My 2 cents. I know jack about cryptos but I really like English.
I also agree with others who've pointed out that the actual document should be justified.
AbstractDarkCoin is the first privacy
-centric cryptographic currency based on Satoshi
Nakamoto’s Bitcoin. DarkSend, a technology for sending anonymous block
transactions
, is incorporated directly into the client using extensions to the core
protocol. An improved proof-of-work using a chain of hashing algorithms replaces
the SHA256 algorithm and will
result in a slower encroachment of more advanced mining
technologies (e.g. ASIC devices). DarkGravityWave is implemented to provide quick response to large
mining power fluctuations.
IntroductionBitcoin was a remarkable invention
. The concept of proof-of-work allowed
, for the first time
, decentralized consensus on a large scale network with no central authority. However, due to the very nature of decentralization
, the blockchain is inherently not private. This
has obvious implications for
users' personal privacy
, as all transactions are traceable in the block chain.
To solve this inherent problem of privacy, we created a new cryptocurrency
: Darkcoin.Darkcoin uses a decentralized
implementation of CoinJoin in order to anonymize transactions. We
named this implementation "DarkSend".
DarkSendDarksend is a CoinJoin-based, decentralized peer-to-peer being implemented into DarkCoin.
Darksend provides protocol extensions to merge transactions together into larger anonymous transactions. This system uses regular nodes and elects a master node to create the transaction in a decentralized fashion.
DarkSend is a completely trustless solution, where users can achieve
a level (vague. a low level? a sorta-kinda-ok level?...) of anonymity.
With the exception of a collateral transaction (explained later, in detal), users run no risk of losing any money at any time. This implementation of DarkSend is available
as an option through the client and can be deactivated
by the user at any time. The DarkSend implementation
gathers the required (required for what?) information in multiple stages in each session:- Stage 1: Accept inputs
- Stage 2: Accept outputs
- Stage 3: Elect a master node
- Stage 4: Broadcasst the finalized transaction
- Stage 5: Sign
- Stage 6: Collect or destroy collateral
Defending Against AttackWith
the decentralized implementation of Darksend, there are inherent challenges to dealing with rogue users
who intend (or attempt) to attack the system.
Such users could modify the software
in a way that would cause it to refuse to sign, which would force the pool to reset every round.
To defend against various attacks, DarkSend implements a collateral system. A transaction for 0.1DRK is made out to the payment node to ensure proper usage of the system. This transaction is separate from the funds added to the DarkSend pool. If a user submits an input but refuses to sign or leaves at any stage, the payment node will “cash” the transaction by signing and broadcasting it. Collateral transactions require multiple signatures
from more than one payment node to complete.Payment nodes are simply the last node to create a block - specifically, the last block solver and the one before that. These nodes will monitor DarkSend for misbehavior. Should any misbehavior be discovered, the payment nodes will “cash” the transaction by signing and broadcasting it. This
has the added benefit of creating a sustainable income stream - in addition to mining - for miners,
while simultaneously protecting the network from attackers.
The collateral transaction is made to multiple payment nodes
(the last block solver and the one before that). Cashing collateral transactions require multiple signatures from the user, payment node 1 and payment node 2.
(Graphic)Collateral transactions from a successful DarkSend session are effectively destroyed using a sigScript to make them valid only for a given period of time.
Improved AnonymityAn anonymity enhancement to the generic CoinJoin implementation is added by only allowing inputs of the same size into the DarkSend pools. These sizes are referred to
as "denominations" and are in powers of ten (
e.g. 1DRK, 10DRK, 100DRK, 1000DRK). This allows the inputs from all users to be virtually the same. Outputs per user must add up to the denomination size.
(Graphic)Users that send less money than the denomination size will use a second
"change" output. These outputs are new addresses not connected to their identity. This implementation allows or amounts of any precision to be sent without a negative impact in the quality of anonymity.
All users entering a DarkSend transaction pool have an equal chance of becoming the master node. All participant nodes know which node is the current master
by way of an election algorithm. Master nodes also have a collateral transaction that is made out to the payment node, which can be cashed if they misbehave in any way.
In the case where a master node loses internet connection or is a bad actor, the collateral transaction of that node will be cashed and a slave node will be elected in it’s place. Due to the trustless nature of DarkSend, there is no risk of lost money from the master node being a bad actor as a slave node would be elected to replace the master node and the collateral would be forfeited to the network
(meaning what, exactly? distributed to other users, destroyed,...?)Master Node ElectionThe election algorithm is a pseudo random deterministic algorithm based on the transaction
IDs (no apostrophe) in the Darksend pool. By adding up the hash values of the transaction
IDs (no apostrophe) and running the value through the X11 hashing algorithm, a pseudo random number is created.
(Mathey Codey stuff)This random number is compared to a target number derived from the txid and pubkeys of the users outputs. The node with the lowest score is elected master
while the second lowest score is elected slave. By using this algorithm we achieve a decentralized
, tamperproof system in which the users can know which node the master is.
Master Node ResponsibilitiesThe decentralized nature of DarkSend requires that one node
will decide which transactions are allowed into the pool to deal with network propagation issues. The master node is elected each round to broadcast the finalized transaction
, which will then be signed by the DarkSend participants.
The participants will be able to check the authenticity of the messages coming from the master node by utilizing ECDSA signatures for all messages after election.
Participants in a DarkSend will only sign the finalized transaction if they find that their inputs and outputs are present with the correct amounts. After the transaction is signed and confirmed to be valid, the master node will broadcast the finalized signed transaction and resign.
Improved Pool AnonymityUsers who want to increase the anonymity of the pools can run scripts to “push” DarkSend transactions through the pool by sending money to themselves with DarkSend. This will allow them to take up a space in the pool to ensure the anonymity of other users. If enough users run scripts like this one, the speed of transactions and the anonymity of the network will be increased.
Reward Curve vs Reward HalvingBitcoin was designed to have a fixed supply with a declining block reward schedule. This makes Bitcoin a deflationary currency, with a money supply that grows a small percentage year-over-year. One problem with this approach is the abrupt reward halving that happens every four years. This could eventually cause large distortions in the mining network when the profitability of mining changes drastically overnight.
DarkCoin replaces abrupt reward halving with a reward curve, 2222222/(((Difficulty+2600)/9)^2). The maximum and minimum amounts are set to 25 and 5 respectively. Using this formula
, the reward will gradually drop over the following months and years and then provide a steady supply of approximately 1 million coins per year.
Difficulty Retargeting Using DarkGravityWaveDarkGravityWave uses multiple exponential moving averages and a simple moving average to smoothly adjust the difficulty. This implementation resolves possible exploits in KimotoGravityWell by limiting the difficulty retargeting to 3 times the 14 period EMA difficulty average.
ProofOfWork Utilizing X11DarkCoin uses a new chained hashing algorithm approach, with many new scientific hashing algorithms for the proof-of-work. X11 consists of blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, and echo.
Because it is more complicated than a SHA256 ASIC implementation, the use of X11 will prevent the use of ASIC miners for the short-term to mid-term future. It will also allow for a longer period of mining for CPU/GPU users.
GPU miners that mine with the X11 algorithm are currently experiencing reduced power usage (up to 50%) and reduced heat generation compared to scrypt.