I thought of another solution which I am sure you also thought of?

Charge a transaction fee to all inputs of the Darksend.

That may be the only possible solution that works. Anonymity won't be broken. And collateral can't be stolen.

Then Sybil attacking the master nodes won't have any effect because you no longer correlate collateral to the triple of IP, input and output. The collateral is removed from the design. You instead charge a tx fee to every input. Master node can't correlate to blind signed outputs.

And Sybil attacking the inputs will be very very costly.

The downside is of course Darksends are not free. Nothing in life is free.

Yeah I think this is your only realistic option.

Edit: but the master node can steal the tx fees. And then not include the input in the output signing. So scratch this idea.

See CoinJoin just doesn't work. I tried to tell everyone that, but they get all angry at me. Sorry.

DarkSend does charge a very small fee to use, which is fine. The fee goes to the miners.

"but the master node can steal the tx fees." That's impossible. Fees always go to miners.

No I meant the collateral payments can be stolen, not the tx fees. Are you meaning to write that collateral payments always go to the miners, thus master nodes have no incentive to lie?

In either case, master nodes can lie and steal, they just make sure they also control miner(s) (or pools).

No one can prove the master node isn't being malicious to hurt the reputation of an innocent pool or miner. Thus you can't blame the pool or miner, so you won't know if the pool or miner is complicit.

Thus you can't stop theft.

WTF is going on here I go to Mexico for a week and...AnonyMint is helping.  

Shit let's just solve the Israel/Palestine problem, we seem to be on a roll here.

ive been following this discussion , and i most say, the level of control you need to have over the network to use it for a practical sybil attack is unfeasable, my worst case scenario tells me max 10% could be controlled, now if you do run it through say 10 times, the chance of being unmasked is 10% and we are talking about several factors that have to happen..

you need the 10% to be on EVERY mixing stage - Very unlikely im not even going to try and calculate the chance

As far as I can fathom, multisig doesn't protect you because master node can just lie and say none signed. How will the other signatories know if the master node is telling truth or not?

However, I have a partial solution for this. Send the collateral payment to the ether. Then master node loses some incentive. But still the master node might lie just to harm the coin and the owners of those collateral.

I guess the inputs can forward their communications to other signatories too?

In that case, your anonymity is more broken because more nodes would see the triplet of IP, input, and output on each Darksend. Thus the percent of master nodes needed to lower anonymity would be proportionally less (e.g. if 5 signatories, then need only 1/5 as many master nodes to be adversaries).

actually, my calculations are correct,

and if your doing a 10 stage mixing, the possibilty of being unmasked is going to be small at best, because for your scenario you need to have all the 10% of bad node on every mixing stage, that is not possible, when you take into account that no master is fixed, but selected more or less randomly

@ AnonyMint - will u invest in DRK?

1.04K diff

I guess if you would have came up with the solution to this non-bug (issue), you could have claimed the bounty....  

Ya, hindsight is always 20/20 and easy....

ps.  It's dpms, not dmps