Topic: Anonymity (Read 4729 times)

Can web-wallets be used for PoS?

Wallets themselves don't take up sufficiently large amounts of space, the issue is that the blockchain contains the transactions for EVERY wallet (including mixing transactions in the case of other anonymous coins). As smooth explained, most Bitcoin users are using web wallets (Coinbase, Blockchain.info, GreenAddress, etc.) or SPV-style wallets (Electrum, Multibit, etc.) where you don't store the whole blockchain, only the info relevant to your wallet (which is tiny). All of the backends to those services, though, are running full nodes with the full blockchain by necessity.

I'm learning a lot from you. I think it's a good trade off, bigger hard disk space but un-linkable and untraceable transaction. I don't know anything about how blockchain works, but I'm thinking about a wallet which deletes the data which is, for example, a month old and can be used just for send/receive. Another wallet for the network. I haven't read the last posts here, and I guess I will find my answer there.

BTSX with TITAN is a good candidate https://bitcointalksearch.org/topic/titan-infographic-transfer-invisibly-to-any-name-bitshares-feature-687251

Although I can't compare with other anonymous implementations as I know little of them.

Imagine 2 blockchains processing the same amount of transcations. Now Chain 1 is running with ringsignatures and Chain 2 is not.

Now lets say that every year 500 GB of transaction data gets produced and no blockchain pruning and shrinking is available.
After 1/2/3/4/5 years
Chain 1: 750GB/1.5 TB/2.25TB/3TB/3.75TB
Chain 2: 500GB/1TB/1.5TB/2TB/2.5 TB

And this is under the best case scenario that ringsignatures only produce 50% bigger tx. This number can be higher!

How do thin clients work?

I don't really find it that bad. People will still be able to run nodes no problem and regular people can use thin clients. Assuming that standard Bitcoin style thin clients work with ring sig tech. I assume it does but I don't know.

It's a very tired argument that gets pulled out and rebutted each time. The Monero blockchain is currently 5.5x the size of the Bitcoin one for comparable total transactions (so linearly larger than Bitcoin's). So when we've had 44 million transactions (as Bitcoin has over its 5.5 year existence) our blockchain will be about 110gb vs. Bitcoin's current 20gb blockchain. This is, in itself, not a problem, as by the time we get there in a few  years disk space will be appreciably larger, and we'll have the same full node problem Bitcoin has (who seriously keeps the full 20gb Bitcoin blockchain on their laptop, for instance) - the majority of our userbase will use lightweight wallets.

A lot of the people that state that Monero has a "blockchain bloat" problem are picking up snippets of conversation between quite intelligent people on the matter without actually understanding the issue. Monero has exactly the same "bloat" problem as XC, DarkCoin, and anything else that uses a form of mixing - you are going to incur additional entries in the blockchain for every mix (or in Monero's case for every additional signature in a ring), which means the blockchain for all of them is going to be linearly larger than Bitcoin's for the same number of transactions. It is a compromise you accept if you want transaction privacy: it uses more space in the blockchain. However, the advantage that a Bitcoin-derived altcoin has is that it can prune the bloated blockchain, whereas with Monero you can never tell if a utxo has actually been spent or just used in a ring signature, so pruning in the Bitcoin sense is not possible. THIS is what they're actually claiming - that all of the blockchains are going to bloat, but Monero's can't be pruned the way Bitcoin's can. It's very, very important to note alongside this that the Bitcoin blockchain has never been pruned, the code to operate off a pruned blockchain is simply not there (that notwithstanding, as of Bitcoin Core 0.9.0 it does have the ability to prune provably unspendable outputs, but that is not the same as the blockchain pruning we are referring to). Therefore, none of these Bitcoin-derived altcoins are actually able to prune their blockchain, despite their belief that they can flick a switch and voila, magically small blockchain. Not unless they have the ability to write code that the Bitcoin core developers and hundreds of contributors have yet to write.

At the moment we're on a flat per-tx fee, so it's still cheap either way, but yes - once we move to per-kb fees it'll be more expensive to use large signature groups (although not prohibitively so).

The original CryptoNote whitepaper is here: https://cryptonote.org/whitepaper.pdf

The CN whitepaper had not been peer reviewed, so we took that job on ourselves.

Our mathematicians and cryptographers raw (and sometimes snarky;) annotations are here: http://monero.cc/downloads/whitepaper_annotated.pdf
The review of the CN whitepaper as presented by one of our mathematicians is here: http://monero.cc/downloads/whitepaper_review.pdf

All worthy reads, and as you can see there's actual mathematics and cryptography and not just pretty pictures:-P

But even in this case don't you still have to trust the DAC's master or owner or whatever? Unless it was truly independent I guess.

There are ways to add anonymity to bitcoin without changing the code. It won't be on source level, but with service providers. You could do something like a DAC mixer.

Because I'm involved with a project that is a new implementation of the latest version of Bitcoin and I'd like for it to be able to implement some level of anonymity at some point within the next year or two. The focus of the project isn't on anonymity at this point at all but personally I hope that eventually there will be solutions that won't require building everything from scratch like CryptoNote did.

Wishful thinking perhaps.

Why?

I'm really hoping someone comes up with a solid anon solution that can be implemented in to Bitcoin style blockchain tech at some point.

Very good questions. I'm excited that we're starting to see some higher level questions again.

1.) Payee addresses are arguably the less important aspect of privacy. As the sender, it's more important to protect your identity. The other side can simply be addressed by generating a new change address per payment. Between the two of these the system would be completely anonymous. Also, after receiving payment, your client will prepare the funds again, increasing their anonymity.

2.) There's not a perfect solution to this yet, but Masternode operators have an interest in getting more darkcoin and keeping their existing inventment as valuable as possible. By attacking the network, they would cause harm to their investment. Also, the client is resistant to DDOS attack currently and masternode operators are instructed to close all other ports and have some kind of DDOS protection.

As a longer term solution, we could not broadcast the IPs of masternodes, but an identifier. Users could then say they want to broadcast to that masternode, but not actually connect to it. This would hide the identities and create a much more robust system.

Absolutely - but the cost of doing this is extremely high. During a DDoS a datacenter is having their bandwidth saturated, and it's affecting other customers in the datacenter, so they will typically get their upstream bandwidth provider to null-route all traffic bound for that IP address. The upstream bandwidth provider's equipment is all muscle, no brain, on massive amounts of bandwidth, so it can't route things based on the type of data, only on the destination. Typically this means that DDoS mitigation is done, for example, by having round-robin DNS that spreads the load out to different data centers, and when under attack the DNS records can be updated faster than an attacker can reroute his DDoS. If the attack is sufficiently clever and sufficiently large there will be downtime, but it'll be measured in minutes and not in hours.

The only way to mitigate this is to scrub the data at line rate, which means you need your own very powerful, very clever, very expensive routers collocated at the DC. You're also going to need to rent at least 20gbps of the DC's bandwidth, even if you're only using a tiny tiny fraction of that, as a DDoS attack will fill that pipe and your routers will need to scrub it and only let clean data through. It's definitely doable, but it'll cost you tens of thousands of Dollars a month.

If a method is implemented where the wallet can determine the number of running masternodes with a certain level of probability before anonymizing its non-anonymized coins, the incentive to dos the masternodes is taken away. You had some ideas here, but even a superpeer group keeping the count would go a long way imo while a totally trustless solution is found.