Note afaik or afaics the two simultaneous equations was not addressed in this thread. I would have to look to see if the traceable ring signatures prior art had the same issue. If not, the line of argumentation Catherine Erwin used may not be entirely watertight.

I have since looked a bit more at how those two equations might be factored. An example of a new breakthrough doesn't directly apply but conceptually it shows how a large NP space can be reduced to P by using localized randomness to act as a proxy for the large search space. The key was an amplification trick on the relationship that enable the localized random recombinations. As animorex stated, we can't get into a mathematical discussion or debate in this layman's thread.

Also that official response doesn't mention that they improved (fixed) XMR to add decentralized, real-time checkpointing as a precaution. Also that official response doesn't mention that in the process an new algorithm was explored for de-anonymization and mitigation.

One thing that kind of hurts in that official response is the implication that I might have been helping to spread a rumor to drive the price down or force the hand of the devs. Or perhaps they were referring to others who were posting rumors in other threads in the altcoin forum. Remember it was jl777 who urged me to get involved and if you could see my PMs with him, I was trying to not get involved but he was concerned about the threat and wanted to motivate me to try.

I will of course feel ashamed if my attempts to find the exploit end up being duds and or if I helped to further any panic. All along I was telling everyone to be calm. Even in my PMs I was urging everyone to be calm.

Some of you who received PMs from me can confirm that.

Okay I hope this issue is over, unless devs need any more assistance from me on what they paid bounty for. I wish all parties the best.

Well we have PhilHealth now and your countrymen rejoice but it is same shit they did to us in the west that has destroyed us. Full implementation the Reproductive Health bill coming in November so they can turn your women into men-haters by screwing up their hormones with free handouts of birth control pills (filipinas in the provinces are too ashamed to go into the pharmacy to buy them).

Then you have the DAP scandal which is a ruse to get you naive pinoys to support abolishing your bank secrecy law so the powers-that-be can turn your country into another tax-debt-slavery system like we have in the west.

Then you have China+USA playing bad guy + good guy roles to force you to accede your sovereignty to the U.N..

Don't be surprised. You will soon join us in the globalization hell slavery. But I guess you guys are accustomed to it after 400 years of Spanish occupation.

Nation-building and "better the opportunities for our people" are code words for "bend over and prepare to take it deep".

I am just praying you guys continue to ignore the laws. Please do continue to make a U-turn from the right-most lane of the highway (right-hand traffic). Please continue to use the pedestrian flyovers for the homeless shelters and jaywalk with your face pointed away from oncoming traffic. Etc.    

If we give everyone a 30 year mortgage, financial capacity demand for homes is pulled forward by 30 years. If we make everyone pay cash instead, houses would be incredibly less expensive. In short, the 30 mortgage becomes an inflation tax (and we charge you capital gains and property taxes on it). Insurance is no longer insurance, but rather another collective means to tax the population. Now it has become mandatory and it even they tax the insurance benefit.

The powers-that-be pocket all the profits. Innovation is stifled by the decreased degrees-of-freedom. Etc...

http://armstrongeconomics.com/2014/09/16/healthcare-peak/

http://armstrongeconomics.com/2014/09/16/polls-are-showing-pessimism-at-record-highs/

http://armstrongeconomics.com/2014/07/11/obamacare-may-seriously-impact-2016/

http://armstrongeconomics.com/2014/04/22/the-cadillac-tax-obama-will-all-your-benefits-as-part-of-obamacare/

http://armstrongeconomics.com/2013/10/01/what-socialism-destroyed-govt-shutdown/

robinwilliams, I guarantee you there is no connection between BCX and myself, even though he claims he was from the Philippines where I am currently living. I was worried at the start I would get dragged into some conspiracy theory.

That is why I am perplexed as to how he knew about what I found (after BCX incited me to dig). And no he didn't mention many vulnerabilities. He mentioned this specific one in conjunction with the TW attack which is necessary to rewind the blockchain to complete it.

He couldn't have guessed that. He had expert advice or insight himself.

And notice he never said the attack was taking place. He said TW attacks take days to develop, but he never said it was ongoing. Check his words carefully.

And he said from the beginning that forced evolution was the objective.

He achieved his objective, he knew the (potential) vulnerability, and he got paid with cheap coins and got revenge on Moneroman88. Perhaps he is sitting smug waiting for you all to figure it out.

But I think Moneroman88 was a sock puppet of BCX.

Would not have focused on the unmasking of the anonymity if he had not been for BCX asserting he could steal wallets. Unmasking the anonymity (if possible) reveals the i == s in the NIZKP of the one-time ring signature. So far apparently the mathematicians don't think this unlocks any vulnerability in the private keys.

Question is where did BCX get this idea about the private keys and relating it to the anonymity?

We are so smug but we should try to answer that question first.

Maybe this story is over, but I am not 100% confident yet. Apparently there is new decentralized checkpointing code in play, so maybe any rewinding of the block chain is now impossible.

Even assuming the iron cauldron is an example of an Inverse Commons, I don't see how it logically supports the position that large cathedrals are mutual supportive of bazaars in sense that the larger and fewer they are the more supportative?

I do see how inverse commons can be shared by those cathedrals which are competing, e.g. IBM funding some open source project, but the more decentralized and finer grained those cathedrals, the faster will be the innovation.

I am so excited about the collapse of the medical industry, and within decades of that we will have innovations that have been stunted for decades such as hopefully a repair for my 90% blind right eye.

Get ready for designer offspring too, e.g. we can already select the gender and eye color. Once the regulation falls away, the options will proliferate.

Somehow I feel we are doing to XMR what we accuse them of doing to others, which is hijacking a thread about XMR (or CN coins) exploit and promoting SuperNet. Couldn't we move that discussion to an appropriate thread and provide a link?

Just saying.

I agree there are concepts and words which are not formally specified. I will be learning more about this as I volunteering some review with jl777 of some of the design concepts. I've just started this, so I don't know yet how deep I will go into it. Please do not spread a rumor, "AnonyMint put his seal of approval or helped to audit the Teleport network". Unless I or jl777 will say something else on the matter, then the extent of my review will remain unspecified publicly.

It appears to be a way to provide some common features to all participating coins, with the most paramount initially being an anonymous transaction send (you can contrast it I guess to XMR's planned I2P integration if that is still proceeding?). I can not yet comment on the quality of the proposed anonymity. I may not comment on it, might rather encourage them to document it formally.

Afaics, the nodes of the SuperNet are not doing merged mining of all the participating coins. I am not saying they should, rather just pointing out this means the features (that can be) offered must be orthogonal to mining. This is the sort of generative essence insights I do. But I need details before I can do such genre of analysis.

Where I stand right now on the SuperNet, is the specification I've read thus far is lacking sufficient details for me to make a fully informed analysis. I've learned enough to see that it is interesting enough to learn more about. But I don't have time to go wading through discussion groups or source code to learn. And I already found one fundamental limiting factor of the design choice mentioned above. I will communicate with jl777.

Note I didn't write anything about the monetization or economics of the SuperNet.

Afaics, the SuperNet needs to be better explained. Thus I can't comment constructively until I really understand all it, including the monetization and economics.

The is constructive criticism. I am not at-once trying to destroy it with my subjective opinions, yet I am also throwing caution at the point that I can't yet understand it all (at least the documents I read thus far).

For example, if Risto said he doesn't recommend investing in the SuperNet at this time, because he has not been able to ascertain all of the metrics of its design and intent. I would view that as open to the future of it, but constructively explaining what is lacking for even reaching a first decision, and without making any binding promises.

If latter Risto decided after understanding the design fully that James controls too much of the Unity tokens or what ever (hey I don't understand it so don't ask me to explain), he would present some economics analysis and inviting discussion. This open form of constructive criticism can not be viewed as turf battles if participants are very careful to state and differentiate opinion from facts.

If latter Risto didn't find any flaw in the design and economics, but doubted the ability of the developer(s) to deliver SuperNet, he could state that he will refrain from investing until he has ascertained that the developers have implemented the design as specified and gained market acceptance.

If you are going to lead pooled capital, politics unavoidably follows you.

Edit: the comments I saw from Risto about SuperNet seemed to imply maybe that he was judging the man, jl777, and not the design and economics. That is not going to be good politics. Even if there is a reason to believe a particular coder has weaknesses, we must win our logic on the merits if we want the political protection that open source organization offers, not on the subjective no matter how much more efficient the former might be.

Edit#2: jl777 has himself written he forms designs in some part from trial and error as he works through the implementation. So that could be viewed as a weakness or strength for example, but that is a subjective opinion. Thus not worth arguing about. The proof is in the pudding. I don't think there is any doubt about his rate of coding being quite high.

I apologize if I didn't find better words to express my point. What I am trying to say is factual not my opinion. Thus you can't get offended by facts.

The fact I am trying to convey is that open source is the only known positive scaling law of software engineering.

Open source is appreciating everyone's contribution no matter how small, and not criticizing other open source projects.

It is thus inherently anti-political action. It is bottom-up organic action.

It is a culture of "talk is cheap, show me the code".

Edit: I already did a mea culpa upthread on my past criticisms of projects.  Constructive criticism (i.e. offering some improvement or some research on characterizing the problem better) is best and I am trying to reform myself.

Edit#2: If a project is not producing code, it is not an open source project regardless if the cloned source is open. If it is just a clone to do pump and dump, this can be legitimately destructively criticized.

I am hoping it is positive. Everyone has won, except for those investors who sold (maybe to BCX, or to Risto further concentrating ownership). Afaics, XMR has gained stature for becoming yet again stronger with further analysis of its potential weaknesses.

If MEW would be changed to CEW, my opinion is we would have made really great strides on seeing a proliferation of innovation and community spirit.

Go further back and see fluffypony instigated that reaction from me, as it seemed he was trying to not show appreciation for any outsider helping. See jl777 imploring him to show appreciation and afaics fluffypony rejecting it. And I felt further spurned by my interpretation of Risto's 4 - 8% proclamation meaning I wouldn't find anything. Risto clarified that his random variable was just whether BCX would attack, but when I blew up above I didn't know that is what he meant.

Your work on the analysis of the whitepaper is not being criticized. If the MEW or anyone expects you to be omniscient, then they are unrealistic. Lack of omniscience is precisely why open source bazaars kickass on well organized top-down cathedrals.

I feel now a sense of duty to attempt to help jl777 with his anonymity design (which I will be going in PMs), because he has shown that he appreciates the gift culture of open source. It is all about showing respect and appreciation to each other. Some are more talented than others in specific areas (e.g. yourself I am sure more knowledgeable than me about the math of cryptography) and others have other attributes to contribute such as their work ethic and their great attitude.

The community-at-large wants to see more "working together" and "building things" and less "turf battles" and "yo moma is a ho".


I sent a PM to rpietila thanking the MEW for paying me a bounty. I lamented the dirty tactics by the opposition that digs up dubious (there is always at least 2 sides to any story...I don't want to discuss it or dig it up) skeletons in Risto's past life. I have suggested to the MEW via Risto that they consider not being monogamously aligned with XMR and spread some token love (in the form of investment holdings) around to synergistic altcoins such as BBR. I think this would go a long way to diffusing the war attitude around here, and fostering goodwill. When pooling capital, you are a political target whether you like it not. I am suggesting how to diffuse that phenomenon and for best results on our mutual goals.

To frame the goal of crypto-currency conquering fiat as divide-and-conquer war amongst the innovators seems to be less astute.

We are not enemies. The only justification for such an attitude is wanting to be richer than the next guy, for bragging rights. Even if that desire remains, it can be done with gentleman's mutual respect and good will. The potential for crypto-currency appreciation is enough to make us all rich, and especially if we stop tearing each other down. The other justification would have been to not proliferate dilution of the money supply of crypto-currency, but this will happen organically if one altcoin can rise up.

While Apple Pay and Paypal are off conquering the world of electronic currency adoption, we are dividing-and-conquering ourselves. We need many small fish making experiments. The big fish can swallow the best innovations, or the small fish can out race the big fish until it is bigger. The innovation and then the market's digestion of the innovation will decide any way, no amount of verbal posturing can decide it.


I have no qualms with MEW making XMR its #1 focus and investment. Seems rational. Should it also have a #2, #3, etc.? Monogamy has the cost that the community-at-large will always resist helping efforts that anoint themselves. I prefer a larger community of gentleman's competition, thus arriving at a greater result faster. When the winning inertia accumulates organically rather than forced from the top-down, it is accepted by the community as fair play and good will.


I have a new insight into my algorithm which I think obviates that comment smooth made in private about the P=NP question.

Assuming the algorithm works then if CN implements the mitigation, thus it will be removing input address from contention as they are found to be in "spent" groups (i.e. yes my algorithm is also a form of pruning) from a rolling history thus the algorithm will not consider the entire history but rather incrementally, thus it is not an NP search. Also I provided some ideas for locality of the search.


An attitude of selfishness is the source of most of the trolling. I would never have gotten inflamed in this thread had I not felt that there was defiance behind the scenes to "anything not invented by us" or at least "if not invented by us, it better be 100% implemented attack or there is no urgency, I can still go to the beach".

What is inflaming the emotions is the sense whether correct or not that some (not all) in the XMR camp are arrogant (or insecure and defensive thus perceived as arrogance). I don't think anyone is seriously doubting the level of talent. But no talented group can see and do everything. Not even Microsoft with 10,000 employees. The entire point of open source bazaars is they kickass on large cathedrals[1].

Open source is not just about source code being shared. It is a gift culture of sharing[2].

[1] http://www.catb.org/esr/writings/cathedral-bazaar/

[2] The Bibles about open source from Eric Raymond (the man who invented the term open source), specifically the Magic Cauldron.

http://bullbearanalytics.com/2014/09/23/whats-going-monero/

The above web page has an error in their summary of events: the (not yet verified by simulation) attack I proposed for unmasking the anonymity of some (not all) of the rings would not require the attacker to own any of the inputs to the rings.

It is not yet known how effective my algorithm is, i.e. what % of the rings would be unmasked and whether the computation would even be feasible on known levels of computing power. If the attacker Sybil attacks the inputs, then the effectiveness probably increases and the potential mitigation probably weakens. But we don't know any thing for sure and we haven't quantified it. All we have now is I showed some pseudocode for how it might be possible and it is impossible from looking at the algorithm to determine if it will be very effective or not. We can hope once we have a simulation it will provide some insight into the quantification of the effectiveness of a Sybil attack on the anonymity.

If you need to ask that then most likely you have no idea whether your design can be Sybil or DoS attacked.

I have seen no such analysis.

Here is a novel idea for you from my private research think tank of one person hehe.

When the network is presented with 2 chains which forked such a long time ago, my insight is this is equivalent to what will happen with a temporarily fragmented internet. Thus my private designs have focused on making a coin that can re-merge itself, rather than chose one chain or the other.

Edit: some insight into what I was thinking can be gleamed from the discussion in the thread "The Longest Chain Rule...".

I don't want to overstate my role. There are other developers working hard behind the scenes who don't get credit. Someone offered me an additional 5 BTC but I said it could go to those developers working behind the scenes such as to build the simulation to test my pseudocode.

We are not yet sure if anything I contributed is actually a viable attack. I reasonably strongly think so for the de-anonymization and mitigation I provided, but until they build a simulation we probably won't know. The math ideas were really just quickies and not too much effort applied (maybe an hour or two total). I did also write up my summary in this thread of some ways to think about the TW attack and mitigation, which expounds a bit I guess on what I hadn't read before writing that.

I have already received 2.5 BTC from smooth as a preliminary payment, I assume until they can verify with simulation.

Responding to his PM, I also gave jl777 my initial feedback on his Teleport anonymization in a PM. I am waiting on him to describe some of it to me better, so I could analyze more specifically and give specific suggestions, if any. My upthread post about offchain anonymity coins was not intended to say they are necessarily worse than one-time ring signatures on the block chain. I was saying we need more quantified understanding of how these methods compare. And hoping the developers of those coins will produce whitepapers that explain the specifics and do so in a way I can understand. So far the only offchain anonymity whitepaper I've seen which gives a lot of specifics is the one from jl777, but I can't really understand it. Maybe it is just me. For example, there are terms used as as "cloned" which are not defined, or at least I didn't see the definitions in that wall of text. Darkcoin's specifics were last time I checked some months ago buried in the discussion thread. I had formed an understanding, they since refined the design to do premixing, which I commented on in rpietila Altcoin observer thread. The problem with all this piecemeal analysis spread all over the place is it is not collected in one coherent whitepaper for investors to read.

But that is no worse than double-spending the coin in conjunction with a blockchain rewind, so (even if that math is broken) that isn't really a new vulnerability.

Only the two eqs. with unknowns q and x remains as potential new vulnerability.

Whoops. I am mistaken. Sending the coins to yourself doesn't help, if the attacker can rewind the chain. And if the math is broken this could be done widespread by a single attacker, because every spend he does infects that coin downstream every where it goes, assuming he can rewind the blockchain with a TW or 51% attack.

Note this doesn't really apply to a widescale attack by a single attacker. Rather if it is valid, then it means senders can steal back what they sent to you if they can de-anonymize you and they can rewind the chain, which isn't likely.

But there is any easy fix all of you could do now. Go send your CN coins to yourself at a new address. Then you are both the sender and the recipient.

That is why I said I upthread I wasn't too concerned about this additional insight.

However, there is still the prior insight where we have two equations and two unknowns x and q.