You also didn't see the point of complexity theory.


Afaics, that won't help you identify an intentional segregation of fast and slow blocks to manipulate the 80/20 discard window of the CN difficulty adjustment algorithm.


I don't see how that will identify an intentional segregation since the 80/20 discard is relative to its own statistics? Do you mean comparing histogram histories?


You said you read the upthread discussion, yet you continue the strawman. My point was to refute the anti-FUD-campaign which was turning into a Monica Lewinsky or Steve Jobs denial, "no malfunction in our devices"[1].

[1] "don't touch it that way"

Surely you know the difference between "I didn't inhale" and "I don't smoke", or "I didn't have sexual relations with that woman" and "yeah she sucked my cock but I didn't gratify her".

You said to me upthread you like disagreement. So please pardon that I need to point out that afaics miner's choice doesn't resolve the issue that once a 51% fork has run for a while and many users get their transactions intertwined with it, you can't untangle it to revoke it any more, especially given the anonymity with the ring signatures.

Sorry.

(note I wrote this already far upthread)

 

I suppose many readers didn't know you probably meant this.

I have no affiliation with BCX.

Any one who knows me well, will vouch that I am fiercely independent. And I believe BCX is the same. Perhaps that is why gained some respect for him, yet I am also thinking he might be a full of shit, poser.

(I don't like friendships built on the sinking sand of surety)

Edit: Nekomata if there exists a weakness and BCX didn't exploit it, then eventually others would. He first tried to warn the developers there are such weaknesses, but he wasn't interested in attacking. Then somehow he got incited to attack because everyone was challenging his reputation. He already stated the weaknesses. What does it teach the community if he just hands over the code for his attack and doesn't actually perform it? Answer: nothing. Kids only learn not to touch the hot burners on the stove when they touch them and burn their fingers. Any way, that is my 2 cents on a speculation as to his motivation. I think BCX was not particularly thrilled with the Risto+MEW herding paradigm (or perhaps I am just projecting my own opinion), but he saw some positive attempts to create value and thus wasn't that motivated to attack. I think events after that demonstrated that he is not respected and would have to force the respect that he feels he has earned from his past peformance. I think BCX genuinely wants to see innovation and not shit. Again this is wild speculation and I could be entirely wrong. I don't hold any CN coins as an investment, thus I don't feel harmed by BCX. I contemplated buying XMR on the dip with my (receipt of only partial payment for the) bounty, but I changed my mind based on a few things I'd rather not say. But in my theory, that is the entire point, I shouldn't be holding as an investment something which has unresolved weaknesses (and the attitude towards the issue is mixed). I have attempted to try to enumerate potential vulnerabilities in the hope of helping to incite improvements, as well for improving my own understanding of the design of crypto-currencies.

Edit#2: I understand there is a theory that BCX needs political ("FUD") support to drive the price down and thus I would be contributing to him getting cheaper coins. Risto has stated he thinks the dip in the XMR price is mostly correlated to the decline in the BTC price. My interest is in designing the best crypto-currency. I approach this thread with the attitude of investigation, exploring, and learning. I never invest in anything that depends on politics. Thus you will never find me sensitive to all the political elements of an issue. I am sensitive to at least take the time to explain. Thus if there is anti-FUD campaign underway, I would naturally call BS on it when it is distorting facts such as the claim upthread that an event would occur every hour when the calculated probabilities are more in the realm of days to months. I understand that the objective is to just calm the naive investors and try to eliminate discussion which is perhaps irrelevant any way and which just leads to confusion for naive readers. If from my perspective it seems to be a disinformation campaign then thus I would stand against it. I guess what I am saying is I believe in a flat, open source Inverse Commons, which means we lay everything out in the open. Whereas, in a managed information state, the n00bs are only told what they need to hear or could understand and any theories about vulnerabilities would be discussed only by experts in private and n00bs would be in the dark until and iff an attack is proven.



1. You don't get to decide, nature does.

2. Electronic networks have raised the government's asymmetric power thus destroying the healthy balance that existed before, and thus without any escape value they can unwittingly (selfishly) drag us into the abyss of a Dark Age.

http://armstrongeconomics.com/2014/09/28/illegal-search-seizure/

An additional conceptual idea of the way to attack the Cryptonote difficulty adjustment algorithm but noting I haven't studied the source code to see if the way the calculation is performed has such a weakness, is the conceptual potential to continuously drive up the difficulty by setting timestamps carefully so that the "longest gaps" (the timestamps which would minimize difficulty) are the 20% discarded. Thus in theory incrementally on each increase in difficulty, some miners would stop mining, thus the attacker's percent of the hashrate would continually grow eventually attaining 51% and taking over the coin.

We would expect to eventually (if attacker ramped up to his available hashrate) see the effect of declining average number of blocks per minute and the network hashrate would decline.

Whereas I see on a quick perusal on the block chain explorer > 1 block per minute average recently, so apparently such an attack in not underway.

Rather I am still contemplating that if BCX is attacking now, it is probably some form of dilution of the network hashrate by getting the some percent of the network to mine on his forks (possibly combined with some variant of selfish mining) while obscuring his hashrate from difficulty adjustment by leveraging the 20% discard in the Cryptonote difficulty adjustment algorithm. BCX had specifically mentioned fast adjustment (720 blocks = 12 hours) and the 20% discard as weaknesses, neither of which have been changed apparently thus "forced evolution" required.

0.2/0.8 = 0.25


0.2/0.8 = 0.25



Afaics, ignoring decentralized checkpoints should be plausible since the attacker would control the decentralized consensus.

Ignoring centralized checkpoints seems not so sustainable, since you've got to convince others not to run the reference client.

If there is an attack on the private keys using the de-anonymization, then if the attacker controls the winning block, he can take the coins that were sent in the transaction. He wouldn't need to control the entire chain. Even 1% of the hashrate, he could do it 1% of the time.

Again no such vulnerability has been demonstrated nor proven. BCX alleged a coin killer. That would be one, if he had found some way to factor the private key from that information.

Note this is FUD. Because no such vulnerability has been demonstrated nor proven.

I am just making the point that a potential difficulty attack is an orthogonal issue.

How will your checkpoints work if his attack catapults his effective hashrate to 51%? He can then ignore the checkpoints and replace with any chain he wants.

I keep trying to posit there are other forms of difficulty attacks that can't be defeated with checkpoints. I been hinting at it for many days now.

What % of hashrate is needed for selfish mining attack?

How much can he amplify his hashrate by hiding it in the 20%?

Remember he said he needed only 20% of the hashrate. Seems obvious to me what he is doing.

Perhaps he can further amplify it by getting miners to join his pools which are gaining an edge in payouts, but I don't assume that is necessary.

Does XMR still throw away 20% of the timestamps which are the statistical outliers when computing the difficulty?

So thus I could mine a chain with a much higher cumulative difficulty without triggering a difficulty adjustment, i.e. he could be putting his hashrate into the network undetected.

Have you analyzed this genre of attack vectors?

Are you stating that timestamps aren't used to calculate the difficulty? Are you stating there are no possible manipulations of the difficulty via timestamps that could be exploited? If yes, where I can read the analysis?

Edit: I am genuinely interested in analysis of difficulty attacks as it helps me with my work. So I am curious if you know something I don't. Because I am not 100% certain there are no such exploits.

Edit#2: I realize it can be a pain to refute such general attack vectors, and the onus should be on the attacker to prove he has an attack. This is what BCX's reputation has afforded him. I thinking he won't trash his reputation.

NewLiberty why are we talking past each other? It seems you are not listening to what I am saying. I don't like hubris when we are dealing with a proven coin killer. Asserting that something only happens once per hour, when in fact the calcuation is once every 3 months, is a form of hubris and premature confidence.

I like facts. I was calling BS on that factoid.

That it is irrelevant is further reason to not use as hubris as was done (not by you, but I didn't see you interjecting).

Edit: I believe it was you who wrote something like we would find many occurrences in the block chain. Don't have time to go searching for a quote. Apologies if I am mistaken.

Upthread an assertion that the 4 blocks in 1 minute event would occur ever hour was implied to mean "no evidence for" (and bring on the ridicule of BCX and premature celebrations of victory) and it was not admitted that it was "no evidence for nor against" (inconclusive).

I corrected the math to show there was indeed a rare event, but made no assertions of abnormality nor attack. My point in doing so was to point out that there is "no evidence for nor against" (inconclusive).

That is an extremely relevant concern. And I won the argument. Period. Until someone shows that they have a model that would signal an ongoing TW attack.

Edit: BCX pointed to that rare event implying it might indicate something is going on. But I don't think we can distinguish it from noise (i.e. BCX could be making vacuous points) due to the unreliability of the timestamps (and it is even alleged that network hashrate variance and propagation plays a role via orphan rate in the unreliability, although I'd want to quantify that before I made that assumption). One could try to write a script to do an exhaustive computation of all rarer events.

Edit#2: I know XMR people would like to see closure on this and want to say "if you haven't proven anything, then we don't have to prove anything either". Normally I would agree, but as I said BCX has met his word in the past and he did point me towards an anonymity issue and a dubious ring private key issue. That gives him some credibility. His use of vacuous points subtracts from his credibility, unless the full poker hand is considered.

Correct. Nothing has been proved for nor against. I never posited otherwise. Read more carefully please.


When did I ever cry chicken little in this thread? Just try to quote me.

No evidence for nor against (no medical exam), is different than no evidence for (completed a medical exam). I am positing that we have the former in this case.

Programmers have these sort of very precise logic skills and demarcation of boundaries of logic (compartmentalization and orthogonality), otherwise bugs appear.


This is astute but only if BCX doesn't have a coin killer attack that can only be fixed by abandoning the anonymity, which seemed to be what he was implying initially (although we may have read too much into his statement and or he may have backed away from that interpretation). Again if it wasn't BCX and if he hadn't been able to predict I could find some potential flaw in the anonymity combined with some unprovable, dubious issue with the rings and private keys, then I would rate his probability of a coin killer to be very low. But...

I must say that I never considered your perspective because I am skeptical about Cryptonote having a long life span, which is a prerequisite for your mathematical point to be valid. I also assumed any successful attack on CN (especially any that exploited de-anonymization) would open the door for competing anonymity technologies but an attack isn't a prerequisite to my skepticism about CN's life span. See I am not calculating as an investor, rather as a technologist.

OTOH, I also considered the possibility that my suggestion for mitigation could make CN stronger. Thus I saw the potential outcome to be much more bimodal or dichotomous thus risky, than you do.

In short, you are calculating black swans (long-tail events) by being diversified, but you may not be reminding your followers of this.


I also thought this. BCX seems to have little effect on the price, except for an initial panic perhaps to shake out weak hands.

Did you miss the entire discussion about permutations of consecutive independent trials (i.e. not separated by 65 minutes each)?

I just caution you on celebrating too soon. You might end up being correct and BCX may be full of shit, or he might have been thwarted already by the checkpointing.

But I am not yet convinced that anyone has a model that can tell us there is no evidence of an attack. Apparently our models are blind and tell us nothing. Distinguish between null set (empty) and an undefined set (no information). Refer to my prior reply to xulescu and NewLiberty.

Perhaps I can be convinced we have a model that is telling us there is no evidence. I am open minded. Let me read any rebuttals that follow.

Edit: in short, don't confuse lucky hubris with repeatable science though I suppose your argument is speculators operate with imperfect information and form probabilities. Although we may not have technical information, you may have other information that is feeding your calculation, e.g. experience at analyzing personalities, motives, etc.

Edit#2: normally I would agree with "status quo" absent a model with clear information. But in this case, BCX has taken down coins in the past. I've read that he did threaten Litecoin and ended up not following through with the attack and instead profited on buying the dip. But did he actually say the attack had begun? Apparently Litcoin had then a much higher network hashrate than XMR does now.

What I wrote in red clearly indicates I was not alleging an abnormality nor an attack.

So you can view my point in red above as the beginning of an investigation into modeling.

If the timestamps are basically meaningless then we won't know if an attack is underway or not, i.e. there is no possible model thus claiming "nothing is going on" is a lie (if there is no model to inform us). And I that is the most relevant point.

And if the timestamps are very unreliable, then perhaps the loose rules about timestamps are exploitable.

And maybe not. Any proof one way or the other?

I suppose you assume that with checkpoints the block chain can't be rewound, but are you sure that eliminates all possible damage that can be done by manipulating timestamps?

What about amplifying selfish mining attacks by causing oscillation in the difficulty adjustment via timestamp planting, e.g. to take advantage of the fact that 20% of the timestamps are discarded when the difficulty is calculated. Have ideas like this been analyzed?