Malthusian nonsense. I wrote about why Malthusians are always wrong:
No, Tainter; and historic fact. Diminishing return on additional investment in additional complexity until the tipping point (vulgo:the end of the society). That is socialism debt capital, not knowledge work capital. You conflate the problem with the solution respectively. |
|
|
|
More technology means more complexity, which is not the solution. It is the problem.
Societies - as the opposite of humanity - have never been something different than 'problem solving societies' (Tainter). Societies are growing rampant, endlessly until the end. They are permanently investing in additional complexity/energy/debt to solve exponentially growing problems. The Game is over as soon as the ever shrinking marginal return of additional complexity/energy/debt reaches the tipping point.
Malthusian nonsense. I wrote about why Malthusians are always wrong: http://unheresy.com/Information%20Is%20Alive.html#2nd_Law_of_ThermoYou conflate the failure of socialism with the success of technology. Without technology you'd be freezing your ass off in a cave with no fire. This is why I ignore you. I allowed for the possibility that socialism fucked everything up so much this time around, we may fall into the abyss of a Dark Age. But I am not going to let that happen. And I have the power to stop it (where my work will be leveraged by all the hackers). Now you watch and observe. |
|
|
|
Dark Ages... https://bitcointalk.org/index.php?topic=455141.msg5672089#msg5672089
P.S. John Williams (proprietor of ShadowStats.com) thinks we will have hyperinflation. He is entirely mistaken. We will have severe deflation.
You are both entirely mistaken. As soon as we have severe inflation or deflation, the game will be over and dark age begins. Japan and all other 400%-Debt/GDP economies are trying to maintain zero percent inflation until they can't. Dark Age is severe deflation, but the difference is that almost nothing has value any more. Food becomes the unit of currency and becomes much more expensive, e.g. rice was money in Japan for about 600 years during its Dark Age. This means the maximization of the division-of-labor collapses back to barter money, which means productivity and new knowledge production collapses. Agreed there exists now the threat of falling into a Dark Age. And that is why I am working so hard on a technological solution. I know you don't believe it is possible to avoid a Dark Age. You might be correct, but you also might not be. I told you upthread that my strategy is to make it so the hackers can avoid confiscation and control over their activities, so that we can create 1000X more productivity in the Knowledge Age space. I hope this can offset the collapse of 47% into technological unemployment along with a $223 trillion global debt morass with a $2000 trillion derivatives and unfunded future social liabilities. Wait to see the outcome. P.S. And I thought I was the pessimist in this forum, you are more pessimistic than me. |
|
|
|
Dark Ages... https://bitcointalk.org/index.php?topic=455141.msg5672089#msg5672089
P.S. John Williams (proprietor of ShadowStats.com) thinks we will have hyperinflation. He is entirely mistaken. We will have severe deflation.
You are both entirely mistaken. As soon as we have severe inflation or deflation, the game will be over and dark age begins. Japan and all other 400%-Debt/GDP economies are trying to maintain zero percent inflation until they can't. Dark Age is severe deflation, but the difference is that almost nothing has value any more. Food becomes the unit of currency and becomes much more expensive, e.g. rice was money in Japan for about 600 years during its Dark Age. This means the maximization of the division-of-labor collapses back to barter money, which means productivity and new knowledge production collapses. Agreed there exists now the threat of falling into a Dark Age. And that is why I am working so hard on a technological solution. I know you don't believe it is possible to avoid a Dark Age. You might be correct, but you also might not be. I told you upthread that my strategy is to make it so the hackers can avoid confiscation and control over their activities, so that we can create 1000X more productivity in the Knowledge Age space. I hope this can offset the collapse of 47% into technological unemployment along with a $223 trillion global debt morass with a $2000 trillion derivatives and unfunded future social liabilities. Wait to see the outcome. P.S. And I thought I was the pessimist in this forum, you are more pessimistic than me. More technology means more complexity, which is not the solution. It is the problem.
Societies - as the opposite of humanity - have never been something different than 'problem solving societies' (Tainter). Societies are growing rampant, endlessly until the end. They are permanently investing in additional complexity/energy/debt to solve exponentially growing problems. The Game is over as soon as the ever shrinking marginal return of additional complexity/energy/debt reaches the tipping point.
Malthusian nonsense. I wrote about why Malthusians are always wrong: http://unheresy.com/Information%20Is%20Alive.html#2nd_Law_of_ThermoYou conflate the failure of socialism with the success of technology. Without technology you'd be freezing your ass off in a cave with no fire. This is why I ignore you. I allowed for the possibility that socialism fucked everything up so much this time around, we may fall into the abyss of a Dark Age. But I am not going to let that happen. And I have the power to stop it (where my work will be leveraged by all the hackers). Now you watch and observe. You entirely don't understand knowledge production. This causes you to conflate and confuse everything. I don't need debt to program the computer, generate knowledge and increase productivity. I don't need a constantly growing tangible capital with its debt base to perpetually increase knowledge. You are conflating the effects of tangible limitations and knowledge production. Welcome to the virtual reality of knowledge and the internet. Perhaps you've been asleep under a rock for the past 15 years. Start your education here: https://bitcointalk.org/index.php?topic=355212.0 (Economic Devastation thread) Don't post any more nonsense in this thread. Go refute in the thread linked above which is not moderated by me. Readers can go there to view more of your nonsense. Now, whether or not what we have can rightly be called capitalism is another question entirely.
On that point, see this: https://bitcointalk.org/index.php?topic=495527.msg5656763#msg5656763
Zarathustra is conflating the ill effects of debt and tangible capital (which is actually inertia and liability, not assets) with the gains in prosperity that all arise from technology and human ingenuity. His assertion (I deleted the nonsense post) that knowledge can't prosper in a decentralized society (a.k.a. anarchy) is unfathomably incorrect. It is so incorrect, that he should not be included in the discussion here, because it is just noise which buries the important discussion in this thread. I've told him by private message that if he can make comments without making a long quotation of the prior post, then I will allow his comments if they don't just repeat the same nonsense without any sufficient citation or factual backup. I don't want to bury this thread in nonsense. If he feels that is censorship, then fine he can create his own thread. I rarely have to delete posts, but he goes on and on and on with the same nonsense asserting there can be no sharing of knowledge and no network effects once we have decentralization. His thinking is the antithesis of everything the internet has done and brought to us. He is correct that the complexity of the power vacuum of socialism is collapsing. But his mistake is conflating that collapse with the rise of decentralization, which is actually a knowledge networking effects phenomenon. If you get that wrong, you've got everything wrong. It is that important. P.S. my personal apology to him for being forced to delete his nonsense posts. It is not personal. I am just keeping the thread signal-to-noise ratio high. I have allowed silly posts of others to remain, because they didn't go on and on and on post after post. Btw, I have tried living like that here in the Philippines (where that photo was probably taken) and trust me, you don't want that "prosperity". Gains in prosperity are not a zero-sum game. We can produce more energy. There is no limit. The Second Law of Thermodynamics assures us that entropy trends to maximum. Even Einstein said that law is fundamental. Anarchy is not only people living in the jungle like rabbits. It is also the decentralized internet. You conflate poverty with decentralization. There is always a mix of top-down and bottom-up organization in society. It is when this balance skews too far to top-down that socialism is peaking in a big heap of debt and corruption. I know you would really like a Dark Age, but sorry you won't get one inspite of the fact that the collectivism has f8cked everything up pretty severely this time around. The reason is because the internet is too powerful as a knowledge liberating tool. And I am particularly adept at seeing what needs to be done now. The at-home 3D printing revolution will mean we can be self-sufficient and autonomous and void the 'aliens' leeches with their large capital and factories. The 3D printer can even print itself! That is the last post I will allow from you that repeats the nonsense that all progress came from collectivism. In fact, all progress came from individual discoveries! You don't even understand the basic definition of knowledge: https://bitcointalk.org/index.php?topic=355212.msg3829608#msg3829608https://bitcointalk.org/index.php?topic=355212.msg3804181#msg3804181https://bitcointalk.org/index.php?topic=355212.msg3831144#msg3831144https://bitcointalk.org/index.php?topic=355212.msg3804256#msg3804256Take the time to read those link posts above otherwise don't bother to reply. Communication and network effects are not collectivism. Collectivism is making promises to each other and binding each other in futures contracts. This is slavery, because nobody can predict every micro-event in the future. The futures contracts prevent the local annealing that optimizes the economy. I first learned this concept from Jason Hommel. Ignoring the Biblical points, you can still find the mathematical wisdom of his point: http://silverstockreport.com/2009/greenspan-misapplied.htmlhttp://www.silverstockreport.com/essays/Freedom_from_Usury.htmlI expound on the fact that only maximization of degrees-of-freedom, thus optimal fitness, via local real-time annealing is what creates prosperity: https://bitcointalk.org/index.php?topic=355212.msg4576810#msg4576810collectivism = promises = futures contracts = slavery = boom&bust You can find that theme throughout my archives. Whereas collectivism stomps on and tries to prevent fitness and prosperity. Re-read my prior post, I added to it. |
|
|
|
Dark Ages... https://bitcointalk.org/index.php?topic=455141.msg5672089#msg5672089
P.S. John Williams (proprietor of ShadowStats.com) thinks we will have hyperinflation. He is entirely mistaken. We will have severe deflation.
You are both entirely mistaken. As soon as we have severe inflation or deflation, the game will be over and dark age begins. Japan and all other 400%-Debt/GDP economies are trying to maintain zero percent inflation until they can't. Dark Age is severe deflation, but the difference is that almost nothing has value any more. Food becomes the unit of currency and becomes much more expensive, e.g. rice was money in Japan for about 600 years during its Dark Age. This means the maximization of the division-of-labor collapses back to barter money, which means productivity and new knowledge production collapses. Agreed there exists now the threat of falling into a Dark Age. And that is why I am working so hard on a technological solution. I know you don't believe it is possible to avoid a Dark Age. You might be correct, but you also might not be. I told you upthread that my strategy is to make it so the hackers can avoid confiscation and control over their activities, so that we can create 1000X more productivity in the Knowledge Age space. I hope this can offset the collapse of 47% into technological unemployment along with a $223 trillion global debt morass with a $2000 trillion derivatives and unfunded future social liabilities. Wait to see the outcome. P.S. And I thought I was the pessimist in this forum, you are more pessimistic than me. |
|
|
|
P.S. John Williams (proprietor of ShadowStats.com) thinks we will have hyperinflation. He is entirely mistaken. We will have severe deflation.
You are both entirely mistaken. As soon as we have severe inflation or deflation, the game will be over and dark age begins. Japan and all other 400%-Debt/GDP economies are trying to maintain zero percent inflation until they can't. Dark Age is severe deflation, but the difference is that almost nothing has value any more. Food becomes the unit of currency and becomes much more expensive, e.g. rice was money in Japan for about 600 years during its Dark Age. This means the maximization of the division-of-labor collapses back to barter money, which means productivity and new knowledge production collapses. Agreed there exists now the threat of falling into a Dark Age. And that is why I am working so hard on a technological solution. I know you don't believe it is possible to avoid a Dark Age. You might be correct, but you also might not be. I told you upthread that my strategy is to make it so the hackers can avoid confiscation and control over their activities, so that we can create 1000X more productivity in the Knowledge Age space. I hope this can offset the collapse of 47% into technological unemployment along with a $223 trillion global debt morass with a $2000 trillion derivatives and unfunded future social liabilities. Wait to see the outcome. P.S. And I thought I was the pessimist in this forum, you are more pessimistic than me. |
|
|
|
|
If you are really serious to read high quality discussion then AnonyMint, tortilla, DeathAndTaxes, and others make more rational discussions over at:
cryptocrypt.org
You can join by invitation only. You can send tortilla a request for invitation I suppose, if you've exhibited a high signal-to-noise ratio in your posts on this forum.
|
|
|
|
The National Wildlife Federation put out a 'Mascot Madness' report detailing climate change's impact on the actual animals. Yep those two animals pictured above definitively exhibit mannerisms of psychosis that are indicative of heat stroke.  |
|
|
|
Let them look and see all they want, they will find it boring as hell.....
These people have enough on their plate just shifting through the garbage to get to something real. People think too highly of themselves if they believe their 'precious secrets' are some kind of special things.
Typically childish mentality right there....but you don't even realize it.
You are not the center of the universe......far from it. You are too insignificant for your 'secrets' to matter. Get used to it.
Incorrect. If you have any wealth at all and don't plan to pay the 100% wealth tax coming as socialism falls into its $223 trillion global debt abyss, then you need anonymity when you reveal any information about your wealth. Ditto incorrect political speech such as what I just wrote. This will get you incarcerated in the future as we descend into another Nazi-like outcome. |
|
|
|
The solution for anonymity of the block chain (which is not IP anonymity so it is only one component of what we need in an altcoin)... https://bitcointalk.org/index.php?topic=279249.msg5670270#msg5670270So how is there unlinking of output amounts from input amounts?
Derp. Your output is equal to your input. Privacy comes from equalizing amounts. And thus my original statement was correct: Comments please on my technical statement herein? Also my statement that the CoinJoin protocol can be DOS-attacked was correct. It was a bit difficult to explain these facts w.r.t. to gmaxell's semi-coherent, incomplete explanations of his protocol. But I think I was able to help him to specify the essential requirements of his protocol. As for this specific topic, it basically seems like the level of the misery is just increasing.
My advise: talk less, do more - it will solve all your problems, I promise!
The solution was provided by gmaxell. Use Zerocoin which is an atomic operation from inputs -> available outputs. But it won't work for Bitcoin's current block chain design, because even if we could (which we currently can't) we don't want to put the Zerocoin accumulator on the block chain because we don't want to trust the PQ thus we want to the accumulator to have a preset short-term lifespan and all inputs and outputs must specify themselves with that time limit. However this can't work in Bitcoin because inputs have to sign the output addresses. Thus in Bitcoin the specification of the output addresses would make it a non-atomic operation thus it can be DOS-attacked. The solution for an altcoin (or Bitcoin if we can make such a radical change) is to make the transaction id a nonce and have the inputs and outputs sign that nonce. If the outputs are greater than inputs, then the transaction is invalid. In the rare event the outputs are greater than inputs, then we know to throw away and don't reuse the Zerocoin accumulator's PQ (because its trust is compromised) and try again. |
|
|
|
So how is there unlinking of output amounts from input amounts?
Derp. Your output is equal to your input. Privacy comes from equalizing amounts. And thus my original statement was correct: Comments please on my technical statement herein? Also my statement that the CoinJoin protocol can be DOS-attacked was correct. It was a bit difficult to explain these facts w.r.t. to gmaxell's semi-coherent, incomplete explanations of his protocol. But I think I was able to help him to specify the essential requirements of his protocol. As for this specific topic, it basically seems like the level of the misery is just increasing.
My advise: talk less, do more - it will solve all your problems, I promise!
The solution was provided by gmaxell. Use Zerocoin which is an atomic operation from inputs -> available outputs. But it won't work for Bitcoin's current block chain design, because even if we could (which we currently can't) we don't want to put the Zerocoin accumulator on the block chain because we don't want to trust the PQ thus we want to the accumulator to have a preset short-term lifespan and all inputs and outputs must specify themselves with that time limit. However this can't work in Bitcoin because inputs have to sign the output addresses. Thus in Bitcoin the specification of the output addresses would make it a non-atomic operation thus it can be DOS-attacked. The solution for an altcoin (or Bitcoin if we can make such a radical change) is to make the transaction id a nonce and have the inputs and outputs sign that nonce. If the outputs are greater than inputs, then the transaction is invalid. In the rare event the outputs are greater than inputs, then we know to throw away and don't reuse the Zerocoin accumulator's PQ (because its trust is compromised) and try again. |
|
|
|
And now our friendly core Bitcoin developer stoops to ad hominem even as he has lost the argument. He isn't even man enough to show respect to someone who showed him his protocol is broken. This is not the culture of open source. This man should not be entrusted with being a core developer of our world currency. And he won't be! I guarantee you that. https://bitcointalk.org/index.php?topic=279249.msg5665741#msg5665741Derp.
You just can't resist the ad hominem even after I've shown you were wrong all along about DOS attacks on your protocol. Sigh. |
|
|
|
Derp.
You just can't resist the ad hominem even after I've shown you were wrong all along about DOS attacks on your protocol. Sigh. |
|
|
|
Re: REDDIT: I am Tim Berners-Lee. I invented the WWW 25 years ago...For the kiddies who don't understand what we did for you... https://bitcointalk.org/index.php?topic=513051.msg5665257#msg5665257I am reviewing (inventor of the World Wide Web) Tim Berners-Lee's comments and will quote some that I think are particularly interesting to us. Click the links to read more of the comments that followed. http://www.reddit.com/r/IAmA/comments/2091d4/i_am_tim_bernerslee_i_invented_the_www_25_years/cg0ywqf?context=3How do you feel about the supposed dark side of the internet, such as the black markets? (Silk Road etc.) Complicated question. I am not a great expert on them. Simple answers include of course that illegal things are crimes on or off the web. But anonymity is tricky. We have a right to be anonymous as a whistle-blower or under an oppressive regime but not when we are bullying someone? How can we build technical/social/judicial systems for determining which right is more important in any given case? Relates to tor...What are your thoughts on the increased surveillance on internet based mediums like GCHQ's monitoring of all the Yahoo video chats. Do you personally think it should be controlled, non existent or fine the way it is now?
I think that some monitoring of the net by government agencies is going to be needed to fight crime. We need to invent a new system of checks and balances with unprecedented power to be able to investigate and hold the agencies which do it accountable to the public.Edward Snowden- Hero or Villain?
Because he- had no other alternative
- engaged as a journalist / with a journalist to be careful of how what was released
- provided an important net overall benefit to the world
I think he should be protected, and we should have ways of protecting people like him. Because we can try to design perfect systems of government, and they will never be perfect, and when they fail, then the whistleblower may be all that saves society.Thank you very much for doing an AMA.
I can not thank you enough for what you have done in inventing the web and bettering it and making content and information accessible and usable for all!
I just wanted to say thank you. I devote my time to designing and developing interactions and experiences that a simple, intuitive, and delightful.
I don't know what I'd be doing if it wasn't for your work. I don't know where the world would be without your work.
Many, many thanks!
You are very welcome! Use it any time you like ... :-)what was your first computer?
I got a M6800 evaluation kit in 1976, and built a bunch of 3U high cards, put them in a rack with a car battery in the bottom of the crate as UPS. All hand-soldered on veroboard, and programmed in hex. 7E XX XX was a long jump, and 20 XX a relative jump IIRC. The display was an old TV and some logic and a bunch of discarded calculator buttons lovingly relabeled with transfer letters. Those were the days.... Do you think in the (not too distant) future we'll look back and think ourselves lucky to have witnessed a neutral, free, and uncensored world wide web?
I think it is up to us. I'm not guessing, I'm hoping. Yes, I can imagine that all to easily. If ordinary web users are not sufficiently aware of threats and get involved and if necessary take to the streets like for SOPA and PIPA and ACTA. On balance? I am optimistic.How can all of us non-US people help with this? Just by mentioning "Your senseless laws will create dangerous precedents and will "inspire" other law-makers around the world!"?
Well, what country is free from laws or proposed laws which threaten internet freedom? Check your own country for things like CFAA, laws to allow spying or censorship, not to mention bilateral agreements agreements with the US which commit a government to enact such laws in the future!Oh wow, Tim Berners-Lee just posted on reddit. Gonna go on an off topic rant here that you will probably never read but! You are an idol to a young computer scientist. Thank you for your contributions.
|
|
|
|
I am reviewing (inventor of the World Wide Web) Tim Berners-Lee's comments and will quote some that I think are particularly interesting to us. Click the links to read more of the comments that followed. http://www.reddit.com/r/IAmA/comments/2091d4/i_am_tim_bernerslee_i_invented_the_www_25_years/cg0ywqf?context=3How do you feel about the supposed dark side of the internet, such as the black markets? (Silk Road etc.) Complicated question. I am not a great expert on them. Simple answers include of course that illegal things are crimes on or off the web. But anonymity is tricky. We have a right to be anonymous as a whistle-blower or under an oppressive regime but not when we are bullying someone? How can we build technical/social/judicial systems for determining which right is more important in any given case? Relates to tor...What are your thoughts on the increased surveillance on internet based mediums like GCHQ's monitoring of all the Yahoo video chats. Do you personally think it should be controlled, non existent or fine the way it is now?
I think that some monitoring of the net by government agencies is going to be needed to fight crime. We need to invent a new system of checks and balances with unprecedented power to be able to investigate and hold the agencies which do it accountable to the public.Edward Snowden- Hero or Villain?
Because he- had no other alternative
- engaged as a journalist / with a journalist to be careful of how what was released
- provided an important net overall benefit to the world
I think he should be protected, and we should have ways of protecting people like him. Because we can try to design perfect systems of government, and they will never be perfect, and when they fail, then the whistleblower may be all that saves society.Thank you very much for doing an AMA.
I can not thank you enough for what you have done in inventing the web and bettering it and making content and information accessible and usable for all!
I just wanted to say thank you. I devote my time to designing and developing interactions and experiences that a simple, intuitive, and delightful.
I don't know what I'd be doing if it wasn't for your work. I don't know where the world would be without your work.
Many, many thanks!
You are very welcome! Use it any time you like ... :-)Okay kiddies, I see he started in 1976 and I started with a TRS-80 around 1978 when I read this book when I was 13, and I immediately understood how a microprocessor worked. My serious programming started when I got a hold of my friend's Apple II over the summer of 1983, then I bought a Commodore 64, then an Atari ST, etc.. http://www.reddit.com/r/IAmA/comments/2091d4/i_am_tim_bernerslee_i_invented_the_www_25_years/cg0xpno?context=3what was your first computer?
I got a M6800 evaluation kit in 1976, and built a bunch of 3U high cards, put them in a rack with a car battery in the bottom of the crate as UPS. All hand-soldered on veroboard, and programmed in hex. 7E XX XX was a long jump, and 20 XX a relative jump IIRC. The display was an old TV and some logic and a bunch of discarded calculator buttons lovingly relabeled with transfer letters. Those were the days.... Do you think in the (not too distant) future we'll look back and think ourselves lucky to have witnessed a neutral, free, and uncensored world wide web?
I think it is up to us. I'm not guessing, I'm hoping. Yes, I can imagine that all to easily. If ordinary web users are not sufficiently aware of threats and get involved and if necessary take to the streets like for SOPA and PIPA and ACTA. On balance? I am optimistic.How can all of us non-US people help with this? Just by mentioning "Your senseless laws will create dangerous precedents and will "inspire" other law-makers around the world!"?
Well, what country is free from laws or proposed laws which threaten internet freedom? Check your own country for things like CFAA, laws to allow spying or censorship, not to mention bilateral agreements agreements with the US which commit a government to enact such laws in the future!Oh wow, Tim Berners-Lee just posted on reddit. Gonna go on an off topic rant here that you will probably never read but! You are an idol to a young computer scientist. Thank you for your contributions. |
|
|
|
Appears I was correct and Bitcoin core developer gmaxell was wrong. But he proposed a way to use Zerocoin offchain instead, which might be workable. https://bitcointalk.org/index.php?topic=279249.msg5663322#msg5663322Two orthogonal issues.
First, an adversary could make a 1 Satoshi input and DOS on the (3) step. You ban that address but adversary has billions more at neglible cost.
I suppose you could set a minimum input amount to avoid this. But still no problem for the adversary, he passes his BTC through a mixer can comes to hit you again and again.
I am sorry to bring you bad news Gregory but with a non-atomic operation you can always be DOS-attacked. Zerocoin may be the solution? Transaction fees and confirmation times should slow down the attacker. As for slowing down, the adversary can have many parallel addresses in play so I don't think so. Transaction fees might work if they are significant enough. I haven't studied how much the tx fees are in Bitcoin much. I think I read that certain txs can be 0 for some cases? If the adversary is mixing through CoinJoin transactions (hehe, uses what he also DOS-attacks against itself), then the blockchain tx fee is going to be shared between all parties of the CoinJoin transaction, so could it be insignificant? Edit: I've just realized the adversary can eliminate the transaction fees too, by spending those banned amounts as he normally would (e.g. day trading), thus he doesn't incur any extra cost. Edit#2: unless all decentralized CoinJoins share their ban lists (which is quite impractical to achieve as it is the antithesis of decentralization), adversary can just round-robin through them.. So I've won the argument. Checkmate. |
|
|
|
Two orthogonal issues.
First, an adversary could make a 1 Satoshi input and DOS on the (3) step. You ban that address but adversary has billions more at neglible cost.
I suppose you could set a minimum input amount to avoid this. But still no problem for the adversary, he passes his BTC through a mixer can comes to hit you again and again.
I am sorry to bring you bad news Gregory but with a non-atomic operation you can always be DOS-attacked. Zerocoin may be the solution? Transaction fees and confirmation times should slow down the attacker. As for slowing down, the adversary can have many parallel addresses in play so I don't think so. Transaction fees might work if they are significant enough. I haven't studied how much the tx fees are in Bitcoin much. I think I read that certain txs can be 0 for some cases? If the adversary is mixing through CoinJoin transactions (hehe, uses what he also DOS-attacks against itself), then the blockchain tx fee is going to be shared between all parties of the CoinJoin transaction, so could it be insignificant? Edit: I've just realized the adversary can eliminate the transaction fees too, by spending those banned amounts as he normally would (e.g. day trading), thus he doesn't incur any extra cost. Edit#2: unless all decentralized CoinJoins share their ban lists (which is quite impractical to achieve as it is the antithesis of decentralization), adversary can just round-robin through them. So I've won the argument. Checkmate. |
|
|
|
I'm glad you've admitted that your proposal for CoinJoin employing ZC doesn't work decentralized
I did no such thing. Your frequent misrepresentation in discussion makes it very difficult to justify continuing to respond to you. You removed part of the logic of the sentence. Here is what I wrote: I'm glad you've admitted that your proposal for CoinJoin employing ZC doesn't work decentralized, unless UFOs are a valid solution (are they and why?).
Surely you understand that the word "unless" means that if UFOs are not a solution, then I'm asserting you've admitted and if UFOs are a solution then I'm not asserting you have admitted. So I did not (intentionally) misrepresent your stance. You are still claiming that UFOs are a solution, thus you haven't admitted and I have never claimed you have. Note the logic of "unless" also (unintentionally) meant that you admitted couldn't think of a way to use a trusted PQ instead of a UFO. But you have apparently presented a workable idea below. Kudos! I was aware of the RSA UFO claim from the ZC research paper, but Adam Back's comments seem to imply (?) it isn't a realistic option (so to save time I trusted what I interpreted to be his expert opinion). I just now skimmed this research paper
Zerocoin itself was already not realistic inside Bitcoin due (among other reasons) to the large transaction that you have to put into the blockchain. UFOs make them larger by a small multiple. Sending a few extra tens of KB outside of Bitcoin probably isn't an issue. I agree the extra size is not likely a factor for use offchain such as a decentralized CoinJoin. Zerocoin is also not realistic inside Bitcoin because if a trusted party could create unlimited Bitcoins, that would violate basic principle of Bitcoin. That same trust issue may or may not apply if used in CoinJoin. I elaborate below why am not convinced UFOs would solve that trust issue if used in Bitcoin. On further reading, apparently UFOs are impractical because there isn't an entropy source that can be trusted to be random over such large domains. Please feel free to correct me if I am mistaken about the requirement.
WTF?! Like in everything else you use a cryptographically strong PRNG which holds as long as some underlying hash function holds, and if the hash function is distinguishable with unknown inputs from a random oracle you're already hosed in every other protocol (including your DSA signatures). I would need to look and think more deeply about the math he showed there, but seemed like he was saying that we can predict the occurrence of primes in a product probabilistically thus I am having the conjectured thought (to explore more when I have more time) that the requirements on the period (in the applicable domain space) over which the assumption that the (approximation to the) Random Oracle model must hold true may be implicitly much more vast than when we apply hash functions in Z. I am curious to think more about what he actually proved and didn't prove. I think there is much more depth to this than we can go into now. And I haven't had the time yet to wrap my mind completely around the math in that paper on UFOs. Why don't we ask Adam Back? He is a neutral party and I think he may know more about the deeper implications of the mathematical assumptions in that RSA-UFO paper. Or we can simply agree to stop discussing about Zerocoin or RSA-UFOs, which would be fine by me. Compromise of the trusted PQ in ZC allows the trusted party to double-spend coins. Thus I assume for the CoinJoin case, it would cause the number of outputs to not match inputs, so thus a form of DOS.
Yes? and so what? First— I note that you're continuing to waste time discussing the more complicated ZC thing when that wasn't what I was speaking about and do not recommend people implement (I noted it as a possibility for those were excited about ZC to find a potential application for the technology). I am replying to your comments. If you stop talking about Zerocoin, then I can stop responding about Zerocoin. I am curious about Zerocoin as a solution for CoinJoin since I am fairly certain that your proposed protocol for CoinJoin can be DOS-attacked (see my reason below). Secondly— who cares if maybe someone kept a trapdoor and could just DOS attack? If you were really worried about that case you can just keep around a couple parameter sets, track how often you fail in each case and prefer ones where you've never been dos attacked (with the users taking a majority decision or something like that).
That is a very interesting idea! Since knowing PQ doesn't allow you to snoop on the other participants' anonymity, that might be workable. And then we don't need RSA-UFOs. I don't see why you need to track how often there is failure. You simply discard a PQ where there was a DOS attack, because that is 100% evidence that PQ is compromised. E.g. in the blinded example: When you provide your inputs everyone sees your values, and you specify "this is a blinded X btc output" and they all sign that output with a key which corresponds to X btc, and obviously refuse to do so if your input isn't at least X. Later you reveal your output, and they know its value by which keys signed it.
Don't the inputs need to be signed to a specific block chain transaction? Eventually, after the transaction is formed according to the blind signatures. Could you please explain to me how an input can sign a "provably valid" block chain transaction without knowing the outputs?
At the point they sign the transaction they know the outputs (or else the transaction wouldn't yet exist). And so how can you correlate which input is the one who didn't blind sign all?
Because they refuse to sign the transaction. Everyone knows that all the outputs provided in the transaction were the unique outputs provided by the inputting parties (because they have been signed by all participants). So they all know the transaction is valid. But the DOS can occur during the blinding signing of the outputs. Great. If the DOS attack occurs during the blind signing of the output tokens then everything is totally trivial then. Since every inputting user is required to blind sign everyone else output token, if they don't— you know who's jamming the process and you ban them. Here is an overview of all the places a user could refuse to participate further: (0) If a user refuses to sign an initial introduction message that specifies their input and their blinded output (and other parameters like blind signing keys to be used), then they're just not participating as producing that message is how they join in. (1) If a user refuses to sign the blinded outputs of all the other users their inputs are blacklisted as the blind signing of everyone's output tokens is not anonymous (relative to inputs). (2) If a user (now reconnected anonymously relative to inputs) refuses to reveal their unblinded outputs, this attempt is aborted, all honest users reveal their blinding factors and withholder is deanonymized and their inputs banned. If we've made it this far we have a set of outputs which were provably created by the people who created the inputs, though we don't know the correspondence. We can form a transaction and know that the transaction matches their wishes. So we do. (3) If any input does not sign for the resulting transaction we blacklist them because we know the transaction is accurate at this point. I really cannot understand why you find this difficult to understand. Two orthogonal issues. First, an adversary could make a 1 Satoshi input and DOS on the (3) step. You ban that address but adversary has billions more at neglible cost. I suppose you could set a minimum input amount to avoid this. But still no problem for the adversary, he passes his BTC through a mixer can comes to hit you again and again. I am sorry to bring you bad news Gregory but with a non-atomic operation in the decentralized case you can always be DOS-attacked. Zerocoin may be the solution? Second and orthogonal to my point above, I don't understand this: But if the inputs are really not connectable to the outputs could I jam the transaction by using outputs that add up to greater than my inputs?
In this case could anyone work out that it was me that put in the outputs that made the transaction not balance?
No, instead they prevent you from doing that in the first place. E.g. in the blinded example: When you provide your inputs everyone sees your values, and you specify "this is a blinded X btc output" and they all sign that output with a key which corresponds to X btc, and obviously refuse to do so if your input isn't at least X. Later you reveal your output, and they know its value by which keys signed it. Appears you are saying that as a participant when I provide my input, I also specify the amount of my output? So how is there unlinking of output amounts from input amounts? |
|
|
|
Upthread I criticized DarkCoin for not realizing that CoinJoin isn't scalable in decentralized setting because it can be subject to denial-of-service attack, now time to slay another incompetent altcoin HeavyCoin: https://bitcointalk.org/index.php?topic=506774.msg5659782#msg5659782Someone private messaged me to check out HeavyCoin. Sorry I realize this post will make people angry at me. I am usually the messenger who brings technical reality which is usually bad news because most coin developers are not competent. Innovations and contributions
- HEFTY1 - a cryptographic hash function for CPU-only proof-of-work with a small memory footprint
Insufficient technical details. From what I read about their claim of SIMD as an issue. I think they fail to understand the nature of the GPU advantage. - Ultra-secure hashing - a secure strategy for using multiple cryptographic hash functions
From the Github page: Q: Doesn't Quarkcoin already implement multiple cryptographic hash functions?
A: Yes, but without increasing security against collisions. Quarkcoin (and its many clones) actually implement multiple hash functions as a simple chain of function compositions
Quark(x) = ... SKEIN512(KECCAK512( ... BMW512(BLAKE512(x))))
where ... contains additional hash function compositions using JH-512, Keccak-512, BMW-512, BLAKE-512, SKEIN-512 or Grøestl-512, which are randomly selected based on the 4th bit of previous hash outputs.
The problem is that, due to Quarkcoin's simple use of function compositions, if BLAKE512(x) has collisions, then so does BMW512(BLAKE512(x)) and SKEIN512(KECCAK512(... and so on, until we reach Quark(x), which also has collisions. Similarly, if SKEIN-512 or Grøestl-512 have collisions, then so does Quark(x). Simply put, if there's a collision attack or second-preimage attack for BLAKE-512(x), then Quark(x) is cracked. Bullshit. Changing even one input bit to a hash should randomize all the output bits. Cracking any combinations of the hashes in the chain of hashes does not increase the risk of collisions for those in the chain that were not cracked. This kind of silly mistake proves the developers are technically incompetent. Whereas their "improvement" is worse in the sense that it takes 3 cracks to make it very insecure and 2 cracks to make it perhaps insecure, whereas with Quark it takes 4 cracks. Q: How does Heavycoin implement multiple cryptographic hash functions?
A: Heavycoin takes 64 bits from the output of each of 4 well-known cryptographic hash functions (SHA-256, Keccak-512, Grøestl-512 and BLAKE-512) and interleaves these bits into a combined 256-bit hash that is more resistant against collisions and second-preimage attacks. Hope you realize that 2^64 is crackable with a server farm. If 3 of the 4 are cracked, then the 4th is useless in Heavy's design. - Temporal Retargeting - multipool protection that goes beyond Kimoto Gravity Well
- Decentralized Block Reward Voting - the mining schedule and money supply are democratically decided (total supply is still bounded to 128M)
Oh great let the early investors decide to make coins even more rare. This will be a very good experiment to show why democracy is a power vacuum.  |
|
|
|
|
Show Posts
