Vault of satoshi asked about which coin to add. I think we should reply with constructive posts. Not just "add DRK " or "Darkcoin <3" etc
https://bitcointalksearch.org/topic/vault-of-satoshi-asks-what-coins-do-you-want-to-see-519658
Topic: [ANN][DASH] Dash (dash.org) | First Self-Funding Self-Governing Crypto Currency - page 6538. (Read 9723858 times)
March 19, 2014, 12:29:04 AM
March 19, 2014, 12:03:51 AM
My 2 cents. I know jack about cryptos but I really like English.
I also agree with others who've pointed out that the actual document should be justified.
Abstract
DarkCoin is the first privacy-centric cryptographic currency based on Satoshi
Nakamoto’s Bitcoin. DarkSend, a technology for sending anonymous block
transactions, is incorporated directly into the client using extensions to the core
protocol. An improved proof-of-work using a chain of hashing algorithms replaces
the SHA256 algorithm and will result in a slower encroachment of more advanced mining
technologies (e.g. ASIC devices). DarkGravityWave is implemented to provide quick response to large
mining power fluctuations.
Introduction
Bitcoin was a remarkable invention. The concept of proof-of-work allowed, for the first time, decentralized consensus on a large scale network with no central authority. However, due to the very nature of decentralization, the blockchain is inherently not private. This has obvious implications for users' personal privacy, as all transactions are traceable in the block chain.
To solve this inherent problem of privacy, we created a new cryptocurrency: Darkcoin.
Darkcoin uses a decentralized implementation of CoinJoin in order to anonymize transactions. We named this implementation "DarkSend".
DarkSend
Darksend is a CoinJoin-based, decentralized peer-to-peer being implemented into DarkCoin. Darksend provides protocol extensions to merge transactions together into larger anonymous transactions. This system uses regular nodes and elects a master node to create the transaction in a decentralized fashion.
DarkSend is a completely trustless solution, where users can achieve a level (vague. a low level? a sorta-kinda-ok level?...) of anonymity. With the exception of a collateral transaction (explained later, in detal), users run no risk of losing any money at any time.
This implementation of DarkSend is available as an option through the client and can be deactivated by the user at any time. The DarkSend implementation gathers the required (required for what?) information in multiple stages in each session:
Defending Against Attack
With the decentralized implementation of Darksend, there are inherent challenges to dealing with rogue users who intend (or attempt) to attack the system. Such users could modify the software in a way that would cause it to refuse to sign, which would force the pool to reset every round.
To defend against various attacks, DarkSend implements a collateral system. A transaction for 0.1DRK is made out to the payment node to ensure proper usage of the system. This transaction is separate from the funds added to the DarkSend pool. If a user submits an input but refuses to sign or leaves at any stage, the payment node will “cash” the transaction by signing and broadcasting it. Collateral transactions require multiple signatures from more than one payment node to complete.
Payment nodes are simply the last node to create a block - specifically, the last block solver and the one before that. These nodes will monitor DarkSend for misbehavior. Should any misbehavior be discovered, the payment nodes will “cash” the transaction by signing and broadcasting it. This has the added benefit of creating a sustainable income stream - in addition to mining - for miners, while simultaneously protecting the network from attackers.
The collateral transaction is made to multiple payment nodes (the last block solver and the one before that). Cashing collateral transactions require multiple signatures from the user, payment node 1 and payment node 2.
(Graphic)
Collateral transactions from a successful DarkSend session are effectively destroyed using a sigScript to make them valid only for a given period of time.
Improved Anonymity
An anonymity enhancement to the generic CoinJoin implementation is added by only allowing inputs of the same size into the DarkSend pools. These sizes are referred to as "denominations" and are in powers of ten (e.g. 1DRK, 10DRK, 100DRK, 1000DRK). This allows the inputs from all users to be virtually the same. Outputs per user must add up to the denomination size.
(Graphic)
Users that send less money than the denomination size will use a second "change" output. These outputs are new addresses not connected to their identity. This implementation allows or amounts of any precision to be sent without a negative impact in the quality of anonymity.
All users entering a DarkSend transaction pool have an equal chance of becoming the master node. All participant nodes know which node is the current master by way of an election algorithm. Master nodes also have a collateral transaction that is made out to the payment node, which can be cashed if they misbehave in any way.
In the case where a master node loses internet connection or is a bad actor, the collateral transaction of that node will be cashed and a slave node will be elected in it’s place. Due to the trustless nature of DarkSend, there is no risk of lost money from the master node being a bad actor as a slave node would be elected to replace the master node and the collateral would be forfeited to the network (meaning what, exactly? distributed to other users, destroyed,...?)
Master Node Election
The election algorithm is a pseudo random deterministic algorithm based on the transaction IDs (no apostrophe) in the Darksend pool. By adding up the hash values of the transaction IDs (no apostrophe) and running the value through the X11 hashing algorithm, a pseudo random number is created.
(Mathey Codey stuff)
This random number is compared to a target number derived from the txid and pubkeys of the users outputs. The node with the lowest score is elected master while the second lowest score is elected slave. By using this algorithm we achieve a decentralized, tamperproof system in which the users can know which node the master is.
Master Node Responsibilities
The decentralized nature of DarkSend requires that one nodewill decide which transactions are allowed into the pool to deal with network propagation issues. The master node is elected each round to broadcast the finalized transaction, which will then be signed by the DarkSend participants.
The participants will be able to check the authenticity of the messages coming from the master node by utilizing ECDSA signatures for all messages after election.
Participants in a DarkSend will only sign the finalized transaction if they find that their inputs and outputs are present with the correct amounts. After the transaction is signed and confirmed to be valid, the master node will broadcast the finalized signed transaction and resign.
Improved Pool Anonymity
Users who want to increase the anonymity of the pools can run scripts to “push” DarkSend transactions through the pool by sending money to themselves with DarkSend. This will allow them to take up a space in the pool to ensure the anonymity of other users. If enough users run scripts like this one, the speed of transactions and the anonymity of the network will be increased.
Reward Curve vs Reward Halving
Bitcoin was designed to have a fixed supply with a declining block reward schedule. This makes Bitcoin a deflationary currency, with a money supply that grows a small percentage year-over-year. One problem with this approach is the abrupt reward halving that happens every four years. This could eventually cause large distortions in the mining network when the profitability of mining changes drastically overnight.
DarkCoin replaces abrupt reward halving with a reward curve, 2222222/(((Difficulty+2600)/9)^2). The maximum and minimum amounts are set to 25 and 5 respectively. Using this formula, the reward will gradually drop over the following months and years and then provide a steady supply of approximately 1 million coins per year.
Difficulty Retargeting Using DarkGravityWave
DarkGravityWave uses multiple exponential moving averages and a simple moving average to smoothly adjust the difficulty. This implementation resolves possible exploits in KimotoGravityWell by limiting the difficulty retargeting to 3 times the 14 period EMA difficulty average.
ProofOfWork Utilizing X11
DarkCoin uses a new chained hashing algorithm approach, with many new scientific hashing algorithms for the proof-of-work. X11 consists of blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, and echo.
Because it is more complicated than a SHA256 ASIC implementation, the use of X11 will prevent the use of ASIC miners for the short-term to mid-term future. It will also allow for a longer period of mining for CPU/GPU users.
GPU miners that mine with the X11 algorithm are currently experiencing reduced power usage (up to 50%) and reduced heat generation compared to scrypt.
I also agree with others who've pointed out that the actual document should be justified.
Abstract
DarkCoin is the first privacy-centric cryptographic currency based on Satoshi
Nakamoto’s Bitcoin. DarkSend, a technology for sending anonymous block
transactions, is incorporated directly into the client using extensions to the core
protocol. An improved proof-of-work using a chain of hashing algorithms replaces
the SHA256 algorithm and will result in a slower encroachment of more advanced mining
technologies (e.g. ASIC devices). DarkGravityWave is implemented to provide quick response to large
mining power fluctuations.
Introduction
Bitcoin was a remarkable invention. The concept of proof-of-work allowed, for the first time, decentralized consensus on a large scale network with no central authority. However, due to the very nature of decentralization, the blockchain is inherently not private. This has obvious implications for users' personal privacy, as all transactions are traceable in the block chain.
To solve this inherent problem of privacy, we created a new cryptocurrency: Darkcoin.
Darkcoin uses a decentralized implementation of CoinJoin in order to anonymize transactions. We named this implementation "DarkSend".
DarkSend
Darksend is a CoinJoin-based, decentralized peer-to-peer being implemented into DarkCoin. Darksend provides protocol extensions to merge transactions together into larger anonymous transactions. This system uses regular nodes and elects a master node to create the transaction in a decentralized fashion.
DarkSend is a completely trustless solution, where users can achieve a level (vague. a low level? a sorta-kinda-ok level?...) of anonymity. With the exception of a collateral transaction (explained later, in detal), users run no risk of losing any money at any time.
- Stage 1: Accept inputs
- Stage 2: Accept outputs
- Stage 3: Elect a master node
- Stage 4: Broadcasst the finalized transaction
- Stage 5: Sign
- Stage 6: Collect or destroy collateral
Defending Against Attack
With the decentralized implementation of Darksend, there are inherent challenges to dealing with rogue users who intend (or attempt) to attack the system. Such users could modify the software in a way that would cause it to refuse to sign, which would force the pool to reset every round.
To defend against various attacks, DarkSend implements a collateral system. A transaction for 0.1DRK is made out to the payment node to ensure proper usage of the system. This transaction is separate from the funds added to the DarkSend pool. If a user submits an input but refuses to sign or leaves at any stage, the payment node will “cash” the transaction by signing and broadcasting it. Collateral transactions require multiple signatures from more than one payment node to complete.
Payment nodes are simply the last node to create a block - specifically, the last block solver and the one before that. These nodes will monitor DarkSend for misbehavior. Should any misbehavior be discovered, the payment nodes will “cash” the transaction by signing and broadcasting it. This has the added benefit of creating a sustainable income stream - in addition to mining - for miners, while simultaneously protecting the network from attackers.
The collateral transaction is made to multiple payment nodes
(Graphic)
Collateral transactions from a successful DarkSend session are effectively destroyed using a sigScript to make them valid only for a given period of time.
Improved Anonymity
An anonymity enhancement to the generic CoinJoin implementation is added by only allowing inputs of the same size into the DarkSend pools. These sizes are referred to as "denominations" and are in powers of ten (e.g. 1DRK, 10DRK, 100DRK, 1000DRK). This allows the inputs from all users to be virtually the same. Outputs per user must add up to the denomination size.
(Graphic)
Users that send less money than the denomination size will use a second "change" output. These outputs are new addresses not connected to their identity. This implementation allows or amounts of any precision to be sent without a negative impact in the quality of anonymity.
All users entering a DarkSend transaction pool have an equal chance of becoming the master node. All participant nodes know which node is the current master by way of an election algorithm. Master nodes also have a collateral transaction that is made out to the payment node, which can be cashed if they misbehave in any way.
In the case where a master node loses internet connection or is a bad actor, the collateral transaction of that node will be cashed and a slave node will be elected in it’s place. Due to the trustless nature of DarkSend, there is no risk of lost money from the master node being a bad actor as a slave node would be elected to replace the master node and the collateral would be forfeited to the network (meaning what, exactly? distributed to other users, destroyed,...?)
Master Node Election
The election algorithm is a pseudo random deterministic algorithm based on the transaction IDs (no apostrophe) in the Darksend pool. By adding up the hash values of the transaction IDs (no apostrophe) and running the value through the X11 hashing algorithm, a pseudo random number is created.
(Mathey Codey stuff)
This random number is compared to a target number derived from the txid and pubkeys of the users outputs. The node with the lowest score is elected master while the second lowest score is elected slave. By using this algorithm we achieve a decentralized, tamperproof system in which the users can know which node the master is.
Master Node Responsibilities
The decentralized nature of DarkSend requires that one node
The participants will be able to check the authenticity of the messages coming from the master node by utilizing ECDSA signatures for all messages after election.
Participants in a DarkSend will only sign the finalized transaction if they find that their inputs and outputs are present with the correct amounts. After the transaction is signed and confirmed to be valid, the master node will broadcast the finalized signed transaction and resign.
Improved Pool Anonymity
Users who want to increase the anonymity of the pools can run scripts to “push” DarkSend transactions through the pool by sending money to themselves with DarkSend. This will allow them to take up a space in the pool to ensure the anonymity of other users. If enough users run scripts like this one, the speed of transactions and the anonymity of the network will be increased.
Reward Curve vs Reward Halving
Bitcoin was designed to have a fixed supply with a declining block reward schedule. This makes Bitcoin a deflationary currency, with a money supply that grows a small percentage year-over-year. One problem with this approach is the abrupt reward halving that happens every four years. This could eventually cause large distortions in the mining network when the profitability of mining changes drastically overnight.
DarkCoin replaces abrupt reward halving with a reward curve, 2222222/(((Difficulty+2600)/9)^2). The maximum and minimum amounts are set to 25 and 5 respectively. Using this formula, the reward will gradually drop over the following months and years and then provide a steady supply of approximately 1 million coins per year.
Difficulty Retargeting Using DarkGravityWave
DarkGravityWave uses multiple exponential moving averages and a simple moving average to smoothly adjust the difficulty. This implementation resolves possible exploits in KimotoGravityWell by limiting the difficulty retargeting to 3 times the 14 period EMA difficulty average.
ProofOfWork Utilizing X11
DarkCoin uses a new chained hashing algorithm approach, with many new scientific hashing algorithms for the proof-of-work. X11 consists of blake, bmw, groestl, jh, keccak, skein, luffa, cubehash, shavite, simd, and echo.
Because it is more complicated than a SHA256 ASIC implementation, the use of X11 will prevent the use of ASIC miners for the short-term to mid-term future. It will also allow for a longer period of mining for CPU/GPU users.
GPU miners that mine with the X11 algorithm are currently experiencing reduced power usage (up to 50%) and reduced heat generation compared to scrypt.
March 18, 2014, 11:51:40 PM
Hi guys I have a new project that will rock the DRK world https://bitcointalk.org/index.php?topic=521677.new#new I am looking for investors and developers to execute my vision. It will have a impact on the downward trend of DRK and improve stability of price across the exchanges.
Please let us know the details - is it the same as the new BlackCoin pool? We can decide as a community if its something we are willing to support
Thanks.
If I remember correctly Blackcoin isn't mineable anymore, so that's why they put miners elsewhere and then buying Blackcoin with the BTCs. However, Darkcoin is mineable and its profitability is usually compared with the top scrypt coins, not to mention that the mining involves far less energy. I doubt we could gain something out of it, unless scrypt profitability was much higher.
March 18, 2014, 11:46:19 PM
Hi guys I have a new project that will rock the DRK world https://bitcointalk.org/index.php?topic=521677.new#new I am looking for investors and developers to execute my vision. It will have a impact on the downward trend of DRK and improve stability of price across the exchanges.
Please let us know the details - is it the same as the new BlackCoin pool? We can decide as a community if its something we are willing to support
Thanks.
March 18, 2014, 11:34:40 PM
Quote
without encryption, a determined attacker can extract at least partial information from every darksend. Even with encryption you still have to worry about timing attacks and knapsacking attacks. Over time higher and higher probabilities will be obtained. However, this is not something an ordinary person would have to worry about.
.....
DRK is the coin that provides anonymity for the ordinary people. So you dont have to worry about your neighbors snooping on your finances. So people wont find out about stuff they have no business finding out about!
.....
DRK is the coin that provides anonymity for the ordinary people. So you dont have to worry about your neighbors snooping on your finances. So people wont find out about stuff they have no business finding out about!
Anything that can be done manually can also be automated if it doesn't involve too much human judgement. What I mean by that is that if a determined attacker has a way to tell that A went to B after thorough "investigation" into a transaction, you can't be really certain that this is good enough for the average Joe either. It would seem that it is (using the rationale "ok, who will do this kind of thorough investigation, time after time, for every transaction") but it is not.
As I see it, if the analysis process can be done with a relative degree of confidence, then it's simply a matter of scripting to automate the procedure of understanding one transaction and do it with other transactions. And that will be done without the manual-effort cost concern which would otherwise protect most people, since it will be done automatically.
Once this is done, you'll have the obfuscated blockchain and another site which is running a script and analyzes, in somewhat-realtime (perhaps lagging a few blocks to allow for the mixing to occur), the blockchain transactions for what they really are, rather than their mixing or noise. Imagine the scenario of an alternative block explorer which is de-obfuscating stuff and then assigning a probability percentage for each transaction. If DRK is a smash and it has many transactions, I bet someone will make this kind of "service".
March 18, 2014, 11:23:46 PM
To p2pool users who use
http://uswest01.mine.nu:7903/
http://uswest.mine.nu:7903/
Please choose another node closest to you.
darkcoin p2pool node finder is http://darkcoin.mine.nu/
I setup the server for p2pool BOOTSTRAP_ADDRS.
Darkcoin p2pool has at least 18 nodes.
BOOTSTRAP_ADDRS will be updated.
uswest.mine.nu(uswest01.mine.nu) will be down, when current 5 miners change their rig setting.
http://uswest01.mine.nu:7903/
http://uswest.mine.nu:7903/
Please choose another node closest to you.
darkcoin p2pool node finder is http://darkcoin.mine.nu/
I setup the server for p2pool BOOTSTRAP_ADDRS.
Darkcoin p2pool has at least 18 nodes.
BOOTSTRAP_ADDRS will be updated.
uswest.mine.nu(uswest01.mine.nu) will be down, when current 5 miners change their rig setting.
bump
March 18, 2014, 11:20:43 PM
p2pool block found is anounced to irc.freenode.net #p2pool-drk
Will we need to re-compile, or just include --irc-announce in the command line?
If you want another channel, do apt-get install python-twisted-words, --irc-announce, and change networks.py.
For #p2pool-drk one node is eonogh.
March 18, 2014, 11:06:35 PM
eduffield
Please dont misunderstand what I am saying. You are doing great work no doubt of that!
I have seen some concerns here about DRK really going to the bad side of things and I think it is good that it isnt 100% anonymous. Like you said 99.9% effective. That is definitely good enough for the mass market.
It is nearly impossible to create a 100% anonymous solution short of combining a mixing layer with a zeroknowledge layer and a lot of other stuff. This is why it does not exist yet, except the TLA's have their own version of course.
DRK is NOT about allowing people to break the law. It is about giving people back their privacy that has been slowly eroded by tech.
While I am active in the NXT community, I strongly feel that the world needs a replacement for cash. It is disappearing and bitcoin is a zillion times worse. I am currently working on a multisig based gateway for NXT AE and I will be supporting DRK as one of the assets. I think if we did a bit of cooperation (not sure of details), we can create a pretty simple way for people to get to 99.5% anonymity.
Send DRK to the NXT AE gateway, it goes in, gets combined with all DRK assets and it comes out. With NXT assets (and NXT itself) it has no inputs and outputs. There is no historical txout to txin, so once it goes into a shared account, everything becomes fungible. This still doesnt get around the really sophisticated attacks, but now nosy nellie needs to delve into two different blockchains to have a chance to figure anything out.
Another possibility would be to send DRK into the NXT AE and then zap it out in the form of BTC. This would allow using DRK to purchase anything that can be purchased with BTC. There would be conversion fees, but much better to have the option of using DRK for any bitcoin purchase. I think that cleanly solves the "what can we actually buy with DRK" question with the answer "Anything that you can buy with BTC"
James
P.S. I hope you can find the white hat guy, he is probably not so easy to find. Maybe busoni will help you get in touch. The white hat is amazing! He is in Brazil and read the XCP source code on the bus during his commute and found several problems including the biggie.
Please dont misunderstand what I am saying. You are doing great work no doubt of that!
I have seen some concerns here about DRK really going to the bad side of things and I think it is good that it isnt 100% anonymous. Like you said 99.9% effective. That is definitely good enough for the mass market.
It is nearly impossible to create a 100% anonymous solution short of combining a mixing layer with a zeroknowledge layer and a lot of other stuff. This is why it does not exist yet, except the TLA's have their own version of course.
DRK is NOT about allowing people to break the law. It is about giving people back their privacy that has been slowly eroded by tech.
While I am active in the NXT community, I strongly feel that the world needs a replacement for cash. It is disappearing and bitcoin is a zillion times worse. I am currently working on a multisig based gateway for NXT AE and I will be supporting DRK as one of the assets. I think if we did a bit of cooperation (not sure of details), we can create a pretty simple way for people to get to 99.5% anonymity.
Send DRK to the NXT AE gateway, it goes in, gets combined with all DRK assets and it comes out. With NXT assets (and NXT itself) it has no inputs and outputs. There is no historical txout to txin, so once it goes into a shared account, everything becomes fungible. This still doesnt get around the really sophisticated attacks, but now nosy nellie needs to delve into two different blockchains to have a chance to figure anything out.
Another possibility would be to send DRK into the NXT AE and then zap it out in the form of BTC. This would allow using DRK to purchase anything that can be purchased with BTC. There would be conversion fees, but much better to have the option of using DRK for any bitcoin purchase. I think that cleanly solves the "what can we actually buy with DRK" question with the answer "Anything that you can buy with BTC"
James
P.S. I hope you can find the white hat guy, he is probably not so easy to find. Maybe busoni will help you get in touch. The white hat is amazing! He is in Brazil and read the XCP source code on the bus during his commute and found several problems including the biggie.
Oh, I completely agree with what you're saying. DRK isn't about breaking the law or doing illegal things, that wasn't ever the intention. It's about having a blockchain that is anonymous. I believe is the main problem with bitcoin is that it's too transparent. We've fixed that problem, if you send coins through DarkSend they'll be anonymously recorded into the chain.
March 18, 2014, 10:55:58 PM
In my opinion DRK is one of the most innovative and quality coins. It is one of my absolute favorites and a testament to the cryptocurrency world.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
The problem with the stagnant market it we have several bots that are posting tiny buys and sells that are keeping the prices down. They are usually in the 0.1DRK - 0.2DRK range. I have personally been running a bot that has been buying them up and the market has comeup a little bit, but its not having enough impact to stop it. I have personally spent ~$700 this week buying up the the tiny sells. From what we can see they are actually losing money doing this. but its hard to know.
Are you saying there is a buggy market maker bot running on DRK?
If it is you can turn it into a money pump!
That is exactly what it sounds like. I dont have time for it, but if somebody can figure out it trading algo, you can usually outsmart it with a little human assistance given to a bot. They will either stop the bot or you would be able to "mine" DRK from the bot
James
March 18, 2014, 10:55:48 PM
Hi guys I have a new project that will rock the DRK world https://bitcointalk.org/index.php?topic=521677.new#new I am looking for investors and developers to execute my vision. It will have a impact on the downward trend of DRK and improve stability of price across the exchanges.
March 18, 2014, 10:53:15 PM
In my opinion DRK is one of the most innovative and quality coins. It is one of my absolute favorites and a testament to the cryptocurrency world.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
You say stagnant, I say stable
. Now there is not much promotion for the coin, yet the value of one unit is close to $1, imagine post marketing / DarkSend's launch. My rig is dedicated to DRK 24/24. March 18, 2014, 10:48:58 PM
In my opinion DRK is one of the most innovative and quality coins. It is one of my absolute favorites and a testament to the cryptocurrency world.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
Unfortunately, the price is pretty stagnant, and as a speculator it simply doesn't make sense to buy in.
That said, I just want to congratulate everyone who is a part of DRK, as your work is awesome. I hope to see DRK gain more market share, even if I'm not around to profit from it.
The problem with the stagnant market it we have several bots that are posting tiny buys and sells that are keeping the prices down. They are usually in the 0.1DRK - 0.2DRK range. I have personally been running a bot that has been buying them up and the market has comeup a little bit, but its not having enough impact to stop it. I have personally spent ~$700 this week buying up the the tiny sells. From what we can see they are actually losing money doing this. but its hard to know.
March 18, 2014, 10:44:28 PM
Well hell, hats off to a soul who in a economical situation as deary as he describes would not rationalize the spoils of said exploit to be fair to hold. As for the rest of the scamming fucks out there, karma gonna catch ya, especially when security is run by a hero like this one. Where is the bounty link already?
Yes definitely very honorable guy. I think he said he worked at a hotel doing menial work of all things. The XCP community had a scare as he didnt return the funds until they actually fixed the bug!bounty link? not sure what you mean
James
March 18, 2014, 10:42:25 PM
eduffield
Please dont misunderstand what I am saying. You are doing great work no doubt of that!
I have seen some concerns here about DRK really going to the bad side of things and I think it is good that it isnt 100% anonymous. Like you said 99.9% effective. That is definitely good enough for the mass market.
It is nearly impossible to create a 100% anonymous solution short of combining a mixing layer with a zeroknowledge layer and a lot of other stuff. This is why it does not exist yet, except the TLA's have their own version of course.
DRK is NOT about allowing people to break the law. It is about giving people back their privacy that has been slowly eroded by tech.
While I am active in the NXT community, I strongly feel that the world needs a replacement for cash. It is disappearing and bitcoin is a zillion times worse. I am currently working on a multisig based gateway for NXT AE and I will be supporting DRK as one of the assets. I think if we did a bit of cooperation (not sure of details), we can create a pretty simple way for people to get to 99.5% anonymity.
Send DRK to the NXT AE gateway, it goes in, gets combined with all DRK assets and it comes out. With NXT assets (and NXT itself) it has no inputs and outputs. There is no historical txout to txin, so once it goes into a shared account, everything becomes fungible. This still doesnt get around the really sophisticated attacks, but now nosy nellie needs to delve into two different blockchains to have a chance to figure anything out.
Another possibility would be to send DRK into the NXT AE and then zap it out in the form of BTC. This would allow using DRK to purchase anything that can be purchased with BTC. There would be conversion fees, but much better to have the option of using DRK for any bitcoin purchase. I think that cleanly solves the "what can we actually buy with DRK" question with the answer "Anything that you can buy with BTC"
James
P.S. I hope you can find the white hat guy, he is probably not so easy to find. Maybe busoni will help you get in touch. The white hat is amazing! He is in Brazil and read the XCP source code on the bus during his commute and found several problems including the biggie.
Please dont misunderstand what I am saying. You are doing great work no doubt of that!
I have seen some concerns here about DRK really going to the bad side of things and I think it is good that it isnt 100% anonymous. Like you said 99.9% effective. That is definitely good enough for the mass market.
It is nearly impossible to create a 100% anonymous solution short of combining a mixing layer with a zeroknowledge layer and a lot of other stuff. This is why it does not exist yet, except the TLA's have their own version of course.
DRK is NOT about allowing people to break the law. It is about giving people back their privacy that has been slowly eroded by tech.
While I am active in the NXT community, I strongly feel that the world needs a replacement for cash. It is disappearing and bitcoin is a zillion times worse. I am currently working on a multisig based gateway for NXT AE and I will be supporting DRK as one of the assets. I think if we did a bit of cooperation (not sure of details), we can create a pretty simple way for people to get to 99.5% anonymity.
Send DRK to the NXT AE gateway, it goes in, gets combined with all DRK assets and it comes out. With NXT assets (and NXT itself) it has no inputs and outputs. There is no historical txout to txin, so once it goes into a shared account, everything becomes fungible. This still doesnt get around the really sophisticated attacks, but now nosy nellie needs to delve into two different blockchains to have a chance to figure anything out.
Another possibility would be to send DRK into the NXT AE and then zap it out in the form of BTC. This would allow using DRK to purchase anything that can be purchased with BTC. There would be conversion fees, but much better to have the option of using DRK for any bitcoin purchase. I think that cleanly solves the "what can we actually buy with DRK" question with the answer "Anything that you can buy with BTC"
James
P.S. I hope you can find the white hat guy, he is probably not so easy to find. Maybe busoni will help you get in touch. The white hat is amazing! He is in Brazil and read the XCP source code on the bus during his commute and found several problems including the biggie.
March 18, 2014, 10:39:45 PM
White hat returned all the funds
The current poloniex BTC thing is totally different. There was a bug with the withdraw logic. If you had valid amounts in your account and clicked really fast on the withdraw button, you got paid multiple times for the same withdraw. Something like 12% of BTC was stolen this way by unknown hacker
Then there was the c-cex BTC caper with DRK involvement that got Poloniex involved.
Three different poloniex events in about a 10 day timeframe. Poor busoni, amazing he kept it all together.
James
The current poloniex BTC thing is totally different. There was a bug with the withdraw logic. If you had valid amounts in your account and clicked really fast on the withdraw button, you got paid multiple times for the same withdraw. Something like 12% of BTC was stolen this way by unknown hacker
Then there was the c-cex BTC caper with DRK involvement that got Poloniex involved.
Three different poloniex events in about a 10 day timeframe. Poor busoni, amazing he kept it all together.
James
Well hell, hats off to a soul who in a economical situation as deary as he describes would not rationalize the spoils of said exploit to be fair to hold. As for the rest of the scamming fucks out there, karma gonna catch ya, especially when security is run by a hero like this one. Where is the bounty link already?
March 18, 2014, 10:23:04 PM
XCP used multisig in fancy and clever ways (DRK uses multisig in fancy and clever ways) and there was a bug that the white hat found. I highly suggest we hire this guy for a full source code review!
James
James
Did this anon ever return the 150 btc to poloniex? The site does have a credit system going for missing btc right? If he flaked out on his stated intentions of good will to the xcp community you surely wouldn't consider his assistance a worthwhile investment for the darkcoin community.
The current poloniex BTC thing is totally different. There was a bug with the withdraw logic. If you had valid amounts in your account and clicked really fast on the withdraw button, you got paid multiple times for the same withdraw. Something like 12% of BTC was stolen this way by unknown hacker
Then there was the c-cex BTC caper with DRK involvement that got Poloniex involved.
Three different poloniex events in about a 10 day timeframe. Poor busoni, amazing he kept it all together.
James
March 18, 2014, 10:13:57 PM
XCP used multisig in fancy and clever ways (DRK uses multisig in fancy and clever ways) and there was a bug that the white hat found. I highly suggest we hire this guy for a full source code review!
James
James
Did this anon ever return the 150 btc to poloniex? The site does have a credit system going for missing btc right? If he flaked out on his stated intentions of good will to the xcp community you surely wouldn't consider his assistance a worthwhile investment for the darkcoin community.
March 18, 2014, 10:03:46 PM
If anyone is looking for a nice How to Guide on Mining DarkCoin, either with a CPU or GPU then check this nice Step by Step Guide out...
http://www.reviewoutlaw.com/how-to-mine-darkcoin-gui-friendly-simple-way-mining-dark-coin/
http://i2.wp.com/www.reviewoutlaw.com/wp-content/uploads/2014/01/darkcoin_logo-300x300.png?resize=150%2C150
http://www.reviewoutlaw.com/how-to-mine-darkcoin-gui-friendly-simple-way-mining-dark-coin/
http://i2.wp.com/www.reviewoutlaw.com/wp-content/uploads/2014/01/darkcoin_logo-300x300.png?resize=150%2C150
March 18, 2014, 09:42:39 PM
It seems to me that with the current darksend/denominate implementation it is dangerous to just dump the change from a darksend back into the wallet and use it with the rest of the balance. See the following chart for an example:
In this chart, either or both denominates could be non-dark sends, although it is most likely that the first will be denominate. Denominate is very easy to identify as it uses the same adress for all outputs, and has powers of 10 as most output amounts. As it is trying to refigure the balence and it is easy to identify, it is very effective at showing that one person owns all of the addresses involved, potentially tying together a large amount of addresses. At some point after a darksend, the change address will most likely be included in a denominate or non-dark send with other addresses. If the change address can be linked to one of the inputs to the darksend, the intended output can usually be worked out, as there generally will only be one possible output.
This could largely be fixed by pooling denominates and having each denominate output go to a different address. Another possible improvement would be to have an option to send the change to a different address, so one could send their change to a completely different wallet, to avoid accidentally mixing it, although their transaction could still be worked out by process of elimination if the other transactions mixed with theirs weren't done as carefully.
without encryption, a determined attacker can extract at least partial information from every darksend. Even with encryption you still have to worry about timing attacks and knapsacking attacks. Over time higher and higher probabilities will be obtained. However, this is not something an ordinary person would have to worry about. In this chart, either or both denominates could be non-dark sends, although it is most likely that the first will be denominate. Denominate is very easy to identify as it uses the same adress for all outputs, and has powers of 10 as most output amounts. As it is trying to refigure the balence and it is easy to identify, it is very effective at showing that one person owns all of the addresses involved, potentially tying together a large amount of addresses. At some point after a darksend, the change address will most likely be included in a denominate or non-dark send with other addresses. If the change address can be linked to one of the inputs to the darksend, the intended output can usually be worked out, as there generally will only be one possible output.
This could largely be fixed by pooling denominates and having each denominate output go to a different address. Another possible improvement would be to have an option to send the change to a different address, so one could send their change to a completely different wallet, to avoid accidentally mixing it, although their transaction could still be worked out by process of elimination if the other transactions mixed with theirs weren't done as carefully.
I also think it is what makes DRK a very good investment.
There is no need to fear the really bad elements will gravitate to DRK. it is not effective enough. So no need to worry about all the bad peoples creating troubles. DRK is the coin that provides anonymity for the ordinary people. So you dont have to worry about your neighbors snooping on your finances. So people wont find out about stuff they have no business finding out about!
It is our lives and we deserve some privacy dont we? When did we agree to have cameras track us using automatic facial detection and correlating all our credit card spending? When did cash stop being "legal tender for all debts public and private"?
I dont remember giving anybody permission to do that. Yet they are.
I am most worried about an XCP incident: https://poloniex.com/correspondence.pdf
XCP used multisig in fancy and clever ways (DRK uses multisig in fancy and clever ways) and there was a bug that the white hat found. I highly suggest we hire this guy for a full source code review!
James
March 18, 2014, 09:26:10 PM
It seems to me that with the current darksend/denominate implementation it is dangerous to just dump the change from a darksend back into the wallet and use it with the rest of the balance. See the following chart for an example:
In this chart, either or both denominates could be non-dark sends, although it is most likely that the first will be denominate. Denominate is very easy to identify as it uses the same adress for all outputs, and has powers of 10 as most output amounts. As it is trying to refigure the balence and it is easy to identify, it is very effective at showing that one person owns all of the addresses involved, potentially tying together a large amount of addresses. At some point after a darksend, the change address will most likely be included in a denominate or non-dark send with other addresses. If the change address can be linked to one of the inputs to the darksend, the intended output can usually be worked out, as there generally will only be one possible output.
This could largely be fixed by pooling denominates and having each denominate output go to a different address. Another possible improvement would be to have an option to send the change to a different address, so one could send their change to a completely different wallet, to avoid accidentally mixing it, although their transaction could still be worked out by process of elimination if the other transactions mixed with theirs weren't done as carefully.
In this chart, either or both denominates could be non-dark sends, although it is most likely that the first will be denominate. Denominate is very easy to identify as it uses the same adress for all outputs, and has powers of 10 as most output amounts. As it is trying to refigure the balence and it is easy to identify, it is very effective at showing that one person owns all of the addresses involved, potentially tying together a large amount of addresses. At some point after a darksend, the change address will most likely be included in a denominate or non-dark send with other addresses. If the change address can be linked to one of the inputs to the darksend, the intended output can usually be worked out, as there generally will only be one possible output.
This could largely be fixed by pooling denominates and having each denominate output go to a different address. Another possible improvement would be to have an option to send the change to a different address, so one could send their change to a completely different wallet, to avoid accidentally mixing it, although their transaction could still be worked out by process of elimination if the other transactions mixed with theirs weren't done as carefully.
I was actually thinking about this the other day. Eventually we could have "denominating pools", they would function exactly as DarkSend pools do except the inputs would be change and the outputs would all be powers of ten.
Jump to: