delete

[drawingthesun]

Guys read the whole thread. AM got a little mad at times but now he works with the team again. Don't stir up the fire.

Ok, I have actual genuine curiosity as to how Boolberry would push out the change without the Monero team knowing, I was being sincere and want to know how that could be done.

You missed this?

MEW - Monero Economy Workgroup communication

A taskforce is set up to address the issue of a possible "BCX exploit", and an ultimatum by BCX to find and fix it in 72 hours lest a serious attack is launched upon Monero.

The taskforce consists of several Monero developers, AnonyMint, CZ, jl777 and me.

There are differing opinions in the taskforce concerning the severity of the threat. No coinkiller is yet found and several avenues are probed. The members who have technical competence are talking about their views themselves.

Regardless of the outcome in the technical side, this is a serious economic attack on Monero - about 15% of the pre-ultimatum value is lost, and there is a great information asymmetry plaguing traders currently. It is notable that nobody has offered to borrow XMR for shorting (which I could provide against full guarantee deposit of BTC). Neither has anyone bought the PUT options. This means that the downside speculation has so far been limited to selling out from a trader's own stash. An economically motivated player who knows for sure about a lethal attack might decide to take leverage for personal gain.

I believe that the Monero devs are up to their task and can mitigate the potential exploit, and fix the code in preparation of the announced attack. I further believe that Monero will rise even stronger. Since I am not in possession of any knowledge that indicates that a realistic attack could take place, I can only estimate the probability that it exists unnoticed, and my estimate is 4-8%.

The MEW will be inaugurated on Tuesday, and also the devteam has important announcements (not related to the attack). Provided that our coin still exists, I am sure we have a great future ahead of us as a community with these new methods of organizing our activities for the mutual benefit.

Thanks for that.

Now back to being curious, how could have the patch been done without alerting the Monero team? I am very interested in the way it could be done.

[1715282594]

1715282594

[dEBRUYNE]

Guys read the whole thread. AM got a little mad at times but now he works with the team again. Don't stir up the fire.

Ok, I have actual genuine curiosity as to how Boolberry would push out the change without the Monero team knowing, I was being sincere and want to know how that could be done.

You missed this?

MEW - Monero Economy Workgroup communication

A taskforce is set up to address the issue of a possible "BCX exploit", and an ultimatum by BCX to find and fix it in 72 hours lest a serious attack is launched upon Monero.

The taskforce consists of several Monero developers, AnonyMint, CZ, jl777 and me.

There are differing opinions in the taskforce concerning the severity of the threat. No coinkiller is yet found and several avenues are probed. The members who have technical competence are talking about their views themselves.

Regardless of the outcome in the technical side, this is a serious economic attack on Monero - about 15% of the pre-ultimatum value is lost, and there is a great information asymmetry plaguing traders currently. It is notable that nobody has offered to borrow XMR for shorting (which I could provide against full guarantee deposit of BTC). Neither has anyone bought the PUT options. This means that the downside speculation has so far been limited to selling out from a trader's own stash. An economically motivated player who knows for sure about a lethal attack might decide to take leverage for personal gain.

I believe that the Monero devs are up to their task and can mitigate the potential exploit, and fix the code in preparation of the announced attack. I further believe that Monero will rise even stronger. Since I am not in possession of any knowledge that indicates that a realistic attack could take place, I can only estimate the probability that it exists unnoticed, and my estimate is 4-8%.

The MEW will be inaugurated on Tuesday, and also the devteam has important announcements (not related to the attack). Provided that our coin still exists, I am sure we have a great future ahead of us as a community with these new methods of organizing our activities for the mutual benefit.

Thanks for that.

Now back to being curious, how could have the patch been done without alerting the Monero team? I am very interested in the way it could be done.

IIRC, boolberry had no patch yet? Where do you get this info from? AnonyMint posted something that he would go to BBR first, but I think he was a bit irritated then and later revised his opinion and collaborated with the whole team for finding the exploit.

EDIT: Reading the BoolBerry thread, there is nothing to be found about an update or patch

[TheFascistMind]

I don't expect an attack on the private keys from BCX. Would be very surprising. Perhaps he has some other attack on wallets, but I don't have any idea what that would be, thus I doubt it.

As I said, the anonymity of some of the rings on the block chain appears to be broken (but my combinatorial algorithm is not yet tested nor fully characterized and vetted). There is nothing that can be done about that past history if I am correct. Whether BCX publishes the known spenders of rings or not is irrelevant, because it can be calculated by anyone at any time in the future. Once we have the algorithm running, we can determine which rings are not anonymous. This applies to all CN coins. I have a mitigation algorithm for future rings which works when there is no Sybil attack on the transactions. When there is a Sybil attack on the transactions, I don't yet comprehend how bad the problem is or is not. I am discussing it now with smooth. I don't yet know the running time or performance characteristics of my algorithm, nor its statistical properties. But the former may be irrelevant, as we have to compete with the NSA. Thus I've proposed the algorithm has to be run decentralized in conjunction with the PoW, if the complexity turns out to be NP hard.

Orthogonal to the anonymity issue above, I don't know if BCX can or will mount a difference or Time Warp attack using his GPU farms. I am not knowledgeable about the sort of damage he could do with that. I understand from reading others that the community has raised the hashrate so much that he will say that community fixed the problem. Rpietila has clarified privately that his 4 - 8% probability estimate did not apply to my likelihood of finding an exploit. That was only his estimate of whether BCX would mount an attack. It was not even an estimate of whether BCX could mount an attack. Rpietila can define the random variable more explicitly if he doesn't want me to become confused as to his intent.

P.S. I never expected the devs or anyone to cowtail to me. My only issue is my time opportunity cost. I don't want to waste my time. Time is of the essence for me for next couple of months.

[infofront]

I don't expect an attack on the private keys from BCX. Would be very surprising. Perhaps he has some other attack on wallets, but I don't have any idea what that would be, thus I doubt it.

As I said, the anonymity of some of the rings on the block chain appears to be broken (but my combinatorial algorithm is not yet tested nor fully characterized and vetted). There is nothing that can be done about that past history if I am correct. Whether BCX publishes that or not is irrelevant, because it can be calculated by anyone at any time in the future. Once we have the algorithm running, we can determine which rings are not anonymous. This applies to all CN coins. I have a mitigation algorithm for future rings which works when there is no Sybil attack on the transactions. When there is a Sybil attack on the transactions, I don't yet comprehend how bad the problem is or is not. I am discussing it now with smooth. I don't yet know the running time or performance characteristics of my algorithm, nor its statistical properties. But the former may be irrelevant, as we have to compete with the NSA. Thus I've proposed the algorithm has to be run decentralized in conjunction with the PoW, if the complexity turns out to be NP hard.

I don't know if BCX can or will mount a difference or Time Warp attack using his GPU farms. I am not knowledge about the sort of damage he could do with that. I understand from reading others that the community has raised the hashrate so much that he will say that community fixed the problem. Rpietila has clarified privately that his 4 - 8% probability estimate did not apply to my likelihood of finding an exploit. That was only his estimate of whether BCX would mount an attack. It was not even an estimate of whether BCX could mount an attack. Rpietila can define the random variable more explicitly if he doesn't want me to become confused as to his intent.

P.S. I never expected the devs or anyone to cowtail to me. My only issue is my time opportunity cost. I don't want to waste my time. Time is of the essence for me for next couple of months.

Thanks for the update. And that's a good point, that raising the hashrate actually is a type of fix.

[TheFascistMind]

The essence of the problem I've discovered is that usersrings are allowed to mix with the same set of inputs too many times.

That doesn't tell you enough to do the calculation, but at least you hopefully see I am not full of shit.

I am not intent on attacking any coin. I am intending to help mitigate, if possible.

I will no longer favor BBR over XMR. They both get the same information from me.

[TheFascistMind]

The essence of the problem I've discovered is that usersrings are allowed to mix with the same set of inputs too many times.

If the mix is not set by users but randomly when transaction is sent I see it as a plus for convenience and security considering the number of mixes does not slow the speed of transaction

See my edit. The rings can be randomly selected, but there will need to be enforcement on reuse of inputs. I will not reveal the specifics of the issue in public. Smooth has the information.

[smooth]

Whether BCX publishes the known spenders of rings or not is irrelevant, because it can be calculated by anyone at any time in the future.

He (or anyone) can't publish known spenders because of stealth addresses. All addresses on the blockchain are one-time-use, so there is nothing on the blockchain to link your transactions with each other so as to create a virtual "identity." In effect this is a potential compromise to "untracability" in cryptonote, which would allow some transactions to link with with each other, but not "unlinkability".

How successful that is depends a lot on how probable these linkages are to be made, which we don't know. It also remains to be seen feasible the algorithm is to perform, and what steps can be used to control the impact. We don't know any of these yet.

In any case it is interesting work that will help improve the technology (all cryptonotes) going forward. Anonymint deserves credit for coming up with it.
 

[cAPSLOCK]

It seems bytecoin price is not affected.

Also the number 1 is still holding at 1.

Seems the universe is not concerned.

[jabo38]

trolling needs to be stopped. 

Which of course is itself trolling. You state that Monero needs to do the impossible, and then when it doesn't happen, you will claim to have "warned" us and point to this as evidence of how evil we are. Well thank you but no thank you for your little set up attempt.

I'm not sure where you got your post count because you obviously have no clue at all about btct works. You would have an easier time clearing all the fish out of the ocean than stopping btct trolling. And I mean that literally. Mankind could likely overfish all the way to their extinction, but trolls on btct are more like cockroaches.

My post was meant as constructive criticism.  I can see how you thought I was trolling.

I know very well that the trolling can't be stopped, so saying "the trolling needs to be stopped" wasn't a good of choice.  What I should have said is "something needs to be done about all this trolling" or "when bad and/or fake Monero supporters troll, it is in the best interest of the real Monero supporters to try to mitigate it."  Basically Monero is being damaged by trolling and it doesn't really matter if it was accidental or on purpose; the best thing to do when a person realizes they are being hurt is to try and do something about it.  The point of the post is that while the trolling can't be completely stopped, the damage caused from it could be softened significantly with some proactive actions by the people from Monero that do really believe in it and love it. 

[TheFascistMind]

Whether BCX publishes the known spenders of rings or not is irrelevant, because it can be calculated by anyone at any time in the future.

He (or anyone) can't publish known spenders because of stealth addresses. All addresses on the blockchain are one-time-use, so there is nothing on the blockchain to link your transactions with each other so as to create a virtual "identity." In effect this is a potential compromise to "untracability" in cryptonote, which would allow some transactions to link with with each other, but not "unlinkability".

How successful that is depends a lot on how probable these linkages are to be made, which we don't know. It also remains to be seen feasible the algorithm is to perform, and what steps can be used to control the impact. We don't know any of these yet.

In any case it is interesting work that will help improve the technology (all cryptonotes) going forward. Anonymint deserves credit for coming up with it.

Agreed. Thank you for clarifying.

Edit: Some research apparently suggests linkability can be inferred when untraceability is lost, e.g. when balances are merged (multiple inputs to a transaction). Actually the identity of the sender also depends on IP connection obfuscation too. Complex issue. Nevertheless I agree with his point that my contribution attacks the untraceability. And I agree any mitigation and understanding gained may help improve the CN technology.

[black_jesus]

Whether BCX publishes the known spenders of rings or not is irrelevant, because it can be calculated by anyone at any time in the future.

He (or anyone) can't publish known spenders because of stealth addresses. All addresses on the blockchain are one-time-use, so there is nothing on the blockchain to link your transactions with each other so as to create a virtual "identity." In effect this is a potential compromise to "untracability" in cryptonote, which would allow some transactions to link with with each other, but not "unlinkability".

How successful that is depends a lot on how probable these linkages are to be made, which we don't know. It also remains to be seen feasible the algorithm is to perform, and what steps can be used to control the impact. We don't know any of these yet.

In any case it is interesting work that will help improve the technology (all cryptonotes) going forward. Anonymint deserves credit for coming up with it.

Agreed. Thank you for clarifying.

Edit: Some research apparently suggests linkability can be inferred when untraceability is lost, e.g. when balances are merged (multiple inputs to a transaction). Actually the identity of the sender also depends on IP connection obfuscation too. Complex issue. Nevertheless I agree with his point that my contribution attacks the untraceability. And I agree any mitigation and understanding gained may help improve the CN technology.

Excellent, and isn't that what BCX wanted all along?  To improve CN?  The baby gets his bottle, and we can all move along.

[robinwilliams]

Excellent, and isn't that what BCX wanted all along?  To improve CN?  The baby gets his bottle, and we can all move along.

no.  he didn't give a shit about monero.  until he figured out and confirmed he could kill it then he decided to go ahead and commit to it.

were u not watching the trollbox?  he wanted a 500btc bet (my guess is he figures the attack will cost him 500btc and the bet would have covered what he has to spend)

but regardless.  he wasn't wanting to "help the coin"

hahahaha "didn't he just want ot improve CN"  much shill.

[klee]

Here are three incorrect Martin Armstrong predictions:

"Nothing will go wrong when I bilk these Japanese investors."
"I won't get caught defrauding them either."
"Representing myself in court will be a good idea."

So it is confirmed you are afraid to take the bet.

Why am I not surprised you also believe in astrology?

Stating that I am a Cancer doesn't mean I believe my Zodiac predicts my personality. Rather it is a shorthand for stating my personality, because you can just go read about a Cancer. I didn't say it predicted, it just happens to be true in my case.

I have not applied the scientific method to Zodiac signs. Has anyone yet?  

P.S. Armstrong has applied and tested the scientific method. That is why you are afraid to take the bet because you will lose.

Now go check your horoscope, and call Miss Cleo at the Psychic Hotline.

I wrote nothing about horoscopes.

iCE: FYI the season that we are born has profound effects on our epigenome! I will find (maybe) the source and post it.

(So the season that we are born gives us some common attributes that are widespread to all. Ancient people attributed it to the stars of the season because they knew shit about DNA.)

[GreekBitcoin]

iCE: FYI the season that we are born has profound effects on our epigenome! I will find (maybe) the source and post it.

(So the season that we are born gives us some common attributes that are widespread to all. Ancient people attributed it to the stars of the season because they knew shit about DNA.)

ughhh...

P.S. H Nέα Σελήνη μιλά για νέα, σημαντικά ξεκινήματα πάνω σε oικoνoμικά θέματα.

[black_jesus]

Excellent, and isn't that what BCX wanted all along?  To improve CN?  The baby gets his bottle, and we can all move along.

no.  he didn't give a shit about monero.  until he figured out and confirmed he could kill it then he decided to go ahead and commit to it.

were u not watching the trollbox?  he wanted a 500btc bet (my guess is he figures the attack will cost him 500btc and the bet would have covered what he has to spend)

but regardless.  he wasn't wanting to "help the coin"

hahahaha "didn't he just want ot improve CN"  much shill.

I'm not shilling for anybody, so please don't jump to unfounded conclusions.  I'm aware of his ill-advised and illusory threat.  He can now claim that his actions forced some sort of improvement.  As I said, fine, let the baby have his bottle, and move on.

[klee]

I have not applied the scientific method to Zodiac signs. Has anyone yet?  

Not exactly but there is a paper that links birth month to personality factors, possibly due to the effects of exposure to seasonal flu or some other such factor (sunlight exposure and vitamin d would be one guess of mine, I think not demonstrated at all in the paper iirc) during early development.

I can dig it up if you are interested and can't find it.

Now back to your regularly scheduled troll circus.

Ha, just saw this!

Correct, all these environmental factors influence our epigenome (software) while the DNA (hardware) is not affected.

[klee]

iCE: FYI the season that we are born has profound effects on our epigenome! I will find (maybe) the source and post it.

(So the season that we are born gives us some common attributes that are widespread to all. Ancient people attributed it to the stars of the season because they knew shit about DNA.)

ughhh...

P.S. H Nέα Σελήνη μιλά για νέα, σημαντικά ξεκινήματα πάνω σε oικoνoμικά θέματα.

Πoλλά λεφτά βγάζoυν αυτoί πάντως χαχα

[illodin]

I'm not shilling for anybody, so please don't jump to unfounded conclusions.  I'm aware of his ill-advised and illusory threat.  He can now claim that his actions forced some sort of improvement.  As I said, fine, let the baby have his bottle, and move on.

Another shojayxt puppet.

[Hilux74]

Well BCX said he was going to destroy the half dead piddly hashrate Digitalcoin (DGC) a few months back which unfortunately never occurred, though BCX still mentions it as an imminent event with the same baited breath used with XMR.  So is it just bark and no bite?  XMR would take a few order of magnitude more resources to attack than DGC so there would have to be more incentive than just muscle flexing.  Maybe BCX could at least follow through on wiping DGC off the planet as a show of good faith that he will follow through with an attack on XMR. 

[rdnkjdi]

Well BCX said he was going to destroy the half dead piddly hashrate Digitalcoin (DGC) a few months back which unfortunately never occurred, though BCX still mentions it as an imminent event with the same baited breath used with XMR.  So is it just bark and no bite?  XMR would take a few order of magnitude more resources to attack than DGC so there would have to be more incentive than just muscle flexing.  Maybe BCX could at least follow through on wiping DGC off the planet as a show of good faith that he will follow through with an attack on XMR. 

Did he give a timeline - like 72 hours?