Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 6418. (Read 9723858 times)

You're misunderstanding the solution, cashing collateral payments is a multi-sig transaction. Imagine it's made out to the master node and the master-node before that one. What are the chances that you control both? Nearly zero.

I thought of another solution which I am sure you also thought of?

Charge a transaction fee to all inputs of the Darksend.

That may be the only possible solution that works. Anonymity won't be broken. And collateral can't be stolen.

Then Sybil attacking the master nodes won't have any effect because you no longer correlate collateral to the triple of IP, input and output. The collateral is removed from the design. You instead charge a tx fee to every input. Master node can't correlate to blind signed outputs.

And Sybil attacking the inputs will be very very costly.

The downside is of course Darksends are not free. Nothing in life is free.

Yeah I think this is your only realistic option.

Edit: but the master node can steal the tx fees. And then not include the input in the output signing. So scratch this idea.

See CoinJoin just doesn't work. I tried to tell everyone that, but they get all angry at me. Sorry.

I don't see how that could have worked. The master node can simply lie about which collateral payments didn't fulfill all the stages. There is no way to know if the master node lied to other signatories. Did I misunderstand?

If collateral payments can be stolen, then this needs to be abandoned.

I am so sorry, but CoinJoin is a can of worms. I tried to tell you that weeks or months ago back on page 3xx of this thread.

Probably the only thing you can do is move master nodes to a reputation system. But this means you give your coin to the government. Reputation always ends up just like the power vacuum of democracy.

The entire point of Satoshi's brilliant PoW invention, is you don't have to trust any node. He solved the Byzantine General's problem.

What does one need to do to run some master nodes? I am interested.

In case I wasn't clear, that Sybil node would be sending Sybil inputs, not a Sybil master node. Then see my prior post on the effect of Sybil inputs on anonymity set size.

code]"version" : 100000 is just a label, but the code it is still running of from fork 0.8.6. Open up any interface of 0.8.6 core version coins, they all are same, whereas 0.9.0 has many visible features.

Thanks

How do you see it's core version 0.8.6? I'm running the beta and it says:

BTW: latest version from first post is v0.9.1.

Where are you seeing the core version?


getinfo shows this (I'm on testnet):

{
"version" : 100000,
"protocolversion" : 70009,
"walletversion" : 60000,
"balance" : 8935.99500000,
"blocks" : 87,
"timeoffset" : 0,
"connections" : 2,
"proxy" : "",
"difficulty" : 0.00024414,
"testnet" : true,
"keypoololdest" : 1396359040,
"keypoolsize" : 103,
"paytxfee" : 0.00000000,
"mininput" : 0.00001000,
"errors" : ""
}

That's awesome, welcome. That's enough to run a few master nodes and earn fees

I gave that a try, it is running of same core version 0.8.6
0.9.0 offers new features, which still missing in existing version.

Let me try to do a calculation to explain my point.

Let's say adversary has 20% of the master nodes that are randomly chosen to process a Darksend.

Let's say I mix with 10 others on each Darksend. And I never mix with the same user twice.

Let's say adversary Sybil attacks (i.e. provides) 50% of the inputs on each Darksend.

Let's say my adversary is a snooping agency that defeats Tor 20% of the time.

Let's say only 40% of users use Tor. And the snooping agency can see IP addresses 100% of the time when Tor is not used.

So on each round there are 5 non-Sybil inputs, 0.4 x 5 = 2 don't use Tor, and so I have 1 in 3 = 33% chance to be randomly identified from the small anonymity set. But when the adversary doesn't identify me with nodes and Tor, then my anonymity set shrinks by 3 x (0.20 + 0.20) = 1 thus 1 in 2 or 50% chance.

Thus on each Darksend, the adversary has a 0.20 + 0.20 + 0.50 = 90% chance of identifying me.

Thus after 10 Darksends, adversary has a 0.90^10 = 1 in 3 chance of identifying me.

So 1 in 3 of my coins will not be anonymous.

And this does not factor in when I spend 2 or more of my coins together in one transaction (since Darksend requires me to break coins into constant amounts). That further reduces anonymity.

You see that attaining 1 in 1000 anonymity could be difficult with this type of design depending on the capabilities of the adversary.

It is this sort of calculation that made me really not like CoinJoin too much.

Been watching all this discussion and I think we're hitting on some really great stuff lately. Anonymint thanks for your contributions (even though you're just a wee bit egotistical ), I think they can help push DarkSend to be the best it can be.

appreciate, will give that a try.

Latest version is v0.9.1.0-unk-beta. (http://darkcoin.io/downloads/darkcoin-qt.exe as stated in first post)

Beta builds of the wallet can be found here: http://darkcoin.io/beta.php (currently v0.10.0.0-unk-beta)

The beta link is in the DarkSend pdf.

Any response?

Let me try again. I am getting very sleepy.

LimLims wrote if 20% non-anonymity for 3 rounds, then adversary needs cube root of .20 or 58.5% adversarial node coverage.

I normally do it like this. It would be 80% anonymity over 3 rounds requires 41.5% non-adversarial node coverage, i.e. allows 58.5% adversarial coverage,  0.585 ^ 3 = 0.20.

You can calculate it either way. I prefer your way, but I was following LimLims.

The above is for Sybil attack on nodes.

Now I discuss about Sybil attack on the inputs.

My point remains that the size of anonymity set is also a factor (which can be reduced by Sybil and by the adversarial node coverage), not just the adversarial node coverage alone.

I am talking about Sybil attack on the inputs not on the nodes. If there are only 10 inputs to a CoinJoin, then you have a 1 in 10 chance to be identified correct just by random selection. If 5 of the inputs are Sybil, then reduce the non-Sybil to 5, so now 1 in 5 or 20% chance to be identified by random choice. This might sound silly until you realize that over time people in your mix may be identified and thus the anonymity set reduces over time. The anonymity set size is not irrelevant. Otherwise we could simply mix with one other person every time.

And because the analysis of the adversary might have data such as "I know these 3 outputs are correlated to these 3 inputs". So as overlapping anonymity sets decrease in size, then they can pinpoint identity.

I believe you've reversed the math, if each round offers a 50% chance of anonymity then five rounds should offer a 0.5^5 of being non-anonymous at the end, a 96.8% chance of remaining anonymous. You must be identified each round for you to be followed through, right?

Also, I don't agree with the numbers for the sybil attack. All other nodes must be sybil in order for them to identify you, otherwise the master node must be comprised. So in each stage one of those 2 conditions is required, which gets increasingly smaller the more rounds you use.

Essentially you are saying that users should send Darksends as much as possible. A script can automate for them.

Potential threat with this (don't know how realistic) is that the more they send deterministically (scripted), then the more incentive to hack them (they are always online) and turn them into a Sybil node. Deterministic is not really same as entropy.

If everyone is doing it, then probably not reasonable to hack everyone. But if only a few are doing it, it might be a low hanging fruit attack vector.

Add: they need to not reuse addresses ever.

Why isn't DarkSend default payment option?