code: You're wrong about the minimizing the damage. I get what you're trying to say, but you occasionally leave out the possibility that such disclosures can cause (financial) damage without even having to be true. There is no way to minimize the "financial damage" by reporting it privately, except to allow insiders to trade ahead of everyone else. Brilliant idea. If the report were untrue, that would be a different matter. It certainly was true. If anything, more financial damage was caused by the false "Deanonymized? Nope" statement put out by the Shadowcash team about the report being incorrect and that it couldn't be reproduced after 10 hours of work by your core developers. That may have misled people into making trades on the basis of a false statement (yours). That's what I call financial damage. Maybe you guys should have worked on it privately instead of making a statement to (falsely) calm the market when you didn't know what you were talking about. |
|
|
|
code: There has been some discussion about the bounty, because of how it was made public without giving us a chance to check if it was true or not. The docs state which actions to undertake and who to contact to be eligible for a bounty. The first rule of ethical disclosure is to minimalize damage, which has not been done. The article, for which they made a new blog, was released right before the weekend in attempt to do maximalize damage. Later on someone noticed they could be able to get a bounty of it, so they applied for that too. In my opinion, I respect Shen for finding the bug, reporting it and therefore he deserves some bounty. But he was never out to get bounties, he was out to wreck havoc, and I don't like that part and that doesn't deserve a bounty.
First of all you don't know his incentives. I would submit to you that his incentives as a mathematician are to publish (what he sees as) interesting math stuff, including identifying math errors in cryptocurrencies. As far as "the first rule of ethical disclosure is to minimalize damage" what you do not seem to understand in this instance is that there is no way to further minimize the damage, aside from informing users as quickly as possible so they stop using the broken code (and take whatever measures are possible to mitigate the damage that might exist from thinking their transactions were untraceable when they in fact were not). The damage is already done and is already on the blockchain, out there forever. This is not a case of an "exploit" that can be reported privately to developers to fix it before anyone can use it. The blockchain is there and can't be fixed. If you guys want to weasel out of a bounty on the basis of the mechanism of reporting, then do what you're gonna do. You'll be known as the scam devs who didn't pay out on a bounty after someone fully deanonymized their chain instead of just the coin that had its chain deanonymized due to a math error. Pick your poison. |
|
|
|
Would like to auction my last items:
3x S-B22 shares
5x CR1588E 5ckg rare coins (only 60 exist)
My home at master village 1-SE-V11
60x S-SIF (Smooth Investment Fund)
12x w1616 wines
CT1600 (Bronze Reconstruction Medal)
CT1616 (HM The King rpietila I 250 birthday)
KFB1598 (King's Favor Badge)
The shares and the gold is roughly 64M at lowest bid prices. So starting price at 65M for the whole lot. Auction ending in 24 hours.
MoneroHouse bids 65 mil. |
|
|
|
I've stated before that as long as the currency holders have direct proportional input to the security of the chain based on their holdings that I think centralization around these parties is acceptable
That will never happen because any voting or consensus type system gives disproportionate, not proportional, weight to the larger holdings. |
|
|
|
It can be fixed but not retroactively. All of the ring signatures on their chain are worthless, if the bug report is correct. Note that the bug is disputed, so we'll see how it turns out. Shen updated his blog post and now provides code demonstrating the bug on the actual SDC blockchain, so it turns it his analysis of the math was correct after all. https://shnoe.wordpress.com/2016/02/11/de-anonymizing-shadowcash-and-oz-coin/ |
|
|
|
I couldnt resist to say HI to copy/paste/copyright FUD squad.
Shouldn't you be off in some walled garden controlled investor-fleecing forum somewhere? |
|
|
|
BTW I have wasted a day of my time going through the codes side by side, as I was considering investing more, obviously you haven't. It's east to see a fish in the sea if someone is pointing at it.
A day is not enough to fully understand even just 1000 lines of code in most cases. And I assume he has more than 1000 lines, since a crypto currency can't be programmed in 1000 lines of code. It's about 100k lines (including blanks -- simple file line count). Good luck figuring out what all that code does, how it is being used, where it came from, whether it has unpatched bugs, etc. |
|
|
|
Why waste time in time to prove that a shitcoin that no one cared about
If you read shen's blog post he explained it. He identified the potential flaw first and then looked to see if any coins were implemented in the broken manner. He found one that isn't even a launched coin, more of a proof-of-concept, as well as SDC. |
|
|
|
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn. Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out. Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed. Signing off from the thread for now unless anyone has a question for me. Still don't like to overall tone of this criticisms throughout the thread. But I do have a question for you. I don't have time to sort through all the insults being thrown around by everyone as I'm doing homework. What exactly does this exploit reveal in a single ring signature transaction? A ring signature has multiple possible signers. The idea is that it is suppose to not be possible to tell which previous transaction's output is being spent. As an example, say some unpopular military attack has to be ordered, but nobody wants to go down in history as the one who ordered it. If 10 leaders have private keys, one of them could sign the order and you wouldn't know who did it.
In the case of the broken ring signatures in Shadow, you can always tell which leader gave the order (which transaction's output is being spent). |
|
|
|
|
There is another issue with plagiarism besides credibility and hype, which is that when you write code yourself you likely have some idea what the code actually does. When you run it through an automatic reformatting/refactoring tool in order to disguise the copying you very likely have no idea how the code actually works.
You also can't do any automatic or easy merges. It was already pointed out on one of the other threads that VNL had carried forward a bug (implausible if it were actually new code) that had subsequently been fixed in Bitcoin, yet ignored in VNL.
This played out recently in the case of SDC, who copied the cryptography from Cryptonote (but not the code, which they reimplemented). They did not understand how it worked and ended up reimplementing it incorrectly, leading to total deanonymization of their entire chain.
The large portions of the VNL code that were ripped off from BTC are almost certainly not fully understood by the developer, likely contain multiple unfixed bugs, and will be harder (likely to the point if impracticality for a small one-man project) to maintain due to the unnecessary reformatting/refactoring.
|
|
|
|
So, their whole blockchain is now useless from a privacy perspective right?
The SDC portion was always equivalent to BTC from a privacy perspective (except for being less used which likely makes it worse in practice). The Shadow portion has functioning (afaik) stealth addresses but the ring sigs did not function. That makes it equivalent to BTC where addresses are never reused. No 'mixing' function. |
|
|
|
You issued this:
No but I do suppose I was the one blowing the loudest "bullshit trollfud" horn. Honestly I can't say I blame you. There is a lot of FUD and trolling and false claims that go on here, this just didn't happen to be one of them, as it turns out. Anyway, the i information is out now, and it will be up to your team to decide how to address it. Ideally it gets fixed. Signing off from the thread for now unless anyone has a question for me. |
|
|
|
You issued this: https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction." If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so.I don't know which. This coin will never have credibility because the devs are incompetent and the community is slime. I remember they viciously fudded other coins for the content of their roadmaps, nitpicking on technicalities. And here, through gross incompetence, the devs jeopardize the safety (yes safety) of every person who used their "anonymous" system. I know my post will get deleted because of the intellectual dishonesty of the devs, but hopefully it will stand long enough for a few others to read it. LOL talks about credibility while posting on a troll account! Worst case scenario we switch back to the ring sig from before. I'm not positive but I think both ring sig versions have the flaw. The code can be fixed, going forward. Incompetence is harder to fix. |
|
|
|
The part about not assigning attribution properly is honestly overblown since it's an anonymous dev and he's releasing free software, so who really gives a shit. Whether the software works or not is all I really care about. It matters exactly to that, because first of all it is used to hype ("All new code!") and based on that observation you should seriously doubt whether the product is being sold on the basis of code that works or hype. In this case clearly the latter. Second of all it tells you a lot about the credibility and integrity of the developer. Unless you are going to undertake a comprehensive top-to-bottom review of the design and code which done right could cost millions of dollars, you are unavoidably relying on his claims about what the code is supposed to do and what it actually does. In theory the code speaks for it self but in practice when there is zero chance of a competent and complete review ever being done, the credibility of the developer matters a lot. As TPTB just said, at this point he hasn't even released a complete white paper for any of the features. So it can't be reviewed that way even if we were willing to take his word that the code does what the whitepaper says. It's all bunch of skin-deep hype for a pump. |
|
|
|
Proof of concept code has been posted by shen: There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain: ProcessBlock: ACCEPTED a801e125053dcc556b94 verifying ring sig asdf index i = 0 / 4 index i = 1 / 4 index i = 2 / 4 index i = 3 / 4 signer is index 3 More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up.  Dude: signer is index 3Do you know what that means? Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads. They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial. Community issued the denial (namely me) because you are a troll and legitimate bugs are not exactly you or your teams history. Trolling is. Hats off to Shen but the trolling and PR was bullshit and you know it. Again, good to know before the market release so that it can be addressed. You issued this: https://blog.shadowproject.io/2016/02/12/deanonymize-shadow-nope/"We would like you -our dedicated users- to know that, after 10+ hours of testing by Shadow’s core developers, our team has not yet managed to deanonymize any private transaction." If so, then you either lied about your core developers being unable to write a few lines of code in a 10 hours, or they aren't able to do so. I don't know which. |
|
|
|
Proof of concept code has been posted by shen: There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain: ProcessBlock: ACCEPTED a801e125053dcc556b94 verifying ring sig asdf index i = 0 / 4 index i = 1 / 4 index i = 2 / 4 index i = 3 / 4 signer is index 3 More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Dude: signer is index 3Do you know what that means? Yeah I stuck out my tongue didn't I? But it's good to know this stuff before the market release so devs can fix it. Thanks for debugging but your community is still a bunch of fuckwads. They can if they have any idea what they are doing. After 10 hours of work which would have required a few lines of code to reproduce, all they could do is issue a false denial. |
|
|
|
Proof of concept code has been posted by shen: There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain: ProcessBlock: ACCEPTED a801e125053dcc556b94 verifying ring sig asdf index i = 0 / 4 index i = 1 / 4 index i = 2 / 4 index i = 3 / 4 signer is index 3BTW, shen has a file with every single ring signature from the chain broken. Anyone can reproduce using the code from his blog. EDIT: https://raw.githubusercontent.com/ShenNoether/Deanon/master/sdcDeAnon.txt |
|
|
|
Proof of concept code has been posted by shen: There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain: ProcessBlock: ACCEPTED a801e125053dcc556b94 verifying ring sig asdf index i = 0 / 4 index i = 1 / 4 index i = 2 / 4 index i = 3 / 4 signer is index 3 More FUD. And who else delivers it but SMOOTH, official Monero "dev". Proof of proof of concept? You got nothing. Just give it up. Dude: signer is index 3Do you know what that means? Shen has a file with every single ring signature from the chain broken. Anyone can reproduce using the code from his blog. EDIT: https://raw.githubusercontent.com/ShenNoether/Deanon/master/sdcDeAnon.txt |
|
|
|
Proof of concept code has been posted by shen: There was some doubt about whether this post is purely theoretical, or whether it in fact allows one to de-anonymize the sdc chain in practice. In fact, I originally thought it would be too much effort to install these other coins clients, which I am really familiar with, and then muck about in their code enough to get it working. However, after some prodding, I have created a simple replacement for their “ringsig.cpp” (see https://github.com/ShenNoether/Deanon) in the shadowcoin code, which, when run, after resyncing the chain, you will be able to determine who the signer of any ring sig is (read the debug.log in .shadowcoin directory). For example, here is the output according to the first ring signature sent on their blockchain: ProcessBlock: ACCEPTED a801e125053dcc556b94 verifying ring sig asdf index i = 0 / 4 index i = 1 / 4 index i = 2 / 4 index i = 3 / 4 signer is index 3 |
|
|
|
actually after further reading it would seem CZ is working on another CN project i was not aware that this was not directly related to BBR.... or is there some connection other than it's the same dev?
The other coin's code is (or at least was) forked from BBR so in principle improvements that are consistent with the direction of the BBR project could be merged back, license permitting. I don't know of any other connection. |
|
|
|
|
Show Posts
