Pages:
Author

Topic: CryptoNote technical discussion and Chess Challenge - page 24. (Read 96133 times)

hero member
Activity: 854
Merit: 503
Legendary trader
Giri is a great defender. I was rooting for Navara after he found that Rxf5 sacrifice.

♖ Spectacular Rook sacrifice indeed! Very interesting game.
sr. member
Activity: 378
Merit: 250
Current position
Based on the votes in this thread Team Monero has chosen to play a5. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

white to move


Team Boolberry (white pieces) vs. Team Monero (black pieces)
Game 2 PGN:
Code:
1.d4 Nf6 2.Nf3 g6 3.c4 Bg7 4.Nc3 O-O 5.e4 d6 6.Be2 e5 7.d5 a5
sr. member
Activity: 308
Merit: 250
Nbd7 (8XMR)
a5 (newb4now, XMRpromotions, letsplayagame)
sr. member
Activity: 420
Merit: 262
There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures

Forcing perfect compliance through cryptography sounds great. Unfortunately I cannot pretend to understand the math and cryptography behind everything you say except on a conceptual basis.

It doesn't gain anything from an anonymity perspective (and is arguably retrogressive), if that is what you were thinking. We pay to a name instead of an address. The address can change and the name remains the same. For security it helps, and my greater motivation is eliminating lost payments (payments to addresses for which no one knows the private key) and overhead for microtransactions (and potentially IoT).

Edit: it is a usability feature for targeting the masses, and I think ShadowCoin has a similar feature but maybe not for the same motivations.
sr. member
Activity: 378
Merit: 250
sr. member
Activity: 336
Merit: 250
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move (besides in a blitz game)?

Nbd7 (8XMR)
a5 (newb4now)


Nbd7 (8XMR)
a5 (newb4now, XMRpromotions)
hero member
Activity: 686
Merit: 500
There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures

Forcing perfect compliance through cryptography sounds great. Unfortunately I cannot pretend to understand the math and cryptography behind everything you say except on a conceptual basis.
hero member
Activity: 686
Merit: 500
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move?

Nbd7 (8XMR)
a5 (newb4now)

Yes it was sad to see Sad

Carlsen tortured Yi Wei before the draw (Wei played really well for what was a draw for a while and survived Carlsen's probes for a long time)

Best game was Navara vs Giri. Navara also errored according to the commentators and the guys on live chat.

This was the position when white(Navara) played Bd6 and black escaped (with Bxb2 41.Qxb2 Rxd6). Could be a puzzle as to what should have white done





Giri is a great defender. I was rooting for Navara after he found that Rxf5 sacrifice.
sr. member
Activity: 420
Merit: 262
And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system).

Is this advantage of Ed25519 over Secp256k1 negated assuming perfect compliance in avoiding BTC address reuse (since if a faulty RNG was used the balance of the at risk address would already be 0 after every transaction)?

That perfect compliance is impossible isn't it, because how do you delete your public key from forums and other places it has been copied out-of-your-control. Don't tell me that the Bitcoin Wiki and the core devs never acknowledged this  Roll Eyes

There is a way though to get perfect compliance which I am using in my design because I use one-time Lamport/Winternitz signatures (although I could use Merkel trees for multiple signatures at the cost of a just marginally longer signature) for the 20 times faster verification speed (at the cost of an exponential blowup in bandwidth at higher bit security), but this way is not encoded in Bitcoin so can't be used there.

See the following I wrote comparing Ed25519 and hash-based signatures (some info on the performance of Ed25519 also):

https://github.com/shelby3/hashsig/blob/master/DDoS%20Defense%20Employing%20Public%20Key%20Cryptography.md#public-key-authentication

P.S. if you see any improvement in my work, it will be because of improving health. I have some signs that my high dose herbal treatments (curcumim, moringa, bitter melon, mangosteen) might be working. I believe possibly (unfortunately self-diagnosis no blood work nor doctor visit since the 2012 doctor screwed me up) my health issue is a messed up pancreas or gall bladder possibly partially blocking my bile duct which would explain why I got so ill every time after I eat.

You all have no idea what it is like to have this sort of illness. Even bending down to scratch your foot becomes chore. Lifting your fingers to type on the keyboard takes a few deep breaths to gain the energy. Thinking about code becomes a chore and not a pleasant challenge. You really don't understand until you walk in another person's shoes. Any person who knows what they were capable of throughout their life and are unable to do because of some painful and chronic disability, is going to exhibit psychological stress and will attempt to cope either by going into depression or fighting back, both being a form of abnormality and dysfunction. I hope that is enough said.
hero member
Activity: 742
Merit: 501
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move?

Nbd7 (8XMR)
a5 (newb4now)

Yes it was sad to see Sad

Carlsen tortured Yi Wei before the draw (Wei played really well for what was a draw for a while and survived Carlsen's probes for a long time)

Best game was Navara vs Giri. Navara also errored according to the commentators and the guys on live chat.

This was the position when white(Navara) played Bd6 and black escaped (with Bxb2 41.Qxb2 Rxd6). Could be a puzzle as to what should have white done



hero member
Activity: 686
Merit: 500
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Huge blunder in Mamedyarov vs Eljanov. How often does a GM lose a rook in 1 move (besides in a blitz game)?

Nbd7 (8XMR)
a5 (newb4now)
hero member
Activity: 686
Merit: 500
And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system).

Is this advantage of Ed25519 over Secp256k1 negated assuming perfect compliance in avoiding BTC address reuse (since if a faulty RNG was used the balance of the at risk address would already be 0 after every transaction)?
sr. member
Activity: 420
Merit: 262
Not chess related but besides anonymity I think it is worth reminding people of another technical reason that makes CryptoNote coins much different than bitcoin.

CryptoNote uses the Schnorr signatures algorithm instead of Elliptic Curve Digital Signature Algorithm used by bitcoin

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better:

I believe that the ECC/NSA thread you referenced did eventually nail down every parameter used to create secp256k1 and answers most if not all concerns.
Yes, There is a python script that produces every parameter for secp256k1 from first principles, except the generator— and both myself and D. J. Bernstein have given the proof that in-advance choice of the generator is harmless outside of restricted conditions that aren't relevant to normal Bitcoin usage.

I have been asked in a PM if I would like to comment on this. I am not an expert and have no formal training in algebraic abstract math. Everything I know about this particular field (and cryptography in general) is self-taught mostly in 2014 and 2015. And I have big gaps in my understanding which can only be resolved by teaching myself the higher math courses I didn't take at the university and I don't have time for attaining that base knowledge. Nevertheless I can comment conceptually and understand enough to have for example combined Cryptonote with Compact Confidential Transactions to form what I named Zero Knowledge Transactions. And I understand enough to have digested Shen-noether's Ring Confidential white paper over a period of a day or few days. And I was able to analyze the differences and similarities and ramifications of the high level differences in our approach. So with that in mind, I will comment on the above quoted issue.

Afaik, the main difference between the Secp256k1 type of ECC that Bitcoin uses and the Ed25519 Berstein version of the twisted Edwards curve that Cryptonote uses, is that Ed25519 has no branching in the code and thus has no timing attacks (although one might reason that timing attacks might be less useful in crypto currency, I am not sure if that is true in all scenarios). And (perhaps more importantly) Ed25519 does not require a new random number on each subsequent signature, thus is deemed to less vulnerable to a faulty random number generator (or injection of virus thereof in the operating system). Also Ed25519 is moderately faster and has a prime order which is deemed to more secure (I don't remember if Secp256k1 has a prime order or not).

http://ed25519.cr.yp.to/

So Secp256k1 is probably secure but Ed25519 is more secure.

Please feel free to quote me and claim it as an advantage for Cryptonote coins, but please acknowledge that I have also criticized Cryptonote for not solving the fundamental block chain Tragedy of the Commons economic issues and my opinion that metadata correlation makes their anonymity impractical for any (or most?) mainstream uses.
hero member
Activity: 742
Merit: 501
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live

Live video on livestream http://livestream.com/chess/tatasteelchess

GM Wei is 16 yrs old, seems to be doing well against Carlsen so far :tup:

I have a feeling @letsplayagame is in Wijk aan Zee too.  Cool
member
Activity: 88
Merit: 10
Nbd7

Yi Wei playing Magnus Carlson (for first time) right now. Go China!

http://www.tatasteelchess.com/live
sr. member
Activity: 378
Merit: 250
Looks like we have different styles of play for this next move. With white I typically like control of the center with pawns and do not bring in majors too soon. The castle is an option that can wait for a defensive black move.

2 vote d5 (Morecoin Freeman,tifozi)
2 votes O-O (boolberry, LucyLovesCrypto)


3 votes d5 (Morecoin Freeman,tifozi, cryptoadoption15)
2 votes O-O (boolberry, LucyLovesCrypto)

You broke the tie with under 30 seconds to spare! I was just about to update the board with O-O as the winning move based on the tiebreaker rule previously cited. Anyway it is nice to see a new player join the chess game. Please join the CryptoNote discussion too.
sr. member
Activity: 378
Merit: 250
Current position
Based on the votes in this thread Team Boolberry has chosen to play d5. Now it is time for Team Monero to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

black to move


Team Boolberry (white pieces) vs. Team Monero (black pieces)
Game 2 PGN:
Code:
1.d4 Nf6 2.Nf3 g6 3.c4 Bg7 4.Nc3 O-O 5.e4 d6 6.Be2 e5 7.d5
newbie
Activity: 37
Merit: 0
Looks like we have different styles of play for this next move. With white I typically like control of the center with pawns and do not bring in majors too soon. The castle is an option that can wait for a defensive black move.

2 vote d5 (Morecoin Freeman,tifozi)
2 votes O-O (boolberry, LucyLovesCrypto)


3 votes d5 (Morecoin Freeman,tifozi, cryptoadoption15)
2 votes O-O (boolberry, LucyLovesCrypto)
sr. member
Activity: 378
Merit: 250
Looks like we have different styles of play for this next move. With white I typically like control of the center with pawns and do not bring in majors too soon. The castle is an option that can wait for a defensive black move.

2 vote d5 (Morecoin Freeman,tifozi)
2 votes O-O (boolberry, LucyLovesCrypto)


Here is a reminder of the tiebreaker rule, which of course would be avoided if a 5th person comes along to vote in the next few hours.

Ties will be decided based on the recommendation from ArticMine:
We need a tie breaking mechanism. For example one can look at the result before the vote that led to the tie and use that instead.

sr. member
Activity: 378
Merit: 250
Not chess related but besides anonymity I think it is worth reminding people of another technical reason that makes CryptoNote coins much different than bitcoin.

CryptoNote uses the Schnorr signatures algorithm instead of Elliptic Curve Digital Signature Algorithm used by bitcoin

I think an elliptic curve discussion would be on topic if we have enough volunteers both willing and competent enough to discuss it.

https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
https://en.bitcoin.it/wiki/Secp256k1
https://en.wikipedia.org/wiki/Schnorr_signature
https://en.wikipedia.org/wiki/Curve25519

This site offers some interesting comparisons although some of the conclusions (such as those on Secp256k1) may be controversial:
http://safecurves.cr.yp.to/

This should make bitcoin users feel better:

I believe that the ECC/NSA thread you referenced did eventually nail down every parameter used to create secp256k1 and answers most if not all concerns.
Yes, There is a python script that produces every parameter for secp256k1 from first principles, except the generator— and both myself and D. J. Bernstein have given the proof that in-advance choice of the generator is harmless outside of restricted conditions that aren't relevant to normal Bitcoin usage.
Pages:
Jump to: