Topic: CryptoNote technical discussion and Chess Challenge - page 37. (Read 96101 times)

http://boolberry.com/downloads.html
Blockchain proof
Full blockchain for windows(with all ring signatures):
http://boolberry.com/downloads/windows/blockchain_full.bin

If you are right he is currently busy with the London Chess Classic:
http://www.londonchessclassic.com/

His fiancée (Chess WIM) has a background that also may make her interested in bitcoin:
https://en.wikipedia.org/wiki/Arianne_Caoili

"I’m currently a consultant, mainly with government clients, for a global consultancy firm. My aim is to finish my PhD, but because my work is interesting and great for my career, it is delayed. My doctoral topic is Russian foreign policy, especially its economic and business relations with Armenia on a state and individual level. I am very interested with issues of Armenian economic development."
http://sport.news.am/eng/news/9869/i-am-not-so-stupid-to-play-against-levon-aronian---arianne-caoili.html

Quote about Lev Aronian:
I am sure you know a lot of things about Levon. Can you tell for example about traits of character?

"I think that the most prominent characteristic of Lev (and probably me too) is that he loves to learn. If he is passionate about something he wants to investigate and know everything about it. He also likes learning new things, even if it is a challenge or outside of his comfort zone (like dancing, for example!)."

Current position
Based on the votes in this thread Team Boolberry has chosen to play h5 (by tiebreak rule). Now it is time for Team Monero to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

Team Monero (white pieces) vs. Team Boolberry (black pieces)
white to move


Game PGN:

A ha! End-to-end identity anonymity is possible!



There is a simple solution for DDoS with Zerocash. Use my hash-based signature suggestion on a non-anonymous basecoin, when sending the anonymous zerocash (the Zerocash paper names these zerocoins, not to be confused with Zerocoin) transaction. Since on a spend transaction (aka pour) the anonymous coins are entirely mixed with all anonymous coins, then your IP address and your non-anonymous transactions do nothing to help anyone trace the anonymous coins. And putting the non-anonymous funds at-risk with the fast to verify hash-based signature (3 million verifications per second on an 8 core CPU!), solves the DDoS attack issue.

Alternatively it may be possible to mint the hash signatures in such a way that the anonymous coins are forfeited when doing a DDoS attack, but are still not non-anonymously linked to the hash based public key, instead of needing to use a separate non-anonymous basecoin. This would be preferred for permissionless commerce.

So thus unlike RingCT, no CoinShuffle (mixnet) would be needed. Unlike Cryptonote (and RingCT), Zerocash hides everything because the inputs to the NIZKP are never revealed! This is the advantage zk-SNARKs because it proves that a program compared the inputs in the desired way, without revealing what the inputs were. Whereas in CN and RingCT, we all see the input public key addresses and the proof of which public address is spending is obscured by the mix, but correlating the IP address across mixes can correlate which of those addresses were in both mixes. For CN and RingCT to be as anonymous as Zerocash would require they mix with all known (and future!) public key addresses.

Note that zk-SNARKs are very slow to verify (roughly 300ms for a Zerocash transaction) and consume more bandwidth so this can't be used for all transactions. It would be a mixer that you mint non-anonymous coins into when the slow verification and its higher fees are justified.


Apparently I am mistaken. Zerocash coins have serial numbers, so it should be possible to know which serial numbers have been double spent on both forks.

3rd vote for Ne7

Ne7: boolberry, dre1982, tifozi
h5: newb4now, galdur, funnyman21

I just saw the thread Lets play a game of Chess. It's fascinating to see @letsplayagame (who I suspect is GM Aronian) interested in crypto (BTC and allegedly aware of privacy focused technologies).

Let's pitch an idea of BTC vs CryptoNote chess match to him

All they are saying there is that if you want to prune the signature data, you need to still keep a hash of the signature data in the chain of hashes (of Merkle trees) for the blocks. In other words, you need to still be able to prove which signature signed which transaction, even if you've actually discarded the signature data.

I believe BBR already does the correct thing. And afaik, Monero does not discard signature data, but I could be wrong about that. If they do, I assume they would do the right thing as well.

Any way, I as I read into the proposals more, I realized they are adopting some of the ideas I've had privately, but bolting these onto Bitcoin's legacy limits their flexibility in terms of optimum choices and especially speed to market. Bitcoin is looking more and more like design Rigor Mortis (they even need to abandon ECDSA to totally rectify malleability) and needs to be scrapped and start over again.

Wuille wrote this technical summary in way that can only really be understood by other core devs or experts who have their head deep in these issues. He sounds rushed.

P.S. my thanks to languagehasmeaning for sharing some insights into how he processes the information in chess. That may help me in the future. I've filed it away in my repository (reservoir) of datums/models that I draw off for epiphanies and insights. I'll give it some more thought when I have the down time and/or inspiration.


Smooth's post (included what is not quoted above) was astute and resonated with my point that private block chains are like closed source. The end-to-end principle applies again in spades. We all want to leverage the same infrastructure (e.g. TCP/IP) and independently run a myriad of applications on the ends, which is enabled because the intermediary infrastructure is agnostic to our applications. I mentioned this concept in my recent white paper on DDoS and footnote [8] in that paper. In short, there are virtually unlimited (much more than "multiple choices") degrees-of-freedom when the base infrastructure is agnostic to the use built on top of it.

This is why I believe privacy that can be done by the end applications will trump permissioned block chains. Sorry to James Dimon, IBM, and Blythe Masters. I will relish the day that James Dimon realizes that his money is a depreciating asset in our Knowledge Age.

However the network layers of the internet are not responsible for maintaining a global unified consistency, but a block chain does. Thus the network layers of the internet have no problem trading off consistency and access of the CAP theorm, in exchange for not losing functionality (that is promised by the network transport layer) during partitioning. Whereas, during partitioning a block chain loses the promised functionality of preventing double-spends globally.

But in reality the internet doesn't function well when partitioned. This why for example popular services (e.g. Google, Facebook) have server nodes all over the globe (which is very evident to me when our trunk line from Philippines is down yet I can still access Facebook and Google and the local inquirer.net but not most other sites). I think it is likely the world will build the same redundancy for block chains. For example one of the designs I've toyed with is that using efficient hash tables we can communicate between partitions the double-spend conflicts without needing to transfer the entire block chain between partitions.


The reason identity anonymity can't be done end-to-end principle (Zerocash almost does it, but as I pointed out there is a DDoS weakness incurred), is because our IP address is an identity that we can't easily detach from ourselves. For all other forms of data privacy, the IP address problem is irrelevant.

With homomorphic encryption, we already know how to hide any state changes that rely on addition and multiplication, e.g. Confidential Values hiding the state change of value transfer because the Proof-of-Sum can be proven in Zero Knowledge.

Zerocash is built on the SNARKs technology which in its Pinocchio variant can hide the state changes of any program!!!

For smart contract data, there need not be a global master key. Each contract type could have a different master setup, but the tradeoff might be that perhaps we couldn't mix data types. I will need to spend more time studying these technologies.

So in theory, there is no data we can't hide. It is the meta-data that we can't hide, but that is the same problem corporations face today even with private data stores, so a public block chain with end-to-end data privacy doesn't make it any worse and it enables much greater degrees-of-freedom as compared to permissioned access chains.

I think the Zerocash and Pinocchio folks need to get busy being able to adapt their technologies to this frontier.

If I get my coin rolling, perhaps I'll be trying to fund them and coax them this direction. Hopefully others will pick up on this idea also. Perhaps some are already working on this direction.

2 votes Ne7: boolberry, dre1982
3 votes h5: newb4now, galdur, funnyman21

Is this something to be worried about? Does it potentially impact other CryptoNote coins or just Boolberry?

2 votes Ne7: boolberry, dre1982
2 votes h5: newb4now, galdur

2 votes Ne7: boolberry, dre1982
1 vote h5: newb4now

There are multiple choices for what level of privacy and sharability a permissioned blockchain may have in an actual company. Not in technology terms, but in business process rationale. Certain blockchains may not be accessible by a competing/cooperating company at all, just like you are not giving away the direct access to your database/CRM.

The time will show the corporate blockchain use cases, but I do see your point though. I believe I have to refine what I've been saying. Permissioned blockchains will need the privacy features to define the level of data access for the participants. However, this doesn't have much to do with the zero-trust privacy. This may have more to do with centralized privacy and centrally assigned roles.

Honestly, I haven't given much thought to the potential architecture of such a solution. It may well not be existing, or it might have a semi-centralized form (masternodes, anyone?). However, intuitively I'd say that ringsig is a clumsy option in this case.

There's a brighter side to my original post if you wish: focus on the bigger commercializable issues.



I believe I'd agree with you on the theory. However, I'm still not sure how it may take off in the real world. IMO the discourse is utopian. I'll need some time to think it over.



I own some BCN. Partly, because I still believe it to have potential (waiting for the roadmap to be executed).

1 vote Ne7: boolberry
1 vote h5: newb4now

Ne7: boolbery

Current position
Based on the votes in this thread Team Monero has chosen to play Kf2. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.

Team Monero (white pieces) vs. Team Boolberry (black pieces)
black to move


Game PGN:

This may be relevant to the TPTB question. It is hard to calculate all possible variations far enough ahead to say decisively that Bxe4 is a mistake. So while I may be able to calculate certain lines many moves ahead, there are too many possible lines for me to evaluate them all thoroughly. Instead will cast my vote based on intuition. My intuition tells me white will have more than sufficient compensation for the exchange sacrifice after Bxe4.

4 votes for Kf2: XMRpromotions, ArticMine, 8XMR, LucyLovesCrypto

Kf2

That is a common question with no easy answer.

Short answer: As many moves as is required for me to evaluate the strength of one move compared to the most promising alternatives in the current position.

Long answer: It really is situation specific. If there is a forced checkmate in 3 moves I will likely find it and my answer will be 3. In a king and pawn endgame I often may calculate 10-15 moves ahead (I will stop my calculation once it appears that one side will be able to promote a pawn while the opponent cannot or once it is clear that neither side can make progress).  In the current game if I was on the Monero team my answer might be 2 or 3 moves as that is really all that is required to reject the alternative moves as inferior to Kf2.  If I have a king and two bishops against a king I will win easily without much thought. If I have a king, bishop and knight against a king I will win but will think more carefully (more moves ahead) to ensure I win before the 50 move rule applies (some K+B+N vs K positions require over 30 moves to force checkmate with perfect play).

Early in a game there really is no answer (you may have the first 20 most popular moves of a common opening memorized but you are not "calculating" that over the board and you cannot memorize all the possible alternatives to that variation. Being able to play an entire game in your head (which I and many others can) does not mean you can calculate to the end because there are far too many possibilities for anyone to calculate:
https://en.wikipedia.org/wiki/Shannon_number

Of course the Shannon number discussed above includes many ridiculous moves that do not merit calculation. I seriously doubt anyone on team Monero wasted any time looking at 36.Bf7. Similarly in a game most possible moves are rejected instantly (based on the experience of the player) as not being worthy of thought. Nevertheless there will always be too many possibilities to look at every reasonable variation in most positions: https://www.youtube.com/watch?t=650&v=Km024eldY1A

When there are many reasonable possibilities to consider calculating one unforced line 20 moves ahead is wasteful if there were multiple promising variations that could have forked from that variation on move 5. If you see a sacrifice that will surely lose unless you can force checkmate, that would be an appropriate time to calculate as far ahead as possible. Some players do not like sacrificing material unless they can calculate a positive result. Others such as Mickal Tal have no problem doing so, frequently relying on his intuition in cases where he could not calculate everything in advance. https://en.wikipedia.org/wiki/Mikhail_Tal

In general it is easier to calculate many moves ahead when the line is forcing (a king is being chased around with checks, is in danger of being checkmated, or necessary captures are being made) or if there is limited material remaining than when there are many plausible options for either side. Because of the time limit in chess games, it is wasteful to calculate as far ahead as you can on every move.  

If you ask a computer to find the best moves in a game that a strong player is already winning, the computer will often find a line that wins faster. This does not prove the human was incapable of finding the optimal variation. It just means that once a human finds a forced win they will often stop thinking and play the winning variation they found instead of wasting time to find something better. Winning is good enough.