Topic: delete - page 11. (Read 165526 times)

Sorry if I'm misunderstanding or asking the question wrong. I was trying to ask if one could use their private key to identify an output of theirs as a mixin in a different transation. So, if an exchange were to begin using mixins, then their ability to identify they one of their outputs was used in someone else's ring would increase proportionally to the volume they handled?


Oh I see, maybe. So, if a typical user were to use a mixin of ten, then their chances of having someone with 90% of the transactions identify one of them would be .9^10, or 34.8% of being de-anonymized? I think there's also the denominations to deal with as well, so let's say for this example that all transactions ever done were just '10'?


Is this why you initially advocated for the txid field to be removed completely? If the field was filled and encrypted on a protocol standard with random data when not in use, then would nobody know but one party (here, exchange) how much of the transactions were theirs? So, if someone were trying to mount a sybil attack on mixins, nobody would ever see it coming? Would removing it prevent the ability of an exchange or anyone to be able to know that a transaction was theirs? Maybe there's more to this? Would the best case to be to encourage the widespread random usage of the txid field then?



Me! Regardless of the eventual level of penetration into society these coins get, pretty much every aspect of them is still fascinating on a technical level


Right, so you can have the framework built up of transactions linked by one address, but still not have a clue where the terminations are because stealth addressing. Really, all you can do is prove that you were the majority transactor on the network, which you'd likely already know. So, if there were two major major network transactors (likely scenario at this point in time - two hi volume exchanges) then could there be any cross-referencing done in which some of those terminations could be revealed? Let's say cryptsy picks up xmr, and matches plx in volume and that's all that really changes in the next couple of months. Can the exchanges collude to identify users within a high probability on one exchange as users of the other exchange? I realize this can obviously be done without the blockchain, but I'm trying to learn so if anyone's under the impression that I think this would ever happen then I'm sorry but I don't mean it as it's just the easiest thing I can use to identify and understand how this works.



There was another thing that I was wondering: If ~100% of the coins that are mined go directly from pool to exchange, and then onto the rest of their life, can that cause a long-lasting effect on anything? I understand that this is not the case currently where all mined coins go to one address, but if mining were to become strictly a business where mostly nothing (<1%) is held, and 99-100% of coins always originated from <10 addresses (pools) to be used by a group of 10,000 people, as opposed to a very small network of 10,000 people who are just solo-mining and using the coins, then which network would have greater cryptographic anonymity using cryptonote?

The addresses is a non-issue. There is no connection between different transactions just because they have the same public address (unlinkability).

The issue of someone controlling a huge share of transactions is a real one, and amounts to a form of sybil attack on traceability. Some transactions will become traceable in this manner but transactions with high mixes or multiple hops become effectively untraceable even by someone owning 90% or more of the outputs due to the exponential function.

Also, just as a matter of general privacy, exchange transactions are easily identifiable since they have a payment ID, and many people don't change their payment ID very often, so you can find all their transactions that way. Given this, we can tell that the number of exchange transactions is high but not extremely high. There are still a lot of mining transactions, pool payouts, and other incidental stuff (donations, MEW memberships, private trades, people moving between their own wallets, etc.)

As a second practical matter, I don't think (most?) exchange transactions today even use mixing, so even the sybil attack doesn't apply. That could change the future, although one would hope that there would also be other uses besides sending coins to an exchange constantly, otherwise who even cares.

Finally it is important to remember that unlinkability (stealth) and untracabilty (mixing) work together to frustrate blockchain analysis. Even when you can partially overcome one, the other often makes the results useless. So for example, if you can defeat untracability on some tranasctions, you just get links between anonymous one-time keypairs that don't identify a person or link with other payments to or from that same person. Conversely if you can link some keypairs together, you can construct an "identify" (still not necessarily linked to a person) but you can't see the flow of funds to or from that identify without also defeating untraceability. You really have to defeat both simultaneously on the same set of transactions to get anything useful, and that is much harder.

I was under the impression that the exchange address for plx was the same for everyone, and it was a different txid field that they gave to each person. I'm going off of memory here from when I made a second account there, and I remember the address being the same as on my other account, and only the txid field changed. I could be wrong, but I'll go make some more accounts there now to look.

Maybe, in a sense, when withdrawing from plx to you the address is different becase of stealth addressing, but would having the same private key for that stealth address still have an effect on benefit in the addressing/rs's if the tx came out of that address for one tx, and was sent then to one more address (say someone bought something), and then the money goes right back to the exchange address?

I was just wondering if there was a way to account for that (statistically? some other way?) when looking at the blockchain, and if there were any large resulting effects that could be mediated with having an actual different address rather than just a different txid?

So, if I were poloniex, what mechanism prevents me from looking at the blockchain composed of mostly transactions with me and saying 'that's my mixin' or 'that's not my mixin', at some point in the future?

Yes and no. There is a button to change payment ID but I think they go to the same address. However, on the blockchain they go to different addresses because stealth addresses are always one-time.

Assuming you are talking about Poloniex, each new deposit of a customer is a new XMR address. And if I am not mistaken there is change address for each succession of withdrawals from users meaning the coins are never always sent from the same XMR address.

Did I miss something here concerning your thoughts?

Could there be a major flaw in how these currencies are being used right now? I can imagine a highly likely scenario where surely >50%, and probably much closer to 90% of all the xmr coins ever emitted currently have have moved through one single address?

Additionally, could the percentage of mined coins directly to that exchange address have a strong effect on anything?

Will having likely 90% of all coins ever currently minted using xmr as example, which is 21.37% of all coins that will exist currently routed through a single address, occasionally branching off for one or two transactions before going right back to that address bode well for the cryptographic anonymity provided by ring signatures?

Omitted question mark now inserted.

If verified, no one (including the proprietor) is quite sure if it was intentional or not. Personally I lean to the latter, but bear in mind my right statesticle is ostensibly more colossal than the former.



http://en.wikipedia.org/wiki/Reductio_ad_absurdum