The best (arguably only) working implementation of block chain privacy. Marketing-type crap if you are interested: https://cryptonote.org/inside.php

You could arguably say that Bytecoin has that as well (and it was first) but unless you want an 82% hidden premine/ninjamine, Monero is better.

This point was made years ago in the context of Bitcoin, but I'm sure it has been rediscovered many times.


I seriously doubt this latter number since approximately 100K is on Monero alone, and Monero is a modest if growing part of the altcoin universe.

EDIT: It could be in the high hundreds of thousands, it is low 100Ks that I doubt. Given the likely efficiency factors between dedicated miners and botnets this translates to botnets of millions. Or to put it another way, we are likely close to the point, if not there already, that botnets are not a major (security) threat. I leave open the question of economic theories.

Furthermore this entirely ignores all of the factors that separate one botnet machine from one dedicated miner. Duty cycle if nothing else should be at least some significant factor. You mentioned a countermeasure of "just mine on one core" but that obviously reduces capacity significantly.


Mixing works just fine. I've used it dozens if not hundreds of times.


"Can't" be fixed is a bold statement. Care to offer proof of that? Because there are ideas being developed for doing just that (that might not work).

Being able to trade other coins against XMR is itself a valuable use (speculation) for the coin that puts it ahead of just about every other coin (other than LTC and BTC of course).

What makes a coin valuable ultimately is that it is useful, and these trading pairs are an important milestone on that path for Monero.

2 GB of memory?

Dual core (Intel) i5 CPUs have only 3 MB of cache, so they will mine Cryptonight at less than half the speed of the higher end quad-core i7s with 8 MB (which are roughly comparable with mid-range GPUs). That is assumes they are turned on and that they aren't in use such that mining needs to suspend or background itself.

All that conspires to make one of these machines worth a lot less in a botnet compared to a dedicated miner. Obviously botnets can be large, but I don't know how large. With the equivalent of 100K miners already on the network, it takes several hundred thousand of these in a botnet, at least, to become problematic from a security point of view. Smaller botnets add to the security of the network, which is my primary concern, not economics.

I disagree with the economic argument about botnets being important "because they get cheap coins" for two reasons:
1. Botnets are a finite resource and if mining with them is so profitable because they get cheap coins more botnets will join the network until the coins are no longer cheap (a combination of botnets getting scarce and the difficulty going up), and 2. given opportunities to trade the coins will end up with whoever values them the most anyway. That may well be some whale who buys them from the botnet owner, or the botnet owner might himself be a whale. The rich get richer, (almost) always. It is fair that we agree to disagree on this point.

I will say one thing about what I think about Monero generally. I think it is a bloody mess, with lousy code we essentially found half-finished in some dead guys attic (to speak in metaphors). But what it does, it does better than any other delivered coin (by a wide margin), and I believe that many of the most serious problems can be addressed in short order (some already have).

In fact I would guess that the reason you pay so much attention to Monero is that you agree it is by far the best implementation of decent privacy on a blockchain that exists today, and therefore the closest to something you seem to think is important. It may not be what you think it should be, and it may not ever get to what you think should be done, but it almost certainly is the closest today and may very well be the closest in the future as well.

Gaming machines are certainly going to be newer than many light-usage home machines (web + email generally). I don't know what cafe machines are like.

I also think gaming machines are likely to be running newer software better maintained, less frequently used for random crap on the Internet (no time since the gamers are spending 20 hours a day gaming). So in general less likely to become part of a botnet. This does not mean that no gaming machines are part of botnets, but the number is likely quite small, relatively speaking.

If the number is not small, then why are GPU-mined coins allegedly not overrun by botnets, and the why is the problem of botnets attached to CPU-mined coins?


I don't agree with it. I expect the fairly frictionless marketplace to sort out to more or less the same ownership as would otherwise exist. People who value the coin more will buy it, and the botnet owner who already owns a valuable asset, the botnet will sell it for whatever he values most, giving him a return on his asset.


I am pretty sure it is flawed. I don't care. Everything is flawed. If you mandate perfection, you spend years contemplating everything and delivering nothing.

I prefer to deliver something that might work, and then see if it does. The world is complex and chaotic enough that I don't believe this is knowable without real world experience.


None. As a volunteer I work on things that interest me. Neither of those interest me particularly.

Phones already have numerous ASICs. I guess one might expect that to go in the direction of phones becoming an ASIC (at least the IC components). But again the hard part is getting your favorite features into the ASIC(s) if you aren't a big player like Apple, Verizon, or NSA.


I think I saw an Intel white paper that claimed their implementation was competitive with other hardware implementations of AES. But the bigger issue is how AES is being used (for proof-of-work). If you are using it in some idiosyncratic way, an ASIC may outperform a lot.

If botnets are predominantly 32 bit (I don't know, but this claim is often made) then they are primarily older computers as well, with smaller caches, often no AES-NI, and (on cheaper models at least) fewer cores. That is much more than 2x. Together it is closer to 10x.

The numbers I've seen are that roughly 50% or perhaps slightly more of Windows 7 installs are 64 bit and Window 8 installs predominantly are 64 bit. 32 bit computers are going to have a high concentration of Windows XP (i.e. old, mostly corporate) or Vista (still hard for me to believe anyone ever used that, but there is a percentage out there).

I don't doubt there are some botnets that target higher end gaming computers, but we don't have numbers. The article cited prices "per 1000" but we don't know how much that can scale. 10K computers for example, would only serve to further secure the network, not attack it.

Without further data I remain unconvinced that botnets are frequently high end systems with good GPUs. And of course if they are then the whole argument of GPU mining being GPU-resistant is completely wrong. Even then the size distribution matters a lot.

EDIT: There is another factor I forgot. Since the botnet has to evade detection it will run at a lower duty cycle, only mine when the computer is even turned on, and suspend or slow down mining while the computer is in use. This likely reduces efficiency over an intentional miner by at least a factor of 2, but perhaps 5 or more (if the computer is powered down a lot).

This is extremely unlikely unless some very, big player (Intel, NSA, perhaps entertainment industry, etc.) has an ulterior motive.

It took years before even audio got widely added to motherboards.

Margins on motherboards are tiny. Nothing gets added unless it is very widely demanded (or, as above, pushed by an external agenda).

If your coin becomes enormously popular, then after several years an ASIC for it might get added to new motherboards, and then several years after that a large portion of the installed base will have them installed. This is at least a decade of lag.

As you mention in your subsequent post, algorithms that make use of recent CPU and OS features are likely to hinder botnets to a significant degree. This is already the case with Cryptonight. Older botnet computers are less likely to have AES-NI, more likely to be 32 bit, and more likely to have older, slower CPUs with fewer cores and/or less cache. Together these reduce the effectiveness of a botnet computer relative to an efficient CPU or GPU miner by perhaps a factor of 10. Exotic botnets (routers, etc.) will fair much worse.

Currently the Monero network consists of the hash rate equivalent of very roughly 100K modern desktop computers (64-bit, AES-NI, 8 MB cache) or mid range mining rig GPUs (750 Ti, etc.). For a botnet to 51% attack that would require roughly 1M of these more-likely-to-be-botted computers. That is certainly possible, but it is a obstacle. How many botnets are 1M+?

Smaller botnets that decide to honestly mine instead of attack increase the hash rate and help secure the network against attacks. They are a problem for the computer owner, but they help secure the coin just like any other miner. The more of these there are, the harder it is to ever attack the coin, even with a botnet. How many smaller botnets are there compared to 1M+ bot ones?

Stop using the new replies feature. Use the watchlist feature instead.

In theory. Politically, good luck with that.

Yes I agree mining while charging makes great sense. Given the number of smartphones out there it could represent a huge resource of computing power, possibly larger than computers someday even if only operating for part of the day.

Bitcoin is not a big phenomenon on the scales Intel cares about.

I find it hard to believe that any form of PoW mining (regardless of algorithm) on a smartphone would ever be popular given battery life considerations.

You can use any wallet public address, either yours or someone else's. For example, if you want to contribute to the developer team, you can use our donation address (see here for the address).

Yes it is true that for one computer solo mining you likely won't find a block any time soon (if at all), but if a group of people all solo mine (for example to a donation address), one of you likely will on a semi-regular basis (with 100 people doing I think you may average close to a block per day). Furthermore even if you don't actually get a block you are still helping to secure the network.

Pool mining makes sense if you want consistent income, but with only one or two computers the amount of income will be tiny anyway (<$1/day). This makes more sense if you are building a significant-size farm and need the consistent income to pay bills.

A disadvantage of this approach is that, as you say, inner hashes are repeated.

Perhaps the two approaches can be combined.

A small snapshot.bin can be distributed, containing the outputs with the highest value or perhaps those somehow deemed "most likely" to be claimed (which might in part be a function of value, perhaps age, etc.). Those can be claimed by direct reference without a proof. For holders of the rest, a claim would need to be made using the (less space efficient) proof.

You're missing the point. It isn't about dildos specifically, that was just your example.

It is about tools being developed with that mountain of data that allow much of to be tracked, linked, and identified. It won't be targeted at you specifically (usually not at least), but it will be done in the aggregate and a great deal of identification will drop out. Have you ever posted a bitcoin address online? If so, and if you weren't extremely careful, that address can now be linked to your online identify, perhaps linked to other addresses of yours, and certainly linked to addresses of people who have transacted with you (who may also have posted addresses online, though not necessarily the same one you used) and indirectly (computers are good at this) linked with (many, many) other known addresses.

Here is one small example (though the graphs and tables in the paper are interesting, scary, and worth a look), and this is just the very, very beginning (think "cookies" as a privacy issue in web browsers a decade or more ago):


http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf

Obviously I wouldn't know if you bought dildos from a vendor who sells a variety of goods. That goes well beyond payment.

But if I wanted to know if you bought something from a store that specializes in didoes, I would go ahead and buy some dildos myself from several of these stores, and then look for linkages. But I wouldn't personally need to do this myself, because it is easy for people (and more importantly, because they will likely do it at scale, businesses) to create these sorts of databases on the Internet.

The Internet advertising industry is built around creating databases that track people and share information between millions of web sites. This was not really by design, it is just that the web was also not explicitly designed to protect privacy, and clever people figured out how to track and link. A decade later and we have an whole industry doing it, with almost everyone tracked and identified.

I really doubt we want that kind of tracking and information sharing extended to payment, at least I don't. I prefer my payments remain at least as private as they were before Bitcoin, not less.

Maybe a full snapshot.bin is published somewhere as a Merkle tree but only the root hash need be distributed? To make a claim you post a proof that your claim is supported by an entry in the tree.

Shouldn't it be possible to resolve this by looking at the mirror site that does not delete posts?