Bitcoin Forum
November 07, 2024, 08:45:12 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 [3607] 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 ... 7012 »
  Print  
Author Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency  (Read 9723475 times)
wozzek23
Sr. Member
****
Offline Offline

Activity: 1589
Merit: 284


View Profile
December 01, 2014, 05:08:26 PM
 #72121

its basically about the problem which occurs in every pow coin, also btc.
the whole network hash rate (which secures the network and is meant to be decentraliced on miners all over the network) is tunneled through the major pools.
if a pool reaches more than 51% of the network hash rate, the pool operators could do attacks like doublespending etc..
its also easy to attack the network by compromising the pool servers of the 3 largest pools (which make up a hash rate greater than 51%)

edit: thelonecrouton, do you know some mathematical analysis, paper or something which shows why pool users gain more block rewards (pool finds more blocks statistically) than solo miners?
My assumption would be there is no difference at inifinite time

Great, thank you.
Minotaur26
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


View Profile
December 01, 2014, 05:10:31 PM
 #72122

I sure someone will dig up the percentages and it was incredibly lower than one percent. This is why we commissioned Kristov Atlas.

At this point you do sound more and more like a concern troll.

I can quite imagine I might be coming off that way, but Im not. It is admittedly a rather legitimate and serious concern so I think we can discredit trolling.

ChildHarold is most definitely a concern troll, offering no facts and just trying to create a discussion hoping to include his solution as an alternative when it is not. The easiest way to respond to this is with facts so here we go:

A concerned user could mix his coins using Darksend to a depth of 8 rounds, assuming a network of 1300MN,  a person controlling 100 MN would have a 0.000000093986159131% chance of uncovering a particular transaction.

A person controlling 50% of the network, meaning owning 650MN, would have a chance of 0.382253675331956000% of uncovering a specific transaction. In this case he would have to acquire 650000DRK in the open markets which would sky rocket the price, and do this knowing he has 99.62% probability of not uncovering the transactions he is looking for.

The system is very well designed  an attacker would have to control 90% plus of the network to have a chance of around 40% of uncovering a transaction at which point he would be the only one with Darkcoins and the price would surge to the thousands.

Having said this, a really concerned user could just send his coins through more rounds. Other anon systems are vulnerable to sybil attacks too and use secret keys or cryptography that could one day be uncovered. Darksend is future proof.

Besides this solid anon solution, it supports instantaneous transactions and the ahead of time mixing prevents timing analysis. It is really best balanced all around anon coin in the market and the market recognizes this period.



I came in here to ask questions. I never claimed to offer facts or solutions.  
I wanted to know if Evan had changed his opinion of ZK since the landscape may have changed in the six months since his remarks. A convo about MN's began and it was good to get clarifications. A few FACTS about MN's have been explained and I am grateful for the responses.

One thing I did suggest is that MN operators might be wary of U.S. providers like Amazon. I cannot deliver facts to substantiate my feeling about this. Im prob just paranoid.

I am not sure it is a fact you'd need to own the darkcoins, just have backdoors into the servers the MN's are running on would seem sufficient (altho maybe not). Agreed this all sounds very unlikely but as long as there is a CHANCE of de-anonymization I'd like to know the odds.

Thanks for doing the maths regarding these odds. I can be sure these numbers are good?

cheers

 

This is unofficial, please do your own math, but it should give you a good idea:

thelonecrouton
Legendary
*
Offline Offline

Activity: 966
Merit: 1000


View Profile
December 01, 2014, 05:12:57 PM
Last edit: December 01, 2014, 05:25:46 PM by thelonecrouton
 #72123

edit: thelonecrouton, do you know some mathematical analysis, paper or something which shows why pool users gain more block rewards (pool finds more blocks statistically) than solo miners?
My assumption would be there is no difference at inifinite time

You're right, over a long enough timespan it would be the same. The advantage of pooled mining for miners is that when one miner in the pool finds a block, they all share the reward, so the income is steady. Great for miners, completely crap for blockchain security.

If the blockchain were maintained solely by Masternode consensus, the system would be hundreds of times more secure than it is now, and hundreds of times more expensive to attack.  Grin

Personaly I'd like a backup plan though, and if solo mining can be enforced (or heavily financially incentivised vs. pooled mining) at a protocol level then that would be great. And there are blockchain models that make that possible, if the will is there to adopt them.


edit - example protocols:

https://bitslog.wordpress.com/2014/06/19/theoretical-and-practical-nonoutsourceable-puzzles/

http://hackingdistributed.com/2014/06/18/how-to-disincentivize-large-bitcoin-mining-pools/
superplus
Sr. Member
****
Offline Offline

Activity: 475
Merit: 500



View Profile
December 01, 2014, 05:27:25 PM
 #72124

edit: thelonecrouton, do you know some mathematical analysis, paper or something which shows why pool users gain more block rewards (pool finds more blocks statistically) than solo miners?
My assumption would be there is no difference at inifinite time

You're right, over a long enough timespan it would be the same. The advantage of pooled mining for miners is that when one miner in the pool finds a block, they all share the reward, so the income is steady. Great for miners, completely crap for blockchain security.

If the blockchain were maintained solely by Masternode consensus, the system would be hundreds of times more secure than it is now, and hundreds of times more expensive to attack.  Grin

Personaly I'd like a backup plan though, and if solo mining can be enforced (or heavily financially incentivised vs. pooled mining) at a protocol level then that would be great. And there are blockchain models that make that possible, if the will is there to adopt them.


i don't know exactly how this would be done on protocol level, but i definitely would vote for that solution!
maybe this could be a topic to discuss with evan in detail after the next release is out.

edit: nice links im gonna read them later on!
salmion
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500



View Profile
December 01, 2014, 05:31:01 PM
 #72125

Mining and masternodes have to remain separate.

If the masternodes go down you can't mix. However if the two are linked you are putting all your eggs in one basket.

Every update would have to be absolutely perfect. You don't want to be in a situation where if something needs to be fixed with the MN network the coin stops.
child_harold
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile
December 01, 2014, 06:05:57 PM
 #72126

This is unofficial, please do your own math, but it should give you a good idea:



thanks for this. the final values presented here reflect a chain of 8 MN's, correct?
but the default for DarkSend is set at 2 (or less than 8 anyway). is this also correct? obviously 8 is exponentially better than 2.

Please correct any mistakes. thanks.

superplus
Sr. Member
****
Offline Offline

Activity: 475
Merit: 500



View Profile
December 01, 2014, 06:15:01 PM
Last edit: December 01, 2014, 06:25:19 PM by superplus
 #72127

This is unofficial, please do your own math, but it should give you a good idea:



thanks for this. the final values presented here reflect a chain of 8 MN's, correct?
but the default for DarkSend is set at 2 (or less than 8 anyway). is this also correct? obviously 8 is exponentially better than 2.

Please correct any mistakes. thanks.


yes,
probability first row with 2 rounds would be ~0.038^2
second row ~0.057^2 and so on..

if that is too risky for you, you can set it to 8 in preferences
Minotaur26
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000


View Profile
December 01, 2014, 06:23:39 PM
 #72128

This is unofficial, please do your own math, but it should give you a good idea:



thanks for this. the final values presented here reflect a chain of 8 MN's, correct?
but the default for DarkSend is set at 2 (or less than 8 anyway). is this also correct? obviously 8 is exponentially better than 2.

Please correct any mistakes. thanks.

You are correct, the numbers are for 8 rounds, remember this only analyzes the rogue masternode argument and tries to answer the question: What is the probability of success, someone acquiring masternodes to uncover  specific transactions would have?  This has an economic component to it, as someone attempting this type of attack would have to acquire the coins on the open market driving the price to the stratosphere to have any chance of success and spending a lot of money.

Mixing depth is configurable on the client from 2 to 8 rounds at the moment, the user chooses the level of anonymity he prefers if you are only buying herpes medicine and don't want people to find out 2 rounds might be more than enough to manage your risk, if you are buying on a dark market 8 plus rounds would be your choice. There is no particular reason why 8 rounds is the max, you could do more rounds if it was necessary.

Also the mixing is done ahead of time, you may mix now and spend a year later, this is really good to avoid timing analysis.
toknormal
Legendary
*
Offline Offline

Activity: 3066
Merit: 1188


View Profile
December 01, 2014, 06:36:46 PM
 #72129


If I was strategy commander for Darkcoin (which I'm not by the way  Wink ), I'd create some kind of contingency whereupon the mining majority could somehow protect the masternode majority in some kind of symbiotic dependency.

i.e. to subvert the masternode population you'd have to subvert the mining population as well.

You have that utterly arse backwards.

90% of mining goes through 5 pools. And you would need at most 3 of them to control or destroy the coin.

Mining provides exactly fuck all security.

I doubt it.

I realise that it's fashionable right now to be maligning the idea of pools because of their "potential" to threaten the network. But the reality is that pools are still aggregations of decentralised mining power, Its subscribers are generally actors in good faith. You can't just "buy up" that kind of mining power.

On the other hand, masternodes can be bought. I don't have enough technical understanding to know how much of a threat this poses to the network or even if it's a threat at all, but I've set up a masternode and could envisage how, overtime, a single player could monopolise the network.

Aggregated mining is not the same thing as "centralised" mining. Whereas if I bought up 50% of the masternodes that WOULD be centralised masternoding because I have control over all those masternodes myself - they can't "wander off" to another pool.

droptable
Sr. Member
****
Offline Offline

Activity: 363
Merit: 250


View Profile
December 01, 2014, 06:49:43 PM
 #72130


yes, a 51%-attac is a bad thing.
but its not the end.

so when a 51A happens, the second (or more likely, some minutes after  Wink) people will point their power elseware.

is the state of the shares concerning?
yes.

is the end of the world near?
no.

//BUT thank you for your concerns. Its good to have people around pointing out weaknesses!

Quote
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:

    Reverse transactions that he sends while he's in control
    Prevent some or all transactions from gaining any confirmations
    Prevent some or all other generators from getting any generations

The attacker can't:

    Reverse other people's transactions
    Prevent transactions from being sent at all (they'll show as 0/unconfirmed)
    Change the number of coins generated per block
    Create coins out of thin air
    Send coins that never belonged to him

DΛRKCOIN -> is now -> DΛSH
----------
not DashCoin, not DarkDash, not anything. The Name has been / is changed the tech stays the same
TaoOfSaatoshi
Legendary
*
Offline Offline

Activity: 2156
Merit: 1014


Dash Nation Founder | CATV Host


View Profile WWW
December 01, 2014, 06:50:44 PM
Last edit: December 02, 2014, 12:04:41 AM by TaoOfSaatoshi
 #72131

VOTE FOR EVAN DUFFIELD IN COINSSOURCE'S PROOF OF HONOR VOTE!!!

Yes, it's time to show the world what the Darkness is about, once again!

I don't know of a developer who is more deserving...

https://twitter.com/darkcoinorg/status/539475273616732160

Twitter Voting Instructions:

https://www.rebelmouse.com/GetIntoTheDark/vote-evan-duffield-for-the-201-852705188.html

Please RT, bump when needed, and VOTE whenever you can! Details are in Tweet, or on my site.

GOOD LUCK, EVAN!

oblox
Legendary
*
Offline Offline

Activity: 1442
Merit: 1018


View Profile
December 01, 2014, 06:50:46 PM
 #72132

I think the selection of rounds needs to go. A full anon phase should be 8 rounds. Afterwards, if a person wants added anonymity, they can reanonymize their funds another 8. With there no longer being a fee per round, but rather random fees for usage, letting the user select anything less than 8 seems foolish.
thelonecrouton
Legendary
*
Offline Offline

Activity: 966
Merit: 1000


View Profile
December 01, 2014, 06:51:04 PM
 #72133


If I was strategy commander for Darkcoin (which I'm not by the way  Wink ), I'd create some kind of contingency whereupon the mining majority could somehow protect the masternode majority in some kind of symbiotic dependency.

i.e. to subvert the masternode population you'd have to subvert the mining population as well.

You have that utterly arse backwards.

90% of mining goes through 5 pools. And you would need at most 3 of them to control or destroy the coin.

Mining provides exactly fuck all security.

I doubt it.

I realise that it's fashionable right now to be maligning the idea of pools because of their "potential" to threaten the network. But the reality is that pools are still aggregations of decentralised mining power, Its subscribers are generally actors in good faith. You can't just "buy up" that kind of mining power.


You don't need to buy up that much mining power, all you have to do is compromise one or two servers. Which defeats the whole point of having all that mining power in the first place.

There is no such thing as an 'aggregation of decentralised mining power' - it's a fundamental contradiction in terms.
droptable
Sr. Member
****
Offline Offline

Activity: 363
Merit: 250


View Profile
December 01, 2014, 06:59:47 PM
 #72134

I think the selection of rounds needs to go. A full anon phase should be 8 rounds. Afterwards, if a person wants added anonymity, they can reanonymize their funds another 8. With there no longer being a fee per round, but rather random fees for usage, letting the user select anything less than 8 seems foolish.


have you seen my proposal?
https://darkcointalk.org/threads/darksend-security-bulletin.2963/#post-29041

i haven't heard back from someone smarter than me (or more into crypto-stuff).
someone willing to tackle my idea?

DΛRKCOIN -> is now -> DΛSH
----------
not DashCoin, not DarkDash, not anything. The Name has been / is changed the tech stays the same
semajjames
Hero Member
*****
Offline Offline

Activity: 528
Merit: 500


View Profile
December 01, 2014, 07:05:49 PM
Last edit: December 01, 2014, 07:39:20 PM by semajjames
 #72135


Risk Management 101 - Why Serious Investors won't touch DRK:


Serious Investor: "I've heard about these decentralised currencies, like Darkcoin, where no one person or group controls the currency, what do you think, pet Security Analyst?"

Security Analyst: /goes away for two minutes and finds this graph - https://chainz.cryptoid.info/drk/#!extraction

Security Analyst: "Actually boss they aren't decentralised at all."

Serious Investor: "What do you mean?"

Security Analyst: "Well in theory the security of the network is provided by many thousands of individuals and their mining machines, but in practice only 2 people and 2 machines need to be compromised to own, dictate the policy of, or destroy the coin."

Serious Investor: "But aren't there many thousands of miners?"

Security Analyst: "There are, but 1000000 miners all directing their efforts through 2 pools is from a security POV exactly the same as there being just 2 miners. Control those 2 pools, or the people that run them, and you effectively own the whole currency."

Serious Investor: "Well, I'll be taking my $millions elsewhere then, thanks."
This is a pessimistic assessment and assumes that the miners will not react in the coin's best interest when a genuine threat to the balance of power emerges. Prior incidents of over-concentrated hashing power with Bitcoin and more recently with Darkcoin (w/r/t suchpool) show that hashing power will move away from threats that could jeopardize the coin's value, and so the miners' interest in the coin security is obtained via coin value.
I know there is a push to make DRK p2pool only but there are less heavy handed methods we can try. For example, masternode operators could elect to donate a percentage of their earnings to p2pools so that p2pool payouts are more attractive than mining pools.      

Providing you use a node suitable for your location P2Pnode mining already is considerably more than profitable than pool mining, in general I think ppl are misinformed,naive or just plain lazy not to use them
defunctec
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
December 01, 2014, 07:46:46 PM
 #72136


If I was strategy commander for Darkcoin (which I'm not by the way  Wink ), I'd create some kind of contingency whereupon the mining majority could somehow protect the masternode majority in some kind of symbiotic dependency.

i.e. to subvert the masternode population you'd have to subvert the mining population as well.

You have that utterly arse backwards.

90% of mining goes through 5 pools. And you would need at most 3 of them to control or destroy the coin.

Mining provides exactly fuck all security.

I doubt it.

I realise that it's fashionable right now to be maligning the idea of pools because of their "potential" to threaten the network. But the reality is that pools are still aggregations of decentralised mining power, Its subscribers are generally actors in good faith. You can't just "buy up" that kind of mining power.

On the other hand, masternodes can be bought. I don't have enough technical understanding to know how much of a threat this poses to the network or even if it's a threat at all, but I've set up a masternode and could envisage how, overtime, a single player could monopolise the network.

Aggregated mining is not the same thing as "centralised" mining. Whereas if I bought up 50% of the masternodes that WOULD be centralised masternoding because I have control over all those masternodes myself - they can't "wander off" to another pool.



Buying 50% of the masternode network would cause huge price spikes, making it more profitable to own a masternode, bringing more investors into the game. The attacker would have to constantly buy darkcoins to combat new investors setting up masternodes.

I don't think having 50% of the masternode network will even be possible.
aigeezer
Legendary
*
Offline Offline

Activity: 1450
Merit: 1013


Cryptanalyst castrated by his government, 1952


View Profile
December 01, 2014, 07:55:30 PM
 #72137

I have found the last few pages of questions/answers/debate really useful. Please don't stop posting that kind of thing - it is very stimulating compared to the troll-wars here a while back.

Tactical suggestion: as questions and answers become predictable/routine/stale, put the best into a FAQ page conspicuously available from the OP. Refer people there as appropriate, but take any novel question very seriously - a lot may depend on getting the answer right, down to the finest detail.

Re the concern troll issue - my position is that motivations are unknowable so it is useful to take every question at face value. The better the answers, the better the coin.         Wink
defunctec
Legendary
*
Offline Offline

Activity: 1092
Merit: 1000



View Profile
December 01, 2014, 08:18:35 PM
 #72138



You can make it happen, support Evan and his project here -

https://bitcointalk.org/index.php?topic=855130.800

Copy and paste this

Evan Duffield - Darkcoin

https://bitcointalk.org/index.php?topic=855130.800
child_harold
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile
December 01, 2014, 08:35:24 PM
 #72139

This is unofficial, please do your own math, but it should give you a good idea:



thanks for this. the final values presented here reflect a chain of 8 MN's, correct?
but the default for DarkSend is set at 2 (or less than 8 anyway). is this also correct? obviously 8 is exponentially better than 2.

Please correct any mistakes. thanks.


yes,
probability first row with 2 rounds would be ~0.038^2
second row ~0.057^2 and so on..

if that is too risky for you, you can set it to 8 in preferences

I'd argue the min MN chain should be at least 4 long.

Assuming (with medium paranoia settings) that the "bad guy" has a handle on 10%-20% of MN's (100-250 nodes), then with a 2 MN chain length the above numbers predict between a 1%-4% chance of a de-anonymization. This is far too high IMO.

I have found the last few pages of questions/answers/debate really useful. Please don't stop posting that kind of thing - it is very stimulating compared to the troll-wars here a while back.

… in pursuit of anon Wink

oblox
Legendary
*
Offline Offline

Activity: 1442
Merit: 1018


View Profile
December 01, 2014, 08:38:23 PM
 #72140

I'd argue the min MN chain should be at least 4 long.

Assuming (with medium paranoia settings) that the "bad guy" has a handle on 10%-20% of MN's (100-250 nodes), then with a 2 MN chain length the above numbers predict between a 1%-4% chance of a de-anonymization. This is far too high IMO.

There should be no option to select rounds... it should be 8 minimum with those that want added mixing to go above that. With no fees per round, it makes sense not to have less anon'd coins (those in which the user chooses less than 8 rounds).
Pages: « 1 ... 3557 3558 3559 3560 3561 3562 3563 3564 3565 3566 3567 3568 3569 3570 3571 3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583 3584 3585 3586 3587 3588 3589 3590 3591 3592 3593 3594 3595 3596 3597 3598 3599 3600 3601 3602 3603 3604 3605 3606 [3607] 3608 3609 3610 3611 3612 3613 3614 3615 3616 3617 3618 3619 3620 3621 3622 3623 3624 3625 3626 3627 3628 3629 3630 3631 3632 3633 3634 3635 3636 3637 3638 3639 3640 3641 3642 3643 3644 3645 3646 3647 3648 3649 3650 3651 3652 3653 3654 3655 3656 3657 ... 7012 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!