[XMR] Monero - A secure, private, untraceable cryptocurrency

[myagui]

IF (and that's a big IF) all this posting about BCN had not a (not-so-well) hidden agenda...

[Wanderlust]

IF (and that's a big IF) all this posting about BCN had not a (not-so-well) hidden agenda...

My agenda isn't hidden. I just want to learn more about the history here. I had been vaguely aware of the controversy regrading BCN's beginnings but didnt take an interest until recently when I saw their new wallets and roadmap. tbh my initial reaction on seeing this was "WTF?!, wasnt this supposed to be… dead?". Apparently not. So Im looking into it.

[myagui]

I'm grateful for this new variety: The Inquisitive Troll^(TM)

Creating a new account for the sole purpose of portraying interest and curiosity, gracefully wording each question such that it introduces the very subtle possibility that: contrary to what all the quacking might have us think, it is not a duck. Seriously, well done. At least it is a step up from The Concerned Troll^(TM), that one has gotten boring... 
Carry on.

PS: It is a duck alright.

[GreekBitcoin]

IF (and that's a big IF) all this posting about BCN had not a (not-so-well) hidden agenda...

My agenda isn't hidden. I just want to learn more about the history here. I had been vaguely aware of the controversy regrading BCN's beginnings but didnt take an interest until recently when I saw their new wallets and roadmap. tbh my initial reaction on seeing this was "WTF?!, wasnt this supposed to be… dead?". Apparently not. So Im looking into it.

It can always take some more money from gullible people. All they have to do is periodically create new accounts and post about it in other threads. Have fun with it.

[wpalczynski]

I'm grateful for this new variety: The Inquisitive Troll^(TM)

Creating a new account for the sole purpose of portraying interest and curiosity, gracefully wording each question such that it introduces the very subtle possibility that: contrary to what all the quacking might have us think, it is not a duck. Seriously, well done. At least it is a step up from The Concerned Troll^(TM), that one has gotten boring... 
Carry on.

PS: It is a duck alright.

Ahhhh.... the Troll evolution.

[Hueristic]

...
thx for the replies smooth, much obliged.


*Andrey N. Sabelnikov

OK, lets see some proof of this sig.

....

I'm just peeling the onion (trying to).  ...

And why would you want to do that? Part of some backdoor agreement maybe?

[luigi1111]

...
thx for the replies smooth, much obliged.


*Andrey N. Sabelnikov

OK, lets see some proof of this sig.

...that's not a sig, it's an asterisk.

[Wanderlust]

I'm grateful for this new variety: The Inquisitive Troll^(TM)

Creating a new account for the sole purpose of portraying interest and curiosity, gracefully wording each question such that it introduces the very subtle possibility that: contrary to what all the quacking might have us think, it is not a duck. Seriously, well done. At least it is a step up from The Concerned Troll^(TM), that one has gotten boring...  
Carry on.

PS: It is a duck alright.

Ahhhh.... the Troll evolution.

Casting aspersions on those who come in here with legitimate lines of inquiry hardly impresses me. If asking pertinent questions borne of an inquisitive mind is trolling then we might all fall prey to such fallacies. pretty funny tho: The Inquisitive Troll^(TM) (patent pending)  

...
thx for the replies smooth, much obliged.


*Andrey N. Sabelnikov

OK, lets see some proof of this sig.

...that's not a sig, it's an asterisk.

quite, if u see the full quote the asterisk relates to the mention of "NSA*" above.

Therefor the likely 3 groups named above. btw some russian hacker is mentioned in "opening the lid of BCN". Noted his name's initials also spell NSA*

[Johnny Mnemonic]

If (and that's a big IF) different mining groups have mined BCN from the beginning and IF over 100+ individuals hold large amounts of BCN (and not <10) then maybe the origin story doesnt matter.

It is poetic that the anon nature of this beast prevents us from verifying this one way or the other.

Which part of "faked blockchain" are you incapable of understanding? Either your onion-peeling skills suck (along with your reading comprehension), or you're a big fat troll.

The BCN devs hold all of the money. Ring signatures are pretty useless if a single party controls all the outputs. BCN is neither anon nor decentralized for reasons I already commented on, yet you conveniently skipped over.

I also think you're a troll because you're posting all this here (XMR thread). BCN is off topic, so please be respectful take your "inquisitions" to a BCN-specific thread.

[generalizethis]

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

If the actual input to a transaction (in Monero terminology this is the output of the prior transaction) is not also an input to another transaction's ring signature (and when all the other inputs to the ring are spent) or if it is also the input to a subsequent ring in which all the other inputs were outputs created after the said transaction was created, then the anonymity of the said transaction is entirely unmasked.

This is really what MRL-0004 deals with (the section on Temporal Association attacks).

A lot of this changes with the recommendations MRL4 made, which will come in a hard fork later this year (once we've established a forking strategy, per this forum post).

I don't check this thread, so if you reply and don't hear back from me in a couple of days just send me a PM nudging me:)

The MRL4 imperfect heuristic mitigations notwithstanding, the only absolute solution is to require that sets of outputs be mixed with and only with each other (and the number of inputs per ring must be constant). This also enables pruning the Cryptonote block chain. There I have just given away one of my prior design "secrets" (that I no longer need to keep secret because I stumbled onto a consensus network design which no longer needs pruning and is transaction technology agnostic). Perhaps others already suggested this?

P.S. for those who have already spent their coins to a third party, your hard fork will come too late. Hope you can make necessary improvements sooner.

The following should have been implied, but let me make it more explicit, which may also resolve the issue with exchanges and getting this fix into Monero asap (although I have not studied that issue, only heard about it second hand).

The only sane way my above suggestion can be implemented is that outputs eligible for fixed size mixins must be marked as such by the transaction that created them, otherwise if the fixed size (and outputs) mixins were global then there is no way to merge the leftover change from several transactions into one transaction. I believe BoolBerry had a conceptually similar mechanism to mark outputs with some specific attribute for mixing. So the marked outputs must be mixed with and only with the "next N outputs of same denomination on the block chain" when they are spent.

Thus when you want to mix your outputs with assurance against unmasking due to Combinatorial Cascade and Temporal Association, then you mark the output for fixed size mixing.

In my opinion, this is an emergency fix because afaics the anonymity is broken as it is now, but I can't say that I've done any deep analysis on how likely the unmasking is on existing patterns in the Monero block chain.

Hope this helps, displays my gratitude to those who rewarded me for my effort during the BCX incident, and most importantly hope Monero can implement it asap because I would like to make my best attempt to create a use case gift to XMR HODLers soon and this fix may be required. Perhaps someone else had already suggested this idea, I don't know.

The pruning comes from the fact that if the mixes are fixed size then after N transactions of the same ring have been seen, those outputs (that are inputs to those N rings) can be pruned from the UXTO.

[kazuki49]

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

He wants to launch his own coin from scratch, that should tell you.

[superresistant]

 
Hi,

On monero.crypto-pool.fr we just implemented the mixing in an original but effective way.
I believe some of you might be interested.
Here is how we do :



Cheers,

SR

[smooth]

I'm grateful for this new variety: The Inquisitive Troll^(TM)

It's not new. There have been several of them by now.

[smooth]

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

He wants to launch his own coin from scratch, that should tell you.

The substance of his concerns is legitimate and it has been passed on to the mathematicians of MRL who are analyzing it. My intuition is that the probability of the saturation traceability occurring in practice is extremely low and it therefore doesn't matter, but that isn't a reason to dismiss the issue outright, it still needs to be analyzed and if necessary addressed.

[smooth]

Hi,

On monero.crypto-pool.fr we just implemented the mixing in an original but effective way.

Very interesting. I'm curious why you chose the 150 and 200 values for the payment sweeps.

[generalizethis]

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

He wants to launch his own coin from scratch, that should tell you.

The substance of his concerns is legitimate and it has been passed on to the mathematicians of MRL who are analyzing it. My intuition is that the probability of the saturation traceability occurring in practice is extremely low and it therefore doesn't matter, but that isn't a reason to dismiss the issue outright, it still needs to be analyzed and if necessary addressed.

Thanks Smooth. I will pass this along.

[superresistant]

Hi,
On monero.crypto-pool.fr we just implemented the mixing in an original but effective way.

Very interesting. I'm curious why you chose the 150 and 200 values for the payment sweeps.

150 is our average payout goal.
200 can be done in only one spend. If it was 300 it would take 2 spends.

[Wanderlust]

If (and that's a big IF) different mining groups have mined BCN from the beginning and IF over 100+ individuals hold large amounts of BCN (and not <10) then maybe the origin story doesnt matter.

It is poetic that the anon nature of this beast prevents us from verifying this one way or the other.

Which part of "faked blockchain" are you incapable of understanding? Either your onion-peeling skills suck (along with your reading comprehension), or you're a big fat troll.

The BCN devs hold all of the money. Ring signatures are pretty useless if a single party controls all the outputs. BCN is neither anon nor decentralized for reasons I already commented on, yet you conveniently skipped over.

I also think you're a troll because you're posting all this here (XMR thread). BCN is off topic, so please be respectful take your "inquisitions" to a BCN-specific thread.

To show I'm not a troll and simply being duly diligent I will copy this post (and yours) to the BCN thread.

[smooth]

Hi,
On monero.crypto-pool.fr we just implemented the mixing in an original but effective way.

Very interesting. I'm curious why you chose the 150 and 200 values for the payment sweeps.

150 is our average payout goal.
200 can be done in only one spend. If it was 300 it would take 2 spends.

Makes sense. Nice work!

[TPTB_need_war]

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

He wants to launch his own coin from scratch, that should tell you.

The substance of his concerns is legitimate and it has been passed on to the mathematicians of MRL who are analyzing it. My intuition is that the probability of the saturation traceability occurring in practice is extremely low and it therefore doesn't matter, but that isn't a reason to dismiss the issue outright, it still needs to be analyzed and if necessary addressed.

my reply:

The substance of his concerns is legitimate and it has been passed on to the mathematicians of MRL who are analyzing it. My intuition is that the probability of the saturation traceability occurring in practice is extremely low and it therefore doesn't matter, but that isn't a reason to dismiss the issue outright, it still needs to be analyzed and if necessary addressed.

Here is the link to my last comments to fluffypony.

Note smooth is only referring the saturation that I had mentioned to him back during the BCX incident. In my recent post, I am also pointing out that the timing of the transactions mixed can lead to degenerate cases of mixes. I suspect he maybe didn't realize I added that point since we last spoke and thus he may be underestimating the likelihood of occurrence. You'll need to ask smooth.

X-post TPTB_need_war thought this was being ignored, though I don't think Fluffy had a chance to read it and it got buried in the thread.

He wants to launch his own coin from scratch, that should tell you.

I didn't say I thought it was being ignored. I said I didn't want to badger them and that I hadn't received any reply in response to an inquiry asking me to comment on the issue. That doesn't mean I assume they are ignoring it. They might be busy working on it. I don't know.

And it is really lame for kazuki49 to be my friend in another thread where I praise Monero and then accuse me of ulterior motives in other thread that I don't normally read and not even PM me.

Of course I don't go around writing nonfactual FUD. You should know that already. Please don't do that again if you are not sure of your ad hominem attack.

If you hadn't noticed, I actually gave a suggestion for how to improve Monero.

Edit: kazuki49 and I reached understanding in private messages.