CryptoNote technical discussion and Chess Challenge

[boolberry]

Looks like we have different styles of play for this next move. With white I typically like control of the center with pawns and do not bring in majors too soon. The castle is an option that can wait for a defensive black move.

2 vote d5 (Morecoin Freeman,tifozi)
2 votes O-O (boolberry, LucyLovesCrypto)

3 votes d5 (Morecoin Freeman,tifozi, cryptoadoption15)
2 votes O-O (boolberry, LucyLovesCrypto)

You broke the tie with under 30 seconds to spare! I was just about to update the board with O-O as the winning move based on the tiebreaker rule previously cited. Anyway it is nice to see a new player join the chess game. Please join the CryptoNote discussion too.

[1715032547]

1715032547

[1715032547]

1715032547

[1715032547]

1715032547

[1715032547]

1715032547

[1715032547]

1715032547

[8XMR]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

[tifozi]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Live video on livestream http://livestream.com/chess/tatasteelchess

GM Wei is 16 yrs old, seems to be doing well against Carlsen so far :tup:

I have a feeling @letsplayagame is in Wijk aan Zee too.  

[TPTB_need_war]

Not chess related but besides anonymity I think it is worth reminding people of another technical reason that makes CryptoNote coins much different than bitcoin.

CryptoNote uses the Schnorr signatures algorithm instead of Elliptic Curve Digital Signature Algorithm used by bitcoin

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better:

I believe that the ECC/NSA thread you referenced did eventually nail down every parameter used to create secp256k1 and answers most if not all concerns.

Yes, There is a python script that produces every parameter for secp256k1 from first principles, except the generator— and both myself and D. J. Bernstein have given the proof that in-advance choice of the generator is harmless outside of restricted conditions that aren't relevant to normal Bitcoin usage.

I have been asked in a PM if I would like to comment on this. I am not an expert and have no formal training in algebraic abstract math. Everything I know about this particular field (and cryptography in general) is self-taught mostly in 2014 and 2015. And I have big gaps in my understanding which can only be resolved by teaching myself the higher math courses I didn't take at the university and I don't have time for attaining that base knowledge. Nevertheless I can comment conceptually and understand enough to have for example combined Cryptonote with Compact Confidential Transactions to form what I named Zero Knowledge Transactions. And I understand enough to have digested Shen-noether's Ring Confidential white paper over a period of a day or few days. And I was able to analyze the differences and similarities and ramifications of the high level differences in our approach. So with that in mind, I will comment on the above quoted issue.

Afaik, the main difference between the Secp256k1 type of ECC that Bitcoin uses and the Ed25519 Berstein version of the twisted Edwards curve that Cryptonote uses, is that Ed25519 has no branching in the code and thus has no timing attacks (although one might reason that timing attacks might be less useful in crypto currency, I am not sure if that is true in all scenarios). And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system). Also Ed25519 is moderately faster and has a prime order which is deemed to more secure (I don't remember if Secp256k1 has a prime order or not).

http://ed25519.cr.yp.to/

So Secp256k1 is probably secure but Ed25519 is more secure.

Please feel free to quote me and claim it as an advantage for Cryptonote coins, but please acknowledge that I have also criticized Cryptonote for not solving the fundamental block chain Tragedy of the Commons economic issues and my opinion that metadata correlation makes their anonymity impractical for any (or most?) mainstream uses.

[newb4now]

And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system).

Is this advantage of Ed25519 over Secp256k1 negated assuming perfect compliance in avoiding BTC address reuse (since if a faulty RNG was used the balance of the at risk address would already be 0 after every transaction)?

[newb4now]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move (besides in a blitz game)?

Nbd7 (8XMR)
a5 (newb4now)

[tifozi]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move?

Nbd7 (8XMR)
a5 (newb4now)

Yes it was sad to see

Carlsen tortured Yi Wei before the draw (Wei played really well for what was a draw for a while and survived Carlsen's probes for a long time)

Best game was Navara vs Giri. Navara also errored according to the commentators and the guys on live chat.

This was the position when white(Navara) played Bd6 and black escaped (with Bxb2 41.Qxb2 Rxd6). Could be a puzzle as to what should have white done

[TPTB_need_war]

And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system).

Is this advantage of Ed25519 over Secp256k1 negated assuming perfect compliance in avoiding BTC address reuse (since if a faulty RNG was used the balance of the at risk address would already be 0 after every transaction)?

That perfect compliance is impossible isn't it, because how do you delete your public key from forums and other places it has been copied out-of-your-control. Don't tell me that the Bitcoin Wiki and the core devs never acknowledged this  

There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures (although I could use Merkel trees for multiple signatures at the cost of a just marginally longer signature) for the 20 times faster verification speed (at the cost of an exponential blowup in bandwidth at higher bit security), but this way is not encoded in Bitcoin so can't be used there.

See the following I wrote comparing Ed25519 and hash-based signatures (some info on the performance of Ed25519 also):

https://github.com/shelby3/hashsig/blob/master/DDoS%20Defense%20Employing%20Public%20Key%20Cryptography.md#public-key-authentication

P.S. if you see any improvement in my work, it will be because of improving health. I have some signs that my high dose herbal treatments (curcumim, moringa, bitter melon, mangosteen) might be working. I believe possibly (unfortunately self-diagnosis no blood work nor doctor visit since the 2012 doctor screwed me up) my health issue is a messed up pancreas or gall bladder possibly partially blocking my bile duct which would explain why I got so ill every time after I eat.

You all have no idea what it is like to have this sort of illness. Even bending down to scratch your foot becomes chore. Lifting your fingers to type on the keyboard takes a few deep breaths to gain the energy. Thinking about code becomes a chore and not a pleasant challenge. You really don't understand until you walk in another person's shoes. Any person who knows what they were capable of throughout their life and are unable to do because of some painful and chronic disability, is going to exhibit psychological stress and will attempt to cope either by going into depression or fighting back, both being a form of abnormality and dysfunction. I hope that is enough said.

[newb4now]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move?

Nbd7 (8XMR)
a5 (newb4now)

Yes it was sad to see

Carlsen tortured Yi Wei before the draw (Wei played really well for what was a draw for a while and survived Carlsen's probes for a long time)

Best game was Navara vs Giri. Navara also errored according to the commentators and the guys on live chat.

This was the position when white(Navara) played Bd6 and black escaped (with Bxb2 41.Qxb2 Rxd6). Could be a puzzle as to what should have white done

Giri is a great defender. I was rooting for Navara after he found that Rxf5 sacrifice.

[newb4now]

There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures

Forcing perfect compliance through cryptography sounds great. Unfortunately I cannot pretend to understand the math and cryptography behind everything you say except on a conceptual basis.

[XMRpromotions]

Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move (besides in a blitz game)?

Nbd7 (8XMR)
a5 (newb4now)

Nbd7 (8XMR)
a5 (newb4now, XMRpromotions)

[boolberry]

Not chess related but besides anonymity I think it is worth reminding people of another technical reason that makes CryptoNote coins much different than bitcoin.

CryptoNote uses the Schnorr signatures algorithm instead of Elliptic Curve Digital Signature Algorithm used by bitcoin

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better:

I believe that the ECC/NSA thread you referenced did eventually nail down every parameter used to create secp256k1 and answers most if not all concerns.

Yes, There is a python script that produces every parameter for secp256k1 from first principles, except the generator— and both myself and D. J. Bernstein have given the proof that in-advance choice of the generator is harmless outside of restricted conditions that aren't relevant to normal Bitcoin usage.

I have been asked in a PM if I would like to comment on this. I am not an expert and have no formal training in algebraic abstract math. Everything I know about this particular field (and cryptography in general) is self-taught mostly in 2014 and 2015. And I have big gaps in my understanding which can only be resolved by teaching myself the higher math courses I didn't take at the university and I don't have time for attaining that base knowledge. Nevertheless I can comment conceptually and understand enough to have for example combined Cryptonote with Compact Confidential Transactions to form what I named Zero Knowledge Transactions. And I understand enough to have digested Shen-noether's Ring Confidential white paper over a period of a day or few days. And I was able to analyze the differences and similarities and ramifications of the high level differences in our approach. So with that in mind, I will comment on the above quoted issue.

Afaik, the main difference between the Secp256k1 type of ECC that Bitcoin uses and the Ed25519 Berstein version of the twisted Edwards curve that Cryptonote uses, is that Ed25519 has no branching in the code and thus has no timing attacks (although one might reason that timing attacks might be less useful in crypto currency, I am not sure if that is true in all scenarios). And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system). Also Ed25519 is moderately faster and has a prime order which is deemed to more secure (I don't remember if Secp256k1 has a prime order or not).

http://ed25519.cr.yp.to/

So Secp256k1 is probably secure but Ed25519 is more secure.

Please feel free to quote me and claim it as an advantage for Cryptonote coins, but please acknowledge that I have also criticized Cryptonote for not solving the fundamental block chain Tragedy of the Commons economic issues and my opinion that metadata correlation makes their anonymity impractical for any (or most?) mainstream uses.

Thank you for the Secp256k1 vs Ed25519 comparison. I see that ArticMine has been debating with you in the Monero thread about the Tragedy of the Commons issue. Based on my understanding he feels that the tail emission of CryptoNote coins (such as implemented by Monero) are critical to avoiding this and that coins like Boolberry eventually be vulnerable unless a tail emission is added. I agree with ArticMine that a tail emission would help Boolberry but still think we have plenty of time to decide how to implement it based on the BBR emission schedule.

Your objection seems to be centered around the assumption that mining will eventually become centralized (due to cost of electricity and other factors giving some parties a comparative advantage).  I look forward to seeing how future developments (such as smart mining being developed by Monero) and other changes impact decentralization.

[TPTB_need_war]

There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures

Forcing perfect compliance through cryptography sounds great. Unfortunately I cannot pretend to understand the math and cryptography behind everything you say except on a conceptual basis.

It doesn't gain anything from an anonymity perspective (and is arguably retrogressive), if that is what you were thinking. We pay to a name instead of an address. The address can change and the name remains the same. For security it helps, and my greater motivation is eliminating lost payments (payments to addresses for which no one knows the private key) and overhead for microtransactions (and potentially IoT).

Edit: it is a usability feature for targeting the masses, and I think ShadowCoin has a similar feature but maybe not for the same motivations.

[letsplayagame]

Nbd7 (8XMR)
a5 (newb4now, XMRpromotions, letsplayagame)

[boolberry]

Current position
Based on the votes in this thread Team Monero has chosen to play a5. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

white to move


Team Boolberry (white pieces) vs. Team Monero (black pieces)
Game 2 PGN:

Code:

1.d4 Nf6 2.Nf3 g6 3.c4 Bg7 4.Nc3 O-O 5.e4 d6 6.Be2 e5 7.d5 a5

[Morecoin Freeman]

Giri is a great defender. I was rooting for Navara after he found that Rxf5 sacrifice.

♖ Spectacular Rook sacrifice indeed! Very interesting game.

[tifozi]

Bg5 : 1 Vote (tifozi)

[languagehasmeaning]

Bg5 : 1 Vote (tifozi)

Bg5 : 2 Votes (tifozi, languagehasmeaning)

[Morecoin Freeman]

Bg5 : 3 Votes (tifozi, languagehasmeaning, Morecoin Freeman)

[tifozi]

Giri is a great defender. I was rooting for Navara after he found that Rxf5 sacrifice.

♖ Spectacular Rook sacrifice indeed! Very interesting game.

And today he was on the receiving end of a Rook sacrifice Brilliant brilliant match won by GM Yifan Hou. I am still stunned, the last 15+ moves were just amazing.