Pages:
Author

Topic: delete - page 3. (Read 27672 times)

member
Activity: 84
Merit: 10
September 19, 2014, 09:49:18 PM
It appears to the be the NIZKP that is broken when you have ____ ring signatures with the same ____ but I am still trying to prove this.

Appreciate the edit.
newbie
Activity: 42
Merit: 0
September 19, 2014, 09:39:30 PM
Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.

It's all nonsense (meaning trying infer the original usage of encryption as meaningful). The term encryption makes no sense in the original context and was just misused.

The "hehe" was me being nice. His usage is correct. The encryption part is not broken. It appears to the be the NIZKP that is broken when you have ____ ring signatures with the same ____ but I am still trying to prove this.
legendary
Activity: 2968
Merit: 1198
September 19, 2014, 08:58:55 PM
Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.

It's all nonsense (meaning trying infer the original usage of encryption as meaningful). The term encryption makes no sense in the original context and was just misused.




newbie
Activity: 42
Merit: 0
September 19, 2014, 08:45:03 PM
Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.

He said the encryption is not the broken part. Hehe, we are playing word games. Hey you started it. Hehe. No problem.
legendary
Activity: 2968
Merit: 1198
September 19, 2014, 08:32:45 PM
Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink

That is essentially what I meant by arguably. But cracking that "encryption" wouldn't allow you to steal wallets so even that usage doesn't allow for a consistent interpretation of the quote.


newbie
Activity: 40
Merit: 0
September 19, 2014, 08:31:43 PM


Well BCX did offer to show a live chain demonstration to Maxwell.

Almost but not exactly.

If gmaxwell is so sure in his belief of "bullshit" then a live chain demonstration isn't possible is it?

I am not that eager to go head to head with a Bitcoin Core Dev for the obvious political reasons.

If I win, I lose.


~BCX~

What is there for you to lose? Judging by all these threads, it can't be much.

Either put up or move on.

You write that you have nothing to gain from "attacking monero", but you some how have time to keep up on it's many threads?
hero member
Activity: 826
Merit: 500
September 19, 2014, 08:09:37 PM
James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink Perhaps you forgot it is not just a digital signature as in Buttcoin.
I'll put up 10 BTC if you prove that such a critical vulnerability exists, and deliver the proof to me privately. Further conditions apply, PM me if you're serious on taking up my offer.
newbie
Activity: 42
Merit: 0
September 19, 2014, 08:05:58 PM
James I will sleep first. If anyone can beat me to it, go ahead. Again nothing may come of my hunch.

Smooth and Gmaxell the CN does have encryption because only the receiver can decrypt who the coin was spent to. Wink Perhaps you forgot it is not just a digital signature as in Buttcoin.

https://cryptonote.org/whitepaper.pdf#page=7

Quote
First, the sender performs a Diffie-Hellman exchange to get a shared secret from his data and
half of the recipient’s address. Then he computes a one-time destination key, using the shared
secret and the second half of the address. Two different ec-keys are required from the recipient
for these two steps, so a standard CryptoNote address is nearly twice as large as a Bitcoin wallet
address. The receiver also performs a Diffie-Hellman exchange to recover the corresponding
secret key.
staff
Activity: 4284
Merit: 8808
September 19, 2014, 07:55:17 PM
Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented

Encryption does not mean signature, ring or otherwise. Two different concepts. There is very little encryption in the protocol, arguably none at all.

So I'm not even sure what the original quote means at all, other than a somewhat confused mishmash of "big words."

The only way I see to make sense of it is to interpret encryption as cryptography as fluffypony said and gmaxwell seems to have also inferred. But it could mean something else. When you invent your own definitions for words you can later say you meant just about anything.
I'm used to unsophicated people using "encryption" to mean cryptography. As you note there is no encryption in the protocol _at all_, (not just arguably, but unambiguously).  But no need to hang up on a pretty obvious claim over some pedantic word mincing— the meaning was clear enough to me.  If I misread— I'm sure BCX can comment.

A theft bug that cannot be fixed without breaking the system's privacy must be a cryptographic one. Thats a pretty strong claim which deserves some strong evidence. Other systems are using related cryptosystems, and would benefit greatly from knowing it was broken. BCX should publish his discovery.
legendary
Activity: 1176
Merit: 1134
September 19, 2014, 07:45:29 PM
2) There is no break down in the encryption but in how it is implemented.
This is in direct contradiction to your original claim that it cannot be fixed without giving up on anonymity. I call bullshit.

In the quote he is talking about encryption.  

In your response you are talking about anonymity.  

On the Original post he says, "To fix this, anonymity will need to be sacrificed..."

Isn't anonymity and encryption two different things?  Where is the contradiction?

The anonymity is expressed in the whitepaper - if anonymity has to be sacrificed then it would be because the maths / crypto in the whitepaper is wrong.

I think the answer to your question in bold is no, here the anonymity and encryption are not two different things.

You think...  Not good enough.  Fluffpony basically ignored the questions.  Can we have someone that knows what they are talking about respond please.

I'd hazard that he misspoke when he said encryption, and he meant "cryptography" instead. Otherwise it makes no sense - there's a keyring flaw and we have to sacrifice anonymity, but the breakdown is not in the encryption but in the implementation thereof? Confused.

Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented perhaps referring to having multiple intersecting ring signatures simultaneously. Afaics the whitepaper did not address the math of such an intersection.


Quote from: private message
Reading between the lines it sounds like you think that BCX can actually steal wallets remotely. I wont disclose any details to anybody else, but I am curious to know if indeed this is possible. I had assumed that all the wallets are using oneway trapdoor functions that cannot be reversed.

With the cryptonote key images and multiple signers and a lot of hashing power, could it be possible to bruteforce solve a wallet's privatekey?

As I wrote upthread, it might be possible using multiple intersecting rings to use a system of simultaneous equations to find the 'x' private keys that are supposed to be hidden by the non-interactive Zero Knowledge Proof. However, I didn't work through the math to see if my hunch is true.

However by that time, the coins are already spent on the blockchain (unless you can intercept before), so you need the hashrate and or Time Warp Attack to backup the blockchain and double-spend them to yourself.

This wouldn't be the first time I had an insight that gmaxell didn't although he has returned the favor of me a few times too.

I am lazy to do the math because I don't see anyone offering me some considerable amount of money and I doubt I could use the exploit if I found it. If someone puts up a big bounty, I will investigate.

I could be way off course. It is just a hunch.
I will offer a 5 BTC bounty for a verified vulnerability along these lines as long as it is privately disclosed 2 weeks prior to public announcement so there is time to correct it. Due to the vagueness of the possible attacks and the practical feasibility, I will defer to community's opinion as to whether the exploit is valid.

I hope that Risto will match my 5 BTC bounty

James
legendary
Activity: 2968
Merit: 1198
September 19, 2014, 07:41:10 PM
Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented

Encryption does not mean signature, ring or otherwise. Two different concepts. There is very little encryption in the protocol, arguably none at all.

So I'm not even sure what the original quote means at all, other than a somewhat confused mishmash of "big words."

The only way I see to make sense of it is to interpret encryption as cryptography as fluffypony said and gmaxwell seems to have also inferred. But it could mean something else. When you invent your own definitions for words you can later say you meant just about anything.
legendary
Activity: 3444
Merit: 1061
September 19, 2014, 07:30:42 PM
old and young...and they quarrel like children  Roll Eyes lol

i guess that's the price of anonymity  Cheesy
newbie
Activity: 42
Merit: 0
September 19, 2014, 07:24:51 PM
But how much do you bench?

Thanks! That comment literally made my week!

PS: 1 rep max 155kg bench

I don´t know in kg but i am able to lift 3 crates of beer from the supermarket to my car.

This thread is reminding me of the tussles with my childhood friends.

Well to you young studs, I am 49 and at least I can still lift my 5kg dick.

I'm 31 so I guess that makes you technically old enough to be my dad.

49 what the hell, I didn't realize old people were in crypto.

~BCX~

Don't feel too much pity on me...

Seriously I can still bench 120 - 140kg and squat I don't know but in my 20s I did about 250 kg. I am 5'7" (169cm) and about 75 - 80kg.

My athleticism would be much greater if I wasn't suffering from a progressive autoimmune condition (which just might be improving since I started AHCC treatment in May).

Note I was an exceptional athlete most of my life though. For example I ran a sub 4:30 mile, sub 2:00 800 meters. I also ran 4.5 ish 40 meter dash, was a MVP at cornerback, etc..

I still compete with the young guys in basketball full speed. My vertical is still over 24" (just recently improved from 19").
newbie
Activity: 42
Merit: 0
September 19, 2014, 07:07:49 PM
2) There is no break down in the encryption but in how it is implemented.
This is in direct contradiction to your original claim that it cannot be fixed without giving up on anonymity. I call bullshit.

In the quote he is talking about encryption.  

In your response you are talking about anonymity.  

On the Original post he says, "To fix this, anonymity will need to be sacrificed..."

Isn't anonymity and encryption two different things?  Where is the contradiction?

The anonymity is expressed in the whitepaper - if anonymity has to be sacrificed then it would be because the maths / crypto in the whitepaper is wrong.

I think the answer to your question in bold is no, here the anonymity and encryption are not two different things.

You think...  Not good enough.  Fluffpony basically ignored the questions.  Can we have someone that knows what they are talking about respond please.

I'd hazard that he misspoke when he said encryption, and he meant "cryptography" instead. Otherwise it makes no sense - there's a keyring flaw and we have to sacrifice anonymity, but the breakdown is not in the encryption but in the implementation thereof? Confused.

Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented perhaps referring to having multiple intersecting ring signatures simultaneously. Afaics the whitepaper did not address the math of such an intersection.


Quote from: private message
Reading between the lines it sounds like you think that BCX can actually steal wallets remotely. I wont disclose any details to anybody else, but I am curious to know if indeed this is possible. I had assumed that all the wallets are using oneway trapdoor functions that cannot be reversed.

With the cryptonote key images and multiple signers and a lot of hashing power, could it be possible to bruteforce solve a wallet's privatekey?

As I wrote upthread, it might be possible using multiple intersecting rings to use a system of simultaneous equations to find the 'x' private keys that are supposed to be hidden by the non-interactive Zero Knowledge Proof. However, I didn't work through the math to see if my hunch is true.

However by that time, the coins are already spent on the blockchain (unless you can intercept before), so you need the hashrate and or Time Warp Attack to backup the blockchain and double-spend them to yourself.

This wouldn't be the first time I had an insight that gmaxell didn't although he has returned the favor of me a few times too.

I am lazy to do the math because I don't see anyone offering me some considerable amount of money and I doubt I could use the exploit if I found it. If someone puts up a big bounty, I will investigate.

I could be way off course. It is just a hunch.
sr. member
Activity: 952
Merit: 251
September 19, 2014, 07:06:27 PM
But how much do you bench?

Thanks! That comment literally made my week!

PS: 1 rep max 155kg bench

I don´t know in kg but i am able to lift 3 crates of beer from the supermarket to my car.

This thread is reminding me of the tussles with my childhood friends.

Well to you young studs, I am 49 and at least I can still lift my 5kg dick.


49 what the hell, I didn't realize old people were in crypto.

I'm 31 so I guess that makes you technically old enough to be my dad.


~BCX~



49 old ??
He's still a pup !!
62 here ..

Triff ..
newbie
Activity: 42
Merit: 0
September 19, 2014, 06:53:11 PM
But how much do you bench?

Thanks! That comment literally made my week!

PS: 1 rep max 155kg bench

I don´t know in kg but i am able to lift 3 crates of beer from the supermarket to my car.

This thread is reminding me of the tussles with my childhood friends.

Well to you young studs, I am 49 and at least I can still lift my 5kg dick.
hero member
Activity: 700
Merit: 520
September 19, 2014, 06:10:57 PM
lots of black people


read the signature my dear troll u may need to triple read it to let it get into ur brains

~CfA~
legendary
Activity: 2968
Merit: 1198
September 19, 2014, 06:08:54 PM
And are stuck in 2013 talking about "revolutionary wallets" in the age if NXT.

I've seen the Nxt wallet. The one under development for Monero is revolutionary.

Re. Vertcoin, it is currently #40 on coinmarketcap. I don't spent my time studying every one of the top 40 coins.


I found a leaked screenshot of the Monero wallet.  Grin



In terms of ease of use that would indeed be a vast improvement. But we're not quite able to accomplish that yet.
hero member
Activity: 966
Merit: 1003
September 19, 2014, 06:08:17 PM
It's just u. I have 1424 posts signed with my CfA brand. U have 1. BCX has 3400.

~CfA~


legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
September 19, 2014, 06:07:23 PM
And are stuck in 2013 talking about "revolutionary wallets" in the age if NXT.

I've seen the Nxt wallet. The one under development for Monero is revolutionary.

Re. Vertcoin, it is currently #40 on coinmarketcap. I don't spent my time studying every one of the top 40 coins.


I found a leaked screenshot of the Monero wallet.  Grin

Pages:
Jump to: