[XMR] Monero Speculation

[eizh]

It looks to me like there will be a replacement as the development progress has slowed to a crawl. Not to mention Diffie-Hellman elliptic Curve25519 is considered not safe.

I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
— Bruce Schneier

Should I continue?

This is exactly backwards. Schneier was referring to the constants of the NIST curves. Curve25519 is not a NIST curve, which is precisely why it's been very popular among cryptographers in recent years.

[1714854025]

1714854025

[1714854025]

1714854025

[1714854025]

1714854025

[Hueristic]

It looks to me like there will be a replacement as the development progress has slowed to a crawl. Not to mention Diffie-Hellman elliptic Curve25519 is considered not safe.

I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
— Bruce Schneier

Should I continue?

This is exactly backwards. Schneier was referring to the constants of the NIST curves. Curve25519 is not a NIST curve, which is precisely why it's been very popular among cryptographers in recent years.

From what I understand it has to do with the selection of common constants but I'm not going to research it again.

Popularity

Curve25519 was first released by Daniel J. Bernstein in 2005,[7] but interest increased considerably after 2013 when it was discovered that the NSA had implemented a backdoor into Dual EC DRBG. While not directly related,[8] suspicious aspects of the NIST's P curve constants[9] led to concerns[10] that the NSA had chosen values that gave them an advantage in factoring[11] public keys.[12]

    I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
    — Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)

Since then, Curve25519 has become the de facto alternative to P-256, and is used in a wide variety of applications.[13] In 2014 OpenSSH[14] defaults to Curve25519-based ECDH.

https://en.wikipedia.org/wiki/Curve25519

[birr]

The monero network is still small and weak enough that it's vulnerable to an attack by the state, is it not?
It would cost the U.S. government peanuts to attack monero and crush it.

Do you think they dont have better work to do?  Like save the white whales or polar bears or something.

[irony]
Of course!  The government isn't going to fuck your shit up.
They never do that.
[/irony]

[smooth]

We're at $2.46 ... can we please not talk about $1000?

The most likely scenario is that XMR will fail.

How?

Failure to continue to gain use adoption and investor demand, resulting in a terminal decline as participants bleed away to pursue solutions elsewhere. I don't see that happening at all right now, but that is the hypothetical.

Do you think Monero will rise to 1000 usd/xmr? How realistic you guys see it reaching 1000 usd (assuming btc is more or less the same as today)?

Zero chance. Don't be greedy.

I would say low but zero chance is also an absurd statement. 1000 USD/XMR would not even be a very high market cap by the standards of global assets. Absent failure, 1000 USD/XMR is likely.

@Heuristic there are no significant known or reasonably suspected problems with Curve25519. I have no idea where you are getting that from.

[Hueristic]

...

@Heuristic there are no significant known or reasonably suspected problems with Curve25519. I have no idea where you are getting that from.

I read it from a guy. So why is Shen recommending ed's Twisted? All Crypto eventually gets broken, we all know this. The question is what are the contingency plans.

[farfiman]

We're at $2.46 ... can we please not talk about $1000?

The most likely scenario is that XMR will fail.

How?

Failure to continue to gain use adoption and investor demand, resulting in a terminal decline as participants bleed away to pursue solutions elsewhere. I don't see that happening at all right now, but that is the hypothetical.

Do you think Monero will rise to 1000 usd/xmr? How realistic you guys see it reaching 1000 usd (assuming btc is more or less the same as today)?

Zero chance. Don't be greedy.

I would say low but zero chance is also an absurd statement. 1000 USD/XMR would not even be a very high market cap by the standards of global assets. Absent failure, 1000 USD/XMR is likely.

@Heuristic there are no significant known or reasonably suspected problems with Curve25519. I have no idea where you are getting that from.

He said based on assumption BTC at same level as today. Makes a big difference.

[smoothie]

...
Dude why don´t you just come up into the IRC and ask the questions directly, instead of hoping fluffy is tripping over them here. And if he is not there maybe someone else is capable of answering you

Tripping over them? What? We were in the middle of a conversation and I waited a week for him to answer before I even bumped it. XMR started here and it's where I go to talk about it. And apparently no-one else wanted to address the issue.

Stop acting like i kicked your dog, someone asked a question and I answered honestly. That is all I have done the years I have been posting here. I also prefer to have my questions answered in the main thread as it is a good repository I can search. I hate keeping logs.

I'm fairly certain if you were willing to go out of your way to get the answers to questions you have, you would already have answers. There are other means of communicating than this forum.

[smoothie]

What I am anticipating (which no one can 100% accurately predict) is when will there be the first big XMR theft or hack. This could mean that Poloniex or another exchange or marketplace gets hacked (not saying they will, but it has a > 0% chance of happening).

That could be an interesting precedent in how the economy/law enforcement etc react to such a theft/hack.

Up until now there hasn't been "news-worthy" hacks/thefts of XMR...yet.

I suspect it will happen sooner or later and price may or may not take a dump. From past experience all hacks are followed with price dumps.

Probably after monero has a bull run will it be worth a hacker stealing some XMR.

All just speculation for now...

[DaveyJones]

What I am anticipating (which no one can 100% accurately predict) is when will there be the first big XMR theft or hack. This could mean that Poloniex or another exchange or marketplace gets hacked (not saying they will, but it has a > 0% chance of happening).

That could be an interesting precedent in how the economy/law enforcement etc react to such a theft/hack.

Up until now there hasn't been "news-worthy" hacks/thefts of XMR...yet.

I suspect it will happen sooner or later and price may or may not take a dump. From past experience all hacks are followed with price dumps.

Probably after monero has a bull run will it be worth a hacker stealing some XMR.

All just speculation for now...

Wasn´t Mintpal a relative big thing? Where Moneroj were safe because the wallet design was different to BTC and its clones?

[dEBRUYNE]

We're at $2.46 ... can we please not talk about $1000?

The most likely scenario is that XMR will fail.

How?

It looks to me like there will be a replacement as the development progress has slowed to a crawl.

This is kind of an insult to everyone working on Monero currently. I'd argue that with the RingCT development, 0MQ development, GUI development, the conventional adding of features, and fixing bugs, the development is way more active than last summer.

[sandiman]

Doing it for you guys :

find Mastering the Trade by John F Carter and go to The case study you won't read about at harvard business school.


XMR is going through a very basic set up, and lot's of people are going to get trapped at the top.

[smooth]

...

@Heuristic there are no significant known or reasonably suspected problems with Curve25519. I have no idea where you are getting that from.

I read it from a guy. So why is Shen recommending ed's Twisted? All Crypto eventually gets broken, we all know this. The question is what are the contingency plans.

In almost all cases of non-stupid crypto the "breaking" takes the form of theoretical weaknesses that aren't practically usable for an actual attack until years later if ever, but reduce the security margin to an uncomfortable level. At that point you replace it with something else and people have ample opportunity to switch over. Nothing like that is even on the horizon right now.

I know Shen has been looking at various things, even post-quantum stuff. I have no idea how far long that exploration is at this point.

You should continue... we are not cryptographers. Are you saying that they have a backdoor to XMR?. Is this curve reemplazable in a common hard fork?

If by reemplazable you meant replaceable as I think you did then of course, anything can be changed with a hard fork.

We're at $2.46 ... can we please not talk about $1000?

The most likely scenario is that XMR will fail.

How?

It looks to me like there will be a replacement as the development progress has slowed to a crawl. Not to mention Diffie-Hellman elliptic Curve25519 is considered not safe.

I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
— Bruce Schneier

Should I continue?

you are underestimating the amount of effort to build something like Cryptonote, it blows Zcash away, the darknet has spoken and its going with Monero.

about the curve, looks like you missed these commits.

A proposal to change to one of edwards twisted curves?  Has this been voted on? Set for a hard fork date? Ignored? Left to be implemented in a competing project? Which really brings up other questions along the lines of the ones I had that fluffy stopped answering.

That's not a change at all. What was done there is replace separate copy of the crypto library in Monero with the exact unmodified crypto library from its original source. That eliminates the possibility that the Monero crypto library was somehow modified to introduce a back door (though it has been reviewed and wasn't, this makes that fact more transparent)

[Roy Badami]

Popularity

Curve25519 was first released by Daniel J. Bernstein in 2005,[7] but interest increased considerably after 2013 when it was discovered that the NSA had implemented a backdoor into Dual EC DRBG. While not directly related,[8] suspicious aspects of the NIST's P curve constants[9] led to concerns[10] that the NSA had chosen values that gave them an advantage in factoring[11] public keys.[12]

    I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry
    — Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)

Since then, Curve25519 has become the de facto alternative to P-256, and is used in a wide variety of applications.[13] In 2014 OpenSSH[14] defaults to Curve25519-based ECDH.

https://en.wikipedia.org/wiki/Curve25519

I agree that Wikipedia article isn't as clear as it could be - in that the context of the Bruce Schneier quote isn't particularly clear to readers not familliar with the history of the curves being discussed here.  But I assure you that Bruce was not talking about Curve25519 there.

The reason for the inclusion of that particular quote in the article is to explain why Curve25519 has become popular in recent years:  there are concerns about the choice of constants in other curves, which has resulted in many more people using Curve25519 precisely because there are no such concerns with Curve25519.

Curve25519 is generally considered to be safe.  That said, there are those who worry (Bruce Schneier included) that the NSA may have made advances in the cryptanalysis of ECC in general - but if that's the case then any attacks might affect all curves - or at least, we have no way of knowing which curves are vulnerable.  If that were to be the case, it would be a concern for pretty much all cyrptocurrencies, though - potentially necessitating a move to larger keys (depending on how bad the attack is).

Actually, using a different curve to the one used by Bitcoin and most other coins is a good thing because it gives the market an opportunity to hedge the risk by holding coins that use different curves.  If an attack on ECC is found (by the NSA or someone else) it's quite possible (although by no means a given) that the attack might work better against some curves than others - although there's no real way to know which curves are safer in advance of the attack being found.

EDIT: Actually, looks like I was wrong - Monero uses Ed25519 and EdDSA (not Curve25519 and ECDSA).  So it shares even less crypto with most other coins that I had thought.

[Roy Badami]

Also, more generally than just choice of curve, the CryptoNote coins (of which Monero is one) are rare amongst cryptocurrencies in sharing very little of the cryptographic design of Bitcoin.  So in the event that a flaw is found in Bitcoin's cryptographic design, there's a reasonable chance it might not affect Monero (or vice versa).

The one obvious advantage that Bitcoin does currently have over CryptoNote is that its design (which has remained fundamentally unchanged since it's initial launch) has been very widely studied over the years since then.  Generally this kind of widespread review is the only way to gain assurance that there are no flaws in a cryptographic protocol, and Monero has inevitably had fewer cryptographic eyes on it.

Of course, in the very near future Bitcoin is likely to deploy segwit.  Although segwit doesn't change the underlying cryptography, a significant change to cryptographic protocol always carries a risk of unintended consequences - so it becomes harder to argue that Bitcoin, in its post-segwit future form - will have had the same number of eyes on it.

[Altitude]

Is now a good time to buy XMR or do you guys think it will come down some and offer a better entry.

I suggest you seek professional financial advice from someone licensed to do such a thing.

With all the experience on this thread I thought that's what I was doing.
 

Picked up a few k though. Hope it pays off.

[smoothie]

Is now a good time to buy XMR or do you guys think it will come down some and offer a better entry.

I suggest you seek professional financial advice from someone licensed to do such a thing.

With all the experience on this thread I thought that's what I was doing.
 

Picked up a few k though. Hope it pays off.

Experienced != Legally Licensed to give financial advice.

[nanobrain]

Is now a good time to buy XMR or do you guys think it will come down some and offer a better entry.

I suggest you seek professional financial advice from someone licensed to do such a thing.

With all the experience on this thread I thought that's what I was doing.
 

Picked up a few k though. Hope it pays off.

Experienced != Legally Licensed to give financial advice.

I've always thought the whole point of crypto was to avoid those ignorant scam artists legally licensed to give financial advice.
To whit...

[nanobrain]

Anyway, price continues to go up while folks on this thread get more gloomy with talk of hacks and development 'fails' - could there be a correlation.

[aminorex]

Anyway, price continues to go up while folks on this thread get more gloomy with talk of hacks and development 'fails' - could there be a correlation.

The dilemma suggested: Malevolence or incompetence.  If this dilemma is not a false one, abductively we can conclude: Competent persons of good will are bullish.

The argument is formally correct, but it's soundness depends upon a consistent binding of the ground-terms to the prevailing circumstance.

[GreekBitcoin]

I speculate that this is helping. The exchange rates that are showing everywhere in the site looks like a good advertisement for starters. No vendors spotted accepting xmr after 2 minutes of looking.