Fuserleer
Legendary
Offline
Activity: 1064
Merit: 1020
|
|
October 17, 2015, 02:56:43 PM |
|
I have a query though, in your abstract "...and the payer isn’t revealed to the payee" Shouldn't the payee know who the payer is? What if someone sends me a payment without me expecting it, how do I know who its from? I don't see any real purpose for not revealing the payer to the payee :|
This is also the case for Cryptonote. No one but the payer knows which of the public addresses in the ring challenge was the signer of the transaction. In theory one can add the feature that the payer can optionally feed his address through the non-interactive Diffie-Hellman exchange of private data in the unlinkability step of Cryptonote: https://cryptonote.org/whitepaper.pdf#page=6Ok, I've only skimmed those papers as they are not relevant to the eMunie ledger design, so kinda pointless to educate on them in depth. UTXOs will kill your ability to scale though unless you enforce BitShares level machines with endless RAM at high loads...have you considered those kind of loads and how to manage them?
|
|
|
|
unununium
Member
Offline
Activity: 112
Merit: 10
|
|
October 17, 2015, 03:14:44 PM |
|
We have anon with dash, why we should donate?
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 03:17:39 PM |
|
I've talked to Smooth a lot about anonymity telling him it's not useful unless you can fix scaling first. If you only have enough TPS for a clearing mechanism between banks, on-chain anonymity doesn't do anything when most transactions will be done off-chain anyway. Since you seem to have the exact same viewpoint, how exactly would this design even help Monero? Does it at least reduce overhead to Bitcoin level?
I agree that you can't go after for example decentralized exchanges on chain if you don't have very high TPS. So there are certain markets you can't service without the high TPS solution. However, the governments are coming after everything with capital controls, and for that and other reasons some people may want to really anonymize their transaction trails very well, so that is an example of one market that can use low TPS anonymity improvements and that market will be growing very fast in 2016. So Monero or other anonymous coin having the "first mover" advantage on the most significant advance for anonymity since Cryptonote and theoretical Zerocash could potentially significantly raise the market moment of that coin. Also as I wrote to illodin, this reduces block chain bloat in terms of less transactions needed to transfer a balance as powers-of-ten (well that is not factoring in the cost of the Proof of Sums so perhaps not a size reduction overall, but you gain an important feature of hiding values) and wallet complexity/inflexibility of any existing Cryptonote coin. Of course they would want to follow it up with more efforts to make their platform viable for more markets. High TPS are not the only markets. They are important to me, so I won't disagree about their high potential value, but low TPS anonymity is also a market. Also anonymity is already a developed and proven market whereas high TPS is a new unproven market. When the next bubble comes back to crypto, anonymity can be one of those sectors that gets hot with speculators. Caveat: make sure the low TPS anonymous rings are mixing properly with UXTO that are also spent into anonymous rings, otherwise the anonymity breaks down if only a few people are using anonymous rings (but I think Monero and others are already aware of this, even I think Boolberry had a special feature flag to force this). Anonymity is a feature. For example what if Crypto Kingdom gamers want to be really untraceable to their other hacker gamers. Did you see that kid in Manila was mauled to death for writing "whew" on a girls facebook page. There are non-nefarious reasons for using anonymity. Even businesses want to hide the values they are transacting so that competitors do not have that proprietary information. And that could be low TPS transactions for now. I agree eventually we need to solve high TPS and block chain scaling, but anonymity isn't entirely useless just as Bitcoin isn't entirely useless. I'd hold more BTC if the damn thing was more anonymous. I have not trusted I could transfer over to Monero, mix, then come back and retain anonymity well. I'd rather have it on chain for the coin I am holding. My opinion is that collateral bid systems using PoS where the top 100/500/1000 wallet addresses that choose to lock stake and act as deterministic nodes is the easiest way to solve scalability at the moment.
I think there is a better design but I am not ready yet to discuss that. I need to focus in this thread and time on the anonymity invention I created. We will hopefully get there asap. But really I have been in such a whirlwind with my rollercoaster health, that I don't want to talk too much about the future. Let's get done what I can do now for now. Larimer thinks you can have anonymity in such a system already: Confidential Transfers hide the amounts being transfered while still allowing those who validate the blockchain to verify that the balances transfered sum to 0 and are not negative. Stealth transfers are used to automatically generate a unique key for every transfer. The combination of these two features means that it becomes pratically impossible for a 3rd party to identify how much you have sent or received or who is sending money to whom. I had already responded to you about that in the past and explained it doesn't have untraceability therefor it is trivially unmasked via combinatorial analysis. It adds some obfuscation, but it is step backwards from Cyptonote except that it doesn't have the problem of equal denominations. And it can hide value. Mine combines all of Cryptonote (which includes both stealth addresses for unlinkability and rings for untraceability) with hidden values. I have the first complete on chain anonymity that doesn't have Zerocash's drawbacks. Without achieving the scaling part first, won't this purchase be kind of useless when it will inevitably be overun by some kind of second tier anonymity system latched on top of a deterministic PoS network?
The opposite. It will destroy the anonymity aspect of the threat from Bitshares, by moving way beyond it on anonymity features. I'd say Monero needs this to stay in the clear anonymity lead. As for whether Bitshare's high TPS solution will become more important to the market than anonymity, I don't know. Last time I looked, Bitshares was talking about what each CPU could process, not about actually network throughput on a real testnet. Perhaps more has come out since I last looked. I will look into it at some point in near future.
|
|
|
|
MikeCoin
|
|
October 17, 2015, 03:30:39 PM |
|
good ideas but i wouldent donate
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
October 17, 2015, 03:45:18 PM |
|
Also as I wrote to illodin, this reduces block chain bloat in terms of less transactions needed to transfer a balance as powers-of-ten (well that is not factoring in the cost of the Proof of Sums so perhaps not a size reduction overall, but you gain an important feature of hiding values) This remains kind of uncertain overall. I think there are some questions raised in one of shen's papers. By being smarter about how you break up amounts you can achieve quite a bit of hiding and not incur the cost of the range proofs. There are, as you pointed out, certain weaknesses to unlinkability and maybe CT-derived approaches end up being a win overall but it isn't totally clear yet. As you say there are different markets and for some markets hiding amounts completely may be more important even if there is an overall resource cost. For example, those wanting to hide large transfers (you can't make anything that looks like a large transfer in cryptonote if you don't even have a large amount of coins to begin with, and in a mixed system smaller users won't, so actual very large transfers or at least transfers by users with very large wallets, will tend to stick out).
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 03:46:36 PM Last edit: October 17, 2015, 04:02:34 PM by TPTB_need_war |
|
Please read the prior discussion about the above anonymity feature, including my recent peer review that identified/revealed the flaw in an attempt to create the same invention by someone who may be affiliated with Monero.
First of all you revealed no flaw, as the linkability has been addressed in v0.3 in the so called WORK IN PROGRESS. As noted here: https://www.reddit.com/r/Monero/comments/3oi16k/ring_ct_for_monero_a_work_in_progress_comments/cw27qlaSecond of all; this stuff has been discussed by gmaxwell, andytoshi and shen + others in june/july on #bitcoin-wizards and other channels and there are logs of it all over the place; so much for your "invention". As my Abstract says, my design requires no new unproven crypto. He is inventing a new type of signature that has probabilistic assumptions (plus perhaps complex external factors which impact probabilities). Those assumptions could be broken. I use long standing crypto that is well proven. Also he still hasn't solved the other problem which is balances can't be merged without revealing values. Also I have fixed CCT, which is much more efficient than CT. Also I expect further problems with Shen's approach as it undergoes a lot of peer review. I just haven't taken the time to really dig into, as it is a patchwork quilt of crypto methods, whereas mine is so very straight foward merging of existing Cryptonote and CCT with simple and obvious tech. Trust in the anonymity is the most important that is worth a lot more than a measly $21,000. I'd really like to receive about $75,000 total for the work already done plus assisting on implementation. If I am not mistaken, the guy who was selected to optimize Monero's mining algorithm pocketed an alleged $150,000 worth of coins before releasing the optimization generally. Only in your head bro, DGA just commented the cryptostuff later, NoodleDoodle did the optimizations in the daemon. I was there debating with one of those guys just after he claimed to have optimized it (because I had designed a similar PoW has to Cryptonote's before I learned about CN). And someone posted he had earned $150,000 on that effort and I don't remember any refutation. I believe it was DGA. In any case, if the crypto market can't pay a good income, then it is okay if developers will choose not to work on the market. I assume NoodleDoodle or who ever did that optimization earned what they felt was a good return on their investment. I am not here to donate my time. I can't afford it.
|
|
|
|
othe
|
|
October 17, 2015, 04:03:11 PM |
|
I assume NoodleDoodle or who ever did that optimization earned what they felt was a good return on their investment. He got 0 for it. He even donated as every core member to development that makes it a fat minus. In any case, if the crypto market can't pay a good income, then it is okay if developers will choose not to work on the market. Open Source projects barely pay an income especially smaller ones, so forget it. I am not here to donate my time. I can't afford it. Why are you even working on that stuff then, get a job that pays you what you need. Should be easy.
|
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
October 17, 2015, 04:07:21 PM |
|
...I am not here to donate my time. I can't afford it.
Nor should you have to. Unfortunately, many will take the view that this will be open source at some point, so most will just wait. If it is peer reviewed and tested, you might find that mixing services would be prepared to pay you. Just a thought.
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 05:50:29 PM |
|
In any case, if the crypto market can't pay a good income, then it is okay if developers will choose not to work on the market. Perhaps you missed this link in my post: But there is no way I would set a crowdfunded donations threshold that high, because I doubt it could be reached ( because it isn't a comparative equity offering)... The point of that quote link is that some developers have raised a lot of money and they are in a position to buy an exclusive on my white paper and have "first mover" advantage. As equity amasses to the coin that can be the "first mover" then it has an advantage in terms of funding developments and furthering its lead over others, and this can become insurmountable, e.g. Bitcoin. Right now we are laying the ground work for the next big move in the BTC price to new all time highs (probably 2017, but starting to move up in later half of 2016), so it is of the essence to be in that position before the moves starts. Unfortunately, many will take the view that this will be open source at some point, so most will just wait.
Ditto the above. I think the most value will come from my invention by putting it exclusively in a coin that people are invested in, so then they have the most incentive to invest in my work as an addition to their investment. The most value would come from doing my own coin along with a lot more work to complete, and I retain that option if none of the other coins can meet my minimal compensation threshold. I assume NoodleDoodle or who ever did that optimization earned what they felt was a good return on their investment. He got 0 for it. He even donated as every core member to development that makes it a fat minus. Those who raised a lot of money had an ICO or premine. Monero didn't. I am happy to contribute to Monero if their claimed donation model works. That is why I am here making this thread. Many people have claimed to me that ICO and premines are bad and that donations with a "fair" distribution is better. Okay so prove it to me. I want to see which model can fund the development of the best anonymity design. This thread is an experiment to teach me more about the economics of the crypto market, as well as my other stated objectives. I am not here to donate my time. I can't afford it. Why are you even working on that stuff then, get a job that pays you what you need. Should be easy. I am trying to make this my job. If it doesn't work out, I will lick my wounds and charge it to experience. I suppose you could also make that argument that without all of these things you don't really have a very strong solution overall and again are engaging in wishful thinking (which was in many ways the premise of TPTB's original Ion "Bitcoin killer" concept, before he neutered it).
It is still possible I keep it only for the Ion project. But the Ion project would take more months to develop, and the anonymity would probably be added after the high TPS and block chain scaling, so that means this anonymity feature might not reach the market until mid-2016 (perhaps sooner but maybe not). So on balance, I am trying to do what seems to make the most sense overall by being flexible and observing all options, weighing all the risk factors and what is best also for me as both a user of crypto and a potential lead developer or a just a contributing developer.
|
|
|
|
othe
|
|
October 17, 2015, 05:55:19 PM |
|
Those who raised a lot of money had an ICO or premine. Monero didn't. I am happy to contribute to Monero if their claimed donation model works. That is why I am here making this thread. Many people have claimed to me that ICO and premines are bad and that donations with a "fair" distribution is better. Okay so prove it to me. I want to see which model can fund the development of the best anonymity design. This thread is an experiment to teach me more about the economics of the crypto market, as well as my other stated objectives. To use that model, you have to use the forum funding system (FFS). Like everyone else. Example: https://forum.getmonero.org/9/work-in-progress/2400/open-source-amd-miner-by-wolf0
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 06:02:33 PM Last edit: October 17, 2015, 06:32:05 PM by TPTB_need_war |
|
Those who raised a lot of money had an ICO or premine. Monero didn't. I am happy to contribute to Monero if their claimed donation model works. That is why I am here making this thread. Many people have claimed to me that ICO and premines are bad and that donations with a "fair" distribution is better. Okay so prove it to me. I want to see which model can fund the development of the best anonymity design. This thread is an experiment to teach me more about the economics of the crypto market, as well as my other stated objectives. To use that model, you have to use the forum funding system (FFS). Like everyone else. Example: https://forum.getmonero.org/9/work-in-progress/2400/open-source-amd-miner-by-wolf0This thread is a precursor to deciding where to apply energies. Gauging interest level, etc.. There are range of opportunities for this algorithm I invented, including even for example the SuperNet, Dash, Monero, holding for my own coin, partnering with another upstart coin such as Aeon, etc.. It also possible that I form a working relationship with another coin, then continue developing for that coin applying my other inventions there, but it really depends on how funding works well (efficient, well paid, helpful or non-divisive working relationships, etc).
|
|
|
|
funnyman21
Member
Offline
Activity: 109
Merit: 10
|
|
October 17, 2015, 06:20:23 PM |
|
Those who raised a lot of money had an ICO or premine. Monero didn't. I am happy to contribute to Monero if their claimed donation model works. That is why I am here making this thread. Many people have claimed to me that ICO and premines are bad and that donations with a "fair" distribution is better. Okay so prove it to me. I want to see which model can fund the development of the best anonymity design. This thread is an experiment to teach me more about the economics of the crypto market, as well as my other stated objectives. To use that model, you have to use the forum funding system (FFS). Like everyone else. Example: https://forum.getmonero.org/9/work-in-progress/2400/open-source-amd-miner-by-wolf0This thread is a precursor to deciding where to apply energies. Gauging interest level, etc.. There are range of opportunities for this algorithm I invented, including even for example the SuperNet, Dash, Monero, holding for my own coin, partnering with another upstart coin such as Aeon, etc.. It also possible that I form a working relationship with another coin, then continue developing for that coin applying my other inventions there, but it really depends on how funding works well (efficient, well paid, etc). Boolberry may not have lots of monero available for donations but it is an advanced CryptoNote coin and is part of SuperNET. Maybe SuperNET could fund you to combine CryptoNote and CT (they raised a lot in ICO) since Boolberry is part of SuperNET. That would seem like an infinitely superior solution to CoinShuffle which they are also working on. You should talk to the SuperNET people and cryptozoidberg from Boolberry.
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 06:25:45 PM Last edit: October 17, 2015, 06:41:25 PM by TPTB_need_war |
|
TPTB no disrespect to the work you are doing, its important nonetheless, just my thoughts. Its good to see at least something tangible coming out from your end finally Thank you. Larimer thinks you can have anonymity in such a system already:
For once I agree with you, if most transactions take place off chain/ledger/whatever then the majority of transactions are "anonymous" as they are not publicly recorded. Smooth and I discussed this I believe in 2014 and the conclusion is that everything sent to the internet can be recorded, so there is no such thing as off chain anonymity (CoinShuffle excepted, and also CoinJoin if jamming and DoS is not your worry) if you are referring to protection against national security agencies and government capital controls. And if for a business or high net worth individual, then you may also want to be very safe against espionage and mobsters, so again your upstream ISP, masternode/delegated node, or what ever might be compromised. Also one of the most important points is that only on chain anonymity obeys the End-to-end principle of networks. The means your anonymity is orthogonal to any agent in the network. This is critical for scalability, redundancy, and resilience. So please enough with the off chain anonymity. It is highly inferior. It is a hack that got some play in terms of quick way to get anonymity rolling (e.g. Dash), but it is not the future. If the internet had been invented without the end-to-end principle, then TCP/IP wouldn't work and we'd not have the scalable, resilient internet we have today that enables to even be here. Except for CoinShuffle, Off chain mixing = trusting someone (node/server) you can't prove you can trust. Here follows the section from my white paper on this topic. 1.2 Non-autonomous strategiesNon-autonomous strategies for achieving untraceability and unlinkability require interaction between third parties; whereas, autonomous strategies are non-interactively and autonomously constructed by the originator. Non-autonomous strategies violate the end-to-end principle because the intermediaries—between the originator and the construction of a transaction to the destination—are capable of harm, not substitutable, or not fungible. Put more abstractly, the intermediaries are not idempotent, referentially transparent, transitive, and commutative.
Centralized mixing services such as coin mixers and VPNs require unprovable trust. The user must trust but can’t prove that the operator of the service is honest, hasn't been covertly forced to sign a national security gag order or other form of coercion, and the service hasn’t been compromised by its employees, hosting provider, or a powerful adversary. Coin mixers are also susceptible to transaction graph analysis[Mös13].
Low-latency, decentralized mixing networks such as Tor and I2P are littered with anonymity holes such as Sybil attacks on relay nodes, traffic correlation[Tor09], asymmetric correlation[VLR14] identifying up to 91% of circuits[SEV15] with mitigation at best 5.1%[NSZ15], ephemeral intersection[I2P10], vulnerable hidden services[Tor13, Tor14], and relay lookup leaks[WMB10]. Additionally these networks open gaping holes in anonymity when combined with the reputation based DoS protection in Bitcoin[BP14] and other cryptocurrencies.
The state-of-the-art of non-autonomous strategies is CoinShuffle[RMK14], which provides unconditional security of the anonymity set for all non-colluding, non-adversarial participants of the mixed transaction; and is guaranteed to complete after sufficient blame rounds. CoinShuffle lacks unlinkability; and it suffers the same implications of Cryptonote’s requirement of equal denominations for the mixed inputs. All CoinJoin[Max13] derivatives including CoinShuffle suffer from a simultaneity requirement which has implications on useability. Although denial-of-service is filtered in the blame rounds, it could theoretically exacerbate delays impacting viability of completing a complex multi-party interactive protocol over the extended duration. Permanently banning a blamed input from all CoinShuffle mixes would destroy fungibility, because for example an input could be spent to another address which could be an innocent third party.
Its kind of a catch-22 though I feel, as high anon + scaling to high load is very difficult and I don't think concealing the value of a transaction is going to play nice with scalability.
I solved that, but that is not what I am going to release now nor discuss now. I'm betting on decoupling the sender from the receiver being the best workable solution to achieving high anon + high scalability, where the sender is unable to discover where exactly the payment ended up in the ledger nor discover any information about the receivers account (balance, historic transactions).
Well I have more surprises up my sleeve. This white paper isn't the only one.
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4284
Merit: 8808
|
|
October 17, 2015, 06:41:58 PM |
|
1. Plagiarize the work, shared freely, of Adam Back, Shen, Denis, myself, and others (and in my case even implemented in a high performance implementation).
2. Ask for twenty grand in donations.
3. Profit.
Here's a hint to someone who might think of funding this stuff, "just in case": Non-contributiors being paid for what is primarily your work is incredibly demoralizing-- doubly so when they don't even add anything to it (not even a good implementation); if you want to kill science and engineering in this space go ahead and fund more vaporware scams.
Science needs to happen in the open. I'm also very supportive of people being paid for their work, but they need to actually do work, not just sell snakeoil to others. This community often does a much better job at funding scams than people who reliably contribute.
|
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
October 17, 2015, 06:46:07 PM |
|
You are asking for more than 100K yet you have not responded to the cryptographer on reddit.
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 06:46:56 PM |
|
Larimer thinks you can have anonymity in such a system already: Confidential Transfers hide the amounts being transfered while still allowing those who validate the blockchain to verify that the balances transfered sum to 0 and are not negative. Stealth transfers are used to automatically generate a unique key for every transfer. The combination of these two features means that it becomes pratically impossible for a 3rd party to identify how much you have sent or received or who is sending money to whom. Maybe, but attacks on anonymity can be quite subtle, with various combinatorial, timing, and sybil type attacks, so I wouldn't be so confident. If you look at unlinkability, untraceability, and amount hiding as three prongs of resistance to blockchain analysis, then he's entirely missing one prong, which makes his argument quite weak. Blockstream has stated likewise about CT not hiding what they call transaction metadata, only content. Stealth is a nice convenience feature, but largely similar to just having good address reuse practices in Bitcoin (which can also be achieved via payment protocols and HD address chains). To do this well, you really need another piece, at least some sort of good coinjoin/coinshuffle type solution, and that is really hard to do well (potentially impossible) given sybil and timing attacks. At least Dash tries, but Larimer dismisses the problem too easily. So I'd characterize Larimer's argument as largely wishful thinking and/or hype (i.e. this is what I have therefore this is what is needed, the marketers variation of the arguing from the conclusion fallacy). But that's an entirely different argument from whether strong privacy/anonymity/fungibility (it is very hard to separate any of these from the others) is more important than scalability (or vice versa). I suppose you could also make that argument that without all of these things you don't really have a very strong solution overall and again are engaging in wishful thinking (which was in many ways the premise of TPTB's original Ion "Bitcoin killer" concept, before he neutered it). Smooth that was a better explanation than my response. Indeed Daniel is glossing over many issues. Fundamentally sound anonymity is multi-pronged, end-to-end, and on chain. My white paper even discusses computer security and what needs to be done and can practically be done. My white paper is holistic, as is everything I try to do in design work.
|
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
October 17, 2015, 06:51:59 PM |
|
..... The most value would come from doing my own coin along with a lot more work to complete, and I retain that option if none of the other coins can meet my minimal compensation threshold.....
I'll be interested to help, where I can, if you go down that route. Your various thoughts and challenges have helped a lot of people and projects over the years. You might be surprised at how many people would be prepared to support you.
|
|
|
|
coins101
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
October 17, 2015, 06:55:03 PM |
|
1. Plagiarize the work, shared freely, of Adam Back, Shen, Denis, myself, and others (and in my case even implemented in a high performance implementation). ...
The plot thickens. Sounds like I need to do a little more reading around. Any references?
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
October 17, 2015, 07:01:24 PM |
|
1. Plagiarize the work, shared freely, of Adam Back, Shen, Denis, myself, and others (and in my case even implemented in a high performance implementation). ...
The plot thickens. Sounds like I need to do a little more reading around. Any references? Here's gmaxwell's original write-up on Confidential Transactions: https://people.xiph.org/%7Egreg/confidential_values.txtHere's Denis Lukianov's latest paper on Compact Confidential Transactions: http://voxelsoft.com/dev/cct.htmlFinally, here's the WIP paper that Shen Noether, of the Monero Research Lab, has been focusing on: https://github.com/ShenNoether/MiniNero/blob/master/RingCT0.3.pdf
|
|
|
|
TPTB_need_war (OP)
|
|
October 17, 2015, 07:04:02 PM |
|
You are asking for more than 100K yet you have not responded to the cryptographer on reddit. No I asked only for $20K (+ $1K to reimburse our donation to the author of CCT which is underlying tech that makes it more efficient than CT). And I did respond, but I don't see a need for me to respond further at Reddit. I appreciate his reply, but my last statement there was maybe I should keep my mouth shut. Also the cryptographer did not address both of the flaws, so it just a continuation of more sloppy. He throws up a white paper that didn't even have all the required math in it, then he puts up version 2 and says version 3 is coming. Why do I need to respond to a moving target. He only addressed the duplicate spending issue and he did so by introducing some complex new probablistic signature algorithm he apparently invented which afaik has not been vetted. And even with all that complexity that can't be as easily trusted for a few years until it has been challenged/vetted, his afaics still can't merge balances without revealing values. When I say I invented a solution, I didn't have to invent any new crypto primatives. I reused existing well vetted zero knowledge proofs, EdDSA, and Cryptonote. I didn't invent new unvetted primitives (and I also removed from CCT the former requirement for a large unvetted, inefficient 768-bit ECC curve). If Shen explains more clearly his new signature crypto primitive, then I can better analyze his new unvetted crypto primitive the "Mokum-gane signature". He is clearly a math nerd (probably very expert) because communication and written elucidation is not his strong suit. I am primary a programmer and I aim for K.I.S.S. and clarity. I wish him the best with his design, but the tying of each input to each set of outputs is a fundamental weakness that my design doesn't have. My design you have a ring for each input. The outputs are orthogonal to the proof each the ring. He has conflated the two and thus his solution will never be as general and robust as mine. My white paper can be explained to novices. I could make a web page that would explain it to laymen who got As in their high school math courses.
|
|
|
|
|