[SDC] ShadowCash | Welcome to the UMBRA

[erok]

^^ Shadow's #1 fan!

6 posts ever made and all in this thread!

I love SHADOW! It's the best!

Shadow is the best!

[smooth]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

[erok]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

[smooth]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

Dude:

signer is index 3

Do you know what that means?

Shen has a file with every single ring signature from the chain broken. Anyone can reproduce using the code from his blog.

EDIT: https://raw.githubusercontent.com/ShenNoether/Deanon/master/sdcDeAnon.txt

[erok]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

[smooth]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.

[erok]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.

Community issued the denial (namely me) because you are a troll and legitimate bugs are not exactly you or your teams history. Trolling is. Hats off to Shen but the trolling and PR was bullshit and you know it. Again, good to know before the market release so that it can be addressed.

[smooth]

Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3

More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.

Community issued the denial (namely me) because you are a troll and legitimate bugs are not exactly you or your teams history. Trolling is. Hats off to Shen but the trolling and PR was bullshit and you know it. Again, good to know before the market release so that it can be addressed.

You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so. I don't know which.

[RyanOlstren]

You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.

This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.

[erok]

You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.

This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.

LOL talks about credibility while posting on a troll account! Worst case scenario we switch back to the ring sig from before.

[smooth]

You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.

This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.

LOL talks about credibility while posting on a troll account! Worst case scenario we switch back to the ring sig from before.

I'm not positive but I think both ring sig versions have the flaw.

The code can be fixed, going forward. Incompetence is harder to fix.

[erok]

You issued this:

No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

[smooth]

You issued this:

No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.

[QuantumQrack]

So, their whole blockchain is now useless from a privacy perspective right?

[smooth]

So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.

[Wheatclove]

You issued this:

No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.

Still don't like to overall tone of this criticisms throughout the thread.

But I do have a question for you. I don't have time to sort through all the insults being thrown around by everyone as I'm doing homework.

What exactly does this exploit reveal in a single ring signature transaction? My limited understanding is that reveals which signature belongs to the original initiator of a ring signature. Can any other information be deduced from that signature?

[RyanOlstren]

So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.

You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

[erok]

So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.

You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

SDT is still functional and SDC ring sig math was fundamentally flawed. I suspect that came from the size changes that were made to increase performance in 2014 which Smooth referenced in December as change he hadn't noticed in the code which I thought at the time was a significant improvement to ring. Just turns out maybe it wasn't or is just buggy. I don't know.

[smooth]

You issued this:

No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.

Still don't like to overall tone of this criticisms throughout the thread.

But I do have a question for you. I don't have time to sort through all the insults being thrown around by everyone as I'm doing homework.

What exactly does this exploit reveal in a single ring signature transaction?

A ring signature has multiple possible signers. The idea is that it is suppose to not be possible to tell which previous transaction's output is being spent.

As an example, say some unpopular military attack has to be ordered, but nobody wants to go down in history as the one who ordered it.  If 10 leaders have private keys, one of them could sign the order and you wouldn't know who did it.

In the case of the broken ring signatures in Shadow, you can always tell which leader gave the order (which transaction's output is being spent).

[RyanOlstren]

So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.

You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

No it doesn't. SDT is still functional and SDC ring sig math was fundamentally flawed. I suspect that came from the size changes that were made to increase performance in 2014 which Smooth referenced in December as change he hadn't noticed in the code which I thought at the time was a significant improvement to ring. Just turns out maybe it wasn't or is just buggy. I don't know.

You are in denial. They produced a list of every ring signature of SDC deanonymized.