The impact of bad crypto (DASH, SDC, etc). How much does math matter?

[AlexGR]

We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

The OP however refers to the "highschool maths" from a TPTB post about InstantX.

[smooth]

We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

I've already explained the critical difference between the two. One has an ongoing cost to bad actors, the other does not. The lack of any quantifiable cost means is that attacks are plausibly unbounded. More mixing will not save you.

The OP however refers to the "highschool maths" from a TPTB post about InstantX.

Was there any peer review of the InstantX white paper whatsoever? Was TPTB the first one to catch the error 1+ years later?

[toknormal]

The elephant in the room is monetary properties, not technical ones. It's very simple, for tier 1 monetary assets:

Good crypto = Public Blockchains
Bad Crypto = Obscrued Blockchains

For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

So you should therefore be discussing the merits of Good/Bad crypto within the domain of Public Blockchains explicitly or Good/Bad crypto within the domain of Obscured Blockchains explicitly since they are distinct monetary domains and obscured blockchains do not have any native (unbacked) monetary properties in the first place - even if it is "good crypto".

[smooth]

For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

If CT is ever implemented for Bitcoin itself (and segwit seems to make that more likely, even if only marginally), it will not be a higher order tier, it will be regular, ordinary main-chain Bitcoin transactions in which the amounts payable to each output are obscured (mathematically verifiable, but not visible in plaintext). You will no longer be able to look up addresses on a block explorer and see balances.

If implemented on a side-chain, I would consider that "higher tier" although I guess perspectives differ somewhat.

[toknormal]

it will not be a higher order tier, it will be regular, ordinary main-chain Bitcoin transactions in which the amounts payable to each output are obscured (mathematically verifiable, but not visible in plaintext

Nothing is "mathematically verifiable" except in theory.

Blockchains are not theory, they are practice.

That means they have to use technology that portends to implement theory but does not guarantee it. And even if they could guarantee it there's no way for an end user to ever know conclusively that they've got their hands on an authentic instance of that technology (except of course "in theory"   ).

So for unbacked monerary tokens no blockchain is "verifiable" by anything other than mass visual inspection on an ongoing basis of every single address by the fare paying public, independently of whether they happen to be holders of private keys or not. It's the sociological endorsement that emerges from that shared consensus that supports the value, not "math".

And if CT is ever implemented for bitcoin itself then bitcoin will no longer be a tier 1 asset and no longer constitute viable money. (At least not in any sociological sense that could support its value).

Just for clarification, by "monetary tier", I meant this: If I use my bike as "money" to pay for something then the bike is the tier 1 money and the contract that says someone owns it is the tier 2 asset. The tier 2 asset can be obscured, burned, washed through the washing machine, without compromising the integrity or value of the tier 1 asset.

In crypto, obscured blockchains (such as CT) potentially have the job of record keeping and obscuring the ownership of a tier 1 asset (bitcoin). But they are not tier 1 assets in their own right (by virtue of being obscured).

[toknormal]

i.e. this works...



this doesn't...



So arguing about what constitute "good and bad crypto" when comparing public and obscured blockchain is like arguing which is more secure - the money or the safe.

[BitcoinNational]

i feel like something profound is being communicated,
yet i'don't have the foggiest of clues :?

[toknormal]

i feel like something profound is being communicated,
yet i'don't have the foggiest of clues :?

Don't worry, you're in good company

[Red-Apple]

this was an informative topic over all i didn't know a couple of these things that happened.

but generally i don't care that much about these things that is why i haven't heard about them. i am mostly into bitcoin and follow it closely.

so altcoins for me are just a way to earn some money from the pumps and trade them.

although i would be lying if i said i wasn't interested in altcoin at all, there are 1-2 projects that really interest me and i follow them (i am not naming them to prevent hate ) but there is always some good projects out there. and as long as they are fixing theirs issues i am fine with it.

[generalizethis]

i feel like something profound is being communicated,
yet i'don't have the foggiest of clues :?

Don't worry, you're in good company

Why are there guys who try make simple things sound as complicated as possible to obscure the truth and there are guys who try to make complex things as simple as possible to reveal the truth?

The visibility of the transactions in the blockchain enables anyone and everyone to confirm the validity of the ledger. Cryptonote does not have this visibility, therefore the validity of the transactions cannot be confirmed, which means there is no independent way of verifying that the implementation or the protocol have not been broken.

It could be broken, we dont know and we have no way of showing that it is not being exploited right now.

That's not true. You can verify Monero's coinbase as you do in Bitcoin.

Yes, but not the rest of the chain unfortunately.

Not sure what you're talking about, even when CT is implemented, you can still validate the coin total.


"[–]fluffyponyzaXMR Core Team 3 points 2 months ago

"So, having only the blockchain data, is it possible to mathematically prove that all blocks inside followed the rules?"

Yes - read gmaxwell's write-up on CT and you'll see that amounts can still be verified.

To illustrate it as simply as I can: imagine if every transaction input was 1000 XMR. But, using ring signatures, you mix your real input of 55 XMR with a bunch of other ones that adds up to 1000 XMR. Analysing the blockchain we can still verify that it adds up to 1000 XMR, but we can't tell which value is yours."

[GingerAle]

The elephant in the room is monetary properties, not technical ones. It's very simple, for tier 1 monetary assets:

Good crypto = Public Blockchains
Bad Crypto = Obscrued Blockchains

For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

So you should therefore be discussing the merits of Good/Bad crypto within the domain of Public Blockchains explicitly or Good/Bad crypto within the domain of Obscured Blockchains explicitly since they are distinct monetary domains and obscured blockchains do not have any native (unbacked) monetary properties in the first place - even if it is "good crypto".

You are still singing this tune, eh?

For those just tuning in, you should know that this guy is responsible for the brilliant statement of

"Cryptography has never been a significant part of cryptocurrency - even though it may share the first few letters. "

This occurred during a very heated debate in what I hoped we could consider "classic" DASH vs XMR threads, which were quite literally 1 year ago.

https://bitcointalk.org/index.php?topic=1001642.msg10921597#msg10921597

Which was politely responded to by gmaxwell

Cryptography has never been a significant part of cryptocurrency - even though it may share the first few letters. It works on a system of digital signatures.

It would seem that you actually do not understand what cryptography is in the modern sense.

A fundamental nature of information is that it wants to be freely copied everywhere to everyone. That any bit is equal and indistinguishable from any other bit of the same value and that any bit is eventually known to all who care.  Cryptography is all that technology by which we hope to confine and constrain the nature of information, to put up fences and direct it to our exclusive purposes, against all attacks and in defiance of the seemingly (and perhaps actually) impossible.  Digital signatures are cryptography by any modern definition and utilize the same tools and techniques (for example, a DSA signature is a linear equation encrypted with an additively homorphic encryption), and suffer from most of the same challenges as the message encryption systems to which you seem to be incorrectly defining cryptography as equivalent.  Moreover, the use of digital signatures isn't the only (or even most relevant) aspect of cryptography in cryptocurrencies-- e.g. the prevention of double spending of otherwise perfectly copyable and indistinguishable information in a decentralized system is a cryptographic problem which we address using cryptographic tools, and-- like all other practical cryptography-- achieve far less than perfect confidence in our solution. As are more modest ends like interacting with strangers but not being subject to resource exhaustion from them.

Far more so than other sub-fields of engineering, cryptographic systems are doing something which is fundamentally at odds with nature and share an incredible fragility and subtly as a result (and perhaps all are failures, we have no proof otherwise).

A failure to understand and respect these considerations has resulted in a lot of harmful garbage and dysfunctional software.

And then by andytoshi

Can you (or Tok) point to a part of a cryptocurrency which isn't cryptography?

the dev team, the website, any part of the wallet not doing a cryptographic function, the buyers, the masternode operators, the network transport, whatever isn't going into a cryptographic function.

This thread is moving pretty quickly (ten pages of mudslinging in half as many hours!) so I'm not sure you'll see this, but there's an important misunderstanding here. You're right that the human beings aren't cryptographic (e.g. the development team, market participants, etc) --- though it's important to observe that this makes them very unsuited to cryptographic functionality. gmaxwell had an elegant description of cryptography as "technology by which we hope to confine and constrain the nature of information" despite information respecting no ownership, borders or morality. He described this as "inherently subtle and fragile", which it is, but this indifference to political and social pressure also make it efficient (human trust is expensive to build and maintain!) and robust against a lot of political and social pressures that human systems are not. This robustness is the cypherpunk motivation for bringing cryptography into everyday life: anything we have the technology to do cryptographically rather than socially ought to be, since social systems can change quickly and unjustly. Nowhere is this more true than finance, so cryptocurrency is a perfect environment for this kind of thing. So cryptocurrencies try to eliminate human decision points wherever possible, and where not they try to set things up so others can't override each others' decisions (hence the value implied by buzzwords like "decentralization" and "censorship resistance" and "public verifiability").

I'm not entirely clear on what masternodes do these days, but I infer that their actions affect users' privacy, i.e. they are "confining and constraining" information. This is a cryptographic function too. Human decisions may factor into their behaviour, but they are still performing a cryptographic function; human involvement does not change this, only changes the failure modes.

All this to say that basically the entirety of cryptocurrency really is cryptography. Even many of the human parts. The network transport is part of the cryptosystem: it needs to be designed to prevent modification of data in transport, authentication of data even when endpoints are anonymous and spoofable, etc. A wallet is part of the cryptosystem: it's responsible for creating verification keys ("scriptPubKeys" in Bitcoin, which are usually abbreviated to addresses) whose corresponding private keys are controlled by the correct parties to the correct extent, and for correctly and securely storing these keys. Wallets are decoupled from the main cryptocurrency cryptosystem, and in particular are not part of the hard part --- consensus code --- but they are certainly cryptographic and are subject to the same sort of subtle missteps as other cryptosystems. (For example, the oft-cited BIP32 "bug" where a party in possession of a public key and chaincode can derive the secret key from a non-hardened child secret key; it would not be hard to come up with a plausible-sounding system which "unintentionally" exposed secret data through this mechanism.)

I'll repeat my above statement: basically the entirety of cryptocurrency really is cryptography. This is important. It's why things are so subtle, why complexity is dangerous, and why changing even trivial-seeming things can have drastic and hard-to-analyze consequences. This is where "a lot of harmful garbage and dysfunctional software" comes from. It's the default for poorly-thought-out systems. And in cryptography, "poorly thought out" means anything less than expert cryptographers spending large amounts of time and effort designing things to be both correct and clearly correct. (Given how few experts there are in the cryptocurrency space, I could tell you that almost all of it is shit just by the pigeonhole principle .)

This is not a cheap standard to hold a system to even if its designers want to; and falsely claiming that something is not cryptographic is an easy way to excuse not wanting to. But such claims do not change reality.

The encryption of data through cryptography is the foundation of cryptocurrencies.

This is simply false.

At the end of the day, reader, whomever you are, you are obviously free to do whatever you wish and listen to whomever. Just know who (and what) you're getting in bed with.

[toknormal]

For those just tuning in, you should know that this guy is responsible for the brilliant statement of

A bit desperate.

[AlexGR]

We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

I've already explained the critical difference between the two. One has an ongoing cost to bad actors, the other does not.

You are leaving aside multiple costs for the bad actor. Devaluation for the coin by harming it, inflation costs for the holder (which are only partially mitigated by masternode rewards, yet maxcoins is >3x of current supply), mass acquiring costs that lead the price upwards (it's not the same, in terms of market-prices, buying 100 dash and 400.000 dash to buy 400MNs), etc.

The lack of any quantifiable cost means is that attacks are plausibly unbounded. More mixing will not save you.

If you involve 1 MN for mixing, and 10% of them are crooked, you have 10% of being deanonymized by hitting the crooked MN.
If you go in 2 rounds, with 2 different MNs, your chances go to 10% of 10%.
In the third round you have 10% of 10% of 10% chance.
...etc etc.

Multiple round mixing was designed specifically to address the bad actor scenario.

Was there any peer review of the InstantX white paper whatsoever? Was TPTB the first one to catch the error 1+ years later?

The "error" involves broken game theory for the attack vector.

If we are just trying to find theoretical "dangers" but ignoring the underlying game theory, then Bitcoin and all crypto are already dead. They aren't because they are based on game theory, costs and rewards for the attacker etc.

[Macrochip]

^What do you mean "broken game theory"?

I can understand Anonymint! I had similar thoughts like him!
I mean take clothes for example. Some people seem to think they're a good idea, but I -being the unsung genius of our time- recognized after painstaking analysis a simple but glaring failure of clothes everybody seems to have ignored: They don't protect you from meteorite impacts!

Now don't try to distract from this gigantic design error by citing "probability" or similar nonsense! It doesn't change the fact that anyone hit by a meteorite is going to die even though he or she was wearing clothes! That's why I decided to stay naked for the rest of my life, because it's not going to make any difference when the meteorites strike!

Now give me money so I can pay medical bills! For some reason I keep getting sick!

[smooth]

Was there any peer review of the InstantX white paper whatsoever? Was TPTB the first one to catch the error 1+ years later?

The "error" involves broken game theory for the attack vector.

I'm referring to the "high school math error". That's not game theory, it is arithmetic.

(Of course game theory would also be a very legitimate topic for peer review, but that wasn't what I was asking.)

[AlexGR]

I've seen the discussion between Evan and TPTB_ which went something like "oh this could be lowered to 0.% of transactions even if the attacker held XXX masternodes", and then after some back and forth it degraded to "Oh the masternodes are illegal in the usa, the financial authorities this, and that" etc etc.

[bitcoin carpenter]

^What do you mean "broken game theory"?

I can understand Anonymint! I had similar thoughts like him!
I mean take clothes for example. Some people seem to think they're a good idea, but I -being the unsung genius of our time- recognized after painstaking analysis a simple but glaring failure of clothes everybody seems to have ignored: They don't protect you from meteorite impacts!

Now don't try to distract from this gigantic design error by citing "probability" or similar nonsense! It doesn't change the fact that anyone hit by a meteorite is going to die even though he or she was wearing clothes! That's why I decided to stay naked for the rest of my life, because it's not going to make any difference when the meteorites strike!

Now give me money so I can pay medical bills! For some reason I keep getting sick!

Genius logic..

[generalizethis]

I've seen the discussion between Evan and TPTB_ which went something like "oh this could be lowered to 0.% of transactions even if the attacker held XXX masternodes", and then after some back and forth it degraded to "Oh the masternodes are illegal in the usa, the financial authorities this, and that" etc etc.

Not even. Evan asserted that tptb had miscalculated something and ran away after tptb corrected him. The same thing happened when I confronted Evan about X11--though I had some help from Shelby on understanding the problem.

[AlexGR]

Monerotards....  

The Monerotards just can't ever admit that someone else could do anything they couldn't do and give proper credit and respect where it is due. Sigh.

And then they wonder why their shitcoin is going no where and those who have the talent to make it go somewhere are not motivated to join with their sick attitudes.

You guys are hilarious. Keep making excuses to deny reality but it won't help you in the real world.

Not even one thank you for pointing an egregious error in Shen's proposed solution which could have enabled me to crash your market price had I withheld the information and supplied it after you implemented a hard fork with the design error. Instead I get verbal diarrhea about senile rage. My and the community wide anger against Monerotards, is because of for example your Shen's condescending verbiage and now more of it from all you key persons in the Monerotard community and even the lead developer.

[generalizethis]

Monerotards....  

The Monerotards just can't ever admit that someone else could do anything they couldn't do and give proper credit and respect where it is due. Sigh.

And then they wonder why their shitcoin is going no where and those who have the talent to make it go somewhere are not motivated to join with their sick attitudes.

You guys are hilarious. Keep making excuses to deny reality but it won't help you in the real world.

Not even one thank you for pointing an egregious error in Shen's proposed solution which could have enabled me to crash your market price had I withheld the information and supplied it after you implemented a hard fork with the design error. Instead I get verbal diarrhea about senile rage. My and the community wide anger against Monerotards, is because of for example your Shen's condescending verbiage and now more of it from all you key persons in the Monerotard community and even the lead developer.

He has since changed his opinion of Shen and admitted he's a more than capable cryptographer--his opinion of Evan has gotten worse over time, but nice attempt to change the subject. 

What were talking about, oh how Evan fails hs math and runs away when it's pointed out to him.