The problem with this analysis is that it is too myopic and loaded to be instructive about how either of these technologies (DRK / Cryptonote) will play out ultimately.
There are loads of modern day services that the NSA can theoretically "snoop" which don't detract from their practical or market value. The best you can say is that there is unlikely to be any anonymous technology which is guaranteed 100% to be "unstoppable" - neither the cryptonote approach or the 2-tier one.
But that's not the point anyway. Most people are not terrorists on the run from the NSA. The NSA are unlikely to be spending zillions of dollars on capturing masternode logs (because they'd need EVERY last one - ALL of them to have a remote chance) and then another few million plus several weeks pouring over them attempting to trace a solitary few transactions.
Even if that were theoretically possible (which I don't accept it is) it's well beyond a practical level of financial privacy which is what the goal is here.
You seem to entirely miss my point.
1. Gaming masternodes is, in fact, within the reach of an ordinary script kiddy or an MNC. Besides the obvious risk of masternodes being taken offline by a DDoS, there is absolutely no chance that even the bulk of the operators are getting security right.
2. You don't need to be a terrorist or have the NSA after you. Agencies like the FBI, Europol, Scotland Yard, or Interpol will have no problem gaining access to masternodes completely surreptitiously.
Operational security and netsec are laborious and ongoing procedures. It requires an incredible amount of effort just to keep a small infrastructure set secure. My maintenance window to patch all glibc-bug affected components on 3 servers yesterday was ~12 hours - how many masternode operators do you know that took their servers offline for hours yesterday to make sure there were no glibc-statically-compiled nigglies lying around?
In fact, I picked DRK *because* of its 2-tier approach, not in spite of it. Once you accept that both technologies work "within a reasonable level of practical anonymity" then practical considerations have far more impact on value than the thinking up of hypothetical vulnerabilities.
This is where DRK scores many more points than Monero and is the reason why it's maintained and grown its 5x marketcap lead.
Monero offers actual privacy, with completely optional per-transaction or per-account transparency. Darkcoin offers obfuscation. Those are two different things.
Firstly, redundancy. Whatever disparities exist between the quality of the 2 anonymity algos, these are blown away by the fact that Darkcoin supports a pre-emptive, multiple redundancy approach to anonymisation. Cryptonote has 1 shot at it and has to work EVERY TIME. That means that you've no way of mitigating the effect of statistics as time goes on. The Darkcoin methodology is consistent with, say, painting a room where you use 16 thin coats rather than 1 thick one that leaves blank patches. This is both a huge security advantage and a practical advantage because at the point of use, Darkcoin can work like any other currency and doesn't need any exceptions to regular APIs which support it.
There is so much wrong with this I don't even know where to begin. First off: CryptoNote does have redundancy. If all our current knowledge of cryptography is somehow broken and there is a way to crack stealth addresses...well that's ok, you still have ring signatures to protect you. Secondly: layering complexity has never proven to be an effective approach to cryptographic security. To use your paint analogy:all that someone needs to do is strip away the base coat, and the other 15 are pointless. When you have interdependence (as you do with Darkcoin's various "methods") you're not creating redundancy, you're creating failure points.
Secondly, the 2-tier approach leads to a far more productive and secure development cycle because the legacy API layer that's compatible with the Bitcoin retail interface can be supported independently of changes to the anonymisation algos. We've already seen this where Darkcoin went from realtime anonymisation at the point of use (like Monero) to pre-emptive - a huge revision to the philosophy - with no disruption at all to the retail interface.
I fail to see how Monero couldn't change or improve its underlying privacy without touching the API? The JSON RPC API has nothing to do with the DH key exchange or ring signatures or anything. Also, Monero's "realtime anonymisation" uses the entire blockchain as a source to mix with. Every previous transaction is a candidate!
Thirdly - Darkcoin is fully compatible with Bitcoin. It basically IS bitcoin and can be deployed with most bitcoin infrastructure. This was a design priority right from the start and has been maintained ever since. Again, this is only possible due to the 2-tier architecture.
Oh good, then you recognise that it has exactly the same block size scalability issues as Bitcoin. Monero's dynamic block sizing, on the other hand, does not have that problem.
Fourthly - the flexibility that Darkcoin's architecture brings in terms of design options is immense compared to a coin who's transmission and anonymising properties are so inflexibly coupled into a single lump of code.
Ah I see what this conversation is. You're talking about the extended object-oriented instruction set of the optimised non-volatile adapter. We should consider synergies between the fully-configurable discrete structure and the assimilated dedicated hardware of the right-sized eco-centric framework. That way we can bring about managed neutral artificial intelligence all while streamlining customer loyalty in a reactive coherent installation. I do agree we need a paradigm-shift for an object-based reciprocal approach to work in the context of a persistent national data-warehouse, but should our focus not be on creating automated modular installation systems that interoperate with fully-configurable intangible projections? Ultimately this comes down to a discussion of which multi-tiered scalable open architecture has a better decentralised heuristic portal, and that, really, is all about their respective ameliorated background flexibility.
So I don't remotely agree with you that this represents a "Broken Architecture". That's the kind of antagonistic, emotive language that people use when they have an axe to grind and want to appeal to an audience who don't have the technical depth to make a proper appraisal of the criticism. If you really want to have it taken seriously then put your point to the Darkcoin development team and have them post an appropriate response.
Your flowery words don't change the fact that Darkcoin is a laughing stock among serious cryptographers. You're conflating me calling-a-spade-a-spade with some sort of personal vendetta. I don't care if Darkcoin succeeds or fails - if it succeeds it will only serve to validate Monero's use-case, and if it fails it won't be because of a lack of desire for transactional privacy. I do find it unconscionable that the fundamentally flawed architecture hasn't been abandoned, but I guess that's what you get when developers with no clue about cryptography try and invent a cryptographically sound system.
As for your Prisoner's Dilemma, that again is another piece of highly selective theorising. In fact the evidence in no way, shape or form supports your contention that it applies in this case. As you probably already know, there are few cases in any crypto-community of such high levels of constructive co-operation amongst peers. Masternode holders are not in "competition" with each other - they all share equally in a portion of the mining supply. Yes - their share goes up as the masternode population reduces, but it doesn't automatically follow that they'll start carrying out suicidal attacks on their own cryptocurrency network just to garner some hundredth of a percentage more yield. The loss in terms of market value from such behaviour would infinitely offset any marginal gain in coin share.
The "loss in terms of market value" is precisely why its a Prisoner's Dilemma. I suggest you study game theory if you want to get into that discussion.
Nonetheless, I linked to two papers that show how Bitcoin mining pools attack each other for the same reason. Have we not already seen the major damage done to Bitcoin when a mining pool approached the 50% mark? It is absolutely against the collective good for mining pools to be combative, and yet that is precisely what we are seeing.
Your argument that they are currently "constructively cooperating" is also laughable - it's just like with every major scam, there's always that person that gets interviewed that says: "but he was such a nice guy, I can't believe he would just steal from us!" Cooperating when the spoils are relatively worthless is inconsequential, true nature only reveals itself much later on.
But I guess, again, this is the difference between a fundamentally flawed architecture created by a developer and something created by an actual cryptographer. Do you know what the Longest Chain Rule is and why it was such an important creation of Satoshi's? Basically, in Bitcoin (as in Monero) there is not "one true chain", there are many chains. A node has to choose which one it deems to be the main one, and it does this by following the longest chain, all while still keeping the alternate chains. In the event an alternate chain develops that is longer (ie. more work, hence Proof of Work) then a blockchain reorganisation occurs, leading to that alternate chain being swapped in as the main one. Eventually dead alternate chains are orphaned and can be abandoned.
The reason this is critical, cryptographically speaking, is that
it allows a Bitcoin node to assume that nearly all the nodes it is connected to are bad. Bitcoin and Monero start with the assumption that 99% of the actors in the system are trying to lie and cheat, and systems are developed accordingly. The only time a Bitcoin or Monero node will be unable to find the only true peer (and subsequently blacklist all the other false peers) is if it is completely segregated and isolated (in which case you're screwed no matter what you use). There's no need for "constructive cooperation" in a trustless consensus system. Ask yourself: can Darkcoin's anonymity function if 99% of the masternodes are bad actors?
So the phrase "architecturally broken" is unjustified and I hereby request that the OP remove it from the citation at the start of the thread. Some of your points may be fair in the context of "vulnerabilities" but all advanced technologies have those. It's not a question of possessing or not posessing vulnerabilities, it's a question of what has the optimal balance of vulnerabilities against practical advantages.
Read the #bitcoin-wizards comments I linked to. This is not the opinion of one person, it's a common view among those who have enough knowledge to have an opinion.
Here's one for Monero which I won't do it the injustice of calling it "broken", simply a "vulnerability"....
.....if Darkcoin's algo ever gets "hacked", i.e. if a successful trace back to a sender of an anonymised transaction occurs, then only that one transaction is affected. The rest of the entire blockchain history is still safe.
On the other hand, if a solution is ever found for cryptonote encryption algorithm then the ENTIRE BLOCKCHAIN can be sprung with that one can opener. Cryptonote is therefore a timebomb. Your transaction might be anonymous today but not in 5 years time.
Be careful what you refer to as "architecturally broken".
If the cryptography behind ring signatures are cracked then everything using Schnorr signatures or EdDSA is in trouble. The same cryptography that protects Monero (
Ed25519) is used by: OpenSSH, I2P, GnuPG, Google End-To-End, Core Secret for iOS, and mcrypt.
So yes, if Ed25519 is broken then Monero would have to rely on stealth addresses for protection. But hey, in that event all the masternodes could be accessed, as OpenSSH would be broken too:)