[XMR] Monero - A secure, private, untraceable cryptocurrency

[blaaaaacksuit]

I frequently get this error in the daemon while I'm mining.  Anyone know what it means?  

Code:

2014-May-06 10:47:29.659843 [P2P8][83.55.192.3:46223 INC]COMMAND_TIMED_SYNC invoke failed. (-3, LEVIN_ERROR_CONNECTION_DESTROYED)

[1714836498]

1714836498

[tacotime]

There is another egregious flaw in the proof-of-work algorithm.

AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scatchpad size size significantly from the 2MB.

In the memory hard phase, and it uses 256-bit key sizes.  This is followed by a number of SHA3 candidates at the bottom.  Even if you broke the memory hard AES phase, you'd still have to contend with those.

So, whoever breaks 256-bit AES keys in the memory hard section is awarded most of the hash rate for the network. Good for them, and good luck to them.

I have no real concern with keeping it "CPU only". Whoever innovates the first GPU miner or ASIC miner or whatever should be rewarded accordingly for their efforts.

[Wanesst]

Guys, here is a new CryptoNote fork - https://bitcointalk.org/index.php?topic=585611 (FantomCoin) with a merged mining Bytecoin and BitMonero.

But I don't understand, Monero and BitMonero - is this one coin or different?

Also there is a GUI-miner (no command line ):

[billotronic]

ffs I need some help.

Trying to set up some remote mining rigs on Ubuntu 12.04. I've gotten the bugger to compile but now I am trying to bind MRO to the socks proxy and I am not having any luck. The host has tsocks configured (which is what I ususally use for such things) but that by itself is not getting any connections:

Code:

2014-May-07 04:37:20.106058 Starting...
2014-May-07 04:37:20.106315 bitmonero v0.8.5.294()
2014-May-07 04:37:20.106386 Module folder: ./bitmonerod
2014-May-07 04:37:20.106551 Initializing p2p server...
2014-May-07 04:37:20.106708 Binding on 0.0.0.0:18080
2014-May-07 04:37:20.106779 Net service binded on 0.0.0.0:18080
2014-May-07 04:37:20.106822 Attempting to add IGD port mapping.
2014-May-07 04:37:24.111636 No IGD was found.
2014-May-07 04:37:24.111733 P2p server initialized OK
2014-May-07 04:37:24.111782 Initializing cryptonote protocol...
2014-May-07 04:37:24.111818 Cryptonote protocol initialized OK
2014-May-07 04:37:24.111845 Initializing core rpc server...
2014-May-07 04:37:24.111892 Binding on 127.0.0.1:18081
2014-May-07 04:37:24.112010 Core rpc server initialized OK on port: 18081
2014-May-07 04:37:24.112055 Initializing core...
2014-May-07 04:37:24.112157 Loading blockchain...
2014-May-07 04:37:24.112263 Blockchain initialized. last block: 0, d671.h15.m37.s24 time ago, current difficulty: 1
2014-May-07 04:37:24.112310 Core initialized OK
2014-May-07 04:37:24.112522 Starting core rpc server...
2014-May-07 04:37:24.112565 Run net_service loop( 2 threads)...
2014-May-07 04:37:24.112710 [SRV_MAIN]Core rpc server started ok
2014-May-07 04:37:24.112809 [SRV_MAIN]Starting p2p net loop...
2014-May-07 04:37:24.113220 [SRV_MAIN]Run net_service loop( 10 threads)...
2014-May-07 04:37:25.112995 [P2P0]Connecting to 64.22.111.2:18080(white=1, last_seen: never)...
2014-May-07 04:37:25.113203 [P2P9]
**********************************************************************
The daemon will start synchronizing with the network. It may take up to several hours.

You can set the level of process detailization by using command "set_log <level>", where <level> is either 0 (no details), 1 (current block height synchronized), or 2 (all details).

Use "help" command to see the list of available commands.

Note: in case you need to interrupt the process, use "exit" command. Otherwise, the current progress won't be saved.
**********************************************************************
2014-May-07 04:37:30.113958 [P2P0]Connect failed to 64.22.111.2:18080
2014-May-07 04:37:30.114063 [P2P0]Connecting to 107.158.233.98:18080(white=1, last_seen: never)...
2014-May-07 04:37:35.114397 [P2P0]Connect failed to 107.158.233.98:18080
2014-May-07 04:37:35.114493 [P2P0]Connecting to 64.22.111.2:18080(white=1, last_seen: never)...
2014-May-07 04:37:40.114821 [P2P0]Connect failed to 64.22.111.2:18080
2014-May-07 04:37:40.114927 [P2P0]Failed to connect to any of seed peers, continuing without seeds

I then tried to manually pass the proxy info via --rpc-bind-port etc I get this:

Code:

2014-May-07 04:42:11.074992 Starting...
2014-May-07 04:42:11.075277 bitmonero v0.8.5.294()
2014-May-07 04:42:11.075331 Module folder: ./bitmonerod
2014-May-07 04:42:11.075524 Initializing p2p server...
2014-May-07 04:42:11.075685 Binding on 0.0.0.0:18080
2014-May-07 04:42:11.075755 Net service binded on 0.0.0.0:18080
2014-May-07 04:42:11.075795 Attempting to add IGD port mapping.
2014-May-07 04:42:15.081198 No IGD was found.
2014-May-07 04:42:15.081296 P2p server initialized OK
2014-May-07 04:42:15.081346 Initializing cryptonote protocol...
2014-May-07 04:42:15.081373 Cryptonote protocol initialized OK
2014-May-07 04:42:15.081399 Initializing core rpc server...
2014-May-07 04:42:15.081432 Binding on 192.168.56.1:101
2014-May-07 04:42:15.081624 ERROR /home/bitmonero/contrib/epee/include/net/abstract_tcp_server2.inl:468 Exception at [boosted_tcp_server<t_protocol_handler>::init_server], what=bind: Cannot assign requested address
2014-May-07 04:42:15.081688 ERROR /home/bitmonero/contrib/epee/include/net/http_server_impl_base.h:68 Failed to bind server
2014-May-07 04:42:15.081718 ERROR /home/bitmonero/src/daemon/daemon.cpp:158 Failed to initialize core rpc server.
2014-May-07 04:42:15.082111 Mining has been stopped, 0 finished

It's trying to bind to the correct ip and port but will not work. Before I give up trying to get this running I was wondering if anyone had any ideas.

[pozmu]

Guys, here is a new CryptoNote fork - https://bitcointalk.org/index.php?topic=585611 (FantomCoin) with a merged mining Bytecoin and BitMonero.

But I don't understand, Monero and BitMonero - is this one coin or different?

Also there is a GUI-miner (no command line ):

BitMonero = Monero

[superresistant]

Guys, here is a new CryptoNote fork - https://bitcointalk.org/index.php?topic=585611 (FantomCoin) with a merged mining Bytecoin and BitMonero.
But I don't understand, Monero and BitMonero - is this one coin or different?
Also there is a GUI-miner (no command line ):

BitMonero may be forked and merged soon but right now it is the same.

Do not chose BitMonero over Monero when it happen, it is obvious that a merged coin will have much less value than a proper coin.

[pandher]

Guys, here is a new CryptoNote fork - https://bitcointalk.org/index.php?topic=585611 (FantomCoin) with a merged mining Bytecoin and BitMonero.

But I don't understand, Monero and BitMonero - is this one coin or different?

Also there is a GUI-miner (no command line ):

No need to post pointless forks here

[Keyboard-Mash]

Guys, here is a new CryptoNote fork - https://bitcointalk.org/index.php?topic=585611 (FantomCoin) with a merged mining Bytecoin and BitMonero.

But I don't understand, Monero and BitMonero - is this one coin or different?

Also there is a GUI-miner (no command line ):

No need to post pointless forks here

It's not completely pointless, the tx_extra field with low fee blockchain can allow you to upload information. They can do things like Mastercoin w/ colored coins.

I won't be supporting it, but it's not totally pointless -- competition will make the best of us all.

[trogdorjw73]

Why oh WHY do people do stuff like this!? I know that this was already discussed somewhere else, but the block rewards equation is rather difficult to plot/understand, and it really should be clarified.

Block reward: Smoothly varying using the formula (2⁶⁴ - 1 - A) * 2^-20 * 10^-12, where A = supply mined to date

Assuming that's correct, if we want to break that down into something people are actually able to understand (without resorting to serious spreadsheet calculations or function plotting software), let's start by removing those exponentials:
Block reward...
= (2⁶⁴ - 1 - A) * 0.00000000000000000095367431640625
= 17.592186 - 0.00000000000000000095367431640625 - A * 0.00000000000000000095367431640625
= 17.592186 - 0.00000000000000000095367431640625 - A * 0.00000000000000000095367431640625

If A is 0 to 18400000, we could basically drop both the second terms and the block rewards would be ~17.592186. Except that's clearly not the case, so what's going on? Well, A is obviously not going from 0 to 18400000; it's instead going from 0 to some large number -- but not so large that (A * 0.00000000000000000095367431640625) would be more than 17.592186, since we don't want negative block rewards.

I looked around in the source code (which is frankly a mess to understand -- hooray for security through obfuscation and complex code!), and anything even remotely resembling "2⁶⁴ - 1 - A) * 2^-20 * 10^-12" is nowhere to be seen in the block rewards calculations. Instead, we get bitwise shift operations and other items that again only seem to serve to obscure the true meaning of what's happening. It appears the coin supply (A) is actually scaled by 1,000,000,000,000 (one trillion) -- the reward is also limited in some way by the block size (). So, applying that scaling factor, what we get is that the block rewards are

17.592186044415 - A * 0.00000095367431640625, with A going from 0 to 18400000. (I dropped the second term as it appears to be insignificant -- even when scaled by 1 trillion.)

The result is that we're seeing block rewards of around 17.14 right now, so we're down ~0.45 from the initial rewards level in a couple weeks I guess. Over the long haul, it looks like we smoothly scale block rewards such that the reward is cut in half every ~504 days (give or take) -- and about half of the remaining coins are mined every ~504 days. That's really not that bad, but rather than such a clearly stated progression we get "Block reward: Smoothly varying using the formula (2⁶⁴ - 1 - A) * 2^-20 * 10^-12, where A = supply mined to date".

Thanks for that... it only took me a few hours to actually dig through the code, run some numbers, and figure out in plain English what is actually happening. It will take about nine years for 99% of MRO to be mined, or 4.5 years for 90% of MRO to be mined. That's a far faster distribution than BTC or LTC of course, but far slower than most of the other coins coming out these days.

Back to "real" work.... LOL

[nakaone]

the formula is hell, I tried the same on bytecoin, which is more or less the same formula. but I do not see your conclusion?

isn't it that simple that early miners are more rewarded than late miners? - I think regarding fairness that is totally fine

[eizh]

Why oh WHY do people do stuff like this!? I know that this was already discussed somewhere else, but the block rewards equation is rather difficult to plot/understand, and it really should be clarified.

Block reward: Smoothly varying using the formula (2⁶⁴ - 1 - A) * 2^-20 * 10^-12, where A = supply mined to date

Assuming that's correct, if we want to break that down into something people are actually able to understand (without resorting to serious spreadsheet calculations or function plotting software), let's start by removing those exponentials:
Block reward...
= (2⁶⁴ - 1 - A) * 0.00000000000000000095367431640625
= 17.592186 - 0.00000000000000000095367431640625 - A * 0.00000000000000000095367431640625
= 17.592186 - 0.00000000000000000095367431640625 - A * 0.00000000000000000095367431640625

If A is 0 to 18400000, we could basically drop both the second terms and the block rewards would be ~17.592186. Except that's clearly not the case, so what's going on? Well, A is obviously not going from 0 to 18400000; it's instead going from 0 to some large number -- but not so large that (A * 0.00000000000000000095367431640625) would be more than 17.592186, since we don't want negative block rewards.

I looked around in the source code (which is frankly a mess to understand -- hooray for security through obfuscation and complex code!), and anything even remotely resembling "2⁶⁴ - 1 - A) * 2^-20 * 10^-12" is nowhere to be seen in the block rewards calculations. Instead, we get bitwise shift operations and other items that again only seem to serve to obscure the true meaning of what's happening. It appears the coin supply (A) is actually scaled by 1,000,000,000,000 (one trillion) -- the reward is also limited in some way by the block size (). So, applying that scaling factor, what we get is that the block rewards are

17.592186044415 - A * 0.00000095367431640625, with A going from 0 to 18400000. (I dropped the second term as it appears to be insignificant -- even when scaled by 1 trillion.)

The result is that we're seeing block rewards of around 17.14 right now, so we're down ~0.45 from the initial rewards level in a couple weeks I guess. Over the long haul, it looks like we smoothly scale block rewards such that the reward is cut in half every ~504 days (give or take) -- and about half of the remaining coins are mined every ~504 days. That's really not that bad, but rather than such a clearly stated progression we get "Block reward: Smoothly varying using the formula (2⁶⁴ - 1 - A) * 2^-20 * 10^-12, where A = supply mined to date".

Thanks for that... it only took me a few hours to actually dig through the code, run some numbers, and figure out in plain English what is actually happening. It will take about nine years for 99% of MRO to be mined, or 4.5 years for 90% of MRO to be mined. That's a far faster distribution than BTC or LTC of course, but far slower than most of the other coins coming out these days.

Back to "real" work.... LOL

Yes, this is correct. A plot of what this looks like is below. Y-axis is in 10s of millions and the dashed line is the maximum supply (~18.446 million).

[Keyboard-Mash]

Difficulty is absolutely insane now, over 5,100,000

[tacotime]

Difficulty is absolutely insane now, over 5,100,000

Yes, but doesn't appear to be related to MMing as fantom HR is relatively low.

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

[blaaaaacksuit]

Difficulty is absolutely insane now, over 5,100,000

Yes, but doesn't appear to be related to MMing as fantom HR is relatively low.

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

Same thing happened to DRK earlier on in it's life.  Someone popped into a pool with 2 GH/s back when everyone was still CPU mining.  Drove the diff so high nobody else could get a block and he hung around until the dev had to implement a gravity well just to get rid of him.  After the well was in place the guy immediately pulled the plug and he never came back.  This is what made me think it wasn't a botnet but a HUGE server farm.  That plus the fact that the hashrate was very consistent.  Didn't stop him from getting around 50,000 DRK in the meantime though.  

[Keyboard-Mash]

Difficulty is absolutely insane now, over 5,100,000

Yes, but doesn't appear to be related to MMing as fantom HR is relatively low.

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

With the sudden onset, whoever it is doesn't care much in the way of entering quietly. Not all botnet operators are trying to kill off a network, just a different way of investing in the coin.

Either way, hopefully the intention is to hold onto the coin for a long time. With the amount of hardware and money invested in even supplying that much HR, I don't think this is a negative event. More something to just sit back and observe.

Hope I don't have to eat my words.

[smooth]

I don't think it is necessarily anything.

Every day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.

All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.

[sid7039]

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

Where is this 32-bit update located? Would like to try it.

[AnonyMint]

There is another egregious flaw in the proof-of-work algorithm.

AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scatchpad size size significantly from the 2MB.

In the memory hard phase, and it uses 256-bit key sizes.  This is followed by a number of SHA3 candidates at the bottom.  Even if you broke the memory hard AES phase, you'd still have to contend with those.

So, whoever breaks 256-bit AES keys in the memory hard section is awarded most of the hash rate for the network. Good for them, and good luck to them.

I have no real concern with keeping it "CPU only". Whoever innovates the first GPU miner or ASIC miner or whatever should be rewarded accordingly for their efforts.

I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.

In short, AES encryption is not a cryptographic hash function and shouldn't be employed as one.

Thus I am not talking about breaking CryptoNote's slowhash function, rather I am pointing out that by misusing AES encryption, you are breaking the memory hard assumption.

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

[blaaaaacksuit]

I don't think it is necessarily anything.

very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.

All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.

If a couple of large farms show up it's going to chase all the miners off because there's no pool yet.  Nobody will have any realistic chance of getting a block.

[eizh]

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.

In any case, I changed it to say "CPU only currently".