Great idea
Shen providing a review would be great for Eclipse.
I was getting the opinion of others on SDC/Eclipse and a good point was brought up.
any input or thoughts from the XMR camp? Does this mean Eclipse is cryptograhically anonymous?
They seem to have at least tried to fix the one identified flaw in SDC. Whether SDC has other flaws they didn't fix or whether their fix is even correct is not something anyone can answer without spending a lot of time reviewing it all, which probably won't ever happen.
Valid points, I am hoping they will be able to get their 'fix' properly reviewed.
Assuming the fix is indeed correct, would that mean that it is then truly anonymous?
In other words: if recently exposed flaw in SDC anonymity was fixed, does it make SDC as/more anonymous as XMR? or is SDC still inferior to XMR for anonymity?
What about the other 99.999% of SDC, developed by the same people who made a basic math/crypto error, and which no one has ever reviewed?
Shen found that one flaw effectively by accident, while working on something else.
If SDC were comprehensively reviewed, then one could make claims about it. At this point, I would not.
Have you considered the possibility of this? Is there a reason why you chose shadowcash method of anonymity over other ways of anonymity?
As usual, smooth has beautiful insight, but it's not an insight that wasn't also obvious to us.
It's important to understand that SDC ported the cryptonote ring signature system to the bitcoin codebase, almost in it's entirety. You can see what I mean in the naming of the methods:
CN: hash_to_ec --> SDC: hashToEC
CN: generate_key_image --> SDC: generateKeyImage
CN: generate_ring_signature --> SDC: generateRingSignature
Why is this important? Because where SDC has an opportunity to deviate, they may create security flaws. Here, they chose to use curve secp256k1, which has a number of useful properties, most notably the potential for an very efficient implementation, as has been created by bitcoin. In choosing secp256k1, they had no template function by which to map a scalar hash (SHA256d) to an EC point. So they did the most "obvious" and provably wrong thing, they took the scalar multiple of the EC base point, using the hash as the scalar.
Shen discovered this flaw, we absolutely do not want to take credit for his insight.
In general, SDC did not deviate significantly from cryptonote elsewhere from what we can tell. Thus, since they followed the cryptonote recipe, the rest of the ring signature system will be as secure as cryptonote for the simple reason that there are not many ways to screw it up. Once you have the EC point from the hash, generating the signature and key image is identical to the cryptonote method.
It appears that the devs behind eclipse are at least somewhat competent at coding and if you have managed to successfully fix the flaw then great job.
I have some realistic concerns about eclipse though. If the fix is the only new implementation for eclipse then eclipse will simply fade away when SDC applies a fix as well. There would be no appeal to utilize SDC over Eclipse with all things being equal in terms of anonymity. My next concern is potential flaws in other parts of SDC code, this means Eclipse will also be vulnerable to them.