|
AnonyMint
|
 |
July 28, 2014, 05:52:03 AM |
|
In any case, just because every legitimate user could be a relay node, doesn't mean the relay nodes can't be Sybil flooded (attacked).
They certainly could, it's just the argument that someone providing relay services for free is suggestive of questionable intentions does not apply to i2p the same way it might for Tor. Most of the time it is simply an indicator they are an i2p user. I had already made the point that is it is the opposite actually. I2P blinds us to the level of suggestion about questionable intentions. |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 08:05:56 AM
Last edit: July 28, 2014, 09:35:06 AM by AnonyMint |
|
ZerocashA scenario that worries me is people decide to adopt Zerocash over Monero because it mostly eliminates the need to obscure your IP address which is a dubious proposition in Monero, and they don't care short-term (which is the similar short-term logic justification in favor of Monero) about the inability to scale, nor the potential compromised masterkey which could allow the long-term undetected creation of coins (but can't impact the anonymity) which is great for our fiat masters. So then we end up in a coin that can't scale unless mining is centralized (great for our fiat masters!) and has long-term threat of unlimited undetectable debasement and potential breakage of the anonymity if the crypto (not the masterkey) is compromised. (Note the Monero elliptical curve public cryptography would also be vulnerable to quantum computers if they ever come, but it might be possible to implement one-time ring signatures with McEliece public key cryptography instead of elliptical curves). I'd wish to see something radically innovative that eliminates this confused inertia direction for the markets. That wish is vaporware. And note Zerocash isn't entirely vaporware, the source code for the underlying SNARK technology is published. Is there any news from them since May 25? http://zerocash-project.org/q_and_a#how-will-zerocash-be-released-and-deployedhttp://zerocash-project.org/talks_and_mediaNote Zerocash crypto is based on Pinnochio which is applicable to achieving Ethereum's goals and offloading the computation from the mining nodes. In that context, the newness of the crypto is much less a threat, because breaking it doesn't void the entire history of transactions as it does with retroactively breaking all prior anonymity.
BoolberryIn case the coherence of my upthread posts was lost on the reader, my initial enthusiasm about Boolberry was quickly muted when I realized they claim pruning which I (and apparently Monero devs) think is impossible. And their PoW hashing algorithm seems to lack entropy as I think about it more, thus is perhaps gameable (probably but I don't want to publicly assert 'probably' until I can elucidate how). The marketing and product strategy seems to also not be thought out. Thus any initial enthusiam about the quality of the developer has waned for me (although it is not outside the realm of possibility that he is really talented and was just being careless but won't do it again-- not likely). Oh and I really want to transact in blue balls.
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 08:42:43 AM
Last edit: July 28, 2014, 09:33:52 AM by AnonyMint |
|
That appears to be his personal anecdotal experience and admits that figure doesn't apply to mobile. And in my experience NAT traversal never works in the Philippines (I assume Skype was using a relay server). This 2008 source says we don't have quantifiable data on the success rate. ISPs don't have an incentive (note: 'shelby' is me) to allow you to run a server on your asymmetric bandwidth consumer internet downloading connection, unless the market demographics demand it (i.e. probably only in the developed western world). Thus the success rate is likely to get worse over time, not better as we move towards the global police state and top-down control over the internet. Moving to mobile should help accelerate the asymmetry of the internet, handing the power to our overlord masters. Note this may also impact the way many crypto-coins are currently coded for P2P interaction, but I haven't studied their sources. |
|
|
|
smooth
Legendary
 Offline
Activity: 2968
Merit: 1198
|
|
July 28, 2014, 09:58:49 AM |
|
That appears to be his personal anecdotal experience and admits that figure doesn't apply to mobile. And in my experience NAT traversal never works in the Philippines (I assume Skype was using a relay server). This 2008 source says we don't have quantifiable data on the success rate. Here's another source (testimony in a patent lawsuit) that 90-95% of Facetime connections are p2p (no relay), or at least they were before the lawsuit messed things up. http://arstechnica.com/tech-policy/2013/08/report-after-patent-loss-apple-tweaks-facetime-and-logs-500000-complaints/Not all of these are NAT traversal though, some significant number are likely just connections with no NAT at all. Either way though, there are many opportunities for P2P connections, still. |
|
|
|
|
Majormax
Legendary
Offline
Activity: 2534
Merit: 1129
|
|
July 28, 2014, 10:06:03 AM |
|
I think Anonymint is a little too demanding or perfectionist in terms of coin/protocol specifications, such as zero transaction fees, but here's my current reasons for why I can't really support Bitcoin or Monero, which is a Bitcoin derivative: Cross posted from: The BTC price is too high for it's current security modelhttps://bitcointalk.org/index.php?topic=710107.0The current Bitcoin model is already an obvious failure while people walk around in a delusional state pretending it isn't. It's advertised as requiring "no trusted 3rd parties", yet the entire thing relies on them in the form of a small number of mining pools for block verification. Since Bitcoin never solved the "no trusted 3rd parties" dilemma, it's time to admit that and actually come up with a solution, most likely assign a performance metric to regulate those parties (i.e. PoS with reputation variable).
Unless every single iota of Bitcoin dev manpower is redirected towards the solitary goal of getting rid of mining pools, they're operating under the textbook definition of insanity.
The model itself may not be a failure... It can be viewed as merely in a temporary stage of development. Perhaps it is not possible to reach a trustless system without first going through this phase (needing to trust some 3rd parties, whether nodes/miners etc). The reason for this is because the scale of adoption (critical mass of the system) needed to be self sustaining cannot be achieved with a trustless system starting from scratch: It never reaches exponential growth for lack of trust. |
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 10:42:00 AM
Last edit: July 28, 2014, 11:23:24 AM by AnonyMint |
|
That appears to be his personal anecdotal experience and admits that figure doesn't apply to mobile. And in my experience NAT traversal never works in the Philippines (I assume Skype was using a relay server). This 2008 source says we don't have quantifiable data on the success rate. Here's another source (testimony in a patent lawsuit) that 90-95% of Facetime connections are p2p (no relay), or at least they were before the lawsuit messed things up. http://arstechnica.com/tech-policy/2013/08/report-after-patent-loss-apple-tweaks-facetime-and-logs-500000-complaints/Not all of these are NAT traversal though, some significant number are likely just connections with no NAT at all. Either way though, there are many opportunities for P2P connections, still. I am thinking that walled garden isn't technically applicable to the wild of the internet. Apple dictates (negotiates) the terms with the iOS carriers and I assume can ensure that direct connections between iOS devices over the carriers is possible for the apps Apple wishes to whitelist. The 5 - 10% before the change may have been amongst the Macs running Facetime that were not on a carrier network? |
|
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
July 28, 2014, 10:55:09 AM |
|
I don't think that walled garden is technically applicable to the wild of the internet. Apple dictates (negotiates) the terms with the iOS carriers and can ensure that direct connections between iOS devices over the carriers is possible for the apps Apple wishes to whitelist.
Facetime over cellular wasn't enabled as a feature until last year, which means during the time period discussed in the patent lawsuit (last year) it was either non-existent or very new with minimal usage. Some carriers still don't allow it at all. For the most part it is/was a WiFi application meaning Apple has no special relationship. I'm pretty sure other applications will show similar statistics. |
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 11:31:15 AM |
|
That appears to be his personal anecdotal experience and admits that figure doesn't apply to mobile. And in my experience NAT traversal never works in the Philippines (I assume Skype was using a relay server). This 2008 source says we don't have quantifiable data on the success rate. Here's another source (testimony in a patent lawsuit) that 90-95% of Facetime connections are p2p (no relay), or at least they were before the lawsuit messed things up. http://arstechnica.com/tech-policy/2013/08/report-after-patent-loss-apple-tweaks-facetime-and-logs-500000-complaints/Not all of these are NAT traversal though, some significant number are likely just connections with no NAT at all. Either way though, there are many opportunities for P2P connections, still. I am thinking that walled garden isn't technically applicable to the wild of the internet. Apple dictates (negotiates) the terms with the iOS carriers and I assume can ensure that direct connections between iOS devices over the carriers is possible for the apps Apple wishes to whitelist. The 5 - 10% before the change may have been amongst the Macs running Facetime that were not on a carrier network? I think if you dig for Gnutella statistics, you can find quantitative stats: http://en.wikipedia.org/wiki/Gnutella#Gnutella_featureshttp://webcache.googleusercontent.com/search?q=cache:GSP3Yu7TbGMJ:www.gnutellaforums.com/general-gnutella-development-discussion/5397-gnutella-network-size-statistics.html+&cd=1&hl=en&ct=clnk&client=firefox-aHi,
are there some more statistics available telling how big gnutella is, how many firewalled hosts, freeloaders and other details? Please let me know what you find out. |
|
|
|
|
AnonyMint
|
|
July 28, 2014, 11:35:27 AM |
|
I don't think that walled garden is technically applicable to the wild of the internet. Apple dictates (negotiates) the terms with the iOS carriers and can ensure that direct connections between iOS devices over the carriers is possible for the apps Apple wishes to whitelist.
Facetime over cellular wasn't enabled as a feature until last year, which means during the time period discussed in the patent lawsuit (last year) it was either non-existent or very new with minimal usage. Some carriers still don't allow it at all. For the most part it is/was a WiFi application meaning Apple has no special relationship. I'm pretty sure other applications will show similar statistics. "Direct connections" can also be deceiving. This could include direct connections from one client to another, where that other client is acting as a P2P relay. Skype used this, because not all clients could punch a hole across NAT. So then you had some clients who are not reciprocating so that is the Tor model where some clients are relays and others are not. |
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
July 28, 2014, 11:54:22 AM |
|
I don't think that walled garden is technically applicable to the wild of the internet. Apple dictates (negotiates) the terms with the iOS carriers and can ensure that direct connections between iOS devices over the carriers is possible for the apps Apple wishes to whitelist.
Facetime over cellular wasn't enabled as a feature until last year, which means during the time period discussed in the patent lawsuit (last year) it was either non-existent or very new with minimal usage. Some carriers still don't allow it at all. For the most part it is/was a WiFi application meaning Apple has no special relationship. I'm pretty sure other applications will show similar statistics. "Direct connections" can also be deceiving. This could include direct connections from one client to another, where that other client is acting as a P2P relay. Skype used this, because not all clients could punch a hole across NAT. So then you had some clients who are not reciprocating so that is the Tor model where some clients are relays and others are not. I've not seen anything to suggest that Facetime can use significant bandwidth even when you aren't the one using it, and I'm pretty sure it would be widely reported since it matters to users with bandwidth caps and metering (this is of course well known for Skype). However, it is worth keeping in mind that when they say 90-95% of the connections are direct, that only requires that at least one of the two be able to accept incoming connections (or packets). So the number of accessible end points is around 70%, at least for Facetime users last year (not necessarily representative of the entire internet). This includes both successful NAT traversal and no NAT. BTW, no major crypto coins use NAT traversal techniques other than UPNP (sometimes). They just rely on one end or the other being reachable by an IP address. I2P support in Monero will likely improve P2P connectivity somewhat. |
|
|
|
|
AlexGR
Legendary
Offline
Activity: 1708
Merit: 1049
|
|
July 28, 2014, 12:11:15 PM |
|
Cryptonote can't encourage too much use with zero transaction fees, because it can't accept the scaling that can come with it.
I believe Zerocash has similar scaling issues. DarkCoin (and CoinJoin) has the simultaneity problem that fights scaling because to mix you need someone else who wants to mix with you at the same denominations at the same time (not mention being either theoretically defeated with jamming and/or Sybil attack on masternodes) and to perform this meeting with scaling you need global coherence on submitted txs which means either centralization (synchronicity) or no scaling.
Darkcoin will use premixing so that the simultaneity issue during transactions is resolved in RC4 with DarkSend plus (DarkSend+). https://darkcointalk.org/threads/development-updates-july-7th.1735+ https://darkcointalk.org/threads/development-updates-july-15th.1788 (revisions) |
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 12:26:38 PM |
|
smooth, I realized we were discussing an irrelevant tangent, because regardless of the fact that by default I2P makes clients relay nodes (at some percentage of direct connection success) and Tor doesn't, the ability to Sybil attack these networks is only dependent on total network bandwidth. Since Tor is more popular (is it?), it is more difficult to Sybil attack. And they can both be Sybil attacked. Novice readers, the tangential technology issue we were discussing is explained somewhat here. |
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
July 28, 2014, 12:36:18 PM |
|
smooth, I realized we were discussing an irrelevant tangent, because regardless of the fact that by default I2P makes clients relay nodes (at some percentage of direct connection success) and Tor doesn't, the ability to Sybil attack these networks is only dependent on total network bandwidth. Since Tor is more popular (is it?), it is more difficult to Sybil attack.
I don't really know which is more popular, nor if that correlates with bandwidth. Tor certainly gets more press but I2P is supposedly widely used for file sharing, which is pretty bandwidth intensive. Perhaps someone else is more familiar with the usage and scope of I2P. I've never tried it. |
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 12:49:33 PM
Last edit: July 28, 2014, 01:16:58 PM by AnonyMint |
|
https://darkcointalk.org/threads/development-updates-july-7th.1735/The DarkSend+ anonymity depends on MasterNode1 and 2 are not Sybil attacked in order to achieve unlinkability and untraceability, and adds some of the blockchain bloat of Cryptonote. Cryptonote (Monero) achieves that without any such Sybil attack threat. Both Monero and DarkSend+ share the Sybil attack threats: 1. On mixing transactions thus incentivizing transaction spam. This is the other major flaw of Cryptonote and CoinJoin which forces transaction fees! Mining share payments for transactions as tromp suggested will not curtail spam because a mining share is profitable to generate, and can only contain the total level of transactions by raising the share difficulty required high enough to lock out those who don't have enough hashrate (which makes the Sybil attack on transactions worse assuming the adversary has a higher hashrate some user). 2. On the I2P/Tor network used to obfuscate the IP address of the spender.
https://darkcointalk.org/threads/development-updates-july-15th.1788/Continuous mixing won't scale, because it explodes the transactions by some square lawextra factor. So if you think the scaling calculations I showed for Monero were egregious when scaled to Visa scale, get out your calculator and run them on this DarkSend premix idea.  It is comical to watch them tack on multiple layers of duct tape on a fundamentally flawed algorithm.
|
|
|
|
|
illodin
|
|
July 28, 2014, 01:02:04 PM |
|
Continuous mixing won't scale
Can it be pruned? Can mini-blockchain be implemented on it - and if so, how big of a task would it be? Trivial, moderate, large, monumental? |
|
|
|
|
|
ejinte
|
|
July 28, 2014, 01:02:33 PM |
|
Did anyone of you buy Ether, and if you did, why?
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 01:09:44 PM
Last edit: July 28, 2014, 01:53:22 PM by AnonyMint |
|
Continuous mixing won't scale
Can it be pruned? In addition to the block chain bloat, you've also got the transaction volume scaling up by some additional factor because generating Visa scale volume causes all these premix transactions for that volume. This impacts the size of the UXTO, block size, verification time, etc factors which impinge on centralization of mining. The mini blockchain won't help you scale down unnecessary transaction volume. And that the anonymity relies on mixing transactions (inputs) means there is an incentive (for both spenders wanting anonymity and the adversary trying Sybil attack) to explode the level of transactions to Sybil attack the anonymity. So then you've got to have transaction fees. Can mini-blockchain be implemented on it - and if so, how big of a task would it be? Trivial, moderate, large, monumental?
In theory yes. They could try to fork Cryptonite (not Cryptonote) and apply DarkSend to it. |
|
|
|
AlexGR
Legendary
Offline
Activity: 1708
Merit: 1049
|
|
July 28, 2014, 01:15:04 PM |
|
In the later update (mid-July), it goes up to 8 nodes - not 2. So the probabilities are far better. Remember there is a dis-incentive to Sybil by requiring 1000 DRKs per node. And you can't buy a lot of nodes without taking the price to the sky, as the less DRKs there are in the market, price increases non-linearly. So you'll need to own a heck of a lot of nodes to Sybil this - and the money required to increase your success percentage are going up in a non-linear fashion during the accumulation of DRK nodes. Personally I think premixing is quite interesting because, aside from solving issues that occur in realtime (like the simultaneous tx / denomination requirement) it re-opens the possibility of blind sigs... As it is right now (the implementation of DRK's coinjoin), it is performed without blind signatures due to the DOS issue that blind sigs had - which you discussed with Evan. So the node does know in order to be able to penalize bad behavior. But with premixing, the requirement for real-time coinjoin is eliminated... so, I'm thinking, perhaps, blind sigs can be used for better mixing. Even if mixing fails due to DOS, it is not a problem as a retry can be initiated for many times. It's all in the premixing phase (that could be days before a transfer) and thus one has plenty of time to waste... it could probably be activated with a "paranoid" checkbox for those desiring blind-sig level of anonymity. Continuous mixing won't scale, because it explodes the transactions by some square law. So if you think the scaling calculations I showed for Monero were egregious when scaled to Visa scale, get out your calculator and run them on this DarkSend premix idea. It is comical to watch them tack on multiple layers of duct tape on a fundamentally flawed algorithm. Remember that Darkcoin, unlike Monero, can be pruned. |
|
|
|
|
|
AnonyMint
|
|
July 28, 2014, 01:36:26 PM
Last edit: July 28, 2014, 01:50:04 PM by AnonyMint |
|
Okay so compared to Monero (Cryptonote), DarkCoin has an additional Sybil attack vector yet also can have prunability which Cryptonote can't. The argument is made that these masternodes won't be easily Sybil attacked because only a whale could. Your argument against the possibility of owning a lot of nodes fails due to the fact that money is always power law distributed[1]. One can argue that whales wouldn't destroy their investment by attacking it, but whales can be coerced with rubber hose or offered a percentage of the booty gained.  CloakCoin's anonymization stage has the similar Sybil attack vector. Additionally other game theory that is not yet considered. Being prunable, DarkCoin could in theory scale better on the block chain size but it increases the level of unnecessary transactions which impacts other aspects of scaling. Increasing the masternode stages from 2 to 8 exacerbates this further. So it is doubtful either can scale without centralized mining, and at least Monero doesn't have one (of the three) Sybil attack vectors. Both can't avoid transaction fees because their anonymity depends on mixing transactions which encourages transaction spam. [1] A. Dragulescu and V. Yakovenko. Exponential and power-law probability distributions of wealth and income in the United Kingdom and the United States. |
|
|
|
|
