A few counterpoints for discussion: Instead it will make the address technically more complex (instead of 2 bits of information it would be storing potentially 3). Also one has to remember, if you introduce such feature you can pretty much never remove it.
Agree and agree, though I don't see either as real barriers. It is prudent to consider these. From the technical side (of how payment ID is implemented) such solution would present user experience nightmares. Currently the payment ID is associated with the whole transaction, not the destination. If we had addresses which included the payment ID we would soon get users who would want to pay to several of those addresses, but since this is technically not possible we will forbid that. This will always be the case. You can't associate a payment ID with destinations without rendering stealth addresses pointless. Payment IDs are fundamentally incompatible with the send-many function as far as I can see. However, I'm struggling to see the situation(s) where this would present an issue. If it's a merchant, the payment ID should be one time use and the "address" never used again. If it's an exchange where you're reusing the payment ID (or "address"), then you already know you can't use send-many. All these edge cases have to be accounted for in the code, but none of them seem intractable to me (so far). Now if the user did not care about the payment ID in one of the addresses there would be no easy way to just throw the payment ID out of the address.
Completely disagree. It's a simple process to strip the payment ID and recalculate the checksum for a standard address instead; however, no (public) tools exist to do it yet. Going along with what I wrote above, though, I don't know of a situation where you would want or need to do so (that in no way means no such scenario exists). The only “good” thing about the proposal is that the payment ID gets checksummed. But considering the amount of data users currently have to enter already, I don’t think it’s feasible to think that anyone does it by hand - thus the importance of checksum on that data diminishes.
I see this completely the other way. If people aren't currently checking their payment IDs, this should be wholly better. This should mean there would be no support requests for "mistyped payment ID" in addition to "forgot payment ID". Lets think about how users can pay on a website. - Using a mobile wallet. Entering the address manually is not an option. User friendly options for mobile is QR code. They can embed the payment ID in it without changing anything in the Monero address format. OpenAlias can be used as a fallback.
- Using a desktop wallet. In this case the desktop wallet should install some URI handler, which would allow the user to just click a link on the payment page which would open their wallet. Again, this URI can include the payment ID, thus no need for any changes in the Monero address format. OpenAlias can again be used as a fallback.
- Using a command line wallet. The website should just display the whole command for simplewallet users, which they can copy-paste into the terminal. But lets be honest nobody should expect non-technical Monero users to keep using simplewallet after a better alternative is out. Alternatively simplewallet could implement a new command to pay to payment URIs. That way users can “Copy link address” from web and paste it into simple wallet.
Mobile: agree you can put the payment ID there, but it's not really different or "better" than having it as part of the address (IMO). Desktop/command line: this is just speaking for me, but I never do that URI stuff; rather I paste the address (and payment ID for XMR) and fill in the rest of the stuff manually (or type in case of command line). That's not an argument against them though. Again, I don't see anything "wrong" with including an "integrated address" in a URI vs a "standard address" plus a "payment ID" in a URI. One has one less field, one has a more complicated address. I would argue neither mean much to nearly all users. What responsible wallets could also do, to educate users about the “reference field” (payment IDs), is to prompt the user if they really want to leave the payment ID field empty. That way the users at least confirm that they know what they’re doing if they transfer money with an empty payment id.
Absolutely sensible. Edit: or maybe not, as smooth points out. 2. Ratify and implement stealth payment IDs (much shorter), can be expressed in both serialised and non-serialised formats
Has any work or discussion been done on this? I'd love to read about it if it's logged somewhere.
|
|
|
Thanks for your thoughts on this. I'm sure this will spark some discussion. I must confess I didn't think about it very much, and it's very possible I/we aren't tackling this the right way.
|
|
|
1. Is there a problem with older browsers (like Safari 5.1.10) and mymonero.com? When I tried that browser version, i get an invalid key prompt (with all private key prompts typed properly), but I was able to get a wallet on a newer Safari. 2. Second question: is it safe to login using something called public keys, consisting of three items (public address, view key and spend key) or it is better to use 13 private keys for login, as tedious as it is? 3. Do you need transaction ID every time you want to receive funds? 4. What items/keys do you need to send funds?
perhaps this sounds naive, but the system looks quite different in use comparing with bitcoin, so I would appreciate the answer to these questions.
Glad to help. 1. Do not know off hand (someone else [fluffypony] may, so not going to look into it right now) 2. Either method is equally safe, IMO. Revealing either one to a third party means they can steal your funds. Seed is easier (though longer if manually typing) in that it's just one text box (for copy/paste purposes). 3. For receiving funds, it behaves very similarly to BTC. Give someone your address; they send funds to it. You don't need to "do" anything to receive them ( verifying that you received a transaction is a different story). 4. Assuming you're logged into MyMonero already, you'll just need the receiver's public address to send them funds. If it's an exchange or other service, they'll probably provide you with a payment ID to use as well, so they can differentiate your transaction from other users'.
|
|
|
Adding the payment ID with checksum seems fairly simple. I went and created a test address just now: Standard Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byMUKoz6m Payment ID: feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed Integrated Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byXSb563RKvyBgorjsFGwyx9gorjsFGwyx9gorjsFGwyx9TpPbbCy What I did: Instead of the standard hex format - ('12' network byte) + (public spend key 64 digits) + (public view key 64 digits) + (checksum 8 digits) - I stripped the checksum and appended the payment ID, then recalculated and appended the new checksum. This creates a 101 byte address instead of the standard 69 byte, and 139 "Public Address" characters vs 95 standard. cnBase58 --> hex the above "Integrated Address" and you get (separated for clarity): 12 55a1e49673f5a8faa6ba4f942585695ceee5c7522496be6fc38d3f09905e3f8b ca6313deac11aff9a7241e7095863b0be3099d50d7a0cd11e0adbcf4990e64b5 feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed b1d0950e The code just needs to check for length to determine the type. Alternatively, (I don't know what all the other cryptonotes are using) the network byte could be changed to 0x13 or something for the "Integrated Address". I am going to increase my portion of the bounty to 200 XMR to whoever wants to implement this in the next 4 weeks. That brings the total bounty to ~450 XMR. Any takers? I'm still following this, but have been super busy the last few weeks with other stuff. I may claim this if I can find the time. Dude you should totally post this to: https://forum.getmonero.org/7/open-tasksI would posit to say that it has been "approved by the community" because no one was like "hell no, this is a horrible idea, get your integrated addresses out mah yard!!!" You could show us how it's done. Actually we need to find the ones who offered the bounty to ensure accuracy. Johnny Mnemonic, shitaifan2013, and pa off the top of my head are who I remember. Edit: the "top of my head" appears incorrect or at least incomplete.
|
|
|
In reality these probabilities (1/6, 1/25) for a "3x" repeat aren't accurate, because the checksum must fall on the duplicate, which can only happen if a duplicate happens. I think it should be 1/6*2/24 and 1/25*2/12, about 1.4% and .67% respectively.
For a triple yes, but not for two doubles. Wait, were we talking about two doubles? Two doubles should be less likely than a triple, due to the checksum word.
|
|
|
Here's what I get from Wolfram for the birthday problem, so you definitely shouldn't be seeing this every generation attempt. The 13th word does count, not for entropy purposes, but assuming crc32 is random enough, it should appear with the same probabilities as the other 12 words positions.
It looks to me like the 13th word is always one of the others, which makes the checksum just a few bits. I don't know why MyMonero did it that way, maybe for ease of remembering (at the cost of possibly less reliability in catching errors). Assuming that is correct, and according to your birthday calculation, you will get one duplicate (with the last one) 100% of the time, but two duplicates 1/21, which is fairly common too. Whoops, you are absolutely correct. I must have been blind on my test. Let me take a look at what it's doing... The revised birthday problem (12 candidates) is 1/25, still quite likely (to get "3"). Edit: all clear now. Edit2, explanation: the mnemonic code is the same for both MyMonero and regular Electrum-style accounts. It runs crc32 on the words shortened to their prefix (e.g., "films gutter whipped summon navy inmate waveform tonic physics bemused february hobby" becomes "filgutwhisumnavinmwavtonphybemfebhob"). It then takes the result modulo the number of words (12 or 24). The answer is the checksum index -- the word that is to be appended as the checksum. Edit3: more Wolfram fun -- in a standard 24 word seed, the probability of a "collision" is about 1/6. In reality these probabilities (1/6, 1/25) for a "3x" repeat aren't accurate, because the checksum must fall on the duplicate, which can only happen if a duplicate happens. I think it should be 1/6*2/24 and 1/25*2/12, about 1.4% and .67% respectively.
|
|
|
I never had so much trouble with blockchain.info as I am having with mymonero.com It gives you 13 words, then asks you to type them so, I typed, clicked on a button, which resulted in a message:
<invalid spend key> and nothing else
What is this?
Did you misstype something? I always copy and paste it (lol).
|
|
|
I tried five times to create a wallet, but in each case I got at least two out of 13 words being identical and in one case (out of 5) i got three identical words. If it uses the dictionary and then randomizes, the chance of this happening is so miniscule as to be negligible. In my opinion, it means that wallet creation does not work properly (at least at this moment).
In short, no. 1. The position of each word matters. The same word in a different position has a different value. 2. You're seeing the birthday problem (higher than expected likelihood of some match in the set), and no it does not affect security. 3. The last word doesn't count. It is a checksum. #2 is what we're looking at here for sure. I just created a test account and it had no matches. Here's what I get from Wolfram for the birthday problem, so you definitely shouldn't be seeing this every generation attempt. The 13th word does count, not for entropy purposes, but assuming crc32 is random enough, it should appear with the same probabilities as the other 12 words positions.
|
|
|
Adding the payment ID with checksum seems fairly simple. I went and created a test address just now: Standard Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byMUKoz6m Payment ID: feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed Integrated Address: 44sKiMHpNjRivdd2NQUyViGYZy4wbJ9L9KhFUaqSSE6JQP9LLbxL9tSikwrhYTRu3x2zKR28txuEc3zSGPduQ9byXSb563RKvyBgorjsFGwyx9gorjsFGwyx9gorjsFGwyx9TpPbbCy What I did: Instead of the standard hex format - ('12' network byte) + (public spend key 64 digits) + (public view key 64 digits) + (checksum 8 digits) - I stripped the checksum and appended the payment ID, then recalculated and appended the new checksum. This creates a 101 byte address instead of the standard 69 byte, and 139 "Public Address" characters vs 95 standard. cnBase58 --> hex the above "Integrated Address" and you get (separated for clarity): 12 55a1e49673f5a8faa6ba4f942585695ceee5c7522496be6fc38d3f09905e3f8b ca6313deac11aff9a7241e7095863b0be3099d50d7a0cd11e0adbcf4990e64b5 feedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeedfeed b1d0950e The code just needs to check for length to determine the type. Alternatively, (I don't know what all the other cryptonotes are using) the network byte could be changed to 0x13 or something for the "Integrated Address". I am going to increase my portion of the bounty to 200 XMR to whoever wants to implement this in the next 4 weeks. That brings the total bounty to ~450 XMR. Any takers? I'm still following this, but have been super busy the last few weeks with other stuff. I may claim this if I can find the time.
|
|
|
not sure if you guys already heard, but poloniex will require personal info and introduces new stricter withdrawal limits from 20th may onwards. (they also introduced margin trading today)
I wonder how this will influence the price/liquidity short term.
that would totally defeat the purpose of monero, wouldn't it? No it does not. Install GNU/Linux and keep your moneroj on your own computer under your own control. I would like to buy a new Windows box and hold Monero there in cold storage. I have no interest in learning Linux. Is there a 'for dummies' guide to applying a graphical Windows shell to moneroj? Forgive my ignorance. MoneroX exists, so you can have a "windows shell" for monero. Also, cold / paper storage is really easy to set up. You can do it with your current windows box. Disconnect your PC from the net (unplug or disconnect wifi) Run simplewallet. Make a new wallet file. Copy down the word see mneumonic thing (on paper). make the password something ridiculous - just mash the keyboard. Copy the wallet address into some other file. Then delete all of the files associated with the wallet. The only benefit to doing a cold-storage wallet with a live-linux setup is that, technically, those files are still on your hard drive... using the live linux CD prevents this from happening. Or you could find a "secure erase" thing to delete those files. Also, Ubuntu is reeeaalllly easy. It looks like windows. No real need to do that, javascript can generate these accounts a dime-a-dozen.
|
|
|
sound like a bad joke but looks like everyone on polo needs to register lol we need a new xmr exchange i think Yup rip Poloniex, I'm moving all my funds asap off this irs watchdog... This is so insane... please elaborate on the legality of this for a crypto exchange? Didn't Poloniex just take a quantum leap into a whole new world of regulation? Is it US based? Yes Poloniex has always been open about being US based. Can someone summarize what has actually happened? They enabled margin trading and lending, similar to bitfinex. Along with that they asked everyone for "Level 1" verification, where they ask for your first and last name and country of origin. I do not know if they have any checks (IP for example) to verify the information you enter. They have no present way of verifying your name, as far as I know. This is for withdrawing up to $2,000 daily; for greater amounts, they require more verification (address, etc). You can see this here: https://poloniex.com/profileIt should be noted that Poloniex is US-based. I think this news is "ok" for XMR, but we need an "anonymous" exchange (with volume) in addition to Polo now.
|
|
|
no one living in some vanilla jurisdiction and wants to start a xmr dice/casino service? btw xmr and me are celebrating first wedding day today - not the easiest marriage but you know what people tell about feisty marriages safedice will be offering the possibility to play/invest xmr "soon". can't give you any eta, since I'm not the one coding. additionally there is still the question how the cold wallet will be handled or better how to proof the reserves claimed (since there is no viewkey implementation yet). I didnt really like the workaround ccd used, so happy to hear any better ideas. I already have an idea, but it is not perfect given the jurisdiction I'm located at. Please note: I'm neither running nor owning the site. I was/am just an early investor who convinced the admin to go down the xmr route. I have a rough version of viewkey working (by individual output only at the moment). I'm still working out some (a lot) of the finer details. I thought onemorexmr had a viewkey thing working. It was incredibly slow - he forked it from someone else in #monero-dev. No idea. I'm not trying to create something that scans the entire blockchain for outputs (that's a job for Simplewallet), rather selectively decodes by output (and soon by TX) on an offline basis, using information from the block explorers for example. Ok so I can now accept a TX hash, viewkey, and public address and return which, if any, outputs are yours. If shitaifan2013 can pass all (or most) of the holdings in 1 tx, then it's pretty easy to prove that he (or the site) owns them. Otherwise I'd have to have every TX that's his and a bit of code to do it. Edit: it's still not ideal of course, because he could later spend those outputs.
|
|
|
A standard derivation from (14 or 7 + 7 base58 characters --> seed) is not defined as of yet; I have a few ideas/concerns on how it could be implemented. Keep in mind it's basically a cold wallet where part of the secret is engraved on the coin - you'll need to have a passphrase (or at least a pin) too.
|
|
|
After reading your post it occurred to me that the fat blob con artist who ran Mintpal could conceivably have been behind many of the scam coins it listed. I assumed he only got away with the Bitcoins he stole from peoples accounts, but he could have ripped people off for far more if he was a "dev" behind multiple coins. We always had to trust Mintpal's voting system fairly decided which coin to list next, but it might have been fixed
Wasn't he a relatively recent arrival though? I remember Mintpal being a fine exchange once upon a time. If I remember rightly Mintpal con boy's notoriety started with Doge. The creator of that may have turned out to be a shrill knob, but he wasn't a con artist or that guy. This thread dated July 28 says Mintpal had been sold to Moolah. The Moolah owner seems to have disappeared in October, which gave him two months to do anything he liked. I remember the switch to the new v2 website took a long time and was a total disaster, but he must have had a window of time in which he could have listed some of his own scam coins. https://bitcointalk.org/index.php?topic=714650.0 http://siliconangle.com/blog/2015/02/23/mintpal-scammer-ryan-kennedy-arrested-in-u-k-over-theft-of-3700-bitcoins/
|
|
|
Let me put the emissions thing another way. The coin is supposed to be cheap at this point. It is barely used, technology isn't mature or highly usable, and merchant support is essentially nonexistent. Why anyone expect otherwise?
The purpose of PoW distribution is to continually dump coins on the market so that any sustained price rises are credible evidence of strong and sustained demand. It is the opposite of a closely held coin with no ongoing preprogrammed distribution where for example two insiders can trade coins between each other at whatever price they want. (Distribution to existing coin holders as with PoS doesn't count, that is just inflation.)
It's the same with Bitcoin BTW. It got pumped by China and maybe Willie to 1000+ USD but the relentless drip, drip, drip of 3.6 million USD per day being dumped on to the market by a preprogrammed selling process eroded the ability of of hoarders and pumpers (and deadbeat bots?) to keep the price up. Now we are below 1 million USD per day and that level of demand, at least, seems to be there (as evidenced by the past few months of price stability).
This is not a bad thing at all. It means people looking to get into Bitcoin (or Monero) now have a more realistic and sustainable entry price. They have less to fear from buying into a bubble and being left holding a bag than if they faced the prospect of buying at 1000 (BTC) or 0.01 (XMR).
Most people in the world do not own BTC or XMR. The preprogrammed mining/dumping serves to represent their interests, as opposed to a few tulip bulb (or "golden donkey") buyers trying to get rich quickly.
Excellent description of PoW distribution. The rate of distribution can have significant effect. Speaking of which, I've lost my link of a Monero distribution chart I thought I had bookmarked. It was just a table showing predicted disbursements going forward to the inflection point where they stop decreasing. If anyone has any idea what I'm talking about could you please re-link? Thank you. https://docs.google.com/spreadsheets/d/1qXi7zUSIh7F6UuSuhOryyFbHEy_LJuym3I3neAga_2s/edit#gid=239466694Hey, cool, someone's using this! <whining>(I feel like I should get a brief mention, at least.)</whining> sorry I didn't know, I have it bookmarked it here its very useful thanks. It's really not an issue; I posted it a while back and got exactly 0 responses or comments AFAIR, so I figured it must be pretty worthless (though I thought it was kinda neat).
|
|
|
Let me put the emissions thing another way. The coin is supposed to be cheap at this point. It is barely used, technology isn't mature or highly usable, and merchant support is essentially nonexistent. Why anyone expect otherwise?
The purpose of PoW distribution is to continually dump coins on the market so that any sustained price rises are credible evidence of strong and sustained demand. It is the opposite of a closely held coin with no ongoing preprogrammed distribution where for example two insiders can trade coins between each other at whatever price they want. (Distribution to existing coin holders as with PoS doesn't count, that is just inflation.)
It's the same with Bitcoin BTW. It got pumped by China and maybe Willie to 1000+ USD but the relentless drip, drip, drip of 3.6 million USD per day being dumped on to the market by a preprogrammed selling process eroded the ability of of hoarders and pumpers (and deadbeat bots?) to keep the price up. Now we are below 1 million USD per day and that level of demand, at least, seems to be there (as evidenced by the past few months of price stability).
This is not a bad thing at all. It means people looking to get into Bitcoin (or Monero) now have a more realistic and sustainable entry price. They have less to fear from buying into a bubble and being left holding a bag than if they faced the prospect of buying at 1000 (BTC) or 0.01 (XMR).
Most people in the world do not own BTC or XMR. The preprogrammed mining/dumping serves to represent their interests, as opposed to a few tulip bulb (or "golden donkey") buyers trying to get rich quickly.
Excellent description of PoW distribution. The rate of distribution can have significant effect. Speaking of which, I've lost my link of a Monero distribution chart I thought I had bookmarked. It was just a table showing predicted disbursements going forward to the inflection point where they stop decreasing. If anyone has any idea what I'm talking about could you please re-link? Thank you. https://docs.google.com/spreadsheets/d/1qXi7zUSIh7F6UuSuhOryyFbHEy_LJuym3I3neAga_2s/edit#gid=239466694Hey, cool, someone's using this! <whining>(I feel like I should get a brief mention, at least.)</whining>
|
|
|
I have a question about GBTC: If you buy a share, can you convert it to real bitcoin? (Maybe it sounds stupid, but I think it's important and not obvious because of this trend with "advanced trading assets" and other shit talk) EDIT: And I support "The List" 100%! That's what I believe too. That if you actually buy a share you actually buy the equivalent BTC amount. I don't have an account there, but I believe there should be an option to get your BTCs out if you'd like... 1 share doesn't continually represent .1 BTC, as there are fees. You can redeem in baskets of 100 shares (though I saw in one place that the "Authorized Participant" is not accepted redemption requests right now).
|
|
|
I have an old wallet that had a bunch of dust transactions from early mining, plus a bunch of small transactions (mostly 0.5 XMR) from later mining, plus some big transactions from exchange payouts. Now, I decided to move it all to a new wallet, to consolidate the dust and small transactions, and also have the mnemonic seed. I couldn't send it all as one transaction, and had to break it up into about ten different transactions. No problem.
However, at the end, I have about 3.5 XMR that wouldn't send at all as the transaction fee(s) would be too large. I think this is the dust. Now I know 3.5 XMR is not a lot, but will dust be forever useless/unavailable? Is this a fungibility problem? It seems these 3.5 XMR are not as good as (interchangeable with) another 3.5 XMR.
Is there any way to consolidate Monero dust into Monero nuggets? Cheers, Q
Yes, that is the dust from pools problem, which was fixed long time ago. You have two options: 1) send them with mixing of 0 in smaller chunks to another wallet of yours. Use the biggest it lets you - 0.5 or 0.2 XMR or whatever. 2) wait monero to go to the moon and then the fees for 1) should be much smaller. *note that if you wait and cleaning old dust change happen (GingerAle:"maybe perhaps cleans up old dust.") you'll probably lose all the dust. And, you'll pay a significant portion as fees. It might just be a matter of whether you want the miners to get it, or nobody.
|
|
|
Yes, it is. It's intriguing to me on it's own right, but I really got into it for a specific as-of-yet-unnamed reason. Your deep and everlasting affection for fluffy ponies? I've been discovered! So much for the "as-of-yet-unnamed part.
|
|
|
There are no tools that implement the view key. We know it does work as it is used by the back end of MyMonero. I think luigi1111 said he was working on something, maybe others too. I guess I still don't understand. Why would Riccardo put the view key there, if it takes some specialized knowledge/setup to use it? I would rather that is not really advertised if it doesn't work and can't even be tested in at least simplewallet for instance. I see it as more like a sign of good faith I guess. "When this is implemented in a better fashion you'll be able to see the funds we receive and have received." Yeah, I suppose. I guess that is another perspective on it. Thanks for your work in trying to implement it. It really is a very interesting aspect of Monero. Yes, it is. It's intriguing to me on it's own right, but I really got into it for a specific as-of-yet-unnamed reason.
|
|
|
|