|
CryptoPiero
Member
Offline
Activity: 98
Merit: 10
|
|
December 17, 2014, 01:01:34 AM |
|
Your scheme needs a trusted setup. How do you provide such a trust ?
|
|
|
|
Longenecker
|
|
December 17, 2014, 01:05:01 AM |
|
Your scheme needs a trusted setup. How do you provide such a trust ?
|
|
|
|
CryptoPiero
Member
Offline
Activity: 98
Merit: 10
|
|
December 17, 2014, 01:13:08 AM |
|
Your scheme needs a trusted setup. How do you provide such a trust ?
Under section 6.1.1. in the Setup function, there is a trusted parameter lambda.
|
|
|
|
Wheatclove
|
|
December 17, 2014, 01:15:12 AM |
|
Your scheme needs a trusted setup. How do you provide such a trust ?
Under section 6.1.1. in the Setup function, there is a trusted parameter lambda. FUTURE WORK AND IMPROVEMENTS
|
|
|
|
CryptoPiero
Member
Offline
Activity: 98
Merit: 10
|
|
December 17, 2014, 01:17:06 AM |
|
Your scheme needs a trusted setup. How do you provide such a trust ?
Under section 6.1.1. in the Setup function, there is a trusted parameter lambda. FUTURE WORK AND IMPROVEMENTSNo questions allowed there ? Ok.
|
|
|
|
FudandShort
Newbie
Offline
Activity: 11
Merit: 0
|
|
December 17, 2014, 01:20:38 AM |
|
How can anyone be sure that there are no "phantom tokens"? Who is going to control the creation of these tokens? Is it all based on trust, are you serious? wtf EDIT: zero knowledge proofs require a trusted setup. This allows the person who set up the system to create tokens at will if they didn't destroy the setup parameters. this is why zero cash can't work. It's the same problem with zero vert.
https://eprint.iacr.org/2006/389.pdfYou answered my question by citing Fujisaki. http://puu.sh/dxuPD/d19af67743.pngThe Fujisaki paper is basis for traceability in cryptonote ring signatures. The shadow token paper clearly describes a trusted ("special") setup to create an oracle as two hash functions. It is a deal breaker for true anonymity because it requires you to trust the person who set it up. http://puu.sh/dxdR4/9bb07c34c9.pngThis is the exact same problem with all "zero coins". They require a trusted setup. Section 3.1.1 of the Shadow whitepaper debunks your claim. You don't have zero knowledge implemented yet. What do you have then? You have a ring signature token system that uses the same signature system as cryptonote. It's true that it is a new implementation. However, there is this cumbersome condition: "The ring signature consists of the public key of the token being spent, plus the public keys from 3 to 200 other tokens of the same value as the token being spent." So to spend a given amount of shadow coin as shadow token, you have to find in the blockchain 3 - 200 tokens of the same size that you want to spend. I can think of a way to tokenize shadow where you can spend in any denomination: 1. Send shadowcoin to an exchange 2. Trade it for XMR or BBR (latter is better) 3. Spend the BBR in any denomination In this method, you use the exact same ring signature technology without worrying about whether tokens are available in the denomination you want to spend. You also don't have to worry about not getting your change back. It's a step backwards. At best it's interesting, but practically, it's worse. The zero-knowledge aspect is not implemented and will take a trusted setup. The "trustless" aspect you refer to is the ring signature system that operates just like cryptonote.
|
|
|
|
godzirra
|
|
December 17, 2014, 01:44:06 AM |
|
There it is.
|
|
|
|
Longenecker
|
|
December 17, 2014, 02:32:37 AM |
|
How can anyone be sure that there are no "phantom tokens"? Who is going to control the creation of these tokens? Is it all based on trust, are you serious? wtf EDIT: zero knowledge proofs require a trusted setup. This allows the person who set up the system to create tokens at will if they didn't destroy the setup parameters. this is why zero cash can't work. It's the same problem with zero vert.
https://eprint.iacr.org/2006/389.pdfYou answered my question by citing Fujisaki. The Fujisaki paper is basis for traceability in cryptonote ring signatures. The shadow token paper clearly describes a trusted ("special") setup to create an oracle as two hash functions. It is a deal breaker for true anonymity because it requires you to trust the person who set it up. This is the exact same problem with all "zero coins". They require a trusted setup. Section 3.1.1 of the Shadow whitepaper debunks your claim. You don't have zero knowledge implemented yet. What do you have then? You have a ring signature token system that uses the same signature system as cryptonote. It's true that it is a new implementation. However, there is this cumbersome condition: "The ring signature consists of the public key of the token being spent, plus the public keys from 3 to 200 other tokens of the same value as the token being spent." So to spend a given amount of shadow coin as shadow token, you have to find in the blockchain 3 - 200 tokens of the same size that you want to spend. I can think of a way to tokenize shadow where you can spend in any denomination: 1. Send shadowcoin to an exchange 2. Trade it for XMR or BBR (latter is better) 3. Spend the BBR in any denomination In this method, you use the exact same ring signature technology without worrying about whether tokens are available in the denomination you want to spend. You also don't have to worry about not getting your change back. It's a step backwards. At best it's interesting, but practically, it's worse. The zero-knowledge aspect is not implemented and will take a trusted setup. The "trustless" aspect you refer to is the ring signature system that operates just like cryptonote. You're an idiot and a terrible troll. First you say "there's no reference to cryptonote on whitepaper." But there was, you just failed to READ it. Then you say "SDC's implementation is a trusted setup b/c Zero-Knowledge requires trust" But rynomster already said it's using a trustless set-up AKA traceable ring-sig's that use ZK proofs... It says so in the WP, if you would, once again, READ it. Now, you're basically saying, "Okay, okay, SDC actually does reference cryptonote in the WP... and SDC's anon does not require trust... but you're still no different than cryptonote!" You are just throwing up straw-man after straw-man. And this most recent one was already addressed. SDC's implementation is not only unique, but superior to cryptonote, as already mentioned: Why there is no reference to Cryptonote on whitepaper? Zero Knowledge + ring signatures is nothing more than Cryptonote. Shadowcash is just cloning Monero without giving its credits and lying that is creating something new and revolutionary. And everyone here know it. From cryptonote white paper:https://cryptonote.org/whitepaper.pdfYou can't read the reference at the end of the WP ? Cryptonote uses a different curve, different libraries, and a whole different underlying core. We used ring signatures to spend Shadow, which is created by sending SDC as an anonymous output. Our scheme is quite a bit different, in that we borrow concepts from zerocoin, with the minting and spending, and use ring signatures to make the inputs untraceable from the outputs.. We're also using PoS instead of PoW. Its a completely unique scheme and implementation Not to mention, Shadow's anonymity is much more lightweight and flexible than XMR / cryptonote solutions. And SDC is not restricted to any type of signatures... SDC can swap it out with any better zero knowledge systems should they ever come along, and SDC will always be able to improve on it.
Bugger off, troll.
|
|
|
|
FudandShort
Newbie
Offline
Activity: 11
Merit: 0
|
|
December 17, 2014, 02:53:09 AM Last edit: December 17, 2014, 11:55:07 AM by FudandShort |
|
How can anyone be sure that there are no "phantom tokens"? Who is going to control the creation of these tokens? Is it all based on trust, are you serious? wtf EDIT: zero knowledge proofs require a trusted setup. This allows the person who set up the system to create tokens at will if they didn't destroy the setup parameters. this is why zero cash can't work. It's the same problem with zero vert.
https://eprint.iacr.org/2006/389.pdfYou answered my question by citing Fujisaki. http://puu.sh/dxuPD/d19af67743.pngThe Fujisaki paper is basis for traceability in cryptonote ring signatures. The shadow token paper clearly describes a trusted ("special") setup to create an oracle as two hash functions. It is a deal breaker for true anonymity because it requires you to trust the person who set it up. http://puu.sh/dxdR4/9bb07c34c9.pngThis is the exact same problem with all "zero coins". They require a trusted setup. Section 3.1.1 of the Shadow whitepaper debunks your claim. You don't have zero knowledge implemented yet. What do you have then? You have a ring signature token system that uses the same signature system as cryptonote. It's true that it is a new implementation. However, there is this cumbersome condition: "The ring signature consists of the public key of the token being spent, plus the public keys from 3 to 200 other tokens of the same value as the token being spent." So to spend a given amount of shadow coin as shadow token, you have to find in the blockchain 3 - 200 tokens of the same size that you want to spend. I can think of a way to tokenize shadow where you can spend in any denomination: 1. Send shadowcoin to an exchange 2. Trade it for XMR or BBR (latter is better) 3. Spend the BBR in any denomination In this method, you use the exact same ring signature technology without worrying about whether tokens are available in the denomination you want to spend. You also don't have to worry about not getting your change back. It's a step backwards. At best it's interesting, but practically, it's worse. The zero-knowledge aspect is not implemented and will take a trusted setup. The "trustless" aspect you refer to is the ring signature system that operates just like cryptonote. grrrrrrrrr ooga uga booga grrr uga grrr gruunnmm booga uga ooga graw Cryptonote uses a different curve, different libraries, and a whole different underlying core. We used ring signatures to spend Shadow, which is created by sending SDC as an anonymous output. Our scheme is quite a bit different, in that we borrow concepts from zerocoin, with the minting and spending, and use ring signatures to make the inputs untraceable from the outputs.. We're also using PoS instead of PoW. Its a completely unique scheme and implementation Not to mention, Shadow's anonymity is much more lightweight and flexible than XMR / cryptonote solutions. And SDC is not restricted to any type of signatures... SDC can swap it out with any better zero knowledge systems should they ever come along, and SDC will always be able to improve on it.
Bugger off, troll. Ad Hominem? Really about the references to cryptonote I don't saw before, my brain was busy analyzing the whitepaper. I'm sorry. For the rest, all I said is pure reality. What you quoted above isn't what is in the white paper and with closed code, no one can do a deeper analysis or make sure it really will not being created "phantom tokens" or several other things. This was the first and last time I wasted my time writing something for you or anyone else who don't knows how to talk as a civilized person.
|
|
|
|
Longenecker
|
|
December 17, 2014, 02:55:29 AM Last edit: December 17, 2014, 03:06:32 AM by Longenecker |
|
Really about the references to cryptonote I don't saw before, my brain was busy analyzing the whitepaper. I'm sorry. For the rest, all I said is pure reality. What you quoted above isn't what is in the white paper and with closed code, no one can do a deeper analysis or make sure it really will not being created "phantom tokens" or several other things. This was the first and last time I wasted my time writing something for you or anyone else who don't knows how to talk as a civilized person.
The code is basically open source. The only things missing are RPC commands and UI code... only so people can't direct clone. Everything else is there to do a proper and full analysis of shadowsend v2.
|
|
|
|
Fudberry
Newbie
Offline
Activity: 2
Merit: 0
|
|
December 17, 2014, 03:07:47 AM |
|
Really about the references to cryptonote I don't saw before, my brain was busy analyzing the whitepaper. I'm sorry. For the rest, all I said is pure reality. What you quoted above isn't what is in the white paper and with closed code, no one can do a deeper analysis or make sure it really will not being created "phantom tokens" or several other things. This was the first and last time I wasted my time writing something for you or anyone else who don't knows how to talk as a civilized person.
The code is basically open source. The only things missing are RPC commands and UI code... only so people can't direct clone. Everything else is there to do a proper and full analysis of shadowsend v2. +1 http://4.bp.blogspot.com/-xSrbCDC2bP8/T-iuQrQdPsI/AAAAAAAAEao/z4Bxcu0dHXw/s1600/a_winner_is_you_1024.jpg
|
|
|
|
FudandShort
Newbie
Offline
Activity: 11
Merit: 0
|
|
December 17, 2014, 03:14:49 AM |
|
at least one thing is obvious, you don't have zero knowledge implemented.
|
|
|
|
pookielax31
|
|
December 17, 2014, 03:15:48 AM |
|
BRING on the fud , these trolls are pathetic lets get some real ones in here
|
|
|
|
ozkraut
|
|
December 17, 2014, 03:21:02 AM |
|
at least one thing is obvious, you don't have zero knowledge implemented.
at least you do. Fantastic implementation too.
|
Monero - Wir sind die Leute vor denen uns unsere Eltern gewarnt haben!
|
|
|
00Smurf
|
|
December 17, 2014, 03:25:00 AM |
|
Really about the references to cryptonote I don't saw before, my brain was busy analyzing the whitepaper. I'm sorry. For the rest, all I said is pure reality. What you quoted above isn't what is in the white paper and with closed code, no one can do a deeper analysis or make sure it really will not being created "phantom tokens" or several other things. This was the first and last time I wasted my time writing something for you or anyone else who don't knows how to talk as a civilized person.
The code is basically open source. The only things missing are RPC commands and UI code... only so people can't direct clone. Everything else is there to do a proper and full analysis of shadowsend v2. The problem is if they do a full analysis they then have nothing to fud about. Plus they don't have the balls to talk under their main account.
|
|
|
|
Longenecker
|
|
December 17, 2014, 03:37:00 AM |
|
We just passed block 250,000!
Less than 7,000 blocks to go until we can use shadowsend v2!
|
|
|
|
moonchaser
|
|
December 17, 2014, 06:26:09 AM |
|
It seems that you guys did somehow a great job, and you made the news. I'm not a tech person, so I'll wait for the specialists to get a verdict on the innovation. However it looks good. The only thing that I'm worried about here is the absence in the thread of LongandShort That's really scary !!! No dirty words, no fighting the trolls to the dead! Any particular reason for that?
|
|
|
|
|
LongAndShort
Legendary
Offline
Activity: 1078
Merit: 1050
|
|
December 17, 2014, 09:17:51 AM |
|
Great!! Now that song is in my head and will be for days! This is usually in my head > http://youtu.be/dQw4w9WgXcQ
|
|
|
|
|