DRK vs XMR warez

[smooth]

Interesting, thanks for the insight.  So it seems the main differences between the two, is that Shadow is on a bitcoin blockchain, which gives it some advantages.  For example it can plug in better with existing infrastructure, and have benefits of both transparent chain and anonymous chain. Also since only about 1% of transactions are used for anonymity, it will have less blockchain bloat than Monero where 100% of the transactions are done using ring sigs.

If only 1% of transactions are used for anonymity you will have massive timing anonymity leaks and such. If you take transparent coins, convert to anon, pay someone, and he converts back (both of which are logical if most commerce is taking place non-anonymously) then the whole thing is quite obviously traceable.

I don't really see much advantage to a coin that is 99% transparent, and definitely see disadvantages. Just use Bitcoin, or if you really want PoS, use whatever is the leading PoS coin, probably BitShares I guess. BitShares has stealth addresses by the way.

I wonder if this destruction and reminting gives it any privacy advantages.

It does not. The creation and destruction process is entirely transparent.

Smooth is right Shadow is very similar to cryptonote.  I was reading cryptonote whitepaper, and its some genius stuff going on in there.  We should be honest about what the system is and its pros and cons.  I like Monero, seems like a cool coin, much better than DRK. I do think Shadow does have some advantages being on a bitcoin blockchain.  Also I believe Shadow differs in the anonymity system in one major way from what I can tell, and that is the destruction and minting of SDC.  To me it seems like this extra part of the system does something extra to sever the link between identities, but I could be wrong.  Hopefully the review will help clarify that.  Hope our communities can all be friends, as we all are striving for the same goal of privacy and anonymity.

Well i agree with you that the Bitcoin codebase and APIs, etc. are an advantage in terms of integration, etc. I don't agree that the minting/destruction add value to anonymity, and in fact I think the opposite as I explained above. But overall yes the more popular APIs and such are valuable.

I don't think the communities are or need to be unfriendly but there is some confusion that has been spread about the nature of the Shadow solution that has led to some frustration on both sides. We certainly share the goal of greater privacy.

[1714011835]

1714011835

[1714011835]

1714011835

[1714011835]

1714011835

[1714011835]

1714011835

[1714011835]

1714011835

[child_harold]

admittedly u guys know shit, but u dont know the shadow shit

I'm afraid I do, having read the shadow whitepaper, and having some level of understanding of the technology which is more than I can say for a bunch of people accounts running around talking about "shadow Zero Knowledge, woo hoo" as if that is something new. It isn't, it comes straight out of cryptonote.

BTW, I though this thread was about XMR vs. DRK. Why are you SDC pumpers showing up and spamming it?

Interesting. Isidor was unsatisfied by the WP and has been asking Ryno and Technovert a whole bunch of follow-up questions to fill in the gaps… Perhaps you are brighter than Isidor or you simply filled them in for yourself?

The achievement of implementing a cryptonote-like (BUT NOT CN) token on a BTC blockchain must be applauded, yes?

BTW Its a public forum, just saying (literally) … (weird)

[smooth]

Interesting. Isidor was unsatisfied by the WP and has been asking Ryno and Technovert a whole bunch of follow-up questions to fill in the gaps… Perhaps you are brighter than Isidor or you simply filled them in for yourself?

Good for him. If I were paid to do a review I would be more thorough. But as I am not, I read it and understood it to my satisfaction.

The achievement of implementing a cryptonote-like (BUT NOT CN) token on a BTC blockchain must be applauded, yes?

We disagree whether it is merely cryptonote-like. I would say it is essentially identical in function to cryptonote with only token (no pun intended) differences.

Yes I agree that the Bitcoin codebase/APIs add value, as I said in my previous post.

BTW Its a public forum, just saying (literally) … (weird)

Yes but different topics within the forum exist for a reason as I understand it.

[child_harold]

Good for him. If I were paid to do a review I would be more thorough. But as I am not, I read it and understood it to my satisfaction.

This I can quite believe :|


I am disinclined to give u a tecchy question since you'll have a clever answer I am unqualified to handle.
BUT
Since rules r made 4 breaking lets rock this smooth…

When I have converted SDC to Shadow tokens (SDT) or sent SDT 2 SDT or converted Shadow to SDC…

I have been able to do so using up to 60 ring sigs in an almost instantaneous tx.

I have played with XMR and had a wallet on mymonero.  
There was an option of a "3 mix" or something iirc. Does this equate to 3 ring sigs?

(Lamentably exchanges inc Polo only do a 0 mix? which I assume means no-anonymity?)

Run with the ball smooth

BTW Its a public forum, just saying (literally) … (weird)

Yes but different topics within the forum exist for a reason as I understand it.

With respect let us not pull on this thread…

[smooth]

I have played with XMR and had a wallet on mymonero. 
There was an option of a "3 mix" or something iirc. Does this equate to 3 ring sigs?

Yes, mymonero has a restricted range of mix factors for ease of use as the UI is intended largely for less-technical users. I expect as it matures it will have an "advanced" mode or some kind.

Using the native wallet you can use any factor you want, even >100.

(Lamentably exchanges inc Polo only do a 0 mix? which I assume means no-anonymity?)

I'm told Polo is using mix 3 now? I haven't confirmed that myself though. BTW mix=0 isn't "no-anonymity" though, as stealth-addresses are always used. I would call it weak anonymity for sure.

[child_harold]

I have played with XMR and had a wallet on mymonero. 
There was an option of a "3 mix" or something iirc. Does this equate to 3 ring sigs?

Yes, mymonero has a restricted range of mix factors for ease of use as the UI is intended largely for less-technical users. I expect as it matures it will have an "advanced" mode or some kind.

Using the native wallet you can use any factor you want, even >100.

(Lamentably exchanges inc Polo only do a 0 mix? which I assume means no-anonymity?)

I'm told Polo is using mix 3 now? I haven't confirmed that myself though. BTW mix=0 isn't "no-anonymity" though, as stealth-addresses are always used. I would call it weak anonymity for sure.

How many XMR users have used 60 ring sigs? Or over 24?
These numbers are common in Shadow

Im assuming 24 or 60 is better than 3 or 6…

And it is devilishly fast to boot. Have u tried the wallet?

[Pline]

I have played with XMR and had a wallet on mymonero. 
There was an option of a "3 mix" or something iirc. Does this equate to 3 ring sigs?

Yes, mymonero has a restricted range of mix factors for ease of use as the UI is intended largely for less-technical users. I expect as it matures it will have an "advanced" mode or some kind.

Using the native wallet you can use any factor you want, even >100.

(Lamentably exchanges inc Polo only do a 0 mix? which I assume means no-anonymity?)

I'm told Polo is using mix 3 now? I haven't confirmed that myself though. BTW mix=0 isn't "no-anonymity" though, as stealth-addresses are always used. I would call it weak anonymity for sure.

With mymonero do I have to trust others to hold my private keys?  Is there an easy to use wallet for beginners where I can control my own private keys?

[smooth]

I have played with XMR and had a wallet on mymonero.  
There was an option of a "3 mix" or something iirc. Does this equate to 3 ring sigs?

Yes, mymonero has a restricted range of mix factors for ease of use as the UI is intended largely for less-technical users. I expect as it matures it will have an "advanced" mode or some kind.

Using the native wallet you can use any factor you want, even >100.

(Lamentably exchanges inc Polo only do a 0 mix? which I assume means no-anonymity?)

I'm told Polo is using mix 3 now? I haven't confirmed that myself though. BTW mix=0 isn't "no-anonymity" though, as stealth-addresses are always used. I would call it weak anonymity for sure.

With mymonero do I have to trust others to hold my private keys?  Is there an easy to use wallet for beginners where I can control my own private keys?

mymonero does not have your spend key, it does have your view key. So you are trusting it with your privacy but not your coins.

There are some easy to use wallets that are not hosted at all. I recommend lightWallet torrent since downloading the full blockchain another way is somewhat painful.

https://xmrmonero.com/news/choose-your-wallet

If you want non-Windows you are somewhat limited to the command line (or mymonero) at this point.

[smooth]

How many XMR users have used 60 ring sigs? Or over 24?

I don't know the answer to that.

Im assuming 24 or 60 is better than 3 or 6…

In some ways, but there are also overall privacy effects viewing question of blockchain analysis wholistically. If everyone is using 3-6 and coins are constantly being mixed and remixed you are in very good shape because the entirety of the blockchain is essentially opaque. If you are using 60 and everyone else is using zero, not so much.

[child_harold]

How many XMR users have used 60 ring sigs? Or over 24?

I don't know the answer to that.

Im assuming 24 or 60 is better than 3 or 6…

In some ways, but there are also overall privacy effects viewing question of blockchain analysis wholistically. If everyone is using 3-6 and coins are constantly being mixed and remixed you are in very good shape because the entirely blockchain is essentially opaque. If you are using 60 and everyone else is using zero, not so much.

Could u hazard a guess how many XMR users have sent with over 24 ring sigs?


FYI

The default amount of Ring Sigs in the wallet is set to 16
There is also a button labelled "Suggest Ring Size" which I press before sending.
In my experience this has almost always lifted the default of 16 to 24 and up to 60.

Nobody is using 0. That's 4 sure.

[stopsigningbitch]

child_harold has also been on a trolling spree in the Darkcoin thread for days on end. Just some insight.

[child_harold]

child_harold has also been on a trolling spree in the Darkcoin thread for days on end. Just some insight.

No no. Not trolling. More like asking questions

For example this exchange which boils down to why should a masternode "cost" 1000DRK?

https://bitcointalk.org/index.php?topic=421615.msg10624038#msg10624038

Throwing it to the floor. 

Your about a year too late.

+1

+2

LETS ASSUME A WORST CASE SCENARIO

50% of MN's are run by "bad actors" or have backdoors (thru VSP provider consent)

Question:Why did TOR get compromised??
Answer: NSA style traffic analysis

Just like TOR ur crypto (such as it is i.e. antiquated) is prob sound. But how do you combat NSA style traffic analysis for MN's?

Ignore me if you want…
but this is another important question complements of yous truly.

Answers on a postcard 

I'll bite. Assuming there were 50% rogue nodes, each round would be an independent event, in this case 50/50 that a compromised node is selected processing the transaction. To be able to prove with reasonable doubt, you would need to have your rogue nodes selected every round, or 50%^# of rounds for probability. At 4 rounds, you're looking at a 6.25% chance of having your rogue nodes selected every round, at 8 rounds, 0.39%, at 16 rounds, .0015%. That's just as the system stands right now--with masternode blinding which is currently in development, no single node would have all the inputs so your probabilities essentially go to 0.

Good try.

Yeah I think he did try very hard, but his attempt discredits him even more.

@oblox

I suppose I was really making three points:

1) CRYPTO:What happens if 50% of MN's are run by "bad actors" or have backdoors (thru VSP provider consent)

Comment:
The answer of ~6% if 4 rounds chosen was the answer given. Interesting but not really to my point. BTW What is the avg no. of rounds usually selected? What is the default number?

2 ) FLOW: Since MN's have static IP's (at this time) and are obvious targets for traffic flow analysis how can u combat traffic flow analysis like "upstreaming" which were used to compromise TOR?"

As I said initially it is not so much the crypto that is the weakness (albeit slightly outdated imo), but rather the patterns derived from traffic analysis techniques like "upstreaming" which may reveal sensitive information.

Comment:
Certainly every crypto-currency network is also threatened by such analysis, but for DRK it is the limited number of MN's currently sitting on fixed IP's which make a juicy target. The crypto in TOR was by all accounts strong and it was these sorts of attacks which compromised TOR's security iirc. Interestingly there were similar numbers of TOR nodes that you have MN's. I'm thinking maybe 3-4k TOR nodes were being run worldwide.
Perhaps MN's will have to grow in number to help deal with this and maybe a 500DRK sum should be permitted to run an MN so as to create more. In fact why shouldn't every node be capable of serving as an MN? And if DRK adopts a ZK (Zero-Knowledge) solution like Shadow then why have MN's at all (InstantX I guess)

3) BLEND: A "blended attack" where a bad actor runs (or has access to) a number of MN's combined with traffic analysis is most likely the true threat model here. It is unclear to me at this point if "Masternode blinding' might help the bad actors as much as the good ones.

Comment:
?

Throwing it to the floor.

@bigrcanada
https://bitcointalk.org/index.php?topic=745352.msg10612920#msg10612920

I'm not spokesman for Shadow (definitely not) and without any action by the Shadow Team I voluntarily back down outta some sense of good. TBH Im more of a mad renegade…

I gotta say that I dont really regard the above Q I posed as FUD.
It would be wise to have in place counter-measures against the sort of attacks that compromised TOR. As I also said it applies to all crypto-currencies, altho due to the MN infrastructure and the depth of ur Team it (maybe) behooves u to plan for such attacks.

At the very least I asked why cant you have MN's for 500DRK? Or 250? More MN's better, right?

Anyway bigrcanada, you were very polite. Thanks. I shall return the favor and politely go away - altho Id really be interested in some answers to my Q's and will keep reading…
thanks

pax romanus

It is not just about having loads of masternodes, the 1000 DARK is about making it a meaningful investment / commitment to the project. 250 Dark would be too low especially at current prices, maybe in the future that would change.[/b]

OK
Almost outta here…

Is this the answer ur sticking with?
Why should an MN cost 1000DRk when more MN's should be beneficial IMO?


Quote:
It is not just about having loads of masternodes, the 1000 DARK is about making it a meaningful investment / commitment to the project. 250 Dark would be too low especially at current prices, maybe in the future that would change.

Really? Does it boil down to this? I can think of other "organisations" that require a demonstration of commitment thusly…

[smooth]

How many XMR users have used 60 ring sigs? Or over 24?

I don't know the answer to that.

Im assuming 24 or 60 is better than 3 or 6…

In some ways, but there are also overall privacy effects viewing question of blockchain analysis wholistically. If everyone is using 3-6 and coins are constantly being mixed and remixed you are in very good shape because the entirely blockchain is essentially opaque. If you are using 60 and everyone else is using zero, not so much.

Could u hazard a guess how many XMR users have sent with over 24 ring sigs?

I have no idea really. People are experimenting at this stage. Some have used 100+ rings, 10 gets used quite often I've seen in the block explorers.

Nobody is using 0. That's 4 sure.

Sure they are, that is the effect of SDC (transparent blockchain) transactions. They are traceable. Someone earlier claimed they were 99% of all Shadow/SDC transactions, but I have no idea if that is correct.

[child_harold]

How many XMR users have used 60 ring sigs? Or over 24?

I don't know the answer to that.

Im assuming 24 or 60 is better than 3 or 6…

In some ways, but there are also overall privacy effects viewing question of blockchain analysis wholistically. If everyone is using 3-6 and coins are constantly being mixed and remixed you are in very good shape because the entirely blockchain is essentially opaque. If you are using 60 and everyone else is using zero, not so much.

Could u hazard a guess how many XMR users have sent with over 24 ring sigs?

I have no idea really. People are experimenting at this stage. Some have used 100+ rings, 10 gets used quite often I've seen in the block explorers.

Nobody is using 0. That's 4 sure.

Sure they are, that is the effect of SDC (transparent blockchain) transactions. They are traceable. Someone earlier claimed they were 99% of all Shadow/SDC transactions, but I have no idea if that is correct.

I was referring to SDC>SDT, SDT>SDT, SDT>SDC and not SDC/SDC (the first 3 all require stealth addys)


Interestingly I first assumed that SDT (Shadow token)  to SDC conversions reduced the available anon I/O in the system (since SDC > SDT increases it)
In actual fact converting Shadow tokens (SDT) back to SDC increases the anon IO yet further

could u explain how that works smooth?

[smooth]

Interestingly I first assumed that SDT (Shadow token)  to SDC conversions reduced the available anon I/O in the system (since SDC > SDT increases it)
In actual fact converting Shadow tokens (SDT) back to SDC increases the anon IO yet further

could u explain how that works smooth?

It's false. Nether increases anonymity in the system, because they provide visible tracing points on the transparent chain. You are perhaps suggesting that SDT->SDC increases anonymity because there is another step of mixing and stealth, but this is mistaken, because the alternative is not nothing, it is spending those SDT by sending them to someone else. which gives the same mix+stealth, but minus the tracepoint.

Your best case for anonymity is really to just use SDT exclusively. Long chains of mixed transactions with stealth addresses at every hop = anonymous.

If you use SDC for the purpose of interoperating with BTC-based APIs, fair enough that may be a worthwhile tradeoff, but it doesn't improve anonymity at all, it decreases it.

[child_harold]

Interestingly I first assumed that SDT (Shadow token)  to SDC conversions reduced the available anon I/O in the system (since SDC > SDT increases it)
In actual fact converting Shadow tokens (SDT) back to SDC increases the anon IO yet further

could u explain how that works smooth?

It's false. Nether increases anonymity in the system, because they provide visible tracing points on the transparent chain. You are perhaps suggesting that SDT->SDC increases anonymity because there is another step of mixing and stealth, but this is mistaken, because the alternative is not nothing, it is spending those SDT by sending them to someone else. which gives the same mix+stealth, but minus the tracepoint.

Your best case for anonymity is really to just use SDT exclusively. Long chains of mixed transactions with stealth addresses at every hop = anonymous.

If you use SDC for the purpose of interoperating with BTC-based APIs, fair enough that may be a worthwhile tradeoff, but it doesn't improve anonymity at all, it decreases it.

I will pass this up the chain. In the meantime this may illuminate…
(dasource is a Team member)

All I can tell u is what I gather…

Oh and the explorer…
http://shadow.blockexplorer.cc/chain/ShadowCash

Just for sake of clarity

OK, so every time I convert Shadow to SDC I create a new SDC address.

Yes every-time you send coins (shadow or SDC) to a stealth address it will generate a new SDC Address

Is this a new private key?

Every SDC Address has a new private key, however because this SDC Address was generated by sending coins to a "stealth address" aslong as you have a backup of your wallet when you created the stealth address you do not need to back it up again. All future SDC addresses created by sending money to that "stealth address" are covered. This is a bit like a HD wallet but not quite ...
Obviously you can never be too careful so backup as necessary.

It seems like over time I will have hundreds of keys and stealth/public addresses in the wallet.

Yes but as per above, if the funds where sent to a "stealth address" then it does not matter as you can re-create those SDC Addresses and corresponding private keys from your stealth address backup.

[MalMen]

Judging from the OP's posting history the whole thread might be intended to advertise Monero.

This past days i was just reading without saying anything.. of course i have my favorite, that doesnt mean that i cant look at good side on other projects...

I read here alot of posts about shadowcash, i did a small research (i have to admit that i didnt search enough to have a good opinion), but from the first point what i found is that the shadowcash is the fusion of the bitcoin protocol with the multisig from the cryptonote protocol (i think some guy from bitcoin told few months ago that the monero sould do the same).. the good thing is that you can integrate that easy on apps arround it using the core already done on bitcoin but have 2 blockchains, i dont like much that, i dont like POS coins either, but that is me... for those who like it may be its a good option.. in terms of privacy i need more research to get a conclusion

About darkcoin i think i know mutch more about, the price is the result of each masternode needs 1000 coins and the current low inflaction, from short term it seems that is the most annon used coin, in the long term only the technology will decide if its safe or not to use the "darksend"

About monero i will not say anything, i have my personal opinion and dont want to be called an fanboy

[onemorexmr]

About monero i will not say anything, i have my personal opinion and dont want to be called an fanboy

i have no such issues

one of the main reasons i have so much faith in xmr is the core-team.
i simple cant trust somebody without a deep cryptographic background to invent an anonymous system

coding experience is simply not enough if you do want to implement / invent new crypto stuff.

[bitcoin revo]

decentralized or anonymous, or you can consider them as anonymous as the internet is, which we know is not as anonymous as we would like ?

[Pline]

Interesting, thanks for the insight.  So it seems the main differences between the two, is that Shadow is on a bitcoin blockchain, which gives it some advantages.  For example it can plug in better with existing infrastructure, and have benefits of both transparent chain and anonymous chain. Also since only about 1% of transactions are used for anonymity, it will have less blockchain bloat than Monero where 100% of the transactions are done using ring sigs.

If only 1% of transactions are used for anonymity you will have massive timing anonymity leaks and such. If you take transparent coins, convert to anon, pay someone, and he converts back (both of which are logical if most commerce is taking place non-anonymously) then the whole thing is quite obviously traceable.

I don't really see much advantage to a coin that is 99% transparent, and definitely see disadvantages. Just use Bitcoin, or if you really want PoS, use whatever is the leading PoS coin, probably BitShares I guess. BitShares has stealth addresses by the way.

I wonder if this destruction and reminting gives it any privacy advantages.

It does not. The creation and destruction process is entirely transparent.

Smooth is right Shadow is very similar to cryptonote.  I was reading cryptonote whitepaper, and its some genius stuff going on in there.  We should be honest about what the system is and its pros and cons.  I like Monero, seems like a cool coin, much better than DRK. I do think Shadow does have some advantages being on a bitcoin blockchain.  Also I believe Shadow differs in the anonymity system in one major way from what I can tell, and that is the destruction and minting of SDC.  To me it seems like this extra part of the system does something extra to sever the link between identities, but I could be wrong.  Hopefully the review will help clarify that.  Hope our communities can all be friends, as we all are striving for the same goal of privacy and anonymity.

Well i agree with you that the Bitcoin codebase and APIs, etc. are an advantage in terms of integration, etc. I don't agree that the minting/destruction add value to anonymity, and in fact I think the opposite as I explained above. But overall yes the more popular APIs and such are valuable.

I don't think the communities are or need to be unfriendly but there is some confusion that has been spread about the nature of the Shadow solution that has led to some frustration on both sides. We certainly share the goal of greater privacy.

I am not really yet buying that if only 1% of transactions in Shadow are used for anonymity there will be timing attacks.  If you take care of the amounts of Shadow you are transferring then you can still maintain anonymity.  Then that leaves timing attacks, and its only a problem if you are immediately changing to Shadow and then back.  The risk for this attack is not much different whether 1% or 99% are used for Shadow.  Admittedly if 100% was used for Shadow only then it eliminates it completely, but without the benefits of a transparent bitcoin blockchain.  As the network grows 1% will be a larger and larger amount of transactions and that will help users to blend in.

Also I was reading the white paper on zerocoin.  I found it very interesting how some of the ideas for ShadowCash are taken from zerocoin, and a big part of zerocoin is also the destruction and minting of coins.  So there may in fact be something to the idea that the Shadow implementation of destroying and minting coins could have value for anonymity and privacy.  It seems Shadow is a unique system taking ideas from both cryptonote and zerocoin. There is not much documentation on ShadowCash yet and their whitepaper could be a lot more detailed and seems like it was rushed out a bit. The devs are now working on providing better documentation. I think its going to take some time and peer reviews to come out before we all have a better understanding how these systems compare.

If anyone is interested to compare the white papers here they are:

http://shadow.cash/downloads/shadowcash-anon.pdf

https://cryptonote.org/whitepaper.pdf

http://zerocoin.org/media/pdf/ZerocoinOakland.pdf