You are viewing a single comment's thread from:

RE: Why I think stealth, backups and sidechains shouldn't be added in BitShares

in #bitshares9 years ago (edited)

ShadowCash was de-anonymized because the developers had adopted ring cryptography from CryptoNote and applied it to the Bitcoin Core codebase. In doing so, they had to modify certain parameters as the underlying elliptic curve used in the two protocols are different.

What happened was that they chose to hash some values that allowed someone, i.e. Shen Noether from Monero, who knows some basic Linear Algebra and Cryptography to apply a type of Gaussian Elimination to obtain which public key was used in the supposed anonymous send if someone wanted to use Ring Cryptography to hide the fact they are the sender. This, as you mention, de-anonymizes their chain, since it was incorrectly implemented.

A fix was found by a different team of developers (I forget by whom at the moment) and, from what I could tell, the dev(s?) seemed to have a firm grasp on the underlying mathematics and subsequently released his/her/their solution as a clone of ShadowCash.

A week or two later, the Shadow Team adopted precisely this fix.

Now, this is also fundamentally different from stealth addresses, which masks the receiving address, and not the sender address.

I can confidently say that both stealth addresses and the use of ring cryptography to anonymize both the receiver and sender in a transaction, respectively, are more powerful technologies than 'washing' and using TOR. To think that this is a 'gimmick' or a 'fad' to raise the market cap and to believe that these are 'false' claims (even by DASH, as the mixing that is done is, for all intents and purposes, a "practical" solution) about how much privacy is obtained is a gross misunderstanding of the mathematics.

Sort:  

To be honest, I didn't know that this was the exact story behind Shadowcash, but regardless of what happened and how, I wanted to point out that this is serious stuff. In order to apply this stuff properly, good cryptographers are needed, and not just some good coders.

I totally agree with everything you mentioned. My point is that if you wanna add a gimmick to BitShares, just do it with gimmicks that already exist... Are we going to add ring signatures and stealth addresses to BitShares? Hell no...

Even some people within Dash know that Darksend isn't 100% secure and private. It is a new technology and you never know when someone will be able to break into it. Imagine thinking that you are anonymous and then one day waking up, 5 years later and you realize that all your transactions have been denonymized. Not all people need temporary privacy or anonymity. This is serious stuff where lives might be in danger after such 'revelations'. It isn't just investors trying to hide money like it probably will be in BitShares. Again, there is little privacy, privacy and total privacy-anonymity. If I had to chose the first one, I'd rather not have it at all.

Also at the moment they offer no good obfuscation of IP and many people, including myself, were complaining about this. Mixing was taking hours first and then they added people who get paid to offer liquidity. What are the problems with this :

Let's say CoinJoin offers quite good privacy. There are the following problems :

  1. Only the destinations are mixed up, not the amounts. So someone can track back who sent what with some good analysis.
  2. By not protecting your IP, especially when your mixes take hours, someone could easily find out who you are.
  3. We don't know how many Masternodes are not compromised/control/owned by adversaries. It is currently assumed that only a small portions of the nodes is malicious.
  4. When people offer just liquidity, an attacker can easily see who they are as their funds are probably going from CoinJoin to CoinJoin, while the rest of the participants might spend their coins somewhere.

CoinJoin and Stealth addresses would be pretty good, at least a lot better than CoinJoin itself. But again even these are not enough. If you can't hide the fact that you are using Monero, Dash etc, then there is little chance of being able to stay anonymous.

I don't think adding ring cryptography or stealth addresses would be necessarily difficult to include into BitShares. I'm more than happy to lend my expertise on the matter. Then again, what do I know ?

The other issues you raise need to be addressed as well.

  1. You are right that there is some type of amount information that can be used for analysis, particularly the number of tokens moved from 1 address to another. From what I understand Monero Research Labs is considering this problem.

  2. VPN + TOR. Most coins are using TOR anyway nowadays ... those that aren't, you can't really do much about it, unless you use a snapshot of the blockchain at a particular time and then re-launch with TOR added.

  3. Indeed a problem. Run your own masternode. I will be once I have enough DASH saved.

  4. I'll have to think on this one a bit more.

Coin Marketplace

STEEM 0.22
TRX 0.26
JST 0.039
BTC 98362.82
ETH 3451.59
USDT 1.00
SBD 3.21