The End of the Audit

1. [3:25:44 PM] disgruntled gyroscope: hey
2. [3:28:11 PM] The Alty: hi gnome
3. [3:28:17 PM] Shazzy (dasource): hey
4. [3:28:28 PM] The Alty: is everyone here?
5. [3:29:01 PM] Ciara Cloak: Ciara Cloak is here
6. [3:29:09 PM] The Alty: Jo?
7. [3:29:27 PM] The Alty: Ok
8. [3:29:30 PM] The Alty: so...
9. [3:29:34 PM] Joseph: Joseph yes
10. [3:29:44 PM] The Alty: we were prepping the coin to integrate a solution
11. [3:29:52 PM] The Alty: Gnomes seemed like the best at the time
12. [3:30:03 PM] disgruntled gyroscope: okay
13. [3:30:06 PM] The Alty: it's got holes in it
14. [3:30:08 PM] The Alty: as expected
15. [3:30:11 PM] The Alty: this is not easy
16. [3:30:55 PM] disgruntled gyroscope: Yeah. We need obfuscation. Other coins accomplish this with mixing. I don't like that solution but it is taking me time to work up another.
17. [3:31:23 PM] disgruntled gyroscope: Other than that the biggest flaws identified have been in mitigating malicious node behaviour and recurrance
18. [3:32:09 PM] disgruntled gyroscope: nothing I've seen or thought of is going to stop the "silent recorder" though. That's the person who allows transactions to occur, but silently records all participants and transaction data - and farms this data
19. [3:32:13 PM] disgruntled gyroscope: The way a government might
20. [3:32:46 PM] The Alty: right so there likes the biggest problem
21. [3:33:12 PM] The Alty: everything we come up with has a positive and negative
22. [3:33:22 PM] The Alty: it's knowing how to mitigate the downside
23. [3:33:30 PM] disgruntled gyroscope: Yes
24. [3:33:45 PM] disgruntled gyroscope: If we're going to err between trustless and anonymous
25. [3:33:50 PM] disgruntled gyroscope: It's goign to have to be on the side of trustless
26. [3:33:56 PM] disgruntled gyroscope: or else we have problems with theft
27. [3:34:09 PM] The Alty: yep...
28. [3:34:27 PM] The Alty: so back to the question can we provide true anon with such a solution?
29. [3:34:28 PM] disgruntled gyroscope: Right now our solution does that. It errs on the side of trustless.
30. [3:34:37 PM] disgruntled gyroscope: it isn't obfuscated enough. It breaks coin history
31. [3:34:39 PM] The Alty: trustless we have in normal tx
32. [3:34:43 PM] disgruntled gyroscope: But is vulnrable to corelation attacks
33. [3:34:47 PM] disgruntled gyroscope: Yes
34. [3:34:47 PM] The Alty: ok
35. [3:35:05 PM] The Alty: Can somebody else step in with our next best so far
36. [3:35:28 PM] disgruntled gyroscope: Right now I'm working on an option which take my 3 wallet transaction and chains them together in a chain
37. [3:35:42 PM] disgruntled gyroscope: the sender is along this chain and the chain acts as obfuscation
38. [3:36:02 PM] disgruntled gyroscope: each segment of the chains 3 links can eb deanonymized without deanonmizging the whole chain
39. [3:36:20 PM] Shazzy (dasource): gnome i think with time your solution could be great ... but this is going to a. take a lot of time and b. require months of testing ... (think DRK RC1 --> RC5 again) ...
40. [3:36:51 PM] disgruntled gyroscope: Yes I think almost any solution will.
41. [3:36:57 PM] Shazzy (dasource): what we need is a simpler solution (i know that sounds easy, which it is not) ...
42. [3:37:05 PM] disgruntled gyroscope: Though dark is very trusty and not evena little trustless
43. [3:37:07 PM] Shazzy (dasource): so we have been mulling over an alternative
44. [3:37:16 PM] Shazzy (dasource): true ^^
45. [3:37:16 PM] disgruntled gyroscope: Any ideas?
46. [3:37:19 PM] Shazzy (dasource): yeah
47. [3:37:43 PM] Shazzy (dasource): so in short (and ciara can clarify) ...
48. [3:38:09 PM] Shazzy (dasource): we use a mix of multisig (trustless) with steath address (anon) ... with some of the old posa messaging platform
49. [3:38:16 PM] Shazzy (dasource): messaging/broadcasting
50. [3:38:29 PM] disgruntled gyroscope: I've never seena trustless multisig
51. [3:38:34 PM] disgruntled gyroscope: Can you show me what that looks like?
52. [3:38:37 PM] disgruntled gyroscope: Mine are trusty
53. [3:38:37 PM] Shazzy (dasource): stick with me ...
54. [3:38:51 PM] Shazzy (dasource): the problem with "generic" multisig is
55. [3:39:09 PM] Shazzy (dasource): it is not anon by nature
56. [3:39:22 PM] disgruntled gyroscope: No, there's nothing specificly anonymous abou tit
57. [3:39:25 PM] disgruntled gyroscope: It's just an address
58. [3:39:38 PM] Shazzy (dasource): dont type ... wait till i finish please :D
59. [3:39:41 PM] disgruntled gyroscope: sorry.
60. [3:40:01 PM] Shazzy (dasource): so its not anon because usually there is 1TX in --> 1 TX out ...
61. [3:40:07 PM] Shazzy (dasource): the idea here is that
62. [3:40:22 PM] Shazzy (dasource): say you want 50 CLOAK "cloaked"
63. [3:40:54 PM] Shazzy (dasource): you broadcast a message saying "hey here is my multisig address, send me 10 cloak and i will send you 10.1"
64. [3:41:05 PM] Shazzy (dasource): you send this to say 6 nodes
65. [3:41:15 PM] Shazzy (dasource): 7-10 however many we decide
66. [3:41:43 PM] Shazzy (dasource): so right now the multisig input has say 7-10 inputs from different addresses....
67. [3:42:11 PM] Shazzy (dasource): at the same time we use posa to request a steath address (we implement steath addresses into cloak)
68. [3:42:26 PM] Shazzy (dasource): so the "script" will store the steath addresses for the output of the multisig
69. [3:42:48 PM] Shazzy (dasource): we complete the multisig and it acts as a "mixer" ....
70. [3:43:02 PM] Shazzy (dasource): we use the cloaking mechnism to repeat this over and over for however many cloaked coins we need
71. [3:43:22 PM] Shazzy (dasource): if you inspect the multisig TX
72. [3:43:31 PM] Shazzy (dasource): all you will see is 10x address sent 10 CLOAK
73. [3:43:41 PM] Shazzy (dasource): and 10x addresses (new pub keys) got 10 CLOAK back
74. [3:43:53 PM] Shazzy (dasource): its not possible to work out who was the user who set this up
75. [3:43:56 PM] disgruntled gyroscope: Yes it is.
76. [3:44:00 PM] disgruntled gyroscope: And it's also not trustless.
77. [3:44:16 PM] disgruntled gyroscope: Stealth addresses are also vulnerable to corelation attacks
78. [3:44:33 PM] disgruntled gyroscope: They will at some point down the blockchain be spent with original wallet addreesses
79. [3:44:42 PM] disgruntled gyroscope: This corelation is visibble, and as a function of time deanonmizes
80. [3:44:57 PM] Ciara Cloak: How will they be spent with original wallet addresses?
81. [3:45:12 PM] disgruntled gyroscope: Because they have the same owenr, ro a corelatable owenr tot he original transaction
82. [3:45:36 PM] Shazzy (dasource): "not if we mark these coins as "cloaked" and they are only uses for anon TXs"
83. [3:45:50 PM] disgruntled gyroscope: So, if I have 10 cloak. And we trade 5 cloak, so now I have 5 claok in a stealth address that you don't know belongs to me. Whne I go to spend 6 cloak, you know it's me.
84. [3:46:26 PM] Ciara Cloak: This is only true if you combine stealth and non-stealth inputs.
85. [3:46:30 PM] disgruntled gyroscope: Even if you stealth every coin before, those coins are all still going to be spent together unless you spend in the exact denomination you recieve to each addy
86. [3:46:48 PM] disgruntled gyroscope: because at some point change addresses have to be combined
87. [3:46:52 PM] disgruntled gyroscope: and spent together
88. [3:47:07 PM] disgruntled gyroscope: This, and I don't understand the trustless part.
89. [3:47:40 PM] disgruntled gyroscope: In terms of anonmitiy, it would be a start to see this mixer algorithm that isn't coinjoin developed
90. [3:47:50 PM] Ciara Cloak: Multi-sig transactions are trustless because they are validated by the network and not a central trusted node or nodes.
91. [3:48:01 PM] disgruntled gyroscope: Who unlocks the multi-signature transaction
92. [3:48:16 PM] disgruntled gyroscope: or is there a script which isn't unlocked at all
93. [3:48:27 PM] disgruntled gyroscope: It's hard to comment with so few details
94. [3:50:36 PM] disgruntled gyroscope: I think if there is a faster solution here that is brilliant news
95. [3:50:51 PM] disgruntled gyroscope: We should put it on paper and get it infront of me and noobsticks and anyone else who wants to give it the run down
96. [3:51:29 PM] disgruntled gyroscope: Everyone went from lots to say to not much.
97. [3:51:56 PM] The Alty: Yep I think so.. because if we commit a great deal of time to commit to PoR but it's not flawless we can commit less time to something that is workable. Let's be honest anon and trustless as we said before seems mathmatically impossible
98. [3:52:14 PM] disgruntled gyroscope: Right, you need to do something like what PoR does and switch between the two
99. [3:52:18 PM] disgruntled gyroscope: Or just ignore one completely
100. [3:53:37 PM] The Alty: everyone is in deep thought
101. [3:55:16 PM] disgruntled gyroscope: At ti's core, poR is just a shitty trusty anon system like everything else we have described - I cover it up with "tettle"
102. [3:55:20 PM] disgruntled gyroscope: *tattle
103. [3:55:27 PM] Shazzy (dasource): correlation account is not difficult to solve as ciara said we prevent mixing of stealth/non-stteath inputs i.e. have a cloaked balance
104. [3:55:36 PM] disgruntled gyroscope: That's possible because people can identify the others int he transaction and rat them out
105. [3:55:58 PM] disgruntled gyroscope: Shazzy okay. Can I see the mixing algorithm?
106. [3:56:27 PM] disgruntled gyroscope: Because if coinjoin and every other mixer implimented so far is tracable, I'm wondering what kind of implimentation we can jsut allude to and impliment in a week
107. [3:56:38 PM] disgruntled gyroscope: That's pretty irresponsible, saying we could launch something in a week
108. [3:56:45 PM] Ciara Cloak: Not really.
109. [3:57:00 PM] The Alty: I did say beta Gnome
110. [3:57:03 PM] The Alty: not launch
111. [3:57:28 PM] disgruntled gyroscope: Alright
112. [3:57:36 PM] disgruntled gyroscope: Well, you dow hat you're going to do.
113. [3:57:52 PM] disgruntled gyroscope: I do not feel like this is a productive development environment.
114. [3:58:01 PM] disgruntled gyroscope: Ideas are never thought to completion befor ejumping to implimentation
115. [3:58:05 PM] disgruntled gyroscope: Shortcuts at every chance
116. [3:58:13 PM] Ciara Cloak: All you can identify in the transaction is "some" participant
117. [3:58:19 PM] disgruntled gyroscope: I disagree
118. [3:58:26 PM] disgruntled gyroscope: and when you show me the full spec maybe I can show you
119. [3:58:54 PM] Ciara Cloak: I don't know how you can sit there and talk about shortcuts at every chance, and then turn around with some rube goldberg contraption
120. [3:59:01 PM] The Alty: lol
121. [3:59:15 PM] disgruntled gyroscope: So because you can't wrap your head around a given development decision it's ribe goldberg esque?
122. [3:59:16 PM] Ciara Cloak: Adding needless complexity is no better than "shortcuts"
123. [3:59:29 PM] disgruntled gyroscope: Identify needless complexity, we'll eliminate it
124. [3:59:45 PM] Ciara Cloak: God you are so arrogant
125. [3:59:51 PM] disgruntled gyroscope: You have written down NOTHING.
126. [3:59:57 PM] disgruntled gyroscope: Spec or shut up
127. [4:00:15 PM] disgruntled gyroscope: You are the reason why we are here ciara tkae some damn responsibility
128. [4:00:16 PM] *** The Alty removed disgruntled gyroscope from this conversation. ***