Wanderlust
|
|
June 25, 2015, 08:23:59 AM |
|
PLEASE answer my specific question:
To be clear this is an attack only the premine holders can perform/help perform?
Thanks
Anyone with 80% of the supply can do the same thing. It is impossible to accumulate that amount of a coin as a passive holding when the coin continues to be actively mined (and in some cases hasn't even had 80% of its supply mined yet). If you work out the numbers, even 50% is far less serious of a concern than 80%, and more realistic numbers like 5% (or less) are no real concern at all. I find it implausible and/or impossible for anyone to accumulate for example 80% of an openly launched, actively developed, continually traded coin with a years-long mining schedule. In practice, those extreme concentrations only come about from premines, instamines, ninjamines, etc. Im not disagreeing with you but the answer to my question is YES, yes?
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
June 25, 2015, 08:28:48 AM Last edit: June 25, 2015, 08:57:00 AM by smooth |
|
PLEASE answer my specific question:
To be clear this is an attack only the premine holders can perform/help perform?
Thanks
Premine holders, or any entity that can buy, hack, steal, expropriate (individual holders, exchanges), and borrow enough coins. Btw, if there is a fair distribution without deanonymization risk right now and you make a transaction you want to stay private, the coin's value might go to (near) zero in the future for some reason (zero cash or Monero2 takes over, all devs decide to leave, a fatal bug is found, a totally new kind of way to transfer and store value is invented, etc) and an entity wishing to unravel the blockchain could place a buy wall at $0.01 and people would flock to dump their now worthless coin. Any transaction you make now would not be affected by concentration in the future. Even in that hypothetical future you could protect yourself against concentration by using higher mix factors. For example, given an attacker controlling 95% of the outputs, a 100+1 transaction would still be untraceable 99.4% of the time. This is already supported by the protocol and mix 100 (or more) transactions already exist on the blockchain. That would make the transactions larger and more expensive, so generally undesirable, but it is an available last ditch (or just highly paranoid) defense against high output control concentration that is available to anyone. Of course in the case you describe it wouldn't matter that you could still achieve practical untraceability since people would have moved on to something else or given up on untraceable crypto.
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3822
Merit: 5272
Note the unconventional cAPITALIZATION!
|
|
June 25, 2015, 12:10:28 PM |
|
PLEASE answer my specific question:
To be clear this is an attack only the premine holders can perform/help perform?
Thanks
Im not disagreeing with you but the answer to my question is YES, yes?
I'm a poker player Wanderlust, and I have worked hard to hone my skills at situational logic in a game of incomplete information. Discussing money on a forum is a related activity in that there are people with a stake one way or another (sometimes not even financially) involved in the conversation. At times the various posters (players) can be seen making a point or saying something that is contradictory. And that reveals a bias. You are currently arguing that CN in general and XMR specifically has a terrible weakness in that large holders might conspire to de-anonymize transactions even though this is most likely virtually impossible. At the same time you are arguing that Bytecoin may have an anonymity advantage since there may only be a SINGLE large holder (or group) since it was so significantly premined. So you are saying the coin is SAFER since it's trustless status has already been completely compromised. Your bias is clear and your logic so tortured and spun that were we playing a card game I feel I could place a bet with relative certainty of your strength and position.
|
|
|
|
oniromancia
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 25, 2015, 12:13:43 PM |
|
Anonfile links in OP r broken. Cannot evidence the screenshots. Any other links?
so a bunch of cypherpunks/academics/NSA dudes create a tech which is widely recognized to be bullet-proof… market cap a few million bucks… whatever the tech has spawned a plethora of copies (all bad except XMR according to thread-starter) worth many millions more. And yet I am supposed to chew out the geniuses benhind CN?? I don't think so… what will XMR offer for future dev? BCN showing the way atm it seems. KDK-12 calling smooth Lets get straight to the facts. Those who premined Bytecoin purposely kept it secret, Bytecoin was never shared on any boards to open it up to the public, making it's premine inexcusable. Anyone mining Bytecoin(BCN) right now, is only mining the last 5%, while a relatively small group of holders has a 95% premine in their hands already. Goodluck to everyone mining the last 5% of all Bytecoin, cause the other 95% was already premined.
|
|
|
|
Wanderlust
|
|
June 25, 2015, 12:17:15 PM |
|
PLEASE answer my specific question:
To be clear this is an attack only the premine holders can perform/help perform?
Thanks
Im not disagreeing with you but the answer to my question is YES, yes?
I'm a poker player Wanderlust, and I have worked hard to hone my skills at situational logic in a game of incomplete information. Discussing money on a forum is a related activity in that there are people with a stake one way or another (sometimes not even financially) involved in the conversation. At times the various posters (players) can be seen making a point or saying something that is contradictory. And that reveals a bias. You are currently arguing that CN in general and XMR specifically has a terrible weakness in that large holders might conspire to de-anonymize transactions even though this is most likely virtually impossible. At the same time you are arguing that Bytecoin may have an anonymity advantage since there may only be a SINGLE large holder (or group) since it was so significantly premined. So you are saying the coin is SAFER since it's trustless status has already been completely compromised. Your bias is clear and your logic so tortured and spun that were we playing a card game I feel I could place a bet with relative certainty of your strength and position. No. I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions. There are 2 solutions to this flaw: 1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding) I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it. However both solutions are themselves flawed. In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions. That's my point. I think the logic is sound. It's a Catch 22 for CN.
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3822
Merit: 5272
Note the unconventional cAPITALIZATION!
|
|
June 25, 2015, 01:08:42 PM |
|
No.
I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.
There are 2 solutions to this flaw:
1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)
I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.
However both solutions are themselves flawed.
In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.
That's my point. I think the logic is sound. It's a Catch 22 for CN.
And you're wrong. You are right #2 is problematic at it's core. It breaks the trustless nature of the coins completely. And #1 is meaningless without defining "fair". Fact: It is extremely likely that Monero has had a braod enough distribution that your claims are false.
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3822
Merit: 5272
Note the unconventional cAPITALIZATION!
|
|
June 25, 2015, 01:46:33 PM |
|
One other thing.
An open offer (until when and if I decide to close it):
If anyone can tell me exactly how many XMR are held here: 4BCkyJpxKT76d832D5viMX2MxFgXASxpkdf6zGhXp1tV8WonDBwU7qfT1eXPfjn9gHMju8s6ckVrhN6 t6tSWVZJUAwovRsa
I will multiply that amount times ONE HUNDRED and pay the winner.
Bonus:
If anyone can name a destination address and an amount sent from this account in the last 6 months
I will multiply the current balance of the above address by TEN and pay the winner. (Of course in this scenario you'd have to trust me as to my math wouldn't you?)
|
|
|
|
Rias
|
|
June 25, 2015, 01:56:51 PM |
|
Since the discussion digressed to deanonymization through ring signature being compromised, I'd like to add an important point. First of all, it's not exactly the matter of the sum that the attacker holds. It's about outputs that he controls. That means that even though you may have not more than 20% of the emission, you may be able to create a lot of smaller outputs, which would significantly diminish the barrier. Secondly, a group of large holders may agree to use their outputs to act as one single malicious user and do it in a manner described above. Finally, if somebody deanonymizes the outputs used in ring signatures, it does not destroy anonymity. Anonymity in CN is achieved through untraceability (ring signatures) and unlinkability (stealth addresses). Even though the attacker would be able to identify which particular inputs were spent (untraceability removed), he would never be able to prove that 2 transactions were sent to one wallet or learn a balance of any wallet. This extreme case decreases anonymity in general, but does not destroy it. Even without ring signatures, CN is much better off in terms of privacy protection than Bitcoin. One other thing.
An open offer (until when and if I decide to close it):
If anyone can tell me exactly how many XMR are held here: 4BCkyJpxKT76d832D5viMX2MxFgXASxpkdf6zGhXp1tV8WonDBwU7qfT1eXPfjn9gHMju8s6ckVrhN6 t6tSWVZJUAwovRsa
I will multiply that amount times ONE HUNDRED and pay the winner.
Bonus:
If anyone can name a destination address and an amount sent from this account in the last 6 months
I will multiply the current balance of the above address by TEN and pay the winner. (Of course in this scenario you'd have to trust me as to my math wouldn't you?)
Due to unlinkability property it is impossible to tell your balance at all even if the ringsig did not exist. Destination address can not be learned due to the very same reason (each output is sent to a unique stealth address). The tx amount is also not identifiable as CN protocol sends more money than the tx requires (which is returned as change and obfuscates the transferred sum). Does anybody here understand the way it works at all?
|
|
|
|
Wanderlust
|
|
June 25, 2015, 02:01:29 PM |
|
No.
I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.
There are 2 solutions to this flaw:
1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)
I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.
However both solutions are themselves flawed.
In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.
That's my point. I think the logic is sound. It's a Catch 22 for CN.
And you're wrong. You are right #2 is problematic at it's core. It breaks the trustless nature of the coins completely. And #1 is meaningless without defining "fair". Fact: It is extremely likely that Monero has had a braod enough distribution that your claims are false. technically I am NOT wrong. -"extremely likely" is not equal to FACT -XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed. Both 1 and 2 ARE (albeit problematic and imperfect) solutions.
|
|
|
|
cAPSLOCK
Legendary
Offline
Activity: 3822
Merit: 5272
Note the unconventional cAPITALIZATION!
|
|
June 25, 2015, 02:11:38 PM |
|
Since the discussion digressed to deanonymization through ring signature being compromised, I'd like to add an important point. First of all, it's not exactly the matter of the sum that the attacker holds. It's about outputs that he controls. That means that even though you may have not more than 20% of the emission, you may be able to create a lot of smaller outputs, which would significantly diminish the barrier. Secondly, a group of large holders may agree to use their outputs to act as one single malicious user and do it in a manner described above. Finally, if somebody deanonymizes the outputs used in ring signatures, it does not destroy anonymity. Anonymity in CN is achieved through untraceability (ring signatures) and unlinkability (stealth addresses). Even though the attacker would be able to identify which particular inputs were spent (untraceability removed), he would never be able to prove that 2 transactions were sent to one wallet or learn a balance of any wallet. This extreme case decreases anonymity in general, but does not destroy it. Even without ring signatures, CN is much better off in terms of privacy protection than Bitcoin. One other thing.
An open offer (until when and if I decide to close it):
If anyone can tell me exactly how many XMR are held here: 4BCkyJpxKT76d832D5viMX2MxFgXASxpkdf6zGhXp1tV8WonDBwU7qfT1eXPfjn9gHMju8s6ckVrhN6 t6tSWVZJUAwovRsa
I will multiply that amount times ONE HUNDRED and pay the winner.
Bonus:
If anyone can name a destination address and an amount sent from this account in the last 6 months
I will multiply the current balance of the above address by TEN and pay the winner. (Of course in this scenario you'd have to trust me as to my math wouldn't you?)
Due to unlinkability property it is impossible to tell your balance at all even if the ringsig did not exist. Destination address can not be learned due to the very same reason (each output is sent to a unique stealth address). The tx amount is also not identifiable as CN protocol sends more money than the tx requires (which is returned as change and obfuscates the transferred sum). Does anybody here understand the way it works at all? I would complain that explaining a magician's trick is bad form. But he doesn't get the explanation and you don't get the trick. Ignorance all around. We are still safe! By the way. That bag you are holding is never likely to be more valuable than it is now.
|
|
|
|
damashup
|
|
June 25, 2015, 03:25:34 PM |
|
... -XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed. ...
In a free market, - One person with 80% of the coin acquired through pre-mine = uneven + unfair distribution.
- One person with 80% of the coin acquired through mining (on a level playing field) or purchasing (in an open market) = uneven distribution but not necessarily unfair.
Whether the distribution (perceived or actual) is a deterrent (or incentive) to others... is a separate matter unrelated to fairness.
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
June 25, 2015, 07:20:52 PM |
|
No.
I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.
There are 2 solutions to this flaw:
1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)
I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.
However both solutions are themselves flawed.
In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.
That's my point. I think the logic is sound. It's a Catch 22 for CN.
And you're wrong. You are right #2 is problematic at it's core. It breaks the trustless nature of the coins completely. And #1 is meaningless without defining "fair". Fact: It is extremely likely that Monero has had a braod enough distribution that your claims are false. technically I am NOT wrong. -"extremely likely" is not equal to FACT -XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed. Both 1 and 2 ARE (albeit problematic and imperfect) solutions. Technically you are not right either. 1. Smooth went through the numbers and your assertion isn't in line with facts. IE BCN's anonymity would be more easily broken by a substantial measure and there is no data to suggest that Monero is unfairly distributed, nor could it be as unfairly distributed as it is still being heavily distributed--so talking about them as equal probabilities of anonymity failure is dead wrong. 2. Is idiotic as a proposition as no one who developed BCN claimed that that was the intention, seems pretty ludicrous to suggest it when even Devs didn't use that as an excuse/reason for the premine.
|
|
|
|
Wanderlust
|
|
June 25, 2015, 07:39:42 PM |
|
No.
I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.
There are 2 solutions to this flaw:
1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)
I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.
However both solutions are themselves flawed.
In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.
That's my point. I think the logic is sound. It's a Catch 22 for CN.
And you're wrong. You are right #2 is problematic at it's core. It breaks the trustless nature of the coins completely. And #1 is meaningless without defining "fair". Fact: It is extremely likely that Monero has had a braod enough distribution that your claims are false. technically I am NOT wrong. -"extremely likely" is not equal to FACT -XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed. Both 1 and 2 ARE (albeit problematic and imperfect) solutions. Technically you are not right either. 1. Smooth went through the numbers and your assertion isn't in line with facts. IE BCN's anonymity would be more easily broken by a substantial measure and there is no data to suggest that Monero is unfairly distributed, nor could it be as unfairly distributed as it is still being heavily distributed--so talking about them as equal probabilities of anonymity failure is dead wrong. 2. Is idiotic as a proposition as no one who developed BCN claimed that that was the intention, seems pretty ludicrous to suggest it when even Devs didn't use that as an excuse/reason for the premine. "Technically you are not right either." LOL 1) …is still afflicted by suppositions. 2) correct this has never been offered as a reason… they've always stuck to their origin story (kudos btw)… all I'm saying is it's a possible means of thwarting a malicious entity from attacking the network.
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
June 25, 2015, 07:50:28 PM |
|
No.
I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.
There are 2 solutions to this flaw:
1) ensure fair distro of coins 2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)
I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.
However both solutions are themselves flawed.
In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.
That's my point. I think the logic is sound. It's a Catch 22 for CN.
And you're wrong. You are right #2 is problematic at it's core. It breaks the trustless nature of the coins completely. And #1 is meaningless without defining "fair". Fact: It is extremely likely that Monero has had a braod enough distribution that your claims are false. technically I am NOT wrong. -"extremely likely" is not equal to FACT -XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed. Both 1 and 2 ARE (albeit problematic and imperfect) solutions. Technically you are not right either. 1. Smooth went through the numbers and your assertion isn't in line with facts. IE BCN's anonymity would be more easily broken by a substantial measure and there is no data to suggest that Monero is unfairly distributed, nor could it be as unfairly distributed as it is still being heavily distributed--so talking about them as equal probabilities of anonymity failure is dead wrong. 2. Is idiotic as a proposition as no one who developed BCN claimed that that was the intention, seems pretty ludicrous to suggest it when even Devs didn't use that as an excuse/reason for the premine. "Technically you are not right either." LOL 1) …is still afflicted by suppositions. 2) correct this has never been offered as a reason… they've always stuck to their origin story (kudos btw)… all I'm saying is it's a possible means of thwarting a malicious entity from attacking the network. 1. If you think Smooth's calculations are incorrect, prove it. 2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.
|
|
|
|
Rias
|
|
June 25, 2015, 09:20:17 PM |
|
2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.
Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output. An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly?
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
June 26, 2015, 04:48:30 AM Last edit: June 26, 2015, 05:27:00 AM by generalizethis |
|
2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.
Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output. An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly? Maybe you missed why this thread is here--besides the obvious unsavoriness of a scam-mine.... https://lab.getmonero.org/pubs/MRL-0001.pdf
|
|
|
|
Rias
|
|
June 26, 2015, 08:03:56 AM |
|
I've read it multiple times. And it seems that I know what I'm talking about. Below is the quote from its abstract: The signatures are still one-time, however, and any such attack will still not necessarily violate the anonymity of users. However, such an attack could plausibly weaken the resistance CryptoNote demonstrates against blockchain analysis. Furthermore: This research bulletin has not undergone peer review, and reflects only the results of internal investigation.
|
|
|
|
generalizethis
Legendary
Offline
Activity: 1750
Merit: 1036
Facts are more efficient than fud
|
|
June 26, 2015, 08:23:47 AM |
|
I've read it multiple times. And it seems that I know what I'm talking about. Below is the quote from its abstract: The signatures are still one-time, however, and any such attack will still not necessarily violate the anonymity of users. However, such an attack could plausibly weaken the resistance CryptoNote demonstrates against blockchain analysis. Furthermore: This research bulletin has not undergone peer review, and reflects only the results of internal investigation. But for whatever reason I trust their opinion of what makes a good ecash more than yours. I'll not err on possible weakness equaling non-weaknesses.
|
|
|
|
Wanderlust
|
|
June 26, 2015, 08:29:33 AM |
|
Here's my analysis:
NOBODY HERE KNOWS WHAT THE HELL THE HISTORY OF CN OR BCN IS. NOBODY HERE KNOWS WHO CREATED CN OR BCN. NOBODY HERE KNOWS SPECIFIC INFO REGARDING DATES OF LAUNCH FOR EITHER CN OR BCN. NOBODY HERE KNOWS THE EXACT RELATIONSHIP BETWEEN CN AND BCN DEVS.
BOTH CN AND BCN DEVS REMAIN ANONYMOUS.
WHAT WE DO KNOW IS THAT BCN WAS THE FIRST CN COIN.
|
|
|
|
shitaifan2013
Legendary
Offline
Activity: 874
Merit: 1000
monero
|
|
June 26, 2015, 08:54:00 AM |
|
Here's my analysis:
NOBODY HERE KNOWS WHAT THE HELL THE HISTORY OF CN OR BCN IS. NOBODY HERE KNOWS WHO CREATED CN OR BCN. NOBODY HERE KNOWS SPECIFIC INFO REGARDING DATES OF LAUNCH FOR EITHER CN OR BCN. NOBODY HERE KNOWS THE EXACT RELATIONSHIP BETWEEN CN AND BCN DEVS.
BOTH CN AND BCN DEVS REMAIN ANONYMOUS.
WHAT WE DO KNOW IS THAT BCN WAS THE FIRST CN COIN.
and it took you days of trolling to realize something so obvious? "herr, lass hirn regnen!"
|
|
|
|
|