Dr.Crypto
Member
Hey everyone,
As a disclaimer, I'd like to say that I've always been pretty skeptical regarding stealth addresses, especially when some guy started to ask for it to be implemented for Darkcoin a few days ago on Reddit.
Now, I still believe in the higher degree of anonymity offered by Darksend+, however liquidity is a problem and in the current situation, it would be relatively inexpensive to run tens of rogue liquidity providers in order to gain information and possibly reconstruct the other peers' mixing history. This issue is well known and was naturally reported during Kristov Atlas' review on Darksend+, see the section on sybil attacks. In particular, Atlas considered it to be the major threat to Darksend+, describing Darksend+ Status as "Vulnerable", Remaining Impact as "High" and Fix Difficulty as "Difficult".
As far as I understood, the dev team has chosen to mitimate the problem by requiring a minimum of three peers for each Darksend+ round. However, in the current situation, not many people are trying to mix their coins at the same time, resulting in the possibility for attackers to create several rogue liquidity providers at the sole cost of collaterals. A partial solution that was mentioned before would be to reduce the probability of rogue liquidity providers of being selected for mixing operations by ensuring that even more "honest" liquidity providers take part in Darksend+, however (1) this would create blockchain bloat, and (2) nothing would prevent an attacker to create even more rogue liquidity providers, requiring more honest liquidity providers, generating more blockchain bloat and so on.
The fact that dedicated liquidity providers are needed for the sole purpose of balancing out essentially costless rogue liquidity providers is an important issue in itself,. Liquidity providers, if anything, should only serve as increasing the mixing speed for everyone.
But the recent open-sourcing of Vertcoin's stealth addresses made me wonder: how about combining them with Darksend+? Wouldn't it ensure that that for each anonymisation round, observed transactions cannot be traced back to the source anymore? Though I haven't looked into the implementation details yet, I believe this could act as a substantial additional layer of privacy, that would virtually annihilate the incentive to run rogue liquidity providers as no useful information could be extracted. As a result, Darksend+ could be fully protected from sybil attacks and the blockchain remain fit.
Of course, this message is in no way a call to the devs, as now that the code is open sourced anyone is welcome to contribute, but I'd like to have some opinions on that matter, especially if I overlooked something.
Still, it would be great if the main threat to Darkcoin could be resolved with an elegant solution!
Thanks for reading
As a disclaimer, I'd like to say that I've always been pretty skeptical regarding stealth addresses, especially when some guy started to ask for it to be implemented for Darkcoin a few days ago on Reddit.
Now, I still believe in the higher degree of anonymity offered by Darksend+, however liquidity is a problem and in the current situation, it would be relatively inexpensive to run tens of rogue liquidity providers in order to gain information and possibly reconstruct the other peers' mixing history. This issue is well known and was naturally reported during Kristov Atlas' review on Darksend+, see the section on sybil attacks. In particular, Atlas considered it to be the major threat to Darksend+, describing Darksend+ Status as "Vulnerable", Remaining Impact as "High" and Fix Difficulty as "Difficult".
As far as I understood, the dev team has chosen to mitimate the problem by requiring a minimum of three peers for each Darksend+ round. However, in the current situation, not many people are trying to mix their coins at the same time, resulting in the possibility for attackers to create several rogue liquidity providers at the sole cost of collaterals. A partial solution that was mentioned before would be to reduce the probability of rogue liquidity providers of being selected for mixing operations by ensuring that even more "honest" liquidity providers take part in Darksend+, however (1) this would create blockchain bloat, and (2) nothing would prevent an attacker to create even more rogue liquidity providers, requiring more honest liquidity providers, generating more blockchain bloat and so on.
The fact that dedicated liquidity providers are needed for the sole purpose of balancing out essentially costless rogue liquidity providers is an important issue in itself,. Liquidity providers, if anything, should only serve as increasing the mixing speed for everyone.
But the recent open-sourcing of Vertcoin's stealth addresses made me wonder: how about combining them with Darksend+? Wouldn't it ensure that that for each anonymisation round, observed transactions cannot be traced back to the source anymore? Though I haven't looked into the implementation details yet, I believe this could act as a substantial additional layer of privacy, that would virtually annihilate the incentive to run rogue liquidity providers as no useful information could be extracted. As a result, Darksend+ could be fully protected from sybil attacks and the blockchain remain fit.
Of course, this message is in no way a call to the devs, as now that the code is open sourced anyone is welcome to contribute, but I'd like to have some opinions on that matter, especially if I overlooked something.
Still, it would be great if the main threat to Darkcoin could be resolved with an elegant solution!
Thanks for reading
