[Poll] What anonymous coin will succed?

[othe]

Please add Cryptonote to your poll.  Ironically it's the only real anon coin yet it's not in the poll.

Actually I'd say that CN coins are more of a gimmick. They can't scale to real world usage. DRK can.

Anonymous payments in CN based coins are instant, in DRK not.

Wow DRK scales so good.

Actually, Darksend+ pre-anonymizes the coins in your wallet, so when you're going to send them, it's instantaneous. Sending doesn't need mixing anymore.

Darksend is compatible with mini-blockchain, so if it proves to be stable, Darkcoin can start using it. CN can't.

This is a big deal. It's the difference between a coin that stays a proof of concept versus one that can actually scale to mass usage. It doesn't matter how anonymous your coin is, if it can't scale, it'll be anonymous from no one knowing about it.

Premixing sounds horrible, lets say i own 1000 DRK; all of them get "premixed" ; now i buy something for 1000 DRK with my mixed coins - or i simply send them to an exchange, all inputs will get combined again and its clear that i am the owner of all of them.
If i send them through Darksend to the receiver, theres no way to cryptographically proof they are from me which is a total no-go for e-commerce; but is easily doable with CN.

To not mix inputs people would have to carefully use coincontrol and be very cautious... absolutely not suitable for the general user.
If darksend is not enforced, no normal people will use it and endanger everyone who wants to stay anonymous.

Regular people will use SPV/liteweight/zerotrust webwallets and enthusiats will run full nodes, it simply doesnt matter if if the blockchain is 50 or 100gb big in 5 years, thats nothing.
Old tx in cryptonote are getting reused, providing further anonymity. They have a good use, unlike in BTC and co where old tx are useless.

DRK needs 1000 DRK to run a "mixing" node; how do you expect to scale that, you are actively limiting the anonymity with such design decision, even worse you are creating a 2 class economy, same goes for the mining reward which is based on the Nethash, at some point capping the network security - even worse if 20% rewards will go to the masternodes.

If you talk about scaling, i guess you have VISA kind of scale in your mind, If you think that the masternode stuff will be scaleable to that i cant help you.


"It doesn't matter how anonymous your coin is, if it can't scale, it'll be anonymous from no one knowing about it. " - like TOR? which is used by millions and still slower then every direct internet connection?

[Brilliantrocket]

If you're referring to payment ID's , you should know they have been identified as a security risk, look through the Monero thread.  Blockchain size does matter, if no one runs nodes, your network becomes centralized and easier to attack.

Combining inputs only establishes that they belonged to one person, it does not establish where those funds originated. So no, it wouldn't unmask you. And once the funds were anonymized by the recipient's wallet, you couldn't tell where they went.

As far as coin control, the client will select anonymized funds automatically, there will be no risk of unmasking yourself through the inadvertent use of unmixed funds. Not sure why you think premixing is horrible, I've tried it on testnet and it's actually pretty awesome. Everything is being built with a general user in mind. It all happens automatically and seamlessly, no technical skill required.

Either way, it will be out later this week, you can try it out if you're so inclined (or if you're as excited as I am, head over to the testing thread https://darkcointalk.org/threads/rc4-testing.1830/page-89. Based on my experience, I think people will be pleased.

To your last point, if you can't scale properly, you'll simply lose out to those that can. Once people try to trace Darkcoin transactions and fail, it will become accepted as a standard. Good luck trying to explain your advantages a year or two after a standard has been established. First mover advantage is huge, and you guys aren't getting it Even if you do have advantages, they won't be game changing. I'll grant you that the CN solution is more elegant, but that's utterly meaningless because it all happens under the hood, and the vast majority of people don't care. People use what works, which as you'll find out shortly, is Darkcoin.

[fluffypony]

If you're referring to payment ID's , you should know they have been identified as a security risk, look through the Monero thread.  Blockchain size does matter, if no one runs nodes, your network becomes centralized and easier to attack.

How are payment IDs a risk? They tell you that a group of inputs from person(s) unknown and unknowable made a payment, or a series of payments, or simply paid money to themselves, and the whole group is identified by a 64 character hex string. Each of these outputs is signed by a different group of people who are also unknown and unknowable. It cannot be determined which signature for each output is the true one.

The second half of your sentence is equally nonsensical - is Bitcoin easy to attack with its 20gb blockchain?

To your last point, if you can't scale properly, you'll simply lose out to those that can. Once people try to trace Darkcoin transactions and fail, it will become accepted as a standard. Good luck trying to explain your advantages a year or two after a standard has been established. First mover advantage is huge, and you guys aren't getting it Even if you do have advantages, they won't be game changing. I'll grant you that the CN solution is more elegant, but that's utterly meaningless because it all happens under the hood, and the vast majority of people don't care. People use what works, which as you'll find out shortly, is Darkcoin.

Once the arrests start we'll have a different conversation. People thought Bitcoin provided "enough" anonymity till DPR got arrested. Although I don't suspect we'll get to that stage, as masternode operators will turn on each other and destroy each other to increase their profits. It is a great setup for mutually assured destruction.

[Brilliantrocket]

Once the arrests start we'll have a different conversation. People thought Bitcoin provided "enough" anonymity till DPR got arrested. Although I don't suspect we'll get to that stage, as masternode operators will turn on each other and destroy each other to increase their profits. It is a great setup for mutually assured destruction.

Bigger blockchain means that fewer people run nodes. Especially when the blockchain is an order of magnitude bigger.  I could be mistaken on the payment ID's, but I distinctly remember it being raised as an issue in the Monero thread, with consensus towards removing them. I'll do some digging later. Masternode operators turning on each other? That doesn't sound like a realistic problem, additionally if it were a problem, it would be self correcting by incentivizing more nodes. How would they turn on each other? DOS? March wants its problem back. Node hacking? Remember that you can't steal the coins held in a MN. ( Unless you're a moron and you don't use the clearly safer cold storage setup).

[Brilliantrocket]

Unless I have to register on the forums of DRK and ask there, I would like to get some input from Evan or some developer on this.

There are two things that concern me:

1. Outputs can still be linked to addresses. If you send 20 DRK and it sends all these other outputs along with it to obfuscate, the 20 DRK still ends up in someone's address. That this can be observed on the blockchain means that analysis is easy, and we all know how often people leak addresses associated with their wallet (eg. posting it up for giveaways etc. etc.) This is an immutable problem in any Bitcoin-forked cryptocurrency that exists, as the solution (stealth addresses computed w/random data) has to be enforced for every transaction from the genesis block. If you enforce it halfway through you're stuck with old outputs that don't use stealth addresses, which makes it exceedingly complex to ensure the anonymityset is not at-risk.

2. Masternodes are an Achilles' heel. Let us say that there are 10 000 masternodes on the network. Their IP addresses and the port they operate on is, by necessity, known to the network. Let's assume that an attacker controls 5 masternodes of the 10 000. Let's also assume that each of the masternodes on the network is on a dedicated server (none of them use a VPS, because a VPS could be trivially owned by the host operating system) and each of these servers is on a 1gbps unmetered, dedicated port (clearly not the case right now, but I'm talking about a future time). How hard would it be for an attacker to knock the other 9995 masternodes off the network, leaving theirs as the only accessible masternodes (and thus not only earning them all the fees, but giving them perfect insight into transactions moving within their controlled group)? Well, NTP amplification attacks have let attackers launch 400Gbps attacks against a single machine from a sole 2mbps connection. SNMP has a theoretical 650x amplification factor. All an attacker needs to do is max out the unmetered port in an obvious attack, and the datacenter will have to react. Even straight up LOIC-style / botnet SYN floods to the port that the masternode has open will lead to the the DC null-routing traffic to that box, typically for 6 hours whilst they wait for the attack to stop. Mitigating this is an extremely difficult and expensive operation for each masternode to individually undertake, and not all DCs will even be able to provide DDoS mitigation at this level. An unsophisticated attacker using extremely traditional tools can knock all of the masternodes off the network except those they control. This is a threat to anonymity.

Incidentally, the other problem with masternodes that nobody seems to have thought of is that the limited number of them will mean they're in direct competition with each other. It is in a masternode operator's financial interests to make life difficult for the rest of them - DDoS attacks, reporting the box to the datacenter, anything that can knock a single competitor off the masternode network means more fees for the remaining masternodes. This is different to PoW mining where, for instance, knocking the pools offline doesn't mean you'll get more transaction fees, as miners always have backup pools. I'm not sure how sustainable this is as a system if it unmistakably pitches operators against each other to fight for fees. Given the cost and capital required to own a masternode, it's appreciable that this will happen as a natural result of wanting to maximise masternode profits.

Anyone considering this FUD or something is an ignorant idiot. This is just objective input from another developer who obviously has high knowledge.

Very good questions. I'm excited that we're starting to see some higher level questions again.

1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.

2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.

As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.

Not sure if you saw that, as it addresses some of the same criticisms you just brought up.

[othe]

If you're referring to payment ID's , you should know they have been identified as a security risk, look through the Monero thread.

No i am not.
I am talking about as way to verify you´ve send anonymous payment A to address B.

In CN you make a new ring sig, using the same key image but different (random) data, thats only possible if you own the private key.
Then you can disclose the random number used to create the one time address.

Everone can check that the one time address i send money to can be created using the pubkey and intermediate random number.
Ideally you pack this into a payment protocol outside of the blockchain.



Tell me how todo this with Darkcoin using Darksend.

[dadon]

...XC

[illodin]

Premixing sounds horrible, lets say i own 1000 DRK; all of them get "premixed" ; now i buy something for 1000 DRK with my mixed coins - or i simply send them to an exchange, all inputs will get combined again and its clear that i am the owner of all of them.

It is clear to who? The receiver? Well obviously, if you want something in exchange for your coins lol.

If i send them through Darksend to the receiver, theres no way to cryptographically proof they are from me which is a total no-go for e-commerce; but is easily doable with CN.

Retailer will do what they always do, they create an address for you to deposit. You send coins to that address. Problem? And, you still hold the private keys to the addresses where the coins were sent from. If you need to sign a message with those keys it can be implemented?

To not mix inputs people would have to carefully use coincontrol and be very cautious... absolutely not suitable for the general user.
If darksend is not enforced, no normal people will use it and endanger everyone who wants to stay anonymous.

There is a combo box selection when sending, whether to send anonymous or non-anonymous funds. No need to use coin control. And, the new wallet design is under development, making it easier for people to use should be one of the focused areas, agreed.

Regular people will use SPV/liteweight/zerotrust webwallets and enthusiats will run full nodes, it simply doesnt matter if if the blockchain is 50 or 100gb big in 5 years, thats nothing.
Old tx in cryptonote are getting reused, providing further anonymity. They have a good use, unlike in BTC and co where old tx are useless.

I'm sure cryptonote will be good when it reaches the maturity that Bitcoin codebase offers, whether it's 1 or 5 years. But just like we've seen happening with Bitcoin, unless the newcomer is radically better than an established product, it can't take over.

DRK needs 1000 DRK to run a "mixing" node; how do you expect to scale that, you are actively limiting the anonymity with such design decision, even worse you are creating a 2 class economy, same goes for the mining reward which is based on the Nethash, at some point capping the network security - even worse if 20% rewards will go to the masternodes.

If you talk about scaling, i guess you have VISA kind of scale in your mind, If you think that the masternode stuff will be scaleable to that i cant help you.

Regarding "2 class economy" or rewards, dunno, I'm not an economist, and even if I was, this is something that hasn't been done before, so all talk is just subjective speculation imo.

Regarding scaling, sending doesn't use masternodes. Premixing does. So after your coins have been premixed, you can keep buying stuff from a lot of merchants for a long time until you need to premix again. And, it's not like the design is set in stone, the coin is only 6 months old, and the main dev has said that he will be developing full time at least for 2 more years.

[fluffypony]

Bigger blockchain means that fewer people run nodes. Especially when the blockchain is an order of magnitude bigger.  I could be mistaken on the payment ID's, but I distinctly remember it being raised as an issue in the Monero thread, with consensus towards removing them. I'll do some digging later. Masternode operators turning on each other? That doesn't sound like a realistic problem, additionally if it were a problem, it would be self correcting by incentivizing more nodes. How would they turn on each other? DOS? March wants its problem back. Node hacking? Remember that you can't steal the coins held in a MN. ( Unless you're a moron and you don't use the clearly safer cold storage setup).

Fewer people run Bitcoin nodes, and it seems to do just fine.

Payment IDs as a reduction in anonymity were raised in naiveté and rejected as a non-issue. The only thing it is is inconvenient as it is not serialised with the stealth address, it's certainly no threat to anonymity.

I'm not sure how you think that a DDoS SYN flood directed at the Darkcoin p2p port on a MasterNode will not lead to the datacenter nullrouting all traffic bound for that IP at their upstream provider's level? Do you even BGP? Seriously, I think you misunderstand what a DDoS attack is and does, and how datacenters react to them.

Memset Hosting has a good page on this, and they make it clear that during a DDoS attack they null route the server IP: "When an IP is null routed no data will arrive at Memset's network so we cannot tell when the attack has stopped. For this reason the IP is typically left null routed for a minimum of 24 hours." Similarly, there's a great comment on Hacker News that tells you how to destroy someone hosted at Hetzner. I'll quote: "If someone starts DDoS on your dedicated, after several minutes they just shut down your dedicated from network, and send you an email like "We disabled your network because you have DDoS attack on your server. Write us an email to reenable your network". And of course, several hours later I saw that email and tell them "Okay, please enable my network", but boom, I will have to wait Monday, because their support that can ACTIVATE network on a dedicated works only from Mondays to Fridays ... And then the person who attacked me sends me anonymous email like "lol, I bought 5$ packet at [some random booter/network stresser website], and I have put you offline for few days for only 15 minutes of DDoS, HAHAHAHA"". Masternodes can put each other out of commission for a whopping $5.

That notwithstanding, because X11 is significantly more processor intensive than SHA-256 when verifying blocks, masternodes are inherently open to slightly more sophisticated DDoS attacks that push bad blocks at the masternode, burning up CPU cycles so that it can't accept additional transactions or operate at all. These are not even particularly expensive attacks to mount against a masternode.

I fail to see how masternodes attacking each other will incentivise more nodes. They'll be fighting to keep each other offline, like wild dogs scrabbling over a few scraps of meat, but people won't be able to setup new masternodes because it will be cost prohibitive.

[fluffypony]

Not sure if you saw that, as it addresses some of the same criticisms you just brought up.

I saw it, it doesn't. It's layering on top of a fundamentally broken system. The solution is to drop the idea and opt for something that is cryptographically sound and not open to Sybil attacks.

[illodin]

I fail to see how masternodes attacking each other will incentivise more nodes. They'll be fighting to keep each other offline, like wild dogs scrabbling over a few scraps of meat, but people won't be able to setup new masternodes because it will be cost prohibitive.

I'm sure there will be people running dos attacks vs drk network, but I'm not so sure they will be fellow masternode owners. 

[degold]

DarkCoin or Cloakcoin

I do not think other coins are reliable like these 2.

[fluffypony]

I fail to see how masternodes attacking each other will incentivise more nodes. They'll be fighting to keep each other offline, like wild dogs scrabbling over a few scraps of meat, but people won't be able to setup new masternodes because it will be cost prohibitive.

I'm sure there will be people running dos attacks vs drk network, but I'm not so sure they will be fellow masternode owners. 

http://en.wikipedia.org/wiki/Prisoner's_dilemma

They can and they will, because it guarantees them more transactions to process and thus more fees.

[illodin]

http://en.wikipedia.org/wiki/Prisoner's_dilemma

They can and they will, because it guarantees them more transactions to process and thus more fees.

"In reality, humans display a systematic bias towards cooperative behavior in this and similar games, much more so than predicted by simple models of "rational" self-interested action."

[Ozziecoin]

I fail to see how masternodes attacking each other will incentivise more nodes. They'll be fighting to keep each other offline, like wild dogs scrabbling over a few scraps of meat, but people won't be able to setup new masternodes because it will be cost prohibitive.

I'm sure there will be people running dos attacks vs drk network, but I'm not so sure they will be fellow masternode owners. 

http://en.wikipedia.org/wiki/Prisoner's_dilemma

They can and they will, because it guarantees them more transactions to process and thus more fees.

Quit the imaginary FUD. So tiring.

[Brilliantrocket]

Not sure if you saw that, as it addresses some of the same criticisms you just brought up.

I saw it, it doesn't. It's layering on top of a fundamentally broken system. The solution is to drop the idea and opt for something that is cryptographically sound and not open to Sybil attacks.

Time will determine which system is broken and which is sound. As Anonymint said, if it works in spite of the "duct tape" , that's all that matters. Your solution may be more elegant, but outside of a small circle of programmers, no one cares. 99.9% of users will not appreciate anything outside of functionality and a nice GUI. Also you know damn well that Monero is not going to be immune to sybil attacks. You've had that discussion with Anonymint, do I need to fish it out? The general conclusion was that Darkcoin and CN are roughly equivalent in terms of attacks. Darkcoin's masternodes add an additional, but highly ineffective and impractical attack vector, yet Darkcoin can be pruned and CN cannot.

[fluffypony]

Not sure if you saw that, as it addresses some of the same criticisms you just brought up.

I saw it, it doesn't. It's layering on top of a fundamentally broken system. The solution is to drop the idea and opt for something that is cryptographically sound and not open to Sybil attacks.

Time will determine which system is broken and which is sound. As Anonymint said, if it works in spite of the "duct tape" , that's all that matters. Your solution may be more elegant, but outside of a small circle of programmers, no one cares. 99.9% of users will not appreciate anything outside of functionality and a nice GUI. Also you know damn well that Monero is not going to be immune to sybil attacks. You've had that discussion with Anonymint, do I need to fish it out? Darkcoin's masternodes add an additional, but highly ineffective and impractical attack vector, yet Darkcoin can be pruned and CN cannot.

LOL - please do - how on earth would you Sybil attack Monero??

As to the rest of your points, I can do nothing but chuckle at your naiveté.

[vertoe]

I've written a price ticker for the Sailfish mobile OS / Jolla smartphones. If you own such a device, check out the harbour for the drkJolla app.

I'm adding coins based on that poll, currently featuring:
- Darkcoin 138
- Cloakcoin 114
- XCurrency 98
- Monero 70

I might consider adding the following coins, too, if they can gain some momentum in the privacy-driven development:
- VootCoin 27
- Stealthcoin 24
- Vertcoin 21

[fluffypony]

"In reality, humans display a systematic bias towards cooperative behavior in this and similar games, much more so than predicted by simple models of "rational" self-interested action."

That doesn't apply in non-cooperative games (which is what masternodes create).

If you're really interested in the game theory that shows why this is a bad idea, you can start here: http://www.ewp.rpi.edu/hartford/~stoddj/BE/IntroGameT.htm

What you really want is Nash equilibrium, but that's when a system comes to rest, not before. In the case of masternodes, those with the fastest access to resources and the most devious minds would initiate a systemic collapse. This could occur after quite a period of equilibrium, as the bad actors wait for price appreciation in order to ensure the barrier to entry for competitors is obliterated. They would launch an attack on masternode after masternode, obliterating them from the network. Those good actors with fast access to resources will also react, but it would only take a short time before they reason that one or more of the remaining masternodes must be operating in bad faith, and the best way to deal with this is to launch an attack of their own. Once sufficient numbers of masternodes have shut down and dumped their coins due to the cost prohibitive nature of defending against these attacks, a very small group (I'd hazard less than 10) will be left with a Nash equilibrium, knowing that they survived each other's onslaughts and were unable to take each other down permanently.

[GoldenCrypto]

ICG INCOGNITOCOIN GUYS
NEW 5 % POS to hit Thursday and BitKey Implementation in the works.