The summary thus far of my analysis of Darksend is that Evan has put into place adequate mechanisms to disincentivize theft of the collateral payments and to disincentivize Sybil attacking the inputs to a Darksend with legitimate Darksends.
The weaknesses (w.r.t. to anonymity) are that Masternodes can be purchased and if the adversary has too many of them, they can reduce your probability of anonymity unless you send your funds through dozens of Darksends between each receipt or spend transaction. If the adversary controlled 90% of the Masternodes, it would nearly impossible to be anonymous more than say 99% of the time, i.e. 1 in 100 of your spends would lose anonymity. Evan argues that attaining a lot of Masternodes is too expensive. Well probably so for the common criminal, but I am not convinced that is so for the NSA.
1 in 100 may not sound bad, but remember that loss of anonymity tends to domino cascade (for the holistic reasons I pointed out in my reply to LimLims on this page). And that is for the person who is extremely diligent to do dozens of Darksends between each spend. Most users are not so perfectionist. So for them anonymity could drop significantly if the adversary has such huge resources.
The other weakness is that it is not yet mandatory to use an IP mixer such as Tor with Darksend, and if not all of the participants to the Darksend are obfuscating their IP, then the anonymity probability declines. Note that even if Darksend makes Tor mandatory, Tor is not the best we can do for an IP mixer. It is unknown how effective Tor is. Some might estimate 80 - 95%. Others might pull 50% out of their arse. I really don't know, but I don't trust Tor entirely. This combined with say 20% of the Masternodes compromised (and a little bit of normal human error on your part such as forgetting to send dozens of Darksends for each coin your receive) can also make it unrealistic to repeatedly sustain very military grade strength of anonymity. (But who said you wanted military grade assurance? Some do, some may not require it)
Darksend has anonymity. Darkcoin is an anonymity coin. The strength of the anonymity depends on the resources and resolve of the adversary versus the Darkcoin user.
I am still trying to think of suggestions to improve it.
Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 6413. (Read 9723858 times)
April 02, 2014, 08:42:40 AM
April 02, 2014, 08:24:18 AM
I think we need to start planning some milestone objectives in terms of PR.
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
I think we should lead with this:
It's a Satoshi address. Maybe a little prickly for the community?
April 02, 2014, 08:13:08 AM
Based on these numbers (despite not factoring in sybil inputs), it seems clear that a high level of anonymity can be achieved by increasing the number of pooling stages to 10+, even if the attacker controls > 50% of nodes.
Depends. Because 50% means that your anonymity set is reduced by 50% on each round as I explained in my other post above.
Example. If you are mixed with 10 others on each round, then only 5 will be anonymous (and one of the five might be you), so that means have 50% + 20% (1 in 5) chance to be non-anonymous. So 70% per round. You will need more rounds or you need larger mix sizes.
This is actually not correct. A distinction needs to be made between the risk of being unmasked completely, and the reduction in the size of the set of anonymous entities in a pool.
As an illustration: say we have a ballot with only two voters. We would know with 50% certainty the identity behind each vote. It's a small anonymous set of identities, but the vote is still anonymous. The lack of certainty represents a break in the causal chain. This is important for various reasons, but doesn't diminish the importance of having a large pool of anonymous identities (likewise for various reasons). So for strong anonymity we need some level of certainty of not being unmasked completely AND a sufficiently large pool of anonymous users.
I posit that the distinction is meaningless as the outcomes are pushed out to the edges of the causality graph at economies-of-scale. Because at economies-of-scale, the adversary doesn't have perfect identities data, rather the NSA has statistically overlapping data sets (e.g. Tor breaks, browser fingerprints, etc), that when correlated generate identities. The NSA is not just targeting a few millionaires to know where all the wealth is being stored (so the G20 can confiscate it after 2016 as the world descends into a nightmare debt collapse), rather they are saving everything in Utah and targeting all the millionaires.
Anonymity is never an all-or-nothing proposition, rather is a degree of anonymity. That is why the distinction I made between privacy and anonymity upthread has blended and disappeared as we have discussed Darksend more. (that was your point too
)Also you have to factor in the non-anonymous rate of Tor and those inputs who didn't use Tor at all are not anonymous. This reduces your anonymity set, even if you use Tor.
This is important and I don't think the ramifications of IP addresses unmasking anonymity have been adequately discussed here yet.
What would be required to unmask an otherwise anonymous darksend transaction if the IP addresses were available at each of the compromised nodes?
I surmise that you mean to say is if a Darksend does not pass through a compromised Masternode, then how can interception of IP address by a Tor node impact anonymity of a Darksend. Correct?
If so, then my analysis is that if you see the same IP address sending the input and signing the outputs, you still don't know which output that was, because the output signing is blinded cryptographically. But it depends on how the outputs are collected. If the outputs are first sent by each IP, then separate the collection signed, then output can be correlated to IP. But if the outputs are blinded signed as they are collected using ring signatures, then knowing the IP doesn't help the adversary.
So we need to ask Evan if he is using ring signatures?
However even if he is using ring signatures, there is another way that interception of IP can break anonymity.
When you spend the output of a Darksend, then your IP can correlate your identity to the same one as the input, and thus anonymity is broken.
So yes not obfuscating IP, breaks anonymity of the Darksend.
Also there is another way to break anonymity of the Darksend. If I merge two or more outputs of Darksends to form the inputs spent on a transaction, then I have correlated that those outputs share one identity (since they will look different than a Darksend mix transaction which has a constant amount and matching # of inputs and outputs).
April 02, 2014, 07:50:33 AM
Evan how are you going to stop the adversary from flooding the Darksend will unlimited inputs? You charge a small fee?
You mean for honest transactions like a Sybil? There is a small fee that would add up of 0.001DRK
Yes that is what I meant. And that seems like the correct mechanism to throttle it.
April 02, 2014, 07:39:04 AM
I think we need to start planning some milestone objectives in terms of PR.
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
Great! Get going son! I hope there is more marketing and PR people here that can jump onto your train
April 02, 2014, 07:00:53 AM
April 02, 2014, 06:47:19 AM
I think we need to start planning some milestone objectives in terms of PR.
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
I know there are bounties for obtaining contacts for the media and there is a bounty for articles in magazines.
What I don't think we have is a timeline.
ZeroCash is going public in a few months time ~20 May. Regardless of whether they have anything tangible or just a published paper, they will get the headlines again and Darkcoin won't. We have already seen this happen once with this article in coindesk http://www.coindesk.com/taxonomy-bitcoin-mixing-services-policymakers/
This isn't about rushing the development of DarkSend. It's ready, when it's ready.
This is about not being drowned out and then being considered a clone. A hole which is difficulty to dig yourself out of once people have formed a first impression and then moved on. Again, we saw this with the recent coindesk article. Everyone scrambled to post comments in the article and the writer took time to post on twitter, but by then history had been written and darkcoin was effectively written out.
Publishers will be looking to tie up column inches around the launch of Zerocash - the Zerocash paper or their paper and a live coin project. We should make sure we have something ready for this point as a minimum.
Zerocash will have some positive spin. They will talk about e-cash and anonymity. What they won't talk about are the problems with the project. We not only need to have some PR ready, but we should have a reason for people to consider Darkcoin as a serious contender and why it may overcome some problems with zerocash.
Rather than just point stuff out and sit back, I will write a frame for some PR articles and editors notes over the coming two weeks. We can then put that up for edits, comments, etc.
Can we agree on an overall suitable time horizon? Or is this pointless?
April 02, 2014, 06:37:56 AM
What's up with the dude mining at 2gh/s on suchpool.pw?
We verified and all his shares are legit. Perhaps he really seems to have that much hashpower.
April 02, 2014, 06:25:25 AM
i am looking 32 bit compiled miners for windows and linux
Only 64 bit...
is there a reason to not compile for 32 bit?
Don't know really. Btw, I'm talking about the cpu miner. If he's talking about the GPU miner then there are 32 bit binaries ( https://bitcointalksearch.org/topic/ann-sph-sgminer-multi-coin-multi-algorithm-gpu-miner-added-marucoin-475795 )
April 02, 2014, 06:11:14 AM
I stopped understanding what the last 20 pages said but I do understand people are doing some stuff.
It's like being an observer of some momentous historical event. Or it will be when Anonymint posts, "Huh. OK then."
I just wish the bloody coin was profitable to mine.
Don't worry I'm buying it instead. Because I know you were worried.
But yeah, big difference between this and, for example, the LTC "dev" team: "Don't worry, it will be OK!"
Well it is profitable to mine - you just can't cash out yet
But yeah mine something else at the moment and instasell and put it into darkcoin = more money in DRK = increased value. The diff is lightyears from not being sustainable so just pump dem cash into DRK
This is becoming the strangest coin to mine.
The difficulty has gone up double in the last week.
Probably nothing to do with me, but I been posting very aggressively in other threads that we really need an anonymous coin.
Like music to my ears…
April 02, 2014, 06:09:53 AM
Updated to the new wallet and network! Now with Cryptsy price displayed
Address: drk.p2phash.com
P2Pool benefits:
* No registration required
* Distributed hashrate
* Immediate payouts after a block is found
* Higher payouts with transaction fees paid to miners
* No account hack possible
Fee: only 0.5%
Start mining within seconds! Just point your miner to p2phash.com:7903 and use the Darkcoin address from your wallet for username, the password doesn't matter.
You can now follow us on twitter: https://twitter.com/P2PHash
April 02, 2014, 05:35:29 AM
i am looking 32 bit compiled miners for windows and linux
BAMT 1.6 (linux) is 32 bit. Comes with sgminer-sph, works fine.
http://www.reddit.com/r/BAMT/comments/207rdz/release_bamt_v160_scrypt_scryptn_darkcoin/
April 02, 2014, 05:13:40 AM
i am looking 32 bit compiled miners for windows and linux
Only 64 bit...
is there a reason to not compile for 32 bit?
April 02, 2014, 05:12:24 AM
I read something and someone said DGW still had problems and refered to this link:
https://bitcointalksearch.org/topic/m.6016831
Conclusion feedback?
https://bitcointalksearch.org/topic/m.6016831
Conclusion feedback?
he wrote "supposed fix" thats because he is not seeing the fix as he thinks it should be
April 02, 2014, 05:10:26 AM
I read something and someone said DGW still had problems and refered to this link:
https://bitcointalksearch.org/topic/m.6016831
Conclusion feedback?
https://bitcointalksearch.org/topic/m.6016831
Conclusion feedback?
April 02, 2014, 05:06:17 AM
April 02, 2014, 04:57:32 AM
I have actually measured the power consumption.
Mining scrypt i need 1150 W, mining DRK i need 650 W.
So it depends on what side you are looking
If you say i need x % more to mine scrypt instead of X 11 you have to calculate from 650W -> 1150 W = + 76%
If you say i nedd X% less to mine x11 instead of scrypt you have to calculate from 1150W -> 650 W = - 43%
So i need 43% less power to mine X11 instead of scrypt and my GPU´s came from 82C down to 60C and fand speed from 4200Upm to 2800 UPM
I use 2 x HD 7990 - scrypt 2.6 MH against 8.3 HM X11
Mining scrypt i need 1150 W, mining DRK i need 650 W.
So it depends on what side you are looking
If you say i need x % more to mine scrypt instead of X 11 you have to calculate from 650W -> 1150 W = + 76%
If you say i nedd X% less to mine x11 instead of scrypt you have to calculate from 1150W -> 650 W = - 43%
So i need 43% less power to mine X11 instead of scrypt and my GPU´s came from 82C down to 60C and fand speed from 4200Upm to 2800 UPM
I use 2 x HD 7990 - scrypt 2.6 MH against 8.3 HM X11
April 02, 2014, 04:51:27 AM
Quick question to eduffield:
does DGW address the issue mentioned in this thread: https://bitcointalksearch.org/topic/m.6016831 ?
As in was DGW created because of the mentioned exploit in the thread above?
does DGW address the issue mentioned in this thread: https://bitcointalksearch.org/topic/m.6016831 ?
As in was DGW created because of the mentioned exploit in the thread above?
https://bitcointalksearch.org/topic/m.5931948
Thx, was going through that thread but somehow missed this reply
April 02, 2014, 04:44:40 AM
i am looking 32 bit compiled miners for windows and linux
Only 64 bit...
April 02, 2014, 04:30:16 AM
Thank you all.
So, it's really 50% cheaper in power and thus it's not that bad in mining profit aspect.
As soon as it gets any hotter here I will switch back to DRK.
(I only have a couple of days, weeks at best before people start to sweat and cards to melt down and electricity is around 0.21 USD/kW)
So, it's really 50% cheaper in power and thus it's not that bad in mining profit aspect.
As soon as it gets any hotter here I will switch back to DRK.
(I only have a couple of days, weeks at best before people start to sweat and cards to melt down and electricity is around 0.21 USD/kW)
Don't forget that mining Darks is one of the ways to get completely untraceable coins.
Jump to: