Re: [ANN][DRK] DarkCoin | First Anonymous Coin | First X11 | First DGW | ASIC Resistant
I came up with a way better solution to this issue than my previous idea. Plus it's already supported by DarkSend, I'll just enforce it in RC3
John darksends 2.5 coins from A to C, gets 7.5 back as change on address X, Y, V, Z (X = 5DRK, Y = 1DRK, V = 1DRK, Z=0.5DRK )
Joe darksends 3 coins from E to G, gets 7 back as change on address W, K, J (W = 5DRK, K = 1DRK, J = 1DRK)
Suzie darksends 3.5 coins from K to Q, gets 6.5 back as change on address F, G, H (F = 5DRK, G = 1DRK, H = 0.5DRK)
Change is denominated into units of 5, 1, 0.5, 0.25, 0.1, 0.05, and 0.01 DRK. I'll introduce the precision limitation back again of 0.01DRK. So if you get 7.5 DRK of change back, you'll end up with 5DRK+1DRK+1DRK+0.5DRK.
You could still possible do taint analysis on denominations only used once, but this would be solved with multiple rounds in DarkSend.
John darksends 2.5 coins from A to C, gets 7.5 back as change on address X, Y, V, Z (X = 5DRK, Y = 1DRK, V = 1DRK, Z=0.5DRK )
Joe darksends 3 coins from E to G, gets 7 back as change on address W, K, J (W = 5DRK, K = 1DRK, J = 1DRK)
Suzie darksends 3.5 coins from K to Q, gets 6.5 back as change on address F, G, H (F = 5DRK, G = 1DRK, H = 0.5DRK)
Change is denominated into units of 5, 1, 0.5, 0.25, 0.1, 0.05, and 0.01 DRK. I'll introduce the precision limitation back again of 0.01DRK. So if you get 7.5 DRK of change back, you'll end up with 5DRK+1DRK+1DRK+0.5DRK.
You could still possible do taint analysis on denominations only used once, but this would be solved with multiple rounds in DarkSend.
I'm taking partial credit for it!
This is similar to what I was trying to achieve with stealth sending, minus the denomination of receiving addresses. Usually users want to send to a pre-existing address, optimally DarkSend would be able to denominate the receiving party's amount as well. Stealth addresses allow you to generate infinitely many addresses from one receiving address. Sadly, the only way to see if you have coins in a stealth address is to have the private keys in memory which destroys cold storage completely. You would not be able to see whether or not someone had sent you coins. Without stealth sending though, the master node would have to issue new addresses which cannot happen for obvious reasons. If someone can think of a way to fully denominate the receiving party's amount it would push the coin into complete darkness. When combined with Evan's I2P implementation Dark would be as anonymous/private as possible.
...
I spent a decent amount of time thinking about how to denominate the receiving address as well. One solution I thought of, is not nearly as fancy as what you describe but sort of works. You could just have the recipient provide a concatenated list of addresses from his wallet than can be used to do denominate the transaction. This could be called a "Dark" address or something else equally silly
. and would look something like this:ABCDEFGHIJK
where each letter represents a different address in the receiving wallet. The "Dark" address would be long as fuck, but it would get the job done - on the blockchain there would be no record of a special "Dark" address ever existing, only the individual addresses, A, B, C etc.