[XMR] Monero Speculation

[Abiky]

I hope to see an increase in price of XMR after the ETH hype is all over. In the meantime, I'll just buy cheap coins while its price lasts. 

[1714745212]

1714745212

[1714745212]

1714745212

[ArticMine]

With current emission the daily coins costs only a few thousands of dollars (around 7 000 usd - I know pathetic)).
It is funny the markets are not able to rise to higher level.
There need to be some incentive to actually hold and buy Moneros.

Many people do not download source code and compile themselves. So they are pricing based on binaries that are over 8 months old.

[thefunkybits]

I hope to see an increase in price of XMR after the ETH hype is all over. In the meantime, I'll just buy cheap coins while its price lasts. 

ETH could very well go for a good second run here. I'm pretty bullish on both XMR and ETH right now

[dEBRUYNE]

With current emission the daily coins costs only a few thousands of dollars (around 7 000 usd - I know pathetic)).
It is funny the markets are not able to rise to higher level.
There need to be some incentive to actually hold and buy Moneros.

Many people do not download source code and compile themselves. So they are pricing based on binaries that are over 8 months old.

Certainly agree, not everyone is following it as closely as we do. Meanwhile, another huge pull request just came in -> https://github.com/monero-project/bitmonero/pull/393

[BlackWidow]

I speculate that you can't have anon on the blockchain. It is not secure enough to stand the test of time with your identity possibly being compromised because it is stored on a public ledger.

[smooth]

I speculate that you can't have anon on the blockchain. Someone needs to add a mixer to it.

You're mistaken but do you have anything to back that up?

[BlackWidow]

I speculate that you can't have anon on the blockchain. Someone needs to add a mixer to it.

You're mistaken but do you have anything to back that up?

I changed my original statement a bit.


But here is a breakdown of my point. AM is much more tech savvy than myself. But he explains my outlook on bytecoin clones well, and ring sigs.

Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

Interesting that I was making the same point today in private communication before I had seen your thread.

1. All crypto will be cracked eventually, it is just a matter of time. First we have key length requirements increase over time:

http://www.keylength.com/en/compare/

2. Next we have IBM's head of research for quantum computing (with a $3 billion budget) expecting that quantum computing will arrive in 10 - 15 years. All the crypto-currencies to date use crypto that can be cracked with a sufficiently powerful quantum computer. May not happen in 10 years, but eventually it will.

3. There was a recent breakthrough in math for factoring which hints at the remote possibility in the future of a potential crack of the basic math used for all existing crypto-currencies (that use elliptic curve or RSA cryptography):

http://cacm.acm.org/news/170850-french-team-invents-faster-code-breaking-algorithm/fulltext#body-3

By your logic "it's not secure, it will eventually be cracked" then private/public keys are in the same boat, no?  

Yes but not the same threat. Cracking ancient spent private key keys harms no one, thus no problem with keeping transactions on the block chain. Cracking ancient anonymity potentially harms up to and including everyone, thus IMO an unacceptable risk of keeping the correlation of the outputs and inputs (the anonymity mix) of a mixing transaction on the block chain.

I don't see a future in ring signatures

Do investors realize that Cryptonote can't run lite clients without destroying their unlinkability, because you have to publish the "tracking key" to delegate the search for received payments if you did not download the full block chain.

But publishing that "tracking key" breaks the unlinkability:

https://cryptonote.org/whitepaper.pdf#page=8

"If Bob wants to have an audit compatible address where all incoming transaction are
linkable, he can either publish his tracking key...In both cases every person is
able to “recognize” all of Bob’s incoming transaction"


Edit: the "Trading off anonymity set size for decreased bandwidth/CPU" section in the following paper hints at a solution where only a portion of the block chain needs to be downloaded in exchange for reduced anonymity set size, but afaik this is not in Cryptonote and I did not analyze how or if it can be integrated (and off the top of my head, I think this might further reduce anonymity sets in intersection with a potential block chain pruning design for Cryptonote):

http://sourceforge.net/p/bitcoin/mailman/message/31813471/

[smooth]

I speculate that you can't have anon on the blockchain. It is not secure enough to stand the test of time with your identity possibly being compromised because it is stored on a public ledger.

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

In opposition to that premise we have:

1. That the cryptographic primitives used are mature, well understood and carefully scrutinized, making such breaks far less likely than newer techniques.

2. That the techniques used are defined in a formal mathematical way which make it tractable to fully analyze and prove their properties. This does not apply to methods that rely on complex implementations with no precise mathematical description.

3. That there are two separate methods being used, stealth addressing for unlinkability and ring signatures for untraceability. To fully compromise the chain to the level of Bitcoin's susceptibility to blockchain analysis you would need to break both. If one or the other were compromised, it could be replaced and coins moved so at least the privacy of current holdings would still be retained even if the other were later broken.

4. Nothing prevents using off chain mixing techniques in addition to the on-chain. Even ad-hoc ones like moving coins between a few busy sites like exchanges, gambling sites, in-person cash transactions, etc. This adds another layer on top of the base layer. But coins that lack such a base layer can never add one, they can only rely on the other methods.

5. If all of these methods were fully compromised then you have a situation that at its worst is no worse than Bitcoin. In all reasonable probability it is likely to be better.

AM is much more tech savvy than myself.

He later revised his opinion and stated that some form of on-chain anonymity is essential because it is the only way to preserve the end-to-end property (provable correctness without relying on the complex behavior of intermediaries). Check his later posts. He uses TPTB_need_war now.

[Hueristic]

I speculate that you can't have anon on the blockchain. It is not secure enough to stand the test of time with your identity possibly being compromised because it is stored on a public ledger.

I speculate that Speculators are speculating diametrically opposed to your Speculation!

[owm123]

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

The public transactions in bitcoin are, well, public, and can be traced and used against you. The perfect example is the crack down of silck road, in which public blockchain of bitcoin played a key role:

https://coincenter.org/2015/04/silk-road-corruption-case-shows-how-law-enforcement-uses-bitcoin/

[BlackWidow]

I speculate that you can't have anon on the blockchain. It is not secure enough to stand the test of time with your identity possibly being compromised because it is stored on a public ledger.

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

In opposition to that premise we have:

1. That the cryptographic primitives used are mature, well understand and carefully scrutinized, making such breaks far less likely than newer techniques.

2. That the techniques used are defined in a formal mathematical way which make it tractable to fully analyze and prove their properties. This does not apply to methods that rely on complex implementations with no precise mathematical description.

2. That there are two separate methods being used, stealth addressing for unlinkability and ring signatures for untraceability. To fully compromise the chain to the level of Bitcoin's susceptibility to blockchain analysis you would need to break both. If one or the other were compromised, it could be replaced and coins moved so at least the privacy of current holdings would still be retained even if the other were also broken.

3. Nothing prevents using off chain mixing techniques in addition to the on-chain. Even ad-hoc ones like moving coins between a few busy sites like exchanges, gambling sites, in-person cash transactions, etc. This adds another layer on top of the base layer. But coins that such a base layer can never add one, they can only rely on the other methods.

4. If all of these methods were fully compromised then you have a situation that at its worst is no worse than Bitcoin. In all reasonable probability it is likely to be better.

AM is much more tech savvy than myself.

He later revised his opinion and stated that some form of on-chain anonymity is essential because it is the only way to preserve the end-to-end property (provable correctness without relying on the complex behavior of intermediaries). Check his later posts. He uses TPTB_need_war now.

On a side note, I wonder how many people read your posts, especially that one, and say, "wow, that guy Smooth knows his stuff, I don't understand a word he just said, but he must be right" smh

Although I know that the Monero community tends to lean on the scholarly side, damn Smooth you need to speak English before you get accused of using technobabble as a persuasion tool. LOL  

Anyway, with your intelligence obviously not in question, I wonder why you don't see the danger here.

Once the transactions are able to be tracked anon falls apart. Being reduced to the identity protection that Bitcoin provides is not acceptable if someone's life was counting on their anonymity staying secure for more than just 10 years or whatever short time it ends up being.

Look, that original conversation I just quoted was almost a year ago. Seems like yesterday. A decade is quick.

Now, is there something that can be done with Monero itself so that it doesn't have such a short shelf life??

[smooth]

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

The public transactions in bitcoin are, well, public, and can be traced and used against you. The perfect example is the crack down of silck road, in which public blockchain of bitcoin played a key role:

Some can, some can't. I'm quite certain not all of my Bitcoins can be traced to me personally. I'll almost equally certain that some can. Again, just because there is information there doesn't mean it necessarily be analyzed successfully. But then, that's the whole reason for Monero, is to make this process harder and give more privacy to all users not just the very careful ones.

[smooth]

Anyway, with your intelligence obviously not in question, I wonder why you don't see the danger here.

Once the transactions are able to be tracked anon falls apart. Being reduced to the identity protection that Bitcoin provides is not acceptable if someone's life was counting on their anonymity staying secure for more than just 10 years or whatever short time it ends up being.

Because there is no reason to believe that the transactions are able to be tracked, nor that any better system currently exists at a holistic level. See items #1, #2, and #3 above, along with what I said about AM's later comments. He's clearly stated that the best anon method available today is Monero, and that he is happy to personally use it himself.

For example:

I am happy Monero exists. I support it (we've been using XMR.to for example). And if ever I produce something better, I hope the Monero devs join in the fun. We are all in this for the same reasons. No need to be exclusionary and selfish. There is plenty of profit and area responsibility opportunity for all who are talented. Let's go!

Now, is there something that can be done with Monero itself so that it doesn't have such a short shelf life??

I'm not even sure what to make about this comment about shelf life. This is not a dried food product in a box. Development is ongoing and improvements continue to be made. A clear defficiency, for example, are leakages that occur due to no IP network obfuscation at all. That's why we are tracking the i2p developments on their C++ implementation and plan to integrate that ASAP. (BTW, did anyone see that Bitcoin Core recently got the ability to seamlessly run as a Tor hidden service? Nice work by the Bitcoin devs!) These are not perfect solutions of course, and we're all hard at work to make them even better.

No one is promising that any specific technology is the ultimate solution for all time. If they do, grab your wallet and run the other way.

[iCEBREAKER]

I speculate that you can't have anon on the blockchain. It is not secure enough to stand the test of time with your identity possibly being compromised because it is stored on a public ledger.

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

In opposition to that premise we have:

1. That the cryptographic primitives used are mature, well understand and carefully scrutinized, making such breaks far less likely than newer techniques.

2. That the techniques used are defined in a formal mathematical way which make it tractable to fully analyze and prove their properties. This does not apply to methods that rely on complex implementations with no precise mathematical description.

2. That there are two separate methods being used, stealth addressing for unlinkability and ring signatures for untraceability. To fully compromise the chain to the level of Bitcoin's susceptibility to blockchain analysis you would need to break both. If one or the other were compromised, it could be replaced and coins moved so at least the privacy of current holdings would still be retained even if the other were also broken.

3. Nothing prevents using off chain mixing techniques in addition to the on-chain. Even ad-hoc ones like moving coins between a few busy sites like exchanges, gambling sites, in-person cash transactions, etc. This adds another layer on top of the base layer. But coins that lack such a base layer can never add one, they can only rely on the other methods.

4. If all of these methods were fully compromised then you have a situation that at its worst is no worse than Bitcoin. In all reasonable probability it is likely to be better.

AM is much more tech savvy than myself.

He later revised his opinion and stated that some form of on-chain anonymity is essential because it is the only way to preserve the end-to-end property (provable correctness without relying on the complex behavior of intermediaries). Check his later posts. He uses TPTB_need_war now.

An excellent survey of the present situation.

Would it be reasonable to say Monero, by using zero-knowledge proofs, gives present and future attackers nothing substantial to work with?

IE, you can't unravel Monero's blockchain because there are zero strings to start pulling?

[smooth]

Would it be reasonable to say Monero, by using zero-knowledge proofs, gives present and future attackers nothing substantial to work with?

IE, you can't unravel Monero's blockchain because there are zero strings to start pulling?

That's a bit buzzwordy for me. But I would say that by making private use easier for more people (as opposed to Bitcoin where some manner of private use might be theoretically possible but very difficult and fraught with perils so almost no one actually does it successfully) that does provide far less in the way of strings to start pulling at to analyze the blockchain on a large scale.

[ArticMine]

...
4. If all of these methods were fully compromised then you have a situation that at its worst is no worse than Bitcoin. In all reasonable probability it is likely to be better.
...

Actually even in that very unlikely scenario Monero would be well ahead of Bitcoin because of the adaptive blocksize limit.

[worldinacoin]

XMR requires a total revamp or it will be just another dead alt coin

[owm123]

XMR requires a total revamp or it will be just another dead alt coin

What kind of revamp and why?

[smooth]

What kind of revamp and why?

Look at the post history. Obvious sigspam.

You know what would be a nice thread feature? Disable signatures checkbox.

[BrinK]

Your identity is not stored. What is stored are the transactions that move coins around, and the relationships between those transactions. Could that possibly be compromised in the future? Sure, anything could possibly be compromised.

The public transactions in bitcoin are, well, public, and can be traced and used against you. The perfect example is the crack down of silck road, in which public blockchain of bitcoin played a key role:

https://coincenter.org/2015/04/silk-road-corruption-case-shows-how-law-enforcement-uses-bitcoin/

n00b question:

If it's so easy to trace why do we continue to see scams of considerable amounts (many many 50+ btc) go with the slightest hint of consequence?