illodin
|
|
September 18, 2014, 07:00:27 PM |
|
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.
You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right?
|
|
|
|
canonsburg
|
|
September 18, 2014, 07:01:36 PM |
|
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.
The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function. So in this case, the multiplication step is to denote the hash mapping.
In the paper, it also defined the key image as I = x * Hp(P)
Now this seems like it is the multiplication of private key x with the hash to the public key P.
But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 07:16:12 PM |
|
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.
You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right? I do not look at source. I'm only asking and study whitepaper (how it works). Maybe I'm wrong.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 07:52:02 PM |
|
https://cryptonote.org/whitepaper.pdfThe signer picks a random secret key and computes the corresponding public key P=xG. Additionally he computes another public key I=xHp(P) which we will call the "key image" ... Nobody can recover the public key from the key image and identify the signer
lol, but everybody can compute "key image" from public key and then identify the signer Edit if this mean I = x * Hp(P) then I can compute even x x = I / Hp(P) I is known and I can compute all Hp(Px) Simple answer. It is elliptic curve multiplication. The hash gives you a point. This isn't invertible, so no, you can't do I/H.
|
|
|
|
5w00p
|
|
September 18, 2014, 07:57:49 PM |
|
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.
You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right? No. Your statement lacks sound reasoning. 'You' is who? I believe that you mean it in the universal sense, but there is no way to determine the ratio of truthiness vs falseyness that all XMR and cryptocurrency market members ascertain in relation to said 'coin-killer posts.' Furthermore, price is not necessarily proportional to the 'chance it is true.'
|
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 08:13:56 PM |
|
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.
The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function. So in this case, the multiplication step is to denote the hash mapping.
In the paper, it also defined the key image as I = x * Hp(P)
Now this seems like it is the multiplication of private key x with the hash to the public key P.
But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).
I think a) hash(P) -> I know pseudo-identity (worst case, same as Bitcoin) b) x*hash(P) -> I know identity + x (worst case, ZERO) c) hash(x) -> Nobody can verify transaction and "math" does not work (I can double spend) d) P*hash(x) -> I can double spend (I can cheat with hash(x)) e) I do not know -> we will see f) Monero to the Moon :-)
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
September 18, 2014, 08:21:27 PM |
|
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.
The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function. So in this case, the multiplication step is to denote the hash mapping.
In the paper, it also defined the key image as I = x * Hp(P)
Now this seems like it is the multiplication of private key x with the hash to the public key P.
But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).
I'll just quote from someone who knows way more math than I do - sarang: The operation is actually repeated elliptic addition... and that addition is really a curve intersection and some other complicated shit sarang: Multiplying an integer by an elliptic curve point is well-defined sarang: the x*H(p) is not another hash sarang: You convert the hash output H(p) to an elliptic point sarang: and then do the integer-elliptic multiplication sarang: so it's super important to identify what is an integer and what is an elliptic curve point sarang: The notation is identical, as it would be in formal mathematics sarang: They usually use lowercase for integers and uppercase for points sarang: and always use the multiplication order integer*point sarang: just as a matter of convention, that is sarang: so anyone saying you can divide a point by an integer is wrong sarang: elliptic curve crypto would be broken wide open if that were the case sarang: Oh, and G is NOT a hash function. It's the elliptic base point sarang: so A is also an elliptic point
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 08:28:08 PM |
|
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.
The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function. So in this case, the multiplication step is to denote the hash mapping.
In the paper, it also defined the key image as I = x * Hp(P)
Now this seems like it is the multiplication of private key x with the hash to the public key P.
But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).
I'll just quote from someone who knows way more math than I do - sarang: The operation is actually repeated elliptic addition... and that addition is really a curve intersection and some other complicated shit sarang: Multiplying an integer by an elliptic curve point is well-defined sarang: the x*H(p) is not another hash sarang: You convert the hash output H(p) to an elliptic point sarang: and then do the integer-elliptic multiplication sarang: so it's super important to identify what is an integer and what is an elliptic curve point sarang: The notation is identical, as it would be in formal mathematics sarang: They usually use lowercase for integers and uppercase for points sarang: and always use the multiplication order integer*point sarang: just as a matter of convention, that is sarang: so anyone saying you can divide a point by an integer is wrong sarang: elliptic curve crypto would be broken wide open if that were the case sarang: Oh, and G is NOT a hash function. It's the elliptic base point sarang: so A is also an elliptic point
so what exact "I = x * Hp(P)" means ?
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
September 18, 2014, 08:35:35 PM |
|
|
|
|
|
Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
September 18, 2014, 08:46:02 PM |
|
Thank you for posting. Seems you understand it well. Please use proper notation and tell me what "I = xHp(P)" means
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 08:49:19 PM |
|
Thank you for posting. Seems you understand it well. Please use proper notation and tell me what "I = xHp(P)" means I explained it earlier. It is elliptic curve multiplication between x (an integer) and Hp which is a point.
|
|
|
|
akula999
|
|
September 18, 2014, 09:46:42 PM |
|
So much math... need to dummy it down a bit and read a Wolverine comic
|
Bitcoin: 1FzZehkiwfeeUmfmBrym8VvXX7gUj3miHe XMR: 4AqrzGPfEKeZrVXyPDNXUrNeKZZGNYiXMDoY49PvdffKNTRg6xp2Qz74SZ72gT5F9HH8Vaic99ndRg6 UBGcVijaNStQjwwf
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
|
|
September 18, 2014, 10:00:51 PM |
|
I appreciate Anon136's argument against imposing a "post-mine" which would affect the emissions curve, as he says miners have the choice to stop mining if they dont like the change but investors have already bought in so changing the conditions is unfair. I still like the idea of a post-mine on the principle that the devteam have proved themselves worthy of a pre-mine which never happened, but I don't have a decent idea of how to create it BBR has a 1% dev tax, and I still consider it free as in FOSS. VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins. We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics... I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange. Which is more unfair to me? A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or, B) changing the emission 'social contract' condition by a slight degree I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation. The emission 'social contract' is not set in stone, EG the final emission rate is still undecided. As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations. Yes, the devteam has proven themselves worth of a pre-mine which never happened. Here is how to create it: I call it the ' Two To TacoTime' plan. -One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)
-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM
-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)
-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits
-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund
-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block
-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%
-dev fund is kept 50/50 in XMR/BTC multisig escrow. Rebalancing may be done without notice, prior or otherwise
-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)
-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing
|
██████████ ██████████████████ ██████████████████████ ██████████████████████████ ████████████████████████████ ██████████████████████████████ ████████████████████████████████ ████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ████████████████████████████████ ██████████████ ██████████████ ████████████████████████████ ██████████████████████████ ██████████████████████ ██████████████████ ██████████ Monero
|
| "The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy." David Chaum 1996 "Fungibility provides privacy as a side effect." Adam Back 2014
|
| | |
|
|
|
owlcatz
Legendary
Offline
Activity: 3808
Merit: 1974
https://talkimg.com - Fck Imgur/BBwhatever
|
|
September 18, 2014, 10:08:48 PM |
|
I appreciate Anon136's argument against imposing a "post-mine" which would affect the emissions curve, as he says miners have the choice to stop mining if they dont like the change but investors have already bought in so changing the conditions is unfair. I still like the idea of a post-mine on the principle that the devteam have proved themselves worthy of a pre-mine which never happened, but I don't have a decent idea of how to create it BBR has a 1% dev tax, and I still consider it free as in FOSS. VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins. We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics... I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange. Which is more unfair to me? A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or, B) changing the emission 'social contract' condition by a slight degree I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation. The emission 'social contract' is not set in stone, EG the final emission rate is still undecided. As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations. Yes, the devteam has proven themselves worth of a pre-mine which never happened. Here is how to create it: I call it the ' Two To TacoTime' plan. -One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)
-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM
-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)
-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits
-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund
-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block
-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%
-dev fund is kept 50/50 in XMR/BTC multisig escrow. Rebalancing may be done without notice, prior or otherwise
-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)
-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing This sounds pretty fair to me, but then again i'm not all that savvy on premines or how it may or may not affect current prices etc. Sounds like the general consensus is that either way, something must be done, these guys can't work for free, or this whole project will just never happen... something has to give, somewhere.... As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.
I feel the same way here, thanks for posting your idea, even if it gets shot down by devs or whatever...
|
. I C Λ R U S | | | | █████▄▄█████▄▄ ████████▀▀▀████ ██████▀█████▀███ ████████████████ ████████████████ ████████████████ ░▄█████████████████ ███████████████████ ███████████████████ ████████░░░▀▀▀▀▀▀▀▀ ████████▄▄▄████████ ███████████████████ █████████████████▀ | ░░░███ ▄▄▄███ ██████ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ░░░███ ▄████████ ███▌░▐███ ████████▀ | | | | | █████████████████████ █████████████████████ █████████████████████ ██████▀▀▀▀████▀▀█████ █████░░▄▄░░██░░░█████ █████▄▄██░░███░░█████ █████▀▀▀▀░░▀██░░█████ ████░░░░▄▄▄▄█▀░░▀████ ████░░░░░░░░█░▀▀░████ █████████████████████ █████████████████████ █████████████████████ █████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | | | | ████ ██
██ ████ | | ████ ██
██ ████ |
[/ce
|
|
|
rdnkjdi
Legendary
Offline
Activity: 1256
Merit: 1009
|
|
September 18, 2014, 10:19:04 PM |
|
BBR has a 1% dev tax, and I still consider it free as in FOSS. VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins. We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics... I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange. Which is more unfair to me? A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or, B) changing the emission 'social contract' condition by a slight degree I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation. The emission 'social contract' is not set in stone, EG the final emission rate is still undecided. As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations. Yes, the devteam has proven themselves worth of a pre-mine which never happened. Here is how to create it: I call it the ' Two To TacoTime' plan. -One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)
-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM
-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)
-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits
-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund
-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block
-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%
-dev fund is kept 50/50 in XMR/BTC multisig escrow. Rebalancing may be done without notice, prior or otherwise
-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)
-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing This sounds pretty fair to me, but then again i'm not all that savvy on premines or how it may or may not affect current prices etc. Sounds like the general consensus is that either way, something must be done, these guys can't work for free, or this whole project will just never happen... something has to give, somewhere.... As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.
I LOVE this idea. And it does NOT change the social contract - it helps ensure it actually gets delivered by not allowing the coin to die. I would spend Moneros voting pro this idea. Rptellia, smooth, fluffypony, tacotime? Somebody with clout please ... 1 - everyone pays the price (more supply - early inflation = everyone pays the price)
|
|
|
|
Ultros
|
|
September 18, 2014, 10:30:15 PM |
|
I like the idea, but I'm sure there must be implications I can't encompass. Can't wait to see how the core-team react to it.
|
|
|
|
mmortal03
Legendary
Offline
Activity: 1762
Merit: 1011
|
|
September 18, 2014, 10:31:38 PM |
|
BBR has a 1% dev tax, and I still consider it free as in FOSS. VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins.
We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics...
I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange.
Which is more unfair to me? A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or, B) changing the emission 'social contract' condition by a slight degree
I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation.
The emission 'social contract' is not set in stone, EG the final emission rate is still undecided.
As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.
I LOVE this idea. And it does NOT change the social contract - it helps ensure it actually gets delivered by not allowing the coin to die. I would spend Moneros voting pro this idea. Rptellia, smooth, fluffypony, tacotime? Somebody with clout please ... 1 - everyone pays the price (more supply - early inflation = everyone pays the price) I think this is a false dilemma. There are other options that don't fiddle with the fundamentals of the coin that should be tried first.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
September 18, 2014, 10:41:56 PM |
|
I would spend Moneros voting pro this idea. Rptellia, smooth, fluffypony, tacotime? Somebody with clout please ... I certainly think it is premature to make any kind of decision or even consider voting, etc., but the discussion is healthy and interesting. I 100% applaud the willingness to think big and break a few "rules" in crafting a proposal, whether or not it gets adopted. More of this please! There are some things I really like about the idea. For example, compared to a premine or IPO, I very much like that it is happening after there has been some experience with the coin and team, rather than right at the start when it's all promises, no distribution or established market value, and no track record. There are some things I think are quite strange and need further explanation and/or revision. I'm not even sure how much of this is sincere. Some of the biggest problems with the emission of the coin is the rewards going away too soon. Pulling from the tail end of the distribution makes that worse. Fund being 50/50 in BTC/XMR might be a bad idea to set in stone for all time, and would almost certainly be a bad idea to enforce quickly, because it would require dumping a ton of XMR (unless that were somehow built into the bidding). And CZ?! I'm not a fan "everything must be set in stone because that is the social contract" model that comes out of Bitcoin's precedent. I think part of the whole idea of doing something that isn't Bitcoin is to try to improve on it, and especially not feel compelled to follow its precedent when it doesn't work for us (and arguably hasn't even worked for it). That is not just code, and especially not just anonymity, but also culture and process. How about not quoting the whole thing (especially incorrectly) repeatedly though? It makes the thread very hard to read.
|
|
|
|
surae.noether
Newbie
Offline
Activity: 3
Merit: 0
|
|
September 18, 2014, 11:02:10 PM |
|
Thank you for posting. Seems you understand it well. Please use proper notation and tell me what "I = xHp(P)" means The notation in the whitepaper and what you've seen here is proper notation. I = x*H_p(P) means x times H_p(P) where H_p is a hash function, H_p(P) is the hash function evaluated at a point, and * denotes elliptic curve multiplication which is NOT normal multiplication. Just like matrix multiplication is not the same as usual multiplication, elliptic curve multiplication takes place in a different manner than what you learned in, say, elementary algebra class. This is an abstract multiplicative notion, it is quite usual and proper to see it used this way. For further reading, I would not begin necessarily with fluffypony's wall of links, but with Daepp and Gorkin's "Reading, Writing, and Proving" to learn a little bit about formal mathematics, and then maybe move onto Trappe and Washington's "Introduction to Cryptography." In that order. Be sure to try all the exercises in both books before asking any more questions. Edit: I a word.
|
|
|
|
|