Mixcoin (http://eprint.iacr.org/2014/077.pdf) another rather ineffective anonymity proposal.
See the Deanonymization in section 3 and the admission in section 4. There is no way to prove that many (or most of) the mixers aren't honeypots. Just like with Tor or I2P, you don't have reliable anonymity. If every 5th of your transactions is not anonymous and you don't know which ones are and are not, then this is basically useless.
Also this does nothing to obfuscate the IP address, so ditto what I wrote in the upthread posts.
Also this is based on reputation, i.e. restitution is not cryptographically guaranteed. Thus this can be gamed by constantly creating new mixers that defraud then close down. Thus this will migrate over time to a few highly trusted mixers which of course will be honeypots because they are well known and established, thus easy for the government to track down and serve with national security gag order.
Topic: Bitcoin adoption slowing; Coinbase + Bitpay is enough to make Bitcoin a fiat - page 6. (Read 67117 times)
May 12, 2014, 05:40:09 AM
May 11, 2014, 09:34:44 AM
Interesting breakdown of the pros and cons of the various anonymity technologies out there. Lots of new info on Zerocash which I have not read much on before.
Zerocash is interesting but I really dont like the idea of a single code that must be computed and destroyed
for the system to work. Tremendous temptation there for one of the developers to keep a copy of that on a USB stick somewhere just in case. Who would not want the ability to print money in total secrecy at whim.
Regardless I am happy to see competing technologies in this area as it is good for cryptocurrency.
Zerocash is interesting but I really dont like the idea of a single code that must be computed and destroyed
for the system to work. Tremendous temptation there for one of the developers to keep a copy of that on a USB stick somewhere just in case. Who would not want the ability to print money in total secrecy at whim.
Regardless I am happy to see competing technologies in this area as it is good for cryptocurrency.
May 10, 2014, 10:50:06 PM
Cross-posting...
https://bitcointalksearch.org/topic/m.6662938
Zerocash
On further analysis, sending a transaction to Zerocash without reliable obfuscation of your IP address, means the NSA and other national security agencies know you are transacting even though they don't know the amount nor payee.
But we know the NSA is sharing data now with G20 tax authorities (I have a citation for this), thus the tax authorities can demand you provide the details of the transaction.
Thus Zerocash's anonymity is useless (or at least very risky) against the coming wave of confiscation and taxation, without something more reliable than Tor and I2P for obfuscating the IP address. Tor and I2P being low-latency Chaum mix-nets are subject to timing attacks by a global adversary such as the NSA, as well the Tor servers are likely honeypots (Q: who has a motivation to provide all that traffic for free? A: the NSA). I have citations for these statements.
CryptoNote / Monero et al
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
[1] http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
https://www.schneier.com/essay-446.html
https://www.schneier.com/blog/archives/2013/11/elliptic_curve.html#c2200076
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1676105
https://bitcointalksearch.org/topic/m.5518821 (read entire thread)
https://bitcointalksearch.org/topic/m.5975715
https://bitcointalksearch.org/topic/m.3973597
CryptoNote / Monero et al
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have the inputs amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA or could be broken since it is number theoretic public key cryptography.
This is actually pretty easy to solve and CryptoNote already implements it: every transaction is broken up. There will always be outputs in the blockchain matching the broken-down components. Unlike CoinJoin, this is done without any participation from anyone else. The other matching amounts are not being spent at the same time; in fact they can be used as many times as needed as an ambiguity factor without actually being spent. This means the opportunity to use ring signatures isn't infrequent at all -- you can send any amount you want and it will be appropriately matched and mixed. (See section 4.5 in the white paper.)
You haven't addressed my point that eliminates the ability to prune the block chain, because you will never know which outputs have been spent.
Automatically (is this enforced or optional per wallet?) breaking the transaction outputs into constant units, e.g. 1 coin, 0.5 coin, 0.25 coin etc, will radically bloat the block chain. The ring signatures are going to be huge if you need to obfuscate among say for example 256 payers (1/256 probability of being non-anonymous) each for several inputs, e.g. for 1.76 MRO spend 1 MRO, 0.5 MRO, 0.25 MRO, 0.01 MRO, as well as payee addresses for each of those fractional amounts.
And it won't solve the problem unless the smallest of those enforced fractional amounts match up with the fractional remainder of your transaction, which implies radical block chain bloat.
All of that waste, and still if your IP is not obfuscated you lose anonymity.
Whereas, if your IP address is obfuscated, then you don't need all that waste above (and don't incur the risk of relying on elliptical signatures being compromised ANY TIME IN THE FUTURE DECADES breaking your historic anonymity on the block chain).
And with IP address obfuscation your anonymity is assured regardless what happens on the block chain tracing.
However it might still be an improvement to enforce one-time ring signatures only when merging balances, i.e. multiple inputs to a transaction. But the issue of partitioning transactions to fixed fractional amounts and block chain bloat has to be weighed.
If you think that bloating the block chain is irrelevant then I remind you that two Bitcoin pools control more than 50% of the network, so if the government takes over these pools (even insidiously), they can defeat you (in numerous ways, e.g. they can help correlate your IP address by controlling the destination and source of your transaction sends and mining awards respectively).
It already takes hours to days to download the Bitcoin block chain, and you are proposing to increase that by orders-of-magnitude.
Yeah IP obfuscation could be more generally applicable to internet activities. That is why Tor and I2P exist. Unfortunately they may not be that perfect. Let's pull a guesstimate out of our arse that they are anonymous 80% of the time to a global adversary and thus to tax authorities and governments. That means every 5th of your transactions is not.
Everyone has to agree on the fractional amounts, so they can't be arbitrarily chosen as you have shown.
Rather with a power-of-2 standard (I'm a programmer so I can write the first 20 entries in following list without a calculator):
0.0001
0.0002
0.0004
0.0008
0.0016
0.0032
0.0064
0.0128
0.0256
0.0512
0.1024
0.2048
0.4096
0.8192
1.6384
3.2768
6.5536
13.1072
26.2144
52.4288
104.8576
209.7152
419.4304
838.8608
The break down would be 1234.5678 = 838.8608 + 209.7152 + 104.8576 + 52.4288 + 26.2144 + 1.6384 + 0.8192 + 0.0256 + 0.0064 + 0.0008 + 0.0004 + 0.0002.
The issue is not only the cost of the storage. There is the download speed also. And other complex factors. A tax is probably also going to have Tragedy of the Commons effects, as I explained in my numerous discussions of why transaction fees will never work for Bitcoin in the long-run. There are other articles out now about these by others. Such discussion will take us off on tangents I don't feel like having right now.
https://bitcointalksearch.org/topic/m.6662938
Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).
Here is a synopsis of the tradeoffs compared to CyptoNote:
1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.
2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).
3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.
4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.
5. Zerocash hides everything so it is not necessary to obscure your IP address.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Here is a synopsis of the tradeoffs compared to CyptoNote:
1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.
2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).
3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.
4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.
5. Zerocash hides everything so it is not necessary to obscure your IP address.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Zerocash
On further analysis, sending a transaction to Zerocash without reliable obfuscation of your IP address, means the NSA and other national security agencies know you are transacting even though they don't know the amount nor payee.
But we know the NSA is sharing data now with G20 tax authorities (I have a citation for this), thus the tax authorities can demand you provide the details of the transaction.
Thus Zerocash's anonymity is useless (or at least very risky) against the coming wave of confiscation and taxation, without something more reliable than Tor and I2P for obfuscating the IP address. Tor and I2P being low-latency Chaum mix-nets are subject to timing attacks by a global adversary such as the NSA, as well the Tor servers are likely honeypots (Q: who has a motivation to provide all that traffic for free? A: the NSA). I have citations for these statements.
CryptoNote / Monero et al
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have matching input amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA[1] or could be broken since it is number theoretic public key cryptography.
And the use of one-time ring signatures mucks up the pruning of the block chain of spent addresses. There is a tweak to improve this over the current CryptoNote (one of the tweaks I alluded to upthread).
Bottom line is most of your anonymity will come from obfuscating your IP address with something more reliable than Tor and I2P, not from the block chain mixing of CryptoNote or Zerocash/coin, i.e. if your IP is correlated to your identity, then the one-time ring signature doesn't obscure your identity when you spend.
The case where the one-time ring signature is really useful is a transaction with multiple inputs wherein the spender is merging his coins, thus enabling tracing of those coins to the same entity (the current spender). And it is very unfortunate the one-time ring signature is optional in this case, because it is the identity of the upchain spenders who suffer from this action by the current spender, thus the motivation is not there.
So we can see as it is currently structured, CryptoNote doesn't really support anonymity much.
Sorry to blow holes in your enthusiasm. Reality sucks if you haven't taken the time to do some serious work before launching.
Note that the use of a separate payee address for each transaction is a very useful strategy. This is a positive aspect of CryptoNote that adds anonymity, but again it is not so effective without reliable IP obfuscation, as the payee will reveal himself on spending.
[1] http://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
https://www.schneier.com/essay-446.html
https://www.schneier.com/blog/archives/2013/11/elliptic_curve.html#c2200076
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c1676105
https://bitcointalksearch.org/topic/m.5518821 (read entire thread)
https://bitcointalksearch.org/topic/m.5975715
https://bitcointalksearch.org/topic/m.3973597
CryptoNote / Monero et al
CryptoNote's one-time ring signature as a way of obfuscating who is the payer (the spender), is optional and can only be used when there are other payees who have the inputs amounts. In other words, it can't do any obfuscation for you on spending unless there are other coins that have the same balance as yours.
That very infrequent opportunity for use is coupled with constant use of elliptical curve cryptography which is known to be broken under quantum computing, as well is suspect to broken by the NSA or could be broken since it is number theoretic public key cryptography.
This is actually pretty easy to solve and CryptoNote already implements it: every transaction is broken up. There will always be outputs in the blockchain matching the broken-down components. Unlike CoinJoin, this is done without any participation from anyone else. The other matching amounts are not being spent at the same time; in fact they can be used as many times as needed as an ambiguity factor without actually being spent. This means the opportunity to use ring signatures isn't infrequent at all -- you can send any amount you want and it will be appropriately matched and mixed. (See section 4.5 in the white paper.)
You haven't addressed my point that eliminates the ability to prune the block chain, because you will never know which outputs have been spent.
Automatically (is this enforced or optional per wallet?) breaking the transaction outputs into constant units, e.g. 1 coin, 0.5 coin, 0.25 coin etc, will radically bloat the block chain. The ring signatures are going to be huge if you need to obfuscate among say for example 256 payers (1/256 probability of being non-anonymous) each for several inputs, e.g. for 1.76 MRO spend 1 MRO, 0.5 MRO, 0.25 MRO, 0.01 MRO, as well as payee addresses for each of those fractional amounts.
And it won't solve the problem unless the smallest of those enforced fractional amounts match up with the fractional remainder of your transaction, which implies radical block chain bloat.
All of that waste, and still if your IP is not obfuscated you lose anonymity.
Whereas, if your IP address is obfuscated, then you don't need all that waste above (and don't incur the risk of relying on elliptical signatures being compromised ANY TIME IN THE FUTURE DECADES breaking your historic anonymity on the block chain).
And with IP address obfuscation your anonymity is assured regardless what happens on the block chain tracing.
However it might still be an improvement to enforce one-time ring signatures only when merging balances, i.e. multiple inputs to a transaction. But the issue of partitioning transactions to fixed fractional amounts and block chain bloat has to be weighed.
If you think that bloating the block chain is irrelevant then I remind you that two Bitcoin pools control more than 50% of the network, so if the government takes over these pools (even insidiously), they can defeat you (in numerous ways, e.g. they can help correlate your IP address by controlling the destination and source of your transaction sends and mining awards respectively).
It already takes hours to days to download the Bitcoin block chain, and you are proposing to increase that by orders-of-magnitude.
From what little I'm familiar with though, wouldn't something like ip-obfuscation be more exclusive of the currency protocol itself and have more to do with data is transferred through an IP? At least, if it were to surface in the world, I would imagine it to be aimed at something much more main-stream than a cryptocurrency. Like an email system or some other sort of messaging system would seem a much more valid proof of concept, rather than having it surface in a cryptocurrency for the first time.
Yeah IP obfuscation could be more generally applicable to internet activities. That is why Tor and I2P exist. Unfortunately they may not be that perfect. Let's pull a guesstimate out of our arse that they are anonymous 80% of the time to a global adversary and thus to tax authorities and governments. That means every 5th of your transactions is not.
edit:
For a transaction of 1234.567800000000, the transaction is broken down into parts 1000,200,30,4,.5,.06,.07,.008 .
Quote from: Anonymint
Automatically (is this enforced or optional per wallet?) breaking the transaction outputs into constant units, e.g. 1 coin, 0.5 coin, 0.25 coin etc, will radically bloat the block chain. The ring signatures are going to be huge if you need to obfuscate among say for example 256 payers (1/256 probability of being non-anonymous) each for several inputs, as well as payee addresses for each of those fractional amounts.
For a transaction of 1234.567800000000, the transaction is broken down into parts 1000,200,30,4,.5,.06,.07,.008 .
Everyone has to agree on the fractional amounts, so they can't be arbitrarily chosen as you have shown.
Rather with a power-of-2 standard (I'm a programmer so I can write the first 20 entries in following list without a calculator):
0.0001
0.0002
0.0004
0.0008
0.0016
0.0032
0.0064
0.0128
0.0256
0.0512
0.1024
0.2048
0.4096
0.8192
1.6384
3.2768
6.5536
13.1072
26.2144
52.4288
104.8576
209.7152
419.4304
838.8608
The break down would be 1234.5678 = 838.8608 + 209.7152 + 104.8576 + 52.4288 + 26.2144 + 1.6384 + 0.8192 + 0.0256 + 0.0064 + 0.0008 + 0.0004 + 0.0002.
I have asked about the bloat on the chain before, and the consensus was that with the visible competition enforcing a 10% tax on mining to afford some privacy, then the storage space used to hold the blockchain would be a much less cost. I would like to know much more about this though, because the blockchain is noticeably larger in this protocol by a lot.
The issue is not only the cost of the storage. There is the download speed also. And other complex factors. A tax is probably also going to have Tragedy of the Commons effects, as I explained in my numerous discussions of why transaction fees will never work for Bitcoin in the long-run. There are other articles out now about these by others. Such discussion will take us off on tangents I don't feel like having right now.
May 09, 2014, 07:33:39 PM
This is where the country of chattel is headed:
http://armstrongeconomics.com/2014/05/09/why-the-republic-leadership-needs-to-go-it-is-political-civil-war/
http://armstrongeconomics.com/2014/05/09/unions-want-to-tax-exchanges-to-pay-for-their-pensions/
http://armstrongeconomics.com/2014/05/09/taxing-whatever-moves-a-political-tradition/
http://armstrongeconomics.com/2014/05/08/bull-market-in-taxes/
http://armstrongeconomics.com/2014/05/07/a-significant-change-in-trend/
http://armstrongeconomics.com/2014/05/07/geopolitical-chaos/
You either find a way to do commerce that the govt can't steal or we go into a Dark Age.
Physical gold and silver are hoarding paradigms, and velocity-of-money (i.e. V in the M x V = P x Q ≈ GDP in the Quantity Theory of Money equation) plummets (V is already down -50% since 2007).
Revolution can't fix it. Political action can't fix it.
You've only got one hope. Anonymous crypto-currency.
http://armstrongeconomics.com/2014/05/09/why-the-republic-leadership-needs-to-go-it-is-political-civil-war/
http://armstrongeconomics.com/2014/05/09/unions-want-to-tax-exchanges-to-pay-for-their-pensions/
http://armstrongeconomics.com/2014/05/09/taxing-whatever-moves-a-political-tradition/
http://armstrongeconomics.com/2014/05/08/bull-market-in-taxes/
http://armstrongeconomics.com/2014/05/07/a-significant-change-in-trend/
http://armstrongeconomics.com/2014/05/07/geopolitical-chaos/
You either find a way to do commerce that the govt can't steal or we go into a Dark Age.
Physical gold and silver are hoarding paradigms, and velocity-of-money (i.e. V in the M x V = P x Q ≈ GDP in the Quantity Theory of Money equation) plummets (V is already down -50% since 2007).
Revolution can't fix it. Political action can't fix it.
You've only got one hope. Anonymous crypto-currency.
May 09, 2014, 06:19:11 PM
Quote from: anonymous
The community is stupid and doesn't know what it needs, which is why it's an uphill battle to convince everyone why certain features are important. The community doesn't think transaction fees are an issue. They think cpu-only coins are bad because "omg botnets." They think money supply should be fixed because "omg inflation." They think premines are evil because they're only interested in the short-term profitability of the coin.
However, the community will adobt a currency that is convenient and simple, in spite of the features everyone thinks are negative. User experience and design is everything when it comes to adoption. Mining should be as simple as running an app and clicking a giant green button that says "START MINING." Making transactions should be equally brainless. The need to specify ambiguity and tx outs when making transactions is stupid and adds unnecessary complication. All of those parameters should be fixed and secure by default.
I told TFT to let me design a beautiful GUI for easy mining to implement before launching. He said okay, but then launched without me. A beautiful and simple GUI wallet also needs to be implemented before launch. Beyond that, if you only do what the community thinks is important, you will never make progress.
However, the community will adobt a currency that is convenient and simple, in spite of the features everyone thinks are negative. User experience and design is everything when it comes to adoption. Mining should be as simple as running an app and clicking a giant green button that says "START MINING." Making transactions should be equally brainless. The need to specify ambiguity and tx outs when making transactions is stupid and adds unnecessary complication. All of those parameters should be fixed and secure by default.
I told TFT to let me design a beautiful GUI for easy mining to implement before launching. He said okay, but then launched without me. A beautiful and simple GUI wallet also needs to be implemented before launch. Beyond that, if you only do what the community thinks is important, you will never make progress.
Thank you for sharing this with me.
Leaderless organization is good for defending what you have (see the Apache and the first chapter of the book The Starfish and the Spider) and it allows for individual innovation because each person is their own leader (and in fact my currently paused effort with Copute is about modularization of open source via higher-order semantics to facilitate this type of disorganized, open source innovation), but in the near-term it doesn't metastasize as well project-wide innovation. Additionally, large groups can be manipulated by the powers-that-be, so the project doesn't even remain leaderless long-term.
If no individual is important, then usually no one bothers to give their best effort. Collectivism is lazy and half-assed.
Linux would not be what it is today if Linus Torvalds had not been there to say "no" to certain commits:
http://www.youtube.com/watch?v=-ZRvHbHxr-k (hear it from his mouth)
Without a leader, you end up with political gridlock, e.g. Bitcoin.
This is the power vacuum of democracy. Mancur Olsen described this in the The Logic of Collective Action.
http://esr.ibiblio.org/?p=984 (Some Iron Laws of Political Economics)
It doesn't matter what these early miners say and think. The important demographic are the 7 billion out there. Make the miner available to them and bypass the whiners who complain about a premine.
If I launched an altcoin, the thread would be self-moderated and all political comments would be deleted. Because I know very well what is needed and what will drive massive adoption. I don't need their feedback, because I've been studying and getting feedback in the BTT for over a year.
May 09, 2014, 07:35:53 AM
My answer here, in order not to derail the main Monero thread:
In system administration, we call it SPOF - single point of failure. As long as leader remind they are expendable, there is no single point of failure. Wikileaks would survive the demise of Assange, monero, given enough momentum, would survive the demise of the present team - it happened in the past.
You are still right on one point: the leader must be proactive in reminding they are expendable. Otherwise, it would lead to sacralization and this is not good (private interest over general interest).
Also IMHO, closed source on the PoW algorithm would be best until several weeks of ramp up is complete so clones are too far behind.
Did you read what happened three days ago? Angry community. Look at all coins that suffered of the word "premine" even when the premine was actually used for good things. Same goes for closed-source and accidentel instamine. Crypto holders have been abused so often they do not have much patience for mistakes. The technology behind a project is nothing without a community, something a lot of experts trapped in their ivory tower fail to capture. We can lament this, but that's how it works.Open source good for refining not for innovating
Agree, like a lot of major OSS proponents. Not that it is an impasse, though. Not being good doesn't mean being unable - Apple's proprietary' OS X boasted about compressed RAM in Maverick; Linux had it two years before it. So, that's a trend, not a rule.For example, how do you plan to decentralize pools? You will need some innovative leadership on an algorithm for that, lest you end up same as Bitcoin with two pools controlling greater than 50% of the network hash power.
Asking tough questions is part of the open source idea. So thank you to highlight the issue. We should have a collaborative feature list somewhere - done Ditto making mining easy enough for grandma to do. Etc.
The Monero one-liner is a step in this direction. A script (a mere encapsulation) will soon follow, then porting it to other Unixes and finally to Windows. And finally a GUI.Does anyone know of any innovative project (created many new killer features) that was created by open source (and not open sourced after those innovative features were completed)?
Reminds me of something...If the leader (lead developer) of an anonymous coin which successfully threatens the banksters' global hegemony over fiat, is not also anonymous, then he can be coerced by the powers-that-be in numerous ways (e.g. tax audit, trumped up criminal charges on something since there are so many laws everyone of us is breaking a federal or EU law every day, etc).
You assume that we are important to the coins. We are not. We are by now by virtue of not having a lot of people in. A good leader is an expendable leader. That's how the guerilla movement work, by the way - you can't cut the head because either there is no head of, like the Lernaean Hydra, another head growths when one is severed.In system administration, we call it SPOF - single point of failure. As long as leader remind they are expendable, there is no single point of failure. Wikileaks would survive the demise of Assange, monero, given enough momentum, would survive the demise of the present team - it happened in the past.
You are still right on one point: the leader must be proactive in reminding they are expendable. Otherwise, it would lead to sacralization and this is not good (private interest over general interest).
May 08, 2014, 10:59:57 PM
Cross-posting...
https://bitcointalksearch.org/topic/m.6624426
One more issue comes to mind.
If the leader (lead developer) of an anonymous coin which successfully threatens the banksters' global hegemony over fiat, is not also anonymous, then he can be coerced by the powers-that-be in numerous ways (e.g. tax audit, trumped up criminal charges on something since there are so many laws everyone of us is breaking a federal or EU law every day, etc).
Thus the lead developer can't gain from fame in the usual way of open source projects, e.g. Linus Torvalds.
These issues need to be contemplated BEFORE launching your coin.
If you are only interested in pump and dump, then this issue isn't important. But if you are serious about long-term development and success of the coin, then the issue should be discussed.
If you choose instead a leaderless open source strategy to combat the above issue, then you have the issues of my prior post.
https://bitcointalksearch.org/topic/m.6624426
One more issue comes to mind.
If the leader (lead developer) of an anonymous coin which successfully threatens the banksters' global hegemony over fiat, is not also anonymous, then he can be coerced by the powers-that-be in numerous ways (e.g. tax audit, trumped up criminal charges on something since there are so many laws everyone of us is breaking a federal or EU law every day, etc).
Thus the lead developer can't gain from fame in the usual way of open source projects, e.g. Linus Torvalds.
These issues need to be contemplated BEFORE launching your coin.
If you are only interested in pump and dump, then this issue isn't important. But if you are serious about long-term development and success of the coin, then the issue should be discussed.
If you choose instead a leaderless open source strategy to combat the above issue, then you have the issues of my prior post.
May 08, 2014, 10:42:13 PM
Cross-posting...
Let me explain a bit about how open source works. Anyone is free to contribute. The lead developer and core team reviews the proposed changes and either adopts them or not. There is at least one of the core team who does work on optimization, and posted some optimizations. I would not be surprised if he develops further optimizations as well.
So if you have proposed code changes, please submit them. Some sort of statement -- backed up by zero evidence -- about a unicorn miner that someone has is not helpful. Every altcoin has these "Kaiser Soze" miners who supposedly have much faster mining code than everybody else. Sometimes it's true and sometimes it isn't. We can't force anyone to contribute their code.
The PoW algorithm needs to be highly optimized from public launch.
Also IMHO, closed source on the PoW algorithm would be best until several weeks of ramp up is complete so clones are too far behind.
Open source is a very effective paradigm for refining (because of the Linus law, "given enough eyeballs, every bug or refinement is shallow"), but it is not as effective at innovation because innovation requires pride+ownership (in one's work), investment of effort, and most of all leadership. Eric Raymond (the creator of the term "open source") opened a discussion on this last year (see the comments):
http://esr.ibiblio.org/?p=4946 (Adobe in cloud-cuckoo land)
For example, how do you plan to decentralize pools? You will need some innovative leadership on an algorithm for that, lest you end up same as Bitcoin with two pools controlling greater than 50% of the network hash power.
Ditto making mining easy enough for grandma to do. Etc.
Does anyone know of any innovative project (created many new killer features) that was created by open source (and not open sourced after those innovative features were completed)?
Btw, Russians are very astute at algorithmic optimization:
http://esr.ibiblio.org/?p=4901 (National styles in hacking)
Someone (C++ skilled) did private optimized miner a few days ago, he got 74H/s for i5 haswell. He pointed that mining code was very unoptimized and he did essential improvements for yourself. So, high H/S is possible yet.
Can the dev's core review code for that?
Can the dev's core review code for that?
Let me explain a bit about how open source works. Anyone is free to contribute. The lead developer and core team reviews the proposed changes and either adopts them or not. There is at least one of the core team who does work on optimization, and posted some optimizations. I would not be surprised if he develops further optimizations as well.
So if you have proposed code changes, please submit them. Some sort of statement -- backed up by zero evidence -- about a unicorn miner that someone has is not helpful. Every altcoin has these "Kaiser Soze" miners who supposedly have much faster mining code than everybody else. Sometimes it's true and sometimes it isn't. We can't force anyone to contribute their code.
The PoW algorithm needs to be highly optimized from public launch.
Also IMHO, closed source on the PoW algorithm would be best until several weeks of ramp up is complete so clones are too far behind.
Open source is a very effective paradigm for refining (because of the Linus law, "given enough eyeballs, every bug or refinement is shallow"), but it is not as effective at innovation because innovation requires pride+ownership (in one's work), investment of effort, and most of all leadership. Eric Raymond (the creator of the term "open source") opened a discussion on this last year (see the comments):
http://esr.ibiblio.org/?p=4946 (Adobe in cloud-cuckoo land)
For example, how do you plan to decentralize pools? You will need some innovative leadership on an algorithm for that, lest you end up same as Bitcoin with two pools controlling greater than 50% of the network hash power.
Ditto making mining easy enough for grandma to do. Etc.
Does anyone know of any innovative project (created many new killer features) that was created by open source (and not open sourced after those innovative features were completed)?
Btw, Russians are very astute at algorithmic optimization:
http://esr.ibiblio.org/?p=4901 (National styles in hacking)
May 08, 2014, 07:57:03 PM
Cross-posting...
https://bitcointalksearch.org/topic/m.6622339
There are at least two critically necessary improvements needed to the CryptoNote anonymity algorithm to make it function well in the real world. I am withholding my ideas until I see a coin that has an extremely capable Benevolent Dictator For Life (none of this Foundation and communism BS that has wrecked Bitcoin), a premine to fund contributions, and partial open source to prevent a plethora of clones in the ramp up phase.
Upthread I have alluded to other improvements (e.g. CPU only, better IP obfuscation than Tor and I2P, pools that force decentralization, one click mining for the masses, etc) to which I implied I know of the solutions to. I have stated what I want to see in order to offer my support.
If you think you can win with what you have now, I think you are mistaken.
Good luck.
https://bitcointalksearch.org/topic/m.6622339
There are at least two critically necessary improvements needed to the CryptoNote anonymity algorithm to make it function well in the real world. I am withholding my ideas until I see a coin that has an extremely capable Benevolent Dictator For Life (none of this Foundation and communism BS that has wrecked Bitcoin), a premine to fund contributions, and partial open source to prevent a plethora of clones in the ramp up phase.
Upthread I have alluded to other improvements (e.g. CPU only, better IP obfuscation than Tor and I2P, pools that force decentralization, one click mining for the masses, etc) to which I implied I know of the solutions to. I have stated what I want to see in order to offer my support.
If you think you can win with what you have now, I think you are mistaken.
Good luck.
May 08, 2014, 05:57:52 AM
Cross-posting...
I just found out about it a few days ago. I was aware of CryptoNote and Bytecoin for a few weeks.
Don't be so paranoid. Politics isn't what wins the race, rather it is development of features. I have already listed several features that no CN coin has, and I have several more in mind on top of that. And more on top of that, until all the major killer features have been satiated.
The race has only just begun and being ahead by a few weeks is meaningless.
I never advocated entirely closed source, nor a long term partial open source.
There are many things that give confidence and I think the ability to hold off clones and fund rapid development, and demonstrate superior features also generates confidence.
Thus I am stating that I think Monero has adopted the wrong model, but only time will tell.
Specifically I don't think radical innovation can come from design by open source committee. There needs to be a strong leader who drives the innovation. For example, you make a bounty for a pool design, but there are many innovations that could come in a the pool that won't be there due to lack of a strong innovative leader driving the project.
Open source is very good at copying and propagating existing innovation, but not very good at creating it. Open source is a refinement protocol, not an innovation and creation protocol.
strange when none of these accounts were around for the discussions that took place 3 weeks ago. Such vested interests with no prior indications. Hmm..
I just found out about it a few days ago. I was aware of CryptoNote and Bytecoin for a few weeks.
Don't be so paranoid. Politics isn't what wins the race, rather it is development of features. I have already listed several features that no CN coin has, and I have several more in mind on top of that. And more on top of that, until all the major killer features have been satiated.
The race has only just begun and being ahead by a few weeks is meaningless.
Altcoin history shows that except in the case of premine (Tenebrix), the first implementation stays the largest by a wide margin. We're repeating that here by outpacing Bytecoin (thanks to its 80% mine prior to surfacing). No other CN coin has anywhere near the hashrate or trading volume. Go check diff in Fantom for example or the lack of activity in BCN trading. Tomorrow you can watch this Monero "relaunch" troll coin fail when it goes live.
The only CN coin out there doing something valuable is HoneyPenny, and they're open source too. If HP develops something useful, MRO can incorporate it as well. Open source gives confidence. No need for any further edge.
The only CN coin out there doing something valuable is HoneyPenny, and they're open source too. If HP develops something useful, MRO can incorporate it as well. Open source gives confidence. No need for any further edge.
I never advocated entirely closed source, nor a long term partial open source.
There are many things that give confidence and I think the ability to hold off clones and fund rapid development, and demonstrate superior features also generates confidence.
Thus I am stating that I think Monero has adopted the wrong model, but only time will tell.
Specifically I don't think radical innovation can come from design by open source committee. There needs to be a strong leader who drives the innovation. For example, you make a bounty for a pool design, but there are many innovations that could come in a the pool that won't be there due to lack of a strong innovative leader driving the project.
Open source is very good at copying and propagating existing innovation, but not very good at creating it. Open source is a refinement protocol, not an innovation and creation protocol.
May 07, 2014, 08:53:13 PM
Cross-posting about anonymity coins...
I'm much more interested in your thoughts on HoneyPenny's PoW, as it's claimed to be an improved and future-proofed version of the CryptoNote algo:
https://bitcointalksearch.org/topic/bbr-boolberry-privacy-and-security-guaranteed-since-2014-577267
As far as I can see (unless I am missing something), I think it is silly and doesn't resolve the issues I explained upthread.
I would like to comment on this issue of fairness and premine. I offer a "reality check" like water on the face. Apologies.
In my opinion, the coin that wins is the one that has the best developers. Developers need to be paid. When I say developers, I mean several people like myself (or apparently smooth?) who are extremely capable programmers and computer scientists. That coin will win regardless of the level of premine retained to pay the bounties. I would hope the original CN developers could be paid. Communism sucks.
The CryptoNote coins at this time all have a problem that they are too difficult to mine and use.
The are not CPU only. They are not anonymous because they don't obscure the IP address and Tor is a honeypot.
They do nothing to decentralize pools. Two Bitcoin pools control more than 50% of the network.
There are many development issues that need to be addressed, e.g. decentralized exchanges.
I suspect there is no way you get there without a premine to pay development costs. I mean we are talking about man-months or man-years of development. In my opinion (as a person who has developed million user commercial software projects), we can't just take some ByteCoin C code and slap a few tweaks on it and release it and expect to complete all the development work that needs to be done.
Add: I don't have time to read the entire thread but I've already seen political catfights. Nothing great gets done by committee nor a Foundation. A fair-minded Benevolent Dictator takes charge and delivers the goods. Then then people avail of it, because it works.
Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).
Here is a synopsis of the tradeoffs compared to CyptoNote:
1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.
2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).
3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.
4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.
5. Zerocash hides everything so it is not necessary to obscure your IP address.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistance algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Thanks for the overview. What do you recommend that's superior to Tor?
What I envision isn't available yet.
I would strongly suggest partial closed source until market dominance is achieved. Having the best developers will likely mean others can't readily fill in the gaps to release clones early in the ramp up.
I go into detailed discussion with tromp in my thread:
https://bitcointalksearch.org/topic/bitcoin-adoption-slowing-coinbase-bitpay-is-enough-to-make-bitcoin-a-fiat-557732
Also you can find some discussion between him and myself in the MemoryCoin 2.0 PoW thread which I linked to upthread.
In short, I don't believe it is CPU only currently, but (and I think we agreed this, but ask him) it might be the appropriate algorithm for mobile later if CPUs move to extremely high number of cores. Our discussion concluded with more testing is needed and I would try to help him get a TileGX in future if I can.
https://bitcointalksearch.org/topic/bitcoin-adoption-slowing-coinbase-bitpay-is-enough-to-make-bitcoin-a-fiat-557732
Also you can find some discussion between him and myself in the MemoryCoin 2.0 PoW thread which I linked to upthread.
In short, I don't believe it is CPU only currently, but (and I think we agreed this, but ask him) it might be the appropriate algorithm for mobile later if CPUs move to extremely high number of cores. Our discussion concluded with more testing is needed and I would try to help him get a TileGX in future if I can.
I'm much more interested in your thoughts on HoneyPenny's PoW, as it's claimed to be an improved and future-proofed version of the CryptoNote algo:
https://bitcointalksearch.org/topic/bbr-boolberry-privacy-and-security-guaranteed-since-2014-577267
As far as I can see (unless I am missing something), I think it is silly and doesn't resolve the issues I explained upthread.
I would like to comment on this issue of fairness and premine. I offer a "reality check" like water on the face. Apologies.
In my opinion, the coin that wins is the one that has the best developers. Developers need to be paid. When I say developers, I mean several people like myself (or apparently smooth?) who are extremely capable programmers and computer scientists. That coin will win regardless of the level of premine retained to pay the bounties. I would hope the original CN developers could be paid. Communism sucks.
The CryptoNote coins at this time all have a problem that they are too difficult to mine and use.
The are not CPU only. They are not anonymous because they don't obscure the IP address and Tor is a honeypot.
They do nothing to decentralize pools. Two Bitcoin pools control more than 50% of the network.
There are many development issues that need to be addressed, e.g. decentralized exchanges.
I suspect there is no way you get there without a premine to pay development costs. I mean we are talking about man-months or man-years of development. In my opinion (as a person who has developed million user commercial software projects), we can't just take some ByteCoin C code and slap a few tweaks on it and release it and expect to complete all the development work that needs to be done.
Add: I don't have time to read the entire thread but I've already seen political catfights. Nothing great gets done by committee nor a Foundation. A fair-minded Benevolent Dictator takes charge and delivers the goods. Then then people avail of it, because it works.
Zerocash will be announced soon (May 18 in Oakland? but open source may not be ready then?).
Here is a synopsis of the tradeoffs compared to CyptoNote:
1. Zerocash hides everything, even the money supply so if the master key was compromised or if the highly complex bleeding edge crypto is cracked, no one will know.
2. They will claim to generate the master key at a ceremony or devise a way to compute in parts, but nothing they can do will insure it isn't compromised. CPUs even have special firmware that allows the NSA to reprogram them remotely, and even computation can be intercepted wireless with RF signals. Whereas we have to place all trust in a single party with Zerocash, with CN the trusted parties are changing on each transaction. Compromising the master key doesn't compromise the anonymity, but does compromise the money supply which could be expanded invisibly. Cracking the highly complex bleeding edge crypto which has not been sufficiently vetted over years, could compromise the anonymity ex post facto (it is all on the block chain).
3. Both CN and Zerocash use a form of cryptography which is not immune to quantum computation attack, if that becomes a reality in the future.
4. Zerocash transactions add up to 3 minutes of additional transaction delay which is much worse than Zerocoin. Zerocash (full node computation and block chain) resource requirements are centralizing but much improved over Zerocoin.
5. Zerocash hides everything so it is not necessary to obscure your IP address.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistant algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Thus on balance I prefer CN, but I like to see it altered to use a quantum computer resistance algorithm. And then we need to add IP address obfuscation as well that is superior to Tor and I2P.
Darkcoin (CoinJoin innovation) is really not at the level of the two above. You can review my comments in the Darkcoin thread to see why.
Thanks for the overview. What do you recommend that's superior to Tor?
What I envision isn't available yet.
Somebody is attemping to relaunch == steal Monero 
bitcointalk.org/index.php?topic=599580.0
I advise against posting in his topic at the moment to avoid bumping
bitcointalk.org/index.php?topic=599580.0
I advise against posting in his topic at the moment to avoid bumping
I would strongly suggest partial closed source until market dominance is achieved. Having the best developers will likely mean others can't readily fill in the gaps to release clones early in the ramp up.
May 06, 2014, 10:27:17 PM
Cross-posting again on one more followup:
I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.
In any case, I changed it to say "CPU only currently".
As the algorithm currently is implemented, I believe that is more honest for the time being.
If AES was replaced with a true cryptographic hash that was exceptionally faster (so that it would be only latency bound and no AES birthday-like attack possible) and if that hash was not efficiently implementable on GPUs, then I would consider the PoW to be strongly CPU only. I would think even an ASIC wouldn't likely outperform significantly since it would be up against all the economies-of-scale of Intel's fabs. In short, your PoW got very close to what I think is possible for design but is missing critical elements. If such a design I envision is open sourced, then you can copy it later.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?
The issue as I understand it (see the link I provided upthread) is that encrypted output is not designed to model a Random Oracle, whereas a cryptographic hash has certain qualities which are more approximate of a Random Oracle. In particular, there is no requirement that 1 bit of change in input to AES changes most of the bits of the output.
A cryptographic hash is irreversible so has greater leeway to incorporate more confusion and diffusion. Whereas, an encryption algorithm by definition is reversible with decryption.
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.
In any case, I changed it to say "CPU only currently".
As the algorithm currently is implemented, I believe that is more honest for the time being.
If AES was replaced with a true cryptographic hash that was exceptionally faster (so that it would be only latency bound and no AES birthday-like attack possible) and if that hash was not efficiently implementable on GPUs, then I would consider the PoW to be strongly CPU only. I would think even an ASIC wouldn't likely outperform significantly since it would be up against all the economies-of-scale of Intel's fabs. In short, your PoW got very close to what I think is possible for design but is missing critical elements. If such a design I envision is open sourced, then you can copy it later.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?
The issue as I understand it (see the link I provided upthread) is that encrypted output is not designed to model a Random Oracle, whereas a cryptographic hash has certain qualities which are more approximate of a Random Oracle. In particular, there is no requirement that 1 bit of change in input to AES changes most of the bits of the output.
A cryptographic hash is irreversible so has greater leeway to incorporate more confusion and diffusion. Whereas, an encryption algorithm by definition is reversible with decryption.
May 06, 2014, 06:11:34 PM
Cross-posting the follow up:
In the memory hard phase, and it uses 256-bit key sizes. This is followed by a number of SHA3 candidates at the bottom. Even if you broke the memory hard AES phase, you'd still have to contend with those.
So, whoever breaks 256-bit AES keys in the memory hard section is awarded most of the hash rate for the network. Good for them, and good luck to them.
I have no real concern with keeping it "CPU only". Whoever innovates the first GPU miner or ASIC miner or whatever should be rewarded accordingly for their efforts.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
In short, AES encryption is not a cryptographic hash function and shouldn't be employed as one.
Thus I am not talking about breaking CryptoNote's slowhash function, rather I am pointing out that by misusing AES encryption, you are breaking the memory hard assumption.
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
There is another egregious flaw in the proof-of-work algorithm.
AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scatchpad size size significantly from the 2MB.
AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scatchpad size size significantly from the 2MB.
In the memory hard phase, and it uses 256-bit key sizes. This is followed by a number of SHA3 candidates at the bottom. Even if you broke the memory hard AES phase, you'd still have to contend with those.
So, whoever breaks 256-bit AES keys in the memory hard section is awarded most of the hash rate for the network. Good for them, and good luck to them.
I have no real concern with keeping it "CPU only". Whoever innovates the first GPU miner or ASIC miner or whatever should be rewarded accordingly for their efforts.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
In short, AES encryption is not a cryptographic hash function and shouldn't be employed as one.
Thus I am not talking about breaking CryptoNote's slowhash function, rather I am pointing out that by misusing AES encryption, you are breaking the memory hard assumption.
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
May 06, 2014, 01:55:13 PM
Another cross-posting on cpu-only proof-of-work algorithm of CryptoNote:
src/crypto/slow-hash.c
On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?
I do not think it is the memorycoin algorithm.
Analyzed it.
It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.
https://cryptonote.org/inside.php#equal-proof-of-work
See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:
https://bitcointalksearch.org/topic/m.3976656
I pointed out that ASICs would implement AES much more efficiently:
https://bitcointalksearch.org/topic/m.3977088
Here follows my conclusions.
In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.
Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.
There is another egregious flaw in the proof-of-work algorithm.
AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
Which file in the source code contains the proof-of-work algorithm?
I've tried to locate it and can't seem to find it quickly.
I want to analyze the cpu-only claim.
I've tried to locate it and can't seem to find it quickly.
I want to analyze the cpu-only claim.
src/crypto/slow-hash.c
On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?
I do not think it is the memorycoin algorithm.
Analyzed it.
It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.
https://cryptonote.org/inside.php#equal-proof-of-work
Quote
3. GPUs may run hundreds of concurrent instances, but they are limited in other ways
See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:
https://bitcointalksearch.org/topic/m.3976656
I pointed out that ASICs would implement AES much more efficiently:
https://bitcointalksearch.org/topic/m.3977088
Here follows my conclusions.
- slow and thus DDoS prevention will be hampered, which will also likely eliminate any chance of supporting 0 transaction fees
- roughly both memory latency and computation bound (instead of the ideal of being only latency bound), thus if Tilera CPUs or GPUs add dedicated AES support or if ASICs are mated to large fast SDRAM caches, the cpu-only claim will fail.
- it is not leveraging hyperthreads
In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.
Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.
There is another egregious flaw in the proof-of-work algorithm.
AES encryption is being employed as the hash function and assumed to be a random oracle with perfect distribution in order to provide the randomized memory access. Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
May 06, 2014, 07:14:56 AM
Cross-posting on cpu-only proof-of-work algorithm of CryptoNote:
src/crypto/slow-hash.c
On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?
I do not think it is the memorycoin algorithm.
Analyzed it.
It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.
https://cryptonote.org/inside.php#equal-proof-of-work
See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:
https://bitcointalksearch.org/topic/m.3976656
I pointed out that ASICs would implement AES much more efficiently:
https://bitcointalksearch.org/topic/m.3977088
Here follows my conclusions.
In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.
Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.
Which file in the source code contains the proof-of-work algorithm?
I've tried to locate it and can't seem to find it quickly.
I want to analyze the cpu-only claim.
I've tried to locate it and can't seem to find it quickly.
I want to analyze the cpu-only claim.
src/crypto/slow-hash.c
On quick glance, I see AES code. Is this the MemoryCoin algorithm and not the one described in the CryptoNote whitepaper which is memory latency bound?
I do not think it is the memorycoin algorithm.
Analyzed it.
It is employing AES as another means of defeating GPUs (in addition to the memory latency bound), similar to MemoryCoin.
https://cryptonote.org/inside.php#equal-proof-of-work
Quote
3. GPUs may run hundreds of concurrent instances, but they are limited in other ways
See prior analysis of that strategy, which concluded that GPUs would be 2.5 to 3X faster but would perform no better in hashes per Watt:
https://bitcointalksearch.org/topic/m.3976656
I pointed out that ASICs would implement AES much more efficiently:
https://bitcointalksearch.org/topic/m.3977088
Here follows my conclusions.
- slow and thus DDoS prevention will be hampered, which will also likely eliminate any chance of supporting 0 transaction fees
- roughly both memory latency and computation bound (instead of the ideal of being only latency bound), thus if Tilera CPUs or GPUs add dedicated AES support or if ASICs are mated to large fast SDRAM caches, the cpu-only claim will fail.
- it is not leveraging hyperthreads
In short, it is too computation heavy, not maximizing the CPU's hyperthreads, and thus not only will it not be the best cpu-only PoW algorithm possible, it will also fail to be remain cpu-only if it becomes widely adopted.
Also being computation heavy, it is consuming more electricity than the ideal cpu-only PoW algorithm.
May 06, 2014, 01:44:40 AM
Cross-posting...
Armstrong doesn't understand what is frontier now; thus his myopia on globalism
Armstrong is still exploring (attempting to refute) the contention about whether there is globalist agenda and what is/are the potential solution(s) to the enslavement of the people as fodder in geopolitical top-down control.
It amazes me that he apparently can't visualize what is obvious to me as the only potential explanation and outcome. Let me try to see if I can more convincingly elucidate the map I 'see' in my brain.
http://armstrongeconomics.com/2014/05/04/complexity-in-trends/
Martin speculates that the "Justice Department were ignorant of international currency transactions". He has no way to prove that they did not fully understand but decided to pretend they did not. This is just an example where a human is not as objective as a computer, because emotions and confirmation biases are difficult for humans to eliminate from their subjective analysis.
Any way, Armstrong has demonstrated nothing above about whether a global agenda exists or not. One can envision that to keep all the parties vested in a global agenda involves a lot of corruption and that corruption can't always be contained in predictable ways, and the system AUTONOMOUSLY adjusts to sustain the corruption (because corruption binds them together otherwise they could all be jailed). The evidence of that effect is the corrupt system put Armstrong in the slammer for 7 years on a bogus contempt of court charge.
And with all the coorperation amongst a large group, amazingly Armstrong thinks the "NY Club" is isolated and not part of any larger globalist agenda. And he presents absolutely no proof to support such an incredulous position, given the volumes of evidence I have presented to show not only is there a globalist agenda, but there is actual laws and actions occurring that implement that agenda globally in every country on earth. Is Martin blinded to the Agenda 21 activities against farmers in Latin America?
https://www.google.com/search?q=Agenda+21+activities+against+farmers+in+Latin+America
Is Armstrong blind to the manipulation of Greece's economy done by Goldman Sachs, and then appointments of Goldman Sachs persons as leaders all over Europe recently.
http://www.independent.co.uk/news/business/analysis-and-features/what-price-the-new-democracy-goldman-sachs-conquers-europe-6264091.html
Duh Martin, then why did you write that assumption above.
Then please explain why Goldman has its tentacles throughout the EU fuckfest. You even noted that the creation of the EU was designed to be flawed. Is that random? No! It was by design.
Martin you understand statistics. What is the probability of that level of integration by Goldman due to random orthogonal events and greed. ROUGHLY ZERO.
I am tired of this nonsense. Armstrong is smarter than this. I don't know why he can't do some actual research and overcome his confirmation bias. Obstinance?
Because there is a power vacuum of democracy and it must be filled. You should understand thermodynamics.
This vested interest binds them together, because they can't win control of that power vacuum otherwise.
This is entirely consistent with nature.
Armstrong is conflating orthogonal issues again. I am empathizing with the plight of the Ukrainians, but there is nothing we can do to help them, because we would be merely fighting for the elite and helping the manipulation. The only way for Ukrainians to win is either to have armed themselves with a gun under every blade of grass like in the USA, or for some technological solution to come which enables them to side-step (opt-out) of the power vacuum of democracy, i.e. defund the taxation and political-industrial complex.
And those prior revolutions were also manipulated for outcomes which favored the elite. We would need to get into a deep study of history to debate that, and I don't have time right now. I do believe there was more chaos at that time, because communication and travel was slower thus the chance we see now with anonymous crypto-currency was instead at the time taking the form of distance from the powers-that-be in Europe in the case of the American Revolution.
Armstrong also has nothing but speculation, at least I have provided volumes of evidence.
The difference now is that global technocracy is a reality and they can track everything. You bring the idealistic youth onboard and they will create an EU style fuckfest "international cooperation" for the entire world. And Rockefeller et al will have achieved their Agenda 21 consolidation of control and power over taxation and issuance of debt.
The only effectual physical revolution you will be seeing are the zombie idealistic youth for "international cooperation", after the global war and chaos from 2016 to 2024 or 2032.
This globe has been shrunk by technology. The only remaining frontier for freedom is cryptography. Armstrong has a dinosaur perspective and he needs to correct this pronto!
"Protester Paul Connor sits on the lawns of Parliament House on day 34 of his hunger strike calling for climate change action, on Dec. 10, 2009, in Canberra, Australia."
Rockefeller's true networth is in the $trillions and is hidden behind NGOs, corporations, etc..
Whether Obama is stupid or not is irrelevant because he isn't the mastermind. He could be (and is likely) compartmentalized. You again speculate. The reality is the agenda is being put into action, and the youth will be indoctrinated and ready to embrace it as "international cooperation".
No politicians are about sustaining the cooperation that keeps their brethren in control of the power vacuum of democracy.
That is a fundamental myopia of Armstrong. He must correct this.
It doesn't even matter if there is a mastermind or not, the reality is Armstrong doesn't even identify the main trend in place, which is not just taxation but rather subjugating sovereignty to the collective on a wider scale as I have explained.
And now finally I understand why Armstrong doesn't get it. He thinks the revolution will be physical. He hasn't realized the world has shrunk due to technology, and physical revolution can't overcome the great powers and the global technocracy. These revolutions will all be manipulated by the great powers.
The revolution and frontier is cryptography. I've been trying to tell him this for several months.
Armstrong doesn't understand what is frontier now; thus his myopia on globalism
Armstrong is still exploring (attempting to refute) the contention about whether there is globalist agenda and what is/are the potential solution(s) to the enslavement of the people as fodder in geopolitical top-down control.
It amazes me that he apparently can't visualize what is obvious to me as the only potential explanation and outcome. Let me try to see if I can more convincingly elucidate the map I 'see' in my brain.
http://armstrongeconomics.com/2014/05/04/complexity-in-trends/
Yes, the CIA wanted me to build a computer for them after our model predicted the collapse of Russia That the FT broadcast in advance on its front page of the second section. True I declined. It is also true that within 6 months PEI was attacked. I have a copy of the slide presentation prepared by the lawyers for Republic National Bank that outright lied misrepresenting their illegal trading as me to hide those losses from the Japanese when I owned the accounts – not the Japanese.
Those in the Justice Department were ignorant of international currency transactions and in the criminal complaint they stated that they “have been informed by the attnorneys for Republic Bank”. The US Government did not even do the analysis. The notes were in yen which was what we owed – Japanese yen. What the dollar did was irrelevant – they were not dollar based notes. This was Safra trying to save his sale of the bank for $10 billion to HSBC. Then HSBC did its own due diligence and found the allegations were false and backed out. The allegations were all based on dollars not the currency of the note denomination – yen.
Safra then had to reduce his personal shares by $1 billion and agree to indemnify HSBC. Why? If the public got anything less, then they would have sued Republic/HSBC and the truth would come out. So Edmond took the haircut personally to prevent any lawsuit by shareholders.
I have the documents. So I know HOW this began and who did what. There was no coordinated group behind everything. It was one step at a time. Just as in Ukraine the West seizes the situation of a grassroots uprising to use it for its own benefit. This is how it always comes down – one step at a time – not some giant scheme carried out over decades. It is always the same pattern.
Those in the Justice Department were ignorant of international currency transactions and in the criminal complaint they stated that they “have been informed by the attnorneys for Republic Bank”. The US Government did not even do the analysis. The notes were in yen which was what we owed – Japanese yen. What the dollar did was irrelevant – they were not dollar based notes. This was Safra trying to save his sale of the bank for $10 billion to HSBC. Then HSBC did its own due diligence and found the allegations were false and backed out. The allegations were all based on dollars not the currency of the note denomination – yen.
Safra then had to reduce his personal shares by $1 billion and agree to indemnify HSBC. Why? If the public got anything less, then they would have sued Republic/HSBC and the truth would come out. So Edmond took the haircut personally to prevent any lawsuit by shareholders.
I have the documents. So I know HOW this began and who did what. There was no coordinated group behind everything. It was one step at a time. Just as in Ukraine the West seizes the situation of a grassroots uprising to use it for its own benefit. This is how it always comes down – one step at a time – not some giant scheme carried out over decades. It is always the same pattern.
Martin speculates that the "Justice Department were ignorant of international currency transactions". He has no way to prove that they did not fully understand but decided to pretend they did not. This is just an example where a human is not as objective as a computer, because emotions and confirmation biases are difficult for humans to eliminate from their subjective analysis.
Any way, Armstrong has demonstrated nothing above about whether a global agenda exists or not. One can envision that to keep all the parties vested in a global agenda involves a lot of corruption and that corruption can't always be contained in predictable ways, and the system AUTONOMOUSLY adjusts to sustain the corruption (because corruption binds them together otherwise they could all be jailed). The evidence of that effect is the corrupt system put Armstrong in the slammer for 7 years on a bogus contempt of court charge.
Quote from: Armstrong
The case was steered to Judge Owen by the SEC to ensure they could control the case and moved to make sure there were no lawyers allowed even though corporations cannot be represented by a director. Nobody bothers with the law because they know it will take you years to get to the Supreme Court and the Second Circuit Court of Appeals is in the pocket of the Justice Department. So there is no possible way to obtain a fair trial in New York City. It will NEVER happen.
Goldman Sachs then hired Alan Cohen and put him directly on the board. This has never been done before. I believe because Cohen then seized all the evidence documenting the manipulation of markets to protect the other banks including files and many taped phone calls including with people at Goldman. The Princeton office was raided and Socrates was unplugged and taken to a special lab in NYC located in the World Trade Center – the old Saloman Brother’s building. They turned it on and discovered it had self-destructed. They then in writing demanded I turnover the source code or PEI would be shut down. I said go ahead, you will never get the code.
Goldman Sachs then hired Alan Cohen and put him directly on the board. This has never been done before. I believe because Cohen then seized all the evidence documenting the manipulation of markets to protect the other banks including files and many taped phone calls including with people at Goldman. The Princeton office was raided and Socrates was unplugged and taken to a special lab in NYC located in the World Trade Center – the old Saloman Brother’s building. They turned it on and discovered it had self-destructed. They then in writing demanded I turnover the source code or PEI would be shut down. I said go ahead, you will never get the code.
And with all the coorperation amongst a large group, amazingly Armstrong thinks the "NY Club" is isolated and not part of any larger globalist agenda. And he presents absolutely no proof to support such an incredulous position, given the volumes of evidence I have presented to show not only is there a globalist agenda, but there is actual laws and actions occurring that implement that agenda globally in every country on earth. Is Martin blinded to the Agenda 21 activities against farmers in Latin America?
https://www.google.com/search?q=Agenda+21+activities+against+farmers+in+Latin+America
Is Armstrong blind to the manipulation of Greece's economy done by Goldman Sachs, and then appointments of Goldman Sachs persons as leaders all over Europe recently.
http://www.independent.co.uk/news/business/analysis-and-features/what-price-the-new-democracy-goldman-sachs-conquers-europe-6264091.html
Quote from: Armstrong
First Republic pleads guilty to $700 million. The the head prosecutor Richard D. Owens explains to the court on January 9th, 2002 that in reality the notes were in yen not dollars and now Republic only needs to pay $650 million but the yen remained the same. Then 30 days later, it is now $606 million. Owens handed HSBC $400 million in profits belonging to Princeton.
Amazingly, when it comes to the banks, suddenly the government lawyers understand the transactions were in yen not dollars
Amazingly, when it comes to the banks, suddenly the government lawyers understand the transactions were in yen not dollars
Duh Martin, then why did you write that assumption above.
Quote from: Armstrong
Now, this is the sequence of events. Yes, you can create a conspiracy and say Goldman, CIA, and Safra all coordinated together to accomplish this. But the more likely than not truth, it is a sequence of independent events one step at a time that cascades into a mess they never foresaw.
Then please explain why Goldman has its tentacles throughout the EU fuckfest. You even noted that the creation of the EU was designed to be flawed. Is that random? No! It was by design.
Quote from: Armstrong
This is where the conspiracy buffs go wrong. They create false images of all-powerful groups that mysteriously manipulate the world for purposes that vary between world dominance to just greed. They cannot see that these are separate groups colliding and at times fighting among each other.
Martin you understand statistics. What is the probability of that level of integration by Goldman due to random orthogonal events and greed. ROUGHLY ZERO.
I am tired of this nonsense. Armstrong is smarter than this. I don't know why he can't do some actual research and overcome his confirmation bias. Obstinance?
Quote from: Armstrong
I do not see how it is possible to have some unified secret group that everyone agrees and extended for hundreds of years. This is inconsistent with human nature.
Because there is a power vacuum of democracy and it must be filled. You should understand thermodynamics.
This vested interest binds them together, because they can't win control of that power vacuum otherwise.
This is entirely consistent with nature.
Quote from: Armstrong
Now look at Ukraine. These conspiracy theorists just have to denigrate the people and presume it is some CIA plot so nobody cares about them. The people are incidental to them and incapable of rising up on their own. They deny human nature exists yet yell there is some all-powerful group to which I am blind. To them, the American Revolution and French Revolution are propaganda and the people were never capable of rising up on their own. They not only fail to understand politics yet claim to know everything about it without ever stepping behind the curtain to witness anything.
Armstrong is conflating orthogonal issues again. I am empathizing with the plight of the Ukrainians, but there is nothing we can do to help them, because we would be merely fighting for the elite and helping the manipulation. The only way for Ukrainians to win is either to have armed themselves with a gun under every blade of grass like in the USA, or for some technological solution to come which enables them to side-step (opt-out) of the power vacuum of democracy, i.e. defund the taxation and political-industrial complex.
And those prior revolutions were also manipulated for outcomes which favored the elite. We would need to get into a deep study of history to debate that, and I don't have time right now. I do believe there was more chaos at that time, because communication and travel was slower thus the chance we see now with anonymous crypto-currency was instead at the time taking the form of distance from the powers-that-be in Europe in the case of the American Revolution.
Quote from: Armstrong
These people project nothing but speculation connecting dysfunctional groups and linking them to statements of David Rockefeller to justify as proof. This idea of a one world government would eliminate war is stupidity. But it was behind the drive to create a Federalized Europe. Nevertheless, that is not proof that some group controls the world.
Armstrong also has nothing but speculation, at least I have provided volumes of evidence.
The difference now is that global technocracy is a reality and they can track everything. You bring the idealistic youth onboard and they will create an EU style fuckfest "international cooperation" for the entire world. And Rockefeller et al will have achieved their Agenda 21 consolidation of control and power over taxation and issuance of debt.
Quote from: Armstrong
There is no political system that has ever lasted intact because there is a correction process that comes from the grass-roots that we call – REVOLUTION.
The only effectual physical revolution you will be seeing are the zombie idealistic youth for "international cooperation", after the global war and chaos from 2016 to 2024 or 2032.
This globe has been shrunk by technology. The only remaining frontier for freedom is cryptography. Armstrong has a dinosaur perspective and he needs to correct this pronto!
"Protester Paul Connor sits on the lawns of Parliament House on day 34 of his hunger strike calling for climate change action, on Dec. 10, 2009, in Canberra, Australia."
Quote from: Armstrong
Rockefeller. His net worth of $2.8 billion is not very much in the scheme of things.
Rockefeller's true networth is in the $trillions and is hidden behind NGOs, corporations, etc..
Quote from: Armstrong
I have even sat at a Washington Dinner at the table with environmentalists who thought I and a friend Dick Fox being associated with Temple University were kin to their thinking. Their agenda is to reduce population growth using the environmental issues as the weapon to hide their true motives. This is the agenda behind global warming and the argued UN Article 21. We let them talk and then my friend Dick Fox who was Chairman of Temple University and the Fox Business School is names after him finally sprung the question on them. Whose grandchild are we trying to prevent from being born? Your’s or mine?
The Democrats have been sold on this environmentalist agenda, but I guarantee they have never heard what I heard that night. Obama is not into depopulation; he is just stupid and believes in global warming blaming cars and factories for the past 120 years being capable of changing the planet long-term. Obama is using the environmental movement not to depopulate, but to raise money and tax using the same theory of cigarettes just calling it the carbon taxes. The conspiracy theorists would then link Obama to depopulation as the secret agenda rather than agreeing further tax collection
The Democrats have been sold on this environmentalist agenda, but I guarantee they have never heard what I heard that night. Obama is not into depopulation; he is just stupid and believes in global warming blaming cars and factories for the past 120 years being capable of changing the planet long-term. Obama is using the environmental movement not to depopulate, but to raise money and tax using the same theory of cigarettes just calling it the carbon taxes. The conspiracy theorists would then link Obama to depopulation as the secret agenda rather than agreeing further tax collection
Whether Obama is stupid or not is irrelevant because he isn't the mastermind. He could be (and is likely) compartmentalized. You again speculate. The reality is the agenda is being put into action, and the youth will be indoctrinated and ready to embrace it as "international cooperation".
Quote from: Armstrong
These people remain blind to the motives behind such taxes and cannot grasp that politicians are only about money.
No politicians are about sustaining the cooperation that keeps their brethren in control of the power vacuum of democracy.
That is a fundamental myopia of Armstrong. He must correct this.
Quote from: Armstrong
These conspiracy theorists connect everything as if some single mind controls everything. They cannot point to a single thing this group has done without speculation or bold statements they were behind it.
It doesn't even matter if there is a mastermind or not, the reality is Armstrong doesn't even identify the main trend in place, which is not just taxation but rather subjugating sovereignty to the collective on a wider scale as I have explained.
Quote from: Armstrong
They refuse to consider what if there is nobody actually in charge? What happens when all of these conflicting self-interests collide? Historically, you get revolution. That is the only way this will be resolved.
And now finally I understand why Armstrong doesn't get it. He thinks the revolution will be physical. He hasn't realized the world has shrunk due to technology, and physical revolution can't overcome the great powers and the global technocracy. These revolutions will all be manipulated by the great powers.
The revolution and frontier is cryptography. I've been trying to tell him this for several months.
May 01, 2014, 09:47:38 PM
April 29, 2014, 06:36:40 AM
---------------------------- Original Message ----------------------------
Subject: Plz martin, plz look at all the circumstantial evidence of a global plan
From: AnonyMint
Date: Tue, April 29, 2014 6:32 am
To: [email protected]
--------------------------------------------------------------------------
Come on Martin, don't be hoodwinked into thinking that Obama is just dumb.
He is doing the work of the global plan to collapse the economy and
maintain the globalist hegemony.
Please take my prior email and then also this new post into your calculus:
https://bitcointalksearch.org/topic/m.6452672
Please Martin, your failure to grasp this so far, is your main error. And
you are very important voice of reason to those millionaires who are
targeted by the globalists in this coming economic collapse.
If we don't find a way for your readers to maintain their wealth in a
transportable form, then the globalists will win and take us into a global
technocracy of digital slavery.
As you have lamented, rare coins and artwork are not going be tranportable
this time, and also they are not a form of currency that is fungible
enough to keep commerce moving.
The ONLY SOLUTION is an anonymous crypto-currency.
What is Socrates saying about the possible rise of an anonymous
crypto-currency as an alterative to the state-controlled digital fiats you
see on the horizon??
Subject: Plz martin, plz look at all the circumstantial evidence of a global plan
From: AnonyMint
Date: Tue, April 29, 2014 6:32 am
To: [email protected]
--------------------------------------------------------------------------
Come on Martin, don't be hoodwinked into thinking that Obama is just dumb.
He is doing the work of the global plan to collapse the economy and
maintain the globalist hegemony.
Please take my prior email and then also this new post into your calculus:
https://bitcointalksearch.org/topic/m.6452672
Please Martin, your failure to grasp this so far, is your main error. And
you are very important voice of reason to those millionaires who are
targeted by the globalists in this coming economic collapse.
If we don't find a way for your readers to maintain their wealth in a
transportable form, then the globalists will win and take us into a global
technocracy of digital slavery.
As you have lamented, rare coins and artwork are not going be tranportable
this time, and also they are not a form of currency that is fungible
enough to keep commerce moving.
The ONLY SOLUTION is an anonymous crypto-currency.
What is Socrates saying about the possible rise of an anonymous
crypto-currency as an alterative to the state-controlled digital fiats you
see on the horizon??
April 28, 2014, 09:47:08 PM
April 26, 2014, 04:49:58 AM
Jump to: