[SDC] ShadowCash | Welcome to the UMBRA

[coins101]

Not sure what the bounty is, but if the devs confirm the bug then the bounty should be paid out.

You wouldn't be able to move on to zerocash with this hanging over you. The trusted set-up of zcash is already complicated.

I have been watching / waiting for zerocash to produce something for several years and it seems that their new go-live timing would suit the SDC market launch from Alpha to beta, to production. Good competition for OpenBazaar too.

This is what SWOT is all about. Weaknesses (TBC) can become strengths; threats can become opportunities.

[dEBRUYNE]

Not sure what the bounty is, but if the devs confirm the bug then the bounty should be paid out.

You wouldn't be able to move on to zerocash with this hanging over you. The trusted set-up of zcash is already complicated.

I have been watching / waiting for zerocash to produce something for several years and it seems that their new go-live timing would suit the SDC market launch from Alpha to beta, to production. Good competition for OpenBazaar too.

This is what SWOT is all about. Weaknesses (TBC) can become strengths; threats can become opportunities.

1500$.

[nond17]

Nevermind these monero trolls. Monero's too bloated to be useful...
The first recommendation on their website is to use a web wallet... LOL ...great anonymity.

Shadow Devs: Analyse the issue, fix it. Continue development.
Shadowcash has great momentum & great potential.
If you guys keep at it & deliver, people will use it.

No-one is going to download 20 gigs to use an anonymous coin. It's not practical or realistic.
If it wasn't for the poloniex deal, monero would be dead by now.

Keep at it devs, people need the shadow project.

[rutherford]

code: There has been some discussion about the bounty, because of how it was made public without giving us a chance to check if it was true or not. The docs state which actions to undertake and who to contact to be eligible for a bounty. The first rule of ethical disclosure is to minimalize damage, which has not been done. The article, for which they made a new blog, was released right before the weekend in attempt to do maximalize damage. Later on someone noticed they could be able to get a bounty of it, so they applied for that too. In my opinion, I respect Shen for finding the bug, reporting it and therefore he deserves some bounty. But he was never out to get bounties, he was out to wreck havoc, and I don't like that part and that doesn't deserve a bounty.

[AlexGR]

code: There has been some discussion about the bounty, because of how it was made public without giving us a chance to check if it was true or not. The docs state which actions to undertake and who to contact to be eligible for a bounty. The first rule of ethical disclosure is to minimalize damage, which has not been done. The article, for which they made a new blog, was released right before the weekend in attempt to do maximalize damage. Later on someone noticed they could be able to get a bounty of it, so they applied for that too. In my opinion, I respect Shen for finding the bug, reporting it and therefore he deserves some bounty. But he was never out to get bounties, he was out to wreck havoc, and I don't like that part and that doesn't deserve a bounty.

If someone wanted to wreck havoc*, wouldn't it be better to just make a list of all the unmasked transactions and upload it somewhere, saying "SDC deanonymized", without even leaving a clue as to how it was done - with the vulnerabilities speculation in the air being more corrosive than the known-bug situation as it is right now?

* Not that the monero people aren't enjoying this, sure they do.

[rutherford]

code: That would indeed be the worst case scenario. I've already stated that for the disclosure on itself there are grounds for a bounty. To put it simple, in every procedure there are material requirements (eg. a bug) and formal requirements (eg how you report it). The formal requirements are just as important as the material ones and weren't fully met.

[coins101]

code: There has been some discussion about the bounty, because of how it was made public without giving us a chance to check if it was true or not. The docs state which actions to undertake and who to contact to be eligible for a bounty. The first rule of ethical disclosure is to minimalize damage, which has not been done. The article, for which they made a new blog, was released right before the weekend in attempt to do maximalize damage. Later on someone noticed they could be able to get a bounty of it, so they applied for that too. In my opinion, I respect Shen for finding the bug, reporting it and therefore he deserves some bounty. But he was never out to get bounties, he was out to wreck havoc, and I don't like that part and that doesn't deserve a bounty.

For day job, I have worked with very highly skilled and professional pen testers. Top of their profession level of skills.

Pen testers all disclose bugs privately and most of them then publish their findings publicly about 6 months later. This gives the vendor / software provider time to fix any bugs; and gives users / customers disclosure on anything they may wish to investigate.

I don't know anything about the SDC bounty requirements.

[smooth]

code: There has been some discussion about the bounty, because of how it was made public without giving us a chance to check if it was true or not. The docs state which actions to undertake and who to contact to be eligible for a bounty. The first rule of ethical disclosure is to minimalize damage, which has not been done. The article, for which they made a new blog, was released right before the weekend in attempt to do maximalize damage. Later on someone noticed they could be able to get a bounty of it, so they applied for that too. In my opinion, I respect Shen for finding the bug, reporting it and therefore he deserves some bounty. But he was never out to get bounties, he was out to wreck havoc, and I don't like that part and that doesn't deserve a bounty.

First of all you don't know his incentives. I would submit to you that his incentives as a mathematician are to publish (what he sees as) interesting math stuff, including identifying math errors in cryptocurrencies.

As far as "the first rule of ethical disclosure is to minimalize damage" what you do not seem to understand in this instance is that there is no way to further minimize the damage, aside from informing users as quickly as possible so they stop using the broken code (and take whatever measures are possible to mitigate the damage that might exist from thinking their transactions were untraceable when they in fact were not). The damage is already done and is already on the blockchain, out there forever.

This is not a case of an "exploit" that can be reported privately to developers to fix it before anyone can use it. The blockchain is there and can't be fixed.

If you guys want to weasel out of a bounty on the basis of the mechanism of reporting, then do what you're gonna do. You'll be known as the scam devs who didn't pay out on a bounty after someone fully deanonymized their chain instead of just the coin that had its chain deanonymized due to a math error. Pick your poison.

[SebSebastian]

-- snip --

-It is you The Team who have wholesale copied technologies like Bitmessage and Cryptonote and produced plagiaristic whitepapers whithout proper attribution.
-It is you The Team who failed to deliver on the peer review paid for by this community over a year ago.
-It is you The Team who reduced the total supply without consensus and continued thereafter to make decisions without community consensus.

So please, do not speak of ethics.

I appreciate the more constructive tone of your posts now Child_Harold, but your frustration over the way the peer review was handled is causing you to wrongly attribute things to maliciousness or bad faith. The below is just my personal response to some of your points and the current situation. I don't presume to speak for the team or anyone else here.


SHADOWCHAT

Unfortunately I don't have the technical know-how to speak authoritatively on this, but from my understanding the code is substantially different from Bitmessage's because there was no C++ implementation of it. It wasn't converted from Java/Python, but written from scratch based on an overview of their system.

Part of the problem with Ryno withdrawing from public forums such as Bitcointalk (a decision I can understand) is that these debates have predominantly been conducted on a superficial level, with the focus on hastily put together marketing materials such as the whitepaper rather than on analysis of the code itself. But if the intention was to hide the fact that ShadowChat drew upon Bitmessage's system it wouldn't have been referenced in the whitepaper or, more importantly, unambiguously in the code comments. Cries of "plagiarism" are nonsensical.


TECNOVERT

Tecnovert is real but isn't actively contributing to development at present.


ZEUNER REVIEW

From what I know of the situation, with each fresh request for further documentation the suspicion grew that Isidor Zeuner simply wasn't properly qualified to carry out the kind of peer review Shadow required. Had he been, we surely would have known about this issue sooner. There was real clamour for some kind of review at the time, presumably because some hoped that it would remedy what was seen as the market's lukewarm response to the ShadowSend v2 release. However, you're re-writing history by suggesting he was hired to carry out the review. Zeuner was suggested and afterwards there was a donation drive to raise 5 BTC as a token of gratitude. Obviously in hindsight he should have been properly vetted first and the BTC shouldn't have been transferred to him until it was reasonably certain that he'd deliver. But like I said, there was a real clamour for some kind of review to be done. I think it could have been dealt with better - it seems that for some time it was believed the review could be salvaged but too much of the discussion was held behind closed doors. Had it all been conducted publicly it would have saved a lot of trouble and wouldn't have left room for baseless conspiracies to take root.


As an aside, it's pretty sad seeing the way some people (on both sides of the fence) have reacted to the current situation. I can't imagine anywhere else in the open source world where people from different projects would take so much satisfaction in, and would be so keen to gloat about, a vulnerability being found in another project's code. This behaviour seems to be considered reasonable because it's so common here, but in most other situations it'd be considered completely beyond the pale. At best they look like children. At worst like troops of warring monkeys. There's probably a pretty interesting sociological/zoological study there for anyone with the stomach to sift through the crapflood of invective. The project's goal is to allow people to transact online privately because we believe they have a right to do so. It's hard to reconcile other purported advocates of a right to privacy taking such sadistic pleasure in a bug being found.


Anyway, several good things have come out of this. Firstly, the conversation is now actually about the code. Obviously it's regrettable that there's a vulnerability, but this is exactly how open source software is supposed to work. A vulnerability was found, it was reported and it will be fixed. Shadow is no more irreparably damaged by this than Bitcoin was by the bug that allowed someone to create several billion BTC in a single transaction. It's experimental software and once fixed, the SDC codebase will be strengthened and will hopefully receive further scrutiny.

While we await a full formal response to it, I'd like to thank Shen for his contribution (regardless of how it was reported). Perhaps since he's likely to be receiving a significant amount of Shadow he'd consider contributing to the project in other ways going forward given that our aims our pretty well-aligned.

[rutherford]

code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true. Something which we had to assume until proven because the formal requirements of reporting had not been fulfilled and we were caught off the hook by a bug. That's why they are in place, and lots of bug bounty programs have this mechanism in place to push people to report and investigate privately. I deduce his intentions based on the fact that he chose to ignore the formal requirement. We don't weasel out of shit, I speak for myself and I'm not in charge of the bounties.

I have given my research to sdcdev, I too figured out it was vulnerable after investigating the code. We started work on fixing this bug as soon as possible.

[smooth]

code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true.

There is no way to minimize the "financial damage" by reporting it privately, except to allow insiders to trade ahead of everyone else. Brilliant idea.

If the report were untrue, that would be a different matter. It certainly was true. If anything, more financial damage was caused by the false "Deanonymized? Nope" statement put out by the Shadowcash team about the report being incorrect and that it couldn't be reproduced after 10 hours of work by your core developers. That may have misled people into making trades on the basis of a false statement (yours). That's what I call financial damage.

Maybe you guys should have worked on it privately instead of making a statement to (falsely) calm the market when you didn't know what you were talking about.

[QuantumQrack]

code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true. Something which we had to assume until proven because the formal requirements of reporting had not been fulfilled and we were caught off the hook by a bug. That's why they are in place, and lots of bug bounty programs have this mechanism in place to push people to report and investigate privately. I deduce his intentions based on the fact that he chose to ignore the formal requirement. We don't weasel out of shit, I speak for myself and I'm not in charge of the bounties.

I have given my research to sdcdev, I too figured out it was vulnerable after investigating the code. We started work on fixing this bug as soon as possible.

Who is in charge of these decisions/bounties? 

[smooth]

TECNOVERT

Tecnovert is real but isn't actively contributing to development at present.

So, you don't, at present, have any cryptographer at all? Does this seem like it might be a problem?

[tempus]

code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true.

There is no way to minimize the "financial damage" by reporting it privately, except to allow insiders to trade ahead of everyone else. Brilliant idea.

If the report were untrue, that would be a different matter. It certainly was true. If anything, more financial damage was caused by the false "Deanonymized? Nope" statement put out by the Shadowcash team about the report being incorrect and that it couldn't be reproduced after 10 hours of work by your core developers. That may have misled people into making trades on the basis of a false statement (yours). That's what I call financial damage.

Maybe you guys should have worked on it privately instead of making a statement to (falsely) calm the market when you didn't know what you were talking about.

Very true. Just the idea of reporting it privately is stupid.

[SebSebastian]

TECNOVERT

Tecnovert is real but isn't actively contributing to development at present.

So, you don't, at present, have any cryptographer at all? Does this seem like it might be a problem?

Glad that from everything I wrote you were able to find something else to use as ammunition smooth. You're nothing if not efficient. The project is open source and community-driven so if you, or better yet - someone actually qualified would like to join us and help in that department they'd be made most welcome.

[coins101]

So I'm going to be a broken record on this issue. I'll repeat it a few more times, probably, until it sinks in or someone from the dev team tells me to piss off. Feel free to use those words.

People are actively working on quantum computer chips. As far as I can tell, only zerocash users have some level of comfort that they won't be affected.    Users may have to do a little more work to protect themselves, but they would be the only crypto users that would sleep relatively well at night.

On the flip side. Where quantum chips are put into production, other mathematically protected mixing currencies would have a problem.

The obvious responses are - zerocash is vaporware; it has an issue with trusted set-up; etc. In addition, the usual response is quantum chips don't exist and if they do they will take years to develop.

These are valid responses, but they are just temporary issues.  I don't think this is controversial:


https://moneroeconomy.com/faq/can-cryptography-behind-monero-be-broken


If SDC users thus far are at risk, imagine the damage that would be done in 3, 5, 10, 15 years time. As has been previously noted, historical transactions are the issue. With quantum chips, this is an issue for other anon coins.  Telling people to use alternatives is one thing, but it needs to be done with a health warning.

In my personal view, mainly because of the brains / team behind zerocash's technical development (which I would distinguish from the zcash implementation), Zerocash is the better longer-term route for SDC.

The market is the main use case, the decision on which token is used has to be: the best option over the longer-term.

Get a road map to switch to zerocash that ties with the end of Alpha testing and start of beta and SDC will have dodged a future bullet. Something Bitcoin users and some other anon coins can't.

I'm not losing any sleep over SDC, but I would be keen to follow the project, from a technical point of view, if it tries to implement zerocash.

[smooth]

So I'm going to be a broken record on this issue. I'll repeat it a few more times, probably, until it sinks in or someone from the dev team tells me to piss off. Feel free to use those words.

People are actively working on quantum computer chips. As far as I can tell, only zerocash users have some level of comfort that they won't be affected.

Zerocash is not quantum safe by any means. If that is your concern, do not go there.

(Nor are any of these other coins, so please don't take this as FUD or pumping of anything.)

Quantum-safe cryptographic methods are a current area of research. Zerocash may or may not be desirable for other reasons. Quantum computers are not one of them.

[SativaL.]

I got a question to you smooth, will monero provide an marketplace for its users 

[coins101]

So I'm going to be a broken record on this issue. I'll repeat it a few more times, probably, until it sinks in or someone from the dev team tells me to piss off. Feel free to use those words.

People are actively working on quantum computer chips. As far as I can tell, only zerocash users have some level of comfort that they won't be affected.

Zerocash is not quantum safe by any means. If that is your concern, do not go there.

(Nor are any of these other coins, so please don't take this as FUD or pumping of anything.)

Quantum-safe cryptographic methods are a current area of research. Zerocash may or may not be desirable for other reasons. Quantum computers are not one of them.

I would be interested to debate this, but, on my part, it would be based on personal opinions and not backed by scientific facts. So for now, I'll defer to the zerocash peer reviewed paper that tackles quantum computing resistance. They seem to indicate that zerocash users would be able to dodge quantum chips going through their blockchain and unmixing / clear texting transactions:



http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf

[smooth]

I wasn't familiar with what they said about the proposed modification so I can't comment on it further. Sounds interesting.