Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Topic OP
Does Darkcoin's DarkSend trust model actually work?
by
R160K
on 27/05/2014, 17:39:17 UTC
I just read the Darkcoin white-paper - it is good to see a coin implementing distributed mixing at a protocol level (as far as I understand it, the mixing is done partly at a protocol (using scripts), partly at a client level). However, I may be missing something, but I don't see the trust model being proposed being as solid as suggested. Network discipline is achieved through the arbitration of miners - the last two miners to work on the block decide whether a master node or whatever has handled the transaction properly, and if they both decide he/she hasn't they can take a forfeit from him (which is effectively held in deposit). The paper suggests that collusion between miners would be discouraged because: "In that case the pools users would learn of this and stop using that pool." - but this just doesn't ring true. Relying on pool members (who are making a profit from their pool's dishonesty) to make an ethical decision to switch pools? The users actually submitting the transactions - unless Darkcoin's infrastructure is substantially different from Bitcoin's - will have no say over who does and doesn't get to mine the block with their transaction on it, and so can't choose not to use certain miners; the only mode of volition available to them is to not use the coin, and it's a mode they'll willingly subscribe to. As I say, I may be missing something, but it looks like miner collusion can not be prevented.

Also, especially in the early days when uptake is low, the system seems to be relying on users voluntarily running scripts to send dummy payments to their own addresses, in order to fill up the slots in joined transactions, increasing anonymity and getting those transactions turning around faster. This seems not only highly optimistic, but also otiosely resource intensive - as well as accelerating difficulty increase and potentially shortening the march to the altcoin gallows. Though this be a pedantic grievance, and I'm certain in practice there shouldn't be too many problems if such scripts are by default enabled at a client level.

Lastly, forgive my ignorance, but the white-paper mentioned nothing about how those issuing transactions keep the exact recipient of their transactions secret from the master node - though I'd be very surprised if there isn't a mechanism for that built in; the details are probably in the CoinJoin paper.