rpietila Altcoin Observer

[Brilliantrocket]

Bitcoin runs about 60K transactions per day which is less than one transaction per second. Even allowing for the fact that transaction flow is not constant throughout the day this is not even close to being a serious issue.

One would hope that 60k transactions a day is not the apex.

[tromp]

Zero transaction fees combined with a flexible blockchain structure that can support, e.g., arbitrary user data or extensibility are a recipe for letting people externalize their costs.

When you're consuming storage in a medium replicated 1000s of times around the world, paying a little rent is a good idea.  Otherwise, some clever schmuck will figure out how to store a copy of windows ME in the blockchain, and we'll never be rid of it.

In the presence of perpetual debasement, transaction fees could be optionally replaced by proof-of-work
where difficulty threshold is some function of the transaction amount (this function could be dynamically varied
based on recent block fill rates).

[AnonyMint]

tromp, did your Cuckoo hash remain sublinear parallelizable at 32 cores or did it fall off faster?

[smooth]

Bitcoin runs about 60K transactions per day which is less than one transaction per second. Even allowing for the fact that transaction flow is not constant throughout the day this is not even close to being a serious issue.

One would hope that 60k transactions a day is not the apex.

Again, reading comprehension is important. The question was about scaling to the current rate of Bitcoin transactions, which is to say something that a comparable system has been demonstrated to be able to handle, thus a realistic basis for comparison. Scaling Visa rates or anything close to that has not been demonstrated by any comparable system.

[itod]

Bitcoin runs about 60K transactions per day which is less than one transaction per second. Even allowing for the fact that transaction flow is not constant throughout the day this is not even close to being a serious issue.

One would hope that 60k transactions a day is not the apex.

Again, reading comprehension is important. The question was about scaling to the current rate of Bitcoin transactions, which is to say something that a comparable system has been demonstrated to be able to handle, thus a realistic basis for comparison. Scaling Visa rates or anything close to that has not been demonstrated by any comparable system.

If you emphasis on reading comprehension, the actual questions was how many processor cores is need to verify the incoming transactions + the mined block? Let's suppose you have a short burst of up to 5 transactions a second, is it one core? Or two, or eight? Have you actually bothered to measure?

[smooth]

If you emphasis on reading comprehension, the actual questions was how many processor cores is need to verify the incoming transactions + the mined block?

Since you asked, I just looked in the log file on a 4-year old Xeon server I'm using as a node. It takes approximately 0.14 seconds from the time a new transaction arrives until the time it is relayed. I believe most if not all of this processing is single threaded, which suggests approximately 7 transactions per second per core on a 4-year old CPU.

[illodin]

Apparently we have a new market leader and anon king in town, CLOAK:

I don't want the next pump and dump, but many do. What I want is the best anonymous coin to prove it has the highest grade of anonymity compared to the others. That coin I will invest in. Is there no way to do this?

Anonymity doesn't end with the crypto, it extends to exchanges and marketplaces. This is the reason why the Cloak developers have the roadmap for OneMarket and CloakTrade 2.0. Less holes to expose the user to a 3rd party. Cloak is the market leader right now in anon technology and supporting services. While other coin's developers are still figuring it out how to implement their anon, Cloak is wrapping up it's own anon protocol and moving towards the supporting services.

Ask yourself a question. What's the point of an anon currency if you get revealed when trading for fiat? This is why CloakTrade 2.0 is in the works. The Cloak developer's are so far ahead of any other "anon" crypto it's honestly a joke to compare any of them to Cloak.

According to the whitepaper it has ideal solution; peer-to-peer in nature, decentralized and trustless.

[yAmAdA]

Also I don't believe Monero is anonymous to the NSA and authorities with high reliability given the weaknesses in I2P and Tor.

I believe Tor and I2P should not be conflated. Timing attacks are more difficult against I2P. With Tor, you have exit nodes which make it easy to see one of the endpoints for the purpose of correlation. It can still be done without visible exits, but this is a bit harder.

There has been some talk about introducing random delays to harden the mix network layer. Since that has various drawbacks, how about adding cover traffic instead? It is wasteful but should still allow low enough latencies while mitigating timing analysis. This is another thing that would not work well with an exit node based system.

[drawingthesun]

Apparently we have a new market leader and anon king in town, CLOAK:

I don't want the next pump and dump, but many do. What I want is the best anonymous coin to prove it has the highest grade of anonymity compared to the others. That coin I will invest in. Is there no way to do this?

Anonymity doesn't end with the crypto, it extends to exchanges and marketplaces. This is the reason why the Cloak developers have the roadmap for OneMarket and CloakTrade 2.0. Less holes to expose the user to a 3rd party. Cloak is the market leader right now in anon technology and supporting services. While other coin's developers are still figuring it out how to implement their anon, Cloak is wrapping up it's own anon protocol and moving towards the supporting services.

Ask yourself a question. What's the point of an anon currency if you get revealed when trading for fiat? This is why CloakTrade 2.0 is in the works. The Cloak developer's are so far ahead of any other "anon" crypto it's honestly a joke to compare any of them to Cloak.

According to the whitepaper it has ideal solution; peer-to-peer in nature, decentralized and trustless.

This is total rubbish, almost every scamcoin now has a roadmap where they solve all the problems described in a white paper.

Good luck with that, I have lost hundreds of Bitcoins to scams, and can tell a scam apart now, I see you have yet to learn this.

Good luck with their 2.0 version of their currency, perhaps they should have solved these issues before releasing?

[AnonyMint]

If you emphasis on reading comprehension, the actual questions was how many processor cores is need to verify the incoming transactions + the mined block?

Since you asked, I just looked in the log file on a 4-year old Xeon server I'm using as a node. It takes approximately 0.14 seconds from the time a new transaction arrives until the time it is relayed. I believe most if not all of this processing is single threaded, which suggests approximately 7 transactions per second per core on a 4-year old CPU.

On the order-of-magnitude of 20 txs/sec per core on a late model CPU, i.e. an order-of-magnitude higher than Bitcoin (<1 tx/s) now per core but two orders-of-magnitude less than Visa (2 - 6K tx/s) now per core, means Monero (Cryptonote) can't scale to any where even close to global Visa scale and remain both decentralized for mining with fast block period (thus fast transactions), not to mention the likely order(s)-of-magnitude more scaling above that to reach ubiquitous global micro transactions and programmable contracts on the block chain.

So you would have to solve both this and the blockchain bloat in order to scale to global widespread use. It appears that one-time ring signatures are fundamentally incompatible with scaling.

Cryptonote can't encourage too much use with zero transaction fees, because it can't accept the scaling that can come with it.

I believe Zerocash has similar scaling issues. DarkCoin (and CoinJoin) has the simultaneity problem that fights scaling because to mix you need someone else who wants to mix with you at the same denominations at the same time (not mention being either theoretically defeated with jamming and/or Sybil attack on masternodes) and to perform this meeting with scaling you need global coherence on submitted txs which means either centralization (synchronicity) or no scaling.

[AnonyMint]

Also I don't believe Monero is anonymous to the NSA and authorities with high reliability given the weaknesses in I2P and Tor.

I believe Tor and I2P should not be conflated. Timing attacks are more difficult against I2P. With Tor, you have exit nodes which make it easy to see one of the endpoints for the purpose of correlation. It can still be done without visible exits, but this is a bit harder.

If mining is centralized then the exit points are probably easy to find.

There has been some talk about introducing random delays to harden the mix network layer. Since that has various drawbacks, how about adding cover traffic instead? It is wasteful but should still allow low enough latencies while mitigating timing analysis. This is another thing that would not work well with an exit node based system.

I assume you mean relay nodes sending out dummy packets at random intervals, so latency doesn't increase for legitimate traffic (as long as relay nodes can handle the additional bandwidth).

I have not read the research on traffic analysis to comment with complete confidence. My technical understanding is likely close.

Seems to me the adversary could ignore all packets coming out of the exit nodes that didn't correlate with a low-latency to the targeted entry node. This is a statistical analysis. If it can be seen over time that a targeted entry node is always correlating with low-latency to one of the Monero exit nodes (made more easy to find by centralization of mining), then it is mathematically provable (within statistical confidence) that those packets are coming from the entry node. Thus IP obfuscation and anonymity broken.

The obvious solution of using a different entry node for each transaction sent, means you need to source many unregistered internet connections. Well then you might as well just use one unregistered internet connection then you don't need I2P/Tor and you can use Bitcoin or any coin.

And no improvements to onion routing (Chaum mix-nets) are reliable if the relay nodes are Sybil attacked, and many people assume they are because who is providing all this relay traffic for free. For example if 20% of the relay nodes are the adversary, then with 3 onion layer hops you have ≈1% (0.2^3=0.008) chance of being non-anonymous across the 3 hops each time you connect to the network. So over 100s of transactions your anonymity will be defeated. Worse yet, the research shows that the higher the % of the nodes the adversary can monitor (either by owning the node or by watching the routing of traffic across the node), then the frequency and/or randomization of latency of the cover traffic has to increase. Worse yet, even if you say your odds are low enough for your choice, when you lose anonymity then others in the ring signature lose anonymity too, i.e. your lower threshold choice cascades to others that wanted a higher threshold.

Thus you see low-latency Chaum mix-nets (onion routing) are a fundamentally flawed concept for anonymity against a global adversary. Even a hacker has access to a botnet might be able to Sybil attack the relay nodes.

[r0ach]

I think Anonymint is a little too demanding or perfectionist in terms of coin/protocol specifications, such as zero transaction fees, but here's my current reasons for why I can't really support Bitcoin or Monero, which is a Bitcoin derivative:

Cross posted from:  The BTC price is too high for it's current security model

https://bitcointalk.org/index.php?topic=710107.0

The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't.  It's advertised as requiring "no trusted 3rd parties", yet the entire thing relies on them in the form of a small number of mining pools for block verification.  Since Bitcoin never solved the "no trusted 3rd parties" dilemma, it's time to admit that and actually come up with a solution, most likely assign a performance metric to regulate those parties (i.e. PoS with reputation variable).

Unless every single iota of Bitcoin dev manpower is redirected towards the solitary goal of getting rid of mining pools, they're operating under the textbook definition of insanity.

[smooth]

if the relay nodes are Sybil attacked, and many people assume they are because who is providing all this relay traffic for free.

There are no dedicated relay nodes in i2p the way there are in Tor. I2p relies on a bit of social engineering for relay nodes, which is that relaying is turned on by default. So if you are using i2p, you are a relay node by default, and it can reasonably be assumed that most never change defaults. Even if a few do, the rest provide a large relay network sort of for free, but sort of in exchange for the benefit they receive by using the system.

[AnonyMint]

Apparently we have a new market leader and anon king in town, CLOAK:

I don't want the next pump and dump, but many do. What I want is the best anonymous coin to prove it has the highest grade of anonymity compared to the others. That coin I will invest in. Is there no way to do this?

...

This is why CloakTrade 2.0 is in the works. The Cloak developer's are so far ahead of any other "anon" crypto it's honestly a joke to compare any of them to Cloak.

According to the whitepaper it has ideal solution; peer-to-peer in nature, decentralized and trustless.

CloakCoin

Flaws I see in the white paper:

1. Non-zero transaction fees.

2. PoS, i.e. does nothing to deal with centralization of mining.

3. The anonymization is flawed. It relies on two mining nodes not sharing their knowledge of which transactions correlate to which inputs received by the network. That is a fundamentally flawed concept that I dismissed long enough with my analysis of DarkCoin, because mining nodes can be Sybil attacked (the adversary can flood the network with mining nodes). It gets worse with PoS because those with the largest stake have the most mining nodes, thus your anonymity is for sale (or hackers can target with spyware those nodes with the highest stake).

Worse yet, if the first peer of the two has seen the transactions then it doesn't matter how the second peer rearranges them, so the entire thing is trivially defeated.  Assuming the senders of the transactions are encrypting them for the final peer, then the problem is as you add stages/hops (the paper proposes to double the stages) the system can be attacked with transaction spam since the transactions aren't verified until they are decrypted at the final peer. I assume you could ban IP addresses if sending nodes can't enter the network at-will.

[kbm]

if the relay nodes are Sybil attacked, and many people assume they are because who is providing all this relay traffic for free.

There are no dedicated relay nodes in i2p the way there are in Tor. I2p relies on a bit of social engineering for relay nodes, which is that relaying is turned on by default. So if you are using i2p, you are a relay node by default, and it can reasonably be assumed that most never change defaults. Even if a few do, the rest provide a large relay network sort of for free, but sort of in exchange for the benefit they receive by using the system.

lol I was literally in the middle of writing this so I'm gonna post it anyways:

If a financial network is running on that network, there is an implicit incentive to keep these nodes up and provided by the users of that network - IE they will potentially answer the "Who is providing all this bandwidth" question - it will be the users of the financial network. Also by doing this, you're (add:potentially) making the resources required to even perform timing attacks on one specific person orders of magnitude more expensive. Like this article: http://www.theguardian.com/world/2014/jul/25/russia-research-identify-users-tor . If Russia had to offer 39m roubles, instead of 3.9m just to get some research (assuming the cost for research would scale in a similar fashion) .. that's a positive outlook.

also, can the latency/other technical aspects of the i2p network impede the ability for pools themselves to scale? Will you have more trouble dealing with so much traffic going to one place IE: will there be a specific number of people that can possibly connect to a pool before the 'luck' of that pool goes down due to increased traffic volumes? of course people can just mine it without i2p i guess, but does it at least present a situation where that can be possible?

Actually there's a quote in that article that stands out heavily to me:

Originally developed by the US Naval Research Laboratory as an "onion routing project", Tor is a network of virtual tunnels that allows users to hide the source and destination of their internet browsing and keeps websites from tracking them.

I was not aware that it was developed by USNRL. Guess I'll need some more history lessons here. Current thoughts on this - if USNRL thought this was going to offer a suitable usage case for their communications at one point .. do they still think so and have they worked out bugs we're dealing with right now .. or have they moved onto something totally different? More on this - could one of the reasons that these types of communications are not currently outlawed or banned in some countries be because these specific forms of communication transmission are currently serving their stated purpose?

[r0ach]

We have mining pool owners on the Bitcoin dev team, no wonder they are doing nothing to get rid of mining pools, the #1 core problem of Bitcoin.  The wolves, snakes, whatever the fuck are in the hen house so to speak.

[AnonyMint]

if the relay nodes are Sybil attacked, and many people assume they are because who is providing all this relay traffic for free.

There are no dedicated relay nodes in i2p the way there are in Tor. I2p relies on a bit of social engineering for relay nodes, which is that relaying is turned on by default. So if you are using i2p, you are a relay node by default, and it can reasonably be assumed that most never change defaults. Even if a few do, the rest provide a large relay network sort of for free, but sort of in exchange for the benefit they receive by using the system.

You are not a decentralized relay if your internet provider is blocking STUN NAT traversal tunneling, which many do I think to stop you from using your internet connection as a server. ISPs have an incentive to force us more and more towards an asymmetric client-server model and away from client-to-client form of P2P.

In any case, just because every legitimate user could potentially be a relay node (but probably isn't because of NAT traversal failure), doesn't mean the relay nodes can't be Sybil flooded (attacked). Remember the same servers running Tor could apply their bandwidth to I2P and present the I2P network with as many IP addresses as necessary, i.e. one relay node per IP address.

Tor showed that some are willing to donate that free bandwidth without any return (unless the return is monitoring all the traffic). And that I2P obscures who is providing free bandwidth, doesn't make that willingness go away. Worse yet, I2P obscures that an entity is Sybil attacking.

Edit: I suppose in theory I2P could become widespread enough that only the NSA could realistically break it with Sybil flooding. But Cryptonote can't scale to widespread. Would I2P become widespread enough on its own? Doesn't currently seem like it, and what % of internet connections are compatible with NAT traversal?

Edit#2: I have serious doubt that I2P can't be denial-of-service destroyed. My theoretical understandind is it is impossible to allow decentralized Sybil attacks as they do and be immune to DDoS. I read a formal statement of this fundamental tradeoff between decentralized Chaum mix-nets and DDoS in some research paper, but I can't remember which one it is. And working through the analysis in my mind, it seems to be the case.

[smooth]

In any case, just because every legitimate user could be a relay node, doesn't mean the relay nodes can't be Sybil flooded (attacked).

They certainly could, it's just the argument that someone providing relay services for free is suggestive of questionable intentions does not apply to i2p the same way it might for Tor. Most of the time it is simply an indicator they are an i2p user.

I suppose in theory I2P could become widespread enough that only the NSA could realistically break it with Sybil flooding. But Cryptonote can't scale to widespread. Would I2P become widespread enough on its own?

I have no idea how many i2p users there are. I certainly don't expect Monero to drive i2p adoption to a large degree. Monero is just one small application that will be using i2p.

and what % of internet connections are compatible with NAT traversal?

Here is one claim of an 85% success rate: http://stackoverflow.com/questions/23655243/nat-traversal-probability-of-success-using-stun

[AnonyMint]

So the premise for Monero is scaling doesn't matter short-term and we should chose the strongest anonymity.

In that case, Zerocash will win because you don't even need to obscure your IP address because all transaction details are completed blinded (although it can be seen you are connecting to the Zerocash network). Unless you don't trust the newness of the complex crypto.

So the scaling issue and long-term viability are the only way to beat Zerocash.

Plonk. (sorry but that is the logical conclusion of this long-winded discussion past days)

Looks like a two-horse race on anonymity between Zerocash and Monero (or Cryptonote in general) unless something radically innovative comes along...

[smooth]

Zerocash will win ... Unless you don't trust the newness of the complex crypto.

That is certainly the most widely cited reason people are reluctant to endorse it. That and the fact that it doesn't exist (vaporware). In a feature-for-feature comparison between something that exists and vaporware, vaporware almost always wins.