Bitcoin Forum
May 29, 2020, 03:03:58 PM *
News: Latest Bitcoin Core release: 0.19.1 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they believe that the creator of this topic displays some red flags which make them high-risk. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 ... 757 »
  Print  
Author Topic: IOTA  (Read 1445260 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 12:21:59 PM
 #1261

Come on CfB you know what we mean:
"bupqcn01srbheze1o999" is randomized and fulfills your password suggestion before, but not after, disclosing the "trailing 9"-thing.
 Smiley

The security of this password is more than 80 bits, it's more than security of the password used by me LOL.
FAST DICE GAME $500 DAILY CONTEST BEST AUTOBET MODE 30% RAKEBACK FOR VIPS PROVABLY FAIR Play Now Play Now
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1590764638
Hero Member
*
Offline Offline

Posts: 1590764638

View Profile Personal Message (Offline)

Ignore
1590764638
Reply with quote  #2

1590764638
Report to moderator
LiQio
Legendary
*
Offline Offline

Activity: 1178
Merit: 1002



View Profile
December 23, 2015, 12:30:28 PM
 #1262

Come on CfB you know what we mean:
"bupqcn01srbheze1o999" is randomized and fulfills your password suggestion before, but not after, disclosing the "trailing 9"-thing.
 Smiley

The security of this password is more than 80 bits, it's more than security of the password used by me LOL.

bupqcn01srbheze1o999 -> 81 bits
bupqcn01srbheze1o -> 71 bits

=> mention it.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 12:43:57 PM
 #1263

bupqcn01srbheze1o999 -> 81 bits
bupqcn01srbheze1o -> 71 bits

=> mention it.

David will decide, my opinion is that too many details is rather bad than good. If someone managed to send bitcoins then their IQ is high enough to generate a good password.
rlh
Hero Member
*****
Offline Offline

Activity: 788
Merit: 1000


View Profile
December 23, 2015, 12:56:15 PM
 #1264

Sorry for my ignorance but is "SaM" hashing the full process of taking a clear text string (the users passphrase) and converting it to an address hash?

Because in your code, you have operations such as 9 hashing rounds x (729 iterations for some left/right calculations + another 729 iterations for left/right index assignments and look ups.)  So, that operation alone is 13,122 operations within your transform method... which gets called multiple times per address.

Again, I need to dig into this and figure out the point of each step in your code, but with the exception of initializing the INDICES table just once, I have to execute all of your code for each address.

I hate to ask for a cheat, but are there other ways that some of this could be cached or simplified for barebones address creation?

SaM is just a hash function - https://github.com/JinnLabs/SaM/blob/master/src/SaM.java. A single hash requires 19683 lookups to F.

FYI, I did a bit of counting.  Your address generator calls your transform() function 101(!) times on the state[] array.  This means that the seed is hashed 101 times.  When I count all of the lookups to F within the transform method, I see 19,683 lookups (which is your number.)  This means that F is accessed 1,987,983.

Also, I forgot to stop looking at benchmarks in the debugger (derp!).  My i5 is generating about 21 addresses/sec in Visual Studio while outside of VS I'm getting 108 addresses/sec.


A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 01:15:32 PM
 #1265

FYI, I did a bit of counting.  Your address generator calls your transform() function 101(!) times on the state[] array.  This means that the seed is hashed 101 times.  When I count all of the lookups to F within the transform method, I see 19,683 lookups (which is your number.)  This means that F is accessed 1,987,983.

Also, I forgot to stop looking at benchmarks in the debugger (derp!).  My i5 is generating about 21 addresses/sec in Visual Studio while outside of VS I'm getting 108 addresses/sec.

Some hashings are not necessary to get an address, the logic (not reflected in the code) is:

1. Take random string of trits
2. Hash it to get a 243-trit account seed
3. By adding 0, 1, 2, ... to the seed and hashing it we get different key seeds
4. By hashing each key seed 9 times we get 27 key fragments (a hash contains 3 keys at once because a key fragment is 81 trits while a hash is 243 trits)
5. Each key fragment must be hashed 27 times, after each hashing only first 81 trits are taken
6. Once we get 27 key fragments hashed 27 times each we concatenate them into a 2187-trit string
7. Hashing of this string (requires 9 invocations of SaM transform function) gives 243 trits of the address

This method allows to deterministically generate infinite number of addresses not linked together (for an outside observer) by having a single account seed.
rlh
Hero Member
*****
Offline Offline

Activity: 788
Merit: 1000


View Profile
December 23, 2015, 02:09:08 PM
 #1266

I had asked a couple questions regarding your comments... I'll dig into this deeper, later.  I'm starting to understand.

Unrelated question, regarding your tryte array (tryteTrits)  maybe I'm missing the pattern, but what determined the order of these sub-arrays (Each containing 3 trits)  If I were to create such an array, it would have looked like:

Code:
int[][] tryteTrits =
    {
        {0,0,0}, {0,0,-1}, {0,0,1}
        {0,-1,0}, {0,-1,-1}, {0,-1,1}
        {0,1,0}, {0,1,-1}, {0,1,1}
         ...
    }

This seems to be a semi-natural progression of values.  Was there a good, logical reason for the much different ordering of trytes?

A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 02:15:11 PM
 #1267

I've sent alpha version code to those who offered their help. The review shouldn't take much time, it was only back-end code. While we are waiting I'll start writing real (non-reference) version. The difference between these versions is that the latter will be more complex, but optimized.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 02:17:56 PM
 #1268

Unrelated question, regarding your tryte array (tryteTrits)  maybe I'm missing the pattern, but what determined the order of these sub-arrays (Each containing 3 trits)  If I were to create such an array, it would have looked like:

Code:
int[][] tryteTrits =
    {
        {0,0,0}, {0,0,-1}, {0,0,1}
        {0,-1,0}, {0,-1,-1}, {0,-1,1}
        {0,1,0}, {0,1,-1}, {0,1,1}
         ...
    }

This seems to be a semi-natural progression of values.  Was there a good, logical reason for the much different ordering of trytes?

Your order gives the following numerical values:

 0   26    1
24  23  25
 3   2    4
rlh
Hero Member
*****
Offline Offline

Activity: 788
Merit: 1000


View Profile
December 23, 2015, 02:26:13 PM
Last edit: December 23, 2015, 02:57:58 PM by rlh
 #1269

comments and questions redacted... I'll figure this out on my own. Tongue

A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 03:07:05 PM
 #1270

A script kiddy is playing with our server right now. Hold on.
AltcoinScamfinder
Hero Member
*****
Offline Offline

Activity: 840
Merit: 500


View Profile
December 23, 2015, 03:13:20 PM
 #1271

A script kiddy is playing with our server right now. Hold on.

When you are successful enough that some 4chan child takes notice, you have come a long way.

FOR RENT.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 03:24:51 PM
 #1272

To those who don't find their address in http://188.138.57.93/old.txt - reenter it again via collect.iotatoken.com, please. No need to resend the payment.
rlh
Hero Member
*****
Offline Offline

Activity: 788
Merit: 1000


View Profile
December 23, 2015, 03:30:20 PM
 #1273

Sorry, I'll try to quite down in a bit but regarding code review, should we post our questions here, or via PM?  I already see something that I'd like to explain, but if you'd prefer for review questions to be asked in a private/semi-private manner, let me know.

A Personal Quote on BTT from 2011:
"I'd be willing to make a moderate "investment" if the value of the BTC went below $2.00.  Otherwise I'll just have to live with my 5 BTC and be happy. :/"  ...sigh.  If only I knew.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 03:35:03 PM
 #1274

Sorry, I'll try to quite down in a bit but regarding code review, should we post our questions here, or via PM?  I already see something that I'd like to explain, but if you'd prefer for review questions to be asked in a private/semi-private manner, let me know.

PM or Ryver if you need realtime.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 03:53:46 PM
 #1275

There has arised a little misunderstanding regarding the reviewed code. To make it clear:

1. It's a back-end, some things like transaction signing will be done in front-end, this is why this code absents
2. It's a reference implementation, some things are not efficient because readability had the highest priority
3. Iota is lightweight literally, it's not a marketing trick. A single transaction format, a single packet format, a single workflow for data sharing - all these things led to little code.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 23, 2015, 04:41:45 PM
 #1276

I got some questions about the code, I'll post replies here so other reviewers will see them too.



There are transactions in Iota and their bundles. A bundle = one or several transactions. Every transaction can be a message, an output or an input. A message doesn't change balances and can contain any data. An output is an operation that increases the balance of an address. An input is an operation that decreases the balance of an address.

A typical transaction bundle may look like this:

-500 XXX
+400 YYY
+100 ZZZ
0 For Neuropozyne (50mg)

Here we see that XXX sends 400 iotas to YYY and 100 iotas (change) back to himself. There are 4 transactions, -500 is input and +400 and +100 are outputs. So transactions with negative values are possible. 0-value transactions can be ignored when calculating balances.



SaM hashing function is my invention. I used the same principle as was used in Keccak aka SHA-3 and followed all advices that I found in papers analyzing security of other hash functions. It doesn't guarantee that SaM is cryptographically secure, it's impossible to prove that a particular hashing function is secure (unless it's a balanced bent function which doesn't actually exist), only time can increase assurance that SaM is secure. There is no another trinary function which suits our needs, so not much choice here.

If we assume that SaM is cryptographically secure then the rest is secure (to some degree defined by the signer), because Iota uses Winternitz one-time signature scheme which is well-studied.



We already contacted cryptographers asking them to review SaM but this process is long, also they, of course, are busy with their own stuff.


WorldCoiner
Hero Member
*****
Offline Offline

Activity: 1050
Merit: 671



View Profile WWW
December 24, 2015, 10:10:39 AM
 #1277

Very interesting and new concept Come-from-beyond. Thanks for keeping us in the loop here.

Merry Christmas IOTA-Team!
superresistant
Legendary
*
Offline Offline

Activity: 2058
Merit: 1096



View Profile
December 24, 2015, 11:33:08 AM
Last edit: December 24, 2015, 11:54:17 AM by superresistant
 #1278

 
[solved]
I am not sure I understand this step :

type the address that you just generated into the form below. Hit 'Send' to get the amount of satoshis to transfer in order to verify your ownership.

Can someone rephrase this ?

I never got "the amount of satoshis to transfer in order to verify my ownership", is it a bug ? I only get a blank page.
I guess the server is saturated of request... I'll try later.


EDIT : I forgot to remove the space before the last 2 letters so the site didn't recognize my address. Thanks Come-from-Beyond.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
December 24, 2015, 11:44:14 AM
 #1279


I am not sure I understand this step :

type the address that you just generated into the form below. Hit 'Send' to get the amount of satoshis to transfer in order to verify your ownership.

Can someone rephrase this ?

I never got "the amount of satoshis to transfer in order to verify my ownership", is it a bug ? I only get a blank page.
I guess the server is saturated of request... I'll try later.

Post you address.
l8orre
Legendary
*
Online Online

Activity: 1105
Merit: 1005


View Profile
December 24, 2015, 04:41:51 PM
 #1280


I have just sent my BTC pilot TX- it should be all right, but can I verify its correctness somewhere?
Pages: « 1 ... 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [64] 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 ... 757 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!