This message was too old and has been purged

[tacotime]

Well, I haven't really gone through the entire thread but I don't think the DRK CoinJoin is entirely unsound from the perspective of being a centralized CoinJoin.

The theory is basically, you have n many outputs (O_n) of denomination size D. For simplicity, for any O_n there is an owner Z_n.

Z_n sends her output O_n to a masternode (MN) along with a new receiving address A_n. The MN shuffles these O_n as inputs and makes shuffled outputs to A_n in a single tx. The tx is then signed by all Z_n. The MN submits the tx to the network and the outputs are indistinguishable to everyone except the MN. Well, they're slightly known to the participants too, because they know which address and input is theirs.

It suffers from some of the same flaws as ring signatures (I'm not going to go over that, we've already published on them). But at the same time, ring signatures (a) don't require a MN (centralized) to do mixing because you can use any previous outpoint and (b) are somewhat more expensive space wise (but not really; see below) and (c) the MNs know 100% the outputs owned by their participants, who obviously have to connect to them somehow over TCP/IP. The last point is a big deal in terms of privacy, and even with Tor you can have timing correlation attacks.

The size of the ring signature is O(n), but then again, so is sequential DarkCoin mixing, per mix tx. The cost per mix for DRK is that of the signed input and output for the recipient, and the obfuscational security of a single tx is also O(n). For the latter I mean number of participants in terms of inputs/outputs... obviously a single participant is useless, and two participants is nearly useless. So, the DRK method still introduces O(n) bloat. It just load balances it differently.

The fact that the MNs are the centralized authority in the CoinJoin and now in network consensus (as of instant tx, since the MN decide which chain is valid by which tx is allowed to be in it) is more of an issue, along with providing correct incentives. Long term most of the rewards go to the MNs who I would guess will, over time, become progressively more pernicious in their activities. Another issue is legal ones for potential people running MNs, as they're effectively laundering money on behalf of the participants and directly benefiting from doing so monetarily.

[1715168448]

1715168448

[1715168448]

1715168448

[smooth]

(a) don't require a MN (centralized) to do mixing

This is ultimately what really matters and renders the rest of the mixing process irrelevant (though flaws in that, such as those allegedly found by the OP, can compound the failure and make things even worse).

Masternodes can't be trusted, and their behavior can't be verified. Even with so-called "blinding" the necessarily information to reverse the mixing still flows throw masternodes and therefore its security can never be trusted. If someone comes up with a way to do this without disclosing the private information to the masternodes, then it could be a system that isn't entirely unsound in the sense of having an undetectable information leak. But that is not DRK.

become progressively more pernicious in their activities

Exactly. There is no mechanism to prevent that. Information is valuable, so masternodes will collect it, sell it, and likely inadvertently leak it. In some sense the best case possible would be the NSA actually running them all. At least they won't sell it.

[kadrek]

You cannot argue logic with people that have an agenda, they are bag holders and will argue with every fallacy they can squirm into.

I can't believe you guys have the patience to deal with these fools, let them sink when their ship does. It makes no difference in the end anyway.

Maybe if your dev wasn't in here arguing about petty things XMR might see some progress. If you haven't noticed, Evan hasn't been in here arguing. I think that shows the work ethic of both of them. 

NOW this is amusing! EVAN is the ONE person who should be in this thread!

He did address the claimed issue.

[Hueristic]

You cannot argue logic with people that have an agenda, they are bag holders and will argue with every fallacy they can squirm into.

I can't believe you guys have the patience to deal with these fools, let them sink when their ship does. It makes no difference in the end anyway.

Maybe if your dev wasn't in here arguing about petty things XMR might see some progress. If you haven't noticed, Evan hasn't been in here arguing. I think that shows the work ethic of both of them. 

NOW this is amusing! EVAN is the ONE person who should be in this thread!

He did address the claimed issue.

You mean where he posted It's random this and random that and you can never unravel it so go ahead and do it?

Let me let you in on a little secret, IT is IMPOSSIBLE for a computer to generate anything random except a fire maybe.

What he should be doing is answering posts like this.

https://bitcointalk.org/index.php?topic=978447.msg10683089#msg10683089

AND especially this!

https://bitcointalk.org/index.php?topic=978447.msg10684983#msg10684983

[barwizi]

You cannot argue logic with people that have an agenda, they are bag holders and will argue with every fallacy they can squirm into.

I can't believe you guys have the patience to deal with these fools, let them sink when their ship does. It makes no difference in the end anyway.

Maybe if your dev wasn't in here arguing about petty things XMR might see some progress. If you haven't noticed, Evan hasn't been in here arguing. I think that shows the work ethic of both of them.  

NOW this is amusing! EVAN is the ONE person who should be in this thread!

He did address the claimed issue.

You mean where he posted It's random this and random that and you can never unravel it so go ahead and do it?

Let me let you in on a little secret, IT is IMPOSSIBLE for a computer to generate anything random except a fire maybe.

What he should be doing is answering posts like this.

https://bitcointalk.org/index.php?topic=978447.msg10683089#msg10683089

AND especially this!

https://bitcointalk.org/index.php?topic=978447.msg10684983#msg10684983

You are intentionally using misleading statements and it's no surprise that you would refer to posts by an open supporter of XMR, and we alll know the disgusting habits of XMR supporters.

Let me correct you before you think you can get away with what is tantamount to a lie

 

IT is IMPOSSIBLE for a computer to generate anything random except a fire maybe.

Several computational methods for random number generation exist. Many fall short of the goal of true randomness — though they may meet, with varying success, some of the statistical tests for randomness intended to measure how unpredictable their results are (that is, to what degree their patterns are discernible).

In response to

https://bitcointalk.org/index.php?topic=978447.msg10683089#msg10683089

let me pose you an interesting concept-- "The proof is in the pudding" Many a so called developer have written proofs and whitepapers, yet very few came through with an actual product. The OP conceded defeat in his original hypothesis and has returned to the drawing board.

https://bitcointalk.org/index.php?topic=978447.msg10684983#msg10684983

Now that is sheer desperation. This thread was made buy a guy who jumped the gun, and was proven wrong. Leave it to XMR fanboys to turn it into a discussion about difficulty and emissions.  

[Lebubar]

But for the fire yes it is possible (and JUST the fire...) lol

You are right Noir... XMR suporter are really pathetics. (can you read the title of the thread?)

[Hueristic]

...You are intentionally using misleading statements and it's no surprise that you would refer to posts by an open supporter of XMR, and we alll know the disgusting habits of XMR supporters.

Let me correct you before you think you can get away with what is tantamount to a lie

 

IT is IMPOSSIBLE for a computer to generate anything random except a fire maybe.

Several computational methods for random number generation exist. Many fall short of the goal of true randomness — though they may meet, with varying success, some of the statistical tests for randomness intended to measure how unpredictable their results are (that is, to what degree their patterns are discernible).

If you think this debunks my statement of fact your reading comprehension is non-existent.

In response to

https://bitcointalk.org/index.php?topic=978447.msg10683089#msg10683089

let me pose you an interesting concept-- "The proof is in the pudding" Many a so called developer have written proofs and whitepapers, yet very few came through with an actual product. The OP conceded defeat in his original hypothesis and has returned to the drawing board.

So you attempt to answer a question that was not asked and sell it as a retort to a valid question?

https://bitcointalk.org/index.php?topic=978447.msg10684983#msg10684983

Now that is sheer desperation. This thread was made buy a guy who jumped the gun, and was proven wrong. Leave it to XMR fanboys to turn it into a discussion about difficulty and emissions. 

Once again, a fanboi who cannot find an answer to this question so tries to divert. Your attempts are shallow and in-effective. Care to try again?


Damn and I fell into the pit I was wondering about how others could get mired in.

[RenegadeMan]

I've read through this thread.

Good grief! What a tedious, boring, pedantic and ridiculously unnecessary waste of time!

"Smooth" and others who just want to rubbish Darkcoin and bring never ending suggestions to the table of it being terribly flawed, UNTIL you have broken the anonymity and can demonstrate how it can be done and shown a repeatable process, your words and innuendo of Darkcoin being susceptible to all these issues are just words and innuendo, nothing more (but certainly copious quantities of).

Frankly you need to put up or SHUT THE F%^* UP!!!

What an incredibly verbose, long winded and torturous series of posts smooth!

Can you like just put a sock in it ffs?!!

WHEN you've proven Darkcoin has these fatal flaws and WHEN you've demonstrated how to repeatably break the anonymity THEN you have something important to say and people from the Darkcoin community will be very interested and thankful to you.

But at the moment you're just peddling conjecture, rubbish, absurdity and pontifications (let's see Conjecture, Rubbish, Absurdity and Pontifications....CRAP!....yep, you're just peddling CRAP!)

PS - And pleeaassseee! For the sanity of all of us, don't come back with yet another long winded rebutal and pontification about how what I'm saying is not addressing what you're saying blah blah (OMG, I think I need to watch the 10 hour "tra la la la lah" Youtube guy) blah. GO AND "BREAK" DARKCOIN'S ANONYMITY THEN COME BACK TO US.

[smooth]

GO AND "BREAK" DARKCOIN'S ANONYMITY THEN COME BACK TO US.

THE ABOVE IS A FALLACY, AND A PARTICULARLY STUPID ONE.

I can't track you on the web and record and correlate nearly every web site you visit they way Google, Facebook, your ISP, the NSA, and hundreds of little companies nobody has heard of in the internet tracking and data brokering business can and do. Nor can I track every electronic financial transaction you make the way Visa, MC, banks, the NSA, IRS, etc. can and do.

That doesn't make these systems private and anonymous just because they aren't wide open to some random idiot.

Likewise, DRK's architecture for "anonymity" is a flimsy house of cards that provides only an illusion of anonymity whether or not I personally can unravel a conjoin transaction or two.

[RenegadeMan]

GO AND "BREAK" DARKCOIN'S ANONYMITY THEN COME BACK TO US.

THE ABOVE IS A FALLACY, AND A PARTICULARLY STUPID ONE.

I can't track you on the web and record and correlate nearly every web site you visit they way Google, Facebook, your ISP, the NSA, and hundreds of little companies nobody has heard of in the internet tracking and data brokering business can and do. Nor can I track every electronic financial transaction you make the way Visa, MC, banks, the NSA, IRS, etc. can and do.

That doesn't make these systems private and anonymous just because they aren't wide open to some random idiot.

Likewise, DRK's architecture for "anonymity" is a flimsy house of cards that provides only an illusion of anonymity whether or not I personally can unravel a conjoin transaction or two.

The above is not a fallacy nor is it stupid. It is a challenge to you to put up or shut up.

More muddying of the waters and obfuscation of what this thread is about and a never ending need on your part to just keep going on and on without any substance or proof of what you're talking about does nothing for your credibility or integrity.

The OP Evil Knievel started this thread with:

Here I will tell you, how I think one can deanonymize every single darksend transaction from beginning of Darkcoin up to now.
Maybe someone of you guys can comment on this!

He laid out the steps of how he thought this would work.

Then Evan Duffield responded and negated what the OP was portending with:

Interesting approach, although the input order isn't random, it's randomly generated from multiple transactions on the client side. Even if it was completely not random, that doesn't allow you to "jump" the mixing transaction and know which outputs belong to which inputs.

Source TX:

http://explorer.darkcoin.io/tx/9ad01adae3814abf9a9731f0003d95a0f9bf701d055152f7b54ee4b6be47bfca:

Notice the inputs reference 5 transactions, but there's 3 participants. You can't tell where one stops and the next begins. Also, it's possible that multiple clients in this transaction were actually in 5bafee7a5397ad505658b1e37af812e64ebb2834601224e4f6f6675b4a25728b or b4534361c8247abcc6b428fd85a17546f23413b2777f3e3f372578d100b20c4e for example.

http://explorer.darkcoin.io/tx/5bafee7a5397ad505658b1e37af812e64ebb2834601224e4f6f6675b4a25728b#o39
http://explorer.darkcoin.io/tx/b4534361c8247abcc6b428fd85a17546f23413b2777f3e3f372578d100b20c4e#o40
http://explorer.darkcoin.io/tx/1c1769d578f4632971dd699987931cf676a7356196a5b122c60d737fce3c836e#o76
http://explorer.darkcoin.io/tx/7e452c1c5229fbbfdc1b4fc1d8577a6b9d0932bf5f00030d28ec7759dd9273ea#o61
http://explorer.darkcoin.io/tx/3fba31e9cc32cd5e2c002ad4a8bd6908f3a76321e2d892f046265eb14352676e#o60

One more thing to note is that after coins are mixed through multiple sessions, there are "final" outputs that are just spent randomly. That can happen in any session, which causes more randomness. You most definitely can't map those randomly spent outputs to the inputs at all. That's what you should be trying to do, you need to be able to show anonymously spent coins and their original source funds.

Nice try though

PS. If you believe it's really a weakness you need to map the outputs to the inputs and show who's anonymously spending money on what. I'm not sure it's worth the time though, because masternode blinding randomizes the input order anyway.  

Since then people like you have come on here and put forward copious amounts of FUD and general negativity about Darkcoin's architecture and the nature of the Darkcoin community's belief that it is valid and does offer the anonymity being claimed.

What you need to do now is what Evan suggested:

If you believe it's really a weakness you need to map the outputs to the inputs and show who's anonymously spending money on what.

Until you do this and can demonstrate how it's done, and how it can be repeatably and reliably done, you are just blowing a whole lot of hot air that carries no substance or authority as it's just your opinion.


So your "THE ABOVE IS A FALLACY, AND A PARTICULARLY STUPID ONE" is a statement that (once again) is about you avoiding needing to back up your claims with proof and documentary evidence and does nothing to further confirm this thread's core suggestion which is "Darkcoin is NOT Anonymous? Possible Proof inside". What you think about "Google, Facebook, your ISP, the NSA, and hundreds of little companies nobody has heard of in the internet tracking and data brokering business can and do" is completely and utterly irrelevant to the debate at hand which is that Darkcoin's Darksend transactions can be deanonymized.


I won't be responding to you again because all of your posts are about shifting the conversation onto a tangential issue or set of issues and obfuscating so you don't ever have to prove or confirm anything (and not to mention they're a ridiculous waste of time). And it's all your opinion, not the proof that was being suggested potentially is here which, although was being proffered by Evil Knievel, you have added to with a whole lot of rhetoric that you need to substantiate.


So again, put up or shut up. That means "show and demonstrate" how Darkcoin is not anonymous. When you do this and can reliably and repeatably trace transactions I (and no doubt many other Darkcoin proponents)  will be very interested and ready to take your counsel on what is wrong with Darkcoin's anonymity.

[smooth]

It is a challenge to you to put up or shut up.

OK then, I'll be happy to, just as soon as you demonstrate how you can track my web browsing the way google, etc. do.

OR, alternatively, you could claim that because YOU, personally, can't track my web browsing, it must be private and anonymous.

Which is it?

I'll assume neither, but certainly correct me if I'm wrong.

To that end here's my new "product" -- Smooth's Unbreakable Anonymous Web Browsing (who needs Tor?)

Step 1: Wave your hands over your computer and think positive thoughts.

Step 2: Say a prayer to the Flying Spaghetti Monster that your browsing today remains private.

Now, here's the good part. If you think my product doesn't work go ahead and put up or shut up: Deanonymize my browsing!

Can't do it? I guess my product must be good after all. I should start selling it to suckers right?

Reality check dude. If you are disclosing information to third parties (which dark does), and it isn't protected by strong and well-vetted cryptography (which dark does not), it isn't secure.

[RenegadeMan]

It is a challenge to you to put up or shut up.

OK then, I'll be happy to, just as soon as you demonstrate how you can track my web browsing the way google, etc. do.

OR, alternatively, you could claim that because YOU, personally, can't track my web browsing, it must be private and anonymous.

Which is it (as I have nothing more of substance to put forward so I'm reverting to the old 'turn the tables' and putting it onto you to prove stuff to me)?

I'll assume neither, but certainly correct me if I'm wrong.

To that end he's my new "product" -- Smooth's Unbreakable Anonymous Web Browsing (who needs Tor?)

Step 1: Wave your hands over your computer and think positive thoughts.

Step 2: Say a prayer to the Flying Spaghetti Monster that your browsing today remains private.

Now, here's the good part. If you think my product doesn't work go ahead and put up or shut up: Deanonymize my browsing!

Can't do it? I guess my product must be good after all. I should start selling it to suckers right?

Reality check dude. If you are disclosing information to third parties (which IMO dark does), and it isn't protected by strong and well-vetted cryptography (which IMO dark doesis not), IMO it isn't secure.

Fixed it for you. Over and out.

[paratox]

You can't make someone see, if he is not willing to.

I can understand your concerns, smooth, and there are IMO valid.
But you are trying to hard to get them to understand what consequences an "anonymous" design based on trust can have. It's their choice to either think about it or ignore it.  You have made your point clear and anyone who wan't to research the matter will come to their own conclusions

Please, for your own well being, let them believe what they want.

My conclusion:  trusting a third party with my anonymity is not the best way to be anonymous..

[stonehedge]

If you believe that your are risking privacy by trusting masternodes to anonymise your transactions then you do not know how Darksend works.

Even if one entry controls 50% of all masternodes, the chance of tracing one transaction is tiny.

Prove your theories or they just fall into the category of ill-informed chit chat.

[paratox]

If you believe that your are risking privacy by trusting masternodes to anonymise your transactions then you do not know how Darksend works.

Even if one entry controls 50% of all masternodes, the chance of tracing one transaction is tiny.

Prove your theories or they just fall into the category of ill-informed chit chat.

In the first sentence you say, if I would understand how Darksend works, I wouldn't see a risk in trusting masternodes to anonymise my transactions, but in your second line you talk about a tiny risk potential. That seems contradictory to me.

I don't say that DRK isn't anonymous, I am just saying that it's not the best possible way to be anonymous at this point in time.
 

[Lebubar]

So let see the empty speah of smooth :

He's saying that if someone don't know something (ie: visa, mastercard payment) he can't say if it's anonymous or what else...
Ok so this guy is saying that he don't know darksend because he can say anything about it, nor prooves nothing

Cqfd! End of the discution until you make your homework

Ok so that all what we were thinking about those endless empty blatering of this smooth : He don't know what is it talking about (and since 14 pages)...

[onemorexmr]

So let see the empty speah of smooth :

He's saying that if someone don't know something (ie: visa, mastercard payment) he can't say if it's anonymous or what else...
Ok so this guy is saying that he don't know darksend because he can say anything about it, nor prooves nothing

Cqfd! End of the discution until you make your homework

Ok so that all what we were thinking about those endless empty blatering of this smooth : He don't know what is it talking about (and since 14 pages)...

lol the only thing you just proved is that you cant read (but what did i expect from drk-folks )

[Lebubar]

We are speaking of an open source technology here. Not a private banking system, stupid man.

[Kuriso]

It is a challenge to you to put up or shut up.

OK then, I'll be happy to, just as soon as you demonstrate how you can track my web browsing the way google, etc. do.

OR, alternatively, you could claim that because YOU, personally, can't track my web browsing, it must be private and anonymous.

Which is it?

I'll assume neither, but certainly correct me if I'm wrong.

To that end he's my new "product" -- Smooth's Unbreakable Anonymous Web Browsing (who needs Tor?)

Step 1: Wave your hands over your computer and think positive thoughts.

Step 2: Say a prayer to the Flying Spaghetti Monster that your browsing today remains private.

Now, here's the good part. If you think my product doesn't work go ahead and put up or shut up: Deanonymize my browsing!

Can't do it? I guess my product must be good after all. I should start selling it to suckers right?

Reality check dude. If you are disclosing information to third parties (which dark does), and it isn't protected by strong and well-vetted cryptography (which dark does not), it isn't secure.

He isn't asking you to track his web traffic so why are you asking him to track yours?  Why is it not possible for you guys to directly answer a question or take a challenge?  He's asking you to track coins sent from one address to another.  Who the fuck cares about the rest of your net traffic.  Break the anonymous transaction.  

Stop deflecting and muddying the water. Track the transaction.  "... put up or shut up. That means "show and demonstrate" how Darkcoin is not anonymous."


You people realize that when you make a purchase with your anon coins, if you are buying something that has to be shipped, which would be most of your online purchases, they have your fucking address!  Unless you are doing face to face transactions with no personal information exchanged AND you are wearing a mask while doing it, you're not going to be anonymous.....  There's a whole host of potential what if's and hypothetical situations that can be dreamed up and thrown around.  That's not what this thread was about.  Prove the transactions themselves are traceable or shut the fuck up.

[toknormal]

You people realize that when you make a purchase with your anon coins, if you are buying something that has to be shipped, which would be most of your online purchases, they have your fucking address!  Unless you are doing face to face transactions with no personal information exchanged AND you are wearing a mask while doing it, you're not going to be anonymous....

Totally.
It’s significant to this debate that Darkcoin had ring signatures on its roadmap and decided against implementing them (for now) because of adverse practical issues associated with their use - in particular the bloat problem.

Cryptonote fanatics (In particular, Monero devs) have their heads stuck so far down the cryptography manhole that they’ve lost sight of all monetary objectives other than “hiding from the NSA”, which isn’t even a monetary objective. A bit like a formula 1 car designer that becomes so obsessed with the tyre tread that they forget to make the car light and get lapped in the first round (as Monero has been by Darkcoin).

We’re talking about money here. The goal is to address a particular monetary property - fungibility, the only property in which Bitcoin is deficient - as well as financial privacy and to do that at least as well as the current fiat banking system (which is not the least bit opaque as far as NSA et al are concerned).

At this moment, Darkcoin’s implementation of anonymity suits a cryptocurrency far better than cryptonote does because it supports all immediate commercial design objectives and leaves options open for the future. In addition to that, it supports the oldest boost to reliability known to man - multiple redundancy. If you want commercial privacy, use a standard number of rounds. If you want super anonymity just put it through the full 16 rounds.

Contrary to what highly conflicted Monero coin developers would have you believe, useful modern cryptography was not invented 4 years ago, it was invented about 70 years ago and a myriad of successful implementations of every conceivable type have been in use ever since. More specific monetary-oriented cryptographic algorithms came along in the eighties so even those have been around for 30 years. Also contrary to what conflicted Monero devs would have you believe, there is more than 1 solution that satisfies the design objectives of a bitcoin-based currency which addresses the fungibility and privacy issue. Success will not go to the solution that has the most modern cryptography - or even the most secure - but the one that best addresses all of the priorities across the board.

For me, that is Darkcoin by a mile right now.

Whatever amounts of sand get thrown in its devs’ and its community’s face over hypothetical security scenarios it still has way more forethought and relevance across the whole offering. In addition, having read all of the challenges in this thread I think its security model is well in excess of what’s needed for the role it has to fulfil. A far more realistic weakness than ‘NSA tracing your transactions’ for example is simply some 3rd party buying up the coin supply and that’s something that applies to all coins / mining power / you name it.

Cryptographic priorities aren’t the  biggest issue here - monetary ones are. So before deciding what’s the optimal design cryptographically you need to decide what’s the optimal one monetarily and how much difference a legacy compliant blockchain makes because everything else flows from there.

What's it Worth ?
Monero staff have made a clusterfuck of a PR job for their coin in this thread by attacking Darkcoin’s anonymity approach because it’s a straw man. The real question is not Darkcoin’s anonymity approach, it’s its legacy compliance approach and how much that’s worth. A year ago that wasn’t clear but now it’s crystal clear - Bitcoin’s marketcap has continued to prevail over all alts. Darkcoin’s cap was sustained, Monero’s tanked. None of the alts have made a dent in Bitcoin’s cap despite being more advanced technically. So legacy compliance IS worth something big according to the market and in that regard it will accept the optimal anonymity solution if it wants a high-privacy version of it.

So critics can keep on pulling on that (it’s not secure !!) chain - it won’t matter because Darkcoin has the right solution for what it’s trying to do at the moment and it’s only likely to consolidate from here according to the conclusions of last year’s alt-coin arms race.