[XMR] Monero - A secure, private, untraceable cryptocurrency

[Keyboard-Mash]

I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.

So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

I would like to see a bounty raised for GPU miner, to prevent deception or groupthinking. Putting it in the headline gives the implication that it will be permanent to people seeing it for the first time.

[1715253896]

1715253896

[1715253896]

1715253896

[1715253896]

1715253896

[1715253896]

1715253896

[smooth]

I don't think it is necessarily anything.

very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.

All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.

If a couple of large farms show up it's going to chase all the miners off because there's no pool yet.  Nobody will have any realistic chance of getting a block.

Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.

People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months. 


 

[blaaaaacksuit]

I don't think it is necessarily anything.

very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.

All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.

If a couple of large farms show up it's going to chase all the miners off because there's no pool yet.  Nobody will have any realistic chance of getting a block.

Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.

People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months. 


 

But it can, and it will happen.  Probably sooner than later considering how fast the value of this coin is rising.  I have six computers mining and only found one block so far back when the difficulty was in the 1000000 range.  At 6000000 I'm just going to stop mining because there really is no point.  Not trying to be a thorn in anybody's side here, just saying this could turn into a problem.  Only time will tell i guess.

[smooth]

I don't think it is necessarily anything.

very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.

All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.

If a couple of large farms show up it's going to chase all the miners off because there's no pool yet.  Nobody will have any realistic chance of getting a block.

Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.

People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months. 


 

But it can, and it will happen.  Probably sooner than later considering how fast the value of this coin is rising.  I have six computers mining and only found one block so far back when the difficulty was in the 1000000 range.  At 6000000 I'm just going to stop mining because there really is no point.  Not trying to be a thorn in anybody's side here, just saying this could turn into a problem.  Only time will tell i guess.

Whether or not large farms or botnets show up, the hash rate will certainly continue to rise if the coin is successful and pools will be needed if small miners want consistent payouts. Fortunately an open source pool solution is being developed.

[David Latapie]

I use this one:

start_mining  42kW2qQgSu81gTwkh6tTvKLqFwo487NTiU2xCURNSPJqBegivh5bUxcddCo7BzJ2wFbF9giMx8ySnYN 6BazQQFHVPnrtHUX 4

This one is good.

underscore does not start the miner. however the hyphen does start it.

in the responses above, people are using hyphen not underscore.

this is more complex than i realized.

Go to http://monero.cc/getting-started. And PM for question (I don't always read the post).
Also check the starter pack if you need precompiled binaries
starter pack

But I don't understand, Monero and BitMonero - is this one coin or different?

Yesn sale coin but for historical reason, the dev doesn't accept the changing of the name.

But I don't understand, Monero and BitMonero - is this one coin or different?

Yesn sale coin but for historical reason, the dev doesn't accept the changing of the name.

People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.

Considering the electricity bill and the price of BTC by that time, was it worth it when you did it? Or were you that much in love with bitcoin that you were ready to mine at a loss?

[smooth]

People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.

Considering the electricity bill and the price of BTC by that time, was it worth it when you did it? Or were you that much in love with bitcoin that you were ready to mine at a loss?

It was profitable over the cost of electricity, I think. (I had free electricity so I don't really remember but I don't think that was the issue.) Whether you use a pool or solo mine does not affect profitability (although...pool fees, etc. would reduce it), only how much your results are influenced by luck, which can go either way.

[blaaaaacksuit]

Smooth, you have any ETA on the pool?

[smooth]

Smooth, you have any ETA on the pool?

Any updates will be posted. Tacotime is in contact with the developer.

[smooth]

Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.

I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.

I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.

The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.

[Keyboard-Mash]

Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.

I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.

I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.

The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.

What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?

[smooth]

Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.

I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.

I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.

The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.

What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?

I dont understand tromp's algorithm well enough to comment. dga posted some cautionary comments that I would echo. I don't have a link for that.

The premise of honeypenny's algorithm seems to be requiring access to the block chain in order to hash. That has some good and bad properties. Given sufficient block chain growth it turns into a storage bound task, since storing the block chain in primary memory seems implausible going forward, and likely tends toward centralization. Perhaps no more so than centralization of nodes though.

[AnonyMint]

If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.

I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.

In any case, I changed it to say "CPU only currently".

As the algorithm currently is implemented, I believe that is more honest for the time being.

If AES was replaced with a true cryptographic hash that was exceptionally faster (so that it would be only latency bound and no AES birthday-like attack possible) and if that hash was not efficiently implementable on GPUs, then I would consider the PoW to be strongly CPU only. I would think even an ASIC wouldn't likely outperform significantly since it would be up against all the economies-of-scale of Intel's fabs. In short, your PoW got very close to what I think is possible for design but is missing critical elements. If such a design I envision is open sourced, then you can copy it later.

I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.

So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?

The issue as I understand it (see the link I provided upthread) is that encrypted output is not designed to model a Random Oracle, whereas a cryptographic hash has certain qualities which are more approximate of a Random Oracle. In particular, there is no requirement that 1 bit of change in input to AES changes most of the bits of the output.

A cryptographic hash is irreversible so has greater leeway to incorporate more confusion and diffusion. Whereas, an encryption algorithm by definition is reversible with decryption.

[AnonyMint]

Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.

I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.

I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.

The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.

What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?

I dont understand tromp's algorithm well enough to comment. dga posted some cautionary comments that I would echo. I don't have a link for that.

The premise of honeypenny's algorithm seems to be requiring access to the block chain in order to hash. That has some good and bad properties. Given sufficient block chain growth it turns into a storage bound task, since storing the block chain in primary memory seems implausible going forward, and likely tends toward centralization. Perhaps no more so than centralization of nodes though.

I go into detailed discussion with tromp in my thread:

https://bitcointalk.org/index.php?topic=557732.0

Also you can find some discussion between him and myself in the MemoryCoin 2.0 PoW thread which I linked to upthread.

In short, I don't believe it is CPU only currently, but (and I think we agreed this, but ask him) it might be the appropriate algorithm for mobile later if CPUs move to extremely high number of cores. Our discussion concluded with more testing is needed and I would try to help him get a TileGX in future if I can.

[pavimus]

Omg, difficulty increased x1.5 overnight (now 8038312). Botnet?

[smooth]

Omg, difficulty increased x1.5 overnight (now 8038312). Botnet?

I don't think 1.5x indicates a botnet at all.

For one thing the Windows miner was optimized to be about twice as fast (which makes it slightly faster than Linux, but fairly close). Given that so many people use Windows a big jump is to be expected.

Second with the attention this coin is getting and the enormous price jump it is not surprising that many more people want to mine it.

[eizh]

We're all hip and stuff now:

[smooth]

We're all hip and stuff now:

Nice work!

[sid7039]

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

Where is this 32-bit update located? Would like to try it.

tacotime, where is this 32-bit update located?

[eizh]

So, not sure. I did push the 32-bit update the other day, it could be a botnet.

Where is this 32-bit update located? Would like to try it.

tacotime, where is this 32-bit update located?

It doesn't exist yet. Officially, Bytecoin's latest updates should have been able to run on 32-bit. But right now it doesn't seem to be able to mine. The MRO code changes were merged from Bytecoin so it doesn't work either. Noodle is still trying to figure it out and it's possible Bytecoin needs further fixes.

[eizh]

Reposting the mining guide here to clear up the OP and link to this.

Linux tutorial

You will need to open two terminals. The current implementation separates the wallet and daemon to make cloud mining easier.

First, you must compile the binaries.  Run these commands in the location you want to install to:

Code:

git clone git://github.com/monero-project/bitmonero.git
cd bitmonero
sudo apt-get update
sudo apt-get install libboost-all-dev cmake
make -j4

The source will take a little while to compile.  After it is done, in this terminal, type these commands:

Code:

cd build/release/src
./bitmonerod

Let it sync. Don't close (once the daemon is active, you can use show_hr to get your hashrate or set_log 1/2/3 to change the verbosity of the logs). If you close the daemon whilst you are mining, mining will stop (obviously) and if you open the daemon again the mining won't resume (you must use the start_mining command on the wallet for that).

Now, open a second terminal.

On terminal 2, navigate to the same location and type these commands:

Code:

cd bitmonero/build/release/src
./simplewallet --generate-new-wallet=name_of_my_wallet.bin

You will be prompted for a password. Be careful: you won't have to type a confirmation so beware of typos!
Close the wallet with the "exit" command.

Now type this command:

Code:

./simplewallet --wallet-file=name_of_my_wallet.bin

and enter your password. If you forgot your password or mistyped it at creation time, delete every file starting with name_of_my_wallet.bin and start over. Every MRO would be lost forever, so it's important that you do it just after the creation, before any mining.  ALWAYS BACK UP YOUR WALLET.

Go down to the mining section to get started. You can type help in both the daemon and simplewallet to see more commands.  If you'd like to see blocks as the come into the network, simply type "set_log 1" in the daemon (terminal 1).

Good luck and happy mining!

Windows tutorial

You can use the command line as above. You can also use the batch file shown below. Paste the text into notepad and save it as a .bat file. Note that you can change the name of your wallet file if you want (it's wallet.bin here). Double click the .bat file then go down to mining after waiting for terminal 1 to sync.

Code:

@echo off

tasklist /FI "IMAGENAME eq bitmonerod.exe" 2>NUL | find /I /N "bitmonerod.exe">NUL
if not %ERRORLEVEL% == 0 (
  echo Starting node...
  start /MIN bitmonerod.exe
) else (
  echo Node already started.
)

tasklist /FI "IMAGENAME eq simplewallet.exe" 2>NUL | find /I /N "simplewallet.exe">NUL
if not %ERRORLEVEL% == 0 (
  if exist wallet.bin.keys (
    echo Starting previous wallet...
    start simplewallet.exe --wallet wallet.bin
  ) else (
    echo Starting new wallet...
    start simplewallet.exe --generate-new-wallet wallet.bin
  )
) else (
  echo Wallet already started.
)

Mining

And now the good stuff: mining!
Since the wallet can command the daemon (miner), enter this in the wallet (terminal 2):

Code:

start_mining <number of threads>

To get your number of threads, use nproc on Linux, sysctl -n hw.ncpu on Mac, and WMIC CPU Get DeviceID,NumberOfCores,NumberOfLogicalProcessors on Windows. Or course, you don't have to use all your threads (especially if you are using your computer for something else such as simultaneous GPU mining).

You can mine to a specific address by typing this in the daemon (terminal 1, not the wallet terminal):

Code:

start_mining <address> <number of threads>

By the way: if you want to know your hashrate, type show_hr in the daemon. And if you want to change the amount of information in the daemon, use set_log 1 (least info) to set_log 3 (max info).

How can you know that you are actually mining? Check you CPU usage :-) If it's less than 80%, chances are you are not mining.

I hope this tutorial will prove useful.

Address for tips to author David Latapie:

Code:

46ctfLBhgyzJm61oTtDfu9GbVhG7ito4fNiQjdZcB5bL3mz5ejQrPD29uEkDHFzCVTHGFqAdG456w6ivYp7K23SiGREUiQe