In XMR there exist a flaw involving the keyrings that under the right conditions will allow an attacker to steal your wallets and hijack your addresses. To fix this, anonymity will need to be sacrificed.
The bullshit part is in bold (well it's all bullshit). There may be an exploit in XMR that may work under some theoretical circumstances, but unless Ronald Rivest and Adi Shamir (the R & S from RSA cryptography) screwed up in a way that has not been detected by everyone in the field of cryptography, there is no need to sacrifice anonymity for "keyrings" (i.e. the ring signature system).
You are probably thinking of the Shamir transform which converts an interactive Zero Knowledge Proof (ZKP) into an non-interactive one (NIZKP) by employing a one-way cryptographic hash function. Or you are thinking of their separate invention of ring signatures.
That doesn't necessarily apply to CN's one-time ring signatures because these are a novel merging of NIZKP and ring-signatures to make them one-time use.
My wild guess without studying the math again in the CN whitepaper, is any exploit (if any) has something to do with finding collisions or preimages in the NIZKP that makes it possible to forge a one-time ring signature under certain conditions. I had intuitions to look at potential weaknesses such as this but didn't have time to pursue it. Afaik, CN's one-time ring signature invention was not vetted by significant cryptanalysis.
My question to smooth and other Monero developers is, "Has BCX revealed any exploit to any of you?", because the posts I've read from smooth seem to be wordsmithed in such a way as to avoid definitively answering that question.
P.S. I am AnonyMint.
rpietilla may not be part of the core team but he is heavily vested and has personal ties to someone that is. As such he has access to insider information and is able to use that information to his advantage. He might as well be considered part of the team.
Who is the person he has personal ties to?
Second, Most PoW zealots can't seem to see into the future like I (and a lot of other people.. the PoS crowd) can in regards to the inevitable centralization of PoW mining. No PoW algorithm can be ASIC proof.. it is not possible. Due to this and economies of scale, all forms of PoW mining will slowly go from decentralized to centralized as large mining conglomerates take over the block chain. The people with the most money to spend and the cheapest power will make all mom and pop miners unprofitable, and at that point they will stop investing/buying ASICs. Over time the block chain will become more and more centralized until it is so centralized that they can do many nefarious things, such as raise transaction fees on a whim by only including transactions into blocks that have X amount of fees, because they decide they are not making enough profit.
Third, once a PoW cryptocurrency exits its inflationary stage of the money supply distribution, it is possible that the transaction fees are not enough to compensate the miners and keep the blockchain secure.
True all the existing PoW coins suffer these. But it is possible to fix this. I will not tell you how though. Well actually I already told everyone but they can't wrap their mind around AnonyMint's posts, so nevermind.
BTW: AnonyMint hinted that a solution to centralized mining could be to somehow make mining always unprofitable, that way all mining comes from individual nodes contributing miniscule amounts of hashpower while their wallets are open.
Kudos to you sir.
BTW: AnonyMint hinted that a solution to centralized mining could be to somehow make mining always unprofitable, that way all mining comes from individual nodes contributing miniscule amounts of hashpower while their wallets are open.
This sounds like a clever idea, and I think it could work if the logistics were figured out.
One logistic was getting the PoW right. I first did a PoW in November 2013 which is essentially what CN ended up with independently, although mine was orders-of-magnitude faster by exploiting AVX2 which also provided botnet resistance. Then I realized fighting against ASICs was futile so I had to embrace them.
Anonymint is still around, although he may of dropped that idea.. I don't know. I do agree that is a good idea that needs more attention.. I haven't heard it before. I'm guessing it is hard to implement fairly and securely though, which would be the only thing holding it back. Yet, it could possibly be made to work.
I am trying to not to post. But since I decided to correct that misunderstanding about Rivest and Shamir's relevance to CN's one-time ring signatures, I might as well reply to these comments.
Agreed the details of widespread mining are difficult to achieve.
Edit: I am not often reading the forum any more (no time for it). I just happened to read this thread because I was looking at a particular user's latest posts for an unrelated reason and they had posted in this thread.
