Anyway, can you say at least one real argument against removing RS under checkpoints ?
It isn't possible to independently verify the chain. This significantly elevates the trust model for checkpoints from choosing among valid chains to trusting that the chain below the checkpoint was valid before being trimmed. Again, tradeoffs.... The chain is verified by the fact that the block hashes are immutable. An attacker can't change the transaction data by even 1 bit and get congruence with the block hash history. The block hashes don't include the ring sigs. That's why the ring sigs can be removed without breaking the block hashes. There is no assurance that there were ever valid ring sigs there, unless you were around to see it. Afaik, the list of inputs and outputs are in the block hash. Only the proof that those inputs were signed for is discarded. No one can change 1 bit of those inputs without violating the immutable block hashes. You don't need to have been around, because the longest chain rule assures you are looking at the consensus. Zoid is correct. See edit above. You are trusting that the code that constructed that chain (i.e. accepted those inputs and outputs) worked correctly. That does not need to be the same code you are using today. You can't verify it.  |
|
|
|
Anyway, can you say at least one real argument against removing RS under checkpoints ?
It isn't possible to independently verify the chain. This significantly elevates the trust model for checkpoints from choosing among valid chains to trusting that the chain below the checkpoint was valid before being trimmed. Again, tradeoffs.... The chain is verified by the fact that the block hashes are immutable. An attacker can't change the transaction data by even 1 bit and get congruence with the block hash history. The block hashes don't include the ring sigs. That's why the ring sigs can be removed without breaking the block hashes. There is no assurance that there were ever valid ring sigs there, unless you were around to see it. Afaik, the list of inputs and outputs are in the block hash. Only the proof that those inputs were signed for is discarded. No one can change 1 bit of those inputs without violating the immutable block hashes. You don't need to have been around, because the longest chain rule assures you are looking at the consensus. Zoid is correct. (so who was spreading FUD again?) |
|
|
|
Btw, has anyone paid close enough attention to the selfish-mining paper to observe that as the attackers hashrate approaches 50% of the network, his portion of the blocks won goes to 100%.  You don't need to pay close attention. It is well known even without selfish mining that with 50+% you can reject all other blocks. I think Satoshi mentioned it. Good point, but also note the selfish mining revenue equation shows that you get very close to 100% before you hit 50%. All the anonymity tech in the world is sort of useless against the state under this current situation. Disagree. It is entirely possible the state has nothing to do with mining, nor will, and even with concentrated pools anonymity can still work. For example, perhaps the mining pools, even if concentrated, will jurisdiction shop the way the pirate bay does, or go more underground and become stateless (this could serve to decentralize them, since smaller pools are easier to hide). There are many such possibilities, not just the one guaranteed future of the state taking control of pools. That is certainly possible though. IMO very naive. But okay. We need to fundamentally rethink the longest chain rule as it is currently formulated.
Not necessarily. Another solution would be radically reducing concentration. Except that selfish mining starts at 25%, and creators of fiat can surely rent as much hashpower as they need when the time arises. Your alternative would have to be very radical spread of mining. Wait, wasn't that what I've been suggesting... |
|
|
|
Anyway, can you say at least one real argument against removing RS under checkpoints ?
It isn't possible to independently verify the chain. This significantly elevates the trust model for checkpoints from choosing among valid chains to trusting that the chain below the checkpoint was valid before being trimmed. Again, tradeoffs.... The chain is verified by the fact that the block hashes are immutable. An attacker can't change the transaction data by even 1 bit and get congruence with the block hash history. It is only a risk against an attacker that has 50% of the network hashrate and thus can rewrite the chain, but in that case you have bigger problems any way. Thus afaics, TT's concern is BS. |
|
|
|
What can you do about it besides being concerned about it?
Distribute the coin to non-investors. Btw, has anyone paid close enough attention to the selfish-mining paper to observe that as the attackers hashrate approaches 50% of the network, his portion of the blocks won goes to 100%. Bitcoin often has a single pool with 50% of the network hashrate. There is a fundamental problem here. All the anonymity tech in the world is sort of useless against the state under this current situation. We need to fundamentally rethink the longest chain rule as it is currently formulated. Some ideas were presented by ethereum. |
|
|
|
|
smooth, I think people are waiting for something BIG.
|
|
|
|
|
I dream of a coin that people don't invest in, but use, don't talk about in forums, rather brag to their every day friends about.
Well DOGE was nearly that, but the bragging was limited mostly to online hangouts.
Maybe I should name it catO.
|
|
|
|
|
I wrote that I think the majority of the community and world are not rushing to buy any of the anonymous coins yet.
If I can't figure out which is the technological superior, certainly the n00bs can't yet either.
IMO, we have months or a year or so to go before the technologies get fleshed out.
|
|
|
|
I just did it because it was interesting
Bingo! |
|
|
|
Right now DRK and XMR are the only ones getting any real attention.
Okay. But another way of looking at it is there are at least AnonCoin, CloakCoin, BBR, XMR, DRK, BTCD, Zerocash in the works, and none of those even get close to what LTC or DOGE achieved, so looks to me the wider community is still on the sidelines. So confusion I feel may be shared with others. |
|
|
|
|
Well I hope the financial motivations can be worked out. And I agree that privacy enhancement work is an important feature to have in a coin. Just don't think anonymity by itself is convincing enough yet to drive the world into a coin. And there are too many competing anonymous coins, so it is dilutive and confusing. If you asked me today which anonymous coin to hold and to hide wealth in with surety, I would not be able to answer. It is not even clear to me from a technological standpoint. So how can it be clear to the n00bs.
|
|
|
|
Mining like hell doesn't drive the price up
We had this discussion already a month or two ago. I think we've had this discussion more than once. I suggest you ask BCX about how mining at a loss for many months paid off for him with BTC ($3 to $1200) and LTC (<$1 to $30). Why not just buy the LTC? Because I think he already had the mining rigs. Sunk costs are free. Also because exchanges are not convenient for everyone (5 ids, a blood sample, etc). |
|
|
|
For me a ban means no coins can transact, i.e. it is legal action that requires an unknown justification. Rather blacklisting would be a different legal action that has established justifications already in AML, KYC laws, etc.
Okay difference of terminology then. I have been referring to a "ban" as a ban on anonymity, and a ban on anonymity as being a effective ban on a coin that has as its primary merit anonymity. Sure there are unblacklisted coins being mined, by why would anyone even want them? I did not say anything about the value and price of the coin after such an action. I was distinguishing between a ban on transacting (which seems to be legally more difficult) and a blacklisting (which seems to follow more easily from admirality law, AML, KYC, etc) which is effectively a ban on ring signatures. We agree that if a ban on anonymity is imposed and is actually effective, then there will be no anonymity. To me that is fairly obvious and uninteresting.
But my overriding point is that to protect anonymity and fungibility, mining needs to be impervious to control by the State. If that isn't possible, then I wouldn't waste my time on anonymity. |
|
|
|
For the most part I think the cheerleaders, shills, manipulators, etc. (on all sides) are mostly wasting their time and the current result is about the same as it would be without them
How sexy are ring signatures? I've never seen one in the wild. Did anyone explain how they are going to take over the world? Litecoin was mined like hell because all the GPU miners such as BCX were escaping Bitcoin as it went ASIC. A coin needs something to drive that inrush of participation. Even if we had 100X more oxygen, talking won't do a damn thing. |
|
|
|
I only deny that they can effectively blacklist within this system short of a ban.
They can blacklist, because they can effectively force users to not use anonymity. I disagree, unless you are saying that that by controlling mining they can refuse to include anonymous transactions. My opinion is that is effectively a ban. I would likewise make the same comment about forcing people to give up passwords and such. Those sorts of draconian measures may work, or they may not, but I see little point in discussing them with no real information, or lacking a complete analysis of the relevant scenarios. Again this comes down to "there might be a flaw" (The Ban Flaw). I have stated that several times. I feel like you are arguing disingenuously. I refuted your point about them needing to do it before coins have already been mixed, because:
1. There are always new coins from mining.
I don't see the relevance of new coins. How does that work? For me a ban means no coins can transact, i.e. it is legal action that requires an unknown justification. Rather blacklisting would be a different legal action that has established justifications already in AML, KYC laws, etc. New coins are not mixed with any rings and thus are not part of any blacklist cascade. They can be transacted. A blacklist can be more effectively enforced at the miners than by a law that must be enforced other ways. I really don't know what it is so difficult for you to unconflate banning an entire coin and blacklisting. Only coins in the blacklisted cascade wouldn't be allowed to transact. Indeed controlling the miners is an effective way to incentivize people to give up passwords and such, as the blacklisted coins are dead. |
|
|
|
(I'm not saying it isn't, just that you can't assume it.)
If it were my coin, I would think I should not assume it. I got the point. You guys have other priorities and you wish everybody would STFU already unless they can do most of the work. No problem. I am not learning anything new by now and this is wasting time. |
|
|
|
Oh, so you responded with a whitepaper. Really? Where is it?
I said I was writing one. I didn't say I completed it yet or that I have any reason to need to release it now. Hey it is fine with me if you all don't take BCX seriously. Apparently there have not been many confirmed TW attacks, and I don't know if any actually killed a coin. Apparently BCX stopped the Auroracoin threat. It will be interesting to see how he backpedals on this current threat. |
|
|
|
I only deny that they can effectively blacklist within this system short of a ban.
They can blacklist, because they can effectively force users to not use anonymity. I have stated that several times. I feel like you are arguing disingenuously. I refuted your point about them needing to do it before coins have already been mixed, because: 1. There are always new coins from mining. 2. They could incentivize users to escape the blacklist gridlock for the mixed coins, if the user antes up their password. This can cascade into de-anonymization of others, etc... |
|
|
|
4. BCX killed Auroracoin (which btw rpietila invested in and asked my opinion about and I warned him it would be a pump and dump) and now he tells you what the vulnerabilities of XMR are, so these have to be taken as slightly more credible than if randomjoeblow said it.
So you were also complicit all along with the grand lie used to sucker in newbies for pumping XMR. Genuinely disappointed with the charades all around and you don't get a free pass either.  MRO (Monero)
Okay, there was a reason why I wrote on alts. Cause I have just made my first altcoin investment ever! Monero has a trait which pretty much all other alts lack: slow and geometrically decreasing issuance. At present, only 5% of MRO is mined, and even after 4 years there will still be 20% left to be mined. There is no premine, and the community consists of several people Smiley Furthermore, it is at least currently a CPU coin, since the hashing algorithm is designed to make it difficult to implement for GPU let alone ASIC. These things make it "fair" so that there is no way to amass large stashes except by working for them in the competitive mining or buying in the open market. tacotime, please rethink your strategy about developing for XMR. I hate to see someone of your stature in all this  I was under the impression that rpietila only invested in XMR and BTC. Can you link or post PMs that prove your claim? smooth corrected me by quoting where rpietila posted that he had changed his mind and didn't invest in Auroracoin. I was nearly certain he was going to invest and assumed his did. I was pretty strongly against investing in it. smooth corrected you ? what/how could you presume it in the first place when in the rpietila altcoin observer thread, Risto had asserted that XMR was his first altcoin and you had been a very active participant in the thread as AnonyMint? Why the backtrack now taking smooth's question for a link as the final word? Fuzzy math ..... I didn't recall his statement about Monero being his first coin, or perhaps subconsciously I didn't believe it, because I remember he mentioned Auroracoin to me at least twice, and I was surprised that he hadn't abandoned the idea from the first time that I told him my opinion that if you distribute it for free to n00bs, too many will be sellers driving the price down. |
|
|
|
|
Show Posts
