Hello,
I haven't been very active on this forum so far, but I think it's time to talk about these things:
Darksend, in the current implementation, has a few flaws I want to discuss and find possible improvements for.
Problem #1:
Denomination fee:
The denomination fee is always 0.0125 DRK per participant. There are always 3 participants per Darsend Tx making it a total of 0.0375 DRK.
While I agree that the Darksend Tx has to be of the same size for everyone due to anonymity implications, the fee itself is not mixed, meaning it will always link to the origin of the funds before they entered the Darksend process. Heres an example:
Address XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 has first been loaded with a little over 1000 DRK and then performed a Darksend Transaction for amout 98 DRK and then added another ~34 DRK to it's darksend pool, resulting in the funds being Dark sent to different addresses as 10.00000001 and 1.00000001 bits in this transaction.
Theres also some change of 0.71363402 which has not become part of the Darkcoin pool. Now, for further Darksend rounds, technically and for the sake of anonymity, none of those outputs should be re-linked to XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7.
However, in the next round of Darksend they are linked back to XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 because the fee of 0.0125 DRK is paid from there. The same goes for the next round after this one again.
Again the fee is being paid from XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 linking it to all further rounds of Darksend.
This is a real issue, especially because theres only 3 participants per Darksend round (and each round connects the transaction to the 3 origin address due to this fee issue). This means there are only 2 Parties to check (of which we know the origin addresses) in order to de-anonymize the 3rd one as well.
People talk about malicious Masternodes, how about malicious liquidity providers removing all other layers of Darksend anonymity because of the fee issue?
Solution:
Send the fee through Darksend as well. That way each fee will be paid by an output of a Darksend transaction and not be linked to the origin address.
This means that an observer is able to know how many Darksend rounds are still to come for the outputs of a Darksend transaction, but it does not enable him to know how they are devided amongst the Darksend outputs and it does not allow him to know how many rounds each output has already gone through, so I do not see an issue with that.
Problem #2:
Liquidity and denomination size:
Currently, there are different denomination sizes of which the most common ones are 1.00000001, 10.00000001 and 100.00000001 with the latter one being used less frequently than the other 2. There are higher Darksend denomiation sizes but they are rarely used.
Also, we all know there is currently a liquidity problem resulting in long waiting times when trying to create a Darksend transaction. I see the way denomination is handled as one reason for the long waiting times and the low liquidity.
When someone creates a Darksend Transaction with denominations of 100.00000001, 10.00000001 and 1.00000001, then be has to wait for someone else who has at least one of each. If he finds someone who has the ~10 DRK and the ~1 DRK denominations, but not the ~100 denominations, he can't mix with him.
And thats quite reasonable since it woudl mean that, in the end, the ~100DRK denomination would be easily linked to an input address.
Thats means there are a lot less potential Darksend participants for each constellation with a combination of ~10DRK and ~1 DRK ones being the most used one.
This results in less liquidity for everyone since each combination "plays on it's own level", not allowing them to be mixed.
Solution:
In order to allow all sorts of denominations to be mixed, we'd simply have to change the denominations from 10.00000001 to exactly 10DRK. The same for all the others.
That way a 100 DRK denomination can enter a transaction with only 10s and 1s and just be split into 10x10DRK.
With the current implementation this is not possible since you cannot split 0.00000001 DRK, but by "flattening" denominations to 1s, 10s and 100s, this wouldn't be a problem at all.
Suddenly, they could all be mixed adding a massive amount of liquidity to the Darksend feature.
Problem #3:
Re-mixing total amounts and spending in one go:
The problem i describe here is the fact that once an amount of DRK enters the Darkcoin mixing pool, there will always be the full amount mixed (at least to the smallest denomination). That means if I have ~55 coins being mixed, resulting in 5x ~ 10DRK and 5x ~ 1DRK denominations, each Darksend round will use all of them.
Together with Problem #1, which allows us to see the 3 origin addresses of each Darksend transaction, this can cause some anonymity issues.
If we want to spend all mixed coins at once, we ill have the same amount spent as we put in to mix. Because an observer can see the origin addresses, he can quickly link the funds spent to the address which put exactly that amount into the Darksend pool.
Now one could say don't spend them all at once then, but what if the 2 other participants do exactly that? There would only be your origin address left to tie the rest of the outputs to and it will always be correct.
Solution:
What I suggest is (in addition to the solution for problem #1), that Darksend does not take the whole Darksend pool to mix, but a random amount of denominated coins. This would result in more Darksend transactions, but also more liquidity (not in total amounts, but in number of participations). Unlike the other 2 solutions, this might be a lot of work and I a am not sure amount how to deal with the transaction fee in this case, so this solution is kind of a draft which I hope people will help develop. The solution to problem #1 should deal with a lot of issues problem #3 causes as well, so #1 and #2 should be fixed first I think.
If you are still reading, thanks and I hope you have something useful to add to the discussion.
If I forgot about something or if I just wrote plain bullshit because I didn't see something, then..meh... But I think these suggestions could help Darkcoin grow. I hope to get some useful input here, let the discussion begin
I haven't been very active on this forum so far, but I think it's time to talk about these things:
Darksend, in the current implementation, has a few flaws I want to discuss and find possible improvements for.
Problem #1:
Denomination fee:
The denomination fee is always 0.0125 DRK per participant. There are always 3 participants per Darsend Tx making it a total of 0.0375 DRK.
While I agree that the Darksend Tx has to be of the same size for everyone due to anonymity implications, the fee itself is not mixed, meaning it will always link to the origin of the funds before they entered the Darksend process. Heres an example:
Address XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 has first been loaded with a little over 1000 DRK and then performed a Darksend Transaction for amout 98 DRK and then added another ~34 DRK to it's darksend pool, resulting in the funds being Dark sent to different addresses as 10.00000001 and 1.00000001 bits in this transaction.
Theres also some change of 0.71363402 which has not become part of the Darkcoin pool. Now, for further Darksend rounds, technically and for the sake of anonymity, none of those outputs should be re-linked to XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7.
However, in the next round of Darksend they are linked back to XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 because the fee of 0.0125 DRK is paid from there. The same goes for the next round after this one again.
Again the fee is being paid from XmaH4tKi8jwdTkuyLVVvPrBLxwz2bc3rk7 linking it to all further rounds of Darksend.
This is a real issue, especially because theres only 3 participants per Darksend round (and each round connects the transaction to the 3 origin address due to this fee issue). This means there are only 2 Parties to check (of which we know the origin addresses) in order to de-anonymize the 3rd one as well.
People talk about malicious Masternodes, how about malicious liquidity providers removing all other layers of Darksend anonymity because of the fee issue?
Solution:
Send the fee through Darksend as well. That way each fee will be paid by an output of a Darksend transaction and not be linked to the origin address.
This means that an observer is able to know how many Darksend rounds are still to come for the outputs of a Darksend transaction, but it does not enable him to know how they are devided amongst the Darksend outputs and it does not allow him to know how many rounds each output has already gone through, so I do not see an issue with that.
Problem #2:
Liquidity and denomination size:
Currently, there are different denomination sizes of which the most common ones are 1.00000001, 10.00000001 and 100.00000001 with the latter one being used less frequently than the other 2. There are higher Darksend denomiation sizes but they are rarely used.
Also, we all know there is currently a liquidity problem resulting in long waiting times when trying to create a Darksend transaction. I see the way denomination is handled as one reason for the long waiting times and the low liquidity.
When someone creates a Darksend Transaction with denominations of 100.00000001, 10.00000001 and 1.00000001, then be has to wait for someone else who has at least one of each. If he finds someone who has the ~10 DRK and the ~1 DRK denominations, but not the ~100 denominations, he can't mix with him.
And thats quite reasonable since it woudl mean that, in the end, the ~100DRK denomination would be easily linked to an input address.
Thats means there are a lot less potential Darksend participants for each constellation with a combination of ~10DRK and ~1 DRK ones being the most used one.
This results in less liquidity for everyone since each combination "plays on it's own level", not allowing them to be mixed.
Solution:
In order to allow all sorts of denominations to be mixed, we'd simply have to change the denominations from 10.00000001 to exactly 10DRK. The same for all the others.
That way a 100 DRK denomination can enter a transaction with only 10s and 1s and just be split into 10x10DRK.
With the current implementation this is not possible since you cannot split 0.00000001 DRK, but by "flattening" denominations to 1s, 10s and 100s, this wouldn't be a problem at all.
Suddenly, they could all be mixed adding a massive amount of liquidity to the Darksend feature.
Problem #3:
Re-mixing total amounts and spending in one go:
The problem i describe here is the fact that once an amount of DRK enters the Darkcoin mixing pool, there will always be the full amount mixed (at least to the smallest denomination). That means if I have ~55 coins being mixed, resulting in 5x ~ 10DRK and 5x ~ 1DRK denominations, each Darksend round will use all of them.
Together with Problem #1, which allows us to see the 3 origin addresses of each Darksend transaction, this can cause some anonymity issues.
If we want to spend all mixed coins at once, we ill have the same amount spent as we put in to mix. Because an observer can see the origin addresses, he can quickly link the funds spent to the address which put exactly that amount into the Darksend pool.
Now one could say don't spend them all at once then, but what if the 2 other participants do exactly that? There would only be your origin address left to tie the rest of the outputs to and it will always be correct.
Solution:
What I suggest is (in addition to the solution for problem #1), that Darksend does not take the whole Darksend pool to mix, but a random amount of denominated coins. This would result in more Darksend transactions, but also more liquidity (not in total amounts, but in number of participations). Unlike the other 2 solutions, this might be a lot of work and I a am not sure amount how to deal with the transaction fee in this case, so this solution is kind of a draft which I hope people will help develop. The solution to problem #1 should deal with a lot of issues problem #3 causes as well, so #1 and #2 should be fixed first I think.
If you are still reading, thanks and I hope you have something useful to add to the discussion.
If I forgot about something or if I just wrote plain bullshit because I didn't see something, then..meh... But I think these suggestions could help Darkcoin grow. I hope to get some useful input here, let the discussion begin
