Pages:
Author

Topic: How to get free Bitcoin by exploiting a DASH InstantX (Read 6323 times)

hero member
Activity: 966
Merit: 1003
How about 50 BTC to double spend an InstantX on testnet?

I don't think there is. And there shouldn't, as starting up as many masternodes as one pleases in testnet is easy and free. AFAIK if you own both the hashrate and the masternode network, then you can do what you want, as you basically own everything.

Evan thinks otherwise and asked me to attempt a double spend on testnet.

Yes, please attempt, by using the method you outlined. If there was a bounty for breaking the testnet, people would cheat by launching enough masternodes they'd have 99% of the masternode network.


Why should I do this for free?

Well, you already created a sockpuppet account and this thread. So why not go all the way? And it wouldn't be for free, think how your bag of shitcoins would skyrocket if just the big evil DASH would go away.


If it's so secure, why not have a bounty for exploits?

Can't say for sure, but probably because it would be an extra effort. Let's assume it is secure, and no one will break it. What's the use of the bounty then, it would only cause hassle as people would submit invalid cases and someone would have to potentially spend a lot of time to verify/invalidate them.
legendary
Activity: 3066
Merit: 1188

Why should I do this for free?

If it's so secure, why not have a bounty for exploits?

Apparently you don't need one according to your original thesis

It's a self funding exercise who's reward is potentially unlimited   Wink
newbie
Activity: 8
Merit: 0
This attack could, of course never be carried out on any Proof of Work network InstantX.

You should look at the code and read the whitepaper, because it deals with this exact situation. Nice try though...

Surely there is a bounty for this?

How about 50 BTC to double spend an InstantX on testnet?

I don't think there is. And there shouldn't, as starting up as many masternodes as one pleases in testnet is easy and free. AFAIK if you own both the hashrate and the masternode network, then you can do what you want, as you basically own everything.

Evan thinks otherwise and asked me to attempt a double spend on testnet.

Why should I do this for free?

If it's so secure, why not have a bounty for exploits?
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud

When ever I see him come into the light, I'm gonna bring it up

A scam is a scam is a scam, but let me offer up another story based my incredible skills of supposition....

legendary
Activity: 3066
Merit: 1188

When ever I see him come into the light, I'm gonna bring it up

Why ? Did he force you to invest or something ?

(Hint - if only he had you'd be a whole lot better off   Wink  )
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
Correct. If you get a successful lock on a transaction, conflicting blocks are outright rejected.

Read the code here:
https://github.com/dashpay/dash/blob/master/src/main.cpp#L2849

Did you use a testnet when you accidentally mined all those coins? https://bitcointalk.org/index.php?topic=999886.100

When your dreams of Evan going to jail for fraud happen.



When ever I see him come into the light, I'm gonna bring it up. Can't he answer for himself? I honestly don't care about insta-whatever, I saw him post and wanted an answer. I got it, cowardice.
hero member
Activity: 966
Merit: 1003
Correct. If you get a successful lock on a transaction, conflicting blocks are outright rejected.

Read the code here:
https://github.com/dashpay/dash/blob/master/src/main.cpp#L2849

Did you use a testnet when you accidentally mined all those coins? https://bitcointalk.org/index.php?topic=999886.100

When your dreams of InstantX being easily exploited get shattered, switch to off-topic ad hominems. Standard.


Fuck instamined coins and fuck scammers, they are scum and the coin is crap.

And another one.


Darkcoin/Dash is organized crime

One more.



haha, Dash/Darkcoin - by scammers, for scammers.
Lol shitcoin gonna shitcoin
Where are the Darkcoin/Dash sheep now? No dumb justifications?

After such premature ejaculation bukkake party getting angry when the candy is taken away from you is quite understandable.
hero member
Activity: 966
Merit: 1003
This attack could, of course never be carried out on any Proof of Work network InstantX.

You should look at the code and read the whitepaper, because it deals with this exact situation. Nice try though...

Surely there is a bounty for this?

How about 50 BTC to double spend an InstantX on testnet?

I don't think there is. And there shouldn't, as starting up as many masternodes as one pleases in testnet is easy and free. AFAIK if you own both the hashrate and the masternode network, then you can do what you want, as you basically own everything.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud

Words, words, words, but somehow know understanding of the actual process.


Meet me over here: https://bitcointalksearch.org/topic/dash-versus-ring-signiture-coins-1031729
newbie
Activity: 8
Merit: 0
This attack could, of course never be carried out on any Proof of Work network InstantX.

You should look at the code and read the whitepaper, because it deals with this exact situation. Nice try though...

Surely there is a bounty for this?

How about 50 BTC to double spend an InstantX on testnet?
legendary
Activity: 3066
Merit: 1188

The upshot of this is that an auditor only needs your private view key to identify all of your transactions.

That isn't the 'upshot' at all.

How many daily hours do you think are spent on blockchain.info verifying transactions and wallet balances ? There are a load of reasons that my wallet might not be showing me the correct balance which are nothing to do with "math" - I installed the wrong wallet file, didn't catch up with the blockchain, my wallet is hacked, whatever.

blockchain.info and its like are positively SCOURED daily for verification purposes. Thousands of hours are spent on there checking stuff including "where did it come from and where did it go" type audits. All that activity is of immense value in terms of maintaining a high level of confidence in the system. What do I do if I open my wallet which I think had 500 XMR in it and suddenly it's only got 300 ? How does someone in that situation seek "public consensus" that the balance is correct - whether for reasons of getting drunk the night before and gambling it away without remembering, getting hacked or it not having been there in the first place ?

Does Fluffypony come along and wave a math paper at them ? Are you seriously proposing that people are just going to accept losing all that transparency ? (Because if you are then you can kiss the value goodbye as well).

if I, as a company, receive a payment from Microsoft Inc. do my auditors go and ask Microsoft for their bank balance?

Not in the fiat system by most certainly yes in a cryptocurrency.

This is why I say Monero is a fiat business model. Everything is seen from the perspective of bank accounts in a fiat system with scant regard to the things that make crypto totally distinct and nothing like the counterparty based banking model.

There is no statutory "us and them" in crypto as there is in fiat. That applies to any base monetary medium such as gold. First parties and third parties do not exist. There is simply a blockchain thats in the public domain and a bunch of anonymous private keys to control it. The correct place for such an "ownership model" is in the next layer - financial services such as ETFs or managed funds.

It's the very fact that the blockchain IS in the public domain that gives the private keys their value. There's no need to make it invisible - all your doing is re-inventing the wheel because we already have privacy built into the blockchain.

What's needed is to maximise its fungibility - for all kinds of reasons, not just privacy - to mitigate recurring and identifiable patterns of movement.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
And here's this:




Every transaction involves two keys: a public spend key, and a public view key. The destination for an output in a transaction is actually a one-time public key computed from these two keys. The formula used for calculating this is: P = Hs(rA)G + B (where Hs is a hash function, r is a random, G is a basepoint, A is the public view key, B is the public spend key).

When scanning incoming transactions every transaction is scanned to see if is for "you". To do this, your wallet computes P' = Hs(aR)G + B (following the same definitions as before, except that a is your private view key, and R = rG, which is packed elsewhere into the transaction). Notice that this only requires your private view key and your public spend key, and this check is immutable and cannot be faked. You cannot receive transactions and identify them without the corresponding private view key.

In order to spend the funds you have to compute a one-time private spend key for that output using Hs(aR) + b (where b is your private spend key), so it's impossible to spend the funds without it. Literally that's all the cryptography you need to understand, but I guess when your aim is to deflect attention from an instamined scam it helps to call it a "mountain of cryptography".

From this we can also determine that it is possible to enumerate all the view keys, but as the key space is 2256 it's not possible unless you have more processing power than all the energy in the universe, and more time than the universe has existed.

The upshot of this is that an auditor only needs your private view key to identify all of your transactions. On the other hand, with Bitcoin and its clones you would typically need to sign every address you own (or for something like Electrum you'd be able to provide your master public key). In some ways the private view key is like the Electrum master public key, in that with both you can view every transaction for that account, and there's no way to fake that data. As with any audit, though, you could always have a second wallet for your secret transactions, but typically auditors would uncover that through other mechanisms.

The claim that the auditor has to "see the balances in the sending addresses" is ludicrous - if I, as a company, receive a payment from Microsoft Inc. do my auditors go and ask Microsoft for their bank balance?
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud

The criticism, if factual, should denounce every coin I just claimed was faulty, therefore I should join the debate and end this ring-signature conspiracy.

legendary
Activity: 3066
Merit: 1188


LoL. When in doubt, call in reinforcements from the Monero troll army.

Altogether. Lets do the "instamine scam" dance.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
legendary
Activity: 3066
Merit: 1188

just as the case in international business when the auditor will in no way have jurisdiction to audit foreign accounts

That isn't the kind of audit thats important in crypto. Your thinking of the accountant that walks into your office and "audits" your bookkeeping.

For a start, the idea that cryptocurrency based economies will "just work like fiat ones" is a bit ludicrous. As I keep trying to explain, crypto is anonymous. For that reason, showing a compliance auditor a random balance on the blockchain carries about as much weight as pulling a set of keys out of a drawer and showing them those.

Secondly, all forms of money are validated by some kind of trusted third party. Thats what gives money its value. The fiat money system has a counterparty in the middle of the transaction to fulfil that role. With art it's a trusted auction house. Nobody's going to buy the bar of gold from under your bed without it being rubber stamped in public as part of the elemental continuum with atomic number 79 (a publicly verifiable and visible form of money).

In crypto, all counterparties have been eliminated from the transaction. Instead, the entire blockchain is publicly visible and verifiable so that public consensus can act at the "trusted third party". Bury that and you've buried your whole value proposition with it.

Not only that, there are loads of other 'signals' that the whole cryptonote way of approaching things is all wrong.

The fact that visibility had to be compromised to deliver "fungibility" (<-- in inverted commas because fungibility and visibility are different things) is only one. Dash managed to avoid this compromise because it has diversified its network functionality.

Other areas of "compromise and fudge" of mono-functional networks include:

 - having to find a fudge between low blocktime and too many orphans to get the comfirmation speed up
 - having to find a fudge between blocksize and efficiency to address the problems of scaleability

In both these areas, Dash has achieved the best of all worlds through functional diversification whereas others are stuck with the worst. Perfect launch or not, it’s an original crypto who’s innovative approaches to “big problems” are working, and working in visible ways.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud




I like making logical fallacies and assert that all the blockchain must be public without making the obvious point that only your received and spent outputs are necessary to audit just as the case in international business when the auditor will in no way have jurisdiction to audit foreign accounts.  I also fail to see how my faulty argument applies to darksend if it is truly anonymous. So never mind the obvious comparison that the viewkey acts as a receipt verified mathematically by the network. 

hero member
Activity: 690
Merit: 501
I love the fact the the OP has been called out to prove that his claims are possible in testnet but can't do it...because its a flawed theory.

I don't have any false illusions that Dash is perfect but it has been a long time since somebody has come up with a vulnerability that actually works. 

Possibly the last person was that dude who managed to manipulate masternode payments for a while? 

He asked about a bounty on the last page.
legendary
Activity: 1722
Merit: 1002
Decentralize Everything
I love the fact the the OP has been called out to prove that his claims are possible in testnet but can't do it...because its a flawed theory.

I don't have any false illusions that Dash is perfect but it has been a long time since somebody has come up with a vulnerability that actually works. 

Possibly the last person was that dude who managed to manipulate masternode payments for a while? 
legendary
Activity: 3066
Merit: 1188



No. It doesn't mean that because an auditor wants to verify the origin of the funds and therefore has to see the balances in the sending addresses as well.

Ever heard of "double entry bookkeeping" ? That alludes to the fact that there are two or more balances involved in a transaction, not one.

A great tribute to bitcoin's success as 'money' is the fact that their is public consensus that all the recent bitcoin "heists" of late (Bitstamp, etc) were in fact thefts and not somebody 'fooling the system'. That consensus is only achaived by virtue of the public blockchain and the fact that EVERY SINGLE ADDRESS is auditable. Not public by choice but public by force.

That is the very same consensus that gives the balance in an address its value - and thereby turns it into money.

Privacy is supported by the private blockchain. The phrase "public-private key encryption" alludes to the fact that one key is supposed to be public and the other private. In cryptocurrency therefore, we maximise the anonymity of the private key by maximising the fungibility of the public addresses - not my making them invisible but my making them more fungible, a very different thing.

You can't go burying the public blockchain in a mountain of cryptography.

What you've got is an encrypted bookkeeping system for banks. Go the Ripple route and try selling it to them  Wink

Pages:
Jump to: