This article analyses how DarkSend works and will explain why there’s absolutely no good reason to use DASH for private transactions.
The cryptocurrency DASH (formerly known as Darkcoin, formerly known as XCoin) brands itself as a “Digital Cash”. When people promote DASH, they often claim that the PrivateSend (formerly know as DarkSend) feature makes DASH the “top contender in the realm of privacy coins”.
This recent steemit article by bravenewcoin is a perfect illustration of what I mean. There is zero critical thinking. Nobody seems to ask questions and do research. If there is no proof that these claims are correct, then it’s dangerous to use DASH in the first place. People who are not technically literate will use DASH while presuming that they are doing private transactions. They are exposed to some risky attack vectors, but think they are safe.
Let’s first look at how DASH describes the “Darksend” feature on their website:
Darksend is the feature that gives Dash users full privacy when they use it. It is an improved and extended version of the CoinJoin. In addition to the core concept of CoinJoin, we employ a series of improvements such as decentralization, strong anonymity by using a chaining approach , denominations and passive aheadoftime mixing.
So DarkSend basically is a fork of CoinJoin. DASH added some things and claim these features are improving the privacy of the DarkSend user. We examine them one by one
1) Coinjoin basics
Darksend uses the fact that a transaction can be formed by multiple parties and made out to multiple parties to merge funds together in a way where they can’t be uncoupled thereafter. Given that all Darksend transactions are setup for users to pay themselves, the system is highly secure against theft and users coins always remain safe.
Coinjoin, as implemented in Joinmaket on Bitcoin, is a system that enables users to mix their coins in a decentralized way. As shown in the image above, users basically transact together in the same coinjoin transaction. By doing this, an outsider can’t really know which output belongs to which input.
Joinmarket is currently the only viable decentralized implementation of Coinjoin on Bitcoin. DarkSend is a different implementation of Coinjoin on the DASH network. We’ll compare these 2 implementations in this article.
2) Decentralized mixing
In Joinmarket, there is no central server to find counterparties to mix with. You just announce to the network that you want to mix and someone else can join your mixing proposal. Other implementations of Coinjoin, such as Sharedcoin by blockchain.info uses a central server to generate the coinjoin-transactions. It is possible that these servers log the different inputs and outputs so they can potentially deanonymize the coinjoin-users.
In DASH, the DarkSend-users connect to a masternode for mixing. This masternode enables the mixing proces in a similar way as the sharedcoin system. These masternodes can log the inputs and outputs and therefore deanonymize the users.
Note that you don’t need to be the owner of a masternode to see these logs. Most of the masternodes are hosted on cloudhosting services. If a government demands access to these logs, they will probably get it. It’s entirely possible that right now the NSA is spying on the majority of masternodes without the owners even knowing their masternodes are being spied upon.
The DASH website ignores this risk and tries to reassure us that by using “chained mixing”, you’ll be safe:
At set intervals, a user’s client will request to join with other clients via a Masternode. (…) Each Darksend session can be thought of as an independent event increasing the anonymity of user’s funds. (…) To increase the quality of anonymity provided, a chaining approach is employed, which funds are sent through multiple Masternodes, one after another.
Stating that chaining mixings is more secure is just false: suppose an adversary has access to a large number of masternode logs. When someone does one mixing and then waits a day to do a second one, he’ll be more private than someone doing 6 mixings in a row. Why? If the adversary owns 2 of the 6 masternodes used in the mixing process, it will be easy to undo the mixing that happened in between due to the low liquidity in the DASH system (see next point).
DASH mixing is far from decentralized and it’s even worse than Sharedcoin: when using Sharedcoin, the user is aware that he’s using a centralized system. When using DASH, everybody pretends it’s a private decentralized system, but in reality, it isn’t.
3) Mixing liquidity
The advantage of DarkSend compared to JoinMarket, is that it’s implemented in the official DASH GUI, so it’s easily accessible. I assume the idea behind that was to encourage the use of DarkSend which would improve the liquidity in the DarkSend mixing system.
Liquidity is very important for any mixing system to function well. If only a few people are mixing, these systems are easily Sybil attacked: if some adversaries just try to mix with as much people as possible, they will be able to get a lot of info from their own mixings because they are in most cases the only counterparty of the people who want to mix.
So let’s compare the liquidity between DarkSend and JoinMarket:
Currently, according to JoinMarket.me, this bitcoin mixing system has 86 counterparties to mix with. This means that at any time, someone who wants to mix can choose one of those 86 people to mix with. He can even do multiple mixings (“chained mixing”) to improve his privacy: it’s possible that some of his mixing partners were adversaries, but chances are smal that all of the counterparties were.
A Sybil attack is more difficult to successfully execute when the number of counterparties grows. Bitcoin has the advantage that there is a lot of liquidity in the Bitcoin network. The market cap of Bitcoin is more than 10 billion and I estimate that the number of active bitcoin users is in the millions. If only a small percentage of those people started using CoinJoin, the liquidity in the mixing system would grow and Sybil attacks would be very hard to pull off.
It’s not possible to get exact data on how many counterparties are available in DASH DarkSend, but we know a few things: the DASH market cap is 50 million USD and I estimate the number of active users to be in the thousands. So by using DASH you already reduce the anonymity set you’re in by multiple orders of magnitude.
Due to the low liquidity on the DASH blockchain, it’s possible to attribute “chained mixings” to the same individual solely based on blockchain analysis.
But what’s even more telling is the fact that a lot of DarkSend users seem to experience a very slow mixing process. Check this subforum for their stories: http://dash.org/forum/topic/privatesend-questions-and-help.77/
DASH developers tried to improve the number of mixing participants compared to JoinMarket. Joinmarket usually only has 2 participants, DASH has t least 3 people mixing together:
Currently to mix using DarkSend requires at least 3 participants.(…)However each session is limited to three clients, so an observer has a one in three chance of being able to follow a transaction.
The DASH developers also noticed that mixing is slow, so they decided to pay 5 “liquidity providers” to constantly mix their coins. This probably increased the speed of the mixing a bit since this system was implemented, but it is also a very big risk: if these 5 people collude (or are being spied upon), it will be trivial to deanonymize every DarkSend transaction that happened on the DASH blockchain. This is a very unsecure system to depend upon for your private transactions!
DASH added a denomination system to the coinjoin-implementation of DarkSend:
To improve the privacy of the system as a whole we propose using common denominations of 0.1DASH, 1DASH, 10DASH AND 100DASH. In each mixing session, all users should submit the same denominations as inputs and outputs.
Statistical research is needed to confirm the claim that denominations are actually better for privacy. If it were better, then joinmarket could easily implement it. But I think there are also some risks associated with using denominations: if you want to mix 987.6 DASH, you’ll end up with 30 outputs. When you want to spend 375 DASH, you’ll regroup at least 15 of those outputs. This could potentially lead to making your previous DarkSend privacy weaker. A better approach would be to conceal the amounts in the transactions by using Confidential Transactions combined with coinjoin.
5) Passive mode
With joinmarket, you have an incentive as a market maker to propose mixings to the bitcoin network. Joinmarket has an incentive to provide liquidity. Tis makes it easier for people who want a fast mixing to just ping the network and accept a mixing by one of the market makers.
The DASH developers correctly identified that timing attacks are an issue with mixing. But the fact that they promote the “passive mode” of DarkSend as a feature is very telling: it’s turning a bug into a feature.
Darksend is limited to 1000 DASH per session and requires multiple sessions to thoroughly anonymize significant amounts of money. To make the user experience easy and make timing attacks very difficult, Darksend runs in a passive mode.
In DASH this “passive mode” is just your node waiting for other people to show up to mix with you through a masternode. There is no incentive at all to do this. It’s a necessity. It shows (again) that the DarkSend liquidity is painfully low.
DarkSend (now called PrivateSend) has some serious privacy issues. It’s risky to rely on this system and the liquidity is very low which makes it not really usable. If you need to choose between Bitcoin and DASH, it’s safer to rely on Bitcoin mixing systems and more specifically on JoinMarket.
PS: fungibility claims
DASH also claims to be a “truly fungible” coin:
By having a decentralized mixing service within the currency we gain the ability to keep the currency itself perfectly fungible. At the same time, any user is able to act as an auditor to guarantee the financial integrity of the public ledger without compromising others privacy.
There is a lot to say about this, but I’ll refer to a previous article of mine about fungibility. Basically bitcoin and DASH have the same fungibility issues. Coinjoin can’t “fix fungibility”. You can read that article here: http://weuse.cash/2016/06/09/btc-xmr-zcash/
PPS: Instamine scam
By the way, if after reading this article you somehow still regard DASH as a legit project, there is still the instamine you can look into…
Teaser: this chart shows the first 72 hours of DASH. At the moment there are about 6.5 million DASH in circulation. In the first 2 days 2 million coins were created. In the first hour more than 500000 coins were created.