Using the RSA modulus from world renowned RSA factoring challenge of unknown factorization
|
|
|
Any summary on zero cash?
ZeroCash is fast and has tx small enough to actually use in a normal blockchain, however the problem is trustless generation of the accumulator and circuit parameter files. Using a non-trustless (centralized) parameters generation, you're already looking at 8 GB for parameters alone. Although no reasonable proposal for trustless generation has come forward, my guess is that trustless parameter generation would result in an even larger file. If you use centralized parameters generation, it'll always be possible for the central party to secretly spend or generate as many coins as they'd like to without anyone ever knowing, so it's a big issue.
|
|
|
They are basing it off of zerocoin, which was abandoned for a reason. He hasn't answered any questions relating to it and keeps deleting mine about it.
ZeroCoin was already implemented on the AnonCoin testnet... but there's so many issues with that implementation that it'll never be useful, I think. The signatures/tx are 128kb (and hence need to be pruned from the blockchain very quickly), verification of a single tx is measured at around 4-10 seconds (making DDoS of nodes trivial), and the distributed accumulator setup was extremely suspect. This was more or less why ZeroCoin implementations have been dead in the water.
|
|
|
Awesome - thanks for the update, Taco. Regarding test coverage, are you looking for participants or do you just need to go through more test scenarios?
I still have a lot of work to do first. Additionally, the source code for this has basically been licensed to a third party purchaser for first use of the software. When we move further from alpha I'll let you know if they're looking for some exclusive beta testers, I know you've been here for the start so maybe I can see if I can get them to draft an NDA for you in the future and let you play with it. They're just wary about someone running off with it at this time.
|
|
|
2014/11/02 18:22:11 Spent/Missed Ticket Ntfns ---------------------------- 2014/11/02 18:22:11 Spent for missed tickets for block Hash: 209928e582553c958dd11305b3a8a77f00a25d8283bbdd66edf2153ffbac856b, Height: 756 2014/11/02 18:22:11 Spent or missed tickets: 2014/11/02 18:22:11 Ticket hash: f2ac1d8268bd571e95fbbefa4f7f938c9dbab3dccf8a7a9b98f8be6f5f8d85ab Ticket status: Spent 2014/11/02 18:22:11 Ticket hash: 5f18b61ee9f048751b7b24c67ed67649a0e31d17e2a7cd556c37d85e007e490c Ticket status: Spent 2014/11/02 18:22:11 Ticket hash: 704c764d72f44e578b30878b4a5acecbb618a04739058b0a3230b7f0c1f66ea1 Ticket status: Spent 2014/11/02 18:22:11 Ticket hash: aaac41a106a22f1aabc340515f5aa872bf88c86c4d2ccc5a9fcefec7d6115814 Ticket status: Spent 2014/11/02 18:22:11 Ticket hash: caf80942bb9d29fc307950d1490e5b55d19979383754c9e8c5d0a4fdcc089cea Ticket status: Spent 2014/11/02 18:22:11 End Spent/Missed Ticket Ntfns ------------------------ 2014/11/02 18:22:11 New Ticket Ntfns ------------------------------------- 2014/11/02 18:22:11 New tickets for block Hash: 209928e582553c958dd11305b3a8a77f00a25d8283bbdd66edf2153ffbac856b, Height: 756 2014/11/02 18:22:11 New tickets: 2014/11/02 18:22:11 Ticket hash: 4e2de8bbd8b2e77400f973aaf50bc4f31153410605d99d20d3f4d2c8c97efa03 Ticket number: 15 2014/11/02 18:22:11 Ticket hash: 8303375227da584351ac5831ca8cb59e9f1b138884a8a104af231417fcd650b0 Ticket number: 28 2014/11/02 18:22:11 Ticket hash: ee3e853c33a2be97eb15c18ca2a3203ffee2c19de8b02566b66cbc72608f69c8 Ticket number: 46 2014/11/02 18:22:11 Next block winner: 58, overflow 0 2014/11/02 18:22:11 Current active tickets in pool: 492 2014/11/02 18:22:11 End New Ticket Ntfns --------------------------------- 2014/11/02 18:22:11 Block connected: Hash: 209928e582553c958dd11305b3a8a77f00a25d8283bbdd66edf2153ffbac856b, Height: 756 Simulation network is operational and fairly well functioning, there are a number of issues that need to be fixed including a rather severe memory leak. Test coverage is still low.
|
|
|
Is this implemented in any current PoS systems?
Yes, I implemented it in MC2, although currently that is in testing and not available publicly. The paper for that needs to be entirely rewritten too, so I guess there will be a lot more information when it's actually FOSSd. My security assumption is: "PoW provides the primary security of the system even with PoS enabled. If PoS breaks the system, we hardfork back to PoW."
|
|
|
We're currently testing per KB transaction fees, we will roll them out on mainnet when we are done testing.
|
|
|
This makes the assumption that women were ever into Bitcoin in the first place.
|
|
|
sounds safe lol is there anything wrong with the POW It's extremely slow. Verifying with only a single CPU core on a modern Intel CPU, it takes almost two hours just to verify the current blockchain. You can verify the Bitcoin blockchain in seconds.
|
|
|
Im about to start a CryptoNote clone, Breakoutcoin, just for the ring-signature feature. The only thing that concerns me from this thread is the speculation that there may be backdoors in the core code.
Has there been a real code review either by Monero or others?
From when I first discovered CryptoNote, I couldn't figure out why it wasn't taken more seriously? Why the need for darkcoin and all, when CN does it all in the blockchain?
Yeah, exactly, btw no backdoors found so far, you can read technical details here: https://lab.monero.cc/Thanks. also, do you know if CN uses the same elliptical curves as bitcoin for private/public keys that make up addresses? http://bitcoin.stackexchange.com/questions/30911/how-to-convert-from-bitcoin-address-to-cryptonoteNo, it uses EdDSA which are Schnorr signatures (provably secure under the random oracle model, unlike secp256k1)
|
|
|
The main advances over BTC in MC2 are 51% attack-resistance, less blockchain bloat, and a democratic system of altering certain parameters; is that correct?
The democratic aspect worries me a bit. I'm not so impressed with the results of democracy in the real world, where it appears that democracies are susceptible to hijacking by wealthy factions, who then alter the laws to favor themselves. Eventually these factions make themselves into oligarchs. Isn't it better to have a philosopher-king dev who is committed and incentivized to "do the right thing" vis a vis the coin?
Voting by stakeholder for anything aside from voting on PoW will be unspecified from my prototype, I'm just laying the groundwork for the voting. Update: - Core consensus code for the PoW/PoS completed but virtually untested - Auxiliary database code completed - Supporting RPC calls at about 50% complete - Simulation network for testing about 50% complete - Test coverage approx. 15-20% - New difficulty algorithm for PoS system Will be moving onto simulation network testing this month, progress is more or less on time.
|
|
|
I'm personally okay with the discrete logarithm problem being the central failure point of privacy features in Monero.
Why use Bitcoin when you can use banks?
|
|
|
My guess is because they make determinism easier in terms of the block header or tx structure. There have been some minor irritations around CryptoNote with using varint in the block headers. For instance, some programmers for miners presumed incoming header payload sizes of 80 bytes, but if the difficulty overflows you end up with 81 bytes. Thus when the header overflowed 80 bytes due to difficulty miners broke.
|
|
|
I already talked to someone connected with BTC-e a while ago, they said they aren't really interested in adding new coins (rather, they're trying to still remove old and shitty alts).
|
|
|
Hi ppl,
As for today, Is monero 100% anonymous and untraceable?
No. Please don't use Monero recklessly. The technology is still in its infancy and we're working hard to improve a number of deanonymizing related vulnerabilities for ring signatures. Think Tor in the very early days, there were many security issues. That said, it's the most promising privacy tech I know of and is passive in nature, so when the bugs are worked out it I think it'll work nicely. In the meantime, it's still much more private than Bitcoin.
|
|
|
That is a great solution. If I understand correctly, the goal is to allow Monero to penetrate general acceptance in it's current emission, and then tail off to an inflationary cycle for perpetuity during the general use everyday stage?
I would just like to revoice my concern that in the case of a 1% post-mine or block reward subsidy to devs, this general acceptance is less likely to occur due to the attitude of the general crypto community. They will all (rightfully) bash Monero as a scam if there is any sort of atonement to the developers, even if it is only to repay costs. While it isn't fair for developers to subside gains for whales, it is also not fair to jeopardize the entire project for the sake of the few (but important).
Yeah. Currently with XMR we won't see single digit inflation until well into year 4, so between now and then users will be able to buy in cheaply.
|
|
|
The only moves that I will commend with regards to emission are that if you don't like the emission, either fork and try to get people to use your fork or to just create a merge mined coin with a longer emission.
Just to be clear, that means that emission will remain like it is except obviously for what to decide for the final years OR that in case emission is changed we can always fork it and do whatever we want? Oh, sorry, I meant with regard to increasing inflation dramatically at the current time, not the perpetual inflation at year 10 as discussed a long, long time ago and which was generally well received by the community. This I am strongly in support of, but a lot of my support for this is in the anticipation that it will secure the network perpetually.
|
|
|
The only moves that I will commend with regards to emission are that if you don't like the emission, either fork and try to get people to use your fork or to just create a merge mined coin with a longer emission.
|
|
|
Formal response from core team forthcoming.
|
|
|
Your mathematicians didn't address that rs = qs - csx mod l is also known, where qs is unknown.
q s is unknown (and random) which makes the above equation more or less useless for solving for x, this will be addressed in a later memo. Did you see TT just deleted his post Anonymint edited his post, so I had to address the edit.
|
|
|
|