Can we really trust CryptoNote code?

[Varuna]

Hi, I'm in the process of evaluating various codebases for developing a new coin and I stumbled upon CryptoNote.
Before being spread and advocated by the CryptoNote foundation, the codebase was used for creating Bytecoin, a secretely 80% premined coin, which many have seen as an attempt to create a pump and dump coin.
The code contains a library, called epee, which has been written by a notorious russian botnet creator.
Given that premises, many questions arise, which have not fully or credibly answered by anyone (including the Monero team which reviewed the code and decided it was ok to build a coin upon it):

- why should anyone want his code to be used for creating other coins? What is the hidden agenda of CryptoNote foundation?
   (the motivations given in CryptoNote foundation's page are not credible, and I personally suspect they implanted some sort of hidden vulnerability and will exploit it as soon as Monero or other CryptoNote-based coins reach a sufficiently high price, or they could transform a coin's network into an extremely dangerous botnet)

- I have read CryptoNote's White Paper and its review made by a Monero-paid mathematician and I have to say the latter did not convince me at all.
  The review has been performed on the White Paper and not on the code. What warranty do we have that the code really implements what's on the White Paper and does not contain some trojan horse/botnet code?
  I tried to read the code (I'm a professional analyst/programmer/system administrator) and I found it really difficult to follow it. Finding a backdoor in code written by others is not trivial.
  One should basically trust CryptoNote's team...
  
- Every time Monero team answers to people asking about CryptoNote, they simply end their sentences with "every CryptoNote-based coin, except Monero".
  I don't see strong evidence for excluding Monero from the group of CryptoNote-based coins.
  Their code is not significantly different from that of CryptoCoin and my suspect is that they do not "own" the code, just like me and other people who attempted to read it.

I do not want to bash or advocate anyone. I just want to know if CryptoNote codebase can be safely used to create a new coin.

[becoin]

Don't trust any code that you can't read!

On the other hand, people that write such code should understand that their code should be easily readable if they want wide spread adoption.

[Varuna]

Well, in the Open Source world (to which I belong), people decide to publish their code because they love to share it or because the project will benefit from the community effort to review, amend, complete and further develop the code. That's why Open Source code is usually well commented, well formatted and well documented.

I haven't found request for collaboration on CryptoNote Foundation site... What is their goal?

Here (I mean in the code of every cryptocurrency) we have code that deals with peer to peer decentralized communication between nodes, which is also the way botnets work.
The epee library (written by a well known botnet creator) contains code that allows each part of the peer-to-peer communication to issue commands that are executed by the other part.
My concerns regard the possibility for a malicious node to execute harmful (botnet-connected) code on another node.

If I was a botnet creator, I would develop a software platform for creating cryptocurrencies, hide my botnet code inside that software and let others create lots of cryptocurrencies.
The PCs of the miners would then become zombies of my botnet and I could direct my attacks toward any target of my choice by activating the malicious code hidden in the software.

Just my thoughts.
Waht do you think about it?

[bathrobehero]

Kind of bumping this as I'm interested in more discussion.

[Varuna]

Here the review of the CryptoNote whitepaper is described as "informal":

http://monero.stackexchange.com/questions/2751/what-type-of-security-audits-has-monero-received

and it has been performed by someone, Surae Noether, who describes himself as matematician, but does not disclose his real identity.
His credibility, in my opinion, is near zero.

Moreover, as far as I know, no real deep analysis of the code has been performed from the point of view of security.

It is true that the code is Open Source, but an ordinary software developer with no knowledge of cryptography and peer-to-peer communication would not be able to spot malicious code.
The analysis should be performed by a specialist or better by a team of specialists, all of them with verifiable academic background.

[NeuroticFish]

It is true that the code is Open Source, but an ordinary software developer with no knowledge of cryptography and peer-to-peer communication would not be able to spot malicious code.

I somehow fail to understand this.
A developer, it he's good enough, will spot the malicious cod if it's there, this is not related to cryptography...

The analysis should be performed by a specialist or better by a team of specialists, all of them with verifiable academic background.

You do have a somehow valid point here, but it's still odd. Let me explain.
Meaning, if Monero team would pay for such a review/analysis, you will doubt it, because it's paid by them, don't you?
Apart of that, more independent reviews the better! Just I don't know who would do that for free, I expect it to be quite a lot of work.

[Varuna]

Well, the malicious code may or may not be related to cryptography. That's true.

The cryptography, on which the proof-of-work is based, may contain a way to reconstruct a private key from a public one. Only an expert cryptographer may be able to spot it.
Some math functions may seem unidirectional but they may not be such.
Monero's review of the whitepaper was aimed at addressing this kind of issues.
The reviewer basically says: OK, from my analysis of the whitepaper, from a mathematician's point of view, the concept of CryptoNote seems secure.
This, though, does not mean that the code is secure, since the code may or may not be an exact implementation of the concept and may contain malicious code.
The mathematician who performed the review did not analyze the code.
Moreover, we don't know anything about the reviewer. Is he an academic? Is he an amateur? Is he nothing at all?

The malicious code may not be related to cryptography at all. It could, instead, allow the creation of a very large botnet.
The analysis should be performed by an expert of botnets and peer-to-peer communication.
The communication protocol should be analyzed in order to exclude the possibility of it to be used to direct, for example, thousands of requests to a single IP address in what is called a DDoS (Distributed Denial of Service).
Think about it. You have a software which is running on thousands of devices and contains code created with the legitimate purpose of coordinating nodes...
May that code be diverted from its legitimate use and used instead to attack a vulnerable target? Attacks of this type have already been directed against well known exchanges like Kraken, Coinbase and BTCChina. The attacker could ask for big money for stopping the attacks.

I did not say that Monero should not be paying for those analyses. Whoever does them, though, should possess enough credibility in the field of cryptography and/or botnets.
His identity should, therefore, not be hidden and be, instead, verifiable.

[NeuroticFish]

Think about it. You have a software which is running on thousands of devices and contains code created with the legitimate purpose of coordinating nodes...
May that code be diverted from its legitimate use and used instead to attack a vulnerable target? Attacks of this type have already been directed against well known exchanges like Kraken, Coinbase and BTCChina. The attacker could ask for big money for stopping the attacks.

I run don't run the daemon often enough to see a threat in this.
And since it's a publicly available code, I trust the developer and crypto community that if somebody would be indeed this fishy, it would have come up already.

Monero has enough haters that want it badly to fail, so they would have shown or have exploited it already. And if that happens, some know and tell.
Really, if such botnet system would be in Monero and somebody would have activated it at least once, we would have known in a matter of minutes.

I did not say that Monero should not be paying for those analyses. Whoever does them, though, should possess enough credibility in the field of cryptography and/or botnets.
His identity should, therefore, not be hidden and be, instead, verifiable.

While I agree that the auditor should be somebody KNOWN, I would say that if this is paid by Monero team, it could still not be credible enough. After all, money corrupts.

And something I've missed:

- Every time Monero team answers to people asking about CryptoNote, they simply end their sentences with "every CryptoNote-based coin, except Monero".
  I don't see strong evidence for excluding Monero from the group of CryptoNote-based coins.
  Their code is not significantly different from that of CryptoCoin and my suspect is that they do not "own" the code, just like me and other people who attempted to read it.

From what I know (while I don't deny I like Monero and Cryptonote coins, I don't follow them that strict and I don't know them that well) Monero team has made quite a lot of fixes and changes in the original code and that's why they use to claim that Monero is quite a lot different from the original Cryptonote. After all, there are CN coins with wallet already; if it would have been easy, that wallet would have been forked for Monero too, I guess...

[NeuroticFish]

Well, you linked to somebody that was well known to try to get rich on Monero pnd and whose only purpose was market manipulation.
It's interesting how you link 2 bits of normal things with 2 bits of 3rd party crap.
I think that if you have the knowledge to look into the code, look deeper and find the answers.
But you mix the things so randomly that I start doubting that you looked into the code as good as you say and I start thinking that you may be just a secondary account of somebody well known in this forum.
While I'd say I gave you common sense answers, you came with plots and conspiracy theories. That's a field I don't want to go onto, so all I can add is "good luck with your research, if any".