Pages:
Author

Topic: CryptoNote | The Good, The Bad, & The Ugly (Read 2662 times)

sr. member
Activity: 360
Merit: 250
Token
August 19, 2015, 05:06:02 AM
#35
Its time to get more active on social media and emphasize why Boolberry is important and unique. Lets start here:

On blockchain bloat:
https://www.reddit.com/r/boolberry/comments/3hjmuc/cryptonote_blockchain_bloat_and_the_unique
https://twitter.com/BBRcurrency/status/633855890945257472
source: http://boolberry.org/files/Boolberry_Reduces_Blockchain_Bloat.pdf

On mixins and their impact on CryptoNote unlinkability:
https://www.reddit.com/r/boolberry/comments/3hjmfl/mixins_and_their_impact_on_cryptonote
https://twitter.com/BBRcurrency/status/633859728884367362
source: http://boolberry.com/files/Boolberry_Solves_CryptoNote_Flaws.pdf

Feel free to share this information with anyone who cares about privacy.

Boolberry truly is one of a kind. Many technical advantages a fair launch and a user friendly GUI. Price remains low because there has not been much marketing or visibility yet. Lets focus on introducing more people to Boolberry so that we can gain some market adoption.

That's all great but your currency's name sucks.
sr. member
Activity: 378
Merit: 250
Its time to get more active on social media and emphasize why Boolberry is important and unique. Lets start here:

On blockchain bloat:
https://www.reddit.com/r/boolberry/comments/3hjmuc/cryptonote_blockchain_bloat_and_the_unique
https://twitter.com/BBRcurrency/status/633855890945257472
source: http://boolberry.org/files/Boolberry_Reduces_Blockchain_Bloat.pdf

On mixins and their impact on CryptoNote unlinkability:
https://www.reddit.com/r/boolberry/comments/3hjmfl/mixins_and_their_impact_on_cryptonote
https://twitter.com/BBRcurrency/status/633859728884367362
source: http://boolberry.com/files/Boolberry_Solves_CryptoNote_Flaws.pdf

Feel free to share this information with anyone who cares about privacy.

Boolberry truly is one of a kind. Many technical advantages a fair launch and a user friendly GUI. Price remains low because there has not been much marketing or visibility yet. Lets focus on introducing more people to Boolberry so that we can gain some market adoption.
sr. member
Activity: 420
Merit: 262
Unless we're of course talking about a 51% attack which is a problem that all cryptocurrencies have. There's no defense against a 51% attack when your attacker suffers no repercussions and is equipped with essentially unlimited funds - aka, a state actor.

I believe I know a defense. Await a white paper.
legendary
Activity: 1442
Merit: 1001
It's more of a philosophical question if you even consider such a requirement to be the same coin at all. Not really an important distinction imo. We agree in substance.

To recap past discussions, one can not be entirely sure how the world politics will play out.

So it is even philosophical from the standpoint of each person's view on the landscape out there.

I understand you meant philosophical on whether removal of anonymity is equivalent to a shut down. The reason I make the distinction is because humans have a tendency to conform in order to cope, so the government can maybe get what it wants which is compliance without destroying the entire Monero economy. Again that is one person's view point on the world landscape, so not to be taken as gospel. Last time I checked, my crystal ball wasn't perfect, lol.

As long as some percentage of mining power doesn't require pub viewkeys to include transactions in a block, then private transactions are still possible - however, with really slow confirmations. Unless we're of course talking about a 51% attack which is a problem that all cryptocurrencies have. There's no defense against a 51% attack when your attacker suffers no repercussions and is equipped with essentially unlimited funds - aka, a state actor.
sr. member
Activity: 420
Merit: 262
It's more of a philosophical question if you even consider such a requirement to be the same coin at all. Not really an important distinction imo. We agree in substance.

To recap past discussions, one can not be entirely sure how the world politics will play out.

So it is even philosophical from the standpoint of each person's view on the landscape out there.

I understand you meant philosophical on whether removal of anonymity is equivalent to a shut down. The reason I make the distinction is because humans have a tendency to conform in order to cope, so the government can maybe get what it wants which is compliance without destroying the entire Monero economy. Again that is one person's view point on the world landscape, so not to be taken as gospel. Last time I checked, my crystal ball wasn't perfect, lol.
sr. member
Activity: 420
Merit: 262
Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

It does to some extent because there are multiple outputs with some being change and some being payment (or payments). How they are grouped is not visible, so combinatorially this can give reasonable privacy of the payment amount. The choice of outputs affects how much actual privacy there is in practice and the current algorithm in Monero is not great, but is being improved.

As for size I gather that CT and CN are similar but I haven't reviewed it carefully.

You could hide value with CN. Split your value into small morsels, mix, then recombine through mixes. So then no one knows who owns that large balance.

Or simply use Monero as it is with balances split into powers-of-10 and thus (in theory) no one knows which sets of transactions are really the same transaction. Thus I agree with smooth's statement.

However, I have my doubts as to whether those powers-of-10 balances are not correlated via timing analysis. I don't have a specific algorithm nor research paper to cite, but rather just that we are dropping patterns all over the place. In an ideal anonymity set, everything should look the same, so there is no entropy to analyze.

So thus hiding value has the advantage of removing information that can be used to aid in combinatorial and timing analysis (combined).

Also it has another advantage which I won't mention yet...

In any case, I want to acceded that CN does in theory effectively add value privacy. I am just not confident that Monero is sufficient against the 5 Eyes and powerful analysis research that might be forthcoming if ever these CN coins become popular.

Think of my work as (an attempt at) the second stage of furthering the technology.

I'd just add that power-of-10 is not required by the protocol even today. That is just a convention. One might imagine other useful conventions that when further defined require only implementation in wallets. Anyway, the last part isn't too important since protocol changes are fine and even expected at this level of maturity.

That doesn't invalidate or disagree with your comments about timing attacks, etc. I think careful use can mitigate most timing attacks even today, but that's not a solution for end users who don't know how to be careful and won't. So none of these solutions is fully ready for prime time today. Some are better than others is about the best we can claim right now.

Yes flexibility and users (or their wallets) decide. I presume convention is often followed to maximize anonymity sets and reduce simultaneity conflicts.

And agree that perfection exists only in words and we do live in here and now. And if one needs anonymity on chain here and now, Monero is probably the best option available.

Even if someone were to design something "better" (different or some claimed advancement), will it even have enough adoption and all bugs worked out in time?

Of course I don't know that either, even being on the inside as a developer.

We appear to be in agreement.

I am not telling anyone to not buy Monero, except for my advice to lighten up (on all crypto and gold) for the coming low in crypto this Spring 2016.  For those who have well diversified and want to HODL through any sell off, then they can ignore my warning on that.

Edit: it is possible I end up using Monero because it is what is working best when I need it. Well we've already used XMR in fact.
legendary
Activity: 2968
Merit: 1198
No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

This is only a problem if the miner can identify which transactions they want to censor by linkability or other analysis. Presuming that you can maintain unlinkability, miners won't censor transactions unless they want to censor all transactions. There's no easy fix for that - if someone wants to spend lots of money suppressing nearly all transactions, you are correct - they can do this.

CN has a viewkey. If the government takes control of the mining because due to centralization they can regulate 51% of network hash rate, then they can require every transaction publicize its viewkey. Effectively the government can force anonymity to be turned off, if they control 51% of the network hash rate.

That's essentially the same as blocking all transactions and thereby preventing the protocol from being used at all (so people would then have to use another, transparent, one, which doesn't even need to be limited to a view key but could include signing it with your name).

Anyway, I made exactly this point last year. Too much crap got posted last year for me to find it though, but the conclusion was identical.

I remember. We've had this same discussion at least twice in the past.

Well there is a difference between shutting the coin down entirely and demanding that you must present your signed KYC serial number before your transaction will be allowed through the network. And that is essentially where I see Bitcoin and all crypto-currency headed. And I am trying to do something about that.

It's more of a philosophical question if you even consider such a requirement to be the same coin at all. Not really an important distinction imo. We agree in substance.

sr. member
Activity: 420
Merit: 262
No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

This is only a problem if the miner can identify which transactions they want to censor by linkability or other analysis. Presuming that you can maintain unlinkability, miners won't censor transactions unless they want to censor all transactions. There's no easy fix for that - if someone wants to spend lots of money suppressing nearly all transactions, you are correct - they can do this.

CN has a viewkey. If the government takes control of the mining because due to centralization they can regulate 51% of network hash rate, then they can require every transaction publicize its viewkey. Effectively the government can force anonymity to be turned off, if they control 51% of the network hash rate.

That's essentially the same as blocking all transactions and thereby preventing the protocol from being used at all (so people would then have to use another, transparent, one, which doesn't even need to be limited to a view key but could include signing it with your name).

Anyway, I made exactly this point last year. Too much crap got posted last year for me to find it though, but the conclusion was identical.

I remember. We've had this same discussion at least twice in the past.

Well there is a difference between shutting the coin down entirely and demanding that you must present your signed KYC serial number before your transaction will be allowed through the network. And that is essentially where I see Bitcoin and all crypto-currency headed. And I am trying to do something about that.
legendary
Activity: 2968
Merit: 1198
No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

This is only a problem if the miner can identify which transactions they want to censor by linkability or other analysis. Presuming that you can maintain unlinkability, miners won't censor transactions unless they want to censor all transactions. There's no easy fix for that - if someone wants to spend lots of money suppressing nearly all transactions, you are correct - they can do this.

CN has a viewkey. If the government takes control of the mining because due to centralization they can regulate 51% of network hash rate, then they can require every transaction publicize its viewkey. Effectively the government can force anonymity to be turned off, if they control 51% of the network hash rate.

That's essentially the same as blocking all transactions and thereby preventing the protocol from being used at all (so people would then have to use another, transparent, one, which doesn't even need to be limited to a view key but could include signing it with your name).

Anyway, I made exactly this point last year. Too much crap got posted last year for me to find it though, but the conclusion was identical.
legendary
Activity: 2968
Merit: 1198
Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

It does to some extent because there are multiple outputs with some being change and some being payment (or payments). How they are grouped is not visible, so combinatorially this can give reasonable privacy of the payment amount. The choice of outputs affects how much actual privacy there is in practice and the current algorithm in Monero is not great, but is being improved.

As for size I gather that CT and CN are similar but I haven't reviewed it carefully.

You could hide value with CN. Split your value into small morsels, mix, then recombine through mixes. So then no one knows who owns that large balance.

Or simply use Monero as it is with balances split into powers-of-10 and thus (in theory) no one knows which sets of transactions are really the same transaction. Thus I agree with smooth's statement.

However, I have my doubts as to whether those powers-of-10 balances are not correlated via timing analysis. I don't have a specific algorithm nor research paper to cite, but rather just that we are dropping patterns all over the place. In an ideal anonymity set, everything should look the same, so there is no entropy to analyze.

So thus hiding value has the advantage of removing information that can be used to aid in combinatorial and timing analysis (combined).

Also it has another advantage which I won't mention yet...

In any case, I want to acceded that CN does in theory effectively add value privacy. I am just not confident that Monero is sufficient against the 5 Eyes and powerful analysis research that might be forthcoming if ever these CN coins become popular.

Think of my work as (an attempt at) the second stage of furthering the technology.

I'd just add that power-of-10 is not required by the protocol even today. That is just a convention. One might imagine other useful conventions that when further defined require only implementation in wallets. Anyway, the last part isn't too important since protocol changes are fine and even expected at this level of maturity.

That doesn't invalidate or disagree with your comments about timing attacks, etc. I think careful use can mitigate most timing attacks even today, but that's not a solution for end users who don't know how to be careful and won't. So none of these solutions is fully ready for prime time today. Some are better than others is about the best we can claim right now.



sr. member
Activity: 420
Merit: 262
Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

It does to some extent because there are multiple outputs with some being change and some being payment (or payments). How they are grouped is not visible, so combinatorially this can give reasonable privacy of the payment amount. The choice of outputs affects how much actual privacy there is in practice and the current algorithm in Monero is not great, but is being improved.

As for size I gather that CT and CN are similar but I haven't reviewed it carefully.

You could hide value with CN. Split your value into small morsels, mix, then recombine through mixes. So then no one knows who owns that large balance.

Or simply use Monero as it is with balances split into powers-of-10 and thus (in theory) no one knows which sets of transactions are really the same transaction. Thus I agree with smooth's statement.

However, I have my doubts as to whether those powers-of-10 balances are not correlated via timing analysis. I don't have a specific algorithm nor research paper to cite, but rather just that we are dropping patterns all over the place. In an ideal anonymity set, everything should look the same, so there is no entropy to analyze.

So thus hiding value has the advantage of removing information that can be used to aid in combinatorial and timing analysis (combined).

Also it has another advantage which I won't mention yet...

In any case, I want to acceded that CN does in theory effectively add value privacy. I am just not confident that Monero is sufficient against the 5 Eyes and powerful analysis research that might be forthcoming if ever these CN coins become popular.

Think of my work as (an attempt at) the second stage of furthering the technology.
sr. member
Activity: 420
Merit: 262
No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

This is only a problem if the miner can identify which transactions they want to censor by linkability or other analysis. Presuming that you can maintain unlinkability, miners won't censor transactions unless they want to censor all transactions. There's no easy fix for that - if someone wants to spend lots of money suppressing nearly all transactions, you are correct - they can do this.

CN has a viewkey. If the government takes control of the mining because due to centralization they can regulate 51% of network hash rate, then they can require every transaction publicize its viewkey. Effectively the government can force anonymity to be turned off, if they control 51% of the network hash rate.

Being able to guarantee that the mining will always be decentralized, is required to be able guarantee non-censorship.

This is probably the major flaw of crypto-currency.

I do believe I have a design solution and this should be published this year (hopefully). At this point, I wouldn't take my assertion as 100% given, because without peer review and implementation, one has to remember "devil is in the details" and faults could be discovered.
legendary
Activity: 2968
Merit: 1198
Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

It does to some extent because there are multiple outputs with some being change and some being payment (or payments). How they are grouped is not visible, so combinatorially this can give reasonable privacy of the payment amount. The choice of outputs affects how much actual privacy there is in practice and the current algorithm in Monero is not great, but is being improved.

As for size I gather that CT and CN are similar but I haven't reviewed it carefully.
legendary
Activity: 1442
Merit: 1001
A concern, I've read some "conspiracy theories" putting the NSA behind CryptoNote.  I haven't gotten to deep into that research, so I'd love to hear from people that have.


Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

Agreed - this is a great feature, although given the head start that CN coins have and the likely lack of trust for using side chains for 'real' transactions for the next few years, I see this as more of an academic solution rather than a real one, in the short term.

Quote
No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

This is only a problem if the miner can identify which transactions they want to censor by linkability or other analysis. Presuming that you can maintain unlinkability, miners won't censor transactions unless they want to censor all transactions. There's no easy fix for that - if someone wants to spend lots of money suppressing nearly all transactions, you are correct - they can do this.

Quote
The other problem for all anonymous coins is that neither I2P nor Tor are reliable anonymity against a national security agency. And the nations are compiling these records to compile future tax and criminal cases against you.

(yes of course I have solutions to all of these weaknesses)
sr. member
Activity: 378
Merit: 250
I just wanted to remind everyone that BBR has a very friendly emission curve for later adopters. No fastmine or premine here! Today is a great day to start mining boolberry.

Unlike some other coins on the list above (with much higher market caps) most of BBR has yet to be mined. We also have an official GUI and a unique method of dealing with mixins and blockchain bloat:

http://www.slideshare.net/boolberry/boolberry-solves-cryptonoteflaws-37055246
http://www.slideshare.net/boolberry/boolberry-reduces-blockchain-bloat
sr. member
Activity: 420
Merit: 262
A concern, I've read some "conspiracy theories" putting the NSA behind CryptoNote.  I haven't gotten to deep into that research, so I'd love to hear from people that have.

CN uses Daniel Berstein's EdDSA (specifically curve Ed25519). Berstein has fought the USG in court and has been outspoken about threats against our cryptography freedom.

The main problem with CN is that ring signatures require equal denominations, thus Monero has to maintain power-of-10 balances, which bloats the block chain and complicates the wallet programming.

Then when you need to recombine the change from multiple transactions, if don't mix these you break unlinkability.

Also because Monero does not force all ring mixes to be mandatory amongst preset groupings, it could be subject to combinatorial attack which could unmask the anonymity. Their researchers are studying my complaint on this issue and my suggested fix.

Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

No CN coins and in fact no altcoins that I am aware of, have really solved the issue that centralization of mining can cause transactions to be censored. This is an open problem for cryptocurrency.

The other problem for all anonymous coins is that neither I2P nor Tor are reliable anonymity against a national security agency. And the nations are compiling these records to compile future tax and criminal cases against you.

(yes of course I have solutions to all of these weaknesses)
hero member
Activity: 896
Merit: 1000
i would like to mention:

with DigitalNote XDN quantum leap 2.0 we made XDN source code refracting, we made lots of new features, but also we took lots of cryptonote source code parts https://github.com/cryptonotefoundation/cryptonote

Now i would say digitalnote is 1/3 bytecoin source code, 1/3 cryptonote source code and 1/3 of XDN-devs work.

I wish they have some coin "features tree" on that map.
legendary
Activity: 2254
Merit: 1290
Paladincoin and Budhacoin are both fake coins

Thank you.

Just saw your response. I'd deleted my post after I found the info I needed on map of coins.

Cheers

Graham
legendary
Activity: 2968
Merit: 1198
I've no note of a cryptonote coin with a PLD symbol, can't find any results searching for PLD on bitcointalk or for “cryptonote PLD” on DDG. Would be grateful for more info.

Paladincoin and Budhacoin are both fake coins that never existed but were invented as forks that supposedly were created during the alleged "two years in the darknet" Bytecoin backstory.

Anyone who creates or disseminates material that includes those coins or explicitly mentions (often in a context that makes a sensible reader ask why it is being mentioned) Bytecoin having been launched in 2012 is either part of the ongoing Bytecoin premine fraud whitewashing effort or has been fooled by it. You will notice the oddly conspicuous "launched in 2012" comments, for example, in nearly every article or "interview" that has been sprinkled around the web by their astroturfing efforts. Of course every single one of those references (as in fully 100%) only came into existence since the Bytecoin fraud started (late 2013 to early 2014).
legendary
Activity: 2254
Merit: 1290
It seems to be the case that there are some genuine semantics pertinent to the provenance. Looks like I need to add a “cloneparent” relation to the DOACC ontology (plain OWL (in github repos) or fancy HTML (on Minkiz *).

I somehow managed to miss ASAPcoin and have not yet added Tavos to the DOACC graph but here's a SPARQL query that lists the name and symbol of each DOACC entry listed as using the protocol named “cryptonote”.

Code:
PREFIX skos:
PREFIX doacc:

SELECT ?node ?sym ?lab WHERE
{?prot skos:prefLabel "cryptonote"@en .
  ?node doacc:protocol ?prot .
  ?node skos:prefLabel ?lab .
  ?node doacc:symbol ?sym
} ORDER BY ?lab

Results (output format edited for inclusion here). Hyperlinks are to Minkiz' own version of a Linked Open Data browser *


For convenience, here's a canned version of the query * that renders the results as HTML.

As regards collating features, I'm rather impressed with the polish of the DigitalNote GUI wallet, very promising indeed. Introducing a slider bar for degree of anonymity solves one very important but much under-appreciated issue - the fact that users with only a shallow model will naturally but mistakenly treat anonymity as a binary state when the reality is that it is a ratio scale of the brute force required to crack the crypto. A slider bar acts to help prevent such a misperception occurring in the first place. Nice work.

* self-signed SSL cert, CA cert, DYR: archive.org


Cheers

Graham

Edit: added CAcert note
Pages:
Jump to: