Question for languagehasmeaning, if he is willing to answer. Or anyone who can offer an insight for me.
I am curious. How many moves ahead can you calculate all the possibilities? And is that even a useful computation in playing the game, or is the useful computation probabilistic? Apologies I am ignorant and I am curious about from someone of your caliber, what you can actually do mentally that enables you to win. I suppose I could learn this from books and I haven't researched it.
Topic: CryptoNote technical discussion and Chess Challenge - page 38. (Read 96101 times)
36. Kf2
36.Kf2
At first glance it appears forced. There are no other good alternatives to prevent both Nxg3 and Ne3
At first glance it appears forced. There are no other good alternatives to prevent both Nxg3 and Ne3
1 vote Re8 (languagehasmeaning)
3 votes Nf5 (galdur, newb4now, boolberry)
3 votes Nf5 (galdur, newb4now, boolberry)
Current position
Based on the votes in this thread Team Boolberry has chosen to play Nf5. Now it is time for Team Monero to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.
Team Monero (white pieces) vs. Team Boolberry (black pieces)
white to move
Game PGN:
Code:
1.e4 c5 2.Nf3 d6 3.d4 cxd4 4.Qxd4 a6 5.c4 Nc6 6.Qe3 g6 7.Nc3 Bg7 8.Be2 Nf6 9.O-O O-O 10.h3 Nd7 11.b3 Nc5 12.Bb2 f5 13.exf5 Bxf5 14.Rad1 Qa5 15.Rd2 Rf6 16.Nd5 Re6 17.Qf4 Ne4 18.Bxg7 Kxg7 19.Rb2 Nc3 20.Nd4 Re5 21.Bf3 Nxd5 22.Bxd5 Qc3 23.Nxf5+ Rxf5 24.Qd2 Qxd2 25.Rxd2 Rb8 26.a3 e5 27.Be6 Rf6 28.Bd5 Nd4 29.b4 b6 30.Rb2 g5 31.a4 Rff8 32.Rfb1 Rfc8 33.f3 Kf6 34.g3 Rc7 35.Rf1 Nf5
20 more minutes until the current vote is final.
Check this game out. It just got really interesting IMHO. Should team bitcoin accept the exchange sacrifice? We chose the Marshall Attack so that we could be the the aggressor but the last move of letsplayagame 18.a4 caught me (and probably others) by surprise:
https://bitcointalksearch.org/topic/lets-play-a-game-of-chess-1148538
Check this game out. It just got really interesting IMHO. Should team bitcoin accept the exchange sacrifice? We chose the Marshall Attack so that we could be the the aggressor but the last move of letsplayagame 18.a4 caught me (and probably others) by surprise:
https://bitcointalksearch.org/topic/lets-play-a-game-of-chess-1148538
On the Cryptonote technical discussion and my recent thoughts about anonymity:
+1
He should have a readme file if he doesn't already.
I believe the purpose of his work is to make it so you have a traceable HTTPS (TLS/SSL) certificate for a secure website which the NSA can't evesdrop on unless the authorities have issued a demand for your private key. It is well known that the NSA has probably backdoored most major HTTPS certificate companies, so they can snoop on encrypted traffic on the internet.
A certificate is an authority which says you can trust that the stated public key is the entity it claims to be.
I should explain more technical details of that to you, but I don't have the time to type it up.
P.S. now you know how I feel when I encounter math notation that I am not familiar with. Arghh. I can easily understand the concepts, but the notation is the barrier. I have been gradually pulling myself back up to speed on math notation, remembering some that I had forgotten (e.g. from Linear Algebra) and learning that I hadn't studied (e.g. that which comes from higher maths in number theory and algebraic geometry).
I also agree with anonymints recent line of thinking and thats what led me to code up private certificates with provable ownership and history with encrypted data to your public key!
Check out my implementation https://github.com/syscoin/syscoin/blob/devstaging-servicesync/src/cert.cpp
Check out my implementation https://github.com/syscoin/syscoin/blob/devstaging-servicesync/src/cert.cpp
+1
I always experience a twinge of annoyance whenever I see a link like this.
Hey check out my cool idea.
Click link... Critical Error ... You lack the skills necessary to continue.
Hey check out my cool idea.
Click link... Critical Error ... You lack the skills necessary to continue.
He should have a readme file if he doesn't already.
I believe the purpose of his work is to make it so you have a traceable HTTPS (TLS/SSL) certificate for a secure website which the NSA can't evesdrop on unless the authorities have issued a demand for your private key. It is well known that the NSA has probably backdoored most major HTTPS certificate companies, so they can snoop on encrypted traffic on the internet.
A certificate is an authority which says you can trust that the stated public key is the entity it claims to be.
I should explain more technical details of that to you, but I don't have the time to type it up.
P.S. now you know how I feel when I encounter math notation that I am not familiar with. Arghh. I can easily understand the concepts, but the notation is the barrier. I have been gradually pulling myself back up to speed on math notation, remembering some that I had forgotten (e.g. from Linear Algebra) and learning that I hadn't studied (e.g. that which comes from higher maths in number theory and algebraic geometry).
1 vote Re8 (languagehasmeaning)
3 votes Nf5 (galdur, newb4now, boolberry)
3 votes Nf5 (galdur, newb4now, boolberry)
Whereas, Cryptonote one-time rings mix the payer amongst a group of payers with the requirement that it is publicly verifiable that each payer can only be spent one-time. The one-time key is manufactured by the Diffie-Hellman (ECDH) like exchange that creates a new stealth payee address on each spend and that stealth address can only be spent once. So the problem is that if your IP address is correlated across spends, it becomes possible to link stealth addresses together as the same payee and then start to unmask the anonymity set of the payer rings.
What is wrong with the planned solution of I2P integration to deal with this issue?
He doesn't think that I2P and Tor are NSA-proof. That's hardly an outlier point of view.
Whereas, Cryptonote one-time rings mix the payer amongst a group of payers with the requirement that it is publicly verifiable that each payer can only be spent one-time. The one-time key is manufactured by the Diffie-Hellman (ECDH) like exchange that creates a new stealth payee address on each spend and that stealth address can only be spent once. So the problem is that if your IP address is correlated across spends, it becomes possible to link stealth addresses together as the same payee and then start to unmask the anonymity set of the payer rings.
What is wrong with the planned solution of I2P integration to deal with this issue?
This game of chess finally got interesting! 
It seems very even. The bishop is maybe slightly better than the knight but I doubt that it´s meaningful. I´d say a draw is practically certain.
Welcome to the game my friend. I agree it is getting more interesting but also agree with galdur that a draw is most likely if both sides avoid major mistakes. There definitely are still some tricks in the position.
Thank you. Nothing wrong with Re8 that I see but I´ll try Nf5. There could be some tricks if white plays f4 and the g-file opens.
1 vote Re8 (languagehasmeaning)
1 vote Nf5 (galdur)
1 vote Re8 (languagehasmeaning)
2 votes Nf5 (galdur, newb4now)
I like tricks in chess games!
This game of chess finally got interesting!
It seems very even. The bishop is maybe slightly better than the knight but I doubt that it´s meaningful. I´d say a draw is practically certain.
Welcome to the game my friend. I agree it is getting more interesting but also agree with galdur that a draw is most likely if both sides avoid major mistakes. There definitely are still some tricks in the position.
Thank you. Nothing wrong with Re8 that I see but I´ll try Nf5. There could be some tricks if white plays f4 and the g-file opens.
1 vote Re8 (languagehasmeaning)
1 vote Nf5 (galdur)
This game of chess finally got interesting!
It seems very even. The bishop is maybe slightly better than the knight but I doubt that it´s meaningful. I´d say a draw is practically certain.
Welcome to the game my friend. I agree it is getting more interesting but also agree with galdur that a draw is most likely if both sides avoid major mistakes. There definitely are still some tricks in the position.
Re8
It indirectly defends e2 for our knight (and therefore indirectly defends f4). I prefer Re8 over Re7 because if the g file opens later our c7 rook can move there while our b8 rook cannot (g8 is covered by whites bishop). Our most passive piece is currently our rook on b8.
1 vote Re8 (languagehasmeaning)
It indirectly defends e2 for our knight (and therefore indirectly defends f4). I prefer Re8 over Re7 because if the g file opens later our c7 rook can move there while our b8 rook cannot (g8 is covered by whites bishop). Our most passive piece is currently our rook on b8.
1 vote Re8 (languagehasmeaning)
Current position
Based on the votes in this thread Team Monero has chosen to play Rf1. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.
Team Monero (white pieces) vs. Team Boolberry (black pieces)
black to move
Game PGN:
Based on the votes in this thread Team Monero has chosen to play Rf1. Now it is time for Team Boolberry to respond. I will plan to count votes again tomorrow at approximately 0:00 UTC.
Team Monero (white pieces) vs. Team Boolberry (black pieces)
black to move
Game PGN:
Code:
1.e4 c5 2.Nf3 d6 3.d4 cxd4 4.Qxd4 a6 5.c4 Nc6 6.Qe3 g6 7.Nc3 Bg7 8.Be2 Nf6 9.O-O O-O 10.h3 Nd7 11.b3 Nc5 12.Bb2 f5 13.exf5 Bxf5 14.Rad1 Qa5 15.Rd2 Rf6 16.Nd5 Re6 17.Qf4 Ne4 18.Bxg7 Kxg7 19.Rb2 Nc3 20.Nd4 Re5 21.Bf3 Nxd5 22.Bxd5 Qc3 23.Nxf5+ Rxf5 24.Qd2 Qxd2 25.Rxd2 Rb8 26.a3 e5 27.Be6 Rf6 28.Bd5 Nd4 29.b4 b6 30.Rb2 g5 31.a4 Rff8 32.Rfb1 Rfc8 33.f3 Kf6 34.g3 Rc7 35.Rf1
The inability to verify the number of coins in circulation with ZeroCoin scares me. At least if something goes wrong with the money supply system with RingCT we would be able to tell.
[...8<...]
The relevant (to your stated concern) distinction from Zerocash (and a friendly reminder to not conflate Zerocoin with Zerocash because the former requires equal revealed values and doesn't integrate with hiding values) is that there isn't a global trusted master key (generated once at setup of the sytem) to be potentially abused (if the trusted setup was gamed some how). Yet in both systems, if you can muster enough computing resources even just once (and/or break/weaken the number-theoretic cryptographic assumptions security), you can create unlimited money out-of-thin-air and this can't be detected (unless detection means everyone has the same level of breakage capability and all values can be globally unmasked rendering value hiding useless).
Homomorphic values and ring signatures come with potentially huge anti-DDoS costs as I have been explaining in a thread I started in the Bitcoin Discussion forum. In that thread, I have alluded to we might be better off to just eliminate homomorphic (hiding) values and also eliminate Cryptonote's one-time ring signatures and move to something like CoinShuffle, because we are going to need to do a CoinShuffle any way. The details on this tradeoff need to be further mulled over and elucidated.
[...8<...]
Anonymity is very difficult to accomplish holistically especially at-scale (Monero is no where near accomplishing that at-scale) and it doesn't come for free.
[...8<...]
A generative essence realization is there is no possible way to obfuscate your IP address with an autonomous cryptographic protocol (such as RIngCT or Cryptonote). The only way to obfuscate IP addresses is with an interactive mixnet, which then either incurs a simultaneity requirement or the mixnet must generalize to many forms of internet traffic so a sufficient mix set always available. But especially generalized mixnets suffer from Sybil attacks because of the cost of scaling relaying nodes scales with traffic and DDoS. As smooth knows from our past private discussions (afair last year), my only idea on how to attack the Sybil problem of Tor and I2P is to pay the nodes you are want to relay through for an onion routing. But this comes with another set of holistic issues. So far, I haven't been able to design the system that is immune to the NSA. I am still working on this problem, but have deprioritized it, because to my consternation it is such an intractable quagmire (a.k.a. clusterfuck).
[...8<...]
A generative essence realization is there is no possible way to obfuscate your IP address with an autonomous cryptographic protocol (such as RIngCT or Cryptonote). The only way to obfuscate IP addresses is with an interactive mixnet, which then either incurs a simultaneity requirement or the mixnet must generalize to many forms of internet traffic so a sufficient mix set always available. But especially generalized mixnets suffer from Sybil attacks because of the cost of scaling relaying nodes scales with traffic and DDoS. As smooth knows from our past private discussions (afair last year), my only idea on how to attack the Sybil problem of Tor and I2P is to pay the nodes you are want to relay through for an onion routing. But this comes with another set of holistic issues. So far, I haven't been able to design the system that is immune to the NSA. I am still working on this problem, but have deprioritized it, because to my consternation it is such an intractable quagmire (a.k.a. clusterfuck).
[...8<...]
[...8<...]
Well that is the sort of statistical pattern that I think it implausible to hide if the person who needs to know thus can afford the resources to know.
I don't think in this Technocracy age of Big Data, one can't hope to obscure patterns on large data sets. The generative essence of the implausibility is that the statistical patterns hidden at one layer, leak into the next layer, so it becomes a requirement for a globally leak-proof synergy of activity in cyberspace. It seems futile from that high-level perspective. And I stubbornly didn't want to accept that, but having really looked deeply at the technical issues, I now lean to that being the hard reality.
That is why I posit that the paradigm of wealth stored in forms that others can easily emulate, tax, and expropriate is dying.
[...8<...]
Well that is the sort of statistical pattern that I think it implausible to hide if the person who needs to know thus can afford the resources to know.
I don't think in this Technocracy age of Big Data, one can't hope to obscure patterns on large data sets. The generative essence of the implausibility is that the statistical patterns hidden at one layer, leak into the next layer, so it becomes a requirement for a globally leak-proof synergy of activity in cyberspace. It seems futile from that high-level perspective. And I stubbornly didn't want to accept that, but having really looked deeply at the technical issues, I now lean to that being the hard reality.
That is why I posit that the paradigm of wealth stored in forms that others can easily emulate, tax, and expropriate is dying.
[...8<...]
Zerocash does hide your identity on the block chain even if your IP address is correlated across multiple transactions that you send to the block chain, because in Zerocash the payer(s) and payee(s) are obscured and proven in a non-interactive zero knowledge proof (NIZKP). This is accomplished by proving that the machine ran a certain program (and no other program) on the inputs and that result was "true" (i.e. verified), rather than proving something algebraically about the variables to the program. This computational witness requires the global master key setup.
Whereas, Cryptonote one-time rings mix the payer amongst a group of payers with the requirement that it is publicly verifiable that each payer can only be spent one-time. The one-time key is manufactured by the Diffie-Hellman (ECDH) like exchange that creates a new stealth payee address on each spend and that stealth address can only be spent once. So the problem is that if your IP address is correlated across spends, it becomes possible to link stealth addresses together as the same payee and then start to unmask the anonymity set of the payer rings.
So it would seem that Zerocash is the solution, except read my discussion at the quoted link about anti-DDoS protection. The problem is the huge verification cost for each Zerocash transaction and thus giving the attacker a huge asymmetric advantage when sending invalid transactions, i.e. unprotected Zerocash can be DDoS'ed to death.
And if using my suggested technique to create a hash-based signature as a first line of verification of incoming transactions sent to the block chain, then you've got to incorporate a simultaneity mixnet such as CoinShuffle to detach these hash signatures (and the payee's IP address) from the Zerocash transaction being submitted to the block chain. But then your anonymity is reduced back to the mixnet again so you've lost the benefits Zerocash provides. Perhaps Zerocash could devise a quick check on invalid signatures. I don't enough about the "moon math" in the white paper to deduce whether that is possible, but I 95% doubt it based on my understanding that such NIZKPs are a holistic math affair.
Perhaps instead of my hash suggestion (and as suggested by Gregory Maxwell at the aforementioned linked thread), each Zerocash (or RingCT) could require some PoW be attached to every transaction to rate limit spam, but the problem is the attacker has an asymmetric advantage by being able to place his hashing resources in venues with the cheapest electricity (e.g. 3 - 4 cents per kWh in WA State or China near hydropower) and leverage the latest ASIC efficiencies whereas the legitimate payer is running on retail electricity that costs 4 times more and non-optimum hardware that is at at least an order-of-magnitude disadvantage in power and speed. So the delay (or the transaction fees if the full nodes speed more on hardware to increase their spam bandwidth) will increase for legitimate payers asymmetrically to the attacker's costs. And that asymmetry will be amplified by the systemic ratio of the resources of the legitimate payers to the attacker's resources, thus if the anonymous system is only used infrequently then the cost of using it will be radically amplified (perhaps too high to be of practical use, although I haven't done some sample calculations yet). And for the system to be widely used (e.g. for microtransactions) the extra costs imposed by the attacker disincentivize its use when the legitimate participants don't value anonymity as a concern. Also the PoW required could vary per full node and vary in time (even in real time!) depending which nodes are receiving the most incoming DDoS spam, which complicates the determination where to submit a transaction and how much PoW is required to be submitted with it. So then it appears any any such Zerocash + PoW anti-DDoS system is going to be used only for anonymous mixing and not all transactions, but then the problem is the anonymity leaks as these anonymous mixes are then traded for coins in a system that is used in everyday commerce (e.g. microtransactions).
Even though I haven't thoroughly understood every technical aspect of it, the other problem with Zerocash appears to be that it can't merge the entirely opaque block chains, e.g. if there are two major chains fork due to a network split. Transparent block chains can be re-merged to the extent that double-spends are not intertwined. The major fault for Zerocash (that is not present for transparent block chains) being that I believe it is not possible to prove which coins were double-spent on both of the block chains. Normally this isn't a problem for an orphaned chain because you just throw away the orphans, but this is perhaps a problem in a major network split.
This game of chess finally got interesting!
It seems very even. The bishop is maybe slightly better than the knight but I doubt that it´s meaningful. I´d say a draw is practically certain.
This game of chess finally got interesting!
I believe you're saying that under an assumption that corporations will adopt a form of blockchain that is already available on the market.
Not necessarily, no, but the technology will still be important.
Quote
[permissioned blockchains]
It is a entirely different paradigm of privacy. You still have blockchain, which is easily auditable and verifiable for any party that might have such rights, but a competitor would not be able to even connect to the blockchain.
The real world doesn't work that way. Business collaborate one day and compete the next (or even the very same day). Even when collaborating they don't want to share all information, and certainly not with every member of a group. To control access to information once access to the blockchain has been granted at all, privacy features are needed.
Permissioned blockchains will often need privacy, just as the current example (or maybe more near future, but I'm not sure of the deployment schedule) of the Liquid permissioned blockchain does. Depending on the nature of the use cases for the permissioned blockchains, there may be some exceptions (explicitly public records perhaps).
Furthermore, I'm not even sure there will be too many successful permissioned blockchains. In the past, there were many proprietary closed networks. A few still exist, but most communication now happens over the regular internet. Not even VPNs, but web services with access keys. The need for many interconnections may in time make these closed/semiclosed systems impractical and/or cost-ineffective even when the interaction takes the form of blockchains.
Your post history suggests you have a great interest in CryptoNote so that comment is hard to understand coming from you. You know demand for privacy is far more than a small niche. Why else would you spend so much time involving yourself with privacy related coins?
I was really into privacy back then. CryptoNote was a radically fresh approach a couple of years ago when I saw it. I was growing more interested in crypto scene, but I seemed to be overlooking the way the technology is adopted and what drives large corporations. I reconsidered a lot of things since then.
Yet, I like CN as a technology, and I did get quite knowledgeable in it during the last years.
So, are you out of Bytecoin now (i.e. own none), Rias? Just curious.
Cheers, Q
Jump to: