,in denominated amounts, to change addresses you control. Because there are a large number of coins involved, and the amounts are like, external observers won't be able to tie the change to your old address.