A direct question that has no hope of being answered directly.
Why are you attacking Monero?
Here is my guess... He already told the devs with a public post that too fast of difficulty adjustment and throwing away 20% of the timestamps are weaknesses. The devs were given approximately 25 days to rectify those flaws, and thus far afaik have not done so. Perhaps the devs didn't see any flaws in those design decisions. I thus expended some effort to broad-stroke outline some ideas of potential attacks that require one of those weaknesses. I understand you want BCX to walk them through an attack with more details, but you know even most very smart Bitcoin devs didn't think selfish mining was real after the white paper was published until they went and built simulations to disprove it and ended up proving it. Denial and confirmation bias makes climbing the nice wall inefficient. The most efficient is action and demonstration. I have experienced many times in my life the "not invented here" syndrome and it is very inefficient to fight hierarchies and vested interests to get something done. Much easier is to do what one can do without being dependent on some slow moving molasses. The other possibility is that he wants to maximization the amplification of his reputation, since it was slandered here. Also I can't rule out the possibility that he has some level of distaste for the hierarchy of XMR and its public face (although that might just be me projecting my distaste for centralized paradigms), but for political reasons I doubt he would want to let that be known. Hopefully he will answer you too. P.S. BCX also indicated another of the weaknesses is a coin killer (something about anonymity and wallets), meaning it can't be fixed. So helping the devs in that case wouldn't be evolution, it would be delaying killing what can't live. I am not sure if he meant he would be attacking that weakness though. Maybe not. Maybe he is only trying to wake up the community. And maybe that "coin killer" weakness is only theoretical and hadn't been fully developed into a deployable attack. I lean to this interpretation because BCX has only mentioned TW like aspects in the past days and he confirmed a "decline in price" differentiated that from the other choice of "price to 0". Edit: in most cases I agree with filing a bug report with the developers. But in the case that forced evolution is timely and a bug report would have to be prioritized, I might choose the former too. But I've never played the role BCX does. I would instead spend my time creating a coin without the weakness I found. If I was a developer for XMR, I would be attempting to change the design, but I would probably be met with some resistance since no attack has been demonstrated yet. Refer to the upthread exchange with fluffypony wherein he stated that until an attack was demonstrated, they could assume they could unwind any damage from a future attack, and that he had time to go think at the beach with his wife (the implication was that I was too stressful and paranoid). There is nothing that teaches better than the shock of having one's confirmation bias shattered rather than giving one a long period of time to think they discovered and rectified their bias on their on volition. Couldn't have said that better if I had said it myself! ~BCX~ Our dissociative identity disorder is so harmonious. |
|
|
|
-blah-
Jimbob...you read our Monero Research Lab's very first publication, right? You know the one where we spoke about a cascading privacy failure if an attacker owned sufficient outputs? Here's a link for you to save yourself. At any rate, this could occur in a CryptoNote coin where persons unknown to everyone else controlled, to thumb suck an example, 82% of all the outputs. That would be an exceedingly unsafe CryptoNote coin to use, as those person(s) could easily reveal the actual signature of just about any transaction, thus negating any benefit of ring signatures. When choose a currency to shill for, you really should choose one that doesn't have that flaw. And XMR paid me (7.5 BTC thus far, 2.5 BTC in arrears) for a supplement to that which is an idea for potential amplification and mitigation, where for example in some cases the attacker doesn't even need any of the outputs that are in the ring signature. Omitting my contribution (which y'all paid for, thank you) could possibly be construed as subconscious "not invented here bias" (hope not). |
|
|
|
No one has a close relationship with the project who has not disclosed it (and most certainly no one has actively hid it).
Thanks for the clarification that your prior statement was essentially "to the best of your knowledge of what your core XMR peers do". |
|
|
|
A direct question that has no hope of being answered directly.
Why are you attacking Monero?
Here is my guess... He already told the devs with a public post that too fast of difficulty adjustment and throwing away 20% of the timestamps are weaknesses. The devs were given approximately 25 days to rectify those flaws, and thus far afaik have not done so. Perhaps the devs didn't see any flaws in those design decisions. I thus expended some effort to broad-stroke outline some ideas of potential attacks that require one of those weaknesses. I understand you want BCX to walk them through an attack with more details, but you know even most very smart Bitcoin devs didn't think selfish mining was real after the white paper was published until they went and built simulations to disprove it and ended up proving it. Denial and confirmation bias makes climbing the nice wall inefficient. The most efficient is action and demonstration. I have experienced many times in my life the "not invented here" syndrome and it is very inefficient to fight hierarchies and vested interests to get something done. Much easier is to do what one can do without being dependent on some slow moving molasses. The other possibility is that he wants to maximization the amplification of his reputation, since it was slandered here. Also I can't rule out the possibility that he has some level of distaste for the hierarchy of XMR and its public face (although that might just be me projecting my distaste for centralized paradigms), but for political reasons I doubt he would want to let that be known. Hopefully he will answer you too. P.S. BCX also indicated another of the weaknesses is a coin killer (something about anonymity and wallets), meaning it can't be fixed. So helping the devs in that case wouldn't be evolution, it would be delaying killing what can't live. I am not sure if he meant he would be attacking that weakness though. Maybe not. Maybe he is only trying to wake up the community. And maybe that "coin killer" weakness is only theoretical and hadn't been fully developed into a deployable attack. I lean to this interpretation because BCX has only mentioned TW like aspects in the past days and he confirmed a "decline in price" differentiated that from the other choice of "price to 0". Edit: in most cases I agree with filing a bug report with the developers. But in the case that forced evolution is timely and a bug report would have to be prioritized, I might choose the former too. But I've never played the role BCX does. I would instead spend my time creating a coin without the weakness I found. If I was a developer for XMR, I would be attempting to change the design, but I would probably be met with some resistance since no attack has been demonstrated yet. Refer to the upthread exchange with fluffypony wherein he stated that until an attack was demonstrated, they could assume they could unwind any damage from a future attack, and that he had time to go think at the beach with his wife (the implication was that I was too stressful and paranoid). There is nothing that teaches better than the shock of having one's confirmation bias shattered rather than giving one a long period of time to think they discovered and rectified their bias on their on volition. |
|
|
|
or did Monero shills
Since there are no Monero shills, the answer is no. Not anymore they're not. But don't worry, we will harp on the next project they band back together to shill for. Let me clear that up for you. There have never been Monero shills. We are well aware that it is quite easy and inexpensive to hire shills to post for or against any coin. We haven't. Sorry to be argumentative. It is impossible to be both decentralized and make a statement that requires centralized authority. |
|
|
|
I think it's clear now that these 97 pages are comprised entirely of posts by one individual. Some of us don't know it, but we are all this same entity. For the record, I didn't know it until I realized it a few minutes ago. How this happened is anyone's guess.
More accurately, two entities that are constantly changing sides and melting into each other. I was always on the side of facts, truth, investigating and innovating technology. |
|
|
|
I don't think anything but a coin with perhaps better technology will kill BTC.
Would you want to buy or destroy such a coin? I think so too. But BTC will evolve.
Hard forks are politically very difficult. It can't evolve or at least not at a rapid enough pace to defeat an upstart with sufficient brain power. Afaics thus far such an upstart has not presented itself publicly. forced evolution is a strange argument, because it only counts if you are seriously interested in the currency/ technology. you were ask to help if you knew a flaw in the technology
Forced evolution could also potentially clear the way for suitable technologies and/or it can reveal which organization is able to adapt to its environment. For example, yesterday I wrote down a mathematical proof for an innovation that yields a higher than 25% threshold for selfish mining, regardless of the attacker's network advantage. And it doesn't require unforgeable timestamps. Please note your confirmation bias. There are numerous possible motivations. |
|
|
|
He has definitely eluded to the fact that 72 hours was the deadline or he "kills" it. Yet now he wants to back pedal and say that it will take him 22 days because he made a post months ago but never referencing it until just a few days ago when the implication was 3 days not 22 days.
I doubt he only wrote that months ago, because I hadn't heard of BCX before late September, and I had read that 22 days post in late September before it was mentioned recently. I agree someone is back pedaling. No one is back peddling, I said 72 hours and I would kill it, not kill it instantly. And you know it wasn't you (nor ourself nor Schrödinger's cat) I was referring to. |
|
|
|
You also didn't see the point of complexity theory.
For some 20 years of my life I thought of myself as a theoretical computer scientist. I plead guilty of having told many students the things you are trying to tell me now: that complexity theory is extremely relevant to computer programming, that O(n log n) is better than O(n^2), that NP is probably more difficult than P, that polynomial is more efficient than exponential, etc. But all of that is false; and, moreover, it is trivially false, it follows directly from the definitions. I stand by what I wrote: neither complexity analysis (P, NP, and all that) nor big-O analysis have anything to say about the hardness of SHA-256. Those concepts apply only to problems where the input size n is unbounded, they only tell you what happens as n goes to infnity -- and that has no relation to what happens for any specific finite n. I could go on, but I need some sleep. Will continue tomorrow. But, anyway, I stress that this issue has no impact whatsoever on your work, on the security of SHA256, or any actual application. It just takes away one argument that some people may have thought they had. Fortunately the robustness of SHA256 was not proved with theory, but with many years of experimental tests. You are conflating the hardness of discovering a lower complexity class with the categorization of the a priori known complexity class. I stated to you upthread that for finite n = 1000, the difference between O(nk) and O(n log n) was molasses and zippy for the objects window of a million times downloaded application which I created. |
|
|
|
He has definitely eluded to the fact that 72 hours was the deadline or he "kills" it. Yet now he wants to back pedal and say that it will take him 22 days because he made a post months ago but never referencing it until just a few days ago when the implication was 3 days not 22 days.
I doubt he only wrote that months ago, because I hadn't heard of BCX before late September, and I had read that 22 days post in late September before it was mentioned recently. I agree someone is back pedaling. |
|
|
|
Computing the probability of a certain complicated pattern occurring, after seeing it occur, is a tricky business. The chance of my mother marrying my father was one in two billions or so; that does not mean that my mere existence is a sign that something fishy is going one with the universe...
You said you read the upthread discussion, yet you continue the strawman. My point was.. The probability that any specific mother marries any specific father is in most cases quite rare, i.e. the independent trials are somewhat more uniformly distributed (they are all mostly rare, not some rare and others probable), thus the frequently repeated occurrence of these roughly equivalently rare birth events is not rare. You ignored my point that each independent coin toss trial outcome is uniformly distributed whereas the Poisson distribution is exponentially distributed. That is why I asserted that your and xulescu's analogies are inapplicable. Rare trial outcomes in a Poisson distribution occur less often then less rare ones (look at the area under the distribution curve at the tails). Whereas all trial outcomes in a coin toss occur at the same probability. |
|
|
|
I never agreed with making DDoS a crime. It is fair play within the protocol of the internet. But most people don't want to be sovereign, they'd rather be owned by a King. You don't understand the following.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." ATTRIBUTION: BENJAMIN FRANKLIN, Pennsylvania Assembly: Reply to the Governor, November 11, 1755.—The Pa
DDoS is an aggressive act against another's property. How does the fact that its within the protocol of the internet change that? Whose fault it is that a house is built of paper, the hurricane or the builder? Would it be economic to encourage everyone to lay their cash in their front lawns at night, and hire an elaborate policing force (i.e. centralized authority) to insure the safety of the cash? Opportunity cost is a bitch and it is nature, because the Second Law of Thermo insures every inefficient barrier to maximum entropy will not stand forever. Entropy is the operative word, and make sure you understand its maximization requires decentralization (e.g. of responsibility). Thus I have just proven mathematically that self-responsibility is a prerequisite of (degrees-of-)freedom. Q.E.D. Pseudointellectual are you sure? |
|
|
|
^pure gold. i think the "we" is a continuation of BCX = AnonyMint  BCX does = Anonymint. Think I am kidding ? ~BCX~ kid, you are not thinking No because he is kidding. (cat returns to playing with its docile prey before killing it) P.S. and I thought soap operas were only for women...  |
|
|
|
Again, I urge you to reconsider and to promote both a healthy mindset and action on this earth.
Why is begging more healthy than "forced evolution"? I always preferred competition and work ethic over communism. Some FUD wild speculation follows. Really wild FUD guessing. Just sharing one of the thoughts I've had. Apparently BCX has mining friends or connections. I have contemplated that if he from Philippines he may even have connections to Asian gaming rigs either through some connection to a gaming provider and/or botnets. Gaming is really big over here. If BCX and friends selfish mined and dumped the coins to Risto et al, spending some proceeds to increase hashrate, on the way towards building the fork amplified to 51% by some TW issue (e.g. the 80/20 discard), then finally crashing the coin in an entangled Gordian knot destroying all the bagholders. If someone didn't like the concept of the MEW, that would be an epic way to make the point. My speculation is it has always been about making a point to the community, and I guess also earning some money for another days work for BCX and friends. Any way, this is just a fictional imagination. There may be no attack at all. Edit: the alternative reality is BCX is buying up cheaper XMR. |
|
|
|
30 blocks is probably not enough for a Gordian knot. What do you do when you people claim very important transactions that they don't want rewound? How do you identify who is who they claim to be as a sender in order to pick and choose which transactions to retain and which to unwind?
Yes, I't could be worse if it were longer. None get unwound, only put onto the good chain, so everything goes through but some with a longer delay than expected. The only user experience issue is the unexpected slowness until it is resolved. No one has to claim to be anyone.  How do you unentangle rings which bind to double-spent (conflicting) transactions in the fork? The entire point of forking is to double-spend or... How do you identify the claimed lost wallets from the claimed not lost ones? (assuming BCX does have the exploit he alleged) No rings unentangling needed so far. No lost wallets result either (unless you want to count the coinbase transactions from the dead chain). There weren't any double spends in this effort so that would be a new "forced evolution" for the Devs. So you agree ring signature entanglement from the coinbase transactions of the attackers fork could in theory occur?? How to unwind those? |
|
|
|
30 blocks is probably not enough for a Gordian knot. What do you do when you people claim very important transactions that they don't want rewound? How do you identify who is who they claim to be as a sender in order to pick and choose which transactions to retain and which to unwind?
Yes, I't could be worse if it were longer. None get unwound, only put onto the good chain, so everything goes through but some with a longer delay than expected. The only user experience issue is the unexpected slowness until it is resolved. No one has to claim to be anyone. How do you unentangle rings which bind to double-spent (conflicting) transactions or reassigned block rewards in the fork? The entire point of forking is to double-spend, reassign the block rewards, or... How do you identify the claimed lost wallets from the claimed not lost ones? (assuming BCX does have the exploit he alleged, which might just be the reassigning of the originating block rewards, which is a point I made far upthread and apparently forgotten because everyone only wants to dismiss the simultaneous equations idea) Edit: this is why I am speculating (okay FUD!) if his attack appears, you will see a stampede to try to trade out, because anyone who stays in will be in gridlock and never never land. This is my speculation as to why BCX predict the price would decline or did he say go to 0? I forgot what he implied. |
|
|
|
Again, I urge you to reconsider and to promote both a healthy mindset and action on this earth.
Why is begging more healthy than "forced evolution"? I always preferred competition and work ethic over communism. |
|
|
|
I'm gonna go out on a limb and say that both TFM and BCX are AnonyMint.
Ask rpietila since he knows my real identity and ask him if I was involved Bitcoin before he told me to get involved in spring of 2013. BCX has a much longer history here. |
|
|
|
Afaics, ignoring decentralized checkpoints should be plausible since the attacker would control the decentralized consensus.
Ignoring centralized checkpoints is not so feasible, since you've got to convince others not to run the reference client.
Applying the decentralised checkpoints isn't based on consensus though. It is a decision each miner may make on their own. They can also be delivered out of band, so DDoS pfft. It allows each miner to select which chain they like. So if BCX forks with TW or other method, that fork ends up back where it started, back in the sandbox along with the little shovels, buckets, and Stoli empties. There are certain further improvements to this innovation that may yet come, but the rapid response to the only plausible indicated threat (which isn't even all that plausible IMHO) remains an underrated achievement. BCX shares some of the thanks/blame for this forced evolution. You said to me upthread you like disagreement. So please pardon that I need to point out that afaics miner's choice doesn't resolve the issue that once a 51% fork has run for a while and many users get their transactions intertwined with it, you can't untangle it to revoke it any more, especially given the anonymity with the ring signatures. Sorry. (note I wrote this already far upthread) Thank you for this. I'd missed it so I appreciate the extra effort. That would be true, if not for the fact that the MONERO DEVS ALREADY DID JUST THAT!  When we had that bad transaction a couple weeks back, remember? Chain was in contention for 30 blocks, and all transactions replayed from the two chains except the coinbase ones (which in that case there weren't any to speak of) and the chain was reintegrated within that period (30 minutes or so). So not even a fork in the end. Dagnabbit I was hoping to learn something with this disagreement. Maybe they won't be as good next time, but they have had some practice already, and I'm guessing with the generous warning they will be better prepared if it ever happens again. My understanding is that they don't get unwound, they are retransmitted, so no user intervention needed. 30 blocks is probably not enough for a Gordian knot. What do you do when you people claim very important transactions that they don't want unwound? How do you identify who is who they claim to be as a sender in order to pick and choose which transactions to retain and which to unwind? |
|
|
|
Of course it was, I posted one then the next.
~BCX~
Report to moderator
I am AnonyMint.
Lol. Schrodinger's cat is purring (or it isn't). Report to moderator
I am AnonyMint. Report to moderator
I am BCX. Report to moderator
I am AnonyMint. Report to moderator
I am BCX. |
|
|
|
|
Show Posts
