What about the 1% one pool is donating to the development?
Pays hired coders and cryptographers (rfree, tewinget, mikezackles, surae, sarang, etc etc), not the core team. What about other donations? See above. What about the herding of the Altcoin forum into your gains on the coins you bought cheap and or mined cheap? I haven't sold any of my XMR, so obviously I have a lot to lose if something were to go wrong. |
|
|
|
What's the mater with you developers? You have to believe in your product. Go all in. Don't sit here and say this is your hoby project. An anonymous crypto with the correct attributes has enormous potential. Show us your enthusiasm and commitment!
My personal choice is not to do that rhetorically, or even openly. I guess I'm the anti-shill. |
|
|
|
You can't repair ex post facto (or even now) the anonymity because you can't erase the block chain. If I am correct, it is already broken. Wasn't that the only feature of Monero?
I don't know why BCX didn't just threaten to do that instead and short XMR. No need to steal coins nor do a Time Warp.
If it's already broken, we have much bigger problems. |
|
|
|
Anonymint doesn't seem to have any affiliation with Monero and he seems to be working his ass off. Even during dinner. As a core developer you are the equivalent of the CEO and in so you have the responsibility towards the share holders (investors) to be on top of this. If I was invested in a company where they hit some serious problems I'd be pretty pissed off if the CEO said he would hit the beach with his wife and stated there are other things in life that matter, not only this company. I would expect the CEO to be working at full speed. If he couldn't solve it himself he would be networking, talking to people who potentially could, speaking to investors trying to calm the market etc. Your reply was another fail in my eyes.
I have gotten paid 0 dollars for the hundreds of hours of work I've put into this coin, so I really don't have any obligation to anyone to do anything. I'm here because I like the work and the coin. |
|
|
|
|
Look, if BCX has found an exploit he can pass it to us and we can patch our software accordingly.
If it exists and he exploits it and messes up the blockchain for a few hours (which someone else already did a few weeks ago), we'll roll back the blockchain. We've already reviewed the ring signature algorithms ad nauseum, wrote internal memos on any weaknesses, reviewed the difficulty algorithm (which is kind of lame, but, yunno, it's gotten us where we are today), and frankly wasted a lot of time and money we could be spending doing more important things.
I am thankful for the BCT circus here giving us 3-month high Poloniex volumes -- but don't be surprised if the point of all this is just to rip the shirt off of a lot of people's backs.
|
|
|
|
Remember that cryptonotepool.org.uk donates 1% to dev fund.
Noticed a precious bit of history, thanks to blackjesus, quoted below. It seems BCX is not above scooping cheap coins on these occasions
Does it add more security to solo mine? I really don't care about the return. It's not like I'm firing up new computers. It depends... solo miners are full nodes, so if an attacker starts DDoSing full nodes on the network to bring the hashrate down, it's always good to have redundancy. |
|
|
|
I have had an issue regarding Monero TX fees. I had in my wallet, exactly 1.539246463904 XMR, and sent 1.4 XMR to an exchange. The resulting transaction is in the blockchain here: https://minergate.com/blockchain/mro/transaction/6140829924b68547172fa16069a343632b6f653e8d04fb3b239b9edf55689eb6Notice the three input transactions correctly total my wallet balance, and the two output transactions total the sent 1.4. What confuses me, is the remainder of my entire balance, turned into the transaction fee, 0.139246463904, leaving me with 0 XMR. I thought the network fee was 0.1 XMR, thus I would have expected one additional output, returning the change back to me. I'm obviously haven't lost a lot here (0.039246463904 XMR) but I want to make sure I didn't make a mistake, which may result in me losing much more coin next time. Dust (amounts less than 0.1) are burned off as fees, because they can not contribute to the anonymity set of outputs. |
|
|
|
Maybe it is my fault for mentioning the factorization idea over insecure channel. TacoTime it is your fault too for enticing me to respond technically. Rpietila said all technical communication would go through smooth over the secure channel.
Maybe we have forced BCX's hand, because someone else could figure out the exploit from what I've stated publicly. I dunno.
Forgive my lack of OPSEC for this one... I'm more concerned with the science of the proposed attack (from BitcoinExpress), I just can't follow it completely. |
|
|
|
Please enlighten me. Has BCX promised this? If yes, why? Is it because of that one cocky idiot in this thread?
Or is it because of my actions?
I can tell you how to protect your private keys if you stop being arseholes to me. Is that not helping?
I'm a little perplexed by what BCX is saying... I'm not sure how timewarp bugs are relevant to the attacks we're talking about at all. |
|
|
|
Geez I was so worried about how I would be anonymous in the future and it seems I have the opposite problem and can't even convince people who I am. Perfect.  I am 60% sure I have an amplification to their paper which makes the attack much more plausible and pervasive. I need to go eat, then I need to write some code for an algorithm for smooth to document more precisely what I mean by the amplification. Okay. My guess though is that you'll came to the same conclusions we did independently too -- assuming that Hp is a cryptographically secure hash function that acts as a random oracle perfectly and that q values are generated totally randomly, that recovery of x (private key) is impossible so long as your PRNG isn't compromised. And, if your PRNG is, then you can't even generate non-ring signatures securely. |
|
|
|
TT, I am trying to determine if the Sybil amplification I outlined was in your paper or not and whether or not that elevates to a much more serious threat.
Sure, Try my python code, which outlines a similar attacker output-saturation attack. This is a worst case scenario, in which the attacker is generating outpoints from the beginning of the chain onwards, and depends on coins not breaking onto different denominations but rather staying the same denomination. So, it's a little contrived. The success of the attacker with totally random output selection of inputs by all users becomes exponentially more difficult for the attacker the later he begins spamming outputs. import math
import random
# cryptonote transactions
# mixin = mixin level (outputs mixed in that are not yours)
# mixedIn = outputs by index (simulates ref by hash)
# these are stored as a list of ints.
# unrevealed = number of revealed outputs mixed in.
# these are stored as a list of ints.
# this assumes that all outputs are of the same size
# or at least equally mixable (gmaxwell/andytoshi scheme).
class transaction():
def __init__(self, mixin, mixedIn, unrevealed):
self.mixin = mixin
self.mixedIn = mixedIn
self.unrevealed = unrevealed
def revealAllOutputs(self):
while len(self.unrevealed) > 0:
self.unrevealed.pop()
# Remove outputs that have been revealed
def revealOutput(self, outputIndex):
if(self.unrevealed.count(outputIndex) > 0):
self.unrevealed.remove(outputIndex)
# Count number of unrevealed outputs
def unrevealedOutputs(self):
return len(self.unrevealed)
class ledger():
def __init__(self,
transactionsTotalPerTrial,
numberOfTrials,
maximumMixinTested,
revealPercentage):
self.transactionsTotalPerTrial = transactionsTotalPerTrial
self.numberOfTrials = numberOfTrials
self.mixin = mixin
self.revealPercentage = revealPercentage
self.ledger = []
self.knownRevealedOutputs = []
for numberOfTransactions in range (0, transactionsTotalPerTrial):
# if there aren't enough elements to list, then
# just mixin as many elements as possible.
if len(self.ledger) < self.mixin+1:
mixedIn = []
revealed = []
for i in range(0, len(self.ledger)):
mixedIn.append(i)
revealed.append(i)
self.ledger.append(transaction(len(self.ledger), mixedIn, revealed))
# otherwise, pick some random elements to mix into
# the ring signature and make a new tx.
else:
mixedIn = []
revealed = []
for i in range(0, self.mixin):
randomOutput = random.randint(0, len(self.ledger)-2)
# can't remix existing elements, so find an
# output we haven't mixed yet.
while (mixedIn.count(randomOutput) > 0):
randomOutput = random.randint(0, len(self.ledger)-2)
mixedIn.append(randomOutput)
revealed.append(randomOutput)
self.ledger.append(transaction(mixin, mixedIn, revealed))
# choose your outputs to reveal.
outputsToReveal = []
for i in range(0, int(revealPercentage * transactionsTotalPerTrial)):
randomOutput = random.randint(mixin, transactionsTotalPerTrial-1)
while (outputsToReveal.count(randomOutput) > 0):
randomOutput = random.randint(mixin, transactionsTotalPerTrial-1)
outputsToReveal.append(randomOutput)
# reveal the outputs by calling the recursive recursiveReveal
# function.
self.recursiveReveal(outputsToReveal)
def recursiveReveal(self, outputsToReveal):
while len(outputsToReveal) > 0:
revealedOutput = outputsToReveal.pop()
# reveal all outputs for this output.
self.ledger[revealedOutput].revealAllOutputs()
# if it's been mixed somewhere, remove it
# from that list.
for i in range(0, transactionsTotalPerTrial):
self.ledger[i].revealOutput(revealedOutput)
self.knownRevealedOutputs.append(revealedOutput)
# diff the ledger and outputsToRevealOriginal to uncover any
# newly revealed outputs via chain reactions.
newlyRevealedOutputCount = 0
newlyRevealedOutputs = []
for i in range(mixin, transactionsTotalPerTrial):
if self.ledger[i].unrevealedOutputs() == 0:
if self.knownRevealedOutputs.count(i) == 0:
newlyRevealedOutputs.append(i)
newlyRevealedOutputCount += 1
if newlyRevealedOutputCount == 0:
return
else:
self.recursiveReveal(newlyRevealedOutputs)
# count the number of totally revealed outputs and return them.
def getTotallyRevealedOutputs(self):
totallyRevealedOutputs = 0
for i in range(mixin, transactionsTotalPerTrial):
if self.ledger[i].unrevealedOutputs() == 0:
totallyRevealedOutputs += 1
return totallyRevealedOutputs
def getVariance(yourList, mean):
length = float(len(yourList))
sum = 0.0
while len(yourList) > 0:
x = yourList.pop()
xDiffSquared = math.pow(x - mean, 2)
sum += xDiffSquared
return (sum / (length - 1))
transactionsTotalPerTrial = 2000
numberOfTrials = 25
maximumMixinTested = 7
revealPercentage = 0.50
# open file to write the results to disk.
f = open("results.txt","w")
f.write("Transactions per trial: " + str(transactionsTotalPerTrial) + "\n")
f.write("Number of trials : " + str(numberOfTrials) + "\n")
f.write("Maximum mixin tested: " + str(maximumMixinTested) + "\n")
f.write("Reveal percentage: " + str(revealPercentage * 100) + "%\n\n")
for mixin in range (1, maximumMixinTested+1):
f.write("mixin = " + str(mixin) + "\n")
allTrialResults = []
for trial in range (0, numberOfTrials):
# ledger is the list of all transactions
trialLedger = ledger(transactionsTotalPerTrial,
numberOfTrials,
mixin,
revealPercentage)
totallyRevealedOutputs = float(trialLedger.getTotallyRevealedOutputs())
# determine the ratio of revealed outputs.
revealedOutputRatio = totallyRevealedOutputs / float(transactionsTotalPerTrial)
# store this ratio.
f.write(str(revealedOutputRatio) + ", ")
allTrialResults.append(revealedOutputRatio)
f.write("\n")
averageOfAllTrials = reduce(lambda x, y: x + y, allTrialResults) / len(allTrialResults)
varianceAllTrials = getVariance(allTrialResults, averageOfAllTrials)
revealsFromChainReaction = averageOfAllTrials - revealPercentage
nonAttackerRevealPercent = revealsFromChainReaction / (1-revealPercentage)
f.write("Average revealed output ratio: " + str(averageOfAllTrials * 100) + "%\n")
f.write("Reveals resulting from chain reaction: " + str(revealsFromChainReaction * 100) + "% +/- " + str(varianceAllTrials * 100) + "%\n")
f.write("Percentage of non-attacker outputs revealed: " + str(nonAttackerRevealPercent * 100) + "%\n\n")
f.close() We've known about this for a long time, I'm just wrapping up my work on completing the fix for it now. There are two other non-trivial de-anonymizing attacks that I'm writing proposals to mitigate now too, can you find them? |
|
|
|
So far the only thing we've heard talked about is a thereotical attack that we already outlined privately weeks ago and released a paper about: http://lab.monero.cc/pubs/MRL-0001.pdfAnd which we've already been actively developing a protocol to mitigate for the past month. We're reviewing both our implementation and our theoretical framework, but we're still coming up with nothing. |
|
|
|
James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch. Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to.  Perhaps you forgot it is not just a digital signature as in Buttcoin. https://cryptonote.org/whitepaper.pdf#page=7First, the sender performs a Diffie-Hellman exchange to get a shared secret from his data and
half of the recipient’s address. Then he computes a one-time destination key, using the shared
secret and the second half of the address. Two different ec-keys are required from the recipient
for these two steps, so a standard CryptoNote address is nearly twice as large as a Bitcoin wallet
address. The receiver also performs a Diffie-Hellman exchange to recover the corresponding
secret key. Security of ECDH key exchange is trivially provable. The only thing I can think of that *might* be insecure is the ring signatures themselves, though I don't know how. |
|
|
|
* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. Most are what I call annoyance attacks, that would be fixed and the coin would probably survive, but one is a coin killer. In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed. These exploits are why two top exchanges who have asked for my opinion have not added XMR. Can you disclose this vulnerability privately to us so we can fix it? |
|
|
|
|
It's kind of sad... Monero has attracted some of the smartest minds I've seen in cryptocurrencies and cryptography, but we don't have enough money to pay to developed even 1/4 of the things we need to. It costs about $100-150 an hour to contract a decent programmer to hack (and please don't start on the value of third world programmers, if you're talking about that you've probably never used them), or $800-1200 a day. I would estimate that ByteCoin put in about a half million USD to get their project off the ground, which is probably why they've been trolling us so hard. But, the fact of the matter is, we're either paying out of pocket or (like me) working completely for free.
Monero is about a lot more than pumping and dumping -- it uses many of the features that have been desired from core devs over time like privacy and faster/more secure EdDSA (which uses Schnorr signatures). But there are major, major architectural overhauls to the core code that need to be done to give it even a fraction of the usability of BTC, and I fear we won't be able to afford that. I suspect we need at least 0.25-0.50M USD per year to keep things moving along smoothly, and we're not getting close to $21K USD a month in donations.
|
|
|
|
I guess they do not realize that they are really turning off 90% of the community with their bs.
I have no idea who is behind this, but it's got nothing to do with risto&friends or the core dev group. I assume it's a weird reverse psychology thing from competitors, spurred on by the fact their own shilling for their currencies was painted with a lot of backlash. For some odd reason a lot of the recent Monero spam began when a lot of the other spam for a bunch of unrelated CryptoNote coins ended. |
|
|
|
Is Zerocash still being developed?
I assume that Green's lab is working on it. This is academia, everything takes a year or two longer than people think it will. |
|
|
|
with the high fee,you loose XMR already before you can start trading  If you are mining, you are receiving the fees as well as paying them. I don't know what the problem is with your wallet (post more specific information if any) but I would guess that sending in smaller chunks will be a successful work-around. wallet is from the newly release client ,I'm able to sent 100 XMR seems to be most I can send,from this wallet specific info? like what I posted after hitting enter on the wallet in red color it says.Error:Failed to find a suitable way to split transactions This usually happens if it fails to find a way to make a tx within the given max tx size. I would try sending smaller amounts. Still, strange to see you get that error. https://github.com/monero-project/bitmonero/blob/83276bf92d44c1aa1b6acbd9879f70e806f12af6/src/simplewallet/simplewallet.cpp#L1011-L1014 |
|
|
|
Very nice!  Two things: 1) You have probably already asked Zazzle about accepting monero but i would urge you to try a bit more or at least find someone who is willing to accept xmr and pay them in fiat. I would really like to see my XMR being used for buying these things! 2) Any (risky) timetable about blockchain and that awesome GUI? Or maybe we can wait until Friday's chat?  There are a couple of companies waiting the do 1), we told them to wait for proper GUI and blockchain. |
|
|
|
|
Show Posts
