delete

[AKWAnalytics]

Again, I have no intentions on attacking XMR as my focus is my pools and DGC if anything.

Yes this is true but it doesn't seem good enough for the powers that be.

Maybe a demonstration is in fact needed.

I preferred a forced evolutionary fix, but that seems to beyond the vision of the XMR devs.

Too caught up in their ego's I guess.


~BCX~

The more you write, the more desperate you sound. Not a personal attack, just an observation.  

And I hope you know that while many innocent individuals may get hurt financially in the short term due to your actions (or lack thereof), the end of this iteration of XMR (or CN more generally) is not the end of the world.  In fact, its completely insignificant in the context of global finance.  You might think you are powerful, but trying to attack this coin in this way at this stage illustrates the trivial amount of power you actually possess.

Best of luck, but I'm betting against you.

[TheFascistMind]

http://lab.monero.cc/pubs/MRL-0001.pdf confirmed flaws in monero - crypto note is doomed-  stealthcoins chandran signatures is obvious the way to go

I haven't studied chandran signatures, so I don't yet know if they wouldn't have similar or the same problem.

[iCEBREAKER]

I don't think the BBR feature is directly effective against Sybil attackers. It prevents disclosure to the public (for example by someone spending without a mix) but a Sybil attacker can easily create these min-mix outputs, and then you will choose them as your "safe" mixin. But the damage is done as soon as you use the attackers outputs in a mix (he knows his are not the real ones so yours is identified by elimination); whether or how he spends does not matter.

The BBR feature may slow down the rate of chain reaction sunder some conditions, I'm not sure.

Well I guess we'll find out in a few days.

A nice fellow in the BBR thread speculated the exploit may be something related to one of their recent patches that isn't yet present in XMR.

[dzonikg28]

he want cheap coins..when he buy it cheap he will say   " ouu i tryed to attack it but XMR is safe for you to invest" and then price sky jump and he take money in his pocket.. 

[TheFascistMind]

So to clarify, Anonymint is working on the same exploit that Tacotime is already working on, and is no big deal.

And BCX is still lying about having the super exploit to steal funds. Why doesn't he just steal 500 bitcoin worth of Monero? Sounds like he can't.

This is entertainment, but not reality.

We don't know if he can or not, although we might be very skeptical, it doesn't help for you to push him.

If he does that, he destroys the value of the coins he stole.

My understanding is that the only people who can loan a huge amount of XMR for shorting are the whales, who thus I assume won't loan him the XMR so he could sell them before such an attack. Also they want BTC collateral so they might not return the BTC after such an attack. Perhaps this is why he challenged Rpietila to a 500 BTC escrowed bet.

I wish you all would stop punching him in the nose. I am trying to think and work on mitigation, so we fix everything within the 72 hours if there is anything that needs to be fixed.

I am trying to be careful with my words, because even though I feel reasonably confident there is a problem that needs fixing, I haven't written down proofs and exactly mathematical characterizations of everything.

Again we have not yet confirmed math for how he could steal coins. But that doesn't mean it is impossible. Normally it is impractical to factor a private key from a public key, in the equation P=xG mod l. But because the breakdown in the anonymity identifies the sending key P(i) where i = s, then another equation is revealed from the one-time ring signature, I=xH(P) mod l. If there exists some trick for factoring that is sufficiently sped up by combining the information from the two equations, which would make cracking the private key 'x' plausible, then he threat would be real. But we don't yet know that trick, if one exists.

Yeah it is possible that BCX is bluffing, but why push him and erase the 72 hours he gave us to get this fixed.

Note we don't yet know the precise characterization of how much the anonymity breaks down and what % of the coins the attacker needs to own, if any. That is what I was working on before I fell asleep. The CN paper that Tacotime linked upthread already characterizes some loss of anonymity, but seems to say it isn't that severe (note I haven't had time yet to completely wrap my mind around that paper). And they were working on mitigation. I think I may have discovered a method for amplication of the anonymity loss, which may be what BCX's threatened exploit does. But I haven't yet characterized my algorithm mathematically. I just wrote down some pseudocode. Now I need to go talk with the CN devs to see what they think or discovered about my pseudocode.

Please be nice.

[TooDumbForBitcoin]

Please be nice.

We'll follow whatever example you set.

[AKWAnalytics]

So to clarify, Anonymint is working on the same exploit that Tacotime is already working on, and is no big deal.

And BCX is still lying about having the super exploit to steal funds. Why doesn't he just steal 500 bitcoin worth of Monero? Sounds like he can't.

This is entertainment, but not reality.

We don't know if he can or not, although we might be very skeptical, it doesn't help for you to push him.

If he does that, he destroys the value of the coins he stole.

My understanding is that the only people who can loan a huge amount of XMR for shorting are the whales, who thus I assume won't loan him the XMR so he could sell them before such an attack. Also they want BTC collateral so they might not return the BTC after such an attack. Perhaps this is why he challenged Rpietila to a 500 BTC escrowed bet.

I wish you all would stop punching him in the nose. I am trying to think and work on mitigation, so we fix everything within the 72 hours if there is anything that needs to be fixed.

I am trying to be careful with my words, because even though I feel reasonably confident there is a problem that needs fixing, I haven't written down proofs and exactly mathematical characterizations of everything.

Again we have not yet confirmed math for how he could steal coins. But that doesn't mean it is impossible. Normally it is impractical to factor a private key from a public key, in the equation P=xG mod l. But because the breakdown in the anonymity identifies the sending key P(i) where i = s, then another equation is revealed from the one-time ring signature, I=xH(P) mod l. If there exists some trick for factoring that is sufficiently sped up by combining the information from the two equations, which would make cracking the private key 'x' plausible, then he threat would be real. But we don't yet know that trick, if one exists.

Yeah it is possible that BCX is bluffing, but why push him and erase the 72 hours he gave us to get this fixed.

Note we don't yet know the precise characterization of how much the anonymity breaks down and what % of the coins the attacker needs to own, if any. That is what I was working on before I fell asleep. The CN paper that Tacotime linked upthread already characterizes some loss of anonymity, but seems to say it isn't that severe (note I haven't had time yet to completely wrap my mind around that paper). And they were working on mitigation. I think I may have discovered a method for amplication of the anonymity loss, which may be what BCX's threatened exploit does. But I haven't yet characterized my algorithm mathematically. I just wrote down some pseudocode. Now I need to go talk with the CN devs to see what they think or discovered about my pseudocode.

Please be nice.

Please be nice?  Civility is one thing, pleasantry is another.  This is real money we are talking about. People don't have to be nice.

Plus, been on #monero-dev all night and the core devs don't seem nearly as existentially concerned as you are.  Perhaps I am misinterpreting, however something just doesn't smell right about this whole thing...

[TheFascistMind]

There is one sure way that your private keys could never be stolen by such an unconfirmed, hypothetical, threatened attack.

Make sure they've never passed through a ring signature since mining.

Checkpoint won't help us unless we can get it distributed out to all mining nodes within 72 hours.

[Kuriso]

Ill just leave this here...

http://itsalmo.st/#timetokillxmr

[TheFascistMind]

Please be nice?  Civility is one thing, pleasantry is another.  This is real money we are talking about. People don't have to be nice.

If you have real money at stake, and if he has the attack, then being nice is the way to protect your money, as we probably need the 72 hours to analyze this fully.

Plus, been on #monero-dev all night and the core devs don't seem nearly as existentially concerned as you are.  Perhaps I am misinterpreting, however something just doesn't smell right about this whole thing...

Maybe that is why he is escalating his threats, if the devs are may be making the same mistake as past coins which started to act arrogant.

Any way, I have not yet read their latest comments, so I don't know. I need to go interface with them now. I just woke up.

BCX appears to like coins that are much more interested in fixes than in denial. I have to agree with him. I can promise him if I ever do an altcoin, I will take his audits very seriously and I won't act arrogant.

I can understand being upset that he hasn't given us all the information upfront. Maybe he can't ascertain that some party in the chain of command wouldn't use that to attack before it could get fixed. Maybe that is why he wants us to fix it, even before we fully understand all the tricks involved. Although I am not quite clear if we can fix without knowing all the tricks involved.

And again, he could be bluffing. That is a possibility.

[Oscilson]

There is one sure way that your private keys could never be stolen by such an unconfirmed, hypothetical, threatened attack.

Make sure they've never passed through a ring signature since mining.

Checkpoint won't help us unless we can get it distributed out to all mining nodes within 72 hours.

What do you mean "Make sure they've never passed through a ring signature since mining."?

[BitcoinEXpress]

delete

[TheFascistMind]

There is one sure way that your private keys could never be stolen by such an unconfirmed, hypothetical, threatened attack.

Make sure they've never passed through a ring signature since mining.

Checkpoint won't help us unless we can get it distributed out to all mining nodes within 72 hours.

What do you mean "Make sure they've never passed through a ring signature since mining."?

Make sure you can trace the ownership of your coins on the blockchain back to their coinbase mining transaction, because every tx they were involved with did not mix with any ring signature, i.e. n=1 in the CN whitepaper. Although that won't work if the CN code still applies the I=xH(P) when n=1. But that would be silly for the code to do that, so I assume it doesn't (haven't checked).

But it is silly for you to even do this, because if many of the other coins were stolen, the value of your coins would be destroyed too.

So the best is for us to analyze this. We need some time.

[5w00p]

Here is my take:

BCX and TFM are playing good cop/bad cop.

No unknown exploit exists.

It is all theater.

Why wait for the supposed ultimatum to expire?
Do it now, BitchClownExpress, what are you waiting for? Pussy.

[TheFascistMind]

BCX and TFM are playing good cop/bad cop.

I've never known him before yesterday. I have no such relationship with him.

I will get my 11 BTC bounty whether he attacks or not (if I am correct about my contribution).

So you are wrong as usual. STFU!

[dzonikg28]

If i dont get  100 BTC to this adrress 19buRJedpjuy5V2nZX9GqvqHp8aS6xtWQ5  in 36 hours i will kill XMR..

[5w00p]

BCX and TFM are playing good cop/bad cop.

I've never known him before yesterday. I have no such relationship with him.

I will get my 11 BTC bounty whether he attacks or not (if I am correct about my contribution).

So you are wrong as usual. STFU!

You will get nothing and you will like it.

[TheFascistMind]

BCX and TFM are playing good cop/bad cop.

I've never known him before yesterday. I have no such relationship with him.

I will get my 11 BTC bounty whether he attacks or not (if I am correct about my contribution).

So you are wrong as usual. STFU!

You will get nothing and you will like it.

jl777 has promised I will get his 5 BTC portion. What the hell is wrong with you? I am trying to help. You need to go find your meds. Make one more asinine post and I am putting you on ignore.

The 11 BTC is too small to compensate me for the time lost. It is a matter of principle. People who break their word of honor with me incur my wrath.

[TooDumbForBitcoin]

So you are wrong as usual. STFU!

Please be nice.

[TheUniporn]

Here is my take:

BCX and TFM are playing good cop/bad cop.

No unknown exploit exists.

It is all theater.

This is what I also believe, I also read TFM's posts and concluded more than a week ago that it's not AM, just somebody that purposely tries to write like him, guess this was the end game.