Lots of posts deleted because they were not technical.
So pretty. I haven't any useful input on fees. What do people think about serialized stealth payment IDs versus unique spend keys with single viewkey?Edit: try to keep up!  Edit2: maybe you should change title to "[XMR] Monero Improvement Technical Discussion" or something. I don't understand .....' good idea on the thread title change. The new Bytecoin "breakthrough", where they're "depreciating" payment IDs. It is a potential solution, and I'd be really interested in seeing an actual cost analysis instead of generalities. The idea is to have one view key with multiple spend keys. That gives you multiple public keys (addresses) where half is common and half is unique. This allows scanning for all of these addresses much more quickly than scanning for completely different addresses (for the use case of an exchange or web wallet where each user has his own address -- instead of the current practice of one exchange address plus payment IDs). Yes indeed. Sorry, I didn't really mean to come across as snarky (not sure if I did). Neither of these change any consensus rules in any way, they're just attempts to recommend standards for recipients to differentiate payments. |
|
|
|
Lots of posts deleted because they were not technical.
So pretty. I haven't any useful input on fees. What do people think about serialized stealth payment IDs versus unique spend keys with single viewkey?Edit: try to keep up! Edit2: maybe you should change title to "[XMR] Monero Improvement Technical Discussion" or something. I don't understand .....' good idea on the thread title change. The new Bytecoin "breakthrough", where they're "depreciating" payment IDs. It is a potential solution, and I'd be really interested in seeing an actual cost analysis instead of generalities. |
|
|
|
I don't think Monero is for me, I prefer transparant coins, imagine if the tax agency demands proof of your transactions for example...
If a tax agency demands proof of your transactions, you can provide your viewkeys (either for your address, or per-transactions), so you can decide what to reveal or not. There is the real power, it's private by default, but public on demand. You probably didn't know viewkeys existed? You probably don't know much at all in fact. Better read a bit before posting irrelevant "conclusions". Not only view keys (which are kind of a blunt instrument because they reveal every payment, when proof of every payment might not be needed), but you provide other evidence (for example receipts) the same way you would do for cash or any other payment system that doesn't have a public ledger. The idea that tax systems need all your transactions visible to the world in a public ledger like Bitcoin is absurd, since Bitcoin has only existed for 5 1/2 years. Tax systems (and public accounting generally) have existed a bit longer than that. EDIT: It looks like there is discussion about having multiple view keys, so there could be more control here https://www.reddit.com/r/Monero/comments/3f9nej/i_want_more_viewkeys/So much this. "OMG, where did this cash that my customer used to buy a banana come from?!?" "How will I ever have a record of this sale without a public ledger keeping track of it?" |
|
|
|
Lots of posts deleted because they were not technical.
So pretty. I haven't any useful input on fees. What do people think about serialized stealth payment IDs versus unique spend keys with single viewkey? Edit: try to keep up! Edit2: maybe you should change title to "[XMR] Monero Improvement Technical Discussion" or something. |
|
|
|
--Monero's TPS is unbounded (currently 1,600 TPS).
Monero at 1,600 TPS would probably consume all of the whole world's internet bandwidth. No that doesn't sound right. I don't know what an "average" transaction's size is, nor what it'll be in the future if/when there's more use, but let's say 10kB just for fun (sample real TX that's probably larger than average: 30 inputs @ mixin 4, 5 outputs; size: 11481 bytes). 10 * 1,600 / 1024 * 8 = 125 Mbps It's not trivial, that's for sure. In addition all those 1,600 transactions are first received by you, then you broadcast them to all the peers you know, and then receive the block containing the same transactions, and later send those blocks to other peers downloading the blockchain. Total bandwidth usage is probably somewhere around 1 Gbps for every peer. "are first received by you": yes, let's say you need 50 Mbps after my new math. "then you broadcast them": on average it should be one time, I think. "then you broadcast them": you shouldn't re-download data you already have (though it may work that way now). "send those blocks to other peers downloading": this is a rather limited case that doesn't happen that often. All told you might need 100-200 Mbps of bandwidth (synchronous). No one is saying 1,600 TPS is practical *right now* (or at least, they shouldn't be saying that). The number was based only on i7 processing speeds. One could instead say: TPS is limited in CN mostly by processing and bandwidth speeds, NOT the protocol. With BTC limited by the protocol to around 3 TPS, it's still a major distinction, whatever "practical" speeds CN can achieve on today's hardware and bandwidth. |
|
|
|
--Monero's TPS is unbounded (currently 1,600 TPS).
Monero at 1,600 TPS would probably consume all of the whole world's internet bandwidth. No that doesn't sound right. I don't know what an "average" transaction's size is, nor what it'll be in the future if/when there's more use, but let's say 10kB just for fun (sample real TX that's probably larger than average: 30 inputs @ mixin 4, 5 outputs; size: 11481 bytes). 10 * 1,600 / 1024 * 8 = 125 Mbps It's not trivial, that's for sure. Edit: after discussion with a dev, we decided on a better average tx size: 3kB (10 inputs @ mixin 3, 10 outputs approximately) This makes the above change to 37.5 Mbps. |
|
|
|
Oh yes, this looks very legit. Thanks. |
|
|
|
What are basic instructions to derive viewkey for an address? Want to be able to keep an eye on cold storage.
It is literally impossible to derive the view key from an address since the address is a public key and a view key is a private key. You need to extract the view key from a wallet that has the private key. One way to do this is to just write it down when the wallet is created. Another is with the viewkey wallet command. I said FOR an address. Not FROM. Easy misread. Thanks for the answer. I don't have the client up and running so just was wondering if it was simply a command or what. *If* your cold wallet is an offline standard XMR wallet.bin (or whatever name), then it's as mooo said: simply start simplewallet and type "viewkey" at the prompt. If you're planning on actually *using* it, the better approach would be "save_watch_only", then bring that wallet copy online. |
|
|
|
A bit of confusion...
In mymonero there is a prompt: Account>
Upon mousing over, there is an option "Review login key", but upon choosing this option there is nothing displayed, but a picture of two overlapping files.
Upon clicking on those nothing happens.
Is there a way to see it (the login key)? Without this you have to enter three keys to access the account.
is it even proper to use the login key to access the account?
Hmm, maybe try clearing your browser cache or using a different browser? When I click that I see a 13-word login key. Could you maybe screenshot it (if there's sensitive data displayed, remove that of course)? |
|
|
|
What are basic instructions to derive viewkey for an address? Want to be able to keep an eye on cold storage.
If it's your own address, you can type "viewkey" in simplewallet. If it's cold storage, he won't be able to do that. Why not ? That's kind of the point of this command: get the view key from the cold wallet, copy it to the less safe machine, and use it there. Or did I misunderstand the question ? Oh, I think the misunderstanding is mine. I was thinking of a paper wallet. |
|
|
|
What are basic instructions to derive viewkey for an address? Want to be able to keep an eye on cold storage.
If it's your own address, you can type "viewkey" in simplewallet. If it's cold storage, he won't be able to do that. I have the tools to do this in an easy way, but you'd want to pull the webpage and use it offline on a one-time install of some sort for maximum security (if using for "real" cold storage). After you've gotten the viewkey, you should be able to import it into simplewallet to watch with --generate-from-view-key argument. (PM me if you want to use the site; I don't want it too public yet) |
|
|
|
Except that I can't reply in any threads on https://forum.getmonero.orgI used to be able to. I can start threads, which I have to let it be known I am having issues. Now waiting, it's all I can do. I see your thread there; since you can't respond there, I'll ask here: Have you tried a new user account or different PC? Those seem the most obvious isolation ideas. |
|
|
|
My question isn't really answered yet:
how can a spectator know that the image key is associated with at least on of the inputs in the transaction?
See the whitepaper section 4.4, step VER. thx, will reread it more carefully  Yes indeed, was going to point you there, but hadn't refreshed forum in a while (so smooth already answered). edit2: the transaction private key is never used, am I right? It's only used to calculate the transaction public key?
It is used, but only by the transaction creator. It's how they create a "shared secret" with the receiver. ECDH(receiverViewPub, txPriv) == ECDH(txPub, receiverViewSec) |
|
|
|
just write a narrative of the diagram following the numbers. I've never tried this, here goes
1. from the blockchain, a transactions public key is mashed together with a random number
2. a specific output is used
3. bobs private key is used
4. the above three things are mashed together into a private key
5. another random number mashes with a public key
6. number 5 gets mashed with the following
and I got lost and im at work and peeps gettin coffee.
Well, no, that's not really how it works. 1. For the sender, a random transaction private key is chosen. 2. The sender does a ECDH with this private key and the receiver's public view key. 3. From that derivation and an output index, he is able to use the receiver's public spend key to create a one-time output public key for which only the receiver will be able to generate a private key. To generate this private key: 1. The receiver does an ECDH with his private view key and the public transaction key (from tx extra) 2. From this derivation (which matches exactly that from step 2 above), the receiver does the same as step 3 above. 3. If his result matches, he knows he owns the output. He can then use his private spend key to generate the corresponding output private key (to actually spend the output). I figured as much, but that was my point - the diagram is not very helpful for those of us that are all like "my compooter gone did done some mafs" Thank you though! - the above is short and sweet, but dnaelor's actually matched up with the diagram numbers. And yes, one of those "floating hand draws and some guy talks" animation things would be cool Yes, I was only covering the stealth address portion, which, IMO, is harder to "get" than the ring signature portion. dnaleor's covers the full transaction, but also isn't quite correct. The graphic doesn't really explain stealth addresses at all, so the first part of this is basically inline, but I've added a bit to it anyway. let me give it a try Bob wants to spend XMR he received in his account and send it to Carol. How does he compose the transaction? A: Bob gets acces to his "real input" that was send to his "stealth address" 1. Bob needs the public key from the transaction that contains the output he received and wants to send - Bob needs to ECDH this key with his private view key2. Bob also selects the exact number of the output from the transaction that contains the output he wants to send. The other output(s) in this transaction is/are change (Bob doesn't have the private key for those other outputs) Note: typically, due to auto-denomination, Bob will have more than one output per transaction that belongs to him.3. Bob needs the "master" private key of his account - private spend key, to be precise4. 1,2 and 3 are used to calculate the private key for the specific output he wants to send. (the public key for the transaction can be calculated from this private key - This is correct, but the public key is also stored on the blockchain.) B: to protects Carol's identity, Bob will do the folowing to generate a "one time" public key for this transaction, making it impossible for others to link all transactions send to Carol to the same "stealth address" 5. Bob generates a random number scalar, this one isn't clear from the graphic at all6. this random number is hashed into the transaction public key the transaction private key, and is scalar mult'd into the transaction public key 7. he selects the number associated with the output s (due to auto-denom) that Carol will receive, the other output(s) is/are change that goes back to Bob. 8. he needs the "master" public key from Carol to be able to send it to her stealth address - Carol's public view key9. 6,7 and 8 are used to calulate the public key for the specific output s he wants to send C: to "mix" the inputs, Bob creates a ring signature 10. He selects the actual public key (+ that output's private key) from the output he wants to send, but he also adds other public keys into the mix. 11. to prevent double spending, Bob needs to send a valid "key image" together with the public keys of the outputs (or inputs if you prefer). 12. he signs the combination of inputs and the key image with his private key, prooving the key image is valid (Bob owns the private key associated with the key image) and that (somehow? I don't know how this works) one of the public keys is used to generate this key image, but as a spectator of the blockchain, we can't know which of the used outputs is "the real one that is being transferred". His private key and the other chosen public key(s) are used to create a ring signature; they'll be one signature for each input, collectively making a ring signature. The key image is an additional public key computed from the output private key (not public key) that's actually being spent.13. This is the collection of outputs that is signed. He grabbed the "fake ones" from the blockchain. He doesn't need permission from the owners for that. This isn't quite right: those are the outputs that are doing the signing. A hash of the TX prefix is "what" is actually being signed.14. This is the key image he signed. If Bob ever tries to send the same output again, the exact same key image will be generated and thus the double spend will be detected. 15. this "ring signature" is added to the transaction containing the publi keys that are used in the transaction and proving Bob's ownership of one of those inputs. tell me if I was terribly wrong  edit: damn it, luigiiii is faster than me  |
|
|
|
just write a narrative of the diagram following the numbers. I've never tried this, here goes
1. from the blockchain, a transactions public key is mashed together with a random number
2. a specific output is used
3. bobs private key is used
4. the above three things are mashed together into a private key
5. another random number mashes with a public key
6. number 5 gets mashed with the following
and I got lost and im at work and peeps gettin coffee.
Well, no, that's not really how it works. 1. For the sender, a random transaction private key is chosen. 2. The sender does a ECDH with this private key and the receiver's public view key. 3. From that derivation and an output index, he is able to use the receiver's public spend key to create a one-time output public key for which only the receiver will be able to generate a private key. To generate this private key: 1. The receiver does an ECDH with his private view key and the public transaction key (from tx extra) 2. From this derivation (which matches exactly that from step 2 above), the receiver does the same as step 3 above. 3. If his result matches, he knows he owns the output. He can then use his private spend key to generate the corresponding output private key (to actually spend the output). Edit: this is just stealth addresses, and has nothing in particular to do with the flowchart; I kinda missed that part of GingerAle's post. |
|
|
|
hey i think you mix two differen things up: he was asking for RPC documentation. This means he just want to see a place where he can see what parameters he has to give to a function and what he will be getting back. the best solution to do this IS looking inside the code, since even people that can not code could read it if they know what they are looking for. the thing you are talking about is documentation about cryptonode internal functionallity like ring signatures, stealth addresses etc. i agree documentation on this things are not good enough for the common public, but this was not the right way to bring this issue up since smooths answer was the best one to give. how to deal with it? the funding page needs more content anyway and people at monero forum are trying to define a work package for the "monero about" page ( https://forum.getmonero.org/7/open-tasks/346/about-monero-page-content). this would be the right way to go if your intention to change this should bear fruits one day . maybe we could inculde it there ? the problem is, there are not a lot people who really know how all this works. only the devs can make such graphs I wouldn't say *only* the devs, as I'm not a "dev", but have a pretty decent understanding of how it all works. |
|
|
|
As a matter of fact where can I get a list of all the code that is now "All quite readable"? I can't believe there isn't even a simple flowchart or block diagram available. I'm starting to think this project has forgotten what open source stands for. I under stand the inherited code was intentionally obfuscated but I am not seeing any efforts to remedy this in a "Open way", Or maybe I just don't have the skills to find this information as I stopped programming before Github existed and everyone thinks if it's there in any form then it is open. If I throw a pail of water into the ocean I can't say it's accessible. As you can tell I'm getting a bit frustrated at these off the cuff comments "Go look at the code it's there". This is the shit that raised red flags. I understand the desire to keep information in the insiders club mentality, it's used in financial scams all day long but if this project is ever going to be adopted then these issues need addressing. This is the only graphical representation I've been able to find and I'm not sure if it's correct.  Yes, that looks correct. It looks hard to parse if you don't already understand what's going on though (to me). I'm not sure it's actually possible to put it together in an easy-to-understand way for "noobs". Edit: and has nothing to do with RPC commands at all, as medusa13 points out. |
|
|
|
Hold shift and right-click on folder and select "Open command window here".
A very useful trick that I can never remember when I need it. Maybe writing this will finally fix it in my mind.. It is very helpful for "cmd noobs" because they don't have to worry about finding the right directory, etc. Nice, Never knew that. When was it added? I always added it to the right click menu. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt] @=”Command Prompt:” [HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt\Command] @=”cmd.exe /k cd %1″ At least since Vista. I don't feel like digging up an XP machine ATM, but I *think* it has it as well. Never used vista, probably why I missed it. I'll check XP l8r. Thx. Just checked, this is not an option for XP. Well there ya go. Stop using old, no-longer-supported OSes. |
|
|
|
Hold shift and right-click on folder and select "Open command window here".
A very useful trick that I can never remember when I need it. Maybe writing this will finally fix it in my mind.. It is very helpful for "cmd noobs" because they don't have to worry about finding the right directory, etc. Nice, Never knew that. When was it added? I always added it to the right click menu. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt] @=”Command Prompt:” [HKEY_CLASSES_ROOT\Directory\shell\CommandPrompt\Command] @=”cmd.exe /k cd %1″ At least since Vista. I don't feel like digging up an XP machine ATM, but I *think* it has it as well. |
|
|
|
|
Show Posts
