Proposal: Infrastructure - Liquidity Providers (Sept)

Ryan Taylor

Well-known member
Foundation Member
This is a cross-post from www.dashcentral.org/p/infra-lqd-pvd-201609

The liquidity provider team supports the network by providing liquidity for mixing on the network. Results for mixing on the network have resulted in dramatically shorter mixing times, which in the past could have taken as long as a few days to complete. This proposal simply extends Liquidity providers for one additional month. See previous Liquidity Provider proposals for additional details on this program.

Requested funding is as follows for the September 4th budget cycle:
Total: 27.98 Dash

Exchange rate risk is carried only by the liquidity provider team and not the network.

Manually vote YES on this proposal:
dash-cli mnbudget vote-many eefb831a41e0029325a60cd2a25bd9ad96e40ecb2d07368ab2e7d4cfa1de545e yes
OR from the qt console:
mnbudget vote-many eefb831a41e0029325a60cd2a25bd9ad96e40ecb2d07368ab2e7d4cfa1de545e yes

Manually vote NO on this proposal:
dash-cli mnbudget vote-many eefb831a41e0029325a60cd2a25bd9ad96e40ecb2d07368ab2e7d4cfa1de545e no
OR from the qt console:
mnbudget vote-many eefb831a41e0029325a60cd2a25bd9ad96e40ecb2d07368ab2e7d4cfa1de545e no
 
I am voting "No" for the following reason: Our CoinJoin implementation is highly inefficient by at least two orders of magnitude; even with liquidity providers. I think the most rational thing to do is to move on from this feature and implement a new anonymity solution down the road, or to just focus on evolution. In my mind any money spent on this "feature" is wasted money.

Pablo.
 
What is this claim based on? There is at least 1 bug that slows mixing down in v0.12.0.x for sure, but I'm inclined to think your assessment is going a bit too far.

This claim is based on the fact that I tried to mix a few thousand Dash a couple of days ago and gave up after 30 hours, while Monero is inherently anonymous, as is ZCash. In anonymity terms our solution is by far the slowest and most cumbersome of all the alts. It is also a legacy feature Evan implemented when Dash was not meant to be more than a side project for him, its clear it needs to be replaced.

Pablo.
 
This claim is based on the fact that I tried to mix a few thousand Dash a couple of days ago and gave up after 30 hours
If mixing stalled completely, then you probably hit the bug I was referring to. Restarting with -zapwallettxes=1 should get it going again.
Monero is inherently anonymous, as is ZCash. In anonymity terms our solution is by far the slowest and most cumbersome of all the alts.
XMR is only as anonymous as ring signatures are. It's highly likely that in the not too distant future this cryptography will be broken (by quantum computers or otherwise). You are comparing apples and oranges. I much prefer an off-chain mixing solution.

Zerocash (unless something major has changed somehow), is a completely opaque blockchain; it requires trust in an entity to initialize the chain in an honest and safe way. Not an easy pill to swallow, and again apples and oranges.
It is also a legacy feature Evan implemented when Dash was not meant to be more than a side project for him, its clear it needs to be replaced.
Dash mixing technology has evolved significantly since the early proof of concept days. The only thing that seems clear to me, is that you're upset with the present performance. I am not exactly pleased with it myself, but I do like the technology. I would like for us to work on the present bugs, and then get back to working on the MN blinding code. This approach provides significantly increased privacy with less mixing rounds (not the same thing as encrypted multi-path routing, which for some reason people often get confused about).
 
I think i have stated my position clearly. I don't know why you think I am "upset," I am merely being pragmatic.

You make the argument that ring signatures may be broken in the future, that is a big "if", and that doesn't change that they work now and do not require thirty hours of mixing. Further, I did not hit a bug, it just takes that damn long to mix large amounts. I have been with Dash since March 2014, I have seen every iteration of mixing, and as Dash has evolved, it has clearly remained a legacy feature.

You also say that ZCash requires trusted setup, this is true, but if you read the white paper on trusted setup, you will realize it is pretty hard to compromise initialization. Initialization will be done through a delegation of 18 trusted parties, ALL of which would need to be corrupted/corrupt to break the system. If a single person is honest it can not be broken, given the company roster of highly trusted, long standing community individuals, I feel pretty confident it will work.

I am not defending Monero or ZCash, they both have their issues, but I am not sure you can make the argument that CoinJoin, under any implementation, is the best solution. It is too slow for your average user who, when looking for anonymity, will tend to the "instant". Also, have you tried to run coinjoin and then use the "guesstimated wallet" feature on any explorer? Amanda B. Johnson had a interesting realization the other day when she had been mixing and then found ALL her addresses, mixed and unmixed, in that "guesstimated wallet" feature. The most minor cross pollination between mixed and unmixed coins will give away the ENTIRE wallet. This is clearly sub-par for any implementation. Further, there have been well reasoned attacks on CoinJoins security model, here and here among others.

I personally think, and have made clear in several places, that we should move away from coinjoin and focus on Evolution until something better can be implemented, not because I am "upset" with coinjoin but because it is a black mark on an otherwise impressive Ferrari of a coin.

I think you should view my statement from a more neutral position as opposed to thinking that I am out to get coinjoin just because mixing takes forever. I genuinely want an anonymity feature that can go mainstream.

Pablo.

EDIT: Added source files.
 
Last edited:
Also, have you tried to run coinjoin and then use the "guesstimated wallet" feature on any explorer? Amanda B. Johnson had a interesting realization the other day when she had been mixing and then found ALL her addresses, mixed and unmixed, in that "guesstimated wallet" feature. The most minor cross pollination between mixed and unmixed coins will give away the ENTIRE wallet. This is clearly sub-par for any implementation.

interesting, where did she post about this issue? was it dash or btc coinjoin?
 
interesting, where did she post about this issue? was it dash or btc coinjoin?

Hey :),
It was Dash. I think I saw it on Slack, you would need to ask her though as I didn't bookmark it. You can also try out guesstimated wallet after using some mixed funds, if you do not use coin control it will show all your TX.

Pablo.
 
Yep, the issue with guesstimated wallet is that if you use all kind of funds and try mix them they are effectively linked together because initial transactions (when you create denominations) are no different from a regular bitcoin transaction. PrivateSend means that when you _spend_ _mixed_ funds no one can link them together, the history _before_ mixing is not protected. You must be very accurate to avoid linking such non-mixed funds together, ideally you should use different wallet for private balance to prevent any possibly links. Of course this is not very user friendly way, so we are trying to improve this in 12.1, see https://github.com/dashpay/dash/pull/906 and few more improvements and fixes in https://github.com/dashpay/dash/pull/913 and probably some more in few following PRs (but mostly refactoring code from these two iirc).
 
I think i have stated my position clearly. I don't know why you think I am "upset," I am merely being pragmatic.

You make the argument that ring signatures may be broken in the future, that is a big "if", and that doesn't change that they work now and do not require thirty hours of mixing. Further, I did not hit a bug, it just takes that damn long to mix large amounts. I have been with Dash since March 2014, I have seen every iteration of mixing, and as Dash has evolved, it has clearly remained a legacy feature.

You also say that ZCash requires trusted setup, this is true, but if you read the white paper on trusted setup, you will realize it is pretty hard to compromise initialization. Initialization will be done through a delegation of 18 trusted parties, ALL of which would need to be corrupted/corrupt to break the system. If a single person is honest it can not be broken, given the company roster of highly trusted, long standing community individuals, I feel pretty confident it will work.

I am not defending Monero or ZCash, they both have their issues, but I am not sure you can make the argument that CoinJoin, under any implementation, is the best solution. It is too slow for your average user who, when looking for anonymity, will tend to the "instant". Also, have you tried to run coinjoin and then use the "guesstimated wallet" feature on any explorer? Amanda B. Johnson had a interesting realization the other day when she had been mixing and then found ALL her addresses, mixed and unmixed, in that "guesstimated wallet" feature. The most minor cross pollination between mixed and unmixed coins will give away the ENTIRE wallet. This is clearly sub-par for any implementation. Further, there have been well reasoned attacks on CoinJoins security model, here and here among others.

I personally think, and have made clear in several places, that we should move away from coinjoin and focus on Evolution until something better can be implemented, not because I am "upset" with coinjoin but because it is a black mark on an otherwise impressive Ferrari of a coin.

I think you should view my statement from a more neutral position as opposed to thinking that I am out to get coinjoin just because mixing takes forever. I genuinely want an anonymity feature that can go mainstream.

Pablo.

EDIT: Added source files.
Indeed you have stated your position clearly, but that doesn't make it valid. Given your responses, you still don't seem to understand the point I was making. There's a reason that top agencies requiring privacy make assessments on how long they expect a given algorithm and key size to remain secure. It's because generally speaking all cryptography is broken with sufficient advances in mathematics and/or technology (the exception being OTP with a proper entropy source). This is why I would much prefer that we keep our mixing off the immutable public ledger.

You keep calling our mixing technology CJ and legacy, but it most certainly is not either of those things. It's based on the same fundamental concept as CJ, but that is where the similarity ends. It is not legacy, because if anything it's still a very young and evolving technology with a lot of potential. Your "well reasoned attacks" links are not news, and it's a bit amusing that you assume I'm not aware of such things. The first link is an attack created by Kristov Atlas, which was actually directly involved in improving our mixing model security. Other extremely significant contributions came from Aswan. A lot of very impressive work has gone into our mixing technology, and it's a bit disrespectful to say the least for you to keep referring to it like you do.

Don't get me wrong; I want to continually raise the bar on privacy and improve performance, but definitely not at the expense of privacy relying on a single cryptographic point of failure.
 
It's clear to me you do not intend to budge your position, so I'll leave it at that. I think enough information has been presented by both sides, I believe users are smart enough to decide for themselves how they feel about this implementation.

Pablo.
 
Last edited:
FYI... the core team will NOT be seeking additional infrastructure budget for the October payment cycle. Between expenses coming in later than expected, some frugality on the part of @moocowmoo, and price appreciation, there is not a need for further funding at this time.

EDIT: Ooops... wrong infrastructure thread.
 
Back
Top