DASH - Reading Assignment

1. PrivateSend is an implementation of CoinJoin. It mixes transactions in an attempt to break the association between owners and accounts.

2. Master nodes match up the mixing parties for you.

3. The addresses could be linked by accessing the PrivateSend database.

4. If breached, masternodes could reveal connections between addresses and the fact that you have a reason to pursue privacy.

1. the link between inputs and outputs of TX, implementation of CJ

2. masternodes collect and mix the coins, automated vs maual…

3. tx info…amount, time.

4. you need to trust the one in control of masternode

1. What information does PrivateSend conceal, and by what method?

   • PrivateSend mixes coins of different users of the same denomination (coin-mixing) with the CoinJoin method. It coinceals in that way the sender and reciever.

2. How do masternodes improve on the initial CoinJoin proposal?

   • automated is better vs. manual process for the average user. Masternodes construct transations in the background.
   • The process can e automatically repeated up to 8 times to increase the anonymity set
   • it adds coin-mixing
   • Masternodes can’t steel the coins

3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.

   • The masternodes knowing the crucial information. By hacking the masternode (somehow) that is doing the particular TX would reveal the addresses.

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?

   • It draws attention by using the PrivateSend function instead instead of a normal DASH transaction.
   • Masternodes may be operated by untrustworthy entities that gather and potentially leaks the information.

1. sender and receiver details by coin mixing
2. coin mixing TX is done automatically by masternodes
3. by hacking a masternode
4. You still have to trust the masternode with your Tx

1. DASH sends no identifiable information to the Masternodes expect the denomination in which you want to create the transaction. It uses the CoinJoin method to hide the info and construct the transaction.

2. Masternodes can do CoinJoins process automatically. The transaction is construsted by the Masternodes

3. Its possible that hacker can create a Masternode to steal the info of the parties invovled.

4. If you use PrivateSend, you are automatically suspect. Trust in the Masternode is the only thing thats keeping a users private info secured.

1. It conceals the ownership of the coins by using CoinJoin methods and Dash’s masternodes.
2. The masternode is in charge of mixing the coins of several users to make a “coinjoin” method output.
3. The attacker would be then attacking the masternodes with the traceability data of the coins.
4. Because of malitious masternode activity.

1. PrivateSend gives financial privacy through a decentralized implementation of CoinJoin by adding together coins sent from several users.
2. A masternode collects the coins from different users, mixes them together in the CoinJoin Transaction.
3. If the attacker runs the masternode he knows the sender’s address and the recipients’ address.
4. Because You have to trust the person who runs the masternode.

1. What information does PrivateSend conceal, and by what method?

The origin and the destination of the transaction is hidden, plus the amount.

2. How do masternodes improve on the initial CoinJoin proposal?

There is no need to join with other users. A single user can initiate an anonymous transaction.

3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.

If the amount is unique it might be possible to link the addresses.

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?

The user must trust the masternode. In a CJ everything is contained in the transaction.

1. Linking tx together by the CoinJoin method

2. The master node collects all the tx and mixes them

3. The master node knows exactly what coin goes where

4. The master node is a unknown third party and might be untrustworthy

1. Private send conceals not a lot. it doesn’t conceal a sender or a receiver, or the amount, just the address. exchanges can just ban anyone who uses the private send feature.

2.A master node joins txs

3. whoever runs the node can act maliciously, by looking at the blockchain closer, if the rest of the blockchain is transparant, wouldn’t they be able to see a, b, and c lost ~20 and d, e, and f gained ~20 and learn from there?

4. opt in privacy is not privacy. Privacy by default is privacy. when do we get to the monero part of the class

1. What information does PrivateSend conceal, and by what method?

• PrivateSend conceals transaction history of Dash by implementing CoinJoin.

2. How do masternodes improve on the initial CoinJoin proposal?

• Masternodes facilitate the PrivateSend process by initiating a session once at least three participants make requests to join coins of the same denomination. Once the session begins, the masternode instructs all participants’ wallets to pay the now-transformed inputs to themselves using a change address. This is all done in the background, without any intervention from the participants beyond the initial request.

3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.

• The masternodes used could be hacked, so the input and output addresses used could be obtained by the hacker.

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?

• Similar to BitLaundry, PrivateSend requires some level of trust in the masternodes.

1. Privatesend utilizes CoinJoin TXs. Conceals the ownership trail of the coins mixed together.
2. Masternodes simplify the process. Masternodes eliminate the need for an individual to construct the txs.
3. by compromising a Mastrenode
4. trust placed in Masternode operations

1. It conceals the original ownership of the coins by “shuffling” Dash with other users.
2. The master nodes help connect people who want to transfer a certain denomination.
3. If any of the master nodes were either hacked or run maliciously, they would know the linking of accounts.
4. It is easy to see who is trying to hide their transactions and therefor could be flagged.

1. What information does PrivateSend conceal, and by what method?

PrivateSend does conceal sender and receiver by coin-mixing.

2. How do masternodes improve on the initial CoinJoin proposal?

By mixing the coins with 2 additional master nodes from other users. Each master node contains multiple partials made up of the total amount to be sent.

3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.

When the attacker is running the masternode or is able to hack it. Then you could link the information back together.

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?

Because there is no way to proof the trustworthiness of the masternode controller. Further, by collecting data of “who wants to conceal their TXs” attackers could gain sensitive information.

1. What information does PrivateSend conceal, and by what method? — the inputs and outputs and hence the ownership of coins through implementation of CoinJoin
2. How do masternodes improve on the initial CoinJoin proposal? — shuffles transactions so they cannot be tracked back to the sender but this is done by the Masternode themselves and not a centralized body
3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses. —- if attacker has access to master node and their addresses
4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction? Masternodes could be the target point of attack or hack

1. It conceals the ownership of the coins.

2. The masternode instructs all users’ wallets to pay the now-transformed inputs to themselves. Your wallet pays that denomination directly to itself but in a different address (called a change address).

3. The attacker could look at Masternode data and look for the outputs from both Alice and Bob and see how if similar Privatespend inputs were created. Matching identical outputs and inputs links them together

4. The node network of bitcoin is bigger then that of Privatesend. Therefore, the weakest link is within the Privatesend node structure. A group or a person could deploy masternodes to obtain privatesend transaction data and use the information or censor transactions.

DASH - Reading Assignment

1. What information does PrivateSend conceal, and by what method?

A. PrivateSend integrates CoinJoin and both the send and receive addresses are shielded from one another.
B. "It uses an innovative process to join your inputs with the inputs of at least two other people in a single transaction, so the value in Dash never leaves your wallet. You retain control of your money at all times.” - https://docs.dash.org/en/stable/introduction/features.html#privatesend

2. How do masternodes improve on the initial CoinJoin proposal?

A. Master nodes provide a constant yield and incentive for funds to be readily available to be mixed into the requesting CoinJoin transactions and thereby increases the anonymity set. The nodes act as a community relayer without data store.

3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.

A. The attacker could use dust to help track all transactions.

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?

A. In no way is it, “more risky”.

Someone could run a malicious MN to link txs.

What information does PrivateSend conceal, and by what method? Priatesend conceals your wallet’s amount of dash. This is done by comingling your dash with other users to form a transaction.

How do masternodes improve on the initial CoinJoin proposal? By instructing the users wallets to pay the transformed input to themselves. The transformed input are paid to a different address, thereby disguising the amount from a particular wallet.

Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses. Using more inputs makes a transaction more vulnerable to linking attack.

In what way could PrivateSend be more risky than a normal Bitcoin Transaction? The masternodes could be compromised.

1. What information does PrivateSend conceal, and by what method?
It conceals the link between senders and receivers, via CoinJoin.
2. How do masternodes improve on the initial CoinJoin proposal?
The masternodes coordinate the CoinJoins in a non custodial fashion.
3. Alice send some DASH to Bob using PrivateSend. Describe how an attacker could link their addresses.
If the masternode selected to do the CoinJoin is a bad actor, then they would be able to link the source and target addresses. But if multiple rounds are executed, then I would assume that the same masternode wouldn’t perform the mixing each time. Assuming the assumption is true, the PrivateSend should still be safe.

However I found this (https://dashnews.org/blocksci-paper-highlights-blockchain-traceability-issues-potential-future-risks-dash/):
Cluster intersection attack can pose a threat to coin mixing

Of particular interest is a potential vulnerability posed to a coin mixing process of the kind employed by Dash by BlockSci’s analysis. This is carried out through analyzing inputs broken down by mixing and linking the cluster of inputs to reveal the true source:

“Due to the large number of inputs, no auxiliary information is necessary to carry out the cluster intersection attack on Dash. The adversary — anyone observing the public blockchain — can infer that all inputs to a PrivateSend must trace back to the same wallet cluster.”

According to this analysis, the higher the number of PrivateSend inputs in a given transaction, the better the chance of a successful attack:

“Figure 8 shows the success rate of the cluster intersection attack, showing a sharp increase in accuracy as the number of inputs increases. For transactions with 12 or more inputs (coincidentally, the median number of inputs of PrivateSend transactions on the blockchain), the attack is always accurate.”

According to Dash lead developer Udjinm6, there is validity to this theoretical attack vector.

“Yes, basically the more mixed inputs you put into one transaction the higher probability of linking back to original wallet, because when you create a transaction you announce/prove that you have control over all these inputs which is the key point for clustering.”

4. In what way could PrivateSend be more risky than a normal Bitcoin Transaction?
Typically authorities are more interested in transactions that people are trying to hide as opposed to ones they aren’t. Therefore PrivateSend tx’s would likely be subject to increased scrutiny.