Bitcoin Forum
January 22, 2019, 10:04:25 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 [1034] 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 ... 2028 »
  Print  
Author Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency  (Read 4532420 times)
Anon136
Legendary
*
Offline Offline

Activity: 1638
Merit: 1184



View Profile
March 05, 2015, 05:54:15 AM
 #20661



No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Would there be a decrease in mix-in costs as the available mix-in levels increased?

No its just O(log(n)). Every additional mixin partner increases the size of your signature but less than the one before it.



look at O(log(n)) compared to other big o notations on this chart. Particularly look at it in comparison to O(n). Its a big difference. For example: If the limit(log(n)) < some reasonable signature size that can be affordably stored on the blockchain than you can use every single other key ever published on the entire blockchain to produce your ring signature. Infact if this were the case we could set a mixin minimum of like 1000 or something crazy.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1548194665
Hero Member
*
Offline Offline

Posts: 1548194665

View Profile Personal Message (Offline)

Ignore
1548194665
Reply with quote  #2

1548194665
Report to moderator
1548194665
Hero Member
*
Offline Offline

Posts: 1548194665

View Profile Personal Message (Offline)

Ignore
1548194665
Reply with quote  #2

1548194665
Report to moderator
1548194665
Hero Member
*
Offline Offline

Posts: 1548194665

View Profile Personal Message (Offline)

Ignore
1548194665
Reply with quote  #2

1548194665
Report to moderator
GTO911
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
March 05, 2015, 06:13:03 AM
 #20662

We're mainly interested in an improvement in overall complexity, and both schemes here are O(n). There is a sublinear ring signature paper that in O(log n) in size that we're looking at more closely.

No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Dont get me excited
generalizethis
Legendary
*
Offline Offline

Activity: 1610
Merit: 1023


Facts are more efficient than fud


View Profile WWW
March 05, 2015, 06:34:00 AM
 #20663



No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Would there be a decrease in mix-in costs as the available mix-in levels increased?

No its just O(log(n)). Every additional mixin partner increases the size of your signature but less than the one before it.



look at O(log(n)) compared to other big o notations on this chart. Particularly look at it in comparison to O(n). Its a big difference. For example: If the limit(log(n)) < some reasonable signature size that can be affordably stored on the blockchain than you can use every single other key ever published on the entire blockchain to produce your ring signature. Infact if this were the case we could set a mixin minimum of like 1000 or something crazy.


So in cost terms: if this is implemented, the costs of a 99 level mix-in would be less than the cost of a 99 mix-in as it currently stands? Correct?





Anon136
Legendary
*
Offline Offline

Activity: 1638
Merit: 1184



View Profile
March 05, 2015, 06:59:15 AM
 #20664



No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Would there be a decrease in mix-in costs as the available mix-in levels increased?

No its just O(log(n)). Every additional mixin partner increases the size of your signature but less than the one before it.



look at O(log(n)) compared to other big o notations on this chart. Particularly look at it in comparison to O(n). Its a big difference. For example: If the limit(log(n)) < some reasonable signature size that can be affordably stored on the blockchain than you can use every single other key ever published on the entire blockchain to produce your ring signature. Infact if this were the case we could set a mixin minimum of like 1000 or something crazy.


So in cost terms: if this is implemented, the costs of a 99 level mix-in would be less than the cost of a 99 mix-in as it currently stands? Correct?


Probably. It's possible that this wouldn't be the case if n=2 in the new scheme were sufficiently more resource intensive than n=2 in the old scheme. But its highly unlikely that the difference between n=2 in the current scheme vs n=2 in the new scheme would be great enough to make mixin 99 in the new scheme cost more than mixin 99 in the old. Its a complicated way of saying that O(log(n)) only talks about the shape of the curve, it doesnt say anything about where that curve is placed on the graph.

*edit* sorry that was needlessly complicated. yes. the answer is yes. i cant imagine that the authors of that paper would have even bothered to produce it if the answer were no.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
generalizethis
Legendary
*
Offline Offline

Activity: 1610
Merit: 1023


Facts are more efficient than fud


View Profile WWW
March 05, 2015, 07:12:22 AM
 #20665



No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Would there be a decrease in mix-in costs as the available mix-in levels increased?

No its just O(log(n)). Every additional mixin partner increases the size of your signature but less than the one before it.



look at O(log(n)) compared to other big o notations on this chart. Particularly look at it in comparison to O(n). Its a big difference. For example: If the limit(log(n)) < some reasonable signature size that can be affordably stored on the blockchain than you can use every single other key ever published on the entire blockchain to produce your ring signature. Infact if this were the case we could set a mixin minimum of like 1000 or something crazy.


So in cost terms: if this is implemented, the costs of a 99 level mix-in would be less than the cost of a 99 mix-in as it currently stands? Correct?


Probably. It's possible that this wouldn't be the case if n=2 in the new scheme were sufficiently more resource intensive than n=2 in the old scheme. But its highly unlikely that the difference between n=2 in the current scheme vs n=2 in the new scheme would be great enough to make mixin 99 in the new scheme cost more than mixin 99 in the old. Its a complicated way of saying that O(log(n)) only talks about the shape of the curve, it doesnt say anything about where that curve is placed on the graph.

*edit* sorry that was needlessly complicated. yes. the answer is yes. i cant imagine that the authors of that paper would have even bothered to produce it if the answer were no.

Thank you for the answer--enjoyed the complication. I was assuming a 99 mix-in would be located in latter parts of the O(log n) line for the sake of simplicity. Probably should have stated that.

Anon136
Legendary
*
Offline Offline

Activity: 1638
Merit: 1184



View Profile
March 05, 2015, 07:31:25 AM
 #20666



No way! That would be incredible. That would bring this project from secure and private to legit science fiction level anonymous. You could have hundreds or even thousands mixin partners. Correct me if im wrong but wouldn't this be the cypherpunk holy grail? Is it really within our grasp and just need "review"?

Would there be a decrease in mix-in costs as the available mix-in levels increased?

No its just O(log(n)). Every additional mixin partner increases the size of your signature but less than the one before it.



look at O(log(n)) compared to other big o notations on this chart. Particularly look at it in comparison to O(n). Its a big difference. For example: If the limit(log(n)) < some reasonable signature size that can be affordably stored on the blockchain than you can use every single other key ever published on the entire blockchain to produce your ring signature. Infact if this were the case we could set a mixin minimum of like 1000 or something crazy.


So in cost terms: if this is implemented, the costs of a 99 level mix-in would be less than the cost of a 99 mix-in as it currently stands? Correct?


Probably. It's possible that this wouldn't be the case if n=2 in the new scheme were sufficiently more resource intensive than n=2 in the old scheme. But its highly unlikely that the difference between n=2 in the current scheme vs n=2 in the new scheme would be great enough to make mixin 99 in the new scheme cost more than mixin 99 in the old. Its a complicated way of saying that O(log(n)) only talks about the shape of the curve, it doesnt say anything about where that curve is placed on the graph.

*edit* sorry that was needlessly complicated. yes. the answer is yes. i cant imagine that the authors of that paper would have even bothered to produce it if the answer were no.

Thank you for the answer--enjoyed the complication. I was assuming a 99 mix-in would be located in latter parts of the O(log n) line for the sake of simplicity. Probably should have stated that.

Ill need to look over that paper and see if i can understand any of it. Didn't bother yet because its too late tonight. Anyone have link?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
slavo
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500



View Profile
March 05, 2015, 01:54:18 PM
 #20667

hi;

i created a wallet on mymonero a while ago; saved the 13 words and now i have something like "wallet doesn't exist".

I have the word incline in it i tried to change it for inline without success.

I don't think i screwed up the copy paste of the seed and i mined around 60 xmr on it so if there's a solution that'd be great cheers
GTO911
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
March 05, 2015, 02:00:41 PM
 #20668

hi;

i created a wallet on mymonero a while ago; saved the 13 words and now i have something like "wallet doesn't exist".

I have the word incline in it i tried to change it for inline without success.

I don't think i screwed up the copy paste of the seed and i mined around 60 xmr on it so if there's a solution that'd be great cheers

Always save your view key and spend key also. If you have them, then there is no problem
slavo
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500



View Profile
March 05, 2015, 02:06:06 PM
 #20669

i don't so i just give it up?
GTO911
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
March 05, 2015, 02:27:58 PM
 #20670

i don't so i just give it up?

Wait for devs reply. Sometimes i had problems logging in when typing the seed than pasting it
myagui
Legendary
*
Offline Offline

Activity: 1154
Merit: 1000



View Profile
March 05, 2015, 02:34:14 PM
 #20671

It's likely that it's just that MyMonero hasn't been updated to work with the replacement seed words, or something like that.
A certain small equus ferus caballus of fluffy nature will know best!  Smiley

slavo
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500



View Profile
March 05, 2015, 02:44:57 PM
 #20672

ok thanks.

that was a long time i didn't use that forum Smiley great to see the xmr thread is still friendly; gg guys Smiley

now i'll hope that those precious xmr are still mine somewhere Cheesy

cheers
dEBRUYNE
Legendary
*
Offline Offline

Activity: 1652
Merit: 1095


View Profile
March 05, 2015, 05:17:58 PM
 #20673

I stumbled upon this comment from tacotime in another topic and found it cross-postworthy:

We need a review of this technology. Something brilliant and clever like this should not be ignored. Even satoshi made some comments on the essence of Cryptonote. Maybe he contributed in some way or another towards its development

Apparently it was in development since a few years and was intended to be a step ahead in the right direction, that is transaction privacy. Cryptonote is the tech which should have been bitcoin in the first place. If it had surfaced a year later after bitcoin, things could have been different

Um. What do you want to know? I'll talk about Monero since that's the CN chain I've worked on the most.

(1) It uses a different elliptic curve than Bitcoin for signing (EdDSA, which uses Schnorr signatures on a Twisted Edwards curve).
(2) It uses a different hashing algorithm than Bitcoin for PoW, which is AES heavy and currently performs similarly on GPUs and CPUs. One of the main downsides to this is that sidechains are currently impossible (validation takes too long), however as sidechains don't actually exist right now we've been ignoring this. If we want to add sidechain support in the future, the hashing algorithm can be change to something simple. In the meantime, the algorithm is relatively "egalitarian" in that no specialized hardware is required.
(3) One time use addresses ("stealth addressing") is mandatory for all transactions. This makes light clients very difficult to secure or create in general, but it dramatically enhances privacy because it's impossible to ever reuse an address.
(4) All transactions are denominated in base 10, and fractionated by mantissa.
(5) Ring signatures obfuscate spending of outputs by allowing you to do a 1-of-N input for a transaction where you spend funds from Bob OR Alice OR Michael OR Claire OR et cetera. Like one time use addresses, this is a passive privacy technology that doesn't require any active participation of anyone in the network (unlike DarkCoin, CoinJoin, and so on).
(6) A single pair of private keys is used for the recovery of all outputs owned by a wallet, but with a different type of data structure than BIP32 has (viewkey/secretkey).
(7) An implicit, silent multisig implementation centered around Schnorr signatures is being researched and developed (thanks andytoshi/gmaxwell).
( 8 ) Research is ongoing into ways to break our privacy technology and improve it. See: https://lab.monero.cc/
(9) Monero is readily auditable from a regulatory perspective (you can easily prove your ownership of funds if you need to, for example to tax agencies).
(10) It has a much faster emissions (subsidy/reward) curve than Bitcoin. 80% is mined within 4 years. The emissions curve is also much smoother than for Bitcoin, with reward decreasing every block.
(11) Unlike Bitcoin, Monero will have long term perpetual inflation. Subsidy will become fixed in about 10 years time at a flat rate of less than 1%, to keep the chain from becoming fully deflationary and to better incentivize miners. This makes it more likely to be useful as a currency than Bitcoin, in my opinion.

Props to tacotime for explaining everything in detail.

Privacy matters, use Monero - A true untraceable cryptocurrency
Why Monero matters? http://weuse.cash/2016/03/05/bitcoiners-hedge-your-position/
GreekBitcoin
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


getmonero.org


View Profile WWW
March 05, 2015, 05:18:33 PM
 #20674


Very helpful! Keep em coming!
dEBRUYNE
Legendary
*
Offline Offline

Activity: 1652
Merit: 1095


View Profile
March 05, 2015, 05:55:01 PM
 #20675

ok thanks.

that was a long time i didn't use that forum Smiley great to see the xmr thread is still friendly; gg guys Smiley

now i'll hope that those precious xmr are still mine somewhere Cheesy

cheers

Btw, you could also try the #monero or #monero-dev channel on freenode. You'll probably get a faster response there. Just state your question there and most of the time someone will respond very fast.

If you are not familiar with IRC, just use this -> http://webchat.freenode.net/ , set your nickname and set the channel to #monero and/or #monero-dev

Privacy matters, use Monero - A true untraceable cryptocurrency
Why Monero matters? http://weuse.cash/2016/03/05/bitcoiners-hedge-your-position/
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1260
Merit: 1024


GetMonero.org / MyMonero.com


View Profile WWW
March 05, 2015, 06:09:35 PM
 #20676

Btw, you could also try the #monero or #monero-dev channel on freenode. You'll probably get a faster response there. Just state your question there and most of the time someone will respond very fast.

If you are not familiar with IRC, just use this -> http://webchat.freenode.net/ , set your nickname and set the channel to #monero and/or #monero-dev

I was about to say, for MyMonero support email support@mymonero.com or #mymonero on Freenode, otherwise the regular Monero channels on Freenode won't be able to help much:)

Anon136
Legendary
*
Offline Offline

Activity: 1638
Merit: 1184



View Profile
March 05, 2015, 06:27:24 PM
 #20677

We're mainly interested in an improvement in overall complexity, and both schemes here are O(n). There is a sublinear ring signature paper that in O(log n) in size that we're looking at more closely.

I can't seem to find this paper. I found one that claims O(√n) but no O(log n). Anyone have a link?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1000



View Profile
March 05, 2015, 06:29:45 PM
 #20678

^^ Yeah it's the root(n) paper, sorry. Recalled it incorrectly off the top of my head.

http://www.cs.ucla.edu/~sahai/work/web/2007%20Publications/ICALP_Chandran2007.pdf

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
Anon136
Legendary
*
Offline Offline

Activity: 1638
Merit: 1184



View Profile
March 05, 2015, 06:44:47 PM
 #20679

^^ Yeah it's the root(n) paper, sorry. Recalled it incorrectly off the top of my head.

http://www.cs.ucla.edu/~sahai/work/web/2007%20Publications/ICALP_Chandran2007.pdf

Less cool but still cool for all of the same reasons. Thanks.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
celestio
Sr. Member
****
Offline Offline

Activity: 714
Merit: 250



View Profile
March 06, 2015, 05:01:29 AM
 #20680

I stumbled upon this comment from tacotime in another topic and found it cross-postworthy:

We need a review of this technology. Something brilliant and clever like this should not be ignored. Even satoshi made some comments on the essence of Cryptonote. Maybe he contributed in some way or another towards its development

Apparently it was in development since a few years and was intended to be a step ahead in the right direction, that is transaction privacy. Cryptonote is the tech which should have been bitcoin in the first place. If it had surfaced a year later after bitcoin, things could have been different

Um. What do you want to know? I'll talk about Monero since that's the CN chain I've worked on the most.

(1) It uses a different elliptic curve than Bitcoin for signing (EdDSA, which uses Schnorr signatures on a Twisted Edwards curve).
(2) It uses a different hashing algorithm than Bitcoin for PoW, which is AES heavy and currently performs similarly on GPUs and CPUs. One of the main downsides to this is that sidechains are currently impossible (validation takes too long), however as sidechains don't actually exist right now we've been ignoring this. If we want to add sidechain support in the future, the hashing algorithm can be change to something simple. In the meantime, the algorithm is relatively "egalitarian" in that no specialized hardware is required.
(3) One time use addresses ("stealth addressing") is mandatory for all transactions. This makes light clients very difficult to secure or create in general, but it dramatically enhances privacy because it's impossible to ever reuse an address.
(4) All transactions are denominated in base 10, and fractionated by mantissa.
(5) Ring signatures obfuscate spending of outputs by allowing you to do a 1-of-N input for a transaction where you spend funds from Bob OR Alice OR Michael OR Claire OR et cetera. Like one time use addresses, this is a passive privacy technology that doesn't require any active participation of anyone in the network (unlike DarkCoin, CoinJoin, and so on).
(6) A single pair of private keys is used for the recovery of all outputs owned by a wallet, but with a different type of data structure than BIP32 has (viewkey/secretkey).
(7) An implicit, silent multisig implementation centered around Schnorr signatures is being researched and developed (thanks andytoshi/gmaxwell).
( 8 ) Research is ongoing into ways to break our privacy technology and improve it. See: https://lab.monero.cc/
(9) Monero is readily auditable from a regulatory perspective (you can easily prove your ownership of funds if you need to, for example to tax agencies).
(10) It has a much faster emissions (subsidy/reward) curve than Bitcoin. 80% is mined within 4 years. The emissions curve is also much smoother than for Bitcoin, with reward decreasing every block.
(11) Unlike Bitcoin, Monero will have long term perpetual inflation. Subsidy will become fixed in about 10 years time at a flat rate of less than 1%, to keep the chain from becoming fully deflationary and to better incentivize miners. This makes it more likely to be useful as a currency than Bitcoin, in my opinion.

Props to tacotime for explaining everything in detail.

Detailed explanation indeed.  Grin

"The nature of Bitcoin is such that once version 0.1 was released, the core design was set in stone for the rest of its lifetime" - Satoshi Nakamoto, June 17, 2010
Pages: « 1 ... 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 [1034] 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 ... 2028 »
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!