delete

[BanditryAndLoot]

The addresses is a non-issue. There is no connection between different transactions just because they have the same public address (unlinkability).

Sorry if I'm misunderstanding or asking the question wrong. I was trying to ask if one could use their private key to identify an output of theirs as a mixin in a different transation. So, if an exchange were to begin using mixins, then their ability to identify they one of their outputs was used in someone else's ring would increase proportionally to the volume they handled?

The issue of someone controlling a huge share of transactions is a real one, and amounts to a form of sybil attack on traceability. Some transactions will become traceable in this manner but transactions with high mixes or multiple hops become effectively untraceable even by someone owning 90% or more of the outputs due to the exponential function.

Oh I see, maybe. So, if a typical user were to use a mixin of ten, then their chances of having someone with 90% of the transactions identify one of them would be .9^10, or 34.8% of being de-anonymized? I think there's also the denominations to deal with as well, so let's say for this example that all transactions ever done were just '10'?

Also, just as a matter of general privacy, exchange transactions are easily identifiable since they have a payment ID, and many people don't change their payment ID very often, so you can find all their transactions that way. Given this, we can tell that the number of exchange transactions is high but not extremely high. There are still a lot of mining transactions, pool payouts, and other incidental stuff (donations, MEW memberships, private trades, people moving between their own wallets, etc.)

Is this why you initially advocated for the txid field to be removed completely? If the field was filled and encrypted on a protocol standard with random data when not in use, then would nobody know but one party (here, exchange) how much of the transactions were theirs? So, if someone were trying to mount a sybil attack on mixins, nobody would ever see it coming? Would removing it prevent the ability of an exchange or anyone to be able to know that a transaction was theirs? Maybe there's more to this? Would the best case to be to encourage the widespread random usage of the txid field then?

As a second practical matter, I don't think (most?) exchange transactions today even use mixing, so even the sybil attack doesn't apply. That could change the future, although one would hope that there would also be other uses besides sending coins to an exchange constantly, otherwise who even cares.

Me! Regardless of the eventual level of penetration into society these coins get, pretty much every aspect of them is still fascinating on a technical level

Finally it is important to remember that unlinkability (stealth) and untracabilty (mixing) work together to frustrate blockchain analysis. Even when you can partially overcome one, the other often makes the results useless. So for example, if you can defeat untracability on some tranasctions, you just get links between anonymous one-time keypairs that don't identify a person or link with other payments to or from that same person. Conversely if you can link some keypairs together, you can construct an "identify" (still not necessarily linked to a person) but you can't see flow of funds to or from that identify without also defeating untraceability. You really have to defeat both simultaneously on the same set of transactions to get anything useful, and that is much harder.

Right, so you can have the framework built up of transactions linked by one address, but still not have a clue where the terminations are because stealth addressing. Really, all you can do is prove that you were the majority transactor on the network, which you'd likely already know. So, if there were two major major network transactors (likely scenario at this point in time - two hi volume exchanges) then could there be any cross-referencing done in which some of those terminations could be revealed? Let's say cryptsy picks up xmr, and matches plx in volume and that's all that really changes in the next couple of months. Can the exchanges collude to identify users within a high probability on one exchange as users of the other exchange? I realize this can obviously be done without the blockchain, but I'm trying to learn so if anyone's under the impression that I think this would ever happen then I'm sorry but I don't mean it as it's just the easiest thing I can use to identify and understand how this works.



There was another thing that I was wondering: If ~100% of the coins that are mined go directly from pool to exchange, and then onto the rest of their life, can that cause a long-lasting effect on anything? I understand that this is not the case currently where all mined coins go to one address, but if mining were to become strictly a business where mostly nothing (<1%) is held, and 99-100% of coins always originated from <10 addresses (pools) to be used by a group of 10,000 people, as opposed to a very small network of 10,000 people who are just solo-mining and using the coins, then which network would have greater cryptographic anonymity using cryptonote?

[1713853042]

1713853042

[1713853042]

1713853042

[1713853042]

1713853042

[1713853042]

1713853042

[1713853042]

1713853042

[smooth]

Sorry if I'm misunderstanding or asking the question wrong. I was trying to ask if one could use their private key to identify an output of theirs as a mixin in a different transation. So, if an exchange were to begin using mixins, then their ability to identify they one of their outputs was used in someone else's ring would increase proportionally to the volume they handled?

Yes the issue is ownership (of the private key) not the same public address. Even if the exchange used different public addresses it would be the same.

Likewise this would apply to external CoinJoin-style mixers if a high volume exchange sent its transactions through a mixer and was a huge fraction of the volume there (they would know which parts of a mix are theirs, so could potentially identify other parts). The issue of poisoning is inherent in mixes, not how they are done.

Oh I see, maybe. So, if a typical user were to use a mixin of ten, then their chances of having someone with 90% of the transactions identify one of them would be .9^10, or 34.8% of being de-anonymized?

"Be de-anonymized" is not really useful terminology, as discussed in my last reply. Instead I would say that tracing could occur between some transactions on the blockchain.

I wouldn't really consider 10 to be a high mixin. Users who want to be quite confident on a particular transaction not being traced (but, again, "traced" does not mean traced to them personally or to their other activity; it has a particular technical meaning with respect to blockchain analysis) will want to use something quite a bit higher in the presence of potential 90% sybil attackers, or rely on multiple tranasction steps (taking care to avoid timing issues -- sending them right after one another is not a good idea).

Regardless of what individual users do, as long as the use of mixes on the network is healthy (too-low mixes are not used resulting in chain reactions) then we can be confident that this tracing can't be done for long chains of transactions. Even traces through smaller mixes become exponentially unlikely after several steps.

Is this why you initially advocated for the txid field to be removed completely?

That is part of it. Also, there is no assurance that exchanges encode payment IDs opqauely. They could put your tax id number in there for all to see! At a minimum we will likely change them to be encrypted as Darknote has done with messages. Better would be to make all uses of these sorts of tags (including payment ID) encrypted and opaque (except to the recipient). Better still (at some cost in blockchain size) would be padding as you suggested.

Would removing it prevent the ability of an exchange or anyone to be able to know that a transaction was theirs?

The exchange would have to scan for multiple incoming addresses. The cost of this would be proportional to the number of active users, so significant overall but not necessarily prohibitive, and certainly horizontally scalable.

Would the best case to be to encourage the widespread random usage of the txid field then?

That depends how you trade off blockchain space against processing cost by the recipient. I've also suggested an ephemeral payment protocol that allows the sender to deliver out-of-band information to the recipient that doesn't need to be stored persistently on the blockchain, but payment protocols have somewhat of a bad name I guess.

As a second practical matter, I don't think (most?) exchange transactions today even use mixing, so even the sybil attack doesn't apply. That could change the future, although one would hope that there would also be other uses besides sending coins to an exchange constantly, otherwise who even cares.

Me! Regardless of the eventual level of penetration into society these coins get, pretty much every aspect of them is still fascinating on a technical level

My point was that it doesn't really make sense to design a system where 90% of the transactions are done by a single party. Blockchains are slow, expensive, and complex. If a single party dominates so much of the activity a centralized processing system is likely better.

So, if there were two major major network transactors (likely scenario at this point in time - two hi volume exchanges) then could there be any cross-referencing done in which some of those terminations could be revealed?

This would be no different than the case of one actor with the combined total. Slightly safer in fact, since they would at least need to collude, which is plausible but not guaranteed.

There was another thing that I was wondering: If ~100% of the coins that are mined go directly from pool to exchange, and then onto the rest of their life, can that cause a long-lasting effect on anything? I understand that this is not the case currently where all mined coins go to one address, but if mining were to become strictly a business where mostly nothing (<1%) is held, and 99-100% of coins always originated from <10 addresses (pools) to be used by a group of 10,000 people, as opposed to a very small network of 10,000 people who are just solo-mining and using the coins, then which network would have greater cryptographic anonymity using cryptonote?

The advantage of solo mining is that you get coins with no history whatsoever. So in that sense the latter network would be preferable, all else being equal. Other than that, being a participant in the history of coins conveys no advantage, since tracing will fail after a small number of mixed transactions.

(Nice Socratic method BTW. A welcome change from the usual confrontational approach seen here so often.)

[smoothie]

I received the above PM from "The Fascist" aka "Anonymint". It seems as if he has also found an exploit.

I have no interest in buying any exploit or any interest in attacking Monero. I am neither for or against the coin.

I do however see a serious flaw inherent to all CN coins with Monero being the focal point.

With this exploit expanding into the wild, holding any sum of funds in XMR you cannot lose is foolish.

I can absolutely guarantee you as soon as this exploit is successfully deployed, every single exchange will halt trading
and there will a lot of people holding coins they cannot trade anywhere.

As Anonymint also indicated, this is indeed a coin killer.


~BCX~

Could there be a major flaw in how these currencies are being used right now? I can imagine a highly likely scenario where surely >50%, and probably much closer to 90% of all the xmr coins ever emitted currently have have moved through one single address?

Additionally, could the percentage of mined coins directly to that exchange address have a strong effect on anything?

Will having likely 90% of all coins ever currently minted using xmr as example, which is 21.37% of all coins that will exist currently routed through a single address, occasionally branching off for one or two transactions before going right back to that address bode well for the cryptographic anonymity provided by ring signatures?

Assuming you are talking about Poloniex, each new deposit of a customer is a new XMR address. And if I am not mistaken there is change address for each succession of withdrawals from users meaning the coins are never always sent from the same XMR address.

Did I miss something here concerning your thoughts?

Yes and no. There is a button to change payment ID but I think they go to the same address. However, on the blockchain they go to different addresses because stealth addresses are always one-time.

Thanks for the clarification. I was referencing the one time stealth addresses.

[UnunoctiumTesticles]

Yes the probability for unmasking mixes via cross-correlating all overlapping groups of rings increases when the attacker owns some of the inputs of the rings. And this is not a linear relationship wherein if you know 10% of the inputs to a ring, then probability of being unmasked increases only by 10%. You would have to run some tests on a real block chain to see impacts of that 10% on unmasking, yet my intuitive guess is it will unmask non-linearly more percent as the percent rises. The bounty algorithm that AnnoyingMint provided was an attempt to test these unmasking effects. Testing the algorithm might provide insights into how to structure mixes to minimize (mitigate) probability of unmasking. Some of this would also apply to off chain CoinJoin-like mixes.

Yes centralized exchanges add risk, because one entity knows the identity of so many inputs of so many rings. Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft (e.g. MtGotcha).

In short, centralized exchanges add risk, 51% attacks can possibly kill a coin, and widespread mixing increases cascade risk from double-spends. That cascade risk can minimized for non-51% attack scenarios by setting a wait before new transaction outputs can be respent, e.g. included as inputs in rings.

[smooth]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin, so really not a relevant topic even for the Monero "Free For All" thread.

Given that, I suspect "UnunoctiumTesticles" of being a shill from another coin applying fairly aggressive anti-Monero FUD tactics. Best to ignore.

The other mixing points were interesting though, although pretty well covered 50-100 pages ago.

[UnunoctiumTesticles]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

[nioc]

me thinks you like your name .

where are these decentralized exchanges you are interested in?

[Hueristic]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

UnunoctiumTesticles is very entertaining.

[smooth]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

Yes, it is probably a good idea to repeat this on every page after all.

[NewLiberty]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

UnunoctiumTesticles is very entertaining.

Yes, he's quite the noble gas,
but I'm concerned about his half-life. 

[paratox]

This is the exact thing the Auroracoin devs  said right up until a few hours before I predicted the TW would hit.

When it did, geez did the convo shift over to "Hey BCX, we're all civil blah blah blah, we didn't mean all those bad things...."


I said 22 days which is October 11-ish into early Oct 12 GMT

500 BTC challenge is still open to you

Let see just how sure you really are.


~BCX~

Did anything happen yet?

[Spoetnik]

ya good question, did anything happen yet ?

and is this Monero business still a thing ?

wow that is so last month ooooooold 

[Spoetnik]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

UnunoctiumTesticles is very entertaining.

Yes, he's quite the noble gas,
but I'm concerned about his half-life.  

you should be concerned about his Counter-Strike !

[exciter0]

Beside ~bcx~™ letting some gas out to stink up this thread, nothing. 

Hashrate went up to 27Mh today, maybe he's throwing some hash in today to help secure the network. yea!!

This is the exact thing the Auroracoin devs  said right up until a few hours before I predicted the TW would hit.

When it did, geez did the convo shift over to "Hey BCX, we're all civil blah blah blah, we didn't mean all those bad things...."


I said 22 days which is October 11-ish into early Oct 12 GMT

500 BTC challenge is still open to you

Let see just how sure you really are.


~BCX~

Did anything happen yet?

[TooDumbForBitcoin]

So the 11th is almost gone, and nothing.  BitcoinAssPress has one day left to be an asshole.  After the 12th, he's just a dick.

[nioc]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

UnunoctiumTesticles is very entertaining.

Yes, he's quite the noble gas,
but I'm concerned about his half-life. 

Being that only 3 or 4 atoms of Uuo have existed it is not known what state they exist in but the latest prediction is that it is a solid due to relativistic effects.

IIT we are currently waiting for relativistic effects.

[Hueristic]

Also if an attacker possessed those private keys from the centralized exchanges and could rewind the block chain with a 51% attack, he could in theory double-spend everyone's coins on the block chain. Checkpoints exist to try to unwind such, yet if a 51% attack was sustained and many users got their desired transactions intertwined with the attacker's sustained chain, one might be able to envision political fighting over which chain to revert to. Also centralized exchanges pool risk (e.g. cascade from double-spend attacks) and can be subject to massive theft.

Yes this applies to most every cryptocoin...

Yes.

It is important the new poster understand his theories were already covered upthread.

If UnunoctiumTesticles sees "this was already discussed upthread" instead of walls of text that obfuscate that fact and try to make it is appear that there is no risk from centralized exchanges, then he (or she  ) might toss his balls into this thread to make that clear.

UnunoctiumTesticles is interested in decentralized exchanges.

UnunoctiumTesticles doesn't give a left statestical about political ramifications on BTT. UnunoctiumTesticles is interested in factual statements about the merits of technological alternatives. UnunoctiumTesticles contemplates that centralized exchanges present some risks which may in theory be alleviated with decentralized exchanges. Thus UnunoctiumTesticles is interested in unmasking the obfuscation (by the walls of text on this page) of the new poster's concern about centralized exchanges.

UnunoctiumTesticles is very entertaining.

Yes, he's quite the noble gas,
but I'm concerned about his half-life. 

UnunoctiumTesticles is a Isotope! LMFAO

[Spoetnik]

Beside ~bcx~™ letting some gas out to stink up this thread, nothing. 

Hashrate went up to 27Mh today, maybe he's throwing some hash in today to help secure the network. yea!!

This is the exact thing the Auroracoin devs  said right up until a few hours before I predicted the TW would hit.

When it did, geez did the convo shift over to "Hey BCX, we're all civil blah blah blah, we didn't mean all those bad things...."


I said 22 days which is October 11-ish into early Oct 12 GMT

500 BTC challenge is still open to you

Let see just how sure you really are.


~BCX~

Did anything happen yet?

mmmmmm hhhhhmmmmm ..we all here to secure networks lol

these Chinese guys REALLY wanted to secure the network so they bought this..
https://archive.today/JIVYq

[pinky]

So the 11th is almost gone, and nothing.  BitcoinAssPress has one day left to be an asshole.  After the 12th, he's just a dick.

What excactly are we looking to confirm if attack was successful or not?

[rangedriver]

So the 11th is almost gone, and nothing.  BitcoinAssPress has one day left to be an asshole.  After the 12th, he's just a dick.

What excactly are we looking to confirm if attack was successful or not?

I'm no expert, but I would imagine some kind of statement by the President.