Topic: [ANN] AEON [2019-09-27: Upgrade to version 0.13.0.0 ASAP HF@1146200 Oct 25] - page 155. (Read 625666 times)

Everyone in the Aeon community needs to familiarize themselves with the Monero Labs research release #1: https://lab.getmonero.org/pubs/MRL-0001.pdf  

Specifically this part on pages 6 & 7:
"Chain reactions act slower and slower as mixins increase. Thus, a single mixin is inappropriate for any currency problem, because an anonymous, malicious user may spam the network with transactions they control in the hopes that they eventually control greater proportions of the UTXO set. This would essentially make all transactions from then on fully traceable (at least from Burns’ point of view), and Burns doesn’t have to take a single action after his initial seed transactions are planted in the UTXO set. This fixed initial cost for the attacker leading to a never-ending stream of information in the form of traceable transactions from other users is, clearly, a catastrophic economic failure. This is so important, we are putting it in italics: any CryptoNote coin that allows for only 1 mixin is vulnerable to a slow chain reaction in which the owner of very few private keys can violate the untraceability of much larger number of other users. Requiring a mixin of at least 2 for all transactions save for transactions that are willfully spent with 0 mixins will keep these chain reactions, probabilistically, to a smaller length. Indeed, any number greater than 1 will do, to force these chain reactions to burn themselves out, rather than to spread to the whole network, and the higher the better. Of course, a protocol-enforced, network-wide mandatory minimimum mixin of M = 10 would, presumably, cause a blockchain bloat, which can hinder adoption, which has it’s own security benefits in terms of network size. Hence, there is likely some optimal size of mandatory minimum mixin. We do no more than to suggest M = 2 as a protocol-enforced mandatory minimum, and to advise users to use as many mixin signatures as their little hearts desire."

This was a big problem with Monero and they fixed it by mandating the recommended number of mixins. However as of this moment the Aeon Blockchain has arguably worse privacy than Bitcoin. At least with Bitcoin it is understood that your transactions are traceable, and people have little expectation of privacy anymore. The problem with Aeon is that people may have an expectation of privacy, which can subsequently be violated by powerful and prepared actors, while small fish remain unaware of what is going on.

This is simply unacceptable for what aims to be a global standard. I hope that as the largest public owner of Aeon my concerns ring genuine. To FUD this blockchain is inherently a self-defeating measure, so this issue should be taken seriously.

My recommendation to devs, including smooth, is this: Either incorporate mandatory mixin or let's mandate zero mixin. If we mandate zero mixin, then Aeon becomes the fabled 'clearnote protocol' that truly can be a powerful companion to Monero and incorporate radical pruning that the Monero blockchain could never approach.
I am welcome to comments, criticisms, and ideas here.  
  
Crosspost from: https://www.reddit.com/r/Aeon/comments/5u20b0/we_have_a_serious_issue_that_needs_to_be/

---

Smooth's response on this issue:

  AEON's solution addresses the problem identified in MRL-0001. By allowing only one 0-mix transaction per block (when there can, and will assuming AEON becomes a "global standard", be many txs per block), the average ring size will be high enough to ensure that any attacker's existing known output set (the attack discussed) "burns out". MRL-0001 is also overly conservative in its calculations as it does not consider that outputs are currently chosen using a triangular distribution (favoring the new "burned out" outputs) as this was added after MRL-0001 was written. Given the combined effect the "burn out" will occur at an even faster rate for a given average ring size than is shown on the chart n the paper.
The possible attack is then reduced to an ongoing Sybil attack where (unlike a situation where there is a high number of 0- and 1- mix transactions) the attacker must incur an ongoing cost to create more and more new outputs. This is essentially the same situation as banning 0-mix altogether except that the average ring size will be slightly smaller and therefore the burn out rate also slightly slower.
I do not believe we need to remove 0-mix transactions altogether and I also believe we can further improve things to expand their use in a safe manner which will bring most of the benefits of what you describe as the clear note protocol without dropping larger ring sigs altogether. Done right the two can coexist.

Aeon Pool

how to set up to P9 290 miner http://98.238.231.31:9000/#getting_started

I have been buying and recommending AEON for some time, and I know lots of people are buying and holding for the long term. If people are making stuff up for cheaper prices, that is what they are doing and nothing more.

Thanks. Make sure you copy the whole address. Also check whether it starts with 4 or W, you might have got a Monero address (Arux reported refreshing the page keeps the selection as aeon but the rest of the logic resets - browser bug I think, but I'll merge Arux's patch for this soon).

It said something like 'that address is not a valid aeoncoin address'.

I tried shortly after your first post so it may have been an issue resolved with your last update.

Next time I am on Bittrex I'll get the exact wording.

address created by monero-wallet-generator are ok on my side
transfer successfull from bittrex (without Payment_Id) to a "monero-wallet-generator" address (latest commit from github, firefox 51.0.1, ubuntu 16.10)
coins are unlocked and available to spend (back in my bittrex wallet through simplewallet)

Did it give a particular reason ?
Do other addresses work ?
Did you put the address in the correct place (ie, not payment id) ?
Does simplewallet accept this address ?

The addresses it creates are not accepted by Bittrex.

I don't know where you or any others on here get the gall to claim I am involved in a pump and dump. Because I ask one question in this thread you are going to accuse me of that? For the record: I have never owned more than a few thousand bbr (NEVER), and I've never participated in private or public discussion of "pumping" any cryptocurrency. I know how to program Java, hence the name. Never once have I ever claimed to be an expert in C++. I pushed a few updates to the BBR RPC API because I was motivated by CURIOSITY to work on a cryptonote Java API. THIS WAS NEVER ABOUT THE MONEY FOR ME. You people are blame blame blame without any shred of evidence. Knock it off.

same pumpgroup from bbr is now buying in at aeon be aware. javajared blocko and several others are involved and they are now posting since a few days in here.

Also look at the grapps and volume same trick as on bbr be aware this will fall very fast

here a nice video of these guys

https://www.youtube.com/watch?v=6aV1gc7JbLA

What are the plans for a GUI? Will we see Monero's GUI wrapped in Aeon blue any time soon, or is the focus on the other work? (i.e. tx mixins, pruning, kovri, etc)

In the original post you can find a small bit of info on solo mining from within the daemon itself:
https://bitcointalksearch.org/topic/ann-aeon-2019-09-27-upgrade-to-version-01300-asap-hf1146200-oct-25-641696

These two mining pools provide links to pool mining software:
http://54.153.36.187:8080/#getting_started
http://98.238.231.31:9000/#getting_started

If you DuckDuckGo each of those softwares, you'll find more info on what hardware they are for

I am not an expert, but it intuitively makes sense to me that if we allow some 0-mix txs then abolishing 1-mix would significantly reduce the impact they could have on privacy. Realistically though I think we are just talking about the possibility of one of the inputs in a tx being indentifiable as 'real' in a limited number of txs right? (ie where a 1-mix tx had a 0-mix as an input for one of the amounts).
Perhaps instead of abolishing 1-mix txs, we could prevent the use of 0-mix inputs for them. Is that feasible?
If my understanding is right, for 1-mix tx, you would have to be have every input paired with a 0-mix input for to reveal the whole tx, which would be a low probability event, but possible (I am working on the assumption that ring inputs are selected simply by matching amounts and not looking at other parameters, such as mix - please correct me if this is wrong, I am keen to learn and help)

I look forward to the details of the second method in due course

On a seperate note will Kovri/I2P be implemented in Aeon when it is complete in Monero? I am assuming that it is equally vulnerable to IP snooping.

Hey Smooth,

I think a lot of what you have planned sounds great; what is your timetable for development? I see the github hasn't seen an update in ages.

There are two methods planned, one of which is already implemented in the current release. The first (already implemented) is that the number of 0-mix (also currently 1-mix, but maybe those should be prohibited altogether) transactions is limited to a maximum of one per block. Given growth in usage that will be a small minority of the total number of transactions, which results, statistically, in the chain as a whole is being protected any sort of chain reaction attacks.

The second method allowing a different pathway for smaller and lower-cost transactions is planned for an upcoming upgrade but has not been disclosed yet.

Hey Smooth, is there somewhere I can read more about what the AEON approach is concerning allowing a limited number of 0 mix and non RCT tx's without compromising the overall privacy of the chain as a whole?
Obviously including a 0 mix input into a >1 mix reduces privacy at the most basic level. Is there already/will there be an algo that is used to regulate this ?

Thanks

Unless something's about to change...

Pretty much. Todays volume is stupidly high for trading activity alone. Today is artificial volume being traded. Sadly they don't realise that pumping a stock that has no activity outside of themselves is meaningless. It's a coin mainly mined. No actual cash goes back into it to facilitate a price boost and dump.

Sometimes, I wonder...

and some people playing with market: