rpietila Wall Observer - the Quality TA Thread ;)

[statoshi]

Risto often points out and stresses that Bitcoin has always had a history of 'deep dips' and 'never to sell below ATH', I totally agree. But, what is your current prediction or estimate on the current market situation, Risto? Things are a bit worrisome, we're on a freaky slide right now!! I think some around here need some positive words.

Looking at the price alone is worrisome, but I've seen more innovation in the Bitcoin ecosystem in the past 6 months than in all the time prior. I suspect that eventually these new services will result in greater adoption and the price will rise again along with demand.

[1714490026]

1714490026

[1714490026]

1714490026

[NotLambchop]

Wait, you actually take him seriously?  
Reality check:  How much was BTC going for on Aug. 15th?

[Odalv]

So I'll send 2 transaction, is this possible ?
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1

Let's do one at at time. This one needs to be signed using both inputs. so

input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1 + ring-sign with a2

You can't spent a2 without a valid signature (ring or otherwise)

OK np,  I have both private keys, so I'll sing(ring or otherwise).  What will be content ? (what I'm signing)

[smooth]

So I'll send 2 transaction, is this possible ?
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1

Let's do one at at time. This one needs to be signed using both inputs. so

input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1 + ring-sign with a2

You can't spent a2 without a valid signature (ring or otherwise)

OK np,  I have both private keys, so I'll sing(ring or otherwise).  What will be content ? (what I'm signing)

Now you are getting into an area the details of which I'm still working to fully understand in the code. But you are signing at least some portion of the transaction you create to spend the outputs, if not all of it.

[Odalv]

So I'll send 2 transaction, is this possible ?
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1

Let's do one at at time. This one needs to be signed using both inputs. so

input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1 + ring-sign with a2

You can't spent a2 without a valid signature (ring or otherwise)

OK np,  I have both private keys, so I'll sing(ring or otherwise).  What will be content ? (what I'm signing)

Now you are getting into an area the details of which I'm still working to fully understand in the code. But you are signing at least some portion of the transaction you create to spend the outputs, if not all of it.

But if I'm able to ring-sign input then I can use my old pubic key (I know private key) sing your input (I do not have private key only public) :-)

[smooth]

So I'll send 2 transaction, is this possible ?
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1

Let's do one at at time. This one needs to be signed using both inputs. so

input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1 + ring-sign with a2

You can't spent a2 without a valid signature (ring or otherwise)

OK np,  I have both private keys, so I'll sing(ring or otherwise).  What will be content ? (what I'm signing)

Now you are getting into an area the details of which I'm still working to fully understand in the code. But you are signing at least some portion of the transaction you create to spend the outputs, if not all of it.

But if I'm able to ring-sign input then I can use my old pubic key (I know private key) sing your input (I do not have private key only public) :-)

No, you can't sign with a public key by itself. You can only add one or more public keys to an otherwise valid signature, but there has to be a private key already present to make the signature valid. You can't sign my output without my private key. I can do it and add your public key, but without my private key, you can't.

This is the SIG step on page 9 of the CN whitepaper if you want to read it. You need a valid key pair (puiblic and private) for the output, plus a set (possibly empty) of other public keys.

[Odalv]

So I'll send 2 transaction, is this possible ?
input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1

Let's do one at at time. This one needs to be signed using both inputs. so

input ( a1=5 XMR, a2=5XMR )  output( g1=2 XMR, a3= 8 XMR )   -> ring-sing with a1 + ring-sign with a2

You can't spent a2 without a valid signature (ring or otherwise)

OK np,  I have both private keys, so I'll sing(ring or otherwise).  What will be content ? (what I'm signing)

Now you are getting into an area the details of which I'm still working to fully understand in the code. But you are signing at least some portion of the transaction you create to spend the outputs, if not all of it.

But if I'm able to ring-sign input then I can use my old pubic key (I know private key) sing your input (I do not have private key only public) :-)

No, you can't sign with a public key by itself. You can only add one or more public keys to an otherwise valid signature, but there has to be a private key already present to make the signature valid. You can't sign my output without my private key. I can do it and add your public key, but without my private key, you can't.

This is the SIG step on page 9 of the CN whitepaper if you want to read it. You need a valid key pair (puiblic and private) for the output, plus a set (possibly empty) of other public keys.

I have: myPublic,myPrivate
You have yourPublic,yourPrivate

I can ring-sign your input, if I know your public key.

It guarantees that someone in the group has the private key that enabled him to sign a transaction spending the output. This allows an observer to verify that the output has been spent by the authorized party (someone with the private key) but does not allow the observer to determine which of the group is the authorized party.

I'll simply add your PUBLIC and use my private ... no one know (except me :-) )

[smooth]

I have: myPublic,myPrivate
You have yourPublic,yourPrivate

I can ring-sign your input, if I know your public key.

I fear we are going around in circles now.

But one more time. You can't sign a valid transaction spending my output using my public key. It would require my private key. You can sign a valid transaction spending your transaction with your private key. All you can do with my public key is add it to your signature spending your output, obscuring the fact of which output was spent. This is just obscuring your spend with my public key, not spending my output.

In both cases, a foreign public key can be added but you can't construct a valid transaction without the private key.

[Odalv]

I have: myPublic,myPrivate
You have yourPublic,yourPrivate

I can ring-sign your input, if I know your public key.

I fear we are going around in circles now.

But one more time. You can't sign a valid transaction spending my output using my public key. It would require my private key. You can sign a valid transaction spending your transaction with your private key. All you can do with my public key is add it to your signature spending your output, obscuring the fact of which output was spent. This is just obscuring your spend with my public key, not spending my output.

In both cases, a foreign public key can be added but you can't construct a valid transaction without the private key.

>  You can't sign a valid transaction spending my output using my public key.
Maybe I can't and there is something.

But I'm sure I can create valid ring-signature using MyPublic, YourPublic and MyPrivate keys. Even I can produce fake "key image" because no one can verify it.

I'm asking why I can't?

[smooth]

But I'm sure I can create valid ring-signature using MyPublic, YourPublic and MyPrivate keys.

You certainly can, but it won't be a valid signature to spend my output, only your output.

That's because it will fail the VER step (page 10 of above mentioned whitepaper) when applied to my output. It will pass the step when applied to your output.

Even I can produce fake "key image" because no one can verify it.

No. The key image is an input in to the VER step, and the signature won't verify with an invalid key image. Which is to say, it can be verified. The key image also needs to be unique (not used before -- LNK step) but this only matters once the signature containing the key image is verified. It won't be if you try to use your private key and my output.

EDIT:

Oh, I think I understand what you're saying. You are saying that the verifier can't tell whether your output was spent or mine. This is true. The difference comes from the LNK step, where I'm still able to spend my output once you've done this but you can't spend yours again. That's because I can create another valid key image with any ring signature containing my output, and you can't create another valid key image for any ring signature containing yours.

So you see, my output has not been "spent" here, because I'm able to spend it later (by producing a different, but valid,  key image). Yours has been spent, because you won't be able to do this.

[Odalv]

But I'm sure I can create valid ring-signature using MyPublic, YourPublic and MyPrivate keys.

You certainly can, but it won't be a valid signature to spend my output, only your output.

That's because it will fail the VER step (page 10 of above mentioned whitepaper) when applied to my output. It will pass the step when applied to your output.

Even I can produce fake "key image" because no one can verify it.

No. The key image is an input in to the VER step, and the signature won't verify with an invalid key image. Which is to say, it can be verified. The key image also needs to be unique (not used before -- LNK step) but this only matters once the signature containing the key image is verified. It won't be if you try to use your private key and my output.

EDIT:

Oh, I think I understand what you're saying. You are saying that the verifier can't tell whether your output was spent or mine. This is true. The difference comes from the LNK step, where I'm still able to spend my output once you've done this but you can't spend yours again. That's because I can create another valid key image with any ring signature containing my output, and you can't create another valid key image for any ring signature containing yours.

So you see, my output has not been "spent" here, because I'm able to spend it later (by producing a different, but valid,  key image). Yours has been spent, because you won't be able to do this.

Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use  VER to find out who is really spending ?

[fluffypony]

Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use  VER to find out who is really spending ?

This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalk.org/index.php?topic=583449.0

Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter.

Rem tene verba sequentur, as they used to say.

[JayJuanGee]

Wait, you actually take him seriously?  
Reality check:  How much was BTC going for on Aug. 15th?

I just made a post in that thread related to this particular point.

https://bitcointalk.org/index.php?topic=740394.msg8875563#msg8875563

In sum, I believe that Risto makes a lot of good points in his various posts regarding the price movements of bitcoin and the various factors influencing BTC prices, and maybe some of the contents of his various posts and the specifics of his various posts need to be taken with a grain of salt - as with the contents of any posters within these public forums.  I tend to take what I consider to be too much emphasis on math with a grain of salt; however, even with mathematical emphases, we can learn about price movements and influential dynamics within the BTC space.

 Even though Risto may be wrong from time to time, and even seems to be exaggerating from time to time, he does tend to provide a considerable amount of reasoning to back up his points that should help readers to arrive at their own conclusions rather than just accepting what he says lock, stock and barrel...

[NotLambchop]

...Even though he may be wrong from time to time, and even seems to be exaggerating from time to time, he does tend to provide a considerable amount of reasoning to back up his points that should help readers to arrive at their own conclusions rather than just accepting what he says lock, stock and barrel...
...

He's an intelligent guy.  That makes his reasoning seem solid to less intelligent guys.  Not sure if intentional sophistry, but more likely just manic ramblings.  Manics are fun, fascinating, often contagiously optimistic, and often successful folks.  They make awesome salesmen

[JayJuanGee]

...Even though he may be wrong from time to time, and even seems to be exaggerating from time to time, he does tend to provide a considerable amount of reasoning to back up his points that should help readers to arrive at their own conclusions rather than just accepting what he says lock, stock and barrel...
...

He's an intelligent guy.  That makes his reasoning seem solid to less intelligent guys.  Not sure if intentional sophistry, but more likely just manic ramblings.  Manics are fun, fascinating, often contagiously optimistic, and often successful folks.  They make awesome salesmen

That is one of my concerns about Jorge; however, I was NOT really of the belief that Risto falls in the same category

To give you the benefit of the doubt in this regard, NotLambChops, this could be a matter of degree regarding how much purposeful deception is going on versus just irrational exuberance.  

I have much more tolerance for irrational exuberance (which seems to be your characterization of Risto's posts) than I do for purposeful deception (which seems to be my characterization of Jorge's posts).

Further, I consider that my tolerance level regarding purposeful deception as compared with irrational exuberance is NOT materially affected whether either of these is used in the direction of bear-ish or bull-ish predictions/assessments.

[Odalv]

Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use  VER to find out who is really spending ?

This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalk.org/index.php?topic=583449.0

Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter.

Rem tene verba sequentur, as they used to say.

Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ?

Edit:
If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring singature of YOUR input with my privateKey ... and output to my address.  What transaction will win ?

[NotLambchop]

...
To give you the benefit of the doubt in this regard, NotLambChops, this could be a matter of degree regarding how much purposeful deception is going on versus just irrational exuberance.  
...

Not sure what you mean--I said I'm leaning towards it being sincere manic ramblings.
As far as me thinking him manic?  That whole Magalonode Summit incident (after which he checked into a sanatorium), reads like a textbook example.

[JayJuanGee]

...
To give you the benefit of the doubt in this regard, NotLambChops, this could be a matter of degree regarding how much purposeful deception is going on versus just irrational exuberance.  
...

Not sure what you mean--I said I'm leaning towards it being sincere manic ramblings.
As far as me thinking him manic?  That whole Magalonode Summit incident (after which he checked into a sanatorium), reads like a textbook example.

You could be correct, and maybe I am just working off of incomplete information?

I read about an incident (including various aspects of Risto's own rendition) in which Risto gave up control of his laptop with bitcoins and then went on some drama and blaming and seeming failure(s) to take responsibility for his own sloppiness; however, I am NOT clear how that would necessarily rise to the level of purposeful deception (unless you are suggesting that the incident demonstrates that he is NOT acting in good faith b/c he has issues regarding his ability to take responsibility for his own sloppiness?).  

Further,  in my thinking, checking into a sanatorium would also be insufficient to cause me to conclude that someone is purposefully deceiving.... so in that regard, I believe that there can be "sincere manic ramblings" without them devolving into a category of purposeful deception. 

I am NOT totally closed on this point b/c with further evidence, I may be willing to reconsider my tentative conclusions.  I also believe that the topic could be important because Risto remains a fairly influential persona in the BTC world (especially overall on this forum, and even he has gained some mainstream press attention for his various "contributions" and/or assertions).  However, this thread does NOT seem to be  a great place to engage in such pursuits, especially given the fact that Risto manages this thread - and maybe it would cause self-censoring or even impressions of biasness to see which posts survive.... and really, I find it quite irritating to go through the efforts of composing a thoughtful post that I believe is contributing to the conversation and then to have it deleted by someone who has a different view of the meaning of "contribution."

[NotLambchop]

... I said I'm leaning towards it being sincere manic ramblings.
...

I'm saying just that.  More likely than not he's sincere.  Not sure why we're stuck on this.

[JayJuanGee]

... I said I'm leaning towards it being sincere manic ramblings.
...

I'm saying just that.  More likely than not he's sincere.  Not sure why we're stuck on this.

Sorry, we may be more or less in agreement, again.   

However, when you post a caricature of Risto (even though funny), I may get distracted that there may be some attempts at ad hominems, rather than to really explore relevant and material substantive issues. Sorry, that may just be my own distraction(s).