Bitcoin Forum
November 18, 2024, 02:37:32 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 1000 BTCD Bounty Reward for Anyone Able to Successfully De-anonymize Teleport  (Read 1993 times)
Azeh (OP)
Sr. Member
****
Offline Offline

Activity: 441
Merit: 500


View Profile
October 20, 2014, 03:18:44 PM
 #1

A 1000 BTCD bounty reward ($2500+) for anyone that can successfully de-anonymize Bitcoindark's teleport tech created by jl777.

Criteria to claim the bounty:

The attacker must either:

a) provide evidence they can successfully de-anonymize Teleport

or

b) provide convincing proof that Teleport cannot be de-anonymized


To find out more information check here: https://forum.thesupernet.org/index.php?topic=76.0

If you are interested in this challenge, please make a post at either of the following:

https://bitcointalk.org/index.php?topic=684090.0

https://forum.thesupernet.org/index.php?topic=76.0

I hope we get some challengers!

Thanks,

Azeh
UnicornFarts
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
October 20, 2014, 03:32:40 PM
 #2

btcd would be worthless if it was de-annonimized.  hence you are offering someone the chance to earn something that will be made worthless by their act of earning it.

I would recommend using bitcoin and creating a substantial reward (maybe 1% of the BTCD market cap) in bitcoins.
Azeh (OP)
Sr. Member
****
Offline Offline

Activity: 441
Merit: 500


View Profile
October 20, 2014, 03:39:06 PM
 #3

btcd would be worthless if it was de-annonimized.  hence you are offering someone the chance to earn something that will be made worthless by their act of earning it.

I would recommend using bitcoin and creating a substantial reward (maybe 1% of the BTCD market cap) in bitcoins.

Hence, this is why it's a challenge.  You'll also notice that meeting the criteria for b) would make the btcd bounty a hell of a lot more valuable.
UnicornFarts
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
October 20, 2014, 03:47:39 PM
 #4

so you're offering a reward for somebody to convince you that btcd's claims are true?

so weird ...
mezzovide
Member
**
Offline Offline

Activity: 101
Merit: 10


View Profile
October 20, 2014, 03:49:18 PM
 #5

so you're offering a reward for somebody to convince you other that btcd's claims are true?

FTFY

Btc : 12LMdyWoyjJ1BZxfWmaZMWjTXn7S9y5EdK
Azeh (OP)
Sr. Member
****
Offline Offline

Activity: 441
Merit: 500


View Profile
October 20, 2014, 03:58:18 PM
 #6

so you're offering a reward for somebody to convince you that btcd's claims are true?

so weird ...

I don't think this is too difficult to understand. This is a part of testing. 

Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.
UnicornFarts
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
October 20, 2014, 04:00:43 PM
 #7

Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.
Azeh (OP)
Sr. Member
****
Offline Offline

Activity: 441
Merit: 500


View Profile
October 20, 2014, 04:15:47 PM
 #8

Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.

Well, when Bitcoindark is worth $50... Cheesy
MisO69
Legendary
*
Offline Offline

Activity: 1946
Merit: 1005


My mule don't like people laughing


View Profile
October 20, 2014, 06:28:24 PM
 #9

Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.

Well, when Bitcoindark is worth $50... Cheesy

pigs will fly.
Este Nuno
Legendary
*
Offline Offline

Activity: 826
Merit: 1002


amarha


View Profile
October 21, 2014, 09:01:41 AM
Last edit: October 21, 2014, 01:36:48 PM by Este Nuno
 #10

I'd like to see some of the great technical minds here give this a shot. I like the idea of incentive based testing/bounties.
cloudboy
Hero Member
*****
Offline Offline

Activity: 690
Merit: 501


View Profile
October 21, 2014, 12:49:42 PM
Last edit: October 21, 2014, 01:04:21 PM by cloudboy
 #11

Seriously, this scene has the biggest group of haters and naysayers I have ever had the displeasure to witness. It's disgusting.

Someone recently de-anonymized DarkCoin for free, that's what open source software is all about. There's nothing wrong with offering a bounty.

https://bitcointalk.org/index.php?topic=421615.msg9121343#msg9121343

ThomasVeil
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
October 21, 2014, 02:39:23 PM
 #12

I think it's good to start not to start with half a million BTCD Smiley It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.

Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.

Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
Este Nuno
Legendary
*
Offline Offline

Activity: 826
Merit: 1002


amarha


View Profile
October 21, 2014, 03:39:41 PM
 #13

The thing is that I don't think BTCD should lose value if someone can deanonymize teleport. Things like this need to happen early so that technologies can be strengthened. I'd rather have problems found and fixed now. If anything finding an issue and fixing now should raise the price, as it's only gotten stronger.
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1134


View Profile WWW
October 21, 2014, 10:17:32 PM
 #14

I think it's good to start not to start with half a million BTCD Smiley It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.

Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.

Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
Assuming that we have telepods for 1000, 1000, 300, 50, 1, 1, 1, 1 = 2354 total
Using telepathic transfer, these telepods are sent to dead drop addresses that nobody actually controls
However, the destination account was able to decrypt them in transit through the DHT routing process

At this point, both parties have copies of the telepod and it is arguable who actually controls it. In some sense it exists in both places at once. Of course to eliminate the risk of the sender simply spending the 2354 BTCD, the destination clones them into new telepods. So on the blockchain you will see spends of 1, 50, 1, 1000, 300, 1, 1000, 1 over the next hour to ?? amount of time.

Clearly if these were the only transaction, it could be for just 1 BTCD and we would know the source and destination acct. However, even in that case WHO did the sending and receiving? Short of either party announcing that they just did a tx, the telepods are onetime addresses to onetime addresses. With telepathic transfer you can even announce that you received a telepod at a specific time, but as long as you wait until there are other similar denomination clonings to make yours, even by announcing a specific denomination at a specific time, there is no way to tell which telepod you control.

Now imagine an hour window of cloning and ten transactions of similar amounts. But can we really assume a one hour window? What if some people set it for 4 hours or even the whole weekend because they were in no hurry? Do we even know which tx for 1, 50, 300 and 1000 are the possible tx?

So there is doubt as to who the sender is, who the recipient is and even which specific tx make up the total. And this is if the specific amount of the tx is known.

With the IP address shielded and the temporal mixing, the anon set scales the more transactions. Once there are hundreds of tx per hour, then I just dont see how any meaningful correlations can be done. So far there have been no actual issues that have been identified and this is after months of being disclosed along with the source code.

The entry/exit into the Teleport system is the vulnerability, but I have a cool solution for this in the works. I just want to get the internals solid. All the other anon solutions are working on anonymizing the blockchain, what I have done is anonymize the IP and timing. Since both are needed to deanonymize, either approach is equally valid.

James


http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!