CoinJoin not fully anonymous?
- Thread starter vertoe
- Start date
plambe
Member
I tend to agree that CoinJoin is incapable by design of offering 100% anonymity through technology - it has an obvious flaw if you want mathematically proven anonymity - the Master Nodes - they can be compromised, given an adversary with sufficient determination and resources.
However, it is the best practical solution I have seen realized (or at least nearly realized) so far and it IS practical because of the Master Node price, current interest in the coin and so many other little details.
Zerocoin still is theoretical work mostly and rests on too new to be trusted cryptography according to what I've read. DarkWallet (for BTC) is ridiculous in my opinion, being centralized, or so I've heard. I still don't understand well-enough ByteCoin's and inherently, Monero's mixing scheme, so I can't assess those very well.
This brings me to yet another reason to like DarkCoin - CoinJoin is a natural for humans feature to understand and realize how much trust to put in it themselves - something (a Master Node) mixes coins! True anonymity through decentralization is added by rewarding honest Master Nodes, randomly choosing which one of them will mix now and be paid. Every DarkSend transaction goes through multiple Master Nodes, exponentially lowering the chances of the anonymity to be compromised - one honest Master Node is enough. So, yeah, it never is the absolute 100% certain anonymity, however it is simple to understand how and why it works and to work out the numbers - anonymity is pretty much near 100% if you calculate it. At the moment I don't know through how many Master Nodes does each DarkSend transaction pass, but in case it passes through 10 Master Nodes and given 10% of the Master Nodes are dishonest, this means you have 0.1 (this is the 10% dishonest nodes) to the power of 10 (this is the amount of Master Nodes that a DarkSend transaction passes, please correct me with the right number), so this would be a 0.0000000001 (or 0.00000001%) chance your transaction doesn't pass even one honest Master Node. Given 50% of Master Nodes are compromised the chance is 0.0009765625 (or a bit less than 0.1%). That's the beauty of CoinJoin - it is simple, even for non technical people it obviously works and has very much near 100% anonymity.
EDIT: one last thing - personally I believe there should be greater decentralization among Master Nodes, or in other words, I think that 100-200 DRK should be enough to get one running. This will make people like myself trust the coin better.
However, it is the best practical solution I have seen realized (or at least nearly realized) so far and it IS practical because of the Master Node price, current interest in the coin and so many other little details.
Zerocoin still is theoretical work mostly and rests on too new to be trusted cryptography according to what I've read. DarkWallet (for BTC) is ridiculous in my opinion, being centralized, or so I've heard. I still don't understand well-enough ByteCoin's and inherently, Monero's mixing scheme, so I can't assess those very well.
This brings me to yet another reason to like DarkCoin - CoinJoin is a natural for humans feature to understand and realize how much trust to put in it themselves - something (a Master Node) mixes coins! True anonymity through decentralization is added by rewarding honest Master Nodes, randomly choosing which one of them will mix now and be paid. Every DarkSend transaction goes through multiple Master Nodes, exponentially lowering the chances of the anonymity to be compromised - one honest Master Node is enough. So, yeah, it never is the absolute 100% certain anonymity, however it is simple to understand how and why it works and to work out the numbers - anonymity is pretty much near 100% if you calculate it. At the moment I don't know through how many Master Nodes does each DarkSend transaction pass, but in case it passes through 10 Master Nodes and given 10% of the Master Nodes are dishonest, this means you have 0.1 (this is the 10% dishonest nodes) to the power of 10 (this is the amount of Master Nodes that a DarkSend transaction passes, please correct me with the right number), so this would be a 0.0000000001 (or 0.00000001%) chance your transaction doesn't pass even one honest Master Node. Given 50% of Master Nodes are compromised the chance is 0.0009765625 (or a bit less than 0.1%). That's the beauty of CoinJoin - it is simple, even for non technical people it obviously works and has very much near 100% anonymity.
EDIT: one last thing - personally I believe there should be greater decentralization among Master Nodes, or in other words, I think that 100-200 DRK should be enough to get one running. This will make people like myself trust the coin better.
Last edited by a moderator:
daaarkcoins
Member
This isn't FUD, nor is it non-scientific. It shows that CoinJoin isn't fool-proof and that there's a possibility of deanonimization. However, anyone with common sense and a little technical understanding can tell that a thing like this can't be 100% anonymous. This is just how research is done. But people tend to get it the wrong way and don't get that "not 100% safe" can still mean "practically safe".
They show transaction 3 not using DarkSend, creating a hole. Also, I don't think they are showing stealth addresses correctly and do denominated amounts show up on the blockchain? I suppose they have to.... Also, they talk about a merchant billing a client, but I don't see any reason why the client has to pay without using Darksend? Is this just obfuscation? Plus, Evan never said it was 100% anonymous, though he did say he figured out a way to make it as anonymous as ring signatures and that we could expect to see it in RC4. He is always cautious not to say absolutes, but he did say it would be as anonymous as using ring signatures without adding bloat to the block chain.
But another great side effect of using a coinjoin based system for anonymity is that it will be quantum computer resistant if not proof. Or I should say it will work as well with QC's as it does with current computers. Cryptographic solutions may be pretty much unbreakable at this time, however in the very near future, when QC's come out, all those encrypted blockchains will easily be broken, and their history will spill out for anyone with a QC to see. Since the first QC's have already been manufactured, this is not science fiction.
But another great side effect of using a coinjoin based system for anonymity is that it will be quantum computer resistant if not proof. Or I should say it will work as well with QC's as it does with current computers. Cryptographic solutions may be pretty much unbreakable at this time, however in the very near future, when QC's come out, all those encrypted blockchains will easily be broken, and their history will spill out for anyone with a QC to see. Since the first QC's have already been manufactured, this is not science fiction.
Last edited by a moderator:
chaeplin
Well-known member
Is that analysis related to change address ?
I heard RC4 has great improvement in anonymity.
https://bitcointalk.org/index.php?topic=421615.msg7060893#msg7060893
Random FUD
I heard RC4 has great improvement in anonymity.
https://bitcointalk.org/index.php?topic=421615.msg7060893#msg7060893
Random FUD
Well, at the doctor's office, I studied this some more, and it proves to me that all transactions must be DarkSend transactions. If a chain of events happens so that all players can be identified except the person being careful, that careful person could also be exposed. So there is a good point here. We must make DarkSend mandatory. But I understand Evan has something up his sleeve so I'm looking forward to hearing what it is, maybe even next week? Exciting!