Dash Core's PrivateSendPrivateSend - PrivateSend is a masternode managage, decentralized mixer for creating an on-demand system of removing the history from coins on the network. PrivateSend mixes inputs while allowing each participant to retain control of their coins at all times so the process can be done without trusting a third party. feature provides a way to improve privacy by performing coin-mixing without relinquishing custodial access. For additional details, reference this Official Documentation PrivateSend page.
The following video provides an overview with a good introduction to the details:
The walletwallet - Software that stores private keys and monitors the block chain (sometimes as a client of a server that does the processing) to allow users to spend and receive duffs. completes two operations in this phase:
Split value into inputs matching the PrivateSend denominationsdenominations - Denominations of Dash value, usually measured in fractions of a dash but sometimes measured in multiples of a duff. One dash equals 100,000,000 duffs. by sending transactionstransactions - A transaction spending satoshis. to itself
Split value into inputsinputs - An input in a transaction which contains three fields: an outpoint, a signature script, and a sequence number. The outpoint references a previous output and the signature script allows spending it. to use for collateral by sending transactions to itself
Note: Both these operations incur the standard transaction feetransaction fee - The amount remaining when the value of all outputs in a transaction are subtracted from all inputs in a transaction; the fee is paid to the miner who includes that transaction in a block. like any other transaction
The PrivateSend denominations include a bit mapping to easily differentiate them. The
dsa message and
dsq message use this bit shifted integer instead of sending the actual denomination. The table below lists the bit, its associated integer value used in P2P messages, and the actual Dash value.
|Bit||Denom. (Integer)||Denomination (DASH)|
Protocol version 70213 added a 5th denomination (0.001 DASH).
PrivateSend collaterals are used to pay mixing fees, but are kept separate from the denominations to maximize privacy. Since protocol version 70213, the minimum collateral fee is 1/10 of the smallest denomination for all mixing sessions regardless of denomination. In Dash Core, collaterals are created with enough value to pay 4 collateral fees (4 x 0.001 DASH). (Dash Core Reference)
In protocol version 70208, collateral inputs can be anything from 2x the minimum collateral amount to the maximum collateral amount (currently defined as 4x the minimum collateral). In protocol versions > 70208, Dash Core can use any inputinput - An input in a transaction which contains three fields: an outpoint, a signature script, and a sequence number. The outpoint references a previous output and the signature script allows spending it. from 1x the minimum collateral amount to the maximum collateral amount.
The mixing phase involves exchanging a sequence of messages with a masternodemasternode - A computer that provides second-tier Dash functionality (InstantSend, PrivateSend, decentralized governance). Masternodes are incentivized by receiving part of the block reward, but must hold 1000 Dash as collateral to prevent sybil attacks. so it can construct a mixing transaction with inputs from the clients in its mixing pool.
PrivateSend Data Flow
|0||Client determines whether to join an existing mixing pool or create a new one|
|1||→||Client asks to join mixing pool or have the masternode create a new one|
|2||←||Masternode provides a mixing pool status update (Typical - State: |
|3||←||Masternode notifies clients when it is ready to mix|
|4||→||Upon receiving a |
|5||←||Masternode provides a mixing pool status update (typical - State: |
|6||←||Masternode sends the final transaction containing all clients inputs (unsigned) and all client outputs to each client for verification|
|7||←||Masternode provides a mixing pool status update (Typical - State: |
|8||→||After verifying the final transaction, clients each sign their own inputs and send them back|
|9||←||Masternode verifies the signed inputs, creates a |
|10||←||Masternode broadcasts a |
Step 0 - Pool Selection
- Existing mixing pool information is derived from the Queue messages seen by the client
- Dash Core attempts to join an existing mixing pool and only requests creation of a new one if that fails, although this is not a requirement that alternative implementations would be required to follow
Step 1 - Pool Request
dsamessage contains a collateral transaction
- This transaction uses a collateral inputinput - An input in a transaction which contains three fields: an outpoint, a signature script, and a sequence number. The outpoint references a previous output and the signature script allows spending it. created in the Wallet Preparation phase
- The collateral is a signed transactiontransaction - A transaction spending satoshis. that pays the collateral back to a client addressaddress - A 20-byte hash formatted using base58check to produce either a P2PKH or P2SH Dash address. Currently the most common way users exchange payment information. minus a fee of 0.001 DASH
Step 3 - Queue
- A masternode broadcasts
dsqmessages when it starts a new queue. These message are relayed by all peerspeers - A computer that connects to the Dash network..
- As of protocol version 70214, mixing sessions have a variable number of participants defined by the range
nPoolMaxParticipants(5). Prior protocol version mixing sessions always contained exactly 3 participants
- Once the masternode has received valid
dsamessages from the appropriate number of clients (
nSessionMaxParticipants), it sends a
dsqmessage with the ready bit set
Step 4 - Inputs
- The collateral transaction can be the same in the
dsimessage as the one in the
dsamessage (Step 1) as long as it has not been spent
- Each client can provide up to 9 (
PRIVATESEND_ENTRY_MAX_SIZE) inputs (and an equal number of outputs) to be mixed (Dash Core Reference)
- This is the only message in the PrivateSend process that contains enough information to link a wallet's PrivateSend inputs with its outputs
- This message is sent directly between a client and the mixing masternode (not relayed across the Dash network) so no other clients see it
Step 6 - Final Transaction (unsigned)
- Once the masternode has received valid
dsimessages from all clients, it creates the final transaction and sends a
Step 10 - Final Transaction broadcast
- Prior to protocol version 70213, masternodes could only send a single un-mined
dstxmessage at a time. As of protocol version 70213, up to 5 (
dstxmessages per masternode are allowed.
With the exception of the
dsq message and the
dstx message (which need to be public and do not expose any private information), all PrivateSend P2P messages are sent directly between the mixing masternode and relevant client(s).
- If mixing completes successfully, Dash Core charges the collateral randomly in 1/10 mixing transactions to pay miners (Dash Core Reference)
- Clients that abuse the mixing system by failing to respond to
dsfmessages within the timeout periods may forfeit their collateral. Dash Core charges the abuse fee in 2/3 cases (Dash Core Reference)
To maintain privacy when using PrivateSend, PrivateSend transactions must fully spend all inputs to a single output (with the remainder becoming the fee - i.e. no change outputchange output - An output in a transaction which returns duffs to the spender, thus preventing too much of the input value from going to transaction fees.). This can result in large fees depending on the value being sent.
For example, an extreme case is sending the minimum non-dust value (546 duffs) via PrivateSend. This results in an extremely large transaction fee because the minimum PrivateSend denomination (0.00100001 DASH or 100,001 duffs) must be fully spent with no change. This results in a fee of 0.00999464 DASH and a sent value of only 0.00000546 DASH as shown by the calculation below.
100001 duffs (smallest PrivateSend denomination) - 546 duffs (value to send) = 99455 duffs (fee)
Updated 10 months ago