|
child_harold
|
 |
December 26, 2014, 10:38:39 AM |
|
Consider that you take 53,17 SDC, convert it to shadow, send it to someone (for example to pay for a private purchase), and soon thereafter he converts it back to 53.17 SDC. During which time there hasn't been a whole lot of activity (certainly no other transactions in that same amount or close to it). Is this really fooling anyone?
(I have pointed out similar issues with the suggestion that Bitcoin add anonymity using a cryptonote-based sidechain.)
Thank you smooth. Most gracious of you to come in here and discuss the tech. I'd like to focus on this part of your reply. It seems like an obvious weakness which the devs must have considered. Certainly even my non-tec brain could savvy ways to obfuscate the the coin state change. The user could determine the time/amount of conversion or this could occur ina randomised way or perhaps it never need happen at all?! Hopefully a Team member or Ryno could address this more technical aspect of SSv2? Thanks again smooth! Most good of you to rejoin the convo.  |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
child_harold
|
|
December 26, 2014, 10:50:32 AM |
|
^FOLLOW-UP question:
1. if the user has a pool of shadow (which are invisible on the blockchain, yes?)
2. some of the pooled shadow are sent to a newly generated recipient stealth address,
3. when/if they are converted back to SDC by the recipient stealth address they would be completely anonymous?
|
|
|
|
|
deliveryman
|
|
December 26, 2014, 10:53:37 AM |
|
Can someone explain what happens if we remove convert button and use shadow to shadow only. Isnt that alot simpler?
|
|
|
|
|
|
child_harold
|
|
December 26, 2014, 10:58:56 AM |
|
Can someone explain what happens if we remove convert button and use shadow to shadow only. Isnt that alot simpler?
Perhaps. And maybe better for anonymity? However having these extra options mean we can send to a merchant that does not use a stealth address either a) with a classic SDC>SDC tx or b) a more anonymous Shadow>SDC tx TBH Im not sure what extra anon using b) adds but Im sure somebody else will fill us in. Certainly the anon is the priority and maybe everybody should use only Shadow addys? |
|
|
|
smooth
Legendary
 Offline
Activity: 2968
Merit: 1198
|
|
December 26, 2014, 11:03:19 AM |
|
^FOLLOW-UP question:
1. if the user has a pool of shadow (which are invisible on the blockchain, yes?)
2. some of the pooled shadow are sent to a newly generated recipient stealth address,
3. when/if they are converted back to SDC by the recipient stealth address they would be completely anonymous?
"Competely anonymous" is not really a well defined term, especially when considering indirect inferences from timing factors and such. Clearly the more you (and everyone else) use shadow (and using higher mix factors when you do) the less information you are leaking to potential blockchain analysis. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. |
|
|
|
|
|
Alty
|
|
December 26, 2014, 11:04:34 AM |
|
Consider that you take 53,17 SDC, convert it to shadow, send it to someone (for example to pay for a private purchase), and soon thereafter he converts it back to 53.17 SDC. During which time there hasn't been a whole lot of activity (certainly no other transactions in that same amount or close to it). Is this really fooling anyone?
Thank you smooth. Most gracious of you to come in here and discuss the tech. I'd like to focus on this part of your reply. It seems like an obvious weakness which the devs must have considered. Certainly even my non-tec brain could savvy ways to obfuscate the the coin state change. The user could determine the time/amount of conversion or this could occur ina randomised way or perhaps it never need happen at all?! An obvious solution that exists right now to this "statistical analysis" theory of matching inputs to outputs would be to simply hold a certain amount of Shadow Token in advance and moreover a different amount than that being sent for the anon transaction (that somebody may wish to track). By waiting before sending after conversion you are therefore increasing the time and activity between the conversions which would be fooling enough by most standards. |
|
|
|
|
|
child_harold
|
|
December 26, 2014, 11:16:31 AM |
|
^FOLLOW-UP question:
1. if the user has a pool of shadow (which are invisible on the blockchain, yes?)
2. some of the pooled shadow are sent to a newly generated recipient stealth address,
3. when/if they are converted back to SDC by the recipient stealth address they would be completely anonymous?
"Competely anonymous" is not really a well defined term, especially when considering indirect inferences from timing factors and such. Clearly the more you (and everyone else) use shadow (and using higher mix factors when you do) the less information you are leaking to potential blockchain analysis. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. Are shadow tokens invisible on the blockchain/richlist? Getting everybody to accept shadow seems possible, partuclarly since that would actually take advantage of this coins features. The notion of pooling Shadow and spending only small amounts of the pooled shadow tokens in ur wallet seems it would obfuscate blockchain analysis. But I wondering again, are the Shadow tokens visible on the blcochain? If everybody held Shadow tokens and not SDC the richlist would show only newly minted SDC? How much does the SDC minting compromise anon if at all. If so is there a solution? |
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
December 26, 2014, 11:19:57 AM |
|
^FOLLOW-UP question:
1. if the user has a pool of shadow (which are invisible on the blockchain, yes?)
2. some of the pooled shadow are sent to a newly generated recipient stealth address,
3. when/if they are converted back to SDC by the recipient stealth address they would be completely anonymous?
"Competely anonymous" is not really a well defined term, especially when considering indirect inferences from timing factors and such. Clearly the more you (and everyone else) use shadow (and using higher mix factors when you do) the less information you are leaking to potential blockchain analysis. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. Are shadow tokens invisible on the blockchain/richlist? Getting everybody to accept shadow seems possible, partuclarly since that would actually take advantage of this coins features. They are not linkable and spending isn't provable, so there is generally no way to create a meaningful richest. The concept of an address "balance" isn't meaningful the way it is with a bitcoin-style coin. Given that shadow uses the well-regarded cryptonote techniques and SDC uses bitcoin-style coins which are well known to be vulnerable to a lot of analysis/tracing, it is pretty obvious that more you use the former and the less you use the latter, the more actual anonymity will be achieved. You can't stake shadow though. I'm not sure if that's something that matters a lot to folks here. The Louisd’or project has recently developed a PoS method that works with cryptonote and could probably be adapted here, so longer term that might be possible. |
|
|
|
|
|
David Latapie
|
|
December 26, 2014, 11:42:18 AM |
|
3. My understanding is that XMR does not use a blockchain db. Working out your db structure I bleieve is why you're still developing the gui wallet. In any case what are the implications (pros/cons) re the differing db structures This is a consequence of the unfinished Bytecoin code that we inherited, not a design decision. We are actively working on a DB (LMDB, to be accurate) test-drive instructions. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. And then it is my understanding that you would face the same issue as Monero: no (scalable) B2B infrastructure for CryptoNote exists yet (the official GUI wallet will take care of this, FAQ entry). |
|
|
|
|
child_harold
|
|
December 26, 2014, 11:49:55 AM
Last edit: December 26, 2014, 08:39:51 PM by child_harold |
|
^FOLLOW-UP question:
1. if the user has a pool of shadow (which are invisible on the blockchain, yes?)
2. some of the pooled shadow are sent to a newly generated recipient stealth address,
3. when/if they are converted back to SDC by the recipient stealth address they would be completely anonymous?
"Competely anonymous" is not really a well defined term, especially when considering indirect inferences from timing factors and such. Clearly the more you (and everyone else) use shadow (and using higher mix factors when you do) the less information you are leaking to potential blockchain analysis. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. Are shadow tokens invisible on the blockchain/richlist? Getting everybody to accept shadow seems possible, partuclarly since that would actually take advantage of this coins features. They are not linkable and spending isn't provable, so there is generally no way to create a meaningful richest. The concept of an address "balance" isn't meaningful the way it is with a bitcoin-style coin. Given that shadow uses the well-regarded cryptonote techniques and SDC uses bitcoin-style coins which are well known to be vulnerable to a lot of analysis/tracing, it is pretty obvious that more you use the former and the less you use the latter, the more actual anonymity will be achieved. You can't stake shadow though. I'm not sure if that's something that matters a lot to folks here. The Louisd’or project has recently developed a PoS method that works with cryptonote and could probably be adapted here, so longer term that might be possible. Thanks again! 1. The Louisd’or project sounds it might be really amazing if it provides cryptonote PoS2. Regarding Shadow being invisible on the blockchain I was curious about the XMR explorer. What does it explore? So one might say that SDC is like XMR(Cryptonote) on top of a BTC style blockchain . It takes strengths, and in some cases inherits problems, from both systems. I would like to know in greater detail and diffs between SDC and XMR? Idea: Having an exchange accepting and sending Shadow would be a big deal. |
|
|
|
|
child_harold
|
|
December 26, 2014, 11:52:55 AM |
|
3. My understanding is that XMR does not use a blockchain db. Working out your db structure I bleieve is why you're still developing the gui wallet. In any case what are the implications (pros/cons) re the differing db structures This is a consequence of the unfinished Bytecoin code that we inherited, not a design decision. We are actively working on a DB (LMDB, to be accurate) test-drive instructions. The scenario you describe is clearly better than frequent conversions back and forth, but not as good as everything being done with shadow exclusively. In order for that to happen every merchant, exchange, etc. needs to support it directly, and you also need to be willing to except the higher inherent costs of transactions. And then it is my understanding that you would face the same issue as Monero: no (scalable) B2B infrastructure for CryptoNote exists yet. Thanks for commenting: "And then it is my understanding that you would face the same issue as Monero: no (scalable) B2B infrastructure for CryptoNote exists yet."Would you please mind elaborating or explaining in simpler terms what a B2B infrastructure is? Thanks |
|
|
|
|
Alty
|
|
December 26, 2014, 12:48:29 PM
Last edit: December 26, 2014, 01:51:21 PM by Alty |
|
IDEA:
Moving all into Shadows seems the way to go.
Wouldn't that effectively make us a cryptonote coin? I think having the best of both worlds (which we have right now) is ideal. |
|
|
|
|
|
child_harold
|
|
December 26, 2014, 02:42:35 PM
Last edit: December 26, 2014, 08:34:06 PM by child_harold |
|
IDEA:
Moving all into Shadows seems the way to go.
Wouldn't that effectively make us a cryptonote coin? I think having the best of both worlds (which we have right now) is ideal. You might have a point. As smooth made clear one of the great strengths of the ShadowCash anon solution as it stands now is its ability to use the existing BTC merchant infrastructure whilst adding the ability to send anon ZK transactions. If one considers the Yin-Yang Chinese symbol we can consider its metaphor to ShadowCash. On the one hand we have the transparent BTC tx's (light) and on the other the anonymous tx's (dark). The ZK anon layer is atop the proven well-tested and solid btc underbelly. This adds confidence in the integrity of the network.  The Shadow tokens that exist in ShadowCash flout the surveillance of the BTC blockchain and exist only as shadowy ghosts within the Shadowverse. They may rest as shadows indefinitely or magically reappear at the behest of the user back into the light. The more one considers this the more magical it becomes. But just as each half of the Yin-Yang has a spot of its opposite colour we must be wary that the SDC side does not compromise the anon of the ZK side. As such we must be sensitive and mitigate any data seepage. It seems feasible that obfuscating links between SDC and Shadow is do-able as we encourage more merchants to accept Shadow so our coins need never see the light of day. Presumably as more coins become Shadow they will literally disappear from the blockchain, some will never return to its purview. |
|
|
|
|
Pline
|
|
December 26, 2014, 03:43:04 PM |
|
Deposits and withdrawals at crypts are now fixed. We had an issue with an extremely slow daemon due to a misconfiguration which is now resolved. We apologize for the extended downtime
Hopefully trade volume will increase on SDC at Cryptsy now. I noticed Monero is not on Cryptsy yet, and it was the most requested alt-coin on the coin votes. Probably because its much harder to implement XMR. I wonder if Cryptsy implements XMR, then they will maybe have the API's for cryptonote coins meaning they could accept Shadow deposits along side of SDC deposits. I was thinking of the possibility of Shadow trading on its own currency pair, but I guess that may be confusing to newbs, and may fracture the market and reduce liquidity on the coin as well. But how about it Mullick? Any chance to accept Shadow deposits alongside SDC deposits in the future, or offer Shadow withdrawals as well? I guess not any time soon because its low priority. |
|
|
|
|
|
child_harold
|
|
December 26, 2014, 04:02:31 PM
Last edit: December 26, 2014, 04:29:59 PM by child_harold |
|
Deposits and withdrawals at crypts are now fixed. We had an issue with an extremely slow daemon due to a misconfiguration which is now resolved. We apologize for the extended downtime
Hopefully trade volume will increase on SDC at Cryptsy now. I noticed Monero is not on Cryptsy yet, and it was the most requested alt-coin on the coin votes. Probably because its much harder to implement XMR. I wonder if Cryptsy implements XMR, then they will maybe have the API's for cryptonote coins meaning they could accept Shadow deposits along side of SDC deposits. I was thinking of the possibility of Shadow trading on its own currency pair, but I guess that may be confusing to newbs, and may fracture the market and reduce liquidity on the coin as well. But how about it Mullick? Any chance to accept Shadow deposits alongside SDC deposits in the future, or offer Shadow withdrawals as well? I guess not any time soon because its low priority. If I have figured things correctly then the ONLY thing an exchnage will need to do to deal in Shadow is generate a stealth address using the new wallet. Thats it. No new DB's. No new protocols. We just hook in. The decision to keep Shadow or convert to SDC is up to the merchant/exchange/gambling site etc. I'm sure we'd prefer them to be kept as Shadow. I don't see a need to convert back into SDC. The acceptance of stealth addys int the BTC merchant world already exists meaning that unlike XMR, Shadow is ready for use NOW with almost zero changes required by exchanges/merchants. It is ready for prime time. Correct me if I'm wrong on any points here. Thanks. |
|
|
|
|
child_harold
|
|
December 26, 2014, 04:37:45 PM |
|
So here's a way of keeping things anon in the Shadowverse. Correct me on any points.
1. Franklin has 8,000 SDC
2. Franklin creates a stealth address in his wallet and backs up his wallet again because he created a new addy.
3. Franklin sends 6,666SDC to his stealth addy. Now they are Shadow and have disappeared from the blockchain.
4. When Franklin goes shopping he simply spends some of his stash of 6,666 Shadow to pay for things from merchants who offer stealth addys too.
Done. Perfect anon?
|
|
|
|
MoonDusk
Member
Offline
Activity: 89
Merit: 10
|
|
December 26, 2014, 05:01:44 PM |
|
So here's a way of keeping things anon in the Shadowverse. Correct me on any points.
1. Franklin has 8,000 SDC
2. Franklin creates a stealth address in his wallet and backs up his wallet again because he created a new addy.
3. Franklin sends 6,666SDC to his stealth addy. Now they are Shadow and have disappeared from the blockchain.
4. When Franklin goes shopping he simply spends some of his stash of 6,666 Shadow to pay for things from merchants who offer stealth addys too.
Done. Perfect anon?
Correct me if i'm wrong guys, this is my understanding of the zk system. 3. Franklin sends 6,666SDC to his stealth addy with the 'SDC - Shadow' option. Now they are Shadow and have disappeared been destroyed from the blockchain. 4. All Franklin has to do is select 'Shadow - SDC' as the send option and send to the merchants regular SDC address. The ring signatures remove the link between the tokens and the network mints new SDC for the merchant, which are fresh coins with no blockchain history. So no stealth addresses needed for the merchant. |
|
|
|
|
|
child_harold
|
|
December 26, 2014, 05:07:08 PM |
|
So here's a way of keeping things anon in the Shadowverse. Correct me on any points.
1. Franklin has 8,000 SDC
2. Franklin creates a stealth address in his wallet and backs up his wallet again because he created a new addy.
3. Franklin sends 6,666SDC to his stealth addy. Now they are Shadow and have disappeared from the blockchain.
4. When Franklin goes shopping he simply spends some of his stash of 6,666 Shadow to pay for things from merchants who offer stealth addys too.
Done. Perfect anon?
Correct me if i'm wrong guys, this is my understanding of the zk system. 3. Franklin sends 6,666SDC to his stealth addy with the 'SDC - Shadow' option. Now they are Shadow and have disappeared been destroyed from the blockchain. 4. All Franklin has to do is select 'Shadow - SDC' as the send option and send to the merchants regular SDC address. The stealth addresses remove the link between the tokens and the network mints new SDC for the merchant, which are fresh coins with no blockchain history. So no stealth addresses needed for the merchant. Cool. That is an option. But why not accept shadow and keep tx's as Shadow>Shadow? |
|
|
|
|
Pline
|
|
December 26, 2014, 05:13:03 PM |
|
So here's a way of keeping things anon in the Shadowverse. Correct me on any points.
1. Franklin has 8,000 SDC
2. Franklin creates a stealth address in his wallet and backs up his wallet again because he created a new addy.
3. Franklin sends 6,666SDC to his stealth addy. Now they are Shadow and have disappeared from the blockchain.
4. When Franklin goes shopping he simply spends some of his stash of 6,666 Shadow to pay for things from merchants who offer stealth addys too.
Done. Perfect anon?
Seems pretty good as long as you don't do anything foolish to expose your amounts. Or alternatively, I think you can just send some of your shadow tokens back to SDC and then use the SDC to pay the merchant and it seems just as anonymous. But timing also plays a role as well. Its probably best to have a pool of shadow long before you have to spend or transfer any back to SDC. The longer you wait before changing back to SDC, the more anonymous it seems to be. But as the network grows the anonymity will improve as its easier to blend in with the rest of the network. Also if you have super large amounts of SDC, then this is going to stick out on the network, so better to keep transactions smaller. Also, alternatively you could wash the funds by going into Shadow, then back to SDC at some future time. You could prepare pockets of SDC ready to spend. I find myself doing this with Bitcoin. Cleaning the coins, then setting up a few pocket addresses that can be used for spending at different merchants without linking them together. Then if there is any change in the pocket, you could send it back to Shadow stealth address. Would there be any problems arising from this behavior? Is it safe to send the change back to a stealth address that already contains shadow? But also it seems the more shadow that exists in the network the better the anonymity. So it may be healthy for the network if we all keep a good percentage of our coins in Shadow all the time. |
|
|
|
|
MedaR
Legendary
Offline
Activity: 2380
Merit: 1026
|
|
December 26, 2014, 05:15:31 PM |
|
please make presentation or youtube vid..lm lost  |
|
|
|
|
