CryptoNote technical discussion and Chess Challenge

[boolberry]

4 votes for Kf2: XMRpromotions, ArticMine, 8XMR, LucyLovesCrypto

Current position
Based on the votes in this thread Team Monero has chosen to play Kf2. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

Team Monero (white pieces) vs. Team Boolberry (black pieces)
black to move


Game PGN:

Code:

1.e4 c5 2.Nf3 d6 3.d4 cxd4 4.Qxd4 a6 5.c4 Nc6 6.Qe3 g6 7.Nc3 Bg7 8.Be2 Nf6 9.O-O O-O 10.h3 Nd7 11.b3 Nc5 12.Bb2 f5 13.exf5 Bxf5 14.Rad1 Qa5 15.Rd2 Rf6 16.Nd5 Re6 17.Qf4 Ne4 18.Bxg7 Kxg7 19.Rb2 Nc3 20.Nd4 Re5 21.Bf3 Nxd5 22.Bxd5 Qc3 23.Nxf5+ Rxf5 24.Qd2 Qxd2 25.Rxd2 Rb8 26.a3 e5 27.Be6 Rf6 28.Bd5 Nd4 29.b4 b6 30.Rb2 g5 31.a4 Rff8 32.Rfb1 Rfc8 33.f3 Kf6 34.g3 Rc7 35.Rf1 Nf5 36.Kf2

[1713998465]

1713998465

[1713998465]

1713998465

[boolberry]

Ne7: boolbery

[newb4now]

Ne7: boolbery

1 vote Ne7: boolberry
1 vote h5: newb4now

[newb4now]

Informative post on RingCT:

Ring Confidential Transactions as defined and outlined in Shen Noether's RingCT pdfs

My Goal of this thread is to simplify RingCT and its definition as much as possible so others can understand it (including myself)

Disclaimer: I am just a curious mind. I do not pretend to know anything about RingCT and its underlying math/proofs/defintions. I am merely a curious soul trying to understand how this all works. I welcome any and all discussion directly related to the topic of this thread. IF I HAVE WRITTEN SOMETHING WRONG OR INCORRECTLY PLEASE POST OR PM ME ABOUT IT SO I CAN CORRECT IT.

Latest version: https://github.com/ShenNoether/MiniNero/raw/master/RingCT0.5_copy.pdf

This paper is very math heavy and some variables are defined and some aren't.

Hopefully after discussion there can be more clarity on the math that is used within.


Preface/Purpose:

Currently in Monero amounts that are transferred are public to view. Ring CT is an attempt to obfuscate the amount of a transaction (and all of its inputs and outputs) to add more transactional privacy.


Definitions:

MLSAG - Multilayered Linkable Spontaneous ad-hoc group signatures

E - an elliptic curve equation; −x² + y² = 1 + dx²y²;

q: a prime number; q = 2²⁵⁵ − 19

d = -121665/121666

P_j = xG = Public Key

G = Ed25519 base point

l: a prime order of the base point; l = 2²⁵² + 27742317777372353535851937790883648493 =~ 7.25 x 10⁷⁵

x = signer's spend key

I = xH(P_j) = Key Image (unique - no copies/duplicates allowed)

H = hash function returning a point (in practice toPoint(Keccak(Pk)))

h = hash function toScalar(Keccak(Pk))  <---- can take multiple parameters concatenated

m = message

α, s_i, i =/= j, i ∈ {1,...,n} are random values in Z_q (the ed25519 base field)
s_j = α − c_j·x mod l
α = s_j +c_j·x mod l

L_j = αG = s_j·G + c_j·P_j <---- Intermediate value if i = s

R_j =αH(P_j) <---- <---- Intermediate value if i = s

c_j+1 = h(m,L_j,R_j) or  A.K.A. "non-interactive challenge"

σ = (I,c₁,s₁,...,s_n) = Signature

Key Vector = the collection of all public keys Y = (y₁,...,y_r) and corresponding private keys X = (x₁, ..., x_r)

Generalized Ring = [P_ij] where i = 1,...,n and j = 1,...,m = n-members and all of which have EXACTLY m-keys




<Other heading not sure what to call it lol>

1. What I've deduced from reading up until page 6 is that the idea of obfuscating amounts will be accomplished with
"mixing" with n signers that have the same amount of m keys.



2. Also noticed that the equations are recursive mod n. If you don't know what that means that means that for example define the following:

L_j = s_j·G + c_j·P_j

c_j+1 =H(m,L_j,R_j)

Since L_j is part of the definition of c_j+1  and c_j is part of the definition of L_j that is the definition of recursion. A function/equation calling itself within its definition.

The mod portion is the remainder of a division (example: 5 mod 3 = 2).

In the context of this paper c_n+1 = c₁ AND c_n+2 = c₂...and so forth, because (n+1) mod n = 1 and (n+2) mod n = 2


s_j = α − c_j·x mod l
α = s_j +c_j·x mod l


3. With a single c_i value, the P_j values, I (key image), and all the s_j values...

... all other c_k values can be deduced while k =/= i.

This provides space saving of about 1/2 the space/size when creating the signature. <------ is this part of Compact CT?

The signature therefore is:

σ = (I,c₁,s₁,...,s_n)


<more to come>



Elliptic-curve overview:

Example #1 with d = 30:

x² + y² = 1 - 30x²y²



Center of the curve is point (0,0) for reference.




Example #2 using the actual curve E as defined above:

<-------- Actual Ed25519 curve used in Monero/cryptonote



As you can see above in the blue is the curve of the equation in the image above it. Here is the site where the graph was generated https://www.desmos.com/calculator/ialhd71we3

Just paste the following into a new Elliptic curve line on the left:

-x^2\ +y^2\ =\ 1\ +\left(\frac{\left(-121665\right)}{121666}\right)x^2\cdot y^2

Question: Why do you only show the graph from -7.25x10⁷⁵ to 7.25x10⁷⁵ on the x-axis?

Answer: Because l as it is defined 2²⁵² + 27742317777372353535851937790883648493 =~ 7.25 x 10⁷⁵

Because we mod the base point G by l in our computations this why the graph essentially "ends" at those points.





Example #3
Now if you play with some of the values on that site you can get a different modified curve that doesn't just look like two parallel lines just to get a gist of how elliptic curves look like when you slightly modify the values:







Example #3
And modifying it one more time you get:







Helpful resources:

ECCHacks - A gentle introduction to elliptic-curve cryptography [31c3]

Online Elliptic Curve Points Graph Generator

Will be editing OP to add more information as I am able to digest it in my limited capacity brain. 

[Rias]

The real world doesn't work that way. Business collaborate one day and compete the next (or even the very same day). Even when collaborating they don't want to share all information, and certainly not with every member of a group. To control access to information once access to the blockchain has been granted at all, privacy features are needed.

...

There are multiple choices for what level of privacy and sharability a permissioned blockchain may have in an actual company. Not in technology terms, but in business process rationale. Certain blockchains may not be accessible by a competing/cooperating company at all, just like you are not giving away the direct access to your database/CRM.

The time will show the corporate blockchain use cases, but I do see your point though. I believe I have to refine what I've been saying. Permissioned blockchains will need the privacy features to define the level of data access for the participants. However, this doesn't have much to do with the zero-trust privacy. This may have more to do with centralized privacy and centrally assigned roles.

Honestly, I haven't given much thought to the potential architecture of such a solution. It may well not be existing, or it might have a semi-centralized form (masternodes, anyone?). However, intuitively I'd say that ringsig is a clumsy option in this case.

There's a brighter side to my original post if you wish: focus on the bigger commercializable issues.

...
Hide Data, Not IP

...

So the government can still identify who is making those transactions and compel you to reveal your private keys or face the gulag, but in the normal use of the public block chain privacy is retained (to the extent it doesn't leak into non-hidden layers but that is the current world situation any way, so no worse).

...

Mix Data, Not Identity

I believe I'd agree with you on the theory. However, I'm still not sure how it may take off in the real world. IMO the discourse is utopian. I'll need some time to think it over.

So, are you out of Bytecoin now (i.e. own none), Rias? Just curious.
Cheers, Q

I own some BCN. Partly, because I still believe it to have potential (waiting for the roadmap to be executed).

[dre1982]

2 votes Ne7: boolberry, dre1982
1 vote h5: newb4now

[galdur]

2 votes Ne7: boolberry, dre1982
2 votes h5: newb4now, galdur

[funnyman21]

This might not be an issue at all, but gmaxwell seems to imply here that there might be a vulnerability in the way segregated witness is implemented in BBR:

https://www.reddit.com/r/Bitcoin/comments/3vq8hm/multiple_new_bip_proposals_coming_up_on_day_2_of/cxpxi5t

Is this something to be worried about? Does it potentially impact other CryptoNote coins or just Boolberry?

[funnyman21]

2 votes Ne7: boolberry, dre1982
2 votes h5: newb4now, galdur

2 votes Ne7: boolberry, dre1982
3 votes h5: newb4now, galdur, funnyman21

[TPTB_need_war]

P.S. my thanks to languagehasmeaning for sharing some insights into how he processes the information in chess. That may help me in the future. I've filed it away in my repository (reservoir) of datums/models that I draw off for epiphanies and insights. I'll give it some more thought when I have the down time and/or inspiration.

The real world doesn't work that way. Business collaborate one day and compete the next (or even the very same day). Even when collaborating they don't want to share all information, and certainly not with every member of a group. To control access to information once access to the blockchain has been granted at all, privacy features are needed.

...

There are multiple choices for what level of privacy and sharability a permissioned blockchain may have in an actual company. Not in technology terms, but in business process rationale. Certain blockchains may not be accessible by a competing/cooperating company at all, just like you are not giving away the direct access to your database/CRM.

The time will show the corporate blockchain use cases, but I do see your point though. I believe I have to refine what I've been saying. Permissioned blockchains will need the privacy features to define the level of data access for the participants. However, this doesn't have much to do with the zero-trust privacy. This may have more to do with centralized privacy and centrally assigned roles.

Honestly, I haven't given much thought to the potential architecture of such a solution. It may well not be existing, or it might have a semi-centralized form (masternodes, anyone?). However, intuitively I'd say that ringsig is a clumsy option in this case.

There's a brighter side to my original post if you wish: focus on the bigger commercializable issues.

Smooth's post (included what is not quoted above) was astute and resonated with my point that private block chains are like closed source. The end-to-end principle applies again in spades. We all want to leverage the same infrastructure (e.g. TCP/IP) and independently run a myriad of applications on the ends, which is enabled because the intermediary infrastructure is agnostic to our applications. I mentioned this concept in my recent white paper on DDoS and footnote [8] in that paper. In short, there are virtually unlimited (much more than "multiple choices") degrees-of-freedom when the base infrastructure is agnostic to the use built on top of it.

This is why I believe privacy that can be done by the end applications will trump permissioned block chains. Sorry to James Dimon, IBM, and Blythe Masters. I will relish the day that James Dimon realizes that his money is a depreciating asset in our Knowledge Age.

However the network layers of the internet are not responsible for maintaining a global unified consistency, but a block chain does. Thus the network layers of the internet have no problem trading off consistency and access of the CAP theorm, in exchange for not losing functionality (that is promised by the network transport layer) during partitioning. Whereas, during partitioning a block chain loses the promised functionality of preventing double-spends globally.

But in reality the internet doesn't function well when partitioned. This why for example popular services (e.g. Google, Facebook) have server nodes all over the globe (which is very evident to me when our trunk line from Philippines is down yet I can still access Facebook and Google and the local inquirer.net but not most other sites). I think it is likely the world will build the same redundancy for block chains. For example one of the designs I've toyed with is that using efficient hash tables we can communicate between partitions the double-spend conflicts without needing to transfer the entire block chain between partitions.

...
Hide Data, Not IP

...

So the government can still identify who is making those transactions and compel you to reveal your private keys or face the gulag, but in the normal use of the public block chain privacy is retained (to the extent it doesn't leak into non-hidden layers but that is the current world situation any way, so no worse).

...

Mix Data, Not Identity

I believe I'd agree with you on the theory. However, I'm still not sure how it may take off in the real world. IMO the discourse is utopian. I'll need some time to think it over.

The reason identity anonymity can't be done end-to-end principle (Zerocash almost does it, but as I pointed out there is a DDoS weakness incurred), is because our IP address is an identity that we can't easily detach from ourselves. For all other forms of data privacy, the IP address problem is irrelevant.

With homomorphic encryption, we already know how to hide any state changes that rely on addition and multiplication, e.g. Confidential Values hiding the state change of value transfer because the Proof-of-Sum can be proven in Zero Knowledge.

Zerocash is built on the SNARKs technology which in its Pinocchio variant can hide the state changes of any program!!!

For smart contract data, there need not be a global master key. Each contract type could have a different master setup, but the tradeoff might be that perhaps we couldn't mix data types. I will need to spend more time studying these technologies.

So in theory, there is no data we can't hide. It is the meta-data that we can't hide, but that is the same problem corporations face today even with private data stores, so a public block chain with end-to-end data privacy doesn't make it any worse and it enables much greater degrees-of-freedom as compared to permissioned access chains.

I think the Zerocash and Pinocchio folks need to get busy being able to adapt their technologies to this frontier.

If I get my coin rolling, perhaps I'll be trying to fund them and coax them this direction. Hopefully others will pick up on this idea also. Perhaps some are already working on this direction.

[TPTB_need_war]

This might not be an issue at all, but gmaxwell seems to imply here that there might be a vulnerability in the way segregated witness is implemented in BBR:

https://www.reddit.com/r/Bitcoin/comments/3vq8hm/multiple_new_bip_proposals_coming_up_on_day_2_of/cxpxi5t

Is this something to be worried about? Does it potentially impact other CryptoNote coins or just Boolberry?

All they are saying there is that if you want to prune the signature data, you need to still keep a hash of the signature data in the chain of hashes (of Merkle trees) for the blocks. In other words, you need to still be able to prove which signature signed which transaction, even if you've actually discarded the signature data.

I believe BBR already does the correct thing. And afaik, Monero does not discard signature data, but I could be wrong about that. If they do, I assume they would do the right thing as well.

Any way, I as I read into the proposals more, I realized they are adopting some of the ideas I've had privately, but bolting these onto Bitcoin's legacy limits their flexibility in terms of optimum choices and especially speed to market. Bitcoin is looking more and more like design Rigor Mortis (they even need to abandon ECDSA to totally rectify malleability) and needs to be scrapped and start over again.

Wuille wrote this technical summary in way that can only really be understood by other core devs or experts who have their head deep in these issues. He sounds rushed.

[tifozi]

2 votes Ne7: boolberry, dre1982
2 votes h5: newb4now, galdur

2 votes Ne7: boolberry, dre1982
3 votes h5: newb4now, galdur, funnyman21

3rd vote for Ne7

Ne7: boolberry, dre1982, tifozi
h5: newb4now, galdur, funnyman21

I just saw the thread Lets play a game of Chess. It's fascinating to see @letsplayagame (who I suspect is GM Aronian) interested in crypto (BTC and allegedly aware of privacy focused technologies).

Let's pitch an idea of BTC vs CryptoNote chess match to him

[TPTB_need_war]

A ha! End-to-end identity anonymity is possible!

The reason identity anonymity can't be done end-to-end principle (Zerocash almost does it, but as I pointed out there is a DDoS weakness incurred), is because our IP address is an identity that we can't easily detach from ourselves. For all other forms of data privacy, the IP address problem is irrelevant.

So it would seem that Zerocash is the solution, except read my discussion at the quoted link about anti-DDoS protection. The problem is the huge verification cost for each Zerocash transaction and thus giving the attacker a huge asymmetric advantage when sending invalid transactions, i.e. unprotected Zerocash can be DDoS'ed to death.

And if using my suggested technique to create a hash-based signature as a first line of verification of incoming transactions sent to the block chain, then you've got to incorporate a simultaneity mixnet such as CoinShuffle to detach these hash signatures (and the payee's IP address) from the Zerocash transaction being submitted to the block chain. But then your anonymity is reduced back to the mixnet again so you've lost the benefits Zerocash provides. Perhaps Zerocash could devise a quick check on invalid signatures. I don't enough about the "moon math" in the white paper to deduce whether that is possible, but I 95% doubt it based on my understanding that such NIZKPs are a holistic math affair.

There is a simple solution for DDoS with Zerocash. Use my hash-based signature suggestion on a non-anonymous basecoin, when sending the anonymous zerocash (the Zerocash paper names these zerocoins, not to be confused with Zerocoin) transaction. Since on a spend transaction (aka pour) the anonymous coins are entirely mixed with all anonymous coins, then your IP address and your non-anonymous transactions do nothing to help anyone trace the anonymous coins. And putting the non-anonymous funds at-risk with the fast to verify hash-based signature (3 million verifications per second on an 8 core CPU!), solves the DDoS attack issue.

Alternatively it may be possible to mint the hash signatures in such a way that the anonymous coins are forfeited when doing a DDoS attack, but are still not non-anonymously linked to the hash based public key, instead of needing to use a separate non-anonymous basecoin. This would be preferred for permissionless commerce.

So thus unlike RingCT, no CoinShuffle (mixnet) would be needed. Unlike Cryptonote (and RingCT), Zerocash hides everything because the inputs to the NIZKP are never revealed! This is the advantage zk-SNARKs because it proves that a program compared the inputs in the desired way, without revealing what the inputs were. Whereas in CN and RingCT, we all see the input public key addresses and the proof of which public address is spending is obscured by the mix, but correlating the IP address across mixes can correlate which of those addresses were in both mixes. For CN and RingCT to be as anonymous as Zerocash would require they mix with all known (and future!) public key addresses.

Note that zk-SNARKs are very slow to verify (roughly 300ms for a Zerocash transaction) and consume more bandwidth so this can't be used for all transactions. It would be a mixer that you mint non-anonymous coins into when the slow verification and its higher fees are justified.

Even though I haven't thoroughly understood every technical aspect of it, the other problem with Zerocash appears to be that it can't merge the entirely opaque block chains, e.g. if there are two major chains fork due to a network split. Transparent block chains can be re-merged to the extent that double-spends are not intertwined. The major fault for Zerocash (that is not present for transparent block chains) being that I believe it is not possible to prove which coins were double-spent on both of the block chains. Normally this isn't a problem for an orphaned chain because you just throw away the orphans, but this is perhaps a problem in a major network split.

Apparently I am mistaken. Zerocash coins have serial numbers, so it should be possible to know which serial numbers have been double spent on both forks.

[boolberry]

3rd vote for Ne7

Ne7: boolberry, dre1982, tifozi
h5: newb4now, galdur, funnyman21

We need a tie breaking mechanism. For example one can look at the result before the vote that led to the tie and use that instead.

Current position
Based on the votes in this thread Team Boolberry has chosen to play h5 (by tiebreak rule). Now it is time for Team Monero to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

Team Monero (white pieces) vs. Team Boolberry (black pieces)
white to move


Game PGN:

Code:

1.e4 c5 2.Nf3 d6 3.d4 cxd4 4.Qxd4 a6 5.c4 Nc6 6.Qe3 g6 7.Nc3 Bg7 8.Be2 Nf6 9.O-O O-O 10.h3 Nd7 11.b3 Nc5 12.Bb2 f5 13.exf5 Bxf5 14.Rad1 Qa5 15.Rd2 Rf6 16.Nd5 Re6 17.Qf4 Ne4 18.Bxg7 Kxg7 19.Rb2 Nc3 20.Nd4 Re5 21.Bf3 Nxd5 22.Bxd5 Qc3 23.Nxf5+ Rxf5 24.Qd2 Qxd2 25.Rxd2 Rb8 26.a3 e5 27.Be6 Rf6 28.Bd5 Nd4 29.b4 b6 30.Rb2 g5 31.a4 Rff8 32.Rfb1 Rfc8 33.f3 Kf6 34.g3 Rc7 35.Rf1 Nf5 36.Kf2 h5

[boolberry]

I just saw the thread Lets play a game of Chess. It's fascinating to see @letsplayagame (who I suspect is GM Aronian) interested in crypto (BTC and allegedly aware of privacy focused technologies).

Let's pitch an idea of BTC vs CryptoNote chess match to him

If you are right he is currently busy with the London Chess Classic:
http://www.londonchessclassic.com/

His fiancée (Chess WIM) has a background that also may make her interested in bitcoin:
https://en.wikipedia.org/wiki/Arianne_Caoili

"I’m currently a consultant, mainly with government clients, for a global consultancy firm. My aim is to finish my PhD, but because my work is interesting and great for my career, it is delayed. My doctoral topic is Russian foreign policy, especially its economic and business relations with Armenia on a state and individual level. I am very interested with issues of Armenian economic development."
http://sport.news.am/eng/news/9869/i-am-not-so-stupid-to-play-against-levon-aronian---arianne-caoili.html

Quote about Lev Aronian:
I am sure you know a lot of things about Levon. Can you tell for example about traits of character?

"I think that the most prominent characteristic of Lev (and probably me too) is that he loves to learn. If he is passionate about something he wants to investigate and know everything about it. He also likes learning new things, even if it is a challenge or outside of his comfort zone (like dancing, for example!)."

[boolberry]

This might not be an issue at all, but gmaxwell seems to imply here that there might be a vulnerability in the way segregated witness is implemented in BBR:

https://www.reddit.com/r/Bitcoin/comments/3vq8hm/multiple_new_bip_proposals_coming_up_on_day_2_of/cxpxi5t

Is this something to be worried about? Does it potentially impact other CryptoNote coins or just Boolberry?

All they are saying there is that if you want to prune the signature data, you need to still keep a hash of the signature data in the chain of hashes (of Merkle trees) for the blocks. In other words, you need to still be able to prove which signature signed which transaction, even if you've actually discarded the signature data.

I believe BBR already does the correct thing. And afaik, Monero does not discard signature data, but I could be wrong about that. If they do, I assume they would do the right thing as well.

Any way, I as I read into the proposals more, I realized they are adopting some of the ideas I've had privately, but bolting these onto Bitcoin's legacy limits their flexibility in terms of optimum choices and especially speed to market. Bitcoin is looking more and more like design Rigor Mortis (they even need to abandon ECDSA to totally rectify malleability) and needs to be scrapped and start over again.

Wuille wrote this technical summary in way that can only really be understood by other core devs or experts who have their head deep in these issues. He sounds rushed.

http://boolberry.com/downloads.html
Blockchain proof
Full blockchain for windows(with all ring signatures):
http://boolberry.com/downloads/windows/blockchain_full.bin

[TPTB_need_war]

His fiancée (Chess WIM) has a background that also may make her interested in bitcoin:
https://en.wikipedia.org/wiki/Arianne_Caoili

I was in Manila (at age 27) when she first took up chess there at age 6. That her heritage originates from a developing world economy such as the Philippines and that she emphasizes Levon's trait to see the good in others seems to indicate an idealistic leaning. I am also amazed that a GM would share his time with us and even share some of his inner thought processes with us relative n00bs. Also I noticed his friendly demeanor both in his communications here (if Levon is languagehasmeaning) and also the handshake he did with Magnus Carlsen in a Youtube that I viewed.

Up thread he stated there were still some tricks remaining in this game. And he had advocated moving the rook over to the right side, but the consensus moved the knight instead. I wonder what he foresaw as a possibility? I was observing on that Youtube speed chess match with Carlsen, that Magnus sacrificed a pawn to get move more aggressively with his King and bishop to get behind the front line of pawns of Levon. I wonder if Carlsen could see that a draw was likely and decided to be more creative in hopes of win? I notice that my urge when I dabble in chess if I want to be more aggressive and creative than conservative (but I am not good enough at chess to do it with appropriate consideration). I read that Carlsen doesn't follow any one set of opening strategies and is very creative. Any way, I don't really understand all this. I haven't studied. A lot to think about and I don't have the free time.

[boolberry]

His fiancée (Chess WIM) has a background that also may make her interested in bitcoin:
https://en.wikipedia.org/wiki/Arianne_Caoili

I was in Manila (at age 27) when she first took up chess there at age 6. That her heritage originates from a developing world economy such as the Philippines and that she emphasizes Levon's trait to see the good in others seems to indicate an idealistic leaning. I am also amazed that a GM would share his time with us and even share some of his inner thought processes with us relative n00bs. Also I noticed his friendly demeanor both in his communications here (if Levon is languagehasmeaning) and also the handshake he did with Magnus Carlsen in a Youtube that I viewed.

Up thread he stated there were still some tricks remaining in this game. And he had advocated moving the rook over to the right side, but the consensus moved the knight instead. I wonder what he foresaw as a possibility? I was observing on that Youtube speed chess match with Carlsen, that Magnus sacrificed a pawn to get move more aggressively with his King and bishop to get behind the front line of pawns of Levon. I wonder if Carlsen could see that a draw was likely and decided to be more creative in hopes of win? I notice that my urge when I dabble in chess if I want to be more aggressive and creative than conservative (but I am not good enough at chess to do it with appropriate consideration). I read that Carlsen doesn't follow any one set of opening strategies and is very creative. Any way, I don't really understand all this. I haven't studied. A lot to think about and I don't have the free time.

Tifozi was guessing that letsplayagame (https://bitcointalk.org/index.php?action=profile;u=543579) might be Aronian not languagehasmeaning. Languagehasmeaning appears to be a good player but nowhere near the caliber of the people discussed as possibly being the OP of that thread.  I have never once seen languagehasmeaning claim to be a professional chess player.

I just saw the thread Lets play a game of Chess. It's fascinating to see @letsplayagame (who I suspect is GM Aronian) interested in crypto (BTC and allegedly aware of privacy focused technologies).

Previous list of possible identities that Taras compiled:
https://bitcointalk.org/index.php?topic=1148538.msg12469393#msg12469393

I did the queries , here are the candidates:

2816 Veselin Topalov
2814 Hikaru Nakamura
2808 Fabiano Caruana
2793 Anish Giri
2784 Dmitry Jakovenko
2782 Liren Ding
2777 Vladimir Kramnik
2773 Wesley So
2771 Alexander Grischuk
2765 Levon Aronian
2762 Sergey Karjakin
2758 Evgeny Tomashevsky
2744 Maxime Vachier-Lagrave
2742 Michael Adams
2741 Radoslaw Wojtaszek
2738 Teimour Radjabov
2737 Pendyala Harikrishna
2736 Shakhrivar Mamedyarov*
2734 Yi Wei
2732 Leinier Dominguez Perez
2728 David Navara
2727 Peter Svidler
2726 Vassily Ivanchuk
2725 Nikita Vitiugov
2721 Yangyi Yu
2720 Dmitry Andreikin
2717 Pavel Eljanov
2712 Hao Wang
2707 Peter Leko
2705 Ian Nepomniachtchi
2700 Anton Korobov

* Maimdiarove's name is butchered horribly all the time and the correct spelling is unknown

https://bitcointalk.org/index.php?topic=1148538.msg12469393#msg12469393

[smooth]

This might not be an issue at all, but gmaxwell seems to imply here that there might be a vulnerability in the way segregated witness is implemented in BBR:

https://www.reddit.com/r/Bitcoin/comments/3vq8hm/multiple_new_bip_proposals_coming_up_on_day_2_of/cxpxi5t

Is this something to be worried about? Does it potentially impact other CryptoNote coins or just Boolberry?

All they are saying there is that if you want to prune the signature data, you need to still keep a hash of the signature data in the chain of hashes (of Merkle trees) for the blocks. In other words, you need to still be able to prove which signature signed which transaction, even if you've actually discarded the signature data.

I believe BBR already does the correct thing. And afaik, Monero does not discard signature data, but I could be wrong about that. If they do, I assume they would do the right thing as well.

BBR does not include a hash of the signature data in the blockchain. I'm not sure what exactly are the alleged vulnerabilities either, but I've always been uncomfortable with it, as I said way back in the 2014 BCX free-for-all thread.

Monero does not have any kind of segregated witness so no issue there.

[galdur]

Good game by Nakamura today. Anand sacrificed a pawn and got pretty good play but suddenly his queen was under lock and key for 10 moves which gave Nakamura time to consolidate and emerge with an easy win.