Other than the prior post, the Zerocash forum has begun removing and censoring my posts. So yet another attempt to pull the wool over speculator eyes and not open source on factual discussion.
So many deluded folks in crypto who get offended when they realize they aren't even close to understanding all the issues I understand about crypto currency, and the ramnifications that their projects are ill-focused and not ready for prime time.
|
|
|
|
Other than the prior post, the Zerocash forum has begun removing and censoring my posts. So yet another attempt to pull the wool over speculator eyes and not open source on factual discussion.
So many deluded folks in crypto who get offended when they realize they aren't even close to understanding all the issues I understand about crypto currency, and the ramnifications that their projects are ill-focused and not ready for prime time.
|
|
|
|
|
Other than the prior post, the Zerocash forum has begun removing and censoring my posts. So yet another attempt to pull the wool over speculator eyes and not open source on factual discussion.
So many deluded folks in crypto who get offended when they realize they aren't even close to understanding all the issues I understand about crypto currency, and the ramnifications that their projects are ill-focused and not ready for prime time.
|
|
|
|
Satoshi's single longest chain PoW design insures there can only be one winning perspective on the ordering and thus there is no competing ordering with ambiguously ordered double-spends. Whereas, a DAG (or any tree with multiple branches) can't unambigously define an ordering in its data structure. I know you will think we can order these in time, but I already explained upthread that there is no global clock to timestamp these nodes of the tree with. Thus the only ordering is the structure of the graph.
I'm lost in all these "orderings", looks like you call different things with the same word. A DAG has multiple chains (branches) of partial orders. This is not a global or total ordering such that we know which transactions occurred in which order relative to each other, when those transactions are on separate branches of the DAG (i.e. separate Partitions). To simulate a total ordering, Iota uses a math model that it expects all participants to adhere to. Problem is afaics this model can't be enforced, the game theories are unbounded in terms of which model of the total ordering is dominant (in terms of defining double spends), this I conjecture (expect) chaos and divergence of Consistency (i.e. inconsistency a.k.a. lack of global agreement about double-spends and thus which downstream branches of transactions are valid). A more formal mathematical elucidation would be more unassailable than my English language explanations. Yet I am confident (conjecture) that those who are expert enough can judge my statements to be correct or at least a strong concern.
The problem is without Consistency I expect the DAG to diverge into a chaos of disagreement. You are relying on participants using clients that adhere to the mathematical model you want them to use when choosing which tree branch to append their transactions to (and which acceptance model to use for declaring a transaction is probabilistically confirmed), but given the inconsistency that will arise and the game theories thereof, I don't see a snowball's chance in hell of the thing not blowing up unless you are able to maintain control over what participants do, and then it is no longer decentralized.
My point is there is no equilibrium of just a low rate of double-spends, but rather divergence. I haven't shown this formally (as in a math proof with equations) but I can already see it conceptually.
Considering that this point has been made clear several times in the thread, is this something we will just have to wait and see in real time or have I missed the rebuttal? Please point me/us to an existing rebuttal (not lazy; it will help other readers too), if any. If there isn't one, I would like to request those with sufficient knowledge on the subject to rebut. Trust me, it will be highly appreciated by many of us peasants!  I think we may not see the true risks in the early stage of Iota's launch, because my understanding is they are using some centralized servers in the ramp up phase. So perhaps the payers delegate their math model to these servers. I haven't studied their code to know. Wait I will try to locate CfB's first reply to my line of argument on this point and come back here and post a link. Hopefully also my posts today have added further weight and/or clarification of my conceptualization. Here is a link to CfB's post to start reading from (not sure if it is the only or best one): https://bitcointalk.org/index.php?topic=1319681.msg13536310#msg13536310Try reading forward in chronological thread order from that post until at least the following: https://bitcointalk.org/index.php?topic=1319681.msg13542612#msg13542612 |
|
|
|
The narcissism is palpable.
|
|
|
|
I have made the following post to create the thread entitled "Fundamental Challenges?" at the Zerocash forum which is currently hidden there awaiting approval from the forum moderator: I am Shelby Moore III, also known as "AnonyMint" at the Bitcointalk.org (BCT) forum where I was an early proponent of anonymity in 2013. My analysis is watched by many 100s if not 1000s of readers at the BCT forum. My current username there is "TPTB_need_war". I have invented some zero knowledge cryptography (combining Cryptonote one-time ring signatures with the Compact Confidential Transactions for homomorphic value hiding). Roughly a couple of months ago, I abandoned that invention and proclaimed that all anonymity designs were future[futile] except for Zerocash, because the meta-data correlation problem was insoluble (impractical for mere mortals to work around on a regular basis). However, I still see fundamental problems in the Zerocash direction and I am proposing at least one solution. I would urge the developers to read the following threads (especially from the linked posts forward) and please respond here or there to the major issues discussed. https://bitcointalk.org/index.php?topic=1211093.msg13619905#msg13619905https://bitcointalk.org/index.php?topic=1329549.msg13619903#msg13619903I presume you know how to click the quotes in posts to venture off to the source threads from whence they originated in order to find all the discussion that has transpired today. Note there are even legal criticims of the conjectured ROI model of Zerocash (z.cash). Hopefully you can address those as well. Be forewarned you are will descend into a hornet's nest of ad hominem and speculator turf battles noise interleaved with attempts to stay on technical focus. |
|
|
|
One more point I considered in my holistic analysis is that for most transactions we can't be anonymous. Thus anonymity is more suited to those who want to receive some payment anonymously and hide the funds there and extract them only to public funds in small morsels or to spend in other rare anonymous transactions (e.g. buying some gold bars from someone you trust won't reveal your identity).
In that case one might think you can just use Stealth Addresses (unlinkability) and run a full node to confirm receipt of funds anonymously. No need for Cryptonote, RingCT, nor ZeroCash. But the problem is the payer can be identified and be pressured to reveal your identity.
So this is why we need Zerocash to make the untraceability impervious to meta-data correlation.
But the problem with my proposal for ephemeral Zerocash mixers is that when we take the coins out of the mixer they can now be correlated to our meta-data (e.g. IP address, etc). So thus it seems to hide large funds and only take out small portions publicly as needed, will incur risk of losing those coins in my proposal, but at least they will be provably anonymous.
Anonymity is a clusterfuck. If we can't make trusted hardware, then anonymity is unprovable. Period.
So just give up on anonymity, or get busy trying to make hardware we can trust?
(or if Zerocash has developed a provably secure way to generate a master public key, which I doubt)
|
|
|
|
|
One more point I considered in my holistic analysis is that for most transactions we can't be anonymous. Thus anonymity is more suited to those who want to receive some payment anonymously and hide the funds there and extract them only to public funds in small morsels or to spend in other rare anonymous transactions (e.g. buying some gold bars from someone you trust won't reveal your identity).
In that case one might think you can just use Stealth Addresses (unlinkability) and run a full node to confirm receipt of funds anonymously. No need for Cryptonote, RingCT, nor ZeroCash. But the problem is the payer can be identified and be pressured to reveal your identity.
So this is why we need Zerocash to make the untraceability impervious to meta-data correlation.
But the problem with my proposal for ephemeral Zerocash mixers is that when we take the coins out of the mixer they can now be correlated to our meta-data (e.g. IP address, etc). So thus it seems to hide large funds and only take out small portions publicly as needed, will incur risk of losing those coins in my proposal, but at least they will be provably anonymous.
Anonymity is a clusterfuck. If we can't make trusted hardware, then anonymity is unprovable. Period.
So just give up on anonymity, or get busy trying to make hardware we can trust?
(or if Zerocash has developed a provably secure way to generate a master public key, which I doubt)
|
|
|
|
But I am confident these physics issues can be worked out to a sufficient level of trust.
Only need to confirm that the private key was not communicated from the computer to any one.
I find this kinda weak against your general absolutism. "So Simple Yet So Complex". After all, what stops all 3 letter agencies, who can own blockchains and can do analysis and attacks etc, to stage the whole thing? Will i be allowed to check that computer? I mean, i have near to zero understanding of cryptography, but your search for the perfect/ideal solution looks like making you ready to take a huge and dangerous bet. I proposed ephemeral mixers based on Zerocash technology. They will be ferreted out if they are doing this, because it will be known that the key was compromised when the mixer expires and everyone has to cash out of the mixer back into the public coin. The bastards can't keep doing it over and over again. The participants will get wise as to the methods the attackers are using. I am not absolutist. Rather I think correctly and realistically when I weigh marketing, tradeoffs, and delusion as follows: That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
Marketing and design are holistically joined at the hip. Those fools who said the marketing can come later are clueless. |
|
|
|
...
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
How do you know that the public key you see on the screen is the one that was computed and not one that was pre computed before the computer was "placed in lead"? Edit: DRM in the OS has everything to do with this since it is the perfect place to hide the private key. That is what DRM is designed to do hide private keys. The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed. 100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck. Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that. Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not. The result of my proposal is: - Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
- No anonymity is ever lost.
- No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer. |
|
|
|
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes. Proprietary software solutions have by their very nature a centralized systemic risk that Free Libre Open Source software solutions do not. The type of risks you describe in Monero are trivial compared to the risk of the DRM in the operating system used to generate master key in a centralized proprietary solution such as the one you propose. Furthermore I still do not have an answer to what is a straight forward yes or no question. . As long as no one saw nor can recover the private key before it was discarded, then there is nothing proprietary remaining in the use of the Zerocash open source. The Zerocash open source code requires a public key to be pasted in. It is the public (ceremony) generation of that key, which determines whether anyone had access to the private key when the public key was created. DRM has nothing to do with it all. Thus I assume you don't understand the issue. The only issue is whether the public key can be computed at a public ceremony and the private key was securely discarded. So for example, they could use any computer, encase it in lead before running the computation, and no external connection to the computer other than the screen which reads out the public key. Then slide the computer into a barrel of acid so that it is permanently destroyed. All done at a public ceremony so there can be no cheating. Of course one could envision elaborate/exotic means of cheating, such as using radio waves to communicate the private key out to external actor, but again that is why I wrote encase it in lead. There is the issue of how to destroy it while not momentarily removing it from its communication barrier. But I am confident these physics issues can be worked out to a sufficient level of trust. As for trust, not even the Elliptic Curve Cryptography and other math we use for crypto can be 100% trusted. So if you start arguing silly about 100% trust, then it is safe to ignore as loony. |
|
|
|
a waste of my reading time reading
That is either a lie or a serious delusion. This is precisely what I mean by a circle jerk that does not value the expertise and effort we need to win. In other words, not a meritocracy. Okay I will leave the thread. What ever happened to this?
I didn't introduce the Zerocash discussion. Apparently some in your community think it is relevant to this thread. You blame me for everything because you just want a circle jerk here because you are mining each other. Who knows you are probably behind some scheme to take money from other investors here. There is always a reason that people act irrationally towards truth. So much for your idealistic delusions about open source and doing it as a community for the common good. That is all bullshit. Devs who want to change the world and make a lot of money should wake up and join with a better leadership. Yeah I believe in open source, but it applies in refinement scenarios. Not in design scenarios. Groups are filled with game theory. Design requires focused intent and focused profit. The narcissism is palpable.
The game theory politics of pulling the wool over the eyes and mining each other is palatable. You confuse a desire for capitalism and meritocracy with your scam here. So then you try to frame my pleas for meritocracy as me being in love with myself. Of fuck, just go on masturbating here. |
|
|
|
|
ArticMine I moved the technical discussion to other Monero thread. I am leaving this thread, as requested by at least two here.
|
|
|
|
A for-profit coin company, i dont care what they make, iwill never trust them.
Agreed that is the opportunity to beat them by open sourcing their code. But you will also need my block chain technology to make the big win. moreover RingCT will move Monero closer to Zcash
Sorry no. It is still not immune to meta-data and the theoretical combinatorial analysis. Not reliable. Not realistic. We need to move forward. It is up to you, I know my thinking and priorities on this matter. A for profit company with closed source code controlling the initial key for a zerocash like currency is a regulatory nightmare. No closed source. The key would be produced publicly at a ceremony.
Would this metadata and combinatorial analysis hold even if mixin 10 was a default on all tx's?
The meta-data (e.g. IP address, browser cookie, timing analysis and location of connection, what you said in facebook or on the phone, etc) correlation problem isn't likely impacted no matter how many times or inputs you ring mix. It is very difficult for mere mortals to cover their tracks on all the possible meta-data correlations. It is unfathomably difficult. Don't fool yourself into thinking it isn't. The combinatorial analysis flaw (which I introduced to smooth during the BCX incident and hence followed up in debate with Shen-noether) is very theoretical and may or may not be plausible. In my thinking, it comes more into play if combined with meta-data breakdown of the anonymity systemically. Mixing more may help somewhat, but it can also make it worse because it is the excessive overlapping in mixes that causes the combinatorial unmasking. In short, it is a clusterfuck (not a clean, clear, provable solution) and that is why I abandoned it.
...
All miners will have to register as money transmitters under FinCEN regulations, same as the issue for Dash masternodes. There has seriously bad implications in their investment strategy. But their code and developers are valuable. The investors can probably recover their money on the initial IPO. They should IPO the damn thing and do it legally and not mess with this "master of the universe" idea above.
I am contemplating contacting them, but I need to think through their economic options. It may be impossible to get them to do the right thing.
But they could definitely benefit from my endorsement in an IPO. A legal IPO! As well, they could benefit from my block chain tech.
...
Miners do not have to register as MSBs. Please read the guidance. https://www.fincen.gov/news_room/rp/rulings/html/FIN-2014-R001.html The jury is very much out on Dash masternodes. How will the investors recover the funds from an IPO? If it is by emission then the IPO company is an MSB in the United States. My interpretation of FinCEN guidance is miners would have to register as MSBs if they are forced to transfer some of the coinbase to some other party. Just because it is enforced by the protocol, doesn't absolve the miner from (the legal culpability of) creating the block which created new supply and transferred it to a third party. Disclaimer: IANAL.
I hate when n00bs make me repeat the same shit over and over and over again. Do you think my time is free? The masterkey has to be produced in a way that no one knows it. The proposals had been to use a public ceremony and a computer examined by everyone attending, to be sure the masterkey is unknown to anyone.
Note if the masterkey is known, that person can create coins out-of-thin-air, but he can't unmask the anonymity. That is a crucial distinction.
This is why I proposed the idea of using Zerocash as a mixer that eventually times out, so that we can be sure the mixer hasn't created any new coins. Everyone going into the mixer takes the risk that they may not be able to come out of the mixer if the attacker has already created coins. Then we could have many of these mixers in a free market, and users would decide which mixers they trust. Again anonymity is never compromised and the run on the bank can only be a loss to participants, not to the entire ecosystem. I am pretty sure this solves the problem and this is why we can take their open source and beat them.
I am loaded with ideas and designs to solve real problems in crypto. Hopefully some smart devs are going to realize they are better off working with me.
I am aware of that. However, for an stand-alone altcoin creating coins out-of-thin-air is just as detrimental as unmasking the anonymity, because both will likely result in the coin dying. I already proposed a solution in my prior reply to you that is using their technology in ephemeral mixers, which thus avoids systemic risk and reveals which mixers are compromised (which is likely to be quite rare because participants will learn to judge which masterkeys were generated correctly at ceremony). Free markets always work best as long as systemic risk is avoided.
RingCT has the same problem. I explained in I believe both the chess thread and my Zero Knowledge Transactions thread. This is another reason I abandoned it (in addition to the inability to get reliable anonymity since it doesn't hide meta-data the way Zerocash/Zcash does).
No it doesn't, because coinbase transactions are mixin = 0 in Monero and therefore you can check if the total supply hasn't been tampered with. Wrong! Wrong! Wrong! Exemplifies that you are a n00b who should STFU. If there is a flaw in the cryptography for proving the homomorphic sums (and that is new cryptography), then indeed the attacker can create new value out-of-thin-air and not be detected. I am not going to explain the examples and math again. I already did in the past. Go ask Shen-noether. You should have paid attention the last time I explained this! You always want to use me but then you don't respect me enough to reward me[1] and then you expect me to correct for your inability to study and remember my posts carefully. I don't think you should bet against them, because Zerocash has anonymity and nothing else does! The community will make sure it is peer reviewed. We must. You had better start figuring out how to transition and pronto.
I don't say I do. eb3f stated on reddit the following: "Monero uses ring signatures, as you may know, which is battle-tested and well-understood in the cryptography world and in practice". Even with community review it will take a long time to get to this state. I also don't agree with bolded here, but I won't go on a back-and-forth discussion with you over that. Again my point is that you could have the safest snot in the world, but if people can't use snot for anything, then they are going to put their energies into perfecting and peer reviewing what they need. Seems you all often miss the points entirely. They fly right over your heads. I do agree that the new cryptography for Zerocash and zk-snarks is more complex than the new cryptography for homomorphic proof-of-sums for RingCT (or my ZKT), but I don't think that helps given the meta-data problem for RingCT/ZKT/Cryptonote (and every anonymity technology other than Zerocash). What is the point of pursuing a direction which is known to be unreliable and fundamentally flawed (in a way that can never be fixed), when we can pursue a direction that fixes the meta-data problem and is a matter of convincing whether the technology is sound with much peer review. Certainly the peer review can be done over time, and probably incentivized if the technology has a popular application. I'll let others which are more knowledgeable comment on the metadata.
Please don't tell me I will have to waste more of my time defending an obvious point (for anyone who has the slightest technological understanding). I am frustrated how much fucking time we waste. You all have been convincing yourselves in your little delusions for years of what ever circle jerk bubbles you prefer to be in (which often include ridiculing/dismissing me). Edit: correction: [1] I was rewarded by smooth, jl777, and rpietila. Big thanks to them. Very much so. I am just frustrated because I need a viable financial direction and we need to work smart and find a way that we can make these matters work in our favor. And I am trying to find people who value me and find a way to get it done.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes. Proprietary software solutions have by their very nature a centralized systemic risk that Free Libre Open Source software solutions do not. The type of risks you describe in Monero are trivial compared to the risk of the DRM in the operating system used to generate master key in a centralized proprietary solution such as the one you propose. Furthermore I still do not have an answer to what is a straight forward yes or no question. . As long as no one saw nor can recover the private key before it was discarded, then there is nothing proprietary remaining in the use of the Zerocash open source. The Zerocash open source code requires a public key to be pasted in. It is the public (ceremony) generation of that key, which determines whether anyone had access to the private key when the public key was created. DRM has nothing to do with it all. Thus I assume you don't understand the issue. The only issue is whether the public key can be computed at a public ceremony and the private key was securely discarded. So for example, they could use any computer, encase it in lead before running the computation, and no external connection to the computer other than the screen which reads out the public key. Then slide the computer into a barrel of acid so that it is permanently destroyed. All done at a public ceremony so there can be no cheating. Of course one could envision elaborate/exotic means of cheating, such as using radio waves to communicate the private key out to external actor, but again that is why I wrote encase it in lead. There is the issue of how to destroy it while not momentarily removing it from its communication barrier. But I am confident these physics issues can be worked out to a sufficient level of trust. As for trust, not even the Elliptic Curve Cryptography and other math we use for crypto can be 100% trusted. So if you start arguing silly about 100% trust, then it is safe to ignore as loony. ...
I am imagining that the type of people designing such a technology would do better than generate a masterkey on Windows et al. I'm actually imagining purpose-built, auditable software and maybe even hardware.
Auditable by whom? It comes down to Free Software vs Proprietary software. The same is true for the hardware. There is a reason why my question is being avoided here. By the attendees of said masterkey-generation ceremony. Actually by anyone who uses the currency. The role of the attendees is to verify that all the software has not changed between what was used and what is released to the public. Edit: The minute one tries to protect "intellectual property" at any level the trust is gone. FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
...
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
How do you know that the public key you see on the screen is the one that was computed and not one that was pre computed before the computer was "placed in lead"? Edit: DRM in the OS has everything to do with this since it is the perfect place to hide the private key. That is what DRM is designed to do hide private keys. The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed. 100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck. Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that. Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not. The result of my proposal is: - Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
- No anonymity is ever lost.
- No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
TPTB said that not even math can be trusted 100%, then how can we put 100% trust on any device for fair start of a trustless currency
If can't trust the math, throw Monero in the garbage can too. My point is that nothing is 100%. We have to weigh the reasonable risks and benefits.
But I am confident these physics issues can be worked out to a sufficient level of trust.
Only need to confirm that the private key was not communicated from the computer to any one.
I find this kinda weak against your general absolutism. "So Simple Yet So Complex". After all, what stops all 3 letter agencies, who can own blockchains and can do analysis and attacks etc, to stage the whole thing? Will i be allowed to check that computer? I mean, i have near to zero understanding of cryptography, but your search for the perfect/ideal solution looks like making you ready to take a huge and dangerous bet. I proposed ephemeral mixers based on Zerocash technology. They will be ferreted out if they are doing this, because it will be known that the key was compromised when the mixer expires and everyone has to cash out of the mixer back into the public coin. The bastards can't keep doing it over and over again. The participants will get wise as to the methods the attackers are using. I am not absolutist. Rather I think correctly and realistically when I weigh marketing, tradeoffs, and delusion as follows: That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
Marketing and design are holistically joined at the hip. Those fools who said the marketing can come later are clueless.
I think I did correct my myopia in the subsequent reply to him. And I think the points reached sort of a stalemate. I don't dismiss his point, but if that white paper above is our concern, then none of the software we use is trustworthy. Okay I understand the point that doing something once and we all have to rely on that, is different than we all each download our software and run diverse hardware. But is it? Seems we all are running the hardware made by Intel and all the download links run through routers controlled by TPTB. So all-in-all, I accepted his point. I think anonymity is a clusterfuck. Given the way Zerocash's forum treated me (they removed all my posts after they realized I was explaining serious flaws and challenges), I don't expect any success from them either. I'd like to move on away from anonymity. Maybe one day in the future we could make some mixers based on Zerocash (long after their effort has faded into the dust) and maybe use it for some few esoteric uses for anonymity. But reliable anonymity on a widescale is unfortunately a delusion that even I had to finally come to grips with. Sad to say. As for unreliable anonymity, I can do that now with Bitcoin. I just go use an unregistered wireless network connection. Eventually that will be impossible, but for now it is available in some jurisdictions. If someone could identify a use for ring mixing that applied to businesses who don't mind if the NSA is tracking their privacy, then perhaps I could be convinced there is a market. But as I wrote before, the NSA has employees and those employees can't be trusted to not sell your privacy to your competitors. Corruption is the rule, not the exception. A mouse will always eat the cheese. I start to comprehend now how it might be true when Martin Armstrong says we might descend into a Dark Age. The only way I can think to fight back now is go for popularity and control in the hands of the people. Win the political war.
Is there a better alternative for anonymous transactions currently working and available?
There is nothing available for reliable anonymous transactions. For unreliable anonymity, I might as well just use Bitcoin and jump over to my local McDonalds on the unregistered WiFi connection. So yes there is a better alternative, Bitcoin. And it is more widely accepted. I would not entrust not receiving jail time on the assumption my meta-data can't be correlated, neither with Monero nor Bitcoin. The only anonymous things I would do would be legal things I want to hide from for example the public, but not from the NSA (and the employees of the NSA). In that case, I can do this reasonably well using Bitcoin. I can't make the sources of my transaction untraceable with Bitcoin (unless I use some unreliable mixer, CoinJoin, or CoinShuffle), i.e. if someone wanted to premine and then make it impossible to connect them to the premined coins. So maybe we can argue that Cryptonote/Monero would help people who want to create scams. But decentralized exchanges might accomplish the same (not sure about that yet, still analyzing them). In short, I just can't see what is the large market for this unreliable anonymity in Cryptonote as compared to the unreliable anonymity in Bitcoin? Hey I am not happy it worked out that way. As much as I don't like the boastfulness of some Monero's community (not all the devs), I still would prefer if anonymity was realistic. I am saddened. And especially pissed off to have expended so much effort on anonymity and not have realized sooner. Actually the market for Monero might be criminals. They may have the incentive to study how to guard their meta-data and willing to take the risk on the combinatorial unmasking (since a criminal mind seems to ignore the prospect of jail time). But they need to be mixed with regular users, otherwise their anonymity sets may not be large enough. I don't want to be in a project who sole main use case is criminals. Please confine yourself to that question.
Hitler claiming to support Libertarian principles (e.g. anonymity).  Have you ever heard of the concept of respecting the freedom of others. I am flabberghast that you think you can tell me what I can write about. Do I tell you what you can write about. |
|
|
|
A for-profit coin company, i dont care what they make, iwill never trust them.
Agreed that is the opportunity to beat them by open sourcing their code. But you will also need my block chain technology to make the big win. moreover RingCT will move Monero closer to Zcash
Sorry no. It is still not immune to meta-data and the theoretical combinatorial analysis. Not reliable. Not realistic. We need to move forward. It is up to you, I know my thinking and priorities on this matter. A for profit company with closed source code controlling the initial key for a zerocash like currency is a regulatory nightmare. No closed source. The key would be produced publicly at a ceremony.
Would this metadata and combinatorial analysis hold even if mixin 10 was a default on all tx's?
The meta-data (e.g. IP address, browser cookie, timing analysis and location of connection, what you said in facebook or on the phone, etc) correlation problem isn't likely impacted no matter how many times or inputs you ring mix. It is very difficult for mere mortals to cover their tracks on all the possible meta-data correlations. It is unfathomably difficult. Don't fool yourself into thinking it isn't. The combinatorial analysis flaw (which I introduced to smooth during the BCX incident and hence followed up in debate with Shen-noether) is very theoretical and may or may not be plausible. In my thinking, it comes more into play if combined with meta-data breakdown of the anonymity systemically. Mixing more may help somewhat, but it can also make it worse because it is the excessive overlapping in mixes that causes the combinatorial unmasking. In short, it is a clusterfuck (not a clean, clear, provable solution) and that is why I abandoned it.
...
All miners will have to register as money transmitters under FinCEN regulations, same as the issue for Dash masternodes. There has seriously bad implications in their investment strategy. But their code and developers are valuable. The investors can probably recover their money on the initial IPO. They should IPO the damn thing and do it legally and not mess with this "master of the universe" idea above.
I am contemplating contacting them, but I need to think through their economic options. It may be impossible to get them to do the right thing.
But they could definitely benefit from my endorsement in an IPO. A legal IPO! As well, they could benefit from my block chain tech.
...
Miners do not have to register as MSBs. Please read the guidance. https://www.fincen.gov/news_room/rp/rulings/html/FIN-2014-R001.html The jury is very much out on Dash masternodes. How will the investors recover the funds from an IPO? If it is by emission then the IPO company is an MSB in the United States. My interpretation of FinCEN guidance is miners would have to register as MSBs if they are forced to transfer some of the coinbase to some other party. Just because it is enforced by the protocol, doesn't absolve the miner from (the legal culpability of) creating the block which created new supply and transferred it to a third party. Disclaimer: IANAL.
I hate when n00bs make me repeat the same shit over and over and over again. Do you think my time is free? The masterkey has to be produced in a way that no one knows it. The proposals had been to use a public ceremony and a computer examined by everyone attending, to be sure the masterkey is unknown to anyone.
Note if the masterkey is known, that person can create coins out-of-thin-air, but he can't unmask the anonymity. That is a crucial distinction.
This is why I proposed the idea of using Zerocash as a mixer that eventually times out, so that we can be sure the mixer hasn't created any new coins. Everyone going into the mixer takes the risk that they may not be able to come out of the mixer if the attacker has already created coins. Then we could have many of these mixers in a free market, and users would decide which mixers they trust. Again anonymity is never compromised and the run on the bank can only be a loss to participants, not to the entire ecosystem. I am pretty sure this solves the problem and this is why we can take their open source and beat them.
I am loaded with ideas and designs to solve real problems in crypto. Hopefully some smart devs are going to realize they are better off working with me.
I am aware of that. However, for an stand-alone altcoin creating coins out-of-thin-air is just as detrimental as unmasking the anonymity, because both will likely result in the coin dying. I already proposed a solution in my prior reply to you that is using their technology in ephemeral mixers, which thus avoids systemic risk and reveals which mixers are compromised (which is likely to be quite rare because participants will learn to judge which masterkeys were generated correctly at ceremony). Free markets always work best as long as systemic risk is avoided.
RingCT has the same problem. I explained in I believe both the chess thread and my Zero Knowledge Transactions thread. This is another reason I abandoned it (in addition to the inability to get reliable anonymity since it doesn't hide meta-data the way Zerocash/Zcash does).
No it doesn't, because coinbase transactions are mixin = 0 in Monero and therefore you can check if the total supply hasn't been tampered with. Wrong! Wrong! Wrong! Exemplifies that you are a n00b who should STFU. If there is a flaw in the cryptography for proving the homomorphic sums (and that is new cryptography), then indeed the attacker can create new value out-of-thin-air and not be detected. I am not going to explain the examples and math again. I already did in the past. Go ask Shen-noether. You should have paid attention the last time I explained this! You always want to use me but then you don't respect me enough to reward me[1] and then you expect me to correct for your inability to study and remember my posts carefully. I don't think you should bet against them, because Zerocash has anonymity and nothing else does! The community will make sure it is peer reviewed. We must. You had better start figuring out how to transition and pronto.
I don't say I do. eb3f stated on reddit the following: "Monero uses ring signatures, as you may know, which is battle-tested and well-understood in the cryptography world and in practice". Even with community review it will take a long time to get to this state. I also don't agree with bolded here, but I won't go on a back-and-forth discussion with you over that. Again my point is that you could have the safest snot in the world, but if people can't use snot for anything, then they are going to put their energies into perfecting and peer reviewing what they need. Seems you all often miss the points entirely. They fly right over your heads. I do agree that the new cryptography for Zerocash and zk-snarks is more complex than the new cryptography for homomorphic proof-of-sums for RingCT (or my ZKT), but I don't think that helps given the meta-data problem for RingCT/ZKT/Cryptonote (and every anonymity technology other than Zerocash). What is the point of pursuing a direction which is known to be unreliable and fundamentally flawed (in a way that can never be fixed), when we can pursue a direction that fixes the meta-data problem and is a matter of convincing whether the technology is sound with much peer review. Certainly the peer review can be done over time, and probably incentivized if the technology has a popular application. I'll let others which are more knowledgeable comment on the metadata.
Please don't tell me I will have to waste more of my time defending an obvious point (for anyone who has the slightest technological understanding). I am frustrated how much fucking time we waste. You all have been convincing yourselves in your little delusions for years of what ever circle jerk bubbles you prefer to be in (which often include ridiculing/dismissing me). Edit: correction: [1] I was rewarded by smooth, jl777, and rpietila. Big thanks to them. Very much so. I am just frustrated because I need a viable financial direction and we need to work smart and find a way that we can make these matters work in our favor. And I am trying to find people who value me and find a way to get it done.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes. Proprietary software solutions have by their very nature a centralized systemic risk that Free Libre Open Source software solutions do not. The type of risks you describe in Monero are trivial compared to the risk of the DRM in the operating system used to generate master key in a centralized proprietary solution such as the one you propose. Furthermore I still do not have an answer to what is a straight forward yes or no question. . As long as no one saw nor can recover the private key before it was discarded, then there is nothing proprietary remaining in the use of the Zerocash open source. The Zerocash open source code requires a public key to be pasted in. It is the public (ceremony) generation of that key, which determines whether anyone had access to the private key when the public key was created. DRM has nothing to do with it all. Thus I assume you don't understand the issue. The only issue is whether the public key can be computed at a public ceremony and the private key was securely discarded. So for example, they could use any computer, encase it in lead before running the computation, and no external connection to the computer other than the screen which reads out the public key. Then slide the computer into a barrel of acid so that it is permanently destroyed. All done at a public ceremony so there can be no cheating. Of course one could envision elaborate/exotic means of cheating, such as using radio waves to communicate the private key out to external actor, but again that is why I wrote encase it in lead. There is the issue of how to destroy it while not momentarily removing it from its communication barrier. But I am confident these physics issues can be worked out to a sufficient level of trust. As for trust, not even the Elliptic Curve Cryptography and other math we use for crypto can be 100% trusted. So if you start arguing silly about 100% trust, then it is safe to ignore as loony. ...
I am imagining that the type of people designing such a technology would do better than generate a masterkey on Windows et al. I'm actually imagining purpose-built, auditable software and maybe even hardware.
Auditable by whom? It comes down to Free Software vs Proprietary software. The same is true for the hardware. There is a reason why my question is being avoided here. By the attendees of said masterkey-generation ceremony. Actually by anyone who uses the currency. The role of the attendees is to verify that all the software has not changed between what was used and what is released to the public. Edit: The minute one tries to protect "intellectual property" at any level the trust is gone. FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
...
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
How do you know that the public key you see on the screen is the one that was computed and not one that was pre computed before the computer was "placed in lead"? Edit: DRM in the OS has everything to do with this since it is the perfect place to hide the private key. That is what DRM is designed to do hide private keys. The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed. 100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck. Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that. Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not. The result of my proposal is: - Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
- No anonymity is ever lost.
- No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
TPTB said that not even math can be trusted 100%, then how can we put 100% trust on any device for fair start of a trustless currency
If can't trust the math, throw Monero in the garbage can too. My point is that nothing is 100%. We have to weigh the reasonable risks and benefits.
But I am confident these physics issues can be worked out to a sufficient level of trust.
Only need to confirm that the private key was not communicated from the computer to any one.
I find this kinda weak against your general absolutism. "So Simple Yet So Complex". After all, what stops all 3 letter agencies, who can own blockchains and can do analysis and attacks etc, to stage the whole thing? Will i be allowed to check that computer? I mean, i have near to zero understanding of cryptography, but your search for the perfect/ideal solution looks like making you ready to take a huge and dangerous bet. I proposed ephemeral mixers based on Zerocash technology. They will be ferreted out if they are doing this, because it will be known that the key was compromised when the mixer expires and everyone has to cash out of the mixer back into the public coin. The bastards can't keep doing it over and over again. The participants will get wise as to the methods the attackers are using. I am not absolutist. Rather I think correctly and realistically when I weigh marketing, tradeoffs, and delusion as follows: That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
Marketing and design are holistically joined at the hip. Those fools who said the marketing can come later are clueless.
One more point I considered in my holistic analysis is that for most transactions we can't be anonymous. Thus anonymity is more suited to those who want to receive some payment anonymously and hide the funds there and extract them only to public funds in small morsels or to spend in other rare anonymous transactions (e.g. buying some gold bars from someone you trust won't reveal your identity).
In that case one might think you can just use Stealth Addresses (unlinkability) and run a full node to confirm receipt of funds anonymously. No need for Cryptonote, RingCT, nor ZeroCash. But the problem is the payer can be identified and be pressured to reveal your identity.
So this is why we need Zerocash to make the untraceability impervious to meta-data correlation.
But the problem with my proposal for ephemeral Zerocash mixers is that when we take the coins out of the mixer they can now be correlated to our meta-data (e.g. IP address, etc). So thus it seems to hide large funds and only take out small portions publicly as needed, will incur risk of losing those coins in my proposal, but at least they will be provably anonymous.
Anonymity is a clusterfuck. If we can't make trusted hardware, then anonymity is unprovable. Period.
So just give up on anonymity, or get busy trying to make hardware we can trust?
(or if Zerocash has developed a provably secure way to generate a master public key, which I doubt)
I think I did correct my myopia in the subsequent reply to him. And I think the points reached sort of a stalemate. I don't dismiss his point, but if that white paper above is our concern, then none of the software we use is trustworthy. Okay I understand the point that doing something once and we all have to rely on that, is different than we all each download our software and run diverse hardware. But is it? Seems we all are running the hardware made by Intel and all the download links run through routers controlled by TPTB. So all-in-all, I accepted his point. I think anonymity is a clusterfuck. Given the way Zerocash's forum treated me (they removed all my posts after they realized I was explaining serious flaws and challenges), I don't expect any success from them either. I'd like to move on away from anonymity. Maybe one day in the future we could make some mixers based on Zerocash (long after their effort has faded into the dust) and maybe use it for some few esoteric uses for anonymity. But reliable anonymity on a widescale is unfortunately a delusion that even I had to finally come to grips with. Sad to say. As for unreliable anonymity, I can do that now with Bitcoin. I just go use an unregistered wireless network connection. Eventually that will be impossible, but for now it is available in some jurisdictions. If someone could identify a use for ring mixing that applied to businesses who don't mind if the NSA is tracking their privacy, then perhaps I could be convinced there is a market. But as I wrote before, the NSA has employees and those employees can't be trusted to not sell your privacy to your competitors. Corruption is the rule, not the exception. A mouse will always eat the cheese. I start to comprehend now how it might be true when Martin Armstrong says we might descend into a Dark Age. The only way I can think to fight back now is go for popularity and control in the hands of the people. Win the political war.
Is there a better alternative for anonymous transactions currently working and available?
There is nothing available for reliable anonymous transactions. For unreliable anonymity, I might as well just use Bitcoin and jump over to my local McDonalds on the unregistered WiFi connection. So yes there is a better alternative, Bitcoin. And it is more widely accepted. I would not entrust not receiving jail time on the assumption my meta-data can't be correlated, neither with Monero nor Bitcoin. The only anonymous things I would do would be legal things I want to hide from for example the public, but not from the NSA (and the employees of the NSA). In that case, I can do this reasonably well using Bitcoin. I can't make the sources of my transaction untraceable with Bitcoin (unless I use some unreliable mixer, CoinJoin, or CoinShuffle), i.e. if someone wanted to premine and then make it impossible to connect them to the premined coins. So maybe we can argue that Cryptonote/Monero would help people who want to create scams. But decentralized exchanges might accomplish the same (not sure about that yet, still analyzing them). In short, I just can't see what is the large market for this unreliable anonymity in Cryptonote as compared to the unreliable anonymity in Bitcoin? Hey I am not happy it worked out that way. As much as I don't like the boastfulness of some Monero's community (not all the devs), I still would prefer if anonymity was realistic. I am saddened. And especially pissed off to have expended so much effort on anonymity and not have realized sooner. Actually the market for Monero might be criminals. They may have the incentive to study how to guard their meta-data and willing to take the risk on the combinatorial unmasking (since a criminal mind seems to ignore the prospect of jail time). But they need to be mixed with regular users, otherwise their anonymity sets may not be large enough. I don't want to be in a project who sole main use case is criminals. Please confine yourself to that question.
Hitler claiming to support Libertarian principles (e.g. anonymity). Have you ever heard of the concept of respecting the freedom of others. I am flabberghast that you think you can tell me what I can write about. Do I tell you what you can write about. |
|
|
|
A for-profit coin company, i dont care what they make, iwill never trust them.
Agreed that is the opportunity to beat them by open sourcing their code. But you will also need my block chain technology to make the big win. moreover RingCT will move Monero closer to Zcash
Sorry no. It is still not immune to meta-data and the theoretical combinatorial analysis. Not reliable. Not realistic. We need to move forward. It is up to you, I know my thinking and priorities on this matter. A for profit company with closed source code controlling the initial key for a zerocash like currency is a regulatory nightmare. No closed source. The key would be produced publicly at a ceremony.
Would this metadata and combinatorial analysis hold even if mixin 10 was a default on all tx's?
The meta-data (e.g. IP address, browser cookie, timing analysis and location of connection, what you said in facebook or on the phone, etc) correlation problem isn't likely impacted no matter how many times or inputs you ring mix. It is very difficult for mere mortals to cover their tracks on all the possible meta-data correlations. It is unfathomably difficult. Don't fool yourself into thinking it isn't. The combinatorial analysis flaw (which I introduced to smooth during the BCX incident and hence followed up in debate with Shen-noether) is very theoretical and may or may not be plausible. In my thinking, it comes more into play if combined with meta-data breakdown of the anonymity systemically. Mixing more may help somewhat, but it can also make it worse because it is the excessive overlapping in mixes that causes the combinatorial unmasking. In short, it is a clusterfuck (not a clean, clear, provable solution) and that is why I abandoned it.
...
All miners will have to register as money transmitters under FinCEN regulations, same as the issue for Dash masternodes. There has seriously bad implications in their investment strategy. But their code and developers are valuable. The investors can probably recover their money on the initial IPO. They should IPO the damn thing and do it legally and not mess with this "master of the universe" idea above.
I am contemplating contacting them, but I need to think through their economic options. It may be impossible to get them to do the right thing.
But they could definitely benefit from my endorsement in an IPO. A legal IPO! As well, they could benefit from my block chain tech.
...
Miners do not have to register as MSBs. Please read the guidance. https://www.fincen.gov/news_room/rp/rulings/html/FIN-2014-R001.html The jury is very much out on Dash masternodes. How will the investors recover the funds from an IPO? If it is by emission then the IPO company is an MSB in the United States. My interpretation of FinCEN guidance is miners would have to register as MSBs if they are forced to transfer some of the coinbase to some other party. Just because it is enforced by the protocol, doesn't absolve the miner from (the legal culpability of) creating the block which created new supply and transferred it to a third party. Disclaimer: IANAL.
I hate when n00bs make me repeat the same shit over and over and over again. Do you think my time is free? The masterkey has to be produced in a way that no one knows it. The proposals had been to use a public ceremony and a computer examined by everyone attending, to be sure the masterkey is unknown to anyone.
Note if the masterkey is known, that person can create coins out-of-thin-air, but he can't unmask the anonymity. That is a crucial distinction.
This is why I proposed the idea of using Zerocash as a mixer that eventually times out, so that we can be sure the mixer hasn't created any new coins. Everyone going into the mixer takes the risk that they may not be able to come out of the mixer if the attacker has already created coins. Then we could have many of these mixers in a free market, and users would decide which mixers they trust. Again anonymity is never compromised and the run on the bank can only be a loss to participants, not to the entire ecosystem. I am pretty sure this solves the problem and this is why we can take their open source and beat them.
I am loaded with ideas and designs to solve real problems in crypto. Hopefully some smart devs are going to realize they are better off working with me.
I am aware of that. However, for an stand-alone altcoin creating coins out-of-thin-air is just as detrimental as unmasking the anonymity, because both will likely result in the coin dying. I already proposed a solution in my prior reply to you that is using their technology in ephemeral mixers, which thus avoids systemic risk and reveals which mixers are compromised (which is likely to be quite rare because participants will learn to judge which masterkeys were generated correctly at ceremony). Free markets always work best as long as systemic risk is avoided.
RingCT has the same problem. I explained in I believe both the chess thread and my Zero Knowledge Transactions thread. This is another reason I abandoned it (in addition to the inability to get reliable anonymity since it doesn't hide meta-data the way Zerocash/Zcash does).
No it doesn't, because coinbase transactions are mixin = 0 in Monero and therefore you can check if the total supply hasn't been tampered with. Wrong! Wrong! Wrong! Exemplifies that you are a n00b who should STFU. If there is a flaw in the cryptography for proving the homomorphic sums (and that is new cryptography), then indeed the attacker can create new value out-of-thin-air and not be detected. I am not going to explain the examples and math again. I already did in the past. Go ask Shen-noether. You should have paid attention the last time I explained this! You always want to use me but then you don't respect me enough to reward me[1] and then you expect me to correct for your inability to study and remember my posts carefully. I don't think you should bet against them, because Zerocash has anonymity and nothing else does! The community will make sure it is peer reviewed. We must. You had better start figuring out how to transition and pronto.
I don't say I do. eb3f stated on reddit the following: "Monero uses ring signatures, as you may know, which is battle-tested and well-understood in the cryptography world and in practice". Even with community review it will take a long time to get to this state. I also don't agree with bolded here, but I won't go on a back-and-forth discussion with you over that. Again my point is that you could have the safest snot in the world, but if people can't use snot for anything, then they are going to put their energies into perfecting and peer reviewing what they need. Seems you all often miss the points entirely. They fly right over your heads. I do agree that the new cryptography for Zerocash and zk-snarks is more complex than the new cryptography for homomorphic proof-of-sums for RingCT (or my ZKT), but I don't think that helps given the meta-data problem for RingCT/ZKT/Cryptonote (and every anonymity technology other than Zerocash). What is the point of pursuing a direction which is known to be unreliable and fundamentally flawed (in a way that can never be fixed), when we can pursue a direction that fixes the meta-data problem and is a matter of convincing whether the technology is sound with much peer review. Certainly the peer review can be done over time, and probably incentivized if the technology has a popular application. I'll let others which are more knowledgeable comment on the metadata.
Please don't tell me I will have to waste more of my time defending an obvious point (for anyone who has the slightest technological understanding). I am frustrated how much fucking time we waste. You all have been convincing yourselves in your little delusions for years of what ever circle jerk bubbles you prefer to be in (which often include ridiculing/dismissing me). Edit: correction: [1] I was rewarded by smooth, jl777, and rpietila. Big thanks to them. Very much so. I am just frustrated because I need a viable financial direction and we need to work smart and find a way that we can make these matters work in our favor. And I am trying to find people who value me and find a way to get it done.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes. Proprietary software solutions have by their very nature a centralized systemic risk that Free Libre Open Source software solutions do not. The type of risks you describe in Monero are trivial compared to the risk of the DRM in the operating system used to generate master key in a centralized proprietary solution such as the one you propose. Furthermore I still do not have an answer to what is a straight forward yes or no question. . As long as no one saw nor can recover the private key before it was discarded, then there is nothing proprietary remaining in the use of the Zerocash open source. The Zerocash open source code requires a public key to be pasted in. It is the public (ceremony) generation of that key, which determines whether anyone had access to the private key when the public key was created. DRM has nothing to do with it all. Thus I assume you don't understand the issue. The only issue is whether the public key can be computed at a public ceremony and the private key was securely discarded. So for example, they could use any computer, encase it in lead before running the computation, and no external connection to the computer other than the screen which reads out the public key. Then slide the computer into a barrel of acid so that it is permanently destroyed. All done at a public ceremony so there can be no cheating. Of course one could envision elaborate/exotic means of cheating, such as using radio waves to communicate the private key out to external actor, but again that is why I wrote encase it in lead. There is the issue of how to destroy it while not momentarily removing it from its communication barrier. But I am confident these physics issues can be worked out to a sufficient level of trust. As for trust, not even the Elliptic Curve Cryptography and other math we use for crypto can be 100% trusted. So if you start arguing silly about 100% trust, then it is safe to ignore as loony. ...
I am imagining that the type of people designing such a technology would do better than generate a masterkey on Windows et al. I'm actually imagining purpose-built, auditable software and maybe even hardware.
Auditable by whom? It comes down to Free Software vs Proprietary software. The same is true for the hardware. There is a reason why my question is being avoided here. By the attendees of said masterkey-generation ceremony. Actually by anyone who uses the currency. The role of the attendees is to verify that all the software has not changed between what was used and what is released to the public. Edit: The minute one tries to protect "intellectual property" at any level the trust is gone. FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
...
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
How do you know that the public key you see on the screen is the one that was computed and not one that was pre computed before the computer was "placed in lead"? Edit: DRM in the OS has everything to do with this since it is the perfect place to hide the private key. That is what DRM is designed to do hide private keys. The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed. 100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck. Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that. Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not. The result of my proposal is: - Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
- No anonymity is ever lost.
- No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
TPTB said that not even math can be trusted 100%, then how can we put 100% trust on any device for fair start of a trustless currency
If can't trust the math, throw Monero in the garbage can too. My point is that nothing is 100%. We have to weigh the reasonable risks and benefits.
But I am confident these physics issues can be worked out to a sufficient level of trust.
Only need to confirm that the private key was not communicated from the computer to any one.
I find this kinda weak against your general absolutism. "So Simple Yet So Complex". After all, what stops all 3 letter agencies, who can own blockchains and can do analysis and attacks etc, to stage the whole thing? Will i be allowed to check that computer? I mean, i have near to zero understanding of cryptography, but your search for the perfect/ideal solution looks like making you ready to take a huge and dangerous bet. I proposed ephemeral mixers based on Zerocash technology. They will be ferreted out if they are doing this, because it will be known that the key was compromised when the mixer expires and everyone has to cash out of the mixer back into the public coin. The bastards can't keep doing it over and over again. The participants will get wise as to the methods the attackers are using. I am not absolutist. Rather I think correctly and realistically when I weigh marketing, tradeoffs, and delusion as follows: That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
Marketing and design are holistically joined at the hip. Those fools who said the marketing can come later are clueless.
One more point I considered in my holistic analysis is that for most transactions we can't be anonymous. Thus anonymity is more suited to those who want to receive some payment anonymously and hide the funds there and extract them only to public funds in small morsels or to spend in other rare anonymous transactions (e.g. buying some gold bars from someone you trust won't reveal your identity).
In that case one might think you can just use Stealth Addresses (unlinkability) and run a full node to confirm receipt of funds anonymously. No need for Cryptonote, RingCT, nor ZeroCash. But the problem is the payer can be identified and be pressured to reveal your identity.
So this is why we need Zerocash to make the untraceability impervious to meta-data correlation.
But the problem with my proposal for ephemeral Zerocash mixers is that when we take the coins out of the mixer they can now be correlated to our meta-data (e.g. IP address, etc). So thus it seems to hide large funds and only take out small portions publicly as needed, will incur risk of losing those coins in my proposal, but at least they will be provably anonymous.
Anonymity is a clusterfuck. If we can't make trusted hardware, then anonymity is unprovable. Period.
So just give up on anonymity, or get busy trying to make hardware we can trust?
(or if Zerocash has developed a provably secure way to generate a master public key, which I doubt)
I think I did correct my myopia in the subsequent reply to him. And I think the points reached sort of a stalemate. I don't dismiss his point, but if that white paper above is our concern, then none of the software we use is trustworthy. Okay I understand the point that doing something once and we all have to rely on that, is different than we all each download our software and run diverse hardware. But is it? Seems we all are running the hardware made by Intel and all the download links run through routers controlled by TPTB. So all-in-all, I accepted his point. I think anonymity is a clusterfuck. Given the way Zerocash's forum treated me (they removed all my posts after they realized I was explaining serious flaws and challenges), I don't expect any success from them either. I'd like to move on away from anonymity. Maybe one day in the future we could make some mixers based on Zerocash (long after their effort has faded into the dust) and maybe use it for some few esoteric uses for anonymity. But reliable anonymity on a widescale is unfortunately a delusion that even I had to finally come to grips with. Sad to say. As for unreliable anonymity, I can do that now with Bitcoin. I just go use an unregistered wireless network connection. Eventually that will be impossible, but for now it is available in some jurisdictions. If someone could identify a use for ring mixing that applied to businesses who don't mind if the NSA is tracking their privacy, then perhaps I could be convinced there is a market. But as I wrote before, the NSA has employees and those employees can't be trusted to not sell your privacy to your competitors. Corruption is the rule, not the exception. A mouse will always eat the cheese. I start to comprehend now how it might be true when Martin Armstrong says we might descend into a Dark Age. The only way I can think to fight back now is go for popularity and control in the hands of the people. Win the political war.
Is there a better alternative for anonymous transactions currently working and available?
There is nothing available for reliable anonymous transactions. For unreliable anonymity, I might as well just use Bitcoin and jump over to my local McDonalds on the unregistered WiFi connection. So yes there is a better alternative, Bitcoin. And it is more widely accepted. I would not entrust not receiving jail time on the assumption my meta-data can't be correlated, neither with Monero nor Bitcoin. The only anonymous things I would do would be legal things I want to hide from for example the public, but not from the NSA (and the employees of the NSA). In that case, I can do this reasonably well using Bitcoin. I can't make the sources of my transaction untraceable with Bitcoin (unless I use some unreliable mixer, CoinJoin, or CoinShuffle), i.e. if someone wanted to premine and then make it impossible to connect them to the premined coins. So maybe we can argue that Cryptonote/Monero would help people who want to create scams. But decentralized exchanges might accomplish the same (not sure about that yet, still analyzing them). In short, I just can't see what is the large market for this unreliable anonymity in Cryptonote as compared to the unreliable anonymity in Bitcoin? Hey I am not happy it worked out that way. As much as I don't like the boastfulness of some Monero's community (not all the devs), I still would prefer if anonymity was realistic. I am saddened. And especially pissed off to have expended so much effort on anonymity and not have realized sooner. Actually the market for Monero might be criminals. They may have the incentive to study how to guard their meta-data and willing to take the risk on the combinatorial unmasking (since a criminal mind seems to ignore the prospect of jail time). But they need to be mixed with regular users, otherwise their anonymity sets may not be large enough. I don't want to be in a project who sole main use case is criminals. Please confine yourself to that question.
Hitler claiming to support Libertarian principles (e.g. anonymity). Have you ever heard of the concept of respecting the freedom of others. I am flabberghast that you think you can tell me what I can write about. Do I tell you what you can write about. |
|
|
|
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware? Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed. That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time) This does not answer my question which is cut and dry and goes to the heart of the trust issue. If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure. I already proposed how to spread the risk out and make it non-systemic. Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes. |
|
|
|
|
I have respect for some (former and active) Nxt devs (e.g. Come-from-Beyond and jl777), but I think they need to write better specifications. I have personally told this to jl777.
What you have above is very incomplete.
At this time, I am trying to figure out which group I should be working with.
|
|
|
|
a waste of my reading time reading
That is either a lie or a serious delusion. This is precisely what I mean by a circle jerk that does not value the expertise and effort we need to win. In other words, not a meritocracy. Okay I will leave the thread. What ever happened to this?
I didn't introduce the Zerocash discussion. Apparently some in your community think it is relevant to this thread. You blame me for everything because you just want a circle jerk here because you are mining each other. Who knows you are probably behind some scheme to take money from other investors here. There is always a reason that people act irrationally towards truth. So much for your idealistic delusions about open source and doing it as a community for the common good. That is all bullshit. Devs who want to change the world and make a lot of money should wake up and join with a better leadership. Yeah I believe in open source, but it applies in refinement scenarios. Not in design scenarios. Groups are filled with game theory. Design requires focused intent and focused profit. |
|
|
|
|
Show Posts
