Bitcoin Forum
December 13, 2018, 12:25:22 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: « 1 ... 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 [590] 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 ... 2021 »
  Print  
Author Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency  (Read 4456225 times)
dawie
Member
**
Offline Offline

Activity: 115
Merit: 10


BTC for a better world


View Profile
August 22, 2014, 07:49:57 PM
 #11781

I'm interested in the long-term future of Monero, and as a Monero holder I'm trying to assess risks, such as a future improved privacy offering for Bitcoin users.  If you have any comments about CoinShuffle, CoinSwap, or what you consider to be the best privacy proposals that use the current Bitcoin protocol, I'd love to hear them.

I would recommend you read this discussion about the anonymity alternatives from the perspective of cryptographers:
https://bitcoin.stackexchange.com/questions/29471/is-there-any-true-anonymous-cryptocurrencies

TL;DR: Ring signatures (i.e. Cryptonote) have a clear advantage and hence Monero is a great hedge against Bitcoin proposed anonymization efforts.

Fascinated by BTC
BTC: 1HWUnvZ3xQykdSJsfyGiGQpZG16uFe8DXJ
XMR: 44fJ52WJGUmceBX6iARnfW6k9p2MFrwkb9AeXRDvQDaZYM8zkA2uuysE164GBGrhkvGh8PAxGUFU5Fq eEmk82Cww3CHdeRS
1544703922
Hero Member
*
Offline Offline

Posts: 1544703922

View Profile Personal Message (Offline)

Ignore
1544703922
Reply with quote  #2

1544703922
Report to moderator
Goat says: "Bitcoin is NOT Illegal in Thailand. There is no law against Bitcoin in Thailand!"
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1544703922
Hero Member
*
Offline Offline

Posts: 1544703922

View Profile Personal Message (Offline)

Ignore
1544703922
Reply with quote  #2

1544703922
Report to moderator
1544703922
Hero Member
*
Offline Offline

Posts: 1544703922

View Profile Personal Message (Offline)

Ignore
1544703922
Reply with quote  #2

1544703922
Report to moderator
Quanttek
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
August 23, 2014, 12:54:07 AM
 #11782


Missive timeline overview

An overview of the missives so far.

...


Cheers,
Phil


Beautiful! Thank you for doing this. It would be nice, if you could continue updating the list. Maybe every month make a new post with all the older posts included + all new missives, though it is just an idea

Enthusiast. Neither trader, nor miner and also no big investor.
Community Manager for Monero
PM if you need mine to exchange or anti-cheat algorithm for node-cryptonote-pool
xulescu
Sr. Member
****
Offline Offline

Activity: 263
Merit: 250


View Profile
August 23, 2014, 04:24:33 AM
 #11783

...
...

CryptoNote vs Bitcoin-based solutions

An abstract approach

You can put all outputs in any blockchain-based coin in a DAG where outputs are objects and transactions are arrows. If the transaction involves multiple inputs and multiple outputs, then add an arrow from any input to any output (call this a clique). In any such clique you mix the inputs, which is a good thing. The problem with Bitcoin is that the size of the cliques is severely limited: normally, you only have multiple inputs with a common source and most transactions have only two outputs, one of which is a change address. This allows you to aggregate addresses under the same ownership and this ripples both backwards and forwards (the latter is more troubling since it is the antipode of forward secrecy).

CoinJoin-like solutions attempt both to directly increase the size of the cliques and to address the first part of the problem (common inputs share ownership). Stealth addresses attempt to solve the second problem (everyone sees where the money goes). You can see how instead of saying that CryptoNote is "simply" better than those, it is more accurate to say that those solutions are actually approximate partial fragments of CryptoNote. In other words, any hypothetical Bitcoin privacy solution would necessarily have both a CoinJoin-like AND a stealth address-like mechanism to be viable. Due to technical limitations in the Bitcoin protocol (that would require a hard, hard fork to implement), all CoinJoin-like solutions are complicated Rube Goldberg machines because you can only mix with inputs in your same clique and that is and can never be enough (*) and all stealth address-like mechanisms require extra back-and-forth to perform the DH exchange. CryptoNote does those two things naturally; indeed, one could argue that the main ways in which CryptoNote is not Bitcoin are precisely changes specially-made for these two purposes (plus different PoW and other "variables").

Now you ask, "OK I understand CryptoNote is the shizzle and Bitcoin-based solutions are the groupies, but I think Bitcoin's network effects, prime mover advantage and a decent privacy implementation would make alts an academic exercise." To which the answer only really depends on whether you think any alt can overtake Bitcoin at all and has not much to do with privacy. People have very strong beliefs about this question generally. My answer (and that of many if not most here) is that it is entirely possible, but not necessarily probable, since they cater different markets (light vs dark liquidity) and thus we move to a different question.

If you really care about privacy then you understand that approximate privacy is no privacy. Monero's attack surface is flat compared to a hypothetical Bitcoin solution's fractal closure. Whoever sees this will use Monero instead of the Bitcoin-solution for privacy even if the userbase for Monero is much smaller. (*) This is because CryptoNote allows mixes with the past outputs. This means you do not need other participants (which is a seriously heavy rock that all CoinJoin approaches have to carry arround). On the longer term, this means you can mix even if there are only two people left using the network; even if the last transaction was last year; and so on, even if everyone stopped using Monero after this block you could still mix ten years later.

Finally, give me a function that decides in poly-time the question "Is output X the true source of the money that reached output Y?" in a CryptoNote DAG where all ring signatures have size at least 24 and I can probably decide 3-SAT in poly-time. The constant in the reduction could go to 12 since I'm pretty sloppy with map/fold. This means deterministic linkability is NP-hard and this is a very powerful result -- if the protocol is not misused, plausible deniability will never be compromised. If anyone's interested in pursuing this thread, the next question I have in mind is "What happens if we relax 'decides' to 'PAC-decides'?" A discussion of taint could come in handy here.
aminorex
Legendary
*
Offline Offline

Activity: 1554
Merit: 1027


Sine secretum non libertas


View Profile
August 23, 2014, 05:06:05 AM
 #11784

...

I love it when you talk dirty.

Give a man a fish and he eats for a day.  Give a man a Poisson distribution and he eats at random times independent of one another, at a constant known rate.
rpietila
Donator
Legendary
*
Offline Offline

Activity: 1652
Merit: 1004



View Profile
August 23, 2014, 05:37:49 AM
 #11785

May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.
mmmaybe
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250



View Profile WWW
August 23, 2014, 06:13:45 AM
 #11786

Thanks, any further comments from core team members would be great.  I don't see why every Bitcoin user must be forced to use a privacy protocol for every transaction to provide a sufficient anonymity set.  Even a small percentage of Bitcoin users may be a larger absolute number than the entire user base of a privacy coin.  Also, isn't the primary issue the absolute number of people one is mixing with in a transaction (e.g., 50), rather than the total number of users of a privacy protocol or privacy coin?  It seems the total user base only needs to be above some reasonable absolute number to provide sufficient privacy.  The number of total users of a coin seems most important because of network effects that can determine whether a coin will survive against competitors, rather than its effect on privacy.

The anonymity set is more reduced than that. Let me give you an example: say you want to transfer 123.456 Bitcoin. No matter what method you use, if someone can observe you sent 123.456 Bitcoin from your address and 123.456 Bitcoin appeared in another address within an hour or two they can make certain conclusions. These inferences can be cryptographically proven, and this is called "reducing the anonymity set". Eventually the anonymity set can be reduced to the point where you can ascertain undoubtedly prove a certain address sent a transaction regardless of the intermingling and intermixing that occurred.

Now in order to make this really difficult, you have to start with a VERY large anonymity set. In other words, there need to be to very many people potentially involved in a transaction that any reduction is practically meaningless. Mixing typically requires point-in-time availability of people or nodes, and the higher the mix the longer it takes (since you have to go through "rounds" of mixing). Darkcoin gets around this, I believe, by "premixing" your coins. The downside to their approach (and to most of the other approaches I've seen) is that you have massive address churn in your wallet, and any practical use will require you to back your wallet.dat up constantly. Secure and anonymous cold storage is thus observable to anyone with a blockchain explorer (when it really shouldn't be).

One of the solutions Monero and other mixing systems employ to blind amount correlation is it splits inputs (and outputs) by powers of 10, so the earlier example would mean inputs of 100, 20, 3, 0.4, 0.05, and 0.006. Now because of the way Monero works (ring signatures!) you specify you want to mix with, say, 50 other people. So it takes that first input (100) and goes and finds all the unspent transaction outputs (ie. those not spent with a mixin of 0) that have ever occurred in the past and have a value of 100. As you can imagine, this is a pretty huge set, and is growing every day. It can then pick 50 of those at random, add your signature to the ring, and voila. Now it does the same for the other 5 inputs. This means that the total anonymity set here is massive - 51 * 6 = 306 people that could have possibly been involved in the transaction. Most importantly, because all of these are stealthed transactions (Monero uses stealth addresses permanently) some of those outputs you mix with could even have been created by you previously! Thus the potential anonymity set grows and grows even if the userbase stays stagnant - a feature that is not shared by any of the Bitcoin-derived anonymity solutions.

Finally, because Monero uses stealth addresses, you never need to backup anything more than a 300 byte password-encrypted keys file (or just write down the 24 word mnemonic seed you get when you first create a wallet). That 300 byte file will never change no matter how many transactions you do. You back it up once and you are safe from data loss forever.

Great explanation, I'll for sure continue to mine xmr for the future Smiley Arguments like this should be on the webpage.

cAPSLOCK
Legendary
*
Offline Offline

Activity: 2030
Merit: 1225


Is it true? ®


View Profile
August 23, 2014, 06:47:04 AM
 #11787

May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.

I'll buy you a nice box of cigars if you're right. Wink  Maybe some Siglo VI?  To your taste?
rpietila
Donator
Legendary
*
Offline Offline

Activity: 1652
Merit: 1004



View Profile
August 23, 2014, 10:22:24 AM
 #11788

May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.

I'll buy you a nice box of cigars if you're right. Wink  Maybe some Siglo VI?  To your taste?

Siglo VI come in box of 25, so I think that is the best value I can hope for! Smiley

I'd say we need 1 XMR = $1,000, ok?
Aliyah
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
August 23, 2014, 10:38:08 AM
 #11789

So many FUDs around XMR but i will buy more.more FUDs = more people want to buy.
Globb0
Legendary
*
Online Online

Activity: 1722
Merit: 1135


New Wall Order Explorer


View Profile
August 23, 2014, 10:44:10 AM
 #11790


Missive timeline overview

An overview of the missives so far.

...


Cheers,
Phil


Beautiful! Thank you for doing this. It would be nice, if you could continue updating the list. Maybe every month make a new post with all the older posts included + all new missives, though it is just an idea

I'll happily maintain it, as long as it doesn't annoy the actual Monero team. I started it with a view to building the knowns into a bit of a roadmap and maybe some graphical flow for the overall reported progress. But as you see there is a super huge amount of information there so its hard to get it all into another more visual format.


Touch my bad self
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1260
Merit: 1019


GetMonero.org / MyMonero.com


View Profile WWW
August 23, 2014, 11:52:39 AM
 #11791

I'll happily maintain it, as long as it doesn't annoy the actual Monero team. I started it with a view to building the knowns into a bit of a roadmap and maybe some graphical flow for the overall reported progress. But as you see there is a super huge amount of information there so its hard to get it all into another more visual format.

Not annoyed at all:) I was wondering if it wouldn't make sense to put it on a timeline using this: http://timeline.knightlab.com - thoughts? The Time magazine "Nelson Mandela" timeline is an example how things brief notes can be expanded to show the exact line from the Missive or something. You can even shove it up on github and give a couple of people collab status so that you don't have to worry about maintaining it all by yourself.

Ultros
Sr. Member
****
Offline Offline

Activity: 471
Merit: 250



View Profile
August 23, 2014, 12:18:51 PM
 #11792

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could create one myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
smooth
Legendary
*
Offline Offline

Activity: 1988
Merit: 1064



View Profile
August 23, 2014, 12:19:55 PM
 #11793

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.
Ultros
Sr. Member
****
Offline Offline

Activity: 471
Merit: 250



View Profile
August 23, 2014, 12:34:11 PM
 #11794

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.


I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
smooth
Legendary
*
Offline Offline

Activity: 1988
Merit: 1064



View Profile
August 23, 2014, 12:34:54 PM
 #11795

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.


I believe it was due to some critical level of trolling. The thread wasn't self-moderated.

Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.
samaricanin
Hero Member
*****
Offline Offline

Activity: 698
Merit: 500



View Profile WWW
August 23, 2014, 12:44:00 PM
 #11796

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.


I believe it was due to some critical level of trolling. The thread wasn't self-moderated.

Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.

You can open one here

https://moneroforum.org/

dEBRUYNE
Legendary
*
Offline Offline

Activity: 1610
Merit: 1095


View Profile
August 23, 2014, 12:51:31 PM
 #11797

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.


I believe it was due to some critical level of trolling. The thread wasn't self-moderated.

Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.

Also would be happy if you open a self-moderated new one.

Privacy matters, use Monero - A true untraceable cryptocurrency
Why Monero matters? http://weuse.cash/2016/03/05/bitcoiners-hedge-your-position/
smooth
Legendary
*
Offline Offline

Activity: 1988
Merit: 1064



View Profile
August 23, 2014, 12:52:07 PM
 #11798

Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).

I'm curious why it was closed.


I believe it was due to some critical level of trolling. The thread wasn't self-moderated.

Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.

You can open one here

https://moneroforum.org/

I prefer to reach the wider audience here. We can retain that advantage while removing off-topic posts.



smooth
Legendary
*
Offline Offline

Activity: 1988
Merit: 1064



View Profile
August 23, 2014, 12:55:47 PM
 #11799



New self-moderated speculation thread

https://bitcointalk.org/index.php?topic=753252
Ultros
Sr. Member
****
Offline Offline

Activity: 471
Merit: 250



View Profile
August 23, 2014, 01:03:52 PM
 #11800

Thanks you.  Smiley
Pages: « 1 ... 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 [590] 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 ... 2021 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!