I have come to the conclusion that "on chain anon" defeats the purpose.

[lexicon]

I don't have any groundbreaking info here.
Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

LET'S DISCUSS. I was just thinking and all of a sudden realized that this concept is a ticking TIMEBOMB!!

I feel an attack, though it may not happen today or tomorrow, is:

 DEFINITION :Imminent, Impending, Threatening all may carry the implication of menace, misfortune, disaster, but they do so in differing degrees.

Someone is going to figure it out.
They may not be there yet, but tell me how all the info being PUBLIC won't eventually be cracked?

This is NOT fud.
And yes, I could be wrong.
But think about it for a minute. USE you deductive skills here.

BCX may have been bluffing. But why was his bluff taken so seriously? Because he has killed coins before. That is some of it.

But that is what got me thinking.

Why are most anon technologies not "on the chain"?
Why are the most respected and talented developers not choosing to have the "on chain anon"?

Jl777, The most famous as of late, but look at all the other coins, Sonic (SSD), another highly regarded developer, and the list goes on and on.

We all are here for the potential of decentralization, but having an anon technology "on chain" doesn't make it anymore decentralized than the LARGE MAJORITY of the rest of the coins with anon tech that use a mixture of different techniques to accomplish this same goal.

If it is done in a way that is not going though ONE server that can be taken down, or ONE company doing it using a "classic mixer", then "on chain anon" is in no way any more decentralized than all the rest of the anon coins.

Think about this, REAL HARD, because, you know what, I'm right folks.

But I made this topic to have this dicussion, and it is only moderated to keep the popular trolls out, I actually WANT to hear people playing the devils advocate here. This is the whole point of the topic. So don't worry, your posts are welcome and encouraged.

[1713519650]

1713519650

[1713519650]

1713519650

[Spoetnik]

i think you may be right..

my mantra has been for ages "if it runs it can be cracked"

i don't think i am secure nor do i think i ever will be nor do i think it even exists.
either stuff is blown wide open (publicly or privately) or it will be soon..

i got source code to the Zuess Rootkit many years ago after it got leaked semi-publicly
and i was shocked that it had been sold underground for as much as 10 grand to buyers
i was even more shocked at the complexity of it.. wow it's a masterpiece of malware LOL

i collect leaked code i have lots 
i have leaked Windows 2000 code, Leaked Norton Antivirus Code, Leaked Kasperky Antivirus code etc etc
and i have learned through my cracker connection buddies what lies beneath the surface is immense and shocking.
when i was in a PC game cracking group it was a regular occurrence that leaked stolen shit got in my hands or my buddies hands
or some of us simply traded our cracks privately while the public is clueless and cocky as fuck LOL

anyway.. am i "popular" Troll ?

[rdnkjdi]

By your logic "it's not secure, it will eventually be cracked" then private/public keys are in the same boat, no?  

[iampingu]

i think you may be right..

my mantra has been for ages "if it runs it can be cracked"

i don't think i am secure nor do i think i ever will be nor do i think it even exists.
either stuff is blown wide open (publicly or privately) or it will be soon..

i got source code to the Zuess Rootkit many years ago after it got leaked semi-publicly
and i was shocked that it had been sold underground for as much as 10 grand to buyers
i was even more shocked at the complexity of it.. wow it's a masterpiece of malware LOL

i collect leaked code i have lots 
i have leaked Windows 2000 code, Leaked Norton Antivirus Code, Leaked Kasperky Antivirus code etc etc
and i have learned through my cracker connection buddies what lies beneath the surface is immense and shocking.
when i was in a PC game cracking group it was a regular occurrence that leaked stolen shit got in my hands or my buddies hands
or some of us simply traded our cracks privately while the public is clueless and cocky as fuck LOL

anyway.. am i "popular" Troll ?

good old spoetnik!

[lexicon]

i think you may be right..

my mantra has been for ages "if it runs it can be cracked"

i don't think i am secure nor do i think i ever will be nor do i think it even exists.
either stuff is blown wide open (publicly or privately) or it will be soon..

i got source code to the Zuess Rootkit many years ago after it got leaked semi-publicly
and i was shocked that it had been sold underground for as much as 10 grand to buyers
i was even more shocked at the complexity of it.. wow it's a masterpiece of malware LOL

i collect leaked code i have lots 
i have leaked Windows 2000 code, Leaked Norton Antivirus Code, Leaked Kasperky Antivirus code etc etc
and i have learned through my cracker connection buddies what lies beneath the surface is immense and shocking.
when i was in a PC game cracking group it was a regular occurrence that leaked stolen shit got in my hands or my buddies hands
or some of us simply traded our cracks privately while the public is clueless and cocky as fuck LOL

anyway.. am i "popular" Troll ?

Spoetnik

I think you are just disgusted with the scammy coins/devs, and sometimes I think you jump the gun on some good devs/coins, but overall I think people just don't like that you call out all these pieces of shit. lol

I agree with you the large majority of the time.

So no, I don't think you are a troll, even tho a lot of people think you are, they just misunderstand you, or are part of the scam many times.

[Spoetnik]

thank you for taking the time to try and "hear" what i said

my goal here is to find something interesting to say and i was thinking when i posted this last comment here
i COULD be checking up on coins by evaluating the source code but i am tired of it.. simple.
i am not going to bend over backwards plowing through every coins code that comes along checking if their legit.. for free.
the burden of proving their legit lies on the coin posters.. as in i assume they are shit unless proven otherwise !
and that is because of the math.. there is a 1,000+ coins ..that says it all !
No responsible person should be still making more coins, it's as simple as that. (unless it's clearly revolutionary and if not join an existing coin project)
and the ole game around here is to wear us down.. scam coin pushers push hard unrelenting.
so....
my overall outlook on this stuff is their all pretty much greedy manipulative scammers trying to make a Bitcoin profit etc
and i am tired of having to sift through a 1,000 coins.. there shouldn't even be a thousand coins.
and that show cases the context of all this stuff.
these coin cloners have no right to expect us all to assume first their coins are legit and get mad we challenge them.
we ALL should assume the worse first because of the context of the situation. AKA: coins released along side 1,000 other coins.
enough is enough already.
And if fair coins get caught in the cross hairs sorry but what do you expect when you post coin no. 1,001 ? right ?

anyone who truly sincerely wants to do real legit work in the altcoin scene has my support even guys like iGotSpots LOL
If your legit then i got your back and i am sorry of i criticized your coin unfairly.
i like the concept of Altcoins i just wish it was not chronically abused for getting Bitcoin to buy Lambo's LOL

..just my personal perspective on this

[tacotime]

I'm personally okay with the discrete logarithm problem being the central failure point of privacy features in Monero.

Why use Bitcoin when you can use banks?

[Viper1]

Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

-snip-

For me it comes down to "trust" (as much as anything can be trusted) of the tech or trust of people (those that run master nodes, mixers etc).  Everything has the potential to be cracked or exploited at some point but given human nature, I'd rather trust "tech" over people any day.

[Chris001]

Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

-snip-

For me it comes down to "trust" (as much as anything can be trusted) of the tech or trust of people (those that run master nodes, mixers etc).  Everything has the potential to be cracked or exploited at some point but given human nature, I'd rather trust "tech" over people any day.

This is a misleading post, no one is trusting anyone with any mixers lol ha ha

[xenia4774]

I don't see a future in ring signatures, CryptoNote coins are a speculation tool and nothing more.

This bottom will drop out

We all know that there is an exploit out there, no one that has it wants to destroy the Bytecoins fork/clones like BBR and Monero (yet)

If you have any amount of investment in these coins you are involved in nothing but a ponzi scheme, like crypto musical chairs.

[MaxDZ8]

It seems to me people here believes security through obfuscation is an acceptable solution. It has been demonstrated to be problematic in many, many cases.
Cryptography is not "just a twist". It is a sound concept, every time an hash is compromised it is considered a major achievement.

Why are most anon technologies not "on the chain"?

Because claiming security though obfuscation is way easier.
"I promise you I won't release your data". What technologies are you talking about?

Why are the most respected and talented developers not choosing to have the "on chain anon"?

Who are you talking about?

[lexicon]

It seems to me people here believes security through obfuscation is an acceptable solution. It has been demonstrated to be problematic in many, many cases.
Cryptography is not "just a twist". It is a sound concept, every time an hash is compromised it is considered a major achievement.

Why are most anon technologies not "on the chain"?

Because claiming security though obfuscation is way easier.
"I promise you I won't release your data". What technologies are you talking about?

Why are the most respected and talented developers not choosing to have the "on chain anon"?

Who are you talking about?

who am I talking about jl777, AM, ya might have heard of them lol

There is one of the most respected members of the community, and one of the most respected developers right there.

That's enough for me. They know the actuall coding and technology much more than me. Enough for me to think that my take on the situation has merit. In my opinion you are completely naive to think the tech that is publicly available is more secure than tech that is not.

Let me say this again, you are completely naive to think that tech that is publicly on the public ledger to be exploited, is more secure than a technical solution that is off of the chain, and all of the records are, well NOT THERE!!

Think people, think!!! I just seems SO OBVIOUS to me. And the argument that, "well, then let's just say that Bitcoin is a danger because it's all on the chain".

That's all you CN people have? That's comparing apples to oranges, actually those are still fruit. It's like comparing apples to garbage bags.

To even suggest that ring signatures are as secure as Bitcoin's crypto security is an insult to everyones intelligence here. That just proves my point that you are playing up, and pumping something, and like it was said "playing crypto musical chairs".

Well, the point still stands. Yes, you can make a lot of money of of Bytecoin clones/forks, but just make sure you are close to a chair/exit if you stand to lose you ass when it hits the floor.

Facts people, facts. There is some opinion here, like you are naive if you believe otherwise, idk, you could be crazy, or ignorant to the truth, or caught up in a wishful thinking maze of bitcoin in your eyes.

Watch out, whos knows what day it will be, but one day the CryptoNote music will come to a dead silence.

Fact

[MaxDZ8]

You are very naive thinking something based on sound cryptography is intrinsically less secure than something based on obscurity. If the records are ... not there... I wonder if that's an acceptable solution.

I don't care if you think those members are "known and well respected". I don't believe anyone without doing my research first.

[smooth]

This is NOT fud.
And yes, I could be wrong.

It is precisely FUD. If you don't have actual hard facts and can specifically identify and explain an actual mechanism of failure, you are relying on Fear Uncertainty and Doubt. "yes, I could be wrong" = FUD.

Also your claim about "most anon technologies" and "most respected and talented developers" falls apart when looked at carefully. Your evidence is that you cherry picked some projects and personalities that support your premise. Even then the people you cite don't even agree, at least not unconditionally. For example, are you aware that jl777 is actively supporting BBR = on chain anonymity?

[lexicon]

This is NOT fud.
And yes, I could be wrong.

It is precisely FUD. If you don't have actual hard facts and can specifically identify and explain an actual mechanism of failure, you are relying on Fear Uncertainty and Doubt. "yes, I could be wrong" = FUD.

Also your claim about "most anon technologies" and "most respected and talented developers" falls apart when looked at carefully. Your evidence is that you cherry picked some projects and personalities that support your premise. Even then the people you cite don't even agree, at least not unconditionally. For example, are you aware that jl777 is actively supporting BBR = on chain anonymity?

You are far from someone who is unbiased, as you are one of the main people from Monero arent you?

Smooth, I don't think you are going to give the idea of anonymous transactions ON THE CHAIN is something that people need to take a second look at.

I agree that some of the coins that are claiming anon off of the chain are nothing but mixers, but others such as BTCD, NEOS, will outlast high prices, hype, and clever marketing, and most importantly.... ATTACKS!

Oh yeah, and speaking of developers. Jl777. Yes, he does support BBR which uses on the chain anon. But he plays a much more active role in BTCD which uses off the chain anon.

Like you said, Jl777 supports BBR, so why hasn't he used CN tech on BTCD? Because it is not as safe for the end user is why.

This is what makes me think that I am not the only one that believes this.. when it comes to keeping yourself anonymous.

When you look on out past what is a good speculation tool, and what is the new flashy tech of the day, and focus on what is really going to keep users identities safe, it is your more decentralized off chain anon coins that will protect people long term.

[smooth]

You are far from someone who is unbiased, as you are one of the main people from Monero arent you?

How about addressing the substance of my comments instead trying to dismiss them by way of association. I'm not trying to hide my affiliation with the Monero project (tacotime too above BTW), but it doesn't answer the question.

Smooth, I don't think you are going to give the idea of anonymous transactions ON THE CHAIN is something that people need to take a second look at.

I'm not sure I understood that. If you are asking whether it could be rethought, my answer would be absolutely.  

If you are saying that "I have come to the conclusion" and then later add "I could be wrong" and make baseless claims about "most respected and talented developers" without any kind of source for that statement, you are throwing FUD.

My opinion is that there is no way to "come to the conclusion" without actually doing the work to build out systems and see if they hold up. That is what we are doing.

[digitalindustry]

its all academic, i explained this to the Monero guys .

but as its "academic" it doesn't matter either way as long as it is "neutral"


so let me quantify that -:

i.e as long as the "on chain" aspect if "cracked" does not give away more information than if it had not existed, i.e a control system with no "Anon" features , if it does, then it is clearly flawed.

most of the time on purpose {yawn} no one cares about this stuff.

[lexicon]

You are far from someone who is unbiased, as you are one of the main people from Monero arent you?

How about addressing the substance of my comments instead trying to dismiss them by way of association. I'm not trying to hide my affiliation with the Monero project (tacotime too above BTW), but it doesn't answer the question.

Smooth, I don't think you are going to give the idea of anonymous transactions ON THE CHAIN is something that people need to take a second look at.

I'm not sure I understood that. If you are asking whether it could be rethought, my answer would be absolutely.  

. .... and make baseless claims about "most respected and talented developers" without any kind of source for that statement, you are throwing FUD.

THIS below is what Im talking about, Im not making the stuff up smooth

there is no math proof that there is no vulnerability here and your assessment that it is possible is good enough for me to be concerned.

Good point there is no proof yet that it isn't possible.

Note I have not assessed that the cracking the private keys is possible. I just asked that we have to look for the literature on cracks where there are two simultaneous equations. I've seen nothing from smooth's mathematicians yet on this.

I have accessed that Sybil attacking the anonymity is likely amplified. And appears smooth is leaning that way too, but no final conclusion yet.

Yes, smooth how did that turn out? It just doesn't seem as safe to me, I don't hear of anyone saying that, or devs admitting to the possibly that these issues exist in BTCD, Neos, etc.

if there is a non-zero chance of a fatal exploit, then better to be safe than sorry and pursue it to the best of our abilities

there is no math proof that there is no vulnerability here and your assessment that it is possible is good enough for me to be concerned.

My opinion is that there is no way to "come to the conclusion" without actually doing the work to build out systems and see if they hold up. That is what we are doing.

Ok, then.

[smooth]

What I'm telling you is that the same broad categories of issues you mention (i.e. "There could be a flaw") are exactly applicable to off-chain methods as well as on-chain methods. None of these have been "proven secure" and likely never will. For example, are you aware that most of the basic cryptography primitives that underlie Bitcoin or other systems have not been "proven secure." They are used because they have been analyzed to death and no fatal flaws have yet been found. That's how these things work.

Specifically on the question of off-chain anon, mixers and relays can be compromised or impersonated or sybil attacked, or subjected to timing-based attack and post-mixing, transactions can be unmixed by various forms of analysis. These are all known and demonstrated problems, plus there might well be other ones. Chain or no chain there are attack vectors and potential attack vectors. You're confused if you think one has been shown to be "more secure" (whatever that means) than the other at this juncture.

But hey, feel free to support your favorite projects, BTCD or whatever. Nothing wrong with that.

[TheFascistMind]

Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

Interesting that I was making the same point today in private communication before I had seen your thread.

1. All crypto will be cracked eventually, it is just a matter of time. First we have key length requirements increase over time:

http://www.keylength.com/en/compare/

2. Next we have IBM's head of research for quantum computing (with a $3 billion budget) expecting that quantum computing will arrive in 10 - 15 years. All the crypto-currencies to date use crypto that can be cracked with a sufficiently powerful quantum computer. May not happen in 10 years, but eventually it will.

3. There was a recent breakthrough in math for factoring which hints at the remote possibility in the future of a potential crack of the basic math used for all existing crypto-currencies (that use elliptic curve or RSA cryptography):

http://cacm.acm.org/news/170850-french-team-invents-faster-code-breaking-algorithm/fulltext#body-3

By your logic "it's not secure, it will eventually be cracked" then private/public keys are in the same boat, no?  

Yes but not the same threat. Cracking ancient spent private key keys harms no one, thus no problem with keeping transactions on the block chain. Cracking ancient anonymity potentially harms up to and including everyone, thus IMO an unacceptable risk of keeping the correlation of the outputs and inputs (the anonymity mix) of a mixing transaction on the block chain.

I don't see a future in ring signatures

Do investors realize that Cryptonote can't run lite clients without destroying their unlinkability, because you have to publish the "tracking key" to delegate the search for received payments if you did not download the full block chain.

But publishing that "tracking key" breaks the unlinkability:

https://cryptonote.org/whitepaper.pdf#page=8

"If Bob wants to have an audit compatible address where all incoming transaction are
linkable, he can either publish his tracking key...In both cases every person is
able to “recognize” all of Bob’s incoming transaction"


Edit: the "Trading off anonymity set size for decreased bandwidth/CPU" section in the following paper hints at a solution where only a portion of the block chain needs to be downloaded in exchange for reduced anonymity set size, but afaik this is not in Cryptonote and I did not analyze how or if it can be integrated (and off the top of my head, I think this might further reduce anonymity sets in intersection with a potential block chain pruning design for Cryptonote):

http://sourceforge.net/p/bitcoin/mailman/message/31813471/