Author

Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 104. (Read 1289644 times)

sr. member
Activity: 337
Merit: 250
February 13, 2016, 12:08:11 AM
Looks like the whole chain has been deanonymized.  ugh.  https://raw.githubusercontent.com/ShenNoether/Deanon/master/sdcDeAnon.txt
newbie
Activity: 29
Merit: 0
February 13, 2016, 12:05:04 AM
I edited my original post to include "My limited understanding is that reveals which signature belongs to the original initiator of a ring signature. Can any other information be deduced from that signature?


You have the SDC logo in your avatar but you have no idea what is being offered with this coin or how it works? A knowledgeable investor wouldn't ask this question.



FINE i erased the "no it doesnt" Tongue


I'm going to give you the benefit of the doubt and assume that even though you support this coin you are not just another SDC slimebag.

Here's what you need to do:

(1) Face your denail.
(2) Dump your SDC while the price is still inflated.
(3) If you like it so much, buy back cheaper.
(4) Consider the profit your reward for monitoring this thread and staying loyal to your coin.

If you want to tip me after you realize your profits, I'll take XMR.
hero member
Activity: 606
Merit: 500
February 13, 2016, 12:01:22 AM

What exactly does this exploit reveal in a single ring signature transaction?

A ring signature has multiple possible signers. The idea is that it is suppose to not be possible to tell which previous transaction's output is being spent.


I edited my original post to include "My limited understanding is that reveals which signature belongs to the original initiator of a ring signature. Can any other information be deduced from that signature?"

hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 11:58:29 PM
So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.



You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

No it doesn't. SDT is still functional and SDC ring sig math was fundamentally flawed. I suspect that came from the size changes that were made to increase performance in 2014 which Smooth referenced in December as change he hadn't noticed in the code which I thought at the time was a significant improvement to ring. Just turns out maybe it wasn't or is just buggy. I don't know.


You are in denial. They produced a list of every ring signature of SDC deanonymized.

FINE i erased the "no it doesnt" Tongue
newbie
Activity: 29
Merit: 0
February 12, 2016, 11:57:31 PM
So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.



You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

No it doesn't. SDT is still functional and SDC ring sig math was fundamentally flawed. I suspect that came from the size changes that were made to increase performance in 2014 which Smooth referenced in December as change he hadn't noticed in the code which I thought at the time was a significant improvement to ring. Just turns out maybe it wasn't or is just buggy. I don't know.


You are in denial. They produced a list of every ring signature of SDC deanonymized.
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:57:08 PM
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.

Still don't like to overall tone of this criticisms throughout the thread.

But I do have a question for you. I don't have time to sort through all the insults being thrown around by everyone as I'm doing homework.

What exactly does this exploit reveal in a single ring signature transaction?

A ring signature has multiple possible signers. The idea is that it is suppose to not be possible to tell which previous transaction's output is being spent.

As an example, say some unpopular military attack has to be ordered, but nobody wants to go down in history as the one who ordered it.  If 10 leaders have private keys, one of them could sign the order and you wouldn't know who did it.

In the case of the broken ring signatures in Shadow, you can always tell which leader gave the order (which transaction's output is being spent).


hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 11:52:37 PM
So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.



You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.

SDT is still functional and SDC ring sig math was fundamentally flawed. I suspect that came from the size changes that were made to increase performance in 2014 which Smooth referenced in December as change he hadn't noticed in the code which I thought at the time was a significant improvement to ring. Just turns out maybe it wasn't or is just buggy. I don't know.
newbie
Activity: 29
Merit: 0
February 12, 2016, 11:45:04 PM
So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.



You are too much of a gentleman.

It is much much much worse than bitcoin because people have used the "anonymous" feature of this coin with the expectation of anonymity. This jeopardizes their freedom, safety, and maybe even life.

It's inexcusable.
hero member
Activity: 606
Merit: 500
February 12, 2016, 11:43:46 PM
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.

Still don't like to overall tone of this criticisms throughout the thread.

But I do have a question for you. I don't have time to sort through all the insults being thrown around by everyone as I'm doing homework.

What exactly does this exploit reveal in a single ring signature transaction? My limited understanding is that reveals which signature belongs to the original initiator of a ring signature. Can any other information be deduced from that signature?
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:42:01 PM
So, their whole blockchain is now useless from a privacy perspective right?

The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice).

The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function.

sr. member
Activity: 337
Merit: 250
February 12, 2016, 11:40:44 PM
So, their whole blockchain is now useless from a privacy perspective right?
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:38:23 PM
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.

Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out.

Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed.

Signing off from the thread for now unless anyone has a question for me.
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 11:36:08 PM
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn.
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:35:10 PM
You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.


This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.

LOL talks about credibility while posting on a troll account! Worst case scenario we switch back to the ring sig from before.

I'm not positive but I think both ring sig versions have the flaw.

The code can be fixed, going forward. Incompetence is harder to fix.
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 11:26:52 PM
You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.


This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.

LOL talks about credibility while posting on a troll account! Worst case scenario we switch back to the ring sig from before.
newbie
Activity: 29
Merit: 0
February 12, 2016, 11:21:54 PM
You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which.


This coin will never have credibility because the devs are incompetent and the community is slime.

I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities.

And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system.

I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it.
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:16:33 PM
Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3
More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Tongue

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.

Community issued the denial (namely me) because you are a troll and legitimate bugs are not exactly you or your teams history. Trolling is. Hats off to Shen but the trolling and PR was bullshit and you know it. Again, good to know before the market release so that it can be addressed.

You issued this:

https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/

"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction."

If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so. I don't know which.


hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 11:07:56 PM
Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3
More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Tongue

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.

Community issued the denial (namely me) because you are a troll and legitimate bugs are not exactly you or your teams history. Trolling is. Hats off to Shen but the trolling and PR was bullshit and you know it. Again, good to know before the market release so that it can be addressed.
legendary
Activity: 2968
Merit: 1198
February 12, 2016, 11:02:05 PM
Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3
More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Tongue

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.

They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial.
hero member
Activity: 896
Merit: 1000
Avatars are overrated.
February 12, 2016, 10:59:42 PM
Proof of concept code has been posted by shen:

There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain:

ProcessBlock: ACCEPTED a801e125053dcc556b94
verifying ring sig asdf

index i = 0 / 4

index i = 1 / 4

index i = 2 / 4

index i = 3 / 4
signer is index 3
More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Tongue

Dude:

signer is index 3

Do you know what that means?

Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads.
Jump to: