Bitcoin Forum
November 08, 2024, 04:49:34 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: Is the OP correct?
yes - 47 (29.9%)
no - 79 (50.3%)
undecided - 31 (19.7%)
Total Voters: 157

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 »  All
  Print  
Author Topic: Bitcoin adoption slowing; Coinbase + Bitpay is enough to make Bitcoin a fiat  (Read 67172 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
April 29, 2014, 01:47:08 AM
 #361

The big picture:

https://bitcointalk.org/index.php?topic=365141.msg6447833#msg6447833

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
April 29, 2014, 10:36:40 AM
 #362

---------------------------- Original Message ----------------------------
Subject: Plz martin,  plz look at all the circumstantial evidence of a global plan
From:    AnonyMint
Date:    Tue, April 29, 2014 6:32 am
To:      armstrongeconomics@gmail.com
--------------------------------------------------------------------------

Come on Martin, don't be hoodwinked into thinking that Obama is just dumb.
He is doing the work of the global plan to collapse the economy and
maintain the globalist hegemony.

Please take my prior email and then also this new post into your calculus:

https://bitcointalk.org/index.php?topic=365141.msg6452672#msg6452672



Please Martin, your failure to grasp this so far, is your main error. And
you are very important voice of reason to those millionaires who are
targeted by the globalists in this coming economic collapse.

If we don't find a way for your readers to maintain their wealth in a
transportable form, then the globalists will win and take us into a global
technocracy of digital slavery.

As you have lamented, rare coins and artwork are not going be tranportable
this time, and also they are not a form of currency that is fungible
enough to keep commerce moving.

The ONLY SOLUTION is an anonymous crypto-currency.

What is Socrates saying about the possible rise of an anonymous
crypto-currency as an alterative to the state-controlled digital fiats you
see on the horizon??

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 02, 2014, 01:47:38 AM
Last edit: August 20, 2014, 08:54:22 PM by AnonyMint
 #363

Cross-posting from the following linked post:

https://bitcointalk.org/index.php?topic=558316.msg6501774#msg6501774


It is time to squash Proof-of-Stake once and for all. It can NEVER remain decentralized. Satoshi's Proof-of-Work is the only known solution to the Byzantine General's Problem (was a known unsolved problem since at least the 1970s).

Apologies I've been busy and hadn't had time to squash bytemaster's latest N.A.O.D. (nonsense algorithm of the day).

First of all, he never was able to address the issues I raised about Transactions as Proof-of-Stake quoted as follows.

This proposal appears to be flawed, unless I am missing something. I have only read the first 4 pages thus far.

1. You propose to decrease the coin rewards as coin-days-destroyed volume increases, so this makes it less costly for an attacker to obtain > 50% of the hash rate assuming the attacker includes all the transactions. You apparently are attempting to imply there is no useful attack to do if the attacker is including the most coin-days-destroyed? Please confirm or deny then I will dig into more analysis of this vector.

2. Also how do you choose between someone who generates a proof-of-work hash with lower coin-days-destroyed several times sooner than the network propagation delay versus another who generates it that much delayed with a higher coin-days-destroyed? If you choose the latter, then you've killed the proof-of-work incentive because it means it will always pay to be later and wait for more transactions to arrive.

3. You claim to defeat my Transactions Withholding Attack, by blacklisting those who send blocks with transactions that were not recently seen by all miners. I retorted against this recently. This centralizes the network (all for one and one for all outcome) by requiring every miner to be responsible for the incoming network connectivity of other miners. And it centralizes the network in other ways, such it can't tolerate a temporary partitioning of the network due to connectivity outages.

P.S. By coin-days-destroyed, I assume you mean coin value x days, otherwise you would motivate proliferation of dust.

The most significant flaw of any proof-of-stake system and any system that diminishes coin rewards, is it can't distribute currency from the hoarders to the users of the currency, thus it will end up with the hoarders (the banksters) accumulating all the coin and the currency usage dying.

This is because the wealthy spend a much lower % of their net worth than the masses do.

[snip]

Whereas those who actually mine are proactively using their time, ingenuity, initiative and capital to secure the network, thus it seems more capitalistic they should receive the redistribution from the hoarders. Besides it may beis the only viableplausible way to secure the public ledger.

The other attacks you describe all derive from the fundamental reason I declared all non-proof-of-work systems to be insecure back in April.

My logic was mathematically fundamental. The input entropy set is quite deterministic and well known and thus can be preimaged. For example, accumulating a lot of coin-days-destroyed and then targeting them in clever ways to subvert the security.

The randomness (entropy) of each proof-of-work is fundamental and mathematical and it can not be preimaged. It can only be surely defeated with > 50% of the network hash rate. Note I recently offered what I believe to a solution to the selfish-mining attack (the one at hackingdistributed.com that claims 25 - 35% attack).

I am skeptical that you can characterize all possible attack vectors of proof-of-stake in one coherent mathematical proof. Thus you will not know formally what the security is; instead a list of adhoc attacks and counter-measures.

[snip]

Edit: Perhaps coin-days-destroyed in some attack vectors motivates not transacting for long periods of time.



The bottom line is that no proof-of-stake system can ever remain decentralized.

They all will require some sort of delegation of reputation to achieve consensus. I would have to go through a laundry list of examples to cover all the cases. For example, in Transactions as Proof-of-Stake it is required to delegate trust of propagation to the other nodes as I explained above. Thus there needs to be some reputation system to enforce this, e.g. blacklisting, whitelisting, etc.. All the other proof-of-stake systems have a requirement for some form of delegated reputation.

I have many times explained to bytemaster and others the fundamental problem is that any system that attempts to replace proof-of-work will rely on some form of reputation, and reputation is centralization. And centralization is precisely what decentralized crypto-currency is not supposed to be because centralization will always end up control and manipulated (i.e. it is a fiat system).

Trust is orthogonal to reputation and centralization. I can trust Proof-of-Work, which is decentralized trust without reputation. Reputation isn't needed in Proof-of-Work, because the input entropy is fresh (can't be preimaged) on every new TB.

You can 75% attack it if you like, but your nodes wont have any trust, so that block chain will just be ignored.

(In any non-Proof-of-Work design, ) It is mathematically impossible for there to be external consensus trust of the honest chain if the dishonest chain is controlled by more than 51% of the peers. We've covered some of the scenarios upthread, and it always boils down to that the external viewers can not know who to trust except by trusting the majority of peers.

The only mathematical way around this is to centralize the network, by placing more trust in some peers than others over time.

Indeed long-term reputation is a mathematically viable alternative to Proof-of-Work. This is centralization. There are tradeoffs.

So this is not "7 billion individually watching the network", but rather a fewer # of peers with reputation being trusted. This is just the political power vacuum all over again with its contingent problems of vested interests Olsen power scramble:

https://bitcointalk.org/index.php?topic=226033 (No Money Exists Without the Majority)

Notwithstanding the above, any non-Proof-of-Work system can be attacked with much less than 51% of the peers, due to the fact that the input entropy is preimageable, as I explained upthread. Again the only way to work around this is to trust some established peers to guard against this.

Financial transactions must be recorded in a public or private ledger trusted by both the spender and the recipient, otherwise funds could be unspent or double-spent to a plurality of recipients. To provide a ledger that can't be captured, Satoshi described a proof-of-work (PoW) scheme where transaction peers communicating over the network compete to be the first to solve a computational puzzle which is unique for each block of transactions added to a public ledger. The security of this ledger against double-spends has three (3) essential requirements.

1. The computational puzzle can't be preimaged, i.e. nothing can be known about solving the puzzle until the prior block's puzzle is solved.

2. Without at least 50% of the aggregate computational power of all transaction peers, it is not possible to create a modified chain of blocks starting from any present or past block, which would contain more blocks than the block chain controlled by the remaining cooperating peers. Thus the longer chain is trusted.

3. The block chain is cryptographically linked in forward order, such that the historical proof-of-work and transactions can be independently verified at any time in the future. Thus the transaction peers may leave and rejoin the network at will without need for a trusted centralized storage.

Note security point #1 eliminates from consideration PoW schemes in which the puzzle is some real-world computational work because the puzzles are known a priori and are thus pre-imageable. Non-PoW voting and membership schemes disqualify because the ordering of designation of authority (to decide which transactions are in each block) to transaction peers is pre-imageable, or requires peers trusted by reputation which is centralizing on a slippery slope towards Olsen capture.

You must also consider the negative impacts of design features when you state the positive impacts.

Reputation has many downsides:

a. It can be stolen, e.g. threaten first to extort private key, then kill, and keep key.
b. Censorship based on metadata which doesn't always correlate rationally.
c. Discriminate against early adopters out of jealously, i.e. retribution for #b.
d. Regulatory authorities can require the BitName same as they now do Social Security # and Id. They can now establish the BitName is real, because it has (duration) reputation.

The high cost to transfer or revoke a name also has many downsides, e.g. see #d.

I thinking the pool operator (server) does so little relative to work of the pool miners that it doesn't need to charge a very high fee. Thus there isn't much ability (incentive for pool miners) to undercut competitors based on fee.

So there just needs to be a slightest incentive to encourage pool miners to seek out another pool as a pool grows large. This will encourage a poliferation of pools.

How do pool miners know that a pool server isn't cheating them by paying some of the earnings to themselves pretending to be a pool miner?

Go down that line of thought and you will discover what I am thinking.

The only way you can prove a pool isn't cheating is by estimating the hash rate of the pool and comparing it to the number of blocks found.  Unfortunately, you could probably still skim a couple of a percent this way.

Modern protocols (GBT & Stratum) both have the full coinbase transaction visible to the miners, meaning you can verify that the block being built will be paid to a certain address or has a certain message encoded in the block that identifies the pool.  This allows you to audit if the pool is trying to skim blocks if certain users start seeing work without a coinbase message that identifies the pool.  In the case of BTC Guild, it's both, they always pay to the same address and always include "Mined by BTC Guild" in the coinbase message.

It's not no-trust, but all it would take is a few % of users monitoring this to determine if a pool was trying to skim blocks by sending a certain % of work that doesn't include identifying marks.

How could anything less than 100% of the pool miners know if some of the coinbase transactions were to addresses not owned by pool miners who contributed shares?

Since you can never know if you are the 100% (because mining pool shares* are not recorded in the block chain), thus seems to me there is no way to verify if there is skimming or not, as bytemaster and I wrote.

*For those who don't know the terminology, a pool share is a proof-of-work hash below some threshold that is easier than the current network difficulty. It might also be a block solution.

Why don't you just use P2Pool? Is there any reason?

I was waiting for bytemaster to answer because I wanted to know his thoughts. Seems to me that you have no way to stop the Share Withholding Attack since it is decentralized. And every peer has to run more of a full client if I am not mistake. And there is a lot more overhead I believe. And perhaps also much less resistance against denial-of-service flooding. Frankly I didn't analyze for long enough to be very sure of my initial intuition which is to stay away from it.

I know it is generally impossible to enforce reputation on a 100% decentralized system. So I am intuitively skeptical of P2Pool.

P.S. I won't have time to go back here and debate. I am technically qualified and I am 100% sure I am correct.


I believe transactions-as-proof-of-stake (the heaviest subtree model) is probably the best alternative to proof-of-work - and it isn't all that good.

Agreed.  One issue is that it makes risk analysis difficult.  This means the simplicity of wait for x confirmations and you are safe (unless attacker has a majority of the hashrate) no longer applies.

I don't know if I have missed some discussion that would have changed the understanding I formed, but I pointed out egregious flaws in the original proposal for Transactions as a Proof-of-stake.

The fundamental math problem with using any metric from the block chain (or any consensus voting such as proof-of-stake) is that it can be gamed deterministically unlike proof-of-work which is a randomized process, i.e. the input entropy is not orthogonally unbounded as it is in the randomization of proof-of-work.


AnonyMint seems absolutely convinced that PoS cannot work. You both seem confident in your respective opinions. Does your CPoS system address any of his concerns?

It can't. Let them go ahead and waste their time (and probably other people's money). I have no desire to try to stop them from failing or doing another investment pump.

They will invent more and more verbose obfuscations of the fundamental issue of why PoS can't.

Btw, traditional financial systems are not fully decentralized.

Even if you did solve the insoluble issue of centralization as it applies to security of the block chain (in the most general sense where control to fork or influence the design of the system is considered an insecurity), you can never solve the problem that it doesn't redistribute coin from the accumulators in the power-law distribution of wealth back to the spenders, thus just like gold, it can never be a currency. The way society has solved that is socialism. PoW could in theory solve it by routing the debasement decentrally to the spenders, especially if the spenders are the ones mining (and no one seems to know how to make this happen but I think I do).

Nothing at Stake wasn't the problem. The argument that stakeholders won't destroy their investment is a red-herring strawman or off-topic! Our overlords who own our financial system now don't destroy their investment when they destroy us with their control of the financial system. Stakeholders can drive the system in directions that benefit the oligarchy, without destroying the double-spend security.

A Benevolent Dictator is preferable over an rent seeking oligarchy, because the latter can never do good due to a Tragedy of the Commons, at least former does sometimes (e.g. Julius Caesar).

PoS will always trend towards control by the accumulators in the power-law distribution of wealth. Even PoW does too unless you make mining uneconomic yet necessary. So that is why people have argued that it makes no difference and might as well use the one that consumes less energy and is more efficient.

But there are experts on both sides. Vitalik just recently being a convert. And SlipperySlope here as well.

I know gmaxwell has posted about 'Nothing at Stake' attacks, but that appears now to be a solveable issue. Infact, Vitalik wrote a whole article about them and it appears as a result of his article sparking debate, a solution was found.

Two very smart guys (cryptographers I believe), but my intuition is they lack holistic economics and political science understanding. They are math nerds.

SlipperySlope I believe is outside his field of expertise in crypto-currency. I don't think he is a cryptographer nor a programmer nor an economist nor a political scientist. He has an applied math background if I remember correctly, which is pretty general if considered in this context. If were in an applied math forum, I better shut up and listen more to him.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 06, 2014, 05:44:40 AM
 #364

Cross-posting...

Armstrong doesn't understand what is frontier now; thus his myopia on globalism

Armstrong is still exploring (attempting to refute) the contention about whether there is globalist agenda and what is/are the potential solution(s) to the enslavement of the people as fodder in geopolitical top-down control.

It amazes me that he apparently can't visualize what is obvious to me as the only potential explanation and outcome. Let me try to see if I can more convincingly elucidate the map I 'see' in my brain.

http://armstrongeconomics.com/2014/05/04/complexity-in-trends/

Quote from: Armstrong
COMMENT:  Marty,

This is a European reply to the Ukraine / CIA coup etc. discussion. For me, you now hit the nail on the head for we are experiencing both: revolutions AND coups !

Yes, there is global uprising by people against their corrupt government. By the way this is happening in every country, if you ask me, just in different stages for instance in central Europe the people are only grumbling by now but they will stand up sooner or later as well.

But there are also coups where mainly Europe and the US fight against each other riding any uprising wave to bring their cronies into foreign governments. Look at Ukraine: Merkel tried to bring this boxer and supported in parallel the blond princess just that the US won this time..

I am truly sorry for the people of Ukraine seeing their people killed for nothing. But what can one win when you uprise against a corrupt president but the next is just a new crony either supported by the West -let me call this kind of coups “democratic” invasion- whereas the East is invaded military by other corrupts ?!

Now, you regret and claim that the Europeans are so diverted by conspiracy thinking that they are not willing to fight for the Ukraine people. Why don’t you see it from this angel: Every family sending a son or husband to fight as a NATO soldier in Ukraine for the people first of all fights already for the corrupt governments of the West, and, as it looks now, would only support the next corrupt crony on either side, Western and Eastern part of the Ukraine.

No, this uprise by the people country-by-country is not to win at the moment. Only once this movement is getting global and insofar coordinated by if you like the invisible hand of Adam Smith, putting all corrupt governments plus their agencies plus their military leaders under pressure all together the same time, there is a chance for us, the people to fight a successful revolution for more freedom again.

But I am afraid, it looks more like 2032 onwards – the next public wave, isn’t it ?

J

REPLY: You may be correct that the big uprising is 2032. The 2014 turning point is the beginning – not the end and by no means the peak. Yes, we have people who are getting really fed up with this corruption. This will get worse as the economy turns down. Then we have government trying to retain power. These are individual trends and that is my point. This can never be reduced to a single cause and effect. It is far more complicated than that.

Exactly! That was my prior point to Armstrong. Why should we fight for either side (Russia or West) since we only fighting for the elite and their corrupt power structure.

Now here is the very key point. Pay close attention.

If the people can't win on a local level, then it means any proposed solution will be supporting loss of local sovereignty. You simply can't amass resources collectively and avoid the corruption of the power vacuum of democracy. Understanding Mancur Olson's (in his book The Logic Of Collective Action) thesis is fundamental to understanding where we are and are headed:

http://esr.ibiblio.org/?p=984 (Some Iron Laws of Political Economics)

Thus you see the ultimate outcome of this country-by-country uprising is to turn over control to those who have the levers of control (over the power vacuum) in the wider-scale collective, e.g. the USA, EU, Russian bloc, subservient Asia bloc (China).

And you can thus see it will culminate with war and then ending war with socialist "international cooperation". I refer readers to my prior post about the Long Wave Generational Cycle, and how the youth will take control 2032ish after a widespread chaos, and they will be indoctrinated with "international cooperation" themes (from their state schools, facebook, mass media, etc) such as the man-made global warming hoax.

So the end game of all of this is reset of the global order, discrediting local sovereignty, and awarding control the wider-scale globalists who will have the youth movement in their back pocket, just as they did in the 1960s in the USA.

And so tell me there isn't a globalist agenda and it is all just random chance that such as global order outcome is inevitable?

Now is there any other possible solution? Yes there is, and that is anonymous crypto-currency to defund the globalist beast. But this won't scale fast enough to derail the beast entirely. It can displace a portion of the beast.

So what is really happening in a bigger picture perspective? I explained this is the death of passive capital. The globalist beast is moving to higher economies-of-scale, because it is being made irrelevant by the death of the Industrial Age and the rise of the Knowledge Age, see following linked explanations:

https://bitcointalk.org/index.php?topic=355212.0
https://bitcointalk.org/index.php?topic=495527.msg6103426#msg6103426
https://bitcointalk.org/index.php?topic=557732.msg6077596#msg6077596 (read all my posts from this one going downthread)

We have two competing yet coexistent trends. The political-industrial passive capitalists (fascists) are consolidating power because their paradigm is an economic dinosaur which is being displaced by the competing trend. The competing trend is the rise of individual knowledge and power to reach the market and produce directly from one's brain (and computer).

So on the one hand we will see a rise in consolidation of global hegemony, Orwellian technocracy, and multi-national corporate fascism and massive decline in economic production, while only the other hand we will see the 'hackers' (the broader definition meaning knowledge worker) break away in a sub-economy and we will see much chaos and rapid economic growth in this subspace.


http://armstrongeconomics.com/2014/05/04/conspiracy-or-just-one-step-at-a-time/

Quote from: Armstrong
Yes, the CIA wanted me to build a computer for them after our model predicted the collapse of Russia That the FT broadcast in advance on its front page of the second section. True I declined. It is also true that within 6 months PEI was attacked. I have a copy of the slide presentation prepared by the lawyers for Republic National Bank that outright lied misrepresenting their illegal trading as me to hide those losses from the Japanese when I owned the accounts – not the Japanese.

Those in the Justice Department were ignorant of international currency transactions and in the criminal complaint they stated that they “have been informed by the attnorneys for Republic Bank”. The US Government did not even do the analysis. The notes were in yen which was what we owed – Japanese yen. What the dollar did was irrelevant – they were not dollar based notes. This was Safra trying to save his sale of the bank for $10 billion to HSBC. Then HSBC did its own due diligence and found the allegations were false and backed out. The allegations were all based on dollars not the currency of the note denomination – yen.

Safra then had to reduce his personal shares by $1 billion and agree to indemnify HSBC. Why? If the public got anything less, then they would have sued Republic/HSBC and the truth would come out. So Edmond took the haircut personally to prevent any lawsuit by shareholders.

I have the documents. So I know HOW this began and who did what. There was no coordinated group behind everything. It was one step at a time. Just as in Ukraine the West seizes the situation of a grassroots uprising to use it for its own benefit. This is how it always comes down – one step at a time – not some giant scheme carried out over decades. It is always the same pattern.

Martin speculates that the "Justice Department were ignorant of international currency transactions". He has no way to prove that they did not fully understand but decided to pretend they did not. This is just an example where a human is not as objective as a computer, because emotions and confirmation biases are difficult for humans to eliminate from their subjective analysis.

Any way, Armstrong has demonstrated nothing above about whether a global agenda exists or not. One can envision that to keep all the parties vested in a global agenda involves a lot of corruption and that corruption can't always be contained in predictable ways, and the system AUTONOMOUSLY adjusts to sustain the corruption (because corruption binds them together otherwise they could all be jailed). The evidence of that effect is the corrupt system put Armstrong in the slammer for 7 years on a bogus contempt of court charge.

Quote from: Armstrong
The case was steered to Judge Owen by the SEC to ensure they could control the case and moved to make sure there were no lawyers allowed even though corporations cannot be represented by a director. Nobody bothers with the law because they know it will take you years to get to the Supreme Court and the Second Circuit Court of Appeals is in the pocket of the Justice Department. So there is no possible way to obtain a fair trial in New York City. It will NEVER happen.

Goldman Sachs then hired Alan Cohen and put him directly on the board. This has never been done before. I believe because Cohen then seized all the evidence documenting the manipulation of markets to protect the other banks including files and many taped phone calls including with people at Goldman. The Princeton office was raided and Socrates was unplugged and taken to a special lab in NYC located in the World Trade Center – the old Saloman Brother’s building. They turned it on and discovered it had self-destructed. They then in writing demanded I turnover the source code or PEI would be shut down. I said go ahead, you will never get the code.

And with all the coorperation amongst a large group, amazingly Armstrong thinks the "NY Club" is isolated and not part of any larger globalist agenda. And he presents absolutely no proof to support such an incredulous position, given the volumes of evidence I have presented to show not only is there a globalist agenda, but there is actual laws and actions occurring that implement that agenda globally in every country on earth. Is Martin blinded to the Agenda 21 activities against farmers in Latin America?

https://www.google.com/search?q=Agenda+21+activities+against+farmers+in+Latin+America

Is Armstrong blind to the manipulation of Greece's economy done by Goldman Sachs, and then appointments of Goldman Sachs persons as leaders all over Europe recently.

http://www.independent.co.uk/news/business/analysis-and-features/what-price-the-new-democracy-goldman-sachs-conquers-europe-6264091.html

Quote from: Armstrong
First Republic pleads guilty to $700 million. The the head prosecutor Richard D. Owens explains to the court on January 9th, 2002 that in reality the notes were in yen not dollars and now Republic only needs to pay $650 million but the yen remained the same. Then 30 days later, it is now $606 million. Owens handed HSBC $400 million in profits belonging to Princeton.

Amazingly, when it comes to the banks, suddenly the government lawyers understand the transactions were in yen not dollars

Duh Martin, then why did you write that assumption above.

Quote from: Armstrong
Now, this is the sequence of events. Yes, you can create a conspiracy and say Goldman, CIA, and Safra all coordinated together to accomplish this. But the more likely than not truth, it is a sequence of independent events one step at a time that cascades into a mess they never foresaw.

Then please explain why Goldman has its tentacles throughout the EU fuckfest. You even noted that the creation of the EU was designed to be flawed. Is that random? No! It was by design.

Quote from: Armstrong
This is where the conspiracy buffs go wrong. They create false images of all-powerful groups that mysteriously manipulate the world for purposes that vary between world dominance to just greed. They cannot see that these are separate groups colliding and at times fighting among each other.

Martin you understand statistics. What is the probability of that level of integration by Goldman due to random orthogonal events and greed. ROUGHLY ZERO.

I am tired of this nonsense. Armstrong is smarter than this. I don't know why he can't do some actual research and overcome his confirmation bias. Obstinance?

Quote from: Armstrong
I do not see how it is possible to have some unified secret group that everyone agrees and extended for hundreds of years. This is inconsistent with human nature.

Because there is a power vacuum of democracy and it must be filled. You should understand thermodynamics.

This vested interest binds them together, because they can't win control of that power vacuum otherwise.

This is entirely consistent with nature.

Quote from: Armstrong
Now look at Ukraine. These conspiracy theorists just have to denigrate the people and presume it is some CIA plot so nobody cares about them. The people are incidental to them and incapable of rising up on their own. They deny human nature exists yet yell there is some all-powerful group to which I am blind. To them, the American Revolution and French Revolution are propaganda and the people were never capable of rising up on their own. They not only fail to understand politics yet claim to know everything about it without ever stepping behind the curtain to witness anything.

Armstrong is conflating orthogonal issues again. I am empathizing with the plight of the Ukrainians, but there is nothing we can do to help them, because we would be merely fighting for the elite and helping the manipulation. The only way for Ukrainians to win is either to have armed themselves with a gun under every blade of grass like in the USA, or for some technological solution to come which enables them to side-step (opt-out) of the power vacuum of democracy, i.e. defund the taxation and political-industrial complex.

And those prior revolutions were also manipulated for outcomes which favored the elite. We would need to get into a deep study of history to debate that, and I don't have time right now. I do believe there was more chaos at that time, because communication and travel was slower thus the chance we see now with anonymous crypto-currency was instead at the time taking the form of distance from the powers-that-be in Europe in the case of the American Revolution.

Quote from: Armstrong
These people project nothing but speculation connecting dysfunctional groups and linking them to statements of David Rockefeller to justify as proof. This idea of a one world government would eliminate war is stupidity. But it was behind the drive to create a Federalized Europe. Nevertheless, that is not proof that some group controls the world.

Armstrong also has nothing but speculation, at least I have provided volumes of evidence.

The difference now is that global technocracy is a reality and they can track everything. You bring the idealistic youth onboard and they will create an EU style fuckfest "international cooperation" for the entire world. And Rockefeller et al will have achieved their Agenda 21 consolidation of control and power over taxation and issuance of debt.

Quote from: Armstrong
There is no political system that has ever lasted intact because there is a correction process that comes from the grass-roots that we call – REVOLUTION.

The only effectual physical revolution you will be seeing are the zombie idealistic youth for "international cooperation", after the global war and chaos from 2016 to 2024 or 2032.

This globe has been shrunk by technology. The only remaining frontier for freedom is cryptography. Armstrong has a dinosaur perspective and he needs to correct this pronto!



"Protester Paul Connor sits on the lawns of Parliament House on day 34 of his hunger strike calling for climate change action, on Dec. 10, 2009, in Canberra, Australia."

Quote from: Armstrong
Rockefeller. His net worth of $2.8 billion is not very much in the scheme of things.

Rockefeller's true networth is in the $trillions and is hidden behind NGOs, corporations, etc..

Quote from: Armstrong
I have even sat at a Washington Dinner at the table with environmentalists who thought I and a friend Dick Fox being associated with Temple University were kin to their thinking. Their agenda is to reduce population growth using the environmental issues as the weapon to hide their true motives. This is the agenda behind global warming and the argued UN Article 21. We let them talk and then my friend Dick Fox who was Chairman of Temple University and the Fox Business School is names after him finally sprung the question on them. Whose grandchild are we trying to prevent from being born? Your’s or mine?

The Democrats have been sold on this environmentalist agenda, but I guarantee they have never heard what I heard that night. Obama is not into depopulation; he is just stupid and believes in global warming blaming cars and factories for the past 120 years being capable of changing the planet long-term. Obama is using the environmental movement not to depopulate, but to raise money and tax using the same theory of cigarettes just calling it the carbon taxes. The conspiracy theorists would then link Obama to depopulation as the secret agenda rather than agreeing further tax collection

Whether Obama is stupid or not is irrelevant because he isn't the mastermind. He could be (and is likely) compartmentalized. You again speculate. The reality is the agenda is being put into action, and the youth will be indoctrinated and ready to embrace it as "international cooperation".

Quote from: Armstrong
These people remain blind to the motives behind such taxes and cannot grasp that politicians are only about money.

No politicians are about sustaining the cooperation that keeps their brethren in control of the power vacuum of democracy.

That is a fundamental myopia of Armstrong. He must correct this.

Quote from: Armstrong
These conspiracy theorists connect everything as if some single mind controls everything. They cannot point to a single thing this group has done without speculation or bold statements they were behind it.

It doesn't even matter if there is a mastermind or not, the reality is Armstrong doesn't even identify the main trend in place, which is not just taxation but rather subjugating sovereignty to the collective on a wider scale as I have explained.

Quote from: Armstrong
They refuse to consider what if there is nobody actually in charge? What happens when all of these conflicting self-interests collide? Historically, you get revolution. That is the only way this will be resolved.

And now finally I understand why Armstrong doesn't get it. He thinks the revolution will be physical. He hasn't realized the world has shrunk due to technology, and physical revolution can't overcome the great powers and the global technocracy. These revolutions will all be manipulated by the great powers.

The revolution and frontier is cryptography. I've been trying to tell him this for several months.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 06, 2014, 11:14:56 AM
 #365

Cross-posting on cpu-only proof-of-work algorithm of CryptoNote:

Which file in the source code contains the proof-of-work algorithm?

I've tried to locate it and can't seem to find it quickly.

I want to analyze the cpu-only claim.

src/crypto/slow-hash.c

On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?

I do not think it is the memorycoin algorithm.

Analyzed it.

It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.

https://cryptonote.org/inside.php#equal-proof-of-work

Quote
3. GPUs may run hundreds of concurrent instances, but they are limited in other ways

See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:

https://bitcointalk.org/index.php?topic=355532.msg3976656#msg3976656

I pointed out that ASICs would implement AES much more efficiently:

https://bitcointalk.org/index.php?topic=355532.msg3977088#msg3977088

Here follows my conclusions.

  • slow and thus DDoS prevention will be hampered, which will also likely eliminate any chance of supporting 0 transaction fees
  • roughly both memory latency and computation bound (instead of the ideal of being only latency bound), thus if Tilera CPUs or GPUs add dedicated AES support or if ASICs are mated to large fast SDRAM caches, the cpu-only claim will fail.
  • it is not leveraging hyperthreads

In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.

Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 06, 2014, 05:55:13 PM
Last edit: July 22, 2014, 06:51:22 PM by AnonyMint
 #366

Another cross-posting on cpu-only proof-of-work algorithm of CryptoNote:

Which file in the source code contains the proof-of-work algorithm?

I've tried to locate it and can't seem to find it quickly.

I want to analyze the cpu-only claim.

src/crypto/slow-hash.c

On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?

I do not think it is the memorycoin algorithm.

Analyzed it.

It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.

https://cryptonote.org/inside.php#equal-proof-of-work

Quote
3. GPUs may run hundreds of concurrent instances, but they are limited in other ways

See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:

https://bitcointalk.org/index.php?topic=355532.msg3976656#msg3976656

I pointed out that ASICs would implement AES much more efficiently:

https://bitcointalk.org/index.php?topic=355532.msg3977088#msg3977088

Here follows my conclusions.

  • slow and thus DDoS prevention will be hampered, which will also likely eliminate any chance of supporting 0 transaction fees
  • roughly both memory latency and computation bound (instead of the ideal of being only latency bound), thus if Tilera CPUs or GPUs add dedicated AES support or if ASICs are mated to large fast SDRAM caches, the cpu-only claim will fail.
  • it is not leveraging hyperthreads

In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.

Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.

There is another egregious flaw in the proof-of-work algorithm.

AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 06, 2014, 10:11:34 PM
 #367

Cross-posting the follow up:

There is another egregious flaw in the proof-of-work algorithm.

AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scatchpad size size significantly from the 2MB.

In the memory hard phase, and it uses 256-bit key sizes.  This is followed by a number of SHA3 candidates at the bottom.  Even if you broke the memory hard AES phase, you'd still have to contend with those.

So, whoever breaks 256-bit AES keys in the memory hard section is awarded most of the hash rate for the network. Good for them, and good luck to them.

I have no real concern with keeping it "CPU only". Whoever innovates the first GPU miner or ASIC miner or whatever should be rewarded accordingly for their efforts.

I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.

In short, AES encryption is not a cryptographic hash function and shouldn't be employed as one.

Thus I am not talking about breaking CryptoNote's slowhash function, rather I am pointing out that by misusing AES encryption, you are breaking the memory hard assumption.

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 07, 2014, 02:27:17 AM
 #368

Cross-posting again on one more followup:

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.

In any case, I changed it to say "CPU only currently".

As the algorithm currently is implemented, I believe that is more honest for the time being.

If AES was replaced with a true cryptographic hash that was exceptionally faster (so that it would be only latency bound and no AES birthday-like attack possible) and if that hash was not efficiently implementable on GPUs, then I would consider the PoW to be strongly CPU only. I would think even an ASIC wouldn't likely outperform significantly since it would be up against all the economies-of-scale of Intel's fabs. In short, your PoW got very close to what I think is possible for design but is missing critical elements. If such a design I envision is open sourced, then you can copy it later.


I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.


So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?

The issue as I understand it (see the link I provided upthread) is that encrypted output is not designed to model a Random Oracle, whereas a cryptographic hash has certain qualities which are more approximate of a Random Oracle. In particular, there is no requirement that 1 bit of change in input to AES changes most of the bits of the output.

A cryptographic hash is irreversible so has greater leeway to incorporate more confusion and diffusion. Whereas, an encryption algorithm by definition is reversible with decryption.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 08, 2014, 12:53:13 AM
Last edit: May 08, 2014, 01:12:13 AM by AnonyMint
 #369

Cross-posting about anonymity coins...

I go into detailed discussion with tromp in my thread:

https://bitcointalk.org/index.php?topic=557732.0

Also you can find some discussion between him and myself in the MemoryCoin 2.0 PoW thread which I linked to upthread.

In short, I don't believe it is CPU only currently, but (and I think we agreed this, but ask him) it might be the appropriate algorithm for mobile later if CPUs move to extremely high number of cores. Our discussion concluded with more testing is needed and I would try to help him get a TileGX in future if I can.

I'm much more interested in your thoughts on HoneyPenny's PoW, as it's claimed to be an improved and future-proofed version of the CryptoNote algo:

https://bitcointalk.org/index.php?topic=577267.0

As far as I can see (unless I am missing something), I think it is silly and doesn't resolve the issues I explained upthread.

I would like to comment on this issue of fairness and premine. I offer a "reality check" like water on the face. Apologies.

In my opinion, the coin that wins is the one that has the best developers. Developers need to be paid. When I say developers, I mean several people like myself (or apparently smooth?) who are extremely capable programmers and computer scientists. That coin will win regardless of the level of premine retained to pay the bounties. I would hope the original CN developers could be paid. Communism sucks.

The CryptoNote coins at this time all have a problem that they are too difficult to mine and use.

The are not CPU only. They are not anonymous because they don't obscure the IP address and Tor is a honeypot.

They do nothing to decentralize pools. Two Bitcoin pools control more than 50% of the network.

There are many development issues that need to be addressed, e.g. decentralized exchanges.

I suspect there is no way you get there without a premine to pay development costs. I mean we are talking about man-months or man-years of development. In my opinion (as a person who has developed million user commercial software projects), we can't just take some ByteCoin C code and slap a few tweaks on it and release it and expect to complete all the development work that needs to be done.


Add: I don't have time to read the entire thread but I've already seen political catfights. Nothing great gets done by committee nor a  Foundation. A fair-minded Benevolent Dictator takes charge and delivers the goods. Then then people avail of it, because it works.




Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).

Here is a synopsis of the tradeoffs compared to CyptoNote:

1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.

2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).

3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.

4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.

5. Zerocash hides everything so it is not necessary to obscure your IP address.



Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.

Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.




Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistance algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.

Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.

Thanks for the overview. What do you recommend that's superior to Tor?

What I envision isn't available yet.




Somebody is attemping to relaunch == steal Monero  Shocked
bitcointalk.org/index.php?topic=599580.0
I advise against posting in his topic at the moment to avoid bumping

I would strongly suggest partial closed source until market dominance is achieved. Having the best developers will likely mean others can't readily fill in the gaps to release clones early in the ramp up.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 08, 2014, 09:57:52 AM
 #370

Cross-posting...

strange when none of these accounts were around for the discussions that took place 3 weeks ago. Such vested interests with no prior indications. Hmm..

I just found out about it a few days ago. I was aware of CryptoNote and Bytecoin for a few weeks.

Don't be so paranoid. Politics isn't what wins the race, rather it is development of features. I have already listed several features that no CN coin has, and I have several more in mind on top of that. And more on top of that, until all the major killer features have been satiated.

The race has only just begun and being ahead by a few weeks is meaningless.

Altcoin history shows that except in the case of premine (Tenebrix), the first implementation stays the largest by a wide margin. We're repeating that here by outpacing Bytecoin (thanks to its 80% mine prior to surfacing). No other CN coin has anywhere near the hashrate or trading volume. Go check diff in Fantom for example or the lack of activity in BCN trading. Tomorrow you can watch this Monero "relaunch" troll coin fail when it goes live.

The only CN coin out there doing something valuable is HoneyPenny, and they're open source too. If HP develops something useful, MRO can incorporate it as well. Open source gives confidence. No need for any further edge.

I never advocated entirely closed source, nor a long term partial open source.

There are many things that give confidence and I think the ability to hold off clones and fund rapid development, and demonstrate superior features also generates confidence.

Thus I am stating that I think Monero has adopted the wrong model, but only time will tell.

Specifically I don't think radical innovation can come from design by open source committee. There needs to be a strong leader who drives the innovation. For example, you make a bounty for a pool design, but there are many innovations that could come in a the pool that won't be there due to lack of a strong innovative leader driving the project.

Open source is very good at copying and propagating existing innovation, but not very good at creating it. Open source is a refinement protocol, not an innovation and creation protocol.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 08, 2014, 11:57:03 PM
 #371

Cross-posting...

https://bitcointalk.org/index.php?topic=583449.msg6622339#msg6622339

There are at least two critically necessary improvements needed to the CryptoNote anonymity algorithm to make it function well in the real world. I am withholding my ideas until I see a coin that has an extremely capable Benevolent Dictator For Life (none of this Foundation and communism BS that has wrecked Bitcoin), a premine to fund contributions, and partial open source to prevent a plethora of clones in the ramp up phase.

Upthread I have alluded to other improvements (e.g. CPU only, better IP obfuscation than Tor and I2P, pools that force decentralization, one click mining for the masses, etc) to which I implied I know of the solutions to. I have stated what I want to see in order to offer my support.

If you think you can win with what you have now, I think you are mistaken.

Good luck.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 09, 2014, 02:42:13 AM
 #372

Cross-posting...

Someone (C++ skilled) did private optimized miner a few days ago, he got 74H/s for i5 haswell. He pointed that mining code was very unoptimized and he did essential improvements for yourself. So, high H/S is possible yet.
Can the dev's core review code for that?

Let me explain a bit about how open source works. Anyone is free to contribute. The lead developer and core team reviews the proposed changes and either adopts them or not. There is at least one of the core team who does work on optimization, and posted some optimizations. I would not be surprised if he develops further optimizations as well.

So if you have proposed code changes, please submit them. Some sort of statement -- backed up by zero evidence -- about a unicorn miner that someone has is not helpful. Every altcoin has these "Kaiser Soze" miners who supposedly have much faster mining code than everybody else. Sometimes it's true and sometimes it isn't. We can't force anyone to contribute their code.

The PoW algorithm needs to be highly optimized from public launch.

Also IMHO, closed source on the PoW algorithm would be best until several weeks of ramp up is complete so clones are too far behind.

Open source is a very effective paradigm for refining (because of the Linus law, "given enough eyeballs, every bug or refinement is shallow"), but it is not as effective at innovation because innovation requires pride+ownership (in one's work), investment of effort, and most of all leadership. Eric Raymond (the creator of the term "open source") opened a discussion on this last year (see the comments):

http://esr.ibiblio.org/?p=4946 (Adobe in cloud-cuckoo land)

For example, how do you plan to decentralize pools? You will need some innovative leadership on an algorithm for that, lest you end up same as Bitcoin with two pools controlling greater than 50% of the network hash power.

Ditto making mining easy enough for grandma to do. Etc.

Does anyone know of any innovative project (created many new killer features) that was created by open source (and not open sourced after those innovative features were completed)?

Btw, Russians are very astute at algorithmic optimization:

http://esr.ibiblio.org/?p=4901 (National styles in hacking)

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 09, 2014, 02:59:57 AM
 #373

Cross-posting...

https://bitcointalk.org/index.php?topic=583449.msg6624426#msg6624426

One more issue comes to mind.

If the leader (lead developer) of an anonymous coin which successfully threatens the banksters' global hegemony over fiat, is not also anonymous, then he can be coerced by the powers-that-be in numerous ways (e.g. tax audit, trumped up criminal charges on something since there are so many laws everyone of us is breaking a federal or EU law every day, etc).

Thus the lead developer can't gain from fame in the usual way of open source projects, e.g. Linus Torvalds.

These issues need to be contemplated BEFORE launching your coin.

If you are only interested in pump and dump, then this issue isn't important. But if you are serious about long-term development and success of the coin, then the issue should be discussed.

If you choose instead a leaderless open source strategy to combat the above issue, then you have the issues of my prior post.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
David Latapie
Hero Member
*****
Offline Offline

Activity: 658
Merit: 503


Monero Core Team


View Profile WWW
May 09, 2014, 11:35:53 AM
 #374

My answer here, in order not to derail the main Monero thread:

Also IMHO, closed source on the PoW algorithm would be best until several weeks of ramp up is complete so clones are too far behind.
Did you read what happened three days ago? Angry community. Look at all coins that suffered of the word "premine" even when the premine was actually used for good things. Same goes for closed-source and accidentel instamine. Crypto holders have been abused so often they do not have much patience for mistakes. The technology behind a project is nothing without a community, something a lot of experts trapped in their ivory tower fail to capture. We can lament this, but that's how it works.

Open source good for refining not for innovating
Agree, like a lot of major OSS proponents. Not that it is an impasse, though. Not being good doesn't mean being unable - Apple's proprietary' OS X boasted about compressed RAM in Maverick; Linux had it two years before it. So, that's a trend, not a rule.

For example, how do you plan to decentralize pools? You will need some innovative leadership on an algorithm for that, lest you end up same as Bitcoin with two pools controlling greater than 50% of the network hash power.
Asking tough questions is part of the open source idea. So thank you to highlight the issue. We should have a collaborative feature list somewhere - done Smiley

Ditto making mining easy enough for grandma to do. Etc.
The Monero one-liner is a step in this direction. A script (a mere encapsulation) will soon follow, then porting it to other Unixes and finally to Windows. And finally a GUI.

Does anyone know of any innovative project (created many new killer features) that was created by open source (and not open sourced after those innovative features were completed)?
Reminds me of something...

Quote from: Voltaire
Thus, almost everything is imitation. The idea of The Persian Letters was taken from The Turkish Spy. Boiardo imitated Pulci, Ariosto imitated Boiardo. The most original minds borrowed from one another. Miguel de Cervantes makes his Don Quixote a fool; but pray is Orlando any other? It would puzzle one to decide whether knight errantry has been made more ridiculous by the grotesque painting of Cervantes, than by the luxuriant imagination of Ariosto. Metastasio has taken the greatest part of his operas from our French tragedies. Several English writers have copied us without saying one word of the matter. It is with books as with the fire in our hearths; we go to a neighbor to get the embers and light it when we return home, pass it on to others, and it belongs to everyone.


If the leader (lead developer) of an anonymous coin which successfully threatens the banksters' global hegemony over fiat, is not also anonymous, then he can be coerced by the powers-that-be in numerous ways (e.g. tax audit, trumped up criminal charges on something since there are so many laws everyone of us is breaking a federal or EU law every day, etc).
You assume that we are important to the coins. We are not. We are by now by virtue of not having a lot of people in. A good leader is an expendable leader. That's how the guerilla movement work, by the way - you can't cut the head because either there is no head of, like the Lernaean Hydra, another head growths when one is severed.

In system administration, we call it SPOF - single point of failure. As long as leader remind they are expendable, there is no single point of failure. Wikileaks would survive the demise of Assange, monero, given enough momentum, would survive the demise of the present team - it happened in the past.

You are still right on one point: the leader must be proactive in reminding they are expendable. Otherwise, it would lead to sacralization and this is not good (private interest over general interest).

Monero: the first crytocurrency to bring bank secrecy and net neutrality to the blockchain.HyperStake: pushing the limits of staking.
Reputation threadFree bitcoins: reviews, hints…: freebitco.in, freedoge.co.in, qoinpro
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 09, 2014, 10:19:11 PM
 #375

Quote from: anonymous
The community is stupid and doesn't know what it needs, which is why it's an uphill battle to convince everyone why certain features are important. The community doesn't think transaction fees are an issue. They think cpu-only coins are bad because "omg botnets." They think money supply should be fixed because "omg inflation." They think premines are evil because they're only interested in the short-term profitability of the coin.

However, the community will adobt a currency that is convenient and simple, in spite of the features everyone thinks are negative. User experience and design is everything when it comes to adoption. Mining should be as simple as running an app and clicking a giant green button that says "START MINING."  Making transactions should be equally brainless. The need to specify ambiguity and tx outs when making transactions is stupid and adds unnecessary complication. All of those parameters should be fixed and secure by default.

I told TFT to let me design a beautiful GUI for easy mining to implement before launching. He said okay, but then launched without me. A beautiful and simple GUI wallet also needs to be implemented before launch. Beyond that, if you only do what the community thinks is important, you will never make progress.

Thank you for sharing this with me.

Leaderless organization is good for defending what you have (see the Apache and the first chapter of the book The Starfish and the Spider) and it allows for individual innovation because each person is their own leader (and in fact my currently paused effort with Copute is about modularization of open source via higher-order semantics to facilitate this type of disorganized, open source innovation), but in the near-term it doesn't metastasize as well project-wide innovation. Additionally, large groups can be manipulated by the powers-that-be, so the project doesn't even remain leaderless long-term.

If no individual is important, then usually no one bothers to give their best effort. Collectivism is lazy and half-assed.

Linux would not be what it is today if Linus Torvalds had not been there to say "no" to certain commits:

http://www.youtube.com/watch?v=-ZRvHbHxr-k (hear it from his mouth)

Without a leader, you end up with political gridlock, e.g. Bitcoin.

This is the power vacuum of democracy. Mancur Olsen described this in the The Logic of Collective Action.

http://esr.ibiblio.org/?p=984 (Some Iron Laws of Political Economics)

It doesn't matter what these early miners say and think. The important demographic are the 7 billion out there. Make the miner available to them and bypass the whiners who complain about a premine.

If I launched an altcoin, the thread would be self-moderated and all political comments would be deleted. Because I know very well what is needed and what will drive massive adoption. I don't need their feedback, because I've been studying and getting feedback in the BTT for over a year.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 09, 2014, 11:33:39 PM
 #376

This is where the country of chattel is headed:

http://armstrongeconomics.com/2014/05/09/why-the-republic-leadership-needs-to-go-it-is-political-civil-war/

http://armstrongeconomics.com/2014/05/09/unions-want-to-tax-exchanges-to-pay-for-their-pensions/

http://armstrongeconomics.com/2014/05/09/taxing-whatever-moves-a-political-tradition/

http://armstrongeconomics.com/2014/05/08/bull-market-in-taxes/

http://armstrongeconomics.com/2014/05/07/a-significant-change-in-trend/

http://armstrongeconomics.com/2014/05/07/geopolitical-chaos/


You either find a way to do commerce that the govt can't steal or we go into a Dark Age.

Physical gold and silver are hoarding paradigms, and velocity-of-money (i.e. V in the M x V = P x Q ≈ GDP in the Quantity Theory of Money equation) plummets (V is already down -50% since 2007).

Revolution can't fix it. Political action can't fix it.

You've only got one hope. Anonymous crypto-currency.


unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 11, 2014, 02:50:06 AM
Last edit: May 11, 2014, 04:10:27 AM by AnonyMint
 #377

Cross-posting...

https://bitcointalk.org/index.php?topic=583449.msg6662938#msg6662938

Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).

Here is a synopsis of the tradeoffs compared to CyptoNote:

1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.

2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).

3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.

4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.

5. Zerocash hides everything so it is not necessary to obscure your IP address.



Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.

Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.

Zerocash

On further analysis, sending a transaction to Zerocash without reliable obfuscation of your IP address, means the NSA and other national security agencies know you are transacting even though they don't know the amount nor payee.

But we know the NSA is sharing data now with G20 tax authorities (I have a citation for this), thus the tax authorities can demand you provide the details of the transaction.

Thus Zerocash's anonymity is useless (or at least very risky) against the coming wave of confiscation and taxation, without something more reliable than Tor and I2P for obfuscating the IP address. Tor and I2P being low-latency Chaum mix-nets are subject to timing attacks by a global adversary such as the NSA, as well the Tor servers are likely honeypots (Q: who has a motivation to provide all that traffic for free? A: the NSA). I have citations for these statements.

CryptoNote / Monero et al

CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.

That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.

And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).

Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.

The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.

So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.

Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.

Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.

[1] http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
https://www.schneier.com/essay-446.html
https://www.schneier.com/blog/archives/2013/11/elliptic_curve.html#c2200076
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1676105
https://bitcointalk.org/index.php?topic=500994.msg5518821#msg5518821 (read entire thread)
https://bitcointalk.org/index.php?topic=548418.msg5975715#msg5975715
https://bitcointalk.org/index.php?topic=240410.msg3973597#msg3973597




CryptoNote / Monero et al

CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have the inputs amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.

That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA or could be broken since it is number theoretic public key cryptography.


This is actually pretty easy to solve and CryptoNote already implements it: every transaction is broken up. There will always be outputs in the blockchain matching the broken-down components. Unlike CoinJoin, this is done without any participation from anyone else. The other matching amounts are not being spent at the same time; in fact they can be used as many times as needed as an ambiguity factor without actually being spent. This means the opportunity to use ring signatures isn't infrequent at all -- you can send any amount you want and it will be appropriately matched and mixed. (See section 4.5 in the white paper.)

You haven't addressed my point that eliminates the ability to prune the block chain, because you will never know which outputs have been spent.

Automatically (is this enforced or optional per wallet?) breaking the transaction outputs into constant units, e.g. 1 coin, 0.5 coin, 0.25 coin etc, will radically bloat the block chain. The ring signatures are going to be huge if you need to obfuscate among say for example 256 payers (1/256 probability of being non-anonymous) each for several inputs, e.g. for 1.76 MRO spend 1 MRO, 0.5 MRO, 0.25 MRO, 0.01 MRO, as well as payee addresses for each of those fractional amounts.

And it won't solve the problem unless the smallest of those enforced fractional amounts match up with the fractional remainder of your transaction, which implies radical block chain bloat.

All of that waste, and still if your IP is not obfuscated you lose anonymity.

Whereas, if your IP address is obfuscated, then you don't need all that waste above (and don't incur the risk of relying on elliptical signatures being compromised ANY TIME IN THE FUTURE DECADES breaking your historic anonymity on the block chain).

And with IP address obfuscation your anonymity is assured regardless what happens on the block chain tracing.

However it might still be an improvement to enforce one-time ring signatures only when merging balances, i.e. multiple inputs to a transaction. But the issue of partitioning transactions to fixed fractional amounts and block chain bloat has to be weighed.

If you think that bloating the block chain is irrelevant then I remind you that two Bitcoin pools control more than 50% of the network, so if the government takes over these pools (even insidiously), they can defeat you (in numerous ways, e.g. they can help correlate your IP address by controlling the destination and source of your transaction sends and mining awards respectively).

It already takes hours to days to download the Bitcoin block chain, and you are proposing to increase that by orders-of-magnitude.




From what little I'm familiar with though, wouldn't something like ip-obfuscation be more exclusive of the currency protocol itself and have more to do with data is transferred through an IP? At least, if it were to surface in the world, I would imagine it to be aimed at something much more main-stream than a cryptocurrency. Like an email system or some other sort of messaging system would seem a much more valid proof of concept, rather than having it surface in a cryptocurrency for the first time.

Yeah IP obfuscation could be more generally applicable to internet activities. That is why Tor and I2P exist. Unfortunately they may not be that perfect. Let's pull a guesstimate out of our arse that they are anonymous 80% of the time to a global adversary and thus to tax authorities and governments. That means every 5th of your transactions is not.

edit:
Quote from: Anonymint
Automatically (is this enforced or optional per wallet?) breaking the transaction outputs into constant units, e.g. 1 coin, 0.5 coin, 0.25 coin etc, will radically bloat the block chain. The ring signatures are going to be huge if you need to obfuscate among say for example 256 payers (1/256 probability of being non-anonymous) each for several inputs, as well as payee addresses for each of those fractional amounts.

For a transaction of 1234.567800000000, the transaction is broken down into parts 1000,200,30,4,.5,.06,.07,.008 .

Everyone has to agree on the fractional amounts, so they can't be arbitrarily chosen as you have shown.

Rather with a power-of-2 standard (I'm a programmer so I can write the first 20 entries in following list without a calculator):

0.0001
0.0002
0.0004
0.0008
0.0016
0.0032
0.0064
0.0128
0.0256
0.0512
0.1024
0.2048
0.4096
0.8192
1.6384
3.2768
6.5536
13.1072
26.2144
52.4288
104.8576
209.7152
419.4304
838.8608

The break down would be 1234.5678 = 838.8608 + 209.7152 + 104.8576 + 52.4288 + 26.2144 + 1.6384 + 0.8192 + 0.0256 + 0.0064 + 0.0008 + 0.0004 + 0.0002.

I have asked about the bloat on the chain before, and the consensus was that with the visible competition enforcing a 10% tax on mining to afford some privacy, then the storage space used to hold the blockchain would be a much less cost. I would like to know much more about this though, because the blockchain is noticeably larger in this protocol by a lot.

The issue is not only the cost of the storage. There is the download speed also. And other complex factors. A tax is probably also going to have Tragedy of the Commons effects, as I explained in my numerous discussions of why transaction fees will never work for Bitcoin in the long-run. There are other articles out now about these by others. Such discussion will take us off on tangents I don't feel like having right now.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
CoinCube
Legendary
*
Offline Offline

Activity: 1946
Merit: 1055



View Profile
May 11, 2014, 01:34:44 PM
 #378

Interesting breakdown of the pros and cons of the various anonymity technologies out there. Lots of new info on Zerocash which I have not read much on before.

Zerocash is interesting but I really dont like the idea of a single code that must be computed and destroyed
for the system to work. Tremendous temptation there for one of the developers to keep a copy of that on a USB stick somewhere just in case. Who would not want the ability to print money in total secrecy at whim.

Regardless I am happy to see competing technologies in this area as it is good for cryptocurrency.


AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 12, 2014, 09:40:09 AM
 #379

Mixcoin (http://eprint.iacr.org/2014/077.pdf) another rather ineffective anonymity proposal.

See the Deanonymization in section 3 and the admission in section 4. There is no way to prove that many (or most of) the mixers aren't honeypots. Just like with Tor or I2P, you don't have reliable anonymity. If every 5th of your transactions is not anonymous and you don't know which ones are and are not, then this is basically useless.

Also this does nothing to obfuscate the IP address, so ditto what I wrote in the upthread posts.

Also this is based on reputation, i.e. restitution is not cryptographically guaranteed. Thus this can be gamed by constantly creating new mixers that defraud then close down. Thus this will migrate over time to a few highly trusted mixers which of course will be honeypots because they are well known and established, thus easy for the government to track down and serve with national security gag order.

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
AnonyMint (OP)
Hero Member
*****
Offline Offline

Activity: 518
Merit: 521


View Profile
May 13, 2014, 01:47:16 AM
Last edit: May 20, 2014, 12:15:22 PM by AnonyMint
 #380

Cross-posting...

https://bitcointalk.org/index.php?topic=583449.msg6698221#msg6698221

I have asked about the bloat on the chain before, and the consensus was that with the visible competition enforcing a 10% tax on mining to afford some privacy, then the storage space used to hold the blockchain would be a much less cost. I would like to know much more about this though, because the blockchain is noticeably larger in this protocol by a lot.

The issue is not only the cost of the storage. There is the download speed also. And other complex factors. A tax is probably also going to have Tragedy of the Commons effects, as I explained in my numerous discussions of why transaction fees will never work for Bitcoin in the long-run. There are other articles out now about these by others. Such discussion will take us off on tangents I don't feel like having right now.

Someone from your group private messaged me and ask I provide references.

Here is the recent article I was referring to:

http://radar.oreilly.com/2014/04/bitcoin-what-happens-when-the-miners-pack-up-their-gear.html

I raised similar issues last year as follows.

Transactions Withholding Attack

"Spiraling Transaction Fees Destruction" of bitcoin (Transactions fees are a Tragedy of the Commons)

More links on the discussion of why transaction fees suck:

https://bitcointalk.org/index.php?topic=557732.msg6108034#msg6108034

https://bitcointalk.org/index.php?topic=557732.msg6151061#msg6151061

https://bitcointalk.org/index.php?topic=612652.0

https://bitcointalk.org/index.php?topic=557732.msg6152042#msg6152042

https://bitcointalk.org/index.php?topic=195275.msg3348804#msg3348804

unheresy.com - Prodigiously Elucidating the Profoundly ObtuseTHIS FORUM ACCOUNT IS NO LONGER ACTIVE
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [19] 20 21 22 23 24 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!