thelonecrouton
Legendary
 Offline
Activity: 966
Merit: 1000
|
 |
April 28, 2014, 06:10:03 PM |
|
There is no link to wallet address A, but there IS a link to the change address (let's call that address C).
After darksend is complete, if the user purchased goods with address C on a site that contained personal information - he would be outing himself as the user who performed the darksend transaction to user B (above). The change address needs to be sent back through a second wash to remove the link between C and B.
He would only be outed if the attacker was in possession of his unencrypted wallet, with both the sending address and the receiving change address providing that information. Can't see how change address C is linkable to sending address A by inspecting the blockchain? If it is, then you're right of course, I'm often a dunce.  |
|
|
|
|
|
humanitee
|
|
April 28, 2014, 06:14:03 PM |
|
Where is the discoverable link between user A sending DRK to user B and user A receiving change in a new wallet address? I thought that bit was off-chain?
The link is math. You wouldn't know who received 7.28 and who received 2.72, but those two added together would be 10 DRK, meaning they were from the same original address. But in order to put that math together, you would already have to know sent amount, who it was sent to and where it was sent from. At that point user(s) A/B is/are already chained up in a dark concrete room having a very unpleasant day. The final transaction with all ins and outs from all users for some denomination (10 DRK in this case) shows just that. You wouldn't know the beginning address, but you would be able to say 2.72 DRK and 7.28 DRK go together, unless there were multiple 2.72 and 7.28 outputs. |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
|
Simcom
|
|
April 28, 2014, 06:20:45 PM |
|
There is no link to wallet address A, but there IS a link to the change address (let's call that address C).
After darksend is complete, if the user purchased goods with address C on a site that contained personal information - he would be outing himself as the user who performed the darksend transaction to user B (above). The change address needs to be sent back through a second wash to remove the link between C and B.
He would only be outed if the attacker was in possession of his unencrypted wallet, with both the sending address and the receiving change address providing that information. Can't see how change address C is linkable to sending address A by inspecting the blockchain? If it is, then you're right of course, I'm often a dunce. Lets break this down to improve clarity: A wants to send 2 coins to E B wants to send 3 coins to F A sends the masternode 10 coins, and address C (C is the change address) B sends the masternode 10 coins, and address D (D is the change address) The masternode will mix the coins and output: 2 coins to E 8 coins to C 3 coins to F 7 coins to D It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on. |
|
|
|
|
|
kaene
|
|
April 28, 2014, 06:25:53 PM |
|
Anyone care to share cool software that interacts with Mintpal ?
Their trading API is still private beta, I don't think there is any software able to do it (at least not using their API) |
|
|
|
|
GhostPlayer
Legendary
Offline
Activity: 1092
Merit: 1000
|
|
April 28, 2014, 06:28:31 PM |
|
Anyone care to share cool software that interacts with Mintpal ?
Their trading API is still private beta, I don't think there is any software able to do it (at least not using their API) Then how on earth are those instant and multiple sell/buy walls and ramps created? special pals of Mintpal?  |
|
|
|
|
thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
April 28, 2014, 06:36:45 PM |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... |
|
|
|
|
|
Simcom
|
|
April 28, 2014, 06:40:01 PM
Last edit: April 28, 2014, 07:40:59 PM by Simcom |
|
There is no link to wallet address A, but there IS a link to the change address (let's call that address C).
After darksend is complete, if the user purchased goods with address C on a site that contained personal information - he would be outing himself as the user who performed the darksend transaction to user B (above). The change address needs to be sent back through a second wash to remove the link between C and B.
He would only be outed if the attacker was in possession of his unencrypted wallet, with both the sending address and the receiving change address providing that information. Can't see how change address C is linkable to sending address A by inspecting the blockchain? If it is, then you're right of course, I'm often a dunce. Lets break this down to improve clarity: A wants to send 2 coins to E B wants to send 3 coins to F A sends the masternode 10 coins, and address C (C is the change address) B sends the masternode 10 coins, and address D (D is the change address) The masternode will mix the coins and output: 2 coins to E 8 coins to C 3 coins to F 7 coins to D It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on. Alternatively it could be set up like this: A wants to send 2 coins to X B wants to send 3 coins to Y A sends the masternode 10 coins, and address C,D,E,F,G,H,I,J (8 different change addresses) B sends the masternode 10 coins, and address K,L,M,N,O,P,Q (7 different change addresses) The masternode will mix the coins and output: 2 coins to X 3 coins to Y 1 coin each to C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q That would solve the problem completely, but you would be able to determine who the recipients are. Even better would be: 2 coins to X 3 coins to Y 2 coin each to C,D,K 3 coins each to E,M,N 1 coin to H,Q Then you wouldn't even be able to tell who are the intended receiving addresses. |
|
|
|
|
thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
April 28, 2014, 06:47:11 PM |
|
Regardless, the wallet should be passphrase protected at startup for anyone to see anything at all.
|
|
|
|
|
|
Simcom
|
|
April 28, 2014, 06:55:11 PM
Last edit: April 28, 2014, 07:08:12 PM by Simcom |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... 2+8=10 This proves that whoever holds coins at C darksent 2 coins to E, or received 8 coins from whoever holds address E. |
|
|
|
|
thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
April 28, 2014, 06:57:25 PM |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... 2+8=10 This proves that whoever holds coins at C darksent 2 coins to E. No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all. |
|
|
|
|
|
humanitee
|
|
April 28, 2014, 07:05:34 PM |
|
No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all.
Simcom, just give up. lol. |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
|
Simcom
|
|
April 28, 2014, 07:05:58 PM |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... 2+8=10 This proves that whoever holds coins at C darksent 2 coins to E. No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all. Please describe the flaw in my logic  C and E are linked on the block explorer because 8+2=10, one is the change address one is the receiving address. If C lightsends DRK to any vendor compromised by law enforcement, they will know that either: C recieved 8 coins from whoever holds change address E or C sent E 2 coins |
|
|
|
|
|
Simcom
|
|
April 28, 2014, 07:06:58 PM |
|
No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all.
Simcom, just give up. lol. Please tell me you understand this, lol.  |
|
|
|
|
|
humanitee
|
|
April 28, 2014, 07:09:35 PM |
|
No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all.
Simcom, just give up. lol. Please tell me you understand this, lol. Yes. |
| | |
Fast, Secure, and Fully
Decentralized Trading | BACKED BY:
─────────────────────────
| BINANCE
─────── LAB | & | █████████████████████████████████ █ ███
█▀ ▀█ ███▀▀▀▀▀████████ ████▀▀███▀ █
█ █████ ▄▄▄▄▄ █ ▀ █ ███ █ ██
█▄ ▀█ ██ █ ▄███ ██████ ███
█████ █ ██ ███ █ ████ ████ ▄ ███
█▄ ▄█▄ ▄█▄ ▀ ████▄ ▄█ ██ ██
████████████████████████████████████████ |
|
|
| Whitepaper
Medium
Reddit
|
|
|
|
|
Simcom
|
|
April 28, 2014, 07:10:49 PM |
|
No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all.
Simcom, just give up. lol. Please tell me you understand this, lol. Yes. Thank god lol. |
|
|
|
|
luigi1111
Legendary
Offline
Activity: 1105
Merit: 1000
|
|
April 28, 2014, 07:13:05 PM |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... 2+8=10 This proves that whoever holds coins at C darksent 2 coins to E. No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all. Please describe the flaw in my logic C and E are linked on the block explorer because 8+2=10, one is the change address one is the receiving address. If C lightsends DRK to any vendor compromised by law enforcement, they will know that either: C was sent 8 coins from whoever holds change address E or C sent E 2 coins His logic is sound. This is something that should get an explanation I believe. There are ways to completely hide it though, as has been discussed. Off-hand, I can think of either: 1. mixing the change a second time; 2. further subdividing the change. Consider: Instead of (existing change): 8 to C 7 to D You have: 6 to C 6 to D 1 to G (belonging to C) 1 to H (also C) 1 to I (belonging to D) If my logic is sound, you now can only guess which is which. Right? |
|
|
|
|
|
chompyZ
|
|
April 28, 2014, 07:14:45 PM |
|
No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all.
Simcom, just give up. lol. Please tell me you understand this, lol. I understand this... and i'm 5y/o. BTW, i'm not a techie but I think your solution above with many change addresses of 1drk each is neat. |
|
|
|
|
|
|
fearcoka
Legendary
Offline
Activity: 1008
Merit: 1000
|
|
April 28, 2014, 07:17:41 PM |
|
lmfao  |
Just Nao Tomori and Bitcoin ( ͡° ͜ʖ ͡°)
|
|
|
thelonecrouton
Legendary
Offline
Activity: 966
Merit: 1000
|
|
April 28, 2014, 07:23:07 PM |
|
Lets break this down to improve clarity:
A wants to send 2 coins to E
B wants to send 3 coins to F
A sends the masternode 10 coins, and address C (C is the change address)
B sends the masternode 10 coins, and address D (D is the change address)
The masternode will mix the coins and output:
2 coins to E
8 coins to C
3 coins to F
7 coins to D
It will be impossible to tell whether A sent coins to E&C or F&D. It is possible however to say that whoever holds address C sent 2 coins to E. Now if user A wants to buy something on amazon with DRK, and uses the coins at address C, amazon (or anyone who has compromised amazon's servers) can determine with 100% certainty that user A sent 2 coins to E in the earlier darksend transaction. If the coins are darksent to amazon then there wouldn't be a problem I guess. Really the coins at address C should be automatically washed after the transaction to maintain anonymity in case the user non-darksends them later on.
Still not seeing any provable link between amount of change received by C and initial transaction between A and E. At least not without full access to the wallet that holds A and C, at which point all else is moot. Must be going blonde... 2+8=10 This proves that whoever holds coins at C darksent 2 coins to E. No, 2+8=10 proves 2+8=10. Doesn't prove anything else at all. Please describe the flaw in my logic C and E are linked on the block explorer because 8+2=10, one is the change address one is the receiving address. If C lightsends DRK to any vendor compromised by law enforcement, they will know that either: C recieved 8 coins from whoever holds change address E or C sent E 2 coins 1. C did not receive 8 coins from E 2. C did not send E 2 coins. 3. Nothing links back to A anyway, as the muxing is off-chain and no record is kept of it. |
|
|
|
|
|
