smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 04:00:21 PM |
|
Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use VER/LINK to find out who is really spending ?
This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalk.org/index.php?topic=583449.0Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter. Rem tene verba sequentur, as they used to say. Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ? I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it? Edit: If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring-sing of YOUR input with my privateKey ...
If you mean key image, you can't create that from a public key, only a private key.
|
|
|
|
OrientA
|
|
September 18, 2014, 04:05:36 PM |
|
imho we should incentivate donations instead of begging for donations... what about a weekly lottery where participating cost you eg. 1 xmr and the winner gets eg. 50% of the jackpot and the remaining 50% goes to developers?
This is a great idea. One that could probably be run by pretty much anyone too. Perhaps someone should try it and see what kind of level of participation we get? I like the dice idea. It also means XMR has some practical use.
|
|
|
|
infofront
Legendary
Offline
Activity: 2646
Merit: 2793
Shitcoin Minimalist
|
|
September 18, 2014, 04:06:19 PM |
|
You can't have a successful project without adequate funding ..
Monero need to do like https://protonmail.ch/ and open a donations page towards the project, its pretty clear Monero is best privacy coin that exists, a new website with a project funding campaign will have great effects. But where is the new website?? I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon. I like the idea of a page like that. With proper design and marketing, it could draw in donations from people outside of the current cryptocurrency ecosystem. There are plenty of privacy advocates, libertarians, technologists, etc. who are uninterested in the messy world of cryptocurrency "investment", but may nonetheless be willing to support what's marketed as a relatively NSA-proof, anonymous, very important, new technology. People should also be able to donate fiat.
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
September 18, 2014, 04:18:29 PM |
|
and it is not presently sufficient in the magnitudes mooted...it doesn't actually solve the problem.
Actually a 1% mining donation (of course this number is set in stone, I'm just using it because that's what BBR uses, I think) would make a huge difference to the development budget. In fact, it would mean there was a budget at all, which isn't currently the case for the most part. So a huge change. It wouldn't need to be the entire source of funding, but as a source of some steady funding it is sufficient enough to consider on that basis alone. Working out the numbers it comes to about 2500 USD per week at current exchange rates. That's enough to pay for a few days of full time dedicated development, which we are currently not able to do on a sustainable basis, and is certainly enough to accelerate progress significantly. I think the really important point to drive home is that, atleast in the bootstrapping phase, there is nothing "wrong" with this approach. In almost every other industry in the world, when someone develops a product they charge for their services. No one makes a pair of shoes and puts them up for free in the store and hopes that someone donates. They make the shoes, put a price on them, and then people decide whether or not they want to make the exchange. There is no good reason why crypto developers shouldnt be entitled to do the exact same thing as a shoe makers for the exact same reasons why shoe makers are entitled to do that thing. Consumers arnt "forced" to pay this fee any more than a customer at walmart is "forced" to pay for the products that are on the shelves. Right, except shoes aren't FOSS.
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
September 18, 2014, 04:25:31 PM |
|
The above post by fluffypony should put this funding discussion in perspective. He lists approximately $200,000 in costs. 3,500,000 coins have been mined and 1% is 35,000. At a generous exchange rate of $2 equals $70,000. So 1% of all the coins ever mined equals 1/3 of the most important costs listed.
I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it). smooth, I agree. Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs. Link? And does it require signing up, or only an account address?
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 04:26:59 PM |
|
The above post by fluffypony should put this funding discussion in perspective. He lists approximately $200,000 in costs. 3,500,000 coins have been mined and 1% is 35,000. At a generous exchange rate of $2 equals $70,000. So 1% of all the coins ever mined equals 1/3 of the most important costs listed.
I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it). smooth, I agree. Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs. Link? And does it require signing up, or only an account address? It is the first one listed on the OP: https://bitcointalk.org/index.php?topic=583449.0I'm pretty sure it is the usual zone type pool with address-as-username. I'm pleased to see that it seems to have gained a bit of hashrate since this discussion started. Hopefully that continues and/or other pools join in making similarly generous donations.
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
September 18, 2014, 04:31:25 PM |
|
tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help? i assume i need to install or update the miniupnpc library but not sure exactly how. dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod Reason: image not found Trace/BPT trap: 5
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 04:33:22 PM |
|
tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help? i assume i need to install or update the miniupnpc library but not sure exactly how. dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod Reason: image not found Trace/BPT trap: 5
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac. The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
September 18, 2014, 04:43:54 PM |
|
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.
The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 04:44:44 PM |
|
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.
The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? Trashcan?
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
September 18, 2014, 04:48:42 PM |
|
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.
The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? Trashcan? unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 04:50:46 PM |
|
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.
The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? Trashcan? unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime. You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary: https://bitcointalk.org/index.php?topic=583449.msg8722972#msg8722972
|
|
|
|
saddambitcoin
Legendary
Offline
Activity: 1610
Merit: 1004
|
|
September 18, 2014, 05:12:02 PM |
|
That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.
The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.
OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? Trashcan? unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime. You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary: https://bitcointalk.org/index.php?topic=583449.msg8722972#msg8722972success! thanks for the help.
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 05:39:16 PM |
|
Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use VER/LINK to find out who is really spending ?
This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalk.org/index.php?topic=583449.0Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter. Rem tene verba sequentur, as they used to say. Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ? I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it? Edit: If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring-sing of YOUR input with my privateKey ...
If you mean key image, you can't create that from a public key, only a private key. >If you mean key image, you can't create that from a public key, only a private key. whitepaper page 9. GEN: says. You generate it as some hash of public key. If you generate it from private key then no one can verify it is true. (they must trust you) > I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it? You told me that this "image key" is required for VER and LNK to prevent double spending a) it is public b) it can be computed from public key (I'll try all public keys)
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 06:24:50 PM Last edit: September 18, 2014, 06:35:14 PM by Odalv |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Edit if this mean I = x * Hp(P) then I can compute even x x = I / Hp(P) I is known and I can compute all Hp(Px)
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 06:34:34 PM |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Nope, x is a private key (aka "secret key"). So you can't compute the key image from the public key. You need the private key (x).
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
September 18, 2014, 06:37:09 PM |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Edit if this mean I = x * Hp(P) then I can compute even x x = I / Hp(P) I is known and I can compute all Hp(Px) H p is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function?
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 06:37:26 PM |
|
If you generate it from private key then no one can verify it is true. (they must trust you)
Nope, they verify it using the equations in VER on page 10, which depend only on r i and c i (i.e. the signature) and P, the public key generated from private key, not x, the private key. The private key is not required to verify the key image, only to generate it.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 06:40:12 PM |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Edit if this mean I = x * Hp(P) then I can compute even x x = I / Hp(P) I is known and I can compute all Hp(Px) H p is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function? He's missing that you can verify the validity of the key image without knowing x. I explained that in the post after yours.
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 06:49:29 PM |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Edit if this mean I = x * Hp(P) then I can compute even x x = I / Hp(P) I is known and I can compute all Hp(Px) H p is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function? I'll apply H p on all public keys (P is public key) in signature. I know I, P, H p(P) seems I can compute x x = I / Hp(P) Edit: P is one of 6 public keys ... I'll try all
|
|
|
|
|