Warning: DASH privacy is worse than Bitcoin

in #bitcoin8 years ago (edited)

This article analyses how DarkSend works and will explain why there's absolutely no good  reason to use DASH for private transactions.

I'm the author of the WeUse.Cash blog. This is my first article on Steemit. I will probably republish it on my blog in the future. But for now it's exclusively on Steemit.com!

                                          

The cryptocurrency DASH (formerly known as Darkcoin, formerly known as XCoin) brands itself as a "Digital Cash". When people promote DASH, they often claim that the PrivateSend (formerly know as DarkSend) feature makes DASH the "top contender in the realm of privacy coins".

This recent steemit article by bravenewcoin is a perfect illustration of what I mean. There is zero critical thinking. Nobody seems to ask questions and do research. If there is no proof that these claims are correct, then it's dangerous to use DASH in the first place. People who are not technically literate will use DASH while presuming that they are doing private transactions. They are exposed to some risky attack vectors, but think they are safe. 

                                          

Let's first look at how DASH describes the "Darksend" feature on their website:

Darksend is the feature that gives Dash users full privacy when they use it. It is an improved and extended version of the CoinJoin. In addition to the core concept of CoinJoin, we employ a series of improvements such as decentralization, strong anonymity by using a chaining approach , denominations and passive ahead­of­time mixing. 

So DarkSend basically is a fork of CoinJoin. DASH added some things and claim these features are improving the privacy of the DarkSend user. We examine them one by one

1) Coinjoin basics

Darksend uses the fact that a transaction can be formed by multiple parties and made out to multiple parties to merge funds together in a way where they can’t be uncoupled thereafter. Given that all Darksend transactions are setup for users to pay themselves, the system is highly secure against theft and users coins always remain safe. 

Coinjoin, as implemented in Joinmaket on Bitcoin, is a system that enables users to mix their coins in a decentralized way. As shown in the image above, users basically transact together in the same coinjoin transaction. By doing this, an outsider can't really know which output belongs to which input.

Joinmarket is currently the only viable decentralized implementation of Coinjoin on Bitcoin. DarkSend is a different implementation of Coinjoin on the DASH network. We'll compare these 2 implementations in this article.

2) Decentralized mixing

In Joinmarket, there is no central server to find counterparties to mix with. You just announce to the network that you want to mix and someone else can join your mixing proposal. Other implementations of Coinjoin, such as Sharedcoin by blockchain.info uses a central server to generate the coinjoin-transactions. It is possible that these servers log the different inputs and outputs so they can potentially deanonymize the coinjoin-users. 

In DASH, the DarkSend-users connect to a masternode for mixing. This masternode enables the mixing proces in a similar way as the sharedcoin system. These masternodes can log the inputs and outputs and therefore deanonymize the users.

Note that you don't need to be the owner of a masternode to see these logs. Most of the masternodes are hosted on cloudhosting services. If a government demands access to these logs, they will probably get it. It's entirely possible that right now the NSA is spying on the majority of masternodes without the owners even knowing their masternodes are being spied upon.

The DASH website ignores this risk and tries to reassure us that by using "chained mixing", you'll be safe:

 At set intervals, a user’s client will request to join with other clients via a Masternode. (...) Each Darksend session can be thought of as an independent event increasing the anonymity of user’s funds. (...) To increase the quality of anonymity provided, a chaining approach is employed, which funds are sent through multiple Masternodes, one after another.

Stating that chaining mixings is more secure is just false: suppose an adversary has access to a large number of masternode logs. When someone does one mixing and then waits a day to do a second one, he'll be more private than someone doing 6 mixings in a row. Why? If the adversary owns 2 of the 6 masternodes used in the mixing process, it will be easy to undo the mixing that happened in between due to the low liquidity in the DASH system (see next point).

DASH mixing is far from decentralized and it's even worse than Sharedcoin: when using Sharedcoin, the user is aware that he's using a centralized system. When using DASH, everybody pretends it's a private decentralized system, but in reality, it isn't.

3) Mixing liquidity

The advantage of DarkSend compared to JoinMarket, is that it's implemented in the official DASH GUI, so it's easily accessible. I assume the idea behind that was to encourage the use of DarkSend which would improve the liquidity in the DarkSend mixing system.

Liquidity is very important for any mixing system to function well. If only a few people are mixing, these systems are easily Sybil attacked: if some adversaries just try to mix with as much people as possible, they will be able to get a lot of info from their own mixings because they are in most cases the only counterparty of the people who want to mix.

So let's compare the liquidity between DarkSend and JoinMarket:

Currently, according to JoinMarket.me, this bitcoin mixing system has 86 counterparties to mix with. This means that at any time, someone who wants to mix can choose one of those 86 people to mix with. He can even do multiple mixings ("chained mixing") to improve his privacy: it's possible that some of his mixing partners were adversaries, but chances are smal that all of the counterparties were.

A Sybil attack is more difficult to successfully execute when the number of counterparties grows. Bitcoin has the advantage that there is a lot of liquidity in the Bitcoin network. The market cap of Bitcoin is more than 10 billion and I estimate that the number of active bitcoin users is in the millions. If only a small percentage of those people started using CoinJoin, the liquidity in the mixing system would grow and Sybil attacks would be very hard to pull off.

It's not possible to get exact data on how many counterparties are available in DASH DarkSend, but we know a few things: the DASH market cap is 50 million USD and I estimate the number of active users to be in the thousands. So by using DASH you already reduce the anonymity set you're in by multiple orders of magnitude.
Due to the low liquidity on the DASH blockchain, it's possible to attribute "chained mixings" to the same individual solely based on blockchain analysis.

But what's even more telling is the fact that a lot of DarkSend users seem to experience a very slow mixing process. Check this subforum for their stories: http://dash.org/forum/topic/privatesend-questions-and-help.77/ 

DASH developers tried to improve the number of mixing participants compared to JoinMarket. Joinmarket usually only has 2 participants, DASH has t least 3 people mixing together:

Currently to mix using DarkSend requires at least 3 participants.(...)However each session is limited to three clients, so an observer has a one in three chance of being able to follow a transaction.

The DASH developers also noticed that mixing is slow, so they decided to pay 5 "liquidity providers" to constantly mix their coins. This probably increased the speed of the mixing a bit since this system was implemented, but it is also a very big risk: if these 5 people collude (or are being spied upon), it will be trivial to deanonymize every DarkSend transaction that happened on the DASH blockchain. This is a very unsecure system to depend upon for your private transactions!

4) Denominations

DASH added a denomination system to the coinjoin-implementation of DarkSend:

To improve the privacy of the system as a whole we propose using common denominations of 0.1DASH, 1DASH, 10DASH AND 100DASH. In each mixing session, all users should submit the same denominations as inputs and outputs.

Statistical research is needed to confirm the claim that denominations are actually better for privacy. If it were better, then joinmarket could easily implement it. But I think there are also some risks associated with using denominations: if you want to mix 987.6 DASH, you'll end up with 30 outputs. When you want to spend 375 DASH, you'll regroup at least 15 of those outputs. This could potentially lead to making your previous DarkSend privacy weaker. A better approach would be to conceal the amounts in the transactions by using Confidential Transactions combined with coinjoin.

5) Passive mode

With joinmarket, you have an incentive as a market maker to propose mixings to the bitcoin network. Joinmarket has an incentive to provide liquidity. Tis makes it easier for people who want a fast mixing to just ping the network and accept a mixing by one of the market makers.

The DASH developers correctly identified that timing attacks are an issue with mixing. But the fact that they promote the "passive mode" of  DarkSend as a feature is very telling: it's turning a bug into a feature.

Darksend is limited to 1000 DASH per session and requires multiple sessions to thoroughly anonymize significant amounts of money. To make the user experience easy and make timing attacks very difficult, Darksend runs in a passive mode.

In DASH this "passive mode" is just your node waiting for other people to show up to mix with you through a masternode. There is no incentive at all to do this. It's a necessity. It shows (again) that the DarkSend liquidity is painfully low. 


Conclusion

DarkSend (now called PrivateSend) has some serious privacy issues. It's risky to rely on this system and the liquidity is very low which makes it not really usable. If you need to choose between Bitcoin and DASH, it's safer to rely on Bitcoin mixing systems and more specifically on JoinMarket.


PS: fungibility claims

DASH also claims to be a "truly fungible" coin:

By having a decentralized mixing service within the currency we gain the ability to keep the currency itself perfectly fungible. At the same time, any user is able to act as an auditor to guarantee the financial integrity of the public ledger without compromising others privacy.

There is a lot to say about this, but I'll refer to a previous article of mine about fungibility. Basically bitcoin and DASH have the same fungibility issues. Coinjoin can't "fix fungibility". You can read that article here: https://steemit.com/bitcoin/@dnaleor/on-fungibility-bitcoin-monero-and-why-zcash-is-a-bad-idea

PPS: Instamine scam

By the way, if after reading this article you somehow still regard DASH as a legit project, there is still the instamine you can look into...

Teaser: this chart shows the first 72 hours of DASH. At the moment there are about 6.5 million DASH in circulation. In the first 2 days 2 million coins were created. In the first hour more than 500000 coins were created.



Sort:  

oh and one more thing. dash mixing is done ahead of time and so after your coin balance is mixed they can then be sent at anytime and sent instantly (~4sec confirmation) and anonymously. i guess they forgot to mention that.
monero is a bloated blockchain one trick pony coin.

Your "mixed" coin balance then resides in a single address, so that everyone that you subsequently pay can deanonymise you.

That is a feature, not a bug since it’s an essential element of any public, unbacked blockchain that addresses are visible and transactions are manually auditable.

I think you're confusing 'privacy'(which describes an activity hidden from view) with 'anonymity' (which, in a monetary context distinguishes cash from credit money).

Where monero went wrong was in getting its wires crossed with regards to these two and applying a privacy model designed for a credit paradigm to a cash medium, thereby destroying its viability as an unbacked asset class.

This article has more basis in the enormous chip on dnaleor's shoulder than in any genuine challenge to Dash's monetary veracity.

Loading...

I am not a Monero guy and I don't use it. No GUI, no use for me. However as I've mentioned in my other posts and discussions everywhere, CoinJoin in general is shit!!! dnaleor why the hell are you even mentioning JoinMarket. Fluffy replied in one of my comments on reddit about Dash and I mentioned that JoinMarket is full of bugs. Next day, a bug was announced that anyone could spy on the CJ transactions done there.

Monero has a different approach and if they finally integrate with I2P, implement RingCT and finally create a GUI, they will be ahead in the anonymity realm, until a bug with the I2P implementation or I2P protocol itself brings them down.

What I really don't understand is why people in Dash deny these problems, if they come from a Monero guy. Guys, these are valid arguments and something needs to be done. It is right for people to claim that this is a scam. I own some Dash and I mentioned in the forums that Evan and the core team should focus on anonymity first, not Evolution. But what is going to make Evan rich? Evolution of course! That's why I own Dash. I started my journey from the BitShares and NXT communities, and what they were lacking was hype. No hype, No increase in value.

Keep your trolling to bitcointalk. Nobody here wants to read your pointless dribble

87 votes I wouldn't say it is nobody.

You handed out monero flyers at a meetup where Evan Duffield was speaking. You are obviously Bias and should have stated this in the very beginning. Do you own monero?

Please refute my analysis. I don't even mention Monero in this article.

I can't refuse your analysis because I am not a tech expert.

You not mentioning your Bias (monero) was my point. You should have, because you are bias against Dash, hence the reason you wrote this article.

Do you own monero?

Are you really trying to put forth the idea that a lot of the articles that are popping up on steemit involve writers with neutral bias? That is an unreasonable stance to take.

Actually thats a great point you made. I forgot where i was.

Sorry @dnaleor, my bad.

I don't see why it is relevant. I don't mention monero, you did. I don't need to be neutral, but I tried to be. I repeat that I welcome criticism based on what I wrote, not on my presumed bias.

But that being said, my monero address is 434ErvSg4xH2jcxZdu57bAeuTpsRB4ZLSBJVxLuj8FNRBaDLgk3Qyp4ZrXpnhGAUgC4bWHe7suVN477bMo7pzpoEMKd4qB9

Please let me know how much XMR I own based on my monero address.

Nice own goal, steem doesn´t have a GUI wallet either and yet you are here using it, hypocrite.

I replied to other guys comment. My mistake.

Re you monero address. Ill pass. Ping me when you have a GUI wallet that isnt a centralized web wallet.

it is a scam. XMR is the real golden goose here.

Sounds like someone missed the train and is very upset. Dash is the future of payment systems. Sorry if you are jealous and want to twist things around to make dash look bad. Dash will thrive with or without you. Dash is currently around $450usa. I bet you wish you invested everything you had back when you wrote this bullshit hey? :)

this is one excellent article, thank you very much!

Maybe this is the right platform to get real perspectives not group think

DASH aka Darkcoin, with a twisted sense of opensource, tried to "buy", "shutdown" and bully the original Dashcoin (DSH) and its community (https://archive.is/6U9VT#selection-2445.0-2445.21)
The coin runs solely on marketing, propaganda and censorship (https://www.reddit.com/r/Monero/comments/4sqhe4/im_banned_at_rdashpay_so_posting_this_here_for/) to make up for its flaws and lure unsuspecting investors (https://archive.is/TUtZo)

tl;dr stay away from DASH/Darkcoin.