Pages:
Author

Topic: delete - page 13. (Read 165538 times)

member
Activity: 112
Merit: 10
October 08, 2014, 09:19:59 PM
In reply to a concerned citizen gentleman,

UBERcoin ANNouncement
Launching the latest and last cryptomoney

Total emission: 1337 coins.

I have forked UBERcoin to fix your category errors and take into account the 666/Pi^100 Great Collapsing Hrung problem as predicted by Martin Armstrong.

UBERcoin's Hrung will inevitably collapse due to reasons that I cannot explain but you must believe because I am the authority because I once made a popular web page before the web was popular.

VaporCoin introduces the revolutionary and derivative concept of RingShuffle

RingShuffle uses three blockchains.  The outer application layer is the same as any CN coin.  The two-ply inner transportation system is used by nodes to accomplish both on and off chain mixing.  The middle layer is a mini-blockchain account tree that tracks the balance of mixing daemons.  Mixing daemons are ephemeral and each Vapor node spawns random number of them with random lifespans.  Mixing daemons use the inner layer's blockchain to shuffle coins using one-time-ring-signatures. 

This arrangement keeps bloat off off the permanent user-facing blockchain and restricts transaction noise (AKA helpful entropy) to temporary prunable ring sigs, while the minichain-based global account tree keeps transport daemons synchronized and mitigates the threat of hostile/dishonest Sybil nodes.

RingShuffle = (CN blockchain ((Miniblockchain(prunable CN blockchain)))

We are already in discussion with SuperNet, and are now taking pre-orders for our Stargoat+ FPGASIC, which is the only hardware capable of mining VaporCoins .

do you own the annoymint account   Cheesy
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
October 08, 2014, 09:18:16 PM
In reply to a concerned citizen gentleman,

UBERcoin ANNouncement
Launching the latest and last cryptomoney

Total emission: 1337 coins.

I have forked UBERcoin to fix your category errors and take into account the 666/Pi^100 Great Collapsing Hrung problem as predicted by Martin Armstrong.

UBERcoin's Hrung will inevitably collapse due to reasons that I cannot explain but you must believe because I am the authority because I once made a popular web page before the web was popular.

VaporCoin introduces the revolutionary and derivative concept of RingShuffle

RingShuffle uses three blockchains.  The outer application layer is the same as any CN coin.  The two-ply inner transportation system is used by nodes to accomplish both on and off chain mixing.  The middle layer is a mini-blockchain account tree that tracks the balance of mixing daemons.  Mixing daemons are ephemeral and each Vapor node spawns random number of them with random lifespans.  Mixing daemons use the inner layer's blockchain to shuffle coins using one-time-ring-signatures. 

This arrangement keeps bloat off off the permanent user-facing blockchain and restricts transaction noise (AKA helpful entropy) to temporary prunable ring sigs, while the minichain-based global account tree keeps transport daemons synchronized and mitigates the threat of hostile/dishonest Sybil nodes.

RingShuffle = (CN blockchain ((Miniblockchain(prunable CN blockchain)))

We are already in discussion with SuperNet, and are now taking pre-orders for our Stargoat+ FPGASIC, which is the only hardware capable of mining VaporCoins .
newbie
Activity: 14
Merit: 0
October 08, 2014, 09:08:15 PM
Also here is some vaporware...

...there is some design with off chain, where the anonymity mix is never sent to the internet.

 Tongue

As for authority and believing each other's undocumented (secret) claims, remember you long ago assured me that is possible to prune CN rings with a certain design. I have since I think stumbled onto what that design would be. Conversely, you can choose to believe me or not.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:57:52 PM
You know who the spender is of the transaction, you break them.

IP tracing doesn't help you here. There is no way to know which of the one-time keys in a ring correspond to "you" (the IP user).

Re-read my post. Apparently you didn't read it.
legendary
Activity: 2968
Merit: 1198
October 08, 2014, 08:56:14 PM
You know who the spender is of the transaction, you break them.

IP tracing doesn't help you here. There is no way to know which of the one-time keys in a ring correspond to "you" (the IP user). You need to know the spender in terms of a one-time key pair (or identified transaction on the blockchain -- equivalent). So no IP tracing doesn't break rings.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:51:42 PM
Long ago you and I discussed in public that linking together transactions if your IP conveys your identity thus breaks down the anonymity of rings. That was when you guys decided to add I2P because I informed you about that problem.

...

2. You're confusing linking and tracing. The purpose of ring signatures is to impede tracing. Linking can be avoided even in Bitcoin just by not reusing addresses (though is more convenient in Monero). Tracing can't be done at all via IP-level attacks, as far as I can tell, since the blockchain is effectively broadcast. No one can know from analyzing your network activity which transactions you are receiving, only which ones you send.

We had this same exact discussion publicly long ago, but at that time I hadn't yet conceived the bounty algorithm.

You know who the spender is of the transaction, you break them. Even though you don't know which public key corresponds to which person's identity (but you know that too if users want to use lite clients!), by linking together multiple rings spent from the same person, you can break down the rings by cross-correlation. It is similar to the bounty algorithm concept, but will converge absolutelywith higher certainty if you know every IP address. Or if you only know some of them, it will aid my bounty algorithm as more information for de-anonymizing the rings.

On chain just adds vulnerability

Okay, now it is pretty clear that you are "selling" your approach.

No it was a factual statement, not even FUD.

It is not fair to criticize me for not rushing to release some anonymity design that is not well characterized, if you simultaneously criticize DRK for rushing and releasing anonymity design that is not well characterized.

Also you know I've asked for implementation help.

Edit: the point is you can't claim (you haven't proven) rings add anything over off chain. And they apparently can't efficiently layer multiple encryption.

I do find rings more well understood than DRK mysterious "masternodes". But that doesn't mean I am saying CN rings are extremely well characterized. Overlapping rings and IP tracing can de-anonymize the rings with cross-correlation. None of this is proven affirmatively or disproven.
legendary
Activity: 2968
Merit: 1198
October 08, 2014, 08:45:09 PM
Long ago you and I discussed in public that linking together transactions if your IP conveys your identity thus breaks down the anonymity of rings. That was when you guys decided to add I2P because I informed you about that problem.

1. Thank you for whatever constructive suggestions you make to improve the product. I'm not even sure whether your input was instrumental in starting the I2P effort -- that was something that fluffpony was behind -- not me. But if it was, then thank you. We welcome constructive input from anyone.

2. You're confusing linking and tracing. The purpose of ring signatures is to impede tracing. Linking can be avoided even in Bitcoin just by not reusing addresses (though is more convenient in Monero). Tracing can't be done at all via IP-level attacks, as far as I can tell, since the blockchain is effectively broadcast. No one can know from analyzing your network activity which transactions you are receiving, only which ones you send.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:39:53 PM
So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

The two are complementary.

Logic fail.

That was when you guys decided to add I2P because I informed you about that problem.

Thats why anoncoin decided too? lol

Actually you will find I was the apparently the first to publicly raise their awareness of the timing analysis type weaknesses in Tor (and thus by implication I2P). Summer or Autumn of 2013.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:29:22 PM
So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

The two are complementary.

Logic fail.

Long ago you and I discussed in public that linking together transactions if your IP conveys your identity thus breaks down the anonymity of rings. That was when you guys decided to add I2P because I informed you about that problem.
legendary
Activity: 2968
Merit: 1198
October 08, 2014, 08:27:37 PM
So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

The two are complementary. Even Bitcoin can be used with Tor, etc. But even if Tor, etc. are assumed to be totally bulletproof, that does not provide any protection against blochchain analysis.

Cryptonote can be viewed as Bitcoin with defense to blockchain analysis added. Other existing solutions attempt to do that with masternodes, network peers, etc. I think our approach that relies on cryptography rather than shuffling data around the Internet between various nodes is easier to analyze and therefore more likely to actually deliver what it promises. (Though, as always, no 100% guarantees in life.)

Other approaches that are distinct from both Cryptonote and current off-chain mixers may also be useful, or even potentially (much) better, but Cryptonote is here now. That is worth a lot and even in its current rough (but rapidly improving) form, improves greatly on Bitcoin with respect to privacy.

Quote
On chain just adds vulnerability

Okay, now it is pretty clear that you are "selling" your approach. It may not be what you intend, but that's how it is coming off.

Go build it. A demo is worth 1000 posts.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:17:12 PM
And Tor (and I2P) anonymity is not well characterized mathematically. Many argue they are not reliably anonymous. So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

You have made no point.

I made a very strong non-FUD point, which is off chain can layer multiple encryption. On chain just adds vulnerability and costs us a lot in terms of targeting mass adopted design factors.
legendary
Activity: 2968
Merit: 1198
October 08, 2014, 08:13:46 PM
That snippet from smooth was entirely FUD.

Most of my message was intended as FUD, as a sort of example lesson to show how FUD begets FUD. It isn't helpful.

Build (or fully describe) something, then we can analyze it.

Quote
well you can't because you don't know my designs

Exactly!

Quote
you will learn that when I make a statement like that, it has been vetted.

Did you really just appeal to yourself as an authority?

Show your work.
newbie
Activity: 14
Merit: 0
October 08, 2014, 08:07:44 PM
Quote
Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.

+1.  

That snippet from smooth was entirely FUD. He has a category error is misequating Tor or I2P with all possible formations of off chain mixing. There are forms which are mathematically modeled.


2. Whereas with Cryptonote (and Zerocash) what needs to be unencrypted is neatly compressed with complete organization on the block chain, off chain routing can create mazes of extreme complexity. In the asymptotic case, the authorities would need to cross correlate every encrypted packet ever sent on the internet.

Only if things are implemented "properly" at every level. That is a huge assumption I'm not prepared to make with any of the current altcoin efforts. I'd rather rely on well-designed and well-vetted encryption.

I made that same point myself. Note you did not refute #1.

Implementations of large systems that require sending information around the internet to mixing nodes and such has a huge attack surface. Cryptography implementations are potentially orders of magnitude smaller (and Cryptonote really isn't that complex) so far, far easier to vet at a systemic level.

FUD per the above reply to robinwilliams and #6 below.

Granted the issue of quantum computing vulnerability is valid, but it likely to be a acceptable risk to a great many users, but not to you. Fair enough. Build something better.

You CN people keep trying to pigeon-hole my #1 it as quantum computing only whereas I have shown you that small characteristic discrete logarithms were cracked in 2013 and they speculate about moving to higher characteristics. You ignore the fact that differential cryptanalysis breakthrough in the past broke almost all known encryption at the time (1970s), and nobody knew it had been cracked for many years. Heck discrete logarithm might be cracked now by the NSA and they are not telling us. Thus being able to use multiple layer encryption methods is essential to any level of great trust for anonymity, because unlike for spending, anonymity needs to remain uncracked for a long time into the future.

Quote
3. Cryptonote has no IP obfuscation built in (yet), thus unless you are using Tor with it, the on chain anonymity is already cracked. Which means even if you use Tor, if the others in your anonymity set ring didn't use Tor, then you are de-anonymized. And even when Cryptonote adds I2P or Tor support by default, it isn't planned to be supported for mining, and those low-latency mixnets are shown in research to be vulnerable to timing analysis. There are mathematically characterized better designs for IP obfuscation for crypto-currency than I2P and Tor.

Tor is already supported for mining. There is no reason why you can't connect to a pool using Tor. Most pools require no registration, so any coins that go back to you via pool payments can't be traced to you by any mechanism other than attacking Tor.

I said built-in so everyone uses it. Meaning dumb users click and go.

Also using Tor puts those miners at a disadvantage in speed compared to those who don't.

And Tor (and I2P) anonymity is not well characterized mathematically. Many argue they are not reliably anonymous. So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

Also note you did not refute #5 (well you can't because you don't know my designs).

Quote
5. You won't get decentralized mining without off chain anonymity.

Not proven, nor proven that you can get decentralized mining with off chain anonymity.

You haven't learned by now to respect my knowledge yet. But one day you will learn that when I make a statement like that, it has been vetted.

Quote
So again I reiterate, why risk it with on chain anonymity when there can be designs that are exponentially more secure with your anonymity into the future?

Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.

See, FUD works in either direction. Stop doing it, and start building.

Did I ever disagree publicly with building?

Am I not doing a service to readers by sharing insights into the factors they must consider?

Have Cryptonote proven everything about its anonymity? (big fat no! see #6 below)

My post wasn't written in salesman tone. It was an intellectual exchange.

Quote
6. The claim that Cryptonote has a larger anonymity set because it can mix from the entire history of the block chain, whereas CoinJoin has a simultaneity constraint, is not true because to be prunable the rings must be restricted to small groups, and as I showed in my bounty algorithm upthread, if you allow widely overlapping mixing then the rings can in theory be de-anonymized.

You didn't show anything at all about the scope and degree of unmixing, so we have nothing to say here, just more FUD.

In short, prove on-chain wrong by constructing something better. Until then you are behaving similar to the shills you hate.

Until you run the bounty algorithm on your real block chain, you don't know either how much of Cryptonote anonymity is being de-anonymized by overly overlapped rings.

If on balance, you consider that Cryptonote can never scale to micro payments, it seems the ship is leaning to one side.
member
Activity: 112
Merit: 10
October 08, 2014, 07:47:34 PM
Quote
Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.

+1. 
sr. member
Activity: 294
Merit: 250
Bitmark Developer
October 08, 2014, 07:47:14 PM
open hosts file

Code:
0.0.0.0 bitcointalk.org

 Cheesy

I learned that trick only a few years ago. Give me a bit more time to master it.

trouble is once you know how to do it, you can remove it! GL
newbie
Activity: 14
Merit: 0
October 08, 2014, 07:46:29 PM
open hosts file

Code:
0.0.0.0 bitcointalk.org

 Cheesy

I learned that trick only a few years ago. Give me a bit more time to master it.
legendary
Activity: 2968
Merit: 1198
October 08, 2014, 07:44:08 PM
2. Whereas with Cryptonote (and Zerocash) what needs to be unencrypted is neatly compressed with complete organization on the block chain, off chain routing can create mazes of extreme complexity. In the asymptotic case, the authorities would need to cross correlate every encrypted packet ever sent on the internet.

Only if things are implemented "properly" at every level. That is a huge assumption I'm not prepared to make with any of the current altcoin efforts. I'd rather rely on well-designed and well-vetted encryption. Implementations of large systems that require sending information around the internet to mixing nodes and such has a huge attack surface. Cryptography implementations are potentially orders of magnitude smaller (and Cryptonote really isn't that complex) so far, far easier to vet at a systemic level. Granted the issue of quantum computing vulnerability is valid, but it likely to be a acceptable risk to a great many users, but not to you. Fair enough. Build something better.

Quote
3. Cryptonote has no IP obfuscation built in (yet), thus unless you are using Tor with it, the on chain anonymity is already cracked. Which means even if you use Tor, if the others in your anonymity set ring didn't use Tor, then you are de-anonymized. And even when Cryptonote adds I2P or Tor support by default, it isn't planned to be supported for mining, and those low-latency mixnets are shown in research to be vulnerable to timing analysis. There are mathematically characterized better designs for IP obfuscation for crypto-currency than I2P and Tor.

Tor is already supported for mining. There is no reason why you can't connect to a pool using Tor. Most pools require no registration, so any coins that go back to you via pool payments can't be traced to you by any mechanism other than attacking Tor.

Quote
5. You won't get decentralized mining without off chain anonymity.

Not proven, nor proven that you can get decentralized mining with off chain anonymity.

Quote
So again I reiterate, why risk it with on chain anonymity when there can be designs that are exponentially more secure with your anonymity into the future?

Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.

See, FUD works in either direction. Stop doing it, and start building. When we see how much better your system is, we will all be convinced! (The salesmen representing other coins, including other off-chain anonymity coins won't, but you can't ever convince them no matter what you say or do.)

Quote
6. The claim that Cryptonote has a larger anonymity set because it can mix from the entire history of the block chain, whereas CoinJoin has a simultaneity constraint, is not true because to be prunable the rings must be restricted to small groups, and as I showed in my bounty algorithm upthread, if you allow widely overlapping mixing then the rings can in theory be de-anonymized.

You didn't show anything at all about the scope and degree of unmixing, so we have nothing to say here, just more FUD.

In short, prove on-chain wrong by constructing something better. Until then you are behaving similarly to the shills you hate.
sr. member
Activity: 294
Merit: 250
Bitmark Developer
October 08, 2014, 07:42:26 PM
open hosts file

Code:
0.0.0.0 bitcointalk.org
newbie
Activity: 14
Merit: 0
October 08, 2014, 07:37:49 PM
A coin made by you would certainly be interesting.

Due to politics, I will never tell you if I am on a coin. You will have to deduce it (which might not be that difficult). I prefer plausible deniability. Look I am no where near releasing anything. Code has been written, but I have variable health over the past months. So don't hold your breath.

Thanks for the kind words.

Peace to all forum members.
newbie
Activity: 14
Merit: 0
October 08, 2014, 07:31:29 PM
LOL I thought TFM had scrambled his password, I even said goodbye.

this forum is clown-town.

Thank you for saying good bye. I took all of those to heart and that I was sufficient for me (I didn't care about smoothie's taunts).

I really want to leave and I will. Smooth made a very strong point that needs an equally informed rebuttal.

Cryptonote is probably the best we've got for now of what exists for anonymity. DRK is not well specified mathematically.

I don't want to attack your investments. Please understand I want to attack the global 666 currency plan underway.

I'd also like to make some money, and I hope all of you can make some money too.

I don't think we are nemesis. All of us here in cryptoland want essentially the same idealism (well not all perhaps but many of us).

If we think of the larger pie out there, all of us can benefit more by working towards that, then tearing each other down and letting Suckerberg and Thail take all the large scale outcomes.

Peace.

(hell I don't know if I will ever get any coin released or not. Others read my posts and go work on things. For example, you can be sure the DRK folks are reading all my posts carefully and scheming. So please don't accuse me of being the only person capable of implementing CoinJoin convincingly with math proofs. I do wonder why no extremely capable developer has offered to work with me, because my designs and maths go far beyond what I've shared in public).
Pages:
Jump to: