[ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency

[AlexGR]

Closed source boo-hoo !!

Code Review

Kristov Atlas has agreed to be the first to review the Darksend code. Kristov will be evaluating anonymity and overall design of our technology and will report his findings publicly. We’ll be sending the code to him soon and we anticipate that we will hear back from Kristov by the end of the month.

What i love about Kristov is that he is a highly skeptical person by nature, but open-minded enough for pure objectivity.
 He's a brilliant observer and interpreter.

All the hallmarks of a great and thorough scientist.

I hope he can also provide some feedback for even greater levels of obfuscation / anonymity - if he finds areas of improvement

[AlexGR]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

[camosoul]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

[sharkbyte093]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

This is probably beyond the border of my understanding but what the hell.

I think what happens is that the masternode signs the transaction and passes it on to the next which signs it, and so on until it finally reaches its destination. So in essence there is a multi-signature chain which is utilized to facilitate a transaction between two addresses. So no one masternode could take the coins because of multiple signatures required, the node never actually has ownership of the coins.

[AlexGR]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

[KryptoFoo]

Development on RC4 is nearing an end and we expect that we’ll be firing up testnet in the coming week

Kristov Atlas has agreed to be the first to review the Darksend code. Kristov will be evaluating anonymity and overall design of our technology and will report his findings publicly. We’ll be sending the code to him soon and we anticipate that we will hear back from Kristov by the end of the month.

Couldn't have gotten a better person to review the darkcoin code - Kristov Atlas literally wrote the book on anonymous bitcoin. He knows his stuff and seems very fair and balanced.

http://anonymousbitcoinbook.com/

[luigi1111]

instead of bickering over whats the best algo for making an individual transaction disappear, just turn the entire f*cking coin supply into mist !!!

<snip>
It looks like it's almost there to me... I'd start my explanation of why I say that by saying first, it looks like the mist moved from the client to the MNS, and the identifiable part moved from the MNs to the clients... Now, this is not 100% true because the clients are receiving pre-mixed. But quantities and timing are still potentially, sometimes identifiable. Noted, there is a percentage linked on a google docs spreadsheet. Probability it not absolutely. That's why it's called probability and not absolutely.
<snip>

Very good points. A good place to start with regards to the block cycle might be to assign it a random probabilty that stands to have it occur somewhere between every 5-15 blocks or so.

The ultimate goal is to seamlessly hide the person-to-person transactions among the general mixing so that one cannot discern the difference.

I know this probably won't be popular (speed-wise) but maybe a good approach would be for people to have the option to wait for the general mixing to send a transaction (built into the client)? It would certainly slow down transaction speed but if the transaction were synced with the general mixing it would be very difficult to track. It could be implemented in the form of a checkbox perhaps? Maybe call it DarkMist.

I think this is expected behavior and isn't able to be masked (whether a TX is a user/buyer-to-user/seller or a denomination TX). By definition, when you denominate, change addresses are each going to receive homogeneous inputs; when you spend these inputs, you're going to use multiple inputs you need to come up with the proper amount to send to the user/seller. It's always been expected that these inputs will be associated with each other.

So it's like:
Mixing TX: random amounts > homogeneous amounts
Sending TX: homogeneous amounts > random amounts

You will always be able to determine which is which when there's only a single receiver address (which has been discussed thousands of pages ago, and determined unfeasible to use more than one). It doesn't matter when the mixing occurs; the "normal" TXs will be clear regardless.

[minerjav]

Impressive Team job.
My respects to DRK developers.

[illodin]

Live, kristof atlas DARK NEWS talks about darkcoin etc..

https://www.youtube.com/watch?v=ohiCNDT7W08

Kristov said that he has already been having conversations with Evan regarding Darksend, and will review the code, but can't really do it full-time obviously, but he will perhaps set up a drk donation address so if people will donate he will be able to spend more time with it.

[sharkbyte093]

instead of bickering over whats the best algo for making an individual transaction disappear, just turn the entire f*cking coin supply into mist !!!

<snip>
It looks like it's almost there to me... I'd start my explanation of why I say that by saying first, it looks like the mist moved from the client to the MNS, and the identifiable part moved from the MNs to the clients... Now, this is not 100% true because the clients are receiving pre-mixed. But quantities and timing are still potentially, sometimes identifiable. Noted, there is a percentage linked on a google docs spreadsheet. Probability it not absolutely. That's why it's called probability and not absolutely.
<snip>

Very good points. A good place to start with regards to the block cycle might be to assign it a random probabilty that stands to have it occur somewhere between every 5-15 blocks or so.

The ultimate goal is to seamlessly hide the person-to-person transactions among the general mixing so that one cannot discern the difference.

I know this probably won't be popular (speed-wise) but maybe a good approach would be for people to have the option to wait for the general mixing to send a transaction (built into the client)? It would certainly slow down transaction speed but if the transaction were synced with the general mixing it would be very difficult to track. It could be implemented in the form of a checkbox perhaps? Maybe call it DarkMist.

I think this is expected behavior and isn't able to be masked (whether a TX is a user/buyer-to-user/seller or a denomination TX). By definition, when you denominate, change addresses are each going to receive homogeneous inputs; when you spend these inputs, you're going to use multiple inputs you need to come up with the proper amount to send to the user/seller. It's always been expected that these inputs will be associated with each other.

So it's like:
Mixing TX: random amounts > homogeneous amounts
Sending TX: homogeneous amounts > random amounts

You will always be able to determine which is which when there's only a single receiver address (which has been discussed thousands of pages ago, and determined unfeasible to use more than one). It doesn't matter when the mixing occurs; the "normal" TXs will be clear regardless.

OK, but with regards to tracking transactions via timing, would it not afford greater anonymity to have the transactions as temporally close as possible? Outliers stick out like a sore thumb.

[Phillis]

why did the mods delete all my posts? As a darkcoin supporter (and investor) i should be able to say "great news" for this type of an update, particularly when people are constantly trolling this thread.

But if you want it to be meaningful, this latest news is really great to hear, since the price has slid quite a bit over the last few weeks.

[camosoul]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

Can't the difference between signing and sending be identified? How does this obfuscate anything?

This is rewinding the conversation a bit. No longer focusing on the mixing/denominating technique, but on the fundamental idea of whether or not anything is actually being obfuscated by MNs at all...

[luigi1111]

instead of bickering over whats the best algo for making an individual transaction disappear, just turn the entire f*cking coin supply into mist !!!

<snip>
It looks like it's almost there to me... I'd start my explanation of why I say that by saying first, it looks like the mist moved from the client to the MNS, and the identifiable part moved from the MNs to the clients... Now, this is not 100% true because the clients are receiving pre-mixed. But quantities and timing are still potentially, sometimes identifiable. Noted, there is a percentage linked on a google docs spreadsheet. Probability it not absolutely. That's why it's called probability and not absolutely.
<snip>

Very good points. A good place to start with regards to the block cycle might be to assign it a random probabilty that stands to have it occur somewhere between every 5-15 blocks or so.

The ultimate goal is to seamlessly hide the person-to-person transactions among the general mixing so that one cannot discern the difference.

I know this probably won't be popular (speed-wise) but maybe a good approach would be for people to have the option to wait for the general mixing to send a transaction (built into the client)? It would certainly slow down transaction speed but if the transaction were synced with the general mixing it would be very difficult to track. It could be implemented in the form of a checkbox perhaps? Maybe call it DarkMist.

I think this is expected behavior and isn't able to be masked (whether a TX is a user/buyer-to-user/seller or a denomination TX). By definition, when you denominate, change addresses are each going to receive homogeneous inputs; when you spend these inputs, you're going to use multiple inputs you need to come up with the proper amount to send to the user/seller. It's always been expected that these inputs will be associated with each other.

So it's like:
Mixing TX: random amounts > homogeneous amounts
Sending TX: homogeneous amounts > random amounts

You will always be able to determine which is which when there's only a single receiver address (which has been discussed thousands of pages ago, and determined unfeasible to use more than one). It doesn't matter when the mixing occurs; the "normal" TXs will be clear regardless.

OK, but with regards to tracking transactions via timing, would it not afford greater anonymity to have the transactions as temporally close as possible? Outliers stick out like a sore thumb.

I think timing becomes less of an issue because of the (relatively) long mixing process. Beyond that, I'm not quite sure what you're asking? "Normal" TXs will always be identifiable as such; this is by design and definition. It's just the senders' addresses aren't associated with anyone or anything. IP obfuscation should still be needed, though.

[qwizzie]

why did the mods delete all my posts? As a darkcoin supporter (and investor) i should be able to say "great news" for this type of an update, particularly when people are constantly trolling this thread.

But if you want it to be meaningful, this latest news is really great to hear, since the price has slid quite a bit over the last few weeks.

Hi Phillis,


i noticed some of my posts getting deleted by forum moderators as well, no idea why... as some of the same
posts by other people are still readable and have not been moderated.

I find this selective moderating highly disturbing.

qwizzie

[luigi1111]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

Can't the difference between signing and sending be identified? Yes. How does this obfuscate anything? It doesn't matter, because we don't know who/where the coins came from (the sending addresses aren't associated with anyone). You still need IP obfuscation to avoid a node associating a TX with your IP.

This is rewinding the conversation a bit. No longer focusing on the mixing/denominating technique, but on the fundamental idea of whether or not anything is actually being obfuscated by MNs at all...

[camosoul]

instead of bickering over whats the best algo for making an individual transaction disappear, just turn the entire f*cking coin supply into mist !!!

<snip>
It looks like it's almost there to me... I'd start my explanation of why I say that by saying first, it looks like the mist moved from the client to the MNS, and the identifiable part moved from the MNs to the clients... Now, this is not 100% true because the clients are receiving pre-mixed. But quantities and timing are still potentially, sometimes identifiable. Noted, there is a percentage linked on a google docs spreadsheet. Probability it not absolutely. That's why it's called probability and not absolutely.
<snip>

Very good points. A good place to start with regards to the block cycle might be to assign it a random probabilty that stands to have it occur somewhere between every 5-15 blocks or so.

The ultimate goal is to seamlessly hide the person-to-person transactions among the general mixing so that one cannot discern the difference.

I know this probably won't be popular (speed-wise) but maybe a good approach would be for people to have the option to wait for the general mixing to send a transaction (built into the client)? It would certainly slow down transaction speed but if the transaction were synced with the general mixing it would be very difficult to track. It could be implemented in the form of a checkbox perhaps? Maybe call it DarkMist.

I think this is expected behavior and isn't able to be masked (whether a TX is a user/buyer-to-user/seller or a denomination TX). By definition, when you denominate, change addresses are each going to receive homogeneous inputs; when you spend these inputs, you're going to use multiple inputs you need to come up with the proper amount to send to the user/seller. It's always been expected that these inputs will be associated with each other.

So it's like:
Mixing TX: random amounts > homogeneous amounts
Sending TX: homogeneous amounts > random amounts

You will always be able to determine which is which when there's only a single receiver address (which has been discussed thousands of pages ago, and determined unfeasible to use more than one). It doesn't matter when the mixing occurs; the "normal" TXs will be clear regardless.

OK, but with regards to tracking transactions via timing, would it not afford greater anonymity to have the transactions as temporally close as possible? Outliers stick out like a sore thumb.

I think timing becomes less of an issue because of the (relatively) long mixing process. Beyond that, I'm not quite sure what you're asking? "Normal" TXs will always be identifiable as such; this is by design and definition. It's just the senders' addresses aren't associated with anyone or anything. IP obfuscation should still be needed, though.

The 'timing' in the temporal sense is not being challenged. It will exist int he blockchain for all time, to be examined at leisure... By timing we mean the block patter of 10 cycles, mix depth always having an in and an out of same total volume... And if signing has any impact on hiding a send...

[naxin]

The way I understand it, nothing is added to the blockchain between the green boxes. The masternodes never actually hold the funds, they just facilitate signing. Someone correct me if I am mistaken.  

This is correct the masternodes never actually hold the funds they just facilitate transactions.

Pardon me for playing Devil's Advocate: But, if the coins don't actually change hands, how does this obfuscate anything?

XC is coin-forwarding (coins go to the node). DRK's masternode simply signs transactions.

Please enlighten me further; elaborate.

When I want to send you money through a DarkSend, the masternode does not receive my coins and forward it to you. This would be a trusted technique in which the node would potentially steal the coin. What the masternode does is use my keys for signing the transaction. It's a middleman who never owns my coins.

In XC, for example, A sends the coins to node and then node sends coins to B.

Can't the difference between signing and sending be identified? How does this obfuscate anything?

This is rewinding the conversation a bit. No longer focusing on the mixing/denominating technique, but on the fundamental idea of whether or not anything is actually being obfuscated by MNs at all...

I don't have time to explain the process in more detail now as I have a job interview in 30 minutes, so hopefully someone else can, but I will say this: It does obfuscate things and the fundamental idea is solid!

[camosoul]

why did the mods delete all my posts? As a darkcoin supporter (and investor) i should be able to say "great news" for this type of an update, particularly when people are constantly trolling this thread.

But if you want it to be meaningful, this latest news is really great to hear, since the price has slid quite a bit over the last few weeks.

Hi Phillis,

i noticed some of my posts getting deleted by forum moderators as well, no idea why... as some of the same
posts by other people are still readable and have not been moderated.

I find this selective moderating highly disturbing.

qwizzie

I've had posts as simple as "Good job!" get deleted by mods... Yet my deliberately offensive rants and cussing remains... It's like the mods are on crack or pushing an agenda maybe? Not sure... IT seems more random than agenda-driven... But maybe they're just mixing in white noise to hide the agenda... It's purely speculative to draw a conclusion.

[toknormal]

I agree that this makes sense for an objective, BUT:

Do the wallet-sent TX stand out in that mist? I still think the client should denominate before it sends to a masternode. This might happen by default per the pre-mix. But, sends from wallets are still not sends from identified MNs, so it's something identifiably not mist going into the mist... Thus, it might be identified coming out. I'd like to see a denominated multi-point-exit to shore this up.

No !  

That's the beauty of it - the transaction itself is now crystal clear which is what you want for verification, but the terminals are completely anonymous. He's separated completely the anonymising process from the transaction process which is a far more powerful configuration.

There's now no practical chance of ever tracing anything because the start and end points are effectively virgin each time. You don't need to ever worry about how "visible" the transaction is because the network precipitates your holdings into a fresh address before you even send them. That's why I said he's "moved the goalposts" because instead of the emphasis being on anonymising the transaction (which is the weak link in the chain) it's now the addresses that are continually recycled and anoymised.

That gives the network a *massive* level of redundancy in terms of anonymity. Even if another "algo" (e.g. cryptonote or whatever) were twice as reliable as DRK's, the DRK process would still blow it away because of the massive redundancy it has.

Superb.

[thelonecrouton]

why did the mods delete all my posts? As a darkcoin supporter (and investor) i should be able to say "great news" for this type of an update, particularly when people are constantly trolling this thread.

But if you want it to be meaningful, this latest news is really great to hear, since the price has slid quite a bit over the last few weeks.

Hi Phillis,


i noticed some of my posts getting deleted by forum moderators as well, no idea why... as some of the same
posts by other people are still readable and have not been moderated.

I find this selective moderating highly disturbing.

qwizzie

If I report a post by another user, at least one of my own gets deleted... and the reported post might or might not.

Basically the bitcointalk mods are dickheads.