Topic: Blowing the lid off the CryptoNote/Bytecoin scam (with the exception of Monero) - page 15. (Read 132857 times)

Maybe you missed why this thread is here--besides the obvious unsavoriness of a scam-mine....

https://lab.getmonero.org/pubs/MRL-0001.pdf

Did you have chance to read my post on this page above? Removing untraceability does not destroy anonymity since the unlinkability property holds. What it does is allow to link exact inputs to exact outputs. However good luck identifying the people behind the transactions with stealth addresses for each output.

An observer would not be able to even link any two transactions that were made to the same wallet (even if it the recipient and the sender are the same), not saying about the balance. How is that a security risk exactly?

1. If you think Smooth's calculations are incorrect, prove it.

2. No it's not, it is a huge security risk. Even if the BCN Devs planned on doing it to thwart attackers, it paints a huge and centralized target for law enforcement--once they had them, they would have the whole network. Intentional or by accident this would be one of the worst ways to secure a coin's anonymity.

"Technically you are not right either." LOL

1) …is still afflicted by suppositions.

2) correct this has never been offered as a reason… they've always stuck to their origin story (kudos btw)… all I'm saying is it's a possible means of thwarting a malicious entity from attacking the network.

Technically you are not right either.

1. Smooth went through the numbers and your assertion isn't in line with facts. IE BCN's anonymity would be more easily broken by a substantial measure and there is no data to suggest that Monero is unfairly distributed, nor could it be as unfairly distributed as it is still being heavily distributed--so talking about them as equal probabilities of anonymity failure is dead wrong.

2. Is idiotic as a proposition as no one who developed BCN claimed that that was the intention, seems pretty ludicrous to suggest it when even Devs didn't use that as an excuse/reason for the premine.

In a free market,

• One person with 80% of the coin acquired through pre-mine = uneven + unfair distribution.
• One person with 80% of the coin acquired through mining (on a level playing field) or purchasing (in an open market) = uneven distribution but not necessarily unfair.

Whether the distribution (perceived or actual) is a deterrent (or incentive) to others... is a separate matter unrelated to fairness.

I would complain that explaining a magician's trick is bad form.  But he doesn't get the explanation and you don't get the trick.  Ignorance all around.  We are still safe!

By the way.  That bag you are holding is never likely to be more valuable than it is now.

technically I am NOT wrong.

-"extremely likely" is not equal to FACT
-XMR speaks of "fair" and "egalitarian". Im not sure if I know what fair is but I know what isn't i.e. any currency where 50% of the coin is owned by less than 100 persons IS NOT fairly distributed.

Both 1 and 2 ARE (albeit problematic and imperfect) solutions.

Since the discussion digressed to deanonymization through ring signature being compromised, I'd like to add an important point.

First of all, it's not exactly the matter of the sum that the attacker holds. It's about outputs that he controls. That means that even though you may have not more than 20% of the emission, you may be able to create a lot of smaller outputs, which would significantly diminish the barrier.

Secondly, a group of large holders may agree to use their outputs to act as one single malicious user and do it in a manner described above.

Finally, if somebody deanonymizes the outputs used in ring signatures, it does not destroy anonymity. Anonymity in CN is achieved through untraceability (ring signatures) and unlinkability (stealth addresses). Even though the attacker would be able to identify which particular inputs were spent (untraceability removed), he would never be able to prove that 2 transactions were sent to one wallet or learn a balance of any wallet.

This extreme case decreases anonymity in general, but does not destroy it. Even without ring signatures, CN is much better off in terms of privacy protection than Bitcoin.


Due to unlinkability property it is impossible to tell your balance at all even if the ringsig did not exist. Destination address can not be learned due to the very same reason (each output is sent to a unique stealth address). The tx amount is also not identifiable as CN protocol sends more money than the tx requires (which is returned as change and obfuscates the transferred sum).

Does anybody here understand the way it works at all?

One other thing.

An open offer (until when and if I decide to close it):

If anyone can tell me exactly how many XMR are held here:
4BCkyJpxKT76d832D5viMX2MxFgXASxpkdf6zGhXp1tV8WonDBwU7qfT1eXPfjn9gHMju8s6ckVrhN6 t6tSWVZJUAwovRsa

I will multiply that amount times ONE HUNDRED and pay the winner.

Bonus:

If anyone can name a destination address and an amount sent from this account in the last 6 months

I will multiply the current balance of the above address by TEN and pay the winner.  (Of course in this scenario you'd have to trust me as to my math wouldn't you?)

And you're wrong.

You are right #2 is problematic at it's core.  It breaks the trustless nature of the coins completely.

And #1 is meaningless without defining "fair".

Fact:  It is extremely likely that Monero has had a braod enough distribution that your claims are false.

No.

I am arguing that ALL cryptonote coins have a fatal flaw which allows large stakeholders to conspire to de-anon tx's. I am not making any distinctions.

There are 2 solutions to this flaw:

1) ensure fair distro of coins
2) prevent a malicious attacker from getting too many coins by mining them yourself (and holding)

I am NOT saying BCN devs were motivated to premine as 2) suggests, only pointing out it is one of two ways that this attack can be prevented. If there is a 3rd i'd like to hear it.

However both solutions are themselves flawed.

In 2) we have to trust the early stakeholders which is a big ask. In 1) we have to trust the distro will go fairly, which it seldom does, and trust that those accumulating coins have no ill intentions.


That's my point. I think the logic is sound. It's a Catch 22 for CN.

Lets get straight to the facts. Those who premined Bytecoin purposely kept it secret, Bytecoin was never shared on any boards to open it up to the public, making it's premine inexcusable.

Anyone mining Bytecoin(BCN) right now, is only mining the last 5%, while a relatively small group of holders has a 95% premine in their hands already.

Goodluck to everyone mining the last 5% of all Bytecoin, cause the other 95% was already premined.

I'm a poker player Wanderlust, and I have worked hard to hone my skills at situational logic in a game of incomplete information.

Discussing money on a forum is a related activity in that there are people with a stake one way or another (sometimes not even financially) involved in the conversation.  At times the various posters (players) can be seen making a point or saying something that is contradictory.  And that reveals a bias. 

You are currently arguing that CN in general and XMR specifically has a terrible weakness in that large holders might conspire to de-anonymize transactions even though this is most likely virtually impossible.

At the same time you are arguing that Bytecoin may have an anonymity advantage since there may only be a SINGLE large holder (or group) since it was so significantly premined.  So you are saying the coin is SAFER since it's trustless status has already been completely compromised.

Your bias is clear and your logic so tortured and spun that were we playing a card game I feel I could place a bet with relative certainty of your strength and position.

Any transaction you make now would not be affected by concentration in the future.

Even in that hypothetical future you could protect yourself against concentration by using higher mix factors. For example, given an attacker controlling 95% of the outputs, a 100+1 transaction would still be untraceable 99.4% of the time. This is already supported by the protocol and mix 100 (or more) transactions already exist on the blockchain.

That would make the transactions larger and more expensive, so generally undesirable, but it is an available last ditch (or just highly paranoid) defense against high output control concentration that is available to anyone. Of course in the case you describe it wouldn't matter that you could still achieve practical untraceability since people would have moved on to something else or given up on untraceable crypto.

Im not disagreeing with you but the answer to my question is YES, yes?

The premine turns a decentralized virtual currency into a centralized virtual currency and the preminers become MSBs. The premine creates a massive regulatory risk. This is what happened in the case of Ripple. In the Ripple case the word premine was used in the settlement agreement between Ripple labs and the US government. So to answer your question the regulators will force the preminers to perform the attack.

Anyone with 80% of the supply can do the same thing. It is impossible to accumulate that amount of a coin as a passive holding when the coin continues to be actively mined (and in some cases hasn't even had 80% of its supply mined yet).

If you work out the numbers, even 50% is far less serious of a concern than 80%, and more realistic numbers like 5% (or less) are no real concern at all.

I find it implausible and/or impossible for anyone to accumulate for example 80% of an openly launched, actively developed, continually traded coin with a years-long mining schedule. In practice, those extreme concentrations only come about from premines, instamines, ninjamines, etc.

Premine holders, or any entity that can buy, hack, steal, expropriate (individual holders, exchanges), and borrow enough coins.

Btw, if there is a fair distribution without deanonymization risk right now and you make a transaction you want to stay private, the coin's value might go to (near) zero in the future for some reason (zero cash or Monero2 takes over, all devs decide to leave, a fatal bug is found, a totally new kind of way to transfer and store value is invented, etc) and an entity wishing to unravel the blockchain could place a buy wall at $0.01 and people would flock to dump their now worthless coin.

You know that's a fair point. There are a few people I suspect who are just naive and gullible, and indeed are in crypto mostly for fun and to the cheer their favorite team, which happens the be BCN and its quirky Mars fundraiser, fake Cicada 3301 connection, deep web fantasies, etc. To them my facts come across as There is No Santa Claus. I feel bad for that, but I'm also tired of sock puppets, trolls, shills, and bots that trade with themselves keeping this zombie alive, so I'm done sugar coating it.