Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: Honestly, which is better? Monero or Dash?
by
TPTB_need_war
on 16/12/2015, 19:37:24 UTC
As for a potential solution to the IP address obfuscation issue, there is a white paper that I was first introduced to by jl777 this year and now someone else has asked me about it in a PM:

http://dedis.cs.yale.edu/dissent/

http://bford.info/pub/net/panopticon-cacm.pdf

Section 3 explains very well some of the major attacks against the onion routing (OR) in Tor and I2P.

The problems with this Dissent protocol some of which they admit in the section "5. Challenges and Future Work":

  • It requires N2 communication for N participants. If the entire network isn't included in one grouping, then next problem results. They offer a federated server "solution" but this I believe puts jamming (and anonymity?) at risk of collusion of the servers?
  • Same as for any mixnet (incluring OR and Cryptonote), if there are multiple groupings (or rings) then users can be unmasked by (a form of an intersection attack whereby) correlating which groups they participated in. This same problem results from one grouping and the fact that different users are participating at different times. This is a fundamental problem for mixnets  (including on chain mixes such as Cryptonote) that caused me to realize the problem was unsolvable.
  • Anti-jamming is based on an identity. Per the criticism I made against CoinJoin in 2013, we are creating anonymity so identity can't be insured. Perhaps we could tie identities to specific UTXO and confiscate those who jam. I would need to look into the details of that change to their design, as to whether this would violate the anonymity (and I assume yes it would until shown otherwise because of what I've learned over the past 2 years).
  • It has a simultaneity requirement (similar to Dash's mixing), more so than Tor or I2P.

Why use this complex mixnet stuff (that won't really work well) when Zerocash elegantly solves the problem and is entirely autononomous. To quote smooth (he was referring to Cryptonote but he should have been referring to Zerocash), "a pidgeon could carry your transaction to the block chain and it wouldn't matter". Let me rephrase that, "a truck with your name painted on the side could carry your transaction to the block chain and it wouldn't matter". With Zerocash, everything is hidden so even if you put your name in the transaction packets, it wouldn't affect your anonymity because no one can see any of the details of the transaction. All they will see is you put your name on this encrypted blob of data. So you are worried about the compromised key of Zerocash leading to a hidden inflation of the money supply (I was too), but it doesn't affect the anonymity in any case. Well even that has solutions, e.g. make multiple sets of keys and sign all transactions with more than one signature so you have more assurance that all of the keys weren't fraudulently generated. Or run Zerocash only as a mixer and net out all the coins in/out periodically to be sure it is not creating coins out-of-thin-air.