[XMR] Monero - A secure, private, untraceable cryptocurrency

[GingerAle]

re: IP address, pretty sure thats your internal IP address, being assigned by your router. If you've got a straight feed to the interwebs, then its probably not useful. I have no idea why those instructions are there, but the useful case I've found for them is if you have a motherboard with two ethernet ports, you can channel your daemon through one of these ports and channel your other stuff (for instance SSH) through the other. No idea if that actually enhances performance in any way, but thats what I imagine its for.

but again, that does seem like an edge case. And I'm no network wizard.

[Johnny Mnemonic]

EDIT: Why not call the smallest Monero denomination... a Nero.

 
  
It's too simple.  Let's fuck that up a bit.  
  
How about we call the smallest unit a "ro".  
  
Then 1,000,000 "ro" is a "nero".  
  
Then 1,000,000 "nero" is a "monero".  

And then a hundred "monero" is a "bitMonero" ... oh wait.

[pa]

Not sure if this is the right place to report this, but have compiled the new version of bitmonerod on a mac and converted the blockchain using blockchain_converter.

The problem is I have to run bitmonerod twice (exiting the first run with ^C ^C) in order for it to work. The first run after opening a new Terminal window always hangs, displaying two libunbound error messages during startup: http://pastebin.com/WPQqaRG6.

Oddly, the second run sometimes has one libunbound error message and sometimes none, but it works (as long as there are not two).

[dEBRUYNE]

There's been some discussion on this somewhere in the past, I thought it became a "tacoshi" in reference to the dev tacotime.

edit: found this https://moneroeconomy.com/news/submultiples-monero

When was the last time tacotime did anything remotely related to monero? Serious question.


EDIT: Why not call the smallest Monero denomination... a Nero.

I would appreciate an answer to this as well.

[fluffypony]

There's been some discussion on this somewhere in the past, I thought it became a "tacoshi" in reference to the dev tacotime.

edit: found this https://moneroeconomy.com/news/submultiples-monero

When was the last time tacotime did anything remotely related to monero? Serious question.


EDIT: Why not call the smallest Monero denomination... a Nero.

I would appreciate an answer to this as well.

At 2am today (my time)  -


[01:53:09] <tacotime> https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.6
[01:53:36] <tacotime> there's a step where you get r from SHA-512(prefix || M)
[01:54:10] <tacotime> where prefix is SHA-512(secret)[32:64]
[01:57:48] <tacotime> (the first half of the prefix is used to generate the scalar to use as a private key)
[01:58:08] <tacotime> my question is, can't prefix be anything and the won't the signature still be valid if it is?
[01:58:21] <tacotime> and is there any reason that doing this would be dangerous?
[01:59:27] <tacotime> i realize that if you use a bad value it might be like choosing a bad K in general
[01:59:38] <tacotime> but if your value is securely chosen, is it safe?
[02:34:26] <tacotime> and also
[02:34:26] <tacotime> is it possible to construct hd keychains from ed25519 private scalars? i don't really thing it is because there are four required bits that need to be set for an ed25519 scalar to be valid in terms of generating a signature
[02:34:26] <tacotime> i kinda wonder if there's a way around that though
[02:34:29] <tacotime> normally for an hd keychain you += hash(pubkey || index) to both the private scalar and public point
[02:35:38] <tacotime> so to get priv_i and pub_i
[02:36:06] <tacotime> priv_i = (priv + hash) mod N
[02:37:17] <tacotime> pub_i = (pub + scalarbasemult(hash))
[02:38:16] <tacotime> and how come monero doesn't run into this issue when it generates private keys through ecdh? does monero allow these scalars to be legal with the bits set anyway?
[02:38:37] <tacotime> because you'd expect 1 in every 2^4 scalars for any given derived keypair to be invalid
[02:38:42] <tacotime> but i'm probably missing something
[02:59:03] <tacotime> okay i figured out the zeroing out of the 3 lsbs
[02:59:12] <tacotime> that's just *= the cofactor
[02:59:29] <tacotime> but you do need one bit to be set in the private key for it to be useable, right??
[03:00:22] <tacotime> so when you ecdh a corresponding secret to the recipient, how can you tell with 100% certainty that the private key they will derive has a single set bit in the 254th position??

[saddambitcoin]

Not sure if this is the right place to report this, but have compiled the new version of bitmonerod on a mac and converted the blockchain using blockchain_converter.

The problem is I have to run bitmonerod twice (exiting the first run with ^C ^C) in order for it to work. The first run after opening a new Terminal window always hangs, displaying two libunbound error messages during startup: http://pastebin.com/WPQqaRG6.

Oddly, the second run sometimes has one libunbound error message and sometimes none, but it works (as long as there are not two).

Hm, I seem to remember having some hiccups like that too but I forgot about them because they eventually just disappeared without me doing anything (knowingly) to correct the issue.


What version of OSX?

[pa]

There's been some discussion on this somewhere in the past, I thought it became a "tacoshi" in reference to the dev tacotime.

edit: found this https://moneroeconomy.com/news/submultiples-monero

When was the last time tacotime did anything remotely related to monero? Serious question.


EDIT: Why not call the smallest Monero denomination... a Nero.

I would appreciate an answer to this as well.

At 2am today (my time)  -


[01:53:09] <tacotime> https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.6
[01:53:36] <tacotime> there's a step where you get r from SHA-512(prefix || M)
[01:54:10] <tacotime> where prefix is SHA-512(secret)[32:64]
[01:57:48] <tacotime> (the first half of the prefix is used to generate the scalar to use as a private key)
[01:58:08] <tacotime> my question is, can't prefix be anything and the won't the signature still be valid if it is?
[01:58:21] <tacotime> and is there any reason that doing this would be dangerous?
[01:59:27] <tacotime> i realize that if you use a bad value it might be like choosing a bad K in general
[01:59:38] <tacotime> but if your value is securely chosen, is it safe?
[02:34:26] <tacotime> and also
[02:34:26] <tacotime> is it possible to construct hd keychains from ed25519 private scalars? i don't really thing it is because there are four required bits that need to be set for an ed25519 scalar to be valid in terms of generating a signature
[02:34:26] <tacotime> i kinda wonder if there's a way around that though
[02:34:29] <tacotime> normally for an hd keychain you += hash(pubkey || index) to both the private scalar and public point
[02:35:38] <tacotime> so to get priv_i and pub_i
[02:36:06] <tacotime> priv_i = (priv + hash) mod N
[02:37:17] <tacotime> pub_i = (pub + scalarbasemult(hash))
[02:38:16] <tacotime> and how come monero doesn't run into this issue when it generates private keys through ecdh? does monero allow these scalars to be legal with the bits set anyway?
[02:38:37] <tacotime> because you'd expect 1 in every 2^4 scalars for any given derived keypair to be invalid
[02:38:42] <tacotime> but i'm probably missing something
[02:59:03] <tacotime> okay i figured out the zeroing out of the 3 lsbs
[02:59:12] <tacotime> that's just *= the cofactor
[02:59:29] <tacotime> but you do need one bit to be set in the private key for it to be useable, right??
[03:00:22] <tacotime> so when you ecdh a corresponding secret to the recipient, how can you tell with 100% certainty that the private key they will derive has a single set bit in the 254th position??

So 2am is taco time?

[dEBRUYNE]

There's been some discussion on this somewhere in the past, I thought it became a "tacoshi" in reference to the dev tacotime.

edit: found this https://moneroeconomy.com/news/submultiples-monero

When was the last time tacotime did anything remotely related to monero? Serious question.


EDIT: Why not call the smallest Monero denomination... a Nero.

I would appreciate an answer to this as well.

At 2am today (my time)  -


[01:53:09] <tacotime> https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.6
[01:53:36] <tacotime> there's a step where you get r from SHA-512(prefix || M)
[01:54:10] <tacotime> where prefix is SHA-512(secret)[32:64]
[01:57:48] <tacotime> (the first half of the prefix is used to generate the scalar to use as a private key)
[01:58:08] <tacotime> my question is, can't prefix be anything and the won't the signature still be valid if it is?
[01:58:21] <tacotime> and is there any reason that doing this would be dangerous?
[01:59:27] <tacotime> i realize that if you use a bad value it might be like choosing a bad K in general
[01:59:38] <tacotime> but if your value is securely chosen, is it safe?
[02:34:26] <tacotime> and also
[02:34:26] <tacotime> is it possible to construct hd keychains from ed25519 private scalars? i don't really thing it is because there are four required bits that need to be set for an ed25519 scalar to be valid in terms of generating a signature
[02:34:26] <tacotime> i kinda wonder if there's a way around that though
[02:34:29] <tacotime> normally for an hd keychain you += hash(pubkey || index) to both the private scalar and public point
[02:35:38] <tacotime> so to get priv_i and pub_i
[02:36:06] <tacotime> priv_i = (priv + hash) mod N
[02:37:17] <tacotime> pub_i = (pub + scalarbasemult(hash))
[02:38:16] <tacotime> and how come monero doesn't run into this issue when it generates private keys through ecdh? does monero allow these scalars to be legal with the bits set anyway?
[02:38:37] <tacotime> because you'd expect 1 in every 2^4 scalars for any given derived keypair to be invalid
[02:38:42] <tacotime> but i'm probably missing something
[02:59:03] <tacotime> okay i figured out the zeroing out of the 3 lsbs
[02:59:12] <tacotime> that's just *= the cofactor
[02:59:29] <tacotime> but you do need one bit to be set in the private key for it to be useable, right??
[03:00:22] <tacotime> so when you ecdh a corresponding secret to the recipient, how can you tell with 100% certainty that the private key they will derive has a single set bit in the 254th position??

I am not understanding any of this stuff But great to see he's still active!

[pa]

Not sure if this is the right place to report this, but have compiled the new version of bitmonerod on a mac and converted the blockchain using blockchain_converter.

The problem is I have to run bitmonerod twice (exiting the first run with ^C ^C) in order for it to work. The first run after opening a new Terminal window always hangs, displaying two libunbound error messages during startup: http://pastebin.com/WPQqaRG6.

Oddly, the second run sometimes has one libunbound error message and sometimes none, but it works (as long as there are not two).

Hm, I seem to remember having some hiccups like that too but I forgot about them because they eventually just disappeared without me doing anything (knowingly) to correct the issue.


What version of OSX?

Yosemite (10.10.4).
Another tiny bug is that typing help in bitmonerod sometimes causes it to hang. (Help works fine in simplewallet, though).
Overall very impressed with the improvements.

[smooth]

Is he pretty active in the background of things?

He's but at the moment less than some times in the past.

The thing is we are all part time with various other demands on our time so each team member's activity level varies over time.

Take NoodleDoodle for example. He did the critical early work to optimizing (or de-unoptimizing and de-obfuscating if you want to call it that) the proof-of-work last year and you didn't hear much from him for a while, although he was still somewhat active behind the scenes. Then recently he did a huge amount of work to fix and optimize the database code. It's pretty much the same for every single one of us.

[Hueristic]

There's been some discussion on this somewhere in the past, I thought it became a "tacoshi" in reference to the dev tacotime.

edit: found this https://moneroeconomy.com/news/submultiples-monero

When was the last time tacotime did anything remotely related to monero? Serious question.


EDIT: Why not call the smallest Monero denomination... a Nero.

I would appreciate an answer to this as well.

At 2am today (my time)  -


[01:53:09] <tacotime> https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5.6
[01:53:36] <tacotime> there's a step where you get r from SHA-512(prefix || M)
[01:54:10] <tacotime> where prefix is SHA-512(secret)[32:64]
[01:57:48] <tacotime> (the first half of the prefix is used to generate the scalar to use as a private key)
[01:58:08] <tacotime> my question is, can't prefix be anything and the won't the signature still be valid if it is?
[01:58:21] <tacotime> and is there any reason that doing this would be dangerous?
[01:59:27] <tacotime> i realize that if you use a bad value it might be like choosing a bad K in general
[01:59:38] <tacotime> but if your value is securely chosen, is it safe?
[02:34:26] <tacotime> and also
[02:34:26] <tacotime> is it possible to construct hd keychains from ed25519 private scalars? i don't really thing it is because there are four required bits that need to be set for an ed25519 scalar to be valid in terms of generating a signature
[02:34:26] <tacotime> i kinda wonder if there's a way around that though
[02:34:29] <tacotime> normally for an hd keychain you += hash(pubkey || index) to both the private scalar and public point
[02:35:38] <tacotime> so to get priv_i and pub_i
[02:36:06] <tacotime> priv_i = (priv + hash) mod N
[02:37:17] <tacotime> pub_i = (pub + scalarbasemult(hash))
[02:38:16] <tacotime> and how come monero doesn't run into this issue when it generates private keys through ecdh? does monero allow these scalars to be legal with the bits set anyway?
[02:38:37] <tacotime> because you'd expect 1 in every 2^4 scalars for any given derived keypair to be invalid
[02:38:42] <tacotime> but i'm probably missing something
[02:59:03] <tacotime> okay i figured out the zeroing out of the 3 lsbs
[02:59:12] <tacotime> that's just *= the cofactor
[02:59:29] <tacotime> but you do need one bit to be set in the private key for it to be useable, right??
[03:00:22] <tacotime> so when you ecdh a corresponding secret to the recipient, how can you tell with 100% certainty that the private key they will derive has a single set bit in the 254th position??

Best response ever.

[Hueristic]

http://thehackernews.com/2015/08/quantum-computing-encryption.html

The team has already developed a robust encryption protocol prototype that they explained can slow down cracking process by 21 percent than the versions using elliptic curve cryptography.

Rather than multiplying large prime numbers together, or using elliptic curve cryptography, the mathematical operation of new protocol is based upon multiplying polynomials together, then adding some random noise,

[drawingthesun]

Bitcoin - The main one.
Monero - Anonymous and private cryptocurrency.
Ethereum - experimental computational contracts coin.

Is there an actual market for computacional contracts? Before Monero I was only on Bitcoin because it could work as that as well, I have no problems with a multi-crypto world, I just like Monero key features and simplicity better and how it accomplishes the electronic cash role beautifully like nothing before, even the name is perfect. I'll not be owning Ethereum btw, even knowing the hype could create a bubble... no thanks.

Good point.

Being a programmer I have thought about what use cases in the real world Ethereum would be good for...

I haven't really came up with anything yet as I do find the platform far too limiting. I figure I just wasn't smart enough! Apparently the founder of Ethereum is meant to be a genius so there may be real world use cases that I just can't think of?

[antanst]

@markm You do not need to specify your own IP address. I have no idea why those instructions are telling you do to that.

It's in antast's blog under "Set up supervisor to make bitmonerod start during system boot" -> https://antanst.com/blog/2015/05/22/how-to-set-up-a-monero-node-in-ubuntu-14.04/

You should enter your real IP address in the second line, and also replace the "1024" limit values, depending on your available bandwidth. These values correspond to kB/s, so the above example specifies a one megabyte per second bandwidth limit.

But as you can see the blog is from may, so it's a bit outdated I think.

The instructions are not outdated. If you want bitmonerod to accept incoming P2P connections (and hence help the network), you should point it to your internet-facing IP address. It's good practice to explicitely bind it to that IP address only and avoid it binding to all interfaces, as it does by default I believe.

Feel free to ignore this if you just want to run a wallet though, or running a node behind NAT.

[smooth]

@markm You do not need to specify your own IP address. I have no idea why those instructions are telling you do to that.

It's in antast's blog under "Set up supervisor to make bitmonerod start during system boot" -> https://antanst.com/blog/2015/05/22/how-to-set-up-a-monero-node-in-ubuntu-14.04/

You should enter your real IP address in the second line, and also replace the "1024" limit values, depending on your available bandwidth. These values correspond to kB/s, so the above example specifies a one megabyte per second bandwidth limit.

But as you can see the blog is from may, so it's a bit outdated I think.

The instructions are not outdated. If you want bitmonerod to accept incoming P2P connections (and hence help the network), you should point it to your internet-facing IP address. It's good practice to explicitely bind it to that IP address only and avoid it binding to all interfaces, as it does by default I believe.

Feel free to ignore this if you just want to run a wallet though, or running a node behind NAT.

It does that by default. In fact it even works behind NAT, if you relay the port (18080). If the NAT supports UPNP the relay could theoretically happen automatically but I've never seen that work (I guess my routers don't support UPNP or it is turned off).

[Its About Sharing]

Have you been thinking it's “Way too hard to acquire these Monero Bucks”?

A Step By Step Guide to Compiling Monero on OSX:

I've noticed an increase of people wanting to compile the latest code. While there are plenty of Linux resources I haven't seen many for OSX. Also, the bitmonero Github README points to instructions that install an older release, which is not what you want.

The good thing is, the instructions are not much different from Linux, but if you're new to the command line this may be intimidating to figure out.

Just follow these instructions step by step in your Terminal and you'll be running in no time.

1. Install Homebrew.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

2. Install various packages needed to build the Monero daemon and wallet.
brew install git boost cmake libevent miniupnpc

3. Clone the bitmonero repository to your computer using Git.
git clone https://github.com/monero-project/bitmonero.git bitmonero

4. cd bitmonero

5. Finally, compile the code.
make release

6. If you get no errors, you're ready to start the daemon and begin syncing the blockchain.
cd build/release/bin
./bitmonerod

7. Command+T to open another Terminal tab. Now you can run simplewallet and start using Monero!
./simplewallet

8. If you found this guide helpful, feel free to donate 1 XMR like so:

Code:

transfer 3 47Vmj6BXSRPax69cVdqVP5APVLkcxxjjXdcP9fJWZdNc5mEpn3fXQY1CFmJDvyUXzj2Fy9XafvUgMbW91ZoqwqmQ6RjbVtp 1

Thanks for doing this. I tried installing (as I want to make some "paper" wallets, so to speak) but I get a fair amount of warnings.

Not to be critical, but I just can't imagine non computer people going through all the steps. Haven't been here much for months, any word on the GUI wallet, in the sense of just clicking a .dmg file and having it point and click? I mean I can use Electrum for BTC, My Monero online, but I really think not having an easier to use wallet is just hurting things. Hard for many of you to understand this I think as you are computer experts, but seeing warnings flash by the screen and such, just doesn't seem user friendly.

I don't have to download the blockchain to just create a wallet right? (I just want to make a paper wallet and will import to MyMonero or a more friendly wallet when I want to cash out.)

Thanks in advance,
IAS

[smooth]

I don't have to download the blockchain to just create a wallet right? (I just want to make a paper wallet and will import to MyMonero or a more friendly wallet when I want to cash out.)

That's correct. You can do it on a computer that isn't even online (in fact that can be safer).

[dEBRUYNE]

I don't have to download the blockchain to just create a wallet right? (I just want to make a paper wallet and will import to MyMonero or a more friendly wallet when I want to cash out.)

That's correct. You can do it on a computer that isn't even online (in fact that can be safer).

In addition, http://moneroaddress.org/ can be used to generate an offline wallet.

[Its About Sharing]

I don't have to download the blockchain to just create a wallet right? (I just want to make a paper wallet and will import to MyMonero or a more friendly wallet when I want to cash out.)

That's correct. You can do it on a computer that isn't even online (in fact that can be safer).

In addition, http://moneroaddress.org/ can be used to generate an offline wallet.

A friend just sent me that, thanks. Can you download the source or ?

[smooth]

I don't have to download the blockchain to just create a wallet right? (I just want to make a paper wallet and will import to MyMonero or a more friendly wallet when I want to cash out.)

That's correct. You can do it on a computer that isn't even online (in fact that can be safer).

In addition, http://moneroaddress.org/ can be used to generate an offline wallet.

A friend just sent me that, thanks. Can you download the source or ?

Yes you can download the page, save it offline, and then use it.