If you have been paying close attention to the BitcoinTalk forums, and the alternative currencies section more specifically, you may have noticed the cross-thread posting between StealthCoin and ShadowCash. Several articles about this topic have surfaced, yet none of them actually has a clue about what happened. Let’s try to rectify this situation.
The reason behind this “distress” is one of StealthCoin’s upcoming features, based on Chandran signatures. It has been pointed out by respected long-standing members of the Bitcoin and Digital Currency community that Chandran signatures have certain flaws, making them unsuitable for cryptocurrency implementation.
Another issue with Chandran signatures can be found in the whitepaper, which clearly states forgery is possible by a malicious generated reference string. Not too reassuring when it comes to protecting something with financial value, but there could be a solution for this down the line.
No one said Chandran signature implementation is impossible, but rather not suitable, which is a big difference. Using pairing-based crypto for signatures, validating signatures will take about 1,000 times longer compared to Bitcoin, which is not something anyone is looking forward to.
“Well, I suspect it’s possible … given a pairing it should be easy to devise a key image,or maybe not. I don’t really wanna try. But given the level of reasoning displayed in the [XST] wp, I don’t think they’d be able to produce a provably-secure scheme with a key image.”
-Andytoshi , #bitcoinwizards on IRC October 10th 2014
On top of that, Andytoshi strongly believes Chandran signatures, which have a trusted setup, allow for forgery by the setting up party. If this would be the case, Chandran signatures would be totally unsuitable for cryptocurrency purposes. Do keep in mind this is not confirmed at this point, but rather something to take into account and do proper research about by the XST developers.
All of the current issues and flaws found in Chandran signatures could be fixed over time, but it’s not something that can be done in a few weeks. The way it’s currently explained in the StealthCoin whitepaper will most likely not work properly. However, as the developers are currently starting research on Chandran signatures, we will see whether they decide to pursue this option or not.
One more thing to take into account is the fact Chandran signatures require a trusted setup, as I mentioned before. However, digital currency is all about trustless setups, with projects such as BitHalo. Seems like a bit of an odd choice to me personally, but I’m not here to judge.
“The scheme they’re mentioning is very slow to verify, requires trusted setup, introduces much less trusted cryptographic assumptions, and doesn’t appear to have a traceability scheme (at all, much less one with a security proof) and by the figures in the paper hardly reduces the size of the signatures at all.
Most of the size reduction comes from the input group selection, and not from the cryptosystem. And I echo Andytoshi’s comment that the author doesn’t seem to be able to make a convincing imitation of someone who knows what they’re talking about… nice colored sheets of paper though.”
-Gmaxwell, #Bitcoin-wizards October 10th 2014
Last but not least, I want to throw in another quote that sums it all up :
“It’s not clearly feasible. It doesn’t seem like its even worth trying. The barriers are equal to inventing (/finding) another unrelated cryptosystem.”
-Gmaxwell, #Bitcoin-wizards, October 10th 2014
You can find the full chat logs here : https://botbot.me/freenode/bitcoin-wizards/2014-10-10/
Earlier today, a BitcoinTalk post was made by Hondo, who is researching Chandran signatures for StealthCoin. He did point out Chandran signatures will not be used in their current form, but rather in the continued version developed by Eiichro Fujisaki. (Fujisaki’s work makes sub-linear ring signatures traceable)
Hondo did admit he was not aware of the fact traceability has to be an integral part of the signature scheme. This misconception is a result of Hondo’s own lack of knowledge in regards to cryptography. It takes guts to admit you were misinformed, so I do applaud Hondo for coming out and saying the above.
“Do keep in mind the StealthCoin whitepaper is not an actual blueprint for StealthSend. This whitepaper is a mere technical proposal for StealthSend , and are just a collection of my (unfinished) thoughts being written down, based on my imperfect knowledge of cryptography.”
-Hondo, StealthSend developer
Hondo also stated he is currently behind on the development roadmap schedule. Some external help for wallet upgrades was needed, but unfortunately not procured. Perhaps the low Bitcoin prices are to blame for this as well, as a lot of people are less interested in digital currencies during these times.
StealthSend is behind schedule as well, as the latest wallet upgrades have taken a chunk out of StealthSend-allotted time. No ETA has been given on when this feature will be finished, but it could take upto a few months. We do appreciate Hondo’s honesty about the timelines and pushing back features, so once again, kudos to him.
Now that you have read these comments, do your own research on the StealthCoin whitepaper, the Chandran signature whitepaper, and try and have a normal conversation about it. This is not about picking sides, but a genuine concern being raised.
I do sincerely hope the peace and quiet can come back to both ShadowCoin and StealthCoin communities. I’m not here to point fingers, but it just goes to show how sour the altcoin community can be at certain times.
XST StealthSend Whitepaper : https://www.stealth-coin.com/wp-content/uploads/Stealthsend_Whitepaper_brief0914.pdf
Chandran signatures whitepaper :
Hondo’s statement :