Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: 【Truth or FUD???】DarkCoin – The Next Big Thing, or Just Another Pump and Dump?
by
gmaxwell
on 06/06/2014, 07:34:00 UTC
Quote from: AlexGR on June 06, 2014, 07:14:52 AM
DarkSend does not use blind signing, and, if I remember correctly, the reason is that the implementation had DOS issues and the attacker could get away with it. So given that the node knows what it signs, the next alternative was
Right, this is a centralized approach... a central server can deanonymize people. There may be many of these servers, but you're still trusting them to not be bad.  It may be acceptable— it's probably better than nothing at all.  But things like this is precisely what Ozziecoin is slamming.  Ironically, because the CJ thread post 5 describes how you can deal with the dos attacks while actually being private for everyone:  If the transaction fails, everyone deanonymizes their attempt, and anyone who fails to deanonymize (or is directly shown to be the party refusing to sign) is banned. It's a PITA to actually implement, I agree.

Quote
If it was part of Bitcoin, it wouldn't require Dark Wallet, would it?
Having something in the protocol doesn't mean that there is an interface to it. I was doing CoinJoins back in 2011-2012, in public too— https://bitcointalk.org/index.php?topic=139581.0 ... no software was required for it once the raw transaction interface made it into a release. The point here being that none of this needs an altcoin, yes it may need all sorts of client software and such, but there is no need to invoke another currency except to Make Money Fast.

Quote
What's the point of opensourcing it while the specifications are not yet finalized?[/quote[What the point of releasing it at all and hyping it up with a bunch of claims that no one can verify?

Quote
How is a trusted solution (due to the accumulator) better?
I suspect you may be confusing zerocoin and zerocash there I suspect, since it was zerocoin with the accumulator with the trusted initialization.  ZeroCash is an entirely different design, though with its own trusted component— a ZKP, the only accumulator in zerocash is just a regular unspent txout tree.  In both cases the trust is unrelated to privacy, however, the privacy is perfect even if the tcrustfulness assumptions are violated.  (In ZeroCash compromise of the zero-knowledge proof CRS yields unbounded undetectable inflation for the attacker, in ZeroCoin it would let someone empty the accumulator). As I mentioned here, I'm not super fond of the security assumptions— I like the design used by the bytecoin things better, though the privacy is not quite as strong but they also have the benefit of being already deployed and involve no trust or novel cryptographic assumptions.