XMR guys are very vocal about DASH being, well, shit, so should really back these claims up otherwise the criticism sounds unfair/uninformed.
First we have a criticism of DASH not being fungible. I posted this example earlier in response to these claims, no comeback so far:
Quote
- Of course it is; Only with encryption you can defeat the fungibility issue, DRK doesn't make it more fungible, you mix dirty coins with other dirty coins the same as a BTC mixer or darkwallet, after a while most coins will be tainted and you have the same problems as BTC or even worse.
That's a very interesting statement.
There are no dirty coins, right? Just inputs and outputs on dirty addresses? The fungibility in DRK comes from the mixing process, e.g.
- DirtyWallet has unspent inputs on address A.
- Inputs are spent via mixing with darksend rounds.
- Now DirtyWallet has unspent inputs on change addresses B,C,D.
- These are then spent via outputs to CleanWallet.
Due to the mixing process and the impossibility of re-assembling a complete transaction chain, there is no provable association in the blockchain between DirtyWallet's original inputs and the new unspent inputs in CleanWallet.
Funged?
Next we have the issue of Darksend, Masternode Blinding and the probabilities of tracing transactions. The numbers I posted were criticised as being misleading, since they only stand up for 1 round of Darksend. I couldn't make sense of this so asked more questions....again no comeback:
Let us say I face an attack that will work against 1 round of Darksend but will fail against 2 rounds of Darksend. This could be the Sybil example I quoted above. If the attacker has also partially compromised the masternode network, then I need a sequence of 2 un-compromised Darksend rounds for protection from this attack. In this example sequence 1 will not work
1) Honest Malicious Honest Malicious Honest Malicious
but sequence 2 will work
2) Malicious Honest Honest Malicious Malicious Honest
because of the bold part. So it is the probability of the sequence of n honest masternodes in the chain that matters, and this is much lower than the probability of a single honest masternode in the chain.
OK I've considered this and I'm not sure it's a fair representation of how Darksend works.
1 round of Darksend with blinding uses 20 random masternodes. With more than 1 round, round 2 uses a different set of 20 masternodes and so on, resulting in the astronomical probabilities.
Your example is showing 6 MNs and 50% of them are malicious, but we were talking about 15% of the network being compromised. Therefore only 3 of 20 nodes are likely to be malicious and your sequence doesn't work.
Forgive me if I've misunderstood your example.
Also, I'm not sure we have the full picture on masternode blinding here. See vague description from Evan below.
Masternode Blinding
Recently a paper by 3 researches at Saarland University came out describing a new technique, while there are some serious problems with the approach they take, the concept of blinding the users they use is novel. In CoinShuffle, each output is sent to the next peer in a circle, one at a time. The new peer adds an output, shuffles and then sends the list again. We can do this and actually improve upon it.
To implement blinding, each user would connect to one completely random masternode and say "Send masternode X this output/value for mix N" and pass a single output. That output would be passed to the leading masternode. It would take access to all masternodes used to know who did what, which is as solid as M rounds mathematically (M = number of outputs). This is great because all users can submit all inputs at once. So it's super fast compared to CoinShuffle and even more secure.
Finally, there is the issue of the Masternode network security and whether DASH, in general, is fit-for-purpose. DASH opponents are repeatedly saying that the Maternode network is flawed, has lots of attack vectors, means DASH is centralised etc. However, nobody has answered the simple question of whether ANY adversary short of NSA/guv could compromise the network, and therefore why is the network not fit-for-purpose?
So come on opponents, now's your chance to really press the advantage and convince me/others that DASH is fatally flawed.
