Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 6412. (Read 9723858 times)

I was forced to change my tone because Evan cleverly used collateral payments to break anonymity in terms of giving the identity to the random Masternode, but anonymity is regained probabilistically as we already explained upthread.

So if something works, I can't be an engineer if I say it doesn't work.

My summary stated caveats and issues notwithstanding.

I hope slyA will allow me one slight transgression. I want to be on the record as stating I had already designed a similar algorithm that gains anonymity probabilistically (which is why I was immediately familiar with LimLim's points), so Evan came up with something very similar independently. But mine has some unique differences. But mine isn't applicable to the random Masternode concept, so I am not going to share it because it couldn't be used without drastically changing Darksend. So far I don't see anything I can extract from it to make Darksend better, although I feel our discussions helped clarify for both Evan and myself so I hope we both appreciate the exchanges. Now I reiterate, AnonyMint will not be announcing anything with this. So please don't get negative on me.

Evan when did you conceive of yours? Mine was written down in November 2013.

Some people are comparing scrypt coins to Darkcoin in term of turnover when the profit (turnover - costs e.g. the electrical bill) is the key element.

In recent posts you seem to have changed the tone of your suggestions and I think that's great. You may be a paranoid tinfoil hat wearing nsa fearing lunatic, but you definitely add to the discussion. I don't claim to know enough about cryptocurrencies to know if you're helping or not but it looks like you are so thanks.

I know your wasnt, It just sounded funny to me. I'm a computer geek but that was more than I know about. At least Evan understood....

Not too technobabbly for most of us.

But the NSA, GCHQ, Satoshi and a few of the devs would be able to keep up. That's all that matters.

...uhh, yes.  Well, I liek boobies.  So I got that goin' for me.

Is it still April fools where you are?  

(readers mine was not technobabble, really  )

Our upgraded model now offers balanced strategic programming. At base level, this just comes down to regenerated transitional matrix approaches.

It's time that we became uber-efficient with our four-dimensional strategic processing.

Come on Only geeks stuck in the 90s still go for millennial administrative hardware.

I don't know, I'm mining because I'm lazy and I don't know what else to mine.  But I'm stupid, not everyone can be stupid like me?  LOL, so who knows?

Also, maybe your settings are not quite right?  Lowering the intensity sometimes increases actual hash rate, you  might want to try that?

Definitely make the cost vs. level of anonymity calculation. Wise.

Two of the biggest problems Darkcoin faces right now are:

1.  We need to get a working DarkSend completed.
2.  The more layers we stack on DarkSend, the bulkier the blockchain.

Finally, it is impossible to make it 100% anonymous.  What you do is increase the improbability that anything can be traced basically due to the cost involved.

Besides, DarkSend doesn't have to be "Completed" it can evolve, with people being able to use it as it does evolve.  In fact, that's probably the healthiest way for the development of the coin to go.  Trying to make things so complex, with such a reduction in rewards (0.000001% more anonymity) invites bugs that will be super hard to detect.  Lets build on a great foundation.  I think it's the wisest approach.

The crypto in Zerocash is really neat (quadratic span programs, et al). But both Zerocash and Zerocoin are not immune if ever the NSA (or any one) has a quantum computer because they use bilinear pairings and double discrete logarithm trapdoors respectively which are factorable with Shor's algorithm. We would need instead Zero Knowledge employing a McEliece or Niederreiter binary Goppa codes style trapdoor instead, which so far remain theoretically immune to complexity reduction with a quantum algorithm.

Remember this. It is impossible to do Zero Knowledge Proof without a trap door. Thus a one-way hash (like SHA256) can't be used to do ZKP. Zerocash uses hashes but these are not the trapdoor.

I could explain this and Fiat-Shamir's transform to the average reader here, but I don't have time. And I think they don't really need to know.

Also don't forget the Masternode can't correlate a blinded output if the collateral doesn't accompany the blinded output. That one keeps getting me too, which is why I wrote it down in a post as follows so I wouldn't forget:

As for development, I'm working on the next beta version. In a couple more versions we're going to need to do some large scale testing to find bugs. It should start getting pretty stable here soon.

So what's the next step for darkcoin in terms of development/acceptance ?

I think the current state of things will be great for a V1 release, however what about the following strategy for V2:

Step 1: Users submit their inputs to master node, with collateral
Step 2: Users submit outputs and blind signature
Step 3: If missing an output, the master node will ask for users to send inputs/outputs. The missing user in step 2 will be charged collateral, then step 1 begins again without the bad actor.

To attack this, you must be in control of the master node and would have to pay the collateral to de-anonymize.

edit: nm, the master node could just lie and deanonymize everything it sees

I edited my summary of the anonymity situation in Darkcoin. Please re-read.

I want to commend your efforts and demeanour in the recent discussion, it has been very informative and insightful. A few weeks ago I went through a lot of your post history (100+ posts) over the course of a few nights and was delighted, until I got to the IQ based insults, which seemed to go on ad nauseum at some points.

When you aren't crassly attacking obvious losers and boasting about your intelligence, I very much enjoy your posts. It's apparent to any technically inclined reader that you are very intelligent and very experienced.

Thanks again for taking the recent time to state your case, it has made me twice as excited about the future of this coin! I look forward to reading more quality posts by you.

Thanks. That is very helpful.

I hope readers find my posts helpful?


I don't think they will have beta-test level code then.


No way Darkcoin can be considered a clone, as Zerocash completely hides the payer, payee, and the amount of transactions. The block chain is a complete fog. Zerocoin doesn't do this.


They will make the point I just wrote above.


The main weakness of Zerocash is it adds an additional 3 minutes between check out and completion of payment. (Add that on top of Bitcoin's 10 - 60 minutes, or Litecoins 2.5 - 15 minutes). Zerocoin doesn't have this problem.

The main weakness of Zerocash and Zerocoin are they depend on new crypto which hasn't been subjected to years of cryptanalysis, and if you put it on the block chain, then it is later cracked, the entire coin is potentially F.U.B.A.R..

Whereas Darksends are offchain! Even if you crack the crypto of Darksend (which uses very old well vetted crypto), the block chain remains uncracked!

The other weakness of Zerocash and Zerocoin is they depend on a trusted party to create the master parameters. If anyone retains that information (even if they snooped it using the NSA's air gap detection mechanisms), they in the case of Zerocash they can create unlimited coins and nobody will even know it! In other words, the coin supply becomes unknowable!! I am not exaggerating!!

Another counter point may be that each Zerocash transaction takes 9ms to verify (500ms for Zerocoin). Thus they can only put 111 transactions in a block per second per core of the CPU on the miner. Visa does 2,000 - 4,000 transactions per second, so for Zerocash to scale to global transactions needs 40 CPU cores per miner (e.g. 10 iCore i7 CPUs), not including denial-of-service transaction spam. Transaction spam could be really bad if they don't have a transaction fee or other means to control it. Any way, 40 CPU cores is not really a big problem if mining will be done only in pools.

But crypto-currencies are hoping to enable microtransactions, thus the transactions per second would explode by orders-of-magnitude.

Thus appears to me Zerocash is incompatible with microtransactions unless mining becomes very centralized among a few powerful pools.

Centralization of mining is a severe problem with Bitcoin having onetwo or three pool with 51% of the hash power now.