delete

[TheFascistMind]

But how much do you bench?

Thanks! That comment literally made my week!

PS: 1 rep max 155kg bench

I don´t know in kg but i am able to lift 3 crates of beer from the supermarket to my car.

This thread is reminding me of the tussles with my childhood friends.

Well to you young studs, I am 49 and at least I can still lift my 5kg dick.

I'm 31 so I guess that makes you technically old enough to be my dad.

49 what the hell, I didn't realize old people were in crypto.

~BCX~

Don't feel too much pity on me...

Seriously I can still bench 120 - 140kg and squat I don't know but in my 20s I did about 250 kg. I am 5'7" (169cm) and about 75 - 80kg.

My athleticism would be much greater if I wasn't suffering from a progressive autoimmune condition (which just might be improving since I started AHCC treatment in May).

Note I was an exceptional athlete most of my life though. For example I ran a sub 4:30 mile, sub 2:00 800 meters. I also ran 4.5 ish 40 meter dash, was a MVP at cornerback, etc..

I still compete with the young guys in basketball full speed. My vertical is still over 24" (just recently improved from 19").

[1713581592]

1713581592

[1713581592]

1713581592

[1713581592]

1713581592

[arielbit]

old and young...and they quarrel like children  lol

i guess that's the price of anonymity 

[smooth]

Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented

Encryption does not mean signature, ring or otherwise. Two different concepts. There is very little encryption in the protocol, arguably none at all.

So I'm not even sure what the original quote means at all, other than a somewhat confused mishmash of "big words."

The only way I see to make sense of it is to interpret encryption as cryptography as fluffypony said and gmaxwell seems to have also inferred. But it could mean something else. When you invent your own definitions for words you can later say you meant just about anything.

[jl777]

2) There is no break down in the encryption but in how it is implemented.

This is in direct contradiction to your original claim that it cannot be fixed without giving up on anonymity. I call bullshit.

In the quote he is talking about encryption.  

In your response you are talking about anonymity.  

On the Original post he says, "To fix this, anonymity will need to be sacrificed..."

Isn't anonymity and encryption two different things?  Where is the contradiction?

The anonymity is expressed in the whitepaper - if anonymity has to be sacrificed then it would be because the maths / crypto in the whitepaper is wrong.

I think the answer to your question in bold is no, here the anonymity and encryption are not two different things.

You think...  Not good enough.  Fluffpony basically ignored the questions.  Can we have someone that knows what they are talking about respond please.

I'd hazard that he misspoke when he said encryption, and he meant "cryptography" instead. Otherwise it makes no sense - there's a keyring flaw and we have to sacrifice anonymity, but the breakdown is not in the encryption but in the implementation thereof? Confused.

Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented perhaps referring to having multiple intersecting ring signatures simultaneously. Afaics the whitepaper did not address the math of such an intersection.

Reading between the lines it sounds like you think that BCX can actually steal wallets remotely. I wont disclose any details to anybody else, but I am curious to know if indeed this is possible. I had assumed that all the wallets are using oneway trapdoor functions that cannot be reversed.

With the cryptonote key images and multiple signers and a lot of hashing power, could it be possible to bruteforce solve a wallet's privatekey?

As I wrote upthread, it might be possible using multiple intersecting rings to use a system of simultaneous equations to find the 'x' private keys that are supposed to be hidden by the non-interactive Zero Knowledge Proof. However, I didn't work through the math to see if my hunch is true.

However by that time, the coins are already spent on the blockchain (unless you can intercept before), so you need the hashrate and or Time Warp Attack to backup the blockchain and double-spend them to yourself.

This wouldn't be the first time I had an insight that gmaxell didn't although he has returned the favor of me a few times too.

I am lazy to do the math because I don't see anyone offering me some considerable amount of money and I doubt I could use the exploit if I found it. If someone puts up a big bounty, I will investigate.

I could be way off course. It is just a hunch.

I will offer a 5 BTC bounty for a verified vulnerability along these lines as long as it is privately disclosed 2 weeks prior to public announcement so there is time to correct it. Due to the vagueness of the possible attacks and the practical feasibility, I will defer to community's opinion as to whether the exploit is valid.

I hope that Risto will match my 5 BTC bounty

James

[gmaxwell]

Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented

Encryption does not mean signature, ring or otherwise. Two different concepts. There is very little encryption in the protocol, arguably none at all.

So I'm not even sure what the original quote means at all, other than a somewhat confused mishmash of "big words."

The only way I see to make sense of it is to interpret encryption as cryptography as fluffypony said and gmaxwell seems to have also inferred. But it could mean something else. When you invent your own definitions for words you can later say you meant just about anything.

I'm used to unsophicated people using "encryption" to mean cryptography. As you note there is no encryption in the protocol _at all_, (not just arguably, but unambiguously).  But no need to hang up on a pretty obvious claim over some pedantic word mincing— the meaning was clear enough to me.  If I misread— I'm sure BCX can comment.

A theft bug that cannot be fixed without breaking the system's privacy must be a cryptographic one. Thats a pretty strong claim which deserves some strong evidence. Other systems are using related cryptosystems, and would benefit greatly from knowing it was broken. BCX should publish his discovery.

[TheFascistMind]

James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Perhaps you forgot it is not just a digital signature as in Buttcoin.

https://cryptonote.org/whitepaper.pdf#page=7

First, the sender performs a Diffie-Hellman exchange to get a shared secret from his data and
half of the recipient’s address. Then he computes a one-time destination key, using the shared
secret and the second half of the address. Two different ec-keys are required from the recipient
for these two steps, so a standard CryptoNote address is nearly twice as large as a Bitcoin wallet
address. The receiver also performs a Diffie-Hellman exchange to recover the corresponding
secret key.

[Brilliantrocket]

James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Perhaps you forgot it is not just a digital signature as in Buttcoin.

I'll put up 10 BTC if you prove that such a critical vulnerability exists, and deliver the proof to me privately. Further conditions apply, PM me if you're serious on taking up my offer.

[cornfeedhobo]

Well BCX did offer to show a live chain demonstration to Maxwell.

Almost but not exactly.

If gmaxwell is so sure in his belief of "bullshit" then a live chain demonstration isn't possible is it?

I am not that eager to go head to head with a Bitcoin Core Dev for the obvious political reasons.

If I win, I lose.


~BCX~

What is there for you to lose? Judging by all these threads, it can't be much.

Either put up or move on.

You write that you have nothing to gain from "attacking monero", but you some how have time to keep up on it's many threads?

[smooth]

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to.

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

[TheFascistMind]

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to.

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.

[smooth]

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to.

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.

It's all nonsense (meaning trying infer the original usage of encryption as meaningful). The term encryption makes no sense in the original context and was just misused.

[TheFascistMind]

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to.

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.

It's all nonsense (meaning trying infer the original usage of encryption as meaningful). The term encryption makes no sense in the original context and was just misused.

The "hehe" was me being nice. His usage is correct. The encryption part is not broken. It appears to the be the NIZKP that is broken when you have ____ ring signatures with the same ____ but I am still trying to prove this.

[Cryptobro]

It appears to the be the NIZKP that is broken when you have ____ ring signatures with the same ____ but I am still trying to prove this.

Appreciate the edit.

[phzi]

A theft bug that cannot be fixed without breaking the system's privacy must be a cryptographic one. Thats a pretty strong claim which deserves some strong evidence. Other systems are using related cryptosystems, and would benefit greatly from knowing it was broken. BCX should publish his discovery.

100%.  Announcing this with no proof looks a lot more like market manipulation then anything else.  If this is true, then why not publish?

[smooth]

The "hehe" was me being nice. His usage is correct. The encryption part is not broken. It appears to the be the NIZKP that is broken when you have ____ ring signatures with the same ____ but I am still trying to prove this.

He didn't say that. He said the break down (his term) is "how it is implemented" and by "it" he was referring to the encryption.

It makes no logical sense as gmaxwell pointed out.

Perhaps BCX wants to clarify what he meant so as to avoid being accused of leaving things deliberately ambiguous so he can make up whatever he wants to claim it meant later (even if that is not the case).

[tacotime]

James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Perhaps you forgot it is not just a digital signature as in Buttcoin.

https://cryptonote.org/whitepaper.pdf#page=7

First, the sender performs a Diffie-Hellman exchange to get a shared secret from his data and
half of the recipient’s address. Then he computes a one-time destination key, using the shared
secret and the second half of the address. Two different ec-keys are required from the recipient
for these two steps, so a standard CryptoNote address is nearly twice as large as a Bitcoin wallet
address. The receiver also performs a Diffie-Hellman exchange to recover the corresponding
secret key.

Security of ECDH key exchange is trivially provable. The only thing I can think of that *might* be insecure is the ring signatures themselves, though I don't know how.

[Hotmetal]

This thread is reminding me of the tussles with my childhood friends.

Well to you young studs, I am 49 and at least I can still lift my 5kg dick.

Thanks, now I'll have to clean all the perfectly good beer off my screen.

[TheFascistMind]

James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Perhaps you forgot it is not just a digital signature as in Buttcoin.

https://cryptonote.org/whitepaper.pdf#page=7

First, the sender performs a Diffie-Hellman exchange to get a shared secret from his data and
half of the recipient’s address. Then he computes a one-time destination key, using the shared
secret and the second half of the address. Two different ec-keys are required from the recipient
for these two steps, so a standard CryptoNote address is nearly twice as large as a Bitcoin wallet
address. The receiver also performs a Diffie-Hellman exchange to recover the corresponding
secret key.

Security of ECDH key exchange is trivially provable. The only thing I can think of that *might* be insecure is the ring signatures themselves, though I don't know how.

Agreed.

* I have found very specific exploits in CN that have not been fixed that would be successful on XMR. [...] One [exploit] is a coin killer.  [...] To fix this, anonymity will need to be sacrificed.

2) There is no break down in the encryption but in how it is implemented.

These 2 comments stand in complete contradiction to each other.

No inconsistency.

Novices like you don't seem to understand that anonymity isn't encryption. And the encryption part of CN which hides the one-time destination key doesn't have to be broken for the anonymity to be broken.

[Hotmetal]

I still compete with the young guys in basketball full speed. My vertical is still over 24" (just recently improved from 19").

My vertical is about 9 inches. Flaccid.

[smooth]

Novices like you don't seem to understand that anonymity isn't encryption. And the encryption part of CN which hides the one-time destination key doesn't have to be broken for the anonymity to be broken.

That's not what BCX said. He said the "way it is implemented" (with "it" referring to encryption) is the source of the break down.

His statement makes no sense as gmaxwell correctly pointed out and trying to spin it into something other than a nonsensical statement is not helpful.

That is independent of any other flaws that might exist, which could very well include flaws that BCX does not know about.