So to clarify, Anonymint is working on the same exploit that Tacotime is already working on, and is no big deal.

And BCX is still lying about having the super exploit to steal funds. Why doesn't he just steal 500 bitcoin worth of Monero? Sounds like he can't.

This is entertainment, but not reality.

We don't know if he can or not, although we might be very skeptical, it doesn't help for you to push him.

If he does that, he destroys the value of the coins he stole.

My understanding is that the only people who can loan a huge amount of XMR for shorting are the whales, who thus I assume won't loan him the XMR so he could sell them before such an attack. Also they want BTC collateral so they might not return the BTC after such an attack. Perhaps this is why he challenged Rpietila to a 500 BTC escrowed bet.

I wish you all would stop punching him in the nose. I am trying to think and work on mitigation, so we fix everything within the 72 hours if there is anything that needs to be fixed.

I am trying to be careful with my words, because even though I feel reasonably confident there is a problem that needs fixing, I haven't written down proofs and exactly mathematical characterizations of everything.

Again we have not yet confirmed math for how he could steal coins. But that doesn't mean it is impossible. Normally it is impractical to factor a private key from a public key, in the equation P=xG mod l. But because the breakdown in the anonymity identifies the sending key P(i) where i = s, then another equation is revealed from the one-time ring signature, I=xH(P) mod l. If there exists some trick for factoring that is sufficiently sped up by combining the information from the two equations, which would make cracking the private key 'x' plausible, then he threat would be real. But we don't yet know that trick, if one exists.

Yeah it is possible that BCX is bluffing, but why push him and erase the 72 hours he gave us to get this fixed.

Note we don't yet know the precise characterization of how much the anonymity breaks down and what % of the coins the attacker needs to own, if any. That is what I was working on before I fell asleep. The CN paper that Tacotime linked upthread already characterizes some loss of anonymity, but seems to say it isn't that severe (note I haven't had time yet to completely wrap my mind around that paper). And they were working on mitigation. I think I may have discovered a method for amplication of the anonymity loss, which may be what BCX's threatened exploit does. But I haven't yet characterized my algorithm mathematically. I just wrote down some pseudocode. Now I need to go talk with the CN devs to see what they think or discovered about my pseudocode.

Please be nice.