Author

Topic: 1000 BTCD Bounty Reward for Anyone Able to Successfully De-anonymize Teleport (Read 1991 times)

legendary
Activity: 1176
Merit: 1134
I think it's good to start not to start with half a million BTCD Smiley It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.

Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.

Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
Assuming that we have telepods for 1000, 1000, 300, 50, 1, 1, 1, 1 = 2354 total
Using telepathic transfer, these telepods are sent to dead drop addresses that nobody actually controls
However, the destination account was able to decrypt them in transit through the DHT routing process

At this point, both parties have copies of the telepod and it is arguable who actually controls it. In some sense it exists in both places at once. Of course to eliminate the risk of the sender simply spending the 2354 BTCD, the destination clones them into new telepods. So on the blockchain you will see spends of 1, 50, 1, 1000, 300, 1, 1000, 1 over the next hour to ?? amount of time.

Clearly if these were the only transaction, it could be for just 1 BTCD and we would know the source and destination acct. However, even in that case WHO did the sending and receiving? Short of either party announcing that they just did a tx, the telepods are onetime addresses to onetime addresses. With telepathic transfer you can even announce that you received a telepod at a specific time, but as long as you wait until there are other similar denomination clonings to make yours, even by announcing a specific denomination at a specific time, there is no way to tell which telepod you control.

Now imagine an hour window of cloning and ten transactions of similar amounts. But can we really assume a one hour window? What if some people set it for 4 hours or even the whole weekend because they were in no hurry? Do we even know which tx for 1, 50, 300 and 1000 are the possible tx?

So there is doubt as to who the sender is, who the recipient is and even which specific tx make up the total. And this is if the specific amount of the tx is known.

With the IP address shielded and the temporal mixing, the anon set scales the more transactions. Once there are hundreds of tx per hour, then I just dont see how any meaningful correlations can be done. So far there have been no actual issues that have been identified and this is after months of being disclosed along with the source code.

The entry/exit into the Teleport system is the vulnerability, but I have a cool solution for this in the works. I just want to get the internals solid. All the other anon solutions are working on anonymizing the blockchain, what I have done is anonymize the IP and timing. Since both are needed to deanonymize, either approach is equally valid.

James

legendary
Activity: 826
Merit: 1002
amarha
The thing is that I don't think BTCD should lose value if someone can deanonymize teleport. Things like this need to happen early so that technologies can be strengthened. I'd rather have problems found and fixed now. If anything finding an issue and fixing now should raise the price, as it's only gotten stronger.
sr. member
Activity: 252
Merit: 250
I think it's good to start not to start with half a million BTCD Smiley It's a young crypto, and imperfections can be expected. Still quite a value - and a good show of confidence... could even be raised over time.

Maybe it would make sense to allow a period where the bounty-winner can sell their stake, before it's announced - because else they might lose value.
The "find out more information check here" link is not awfully rich in specific information though, maybe more detailed rules could be listed.

Anyways, to the topic: I've read some documents about how it's supposed to work. But I still don't get how the Mantissa attack is prevented. Say, that I send 2354 BTCD, then even if they're split up on the way, they should still arrive at the destination at that amount in the end. Can't someone just match where it goes out, and where it goes in? With the current volume of transactions that seems nearly trivial. Unless the delays are substantial... lets say two days or so.
hero member
Activity: 690
Merit: 501
Seriously, this scene has the biggest group of haters and naysayers I have ever had the displeasure to witness. It's disgusting.

Someone recently de-anonymized DarkCoin for free, that's what open source software is all about. There's nothing wrong with offering a bounty.

https://bitcointalksearch.org/topic/m.9121343

legendary
Activity: 826
Merit: 1002
amarha
I'd like to see some of the great technical minds here give this a shot. I like the idea of incentive based testing/bounties.
legendary
Activity: 1946
Merit: 1005
My mule don't like people laughing
Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.

Well, when Bitcoindark is worth $50... Cheesy

pigs will fly.
sr. member
Activity: 441
Merit: 500
Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.

Well, when Bitcoindark is worth $50... Cheesy
full member
Activity: 154
Merit: 100
Quote
Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.

de-anonymizing even a simple obfuscation method takes resources.  $2,500 are not many resources. 

If the reward was $50,000 or even $100,000 held in independent escrow it might show some confidence.   But this reward is significantly less than what would attract true talent.
sr. member
Activity: 441
Merit: 500
so you're offering a reward for somebody to convince you that btcd's claims are true?

so weird ...

I don't think this is too difficult to understand. This is a part of testing. 

Since we're issuing a challenge, that should say something about the level of confidence we have in the tech.
member
Activity: 101
Merit: 10
so you're offering a reward for somebody to convince you other that btcd's claims are true?

FTFY
full member
Activity: 154
Merit: 100
so you're offering a reward for somebody to convince you that btcd's claims are true?

so weird ...
sr. member
Activity: 441
Merit: 500
btcd would be worthless if it was de-annonimized.  hence you are offering someone the chance to earn something that will be made worthless by their act of earning it.

I would recommend using bitcoin and creating a substantial reward (maybe 1% of the BTCD market cap) in bitcoins.

Hence, this is why it's a challenge.  You'll also notice that meeting the criteria for b) would make the btcd bounty a hell of a lot more valuable.
full member
Activity: 154
Merit: 100
btcd would be worthless if it was de-annonimized.  hence you are offering someone the chance to earn something that will be made worthless by their act of earning it.

I would recommend using bitcoin and creating a substantial reward (maybe 1% of the BTCD market cap) in bitcoins.
sr. member
Activity: 441
Merit: 500
A 1000 BTCD bounty reward ($2500+) for anyone that can successfully de-anonymize Bitcoindark's teleport tech created by jl777.

Criteria to claim the bounty:

The attacker must either:

a) provide evidence they can successfully de-anonymize Teleport

or

b) provide convincing proof that Teleport cannot be de-anonymized


To find out more information check here: https://forum.thesupernet.org/index.php?topic=76.0

If you are interested in this challenge, please make a post at either of the following:

https://bitcointalksearch.org/topic/btcd-is-no-more-684090

https://forum.thesupernet.org/index.php?topic=76.0

I hope we get some challengers!

Thanks,

Azeh
Jump to: