fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
August 01, 2014, 07:58:56 AM |
|
This is all speculation. You don't know if there are measures in place. Once PoSA is released, the facts and flaws(if any) will make themselves known.
Attack vectors, threat models, and their mitigations, are all things you design and put in place before you write a line of code. It would be in the whitepaper, and then expressed in the code. Look at sections 7 and 8 in the Bitmessage whitepaper, for instance, that deal purely with threat mitigation. Bad cryptography says "the proof is in the code". Bad cryptography says "we'll solve that later". Bad cryptography says "there is no mathematical model to show how this will work". Don't fall prey to bad cryptography.
|
|
|
|
strasboug (OP)
|
|
August 01, 2014, 08:06:27 AM |
|
The "IF" block does not exist today. Did Cloakcoin implement that? This may be troublesome, as you need to write a temporary block into the formal chain and at some point (say 10 blocks later) rewrite it in permanent form.
Moreover, if the "IF" block exist, how to do you the sender (or whoever created it) write it in good condition? If the sender is a cheater, he can write a false condition that will fail, and Node#1 will stupidly send the coins to Joe, and sender will get his coins back. How can you prevent that? Remember this is an automatic process, no one is going to inspect the blockchain by hand.
Same for Joe, since the 1st coin already in his hand (#1 _POSA address is his, so basically he already got the coin, he can write a fraudulent IF block and get double amount easily).
Conclusion: this will not work as there's nothing force the sender/receiver to behave correctly.
Yes I agree, these are the issues. There's nothing forcing they write good "IF" in the block they post to the network. So this can easily be fraud. Since sender is the one who write IF. So his IF can be to check an address he created, instead of the receiver created address. He is the one who post the "IF" tx to the network, he can do anything he wants. Good observations. As I said before, a trustless system needs to have mechanism that forces all parties behave correctly, otherwise it will not work... This is all speculation. You don't know if there are measures in place. Once PoSA is released, the facts and flaws(if any) will make themselves known. No it's not speculations. There need to have forceful ways for all nodes to behave correctly, as I've been saying all along. We don't see these in the info released.
|
|
|
|
strasboug (OP)
|
|
August 01, 2014, 08:07:09 AM |
|
This is all speculation. You don't know if there are measures in place. Once PoSA is released, the facts and flaws(if any) will make themselves known.
Attack vectors, threat models, and their mitigations, are all things you design and put in place before you write a line of code. It would be in the whitepaper, and then expressed in the code. Look at sections 7 and 8 in the Bitmessage whitepaper, for instance, that deal purely with threat mitigation. Bad cryptography says "the proof is in the code". Bad cryptography says "we'll solve that later". Bad cryptography says "there is no mathematical model to show how this will work". Don't fall prey to bad cryptography. +1
|
|
|
|
stealth923
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
August 01, 2014, 11:13:50 AM Last edit: August 01, 2014, 11:30:35 AM by stealth923 |
|
Taken from another thread "What happens if Alty wants to send Cloakcoin to Joe but Joe is offline?"
Lol I think that breaks the matrix.
I would like to know as well:
how this design handles bad actors with the escrow block even though some have said the network doesnt even have escrow blocks and "if statements" are flawed and can be bypassed, if one of the nodes is a bad actor and steals coins or deny's transactions against taint analysis, sybil attacks, collusion, DDoS etc.
we should call the dev's into this thread to see if they are willing to respond.
|
|
|
|
thecast
Newbie
Offline
Activity: 56
Merit: 0
|
|
August 01, 2014, 11:49:46 AM |
|
Is Monero more secure than CLOAK?
|
|
|
|
fluffypony
Donator
Legendary
Offline
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
|
|
August 01, 2014, 01:18:11 PM |
|
Is Monero more secure than CLOAK?
I'm clearly biased, and I am unfamiliar with how Cloakcoin plans on achieving their stated goals. There are concerns raised in the post above your one that remain to be answered. Cloakcoin also does not appear to have their proposed anonymous system operational and open-source at this stage. Monero is cryptographically untraceable and unlinkable, as confirmed by the peer-review our mathematicians and cryptographers did of the CryptoNote whitepaper, and confirmed on this board by people with a strong grounding in cryptography (eg. AnonyMint). It has been so from the genesis block onwards. The code that enables these untraceable transactions has been open-source and reviewed by many from the moment Monero launched. The anonymity works, and works now. We are improving the cryptography and code so that attacks that attempt to reduce the anonymity set are limited to the point of impossibility.
|
|
|
|
valley365
|
|
August 01, 2014, 06:40:18 PM |
|
Yes it does not seem to me Cloak has anything solid. The algo seems having many issues. The IF-block is very suspicoius and may have a lot problems in implementing. Especially there are no forceful way to make all parties behave according to the rules. Without this, no trustless system will work.
|
|
|
|
solid12345
Legendary
Offline
Activity: 1246
Merit: 1000
|
|
August 01, 2014, 07:51:43 PM |
|
Is Monero more secure than CLOAK?
This is what makes me think the alt world is truly mad as a hatter. We have a proven WORKING anon that is untraceable and people still keep acting like we are still searching for the holy grail elsewhere.
|
|
|
|
timerland
|
|
August 02, 2014, 12:53:39 AM |
|
Yes it does not seem to me Cloak has anything solid. The algo seems having many issues. The IF-block is very suspicoius and may have a lot problems in implementing. Especially there are no forceful way to make all parties behave according to the rules. Without this, no trustless system will work.
So far I see only multisig possibly accomplish the task of trustless system. I'd like to see if there are other systems working, but unfortunately the scheme designed by Cloakcoin is not likely working, due to the many issues raised above.
|
|
|
|
btcsup
Member
Offline
Activity: 93
Merit: 10
|
|
August 02, 2014, 05:09:21 AM |
|
There so many sheeps believing cloak to have somewhat anonymous technology. It's fun to see. Losers are so many, Cloak dump will be huge!
|
|
|
|
strasboug (OP)
|
|
August 03, 2014, 07:12:22 PM |
|
It is clearly that Cloakcoin does not have the true trustless system. I doubt its dev understand what is a true trustless system at all.
Otherwise, please answer the questions people asked above.
|
|
|
|
strasboug (OP)
|
|
August 03, 2014, 07:19:07 PM |
|
Is Monero more secure than CLOAK?
This is what makes me think the alt world is truly mad as a hatter. We have a proven WORKING anon that is untraceable and people still keep acting like we are still searching for the holy grail elsewhere. Yes it seems to me that CryptoNote is a good anon algorithm, will learn more details. Other anonymous Coinjoin solutions such as Darksend, supersend are good too. Though they are not p2p trustless systems, but they work fine and reliable. Cloak's method is very doubtful, and from what I understand, it is not a trustless system at all. I am not even sure it is non-traceable. When I have more time, I'll look into the traceability of it.
|
|
|
|
iCEBREAKER
Legendary
Offline
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
|
|
August 03, 2014, 07:28:44 PM |
|
It is clearly that Cloakcoin does not have the true trustless system. I doubt its dev understand what is a true trustless system at all.
Otherwise, please answer the questions people asked above.
Trust but verify. Closed source = can't verify. Therefore, DON'T TRUST. The only 100% open-source coin with cryptographically provable security and privacy is Monero. The rest are wanna-be anon at best, fakes at worst.
|
██████████ ██████████████████ ██████████████████████ ██████████████████████████ ████████████████████████████ ██████████████████████████████ ████████████████████████████████ ████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ██████████████████████████████████ ████████████████████████████████ ██████████████ ██████████████ ████████████████████████████ ██████████████████████████ ██████████████████████ ██████████████████ ██████████ Monero
|
| "The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy." David Chaum 1996 "Fungibility provides privacy as a side effect." Adam Back 2014
|
| | |
|
|
|
timerland
|
|
August 04, 2014, 05:43:19 AM |
|
Is Monero more secure than CLOAK?
This is what makes me think the alt world is truly mad as a hatter. We have a proven WORKING anon that is untraceable and people still keep acting like we are still searching for the holy grail elsewhere. Yes it seems to me that CryptoNote is a good anon algorithm, will learn more details. Other anonymous Coinjoin solutions such as Darksend, supersend are good too. Though they are not p2p trustless systems, but they work fine and reliable. Cloak's method is very doubtful, and from what I understand, it is not a trustless system at all. I am not even sure it is non-traceable. When I have more time, I'll look into the traceability of it. Agree, this is a fair statement.
|
|
|
|
collapse157
Member
Offline
Activity: 68
Merit: 10
|
|
August 04, 2014, 01:27:36 PM |
|
What you guys don't understand is their block escrow. They are trusting the block chain, not the nodes. If nodes don't send, original gets his cloak back and tries to find new node. No way to cheat the system. End this stupid FUD haha.
I have been around programming before, not the blockchain though, but even this makes sense to me.
|
HBN | | HoboNickels -- 2% Interest Every 10 Days -- Stable Network -- Stake for Charity http:hobonickels.info
|
|
|
stealth923
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
August 04, 2014, 01:33:20 PM |
|
What you guys don't understand is their block escrow. They are trusting the block chain, not the nodes. If nodes don't send, original gets his cloak back and tries to find new node. No way to cheat the system. End this stupid FUD haha.
I have been around programming before, not the blockchain though, but even this makes sense to me.
Read the posts above carefully. Many flaws for block escrow and the overall design is stated.
|
|
|
|
collapse157
Member
Offline
Activity: 68
Merit: 10
|
|
August 04, 2014, 01:42:56 PM |
|
Yea and all of them seem like no one actually read the block escrow part on the whitepaper. every node has to confirm that every transaction occurred for any coins to be lost. If it didn't happen, coins are returned.
|
HBN | | HoboNickels -- 2% Interest Every 10 Days -- Stable Network -- Stake for Charity http:hobonickels.info
|
|
|
Wheatclove
|
|
August 04, 2014, 01:53:02 PM |
|
None of you know for certain what cloakcoin is capable of.
The devs have made promises of anonymity, not specifying the exact method in their whitepaper. I see nothing wrong with this. Maybe they are testing various methods and have not made a concrete decision. Who cares?
What's the point of this thread other than to spread your own fear, uncertainty, and doubt? Everyone in the game should know the risks of this game. But if cloak is able to deliver, then these risks are worth it. If not, the world keeps spinning. If you dont believe in cloak and youre not invested in it, you have nothing to lose so why bother making this thread? Are you afraid of this coin destroying the coins you're invested in?
|
|
|
|
illodin
|
|
August 04, 2014, 02:01:45 PM |
|
None of you know for certain what cloakcoin is capable of.
That's the problem. The devs have made promises of anonymity, not specifying the exact method in their whitepaper. I see nothing wrong with this. Maybe they are testing various methods and have not made a concrete decision. Who cares?
What's the point of this thread other than to spread your own fear, uncertainty, and doubt? Everyone in the game should know the risks of this game. But if cloak is able to deliver, then these risks are worth it. If not, the world keeps spinning. If you dont believe in cloak and youre not invested in it, you have nothing to lose so why bother making this thread? Are you afraid of this coin destroying the coins you're invested in?
OP just wanted to know how it works so if it's good he can invest. IMO, devs should say that they are still researching a way to do it if they don't know how they are going to do it yet.
|
|
|
|
Wheatclove
|
|
August 04, 2014, 02:47:17 PM |
|
None of you know for certain what cloakcoin is capable of.
That's the problem. The devs have made promises of anonymity, not specifying the exact method in their whitepaper. I see nothing wrong with this. Maybe they are testing various methods and have not made a concrete decision. Who cares?
What's the point of this thread other than to spread your own fear, uncertainty, and doubt? Everyone in the game should know the risks of this game. But if cloak is able to deliver, then these risks are worth it. If not, the world keeps spinning. If you dont believe in cloak and youre not invested in it, you have nothing to lose so why bother making this thread? Are you afraid of this coin destroying the coins you're invested in?
OP just wanted to know how it works so if it's good he can invest. IMO, devs should say that they are still researching a way to do it if they don't know how they are going to do it yet. Why did he plug Supercoin then? I highly doubt he innocently made this thread to inquire details of the anon protocol in order to make an investment decision. Even the title is malicious. I have no issue with skepticism, especially given the history of altcoins. But I do not feel as though this thread is simply that.
|
|
|
|
|