Topic: delete - page 13. (Read 165538 times)

do you own the annoymint account   

I have forked UBERcoin to fix your category errors and take into account the 666/Pi^100 Great Collapsing Hrung problem as predicted by Martin Armstrong.

UBERcoin's Hrung will inevitably collapse due to reasons that I cannot explain but you must believe because I am the authority because I once made a popular web page before the web was popular.

VaporCoin introduces the revolutionary and derivative concept of RingShuffle. 

RingShuffle uses three blockchains.  The outer application layer is the same as any CN coin.  The two-ply inner transportation system is used by nodes to accomplish both on and off chain mixing.  The middle layer is a mini-blockchain account tree that tracks the balance of mixing daemons.  Mixing daemons are ephemeral and each Vapor node spawns random number of them with random lifespans.  Mixing daemons use the inner layer's blockchain to shuffle coins using one-time-ring-signatures. 

This arrangement keeps bloat off off the permanent user-facing blockchain and restricts transaction noise (AKA helpful entropy) to temporary prunable ring sigs, while the minichain-based global account tree keeps transport daemons synchronized and mitigates the threat of hostile/dishonest Sybil nodes.

RingShuffle = (CN blockchain ((Miniblockchain(prunable CN blockchain)))

We are already in discussion with SuperNet, and are now taking pre-orders for our Stargoat+ FPGASIC, which is the only hardware capable of mining VaporCoins .

Also here is some vaporware...

...there is some design with off chain, where the anonymity mix is never sent to the internet.

 

As for authority and believing each other's undocumented (secret) claims, remember you long ago assured me that is possible to prune CN rings with a certain design. I have since I think stumbled onto what that design would be. Conversely, you can choose to believe me or not.

Re-read my post. Apparently you didn't read it.

IP tracing doesn't help you here. There is no way to know which of the one-time keys in a ring correspond to "you" (the IP user). You need to know the spender in terms of a one-time key pair (or identified transaction on the blockchain -- equivalent). So no IP tracing doesn't break rings.

We had this same exact discussion publicly long ago, but at that time I hadn't yet conceived the bounty algorithm.

You know who the spender is of the transaction, you break them. Even though you don't know which public key corresponds to which person's identity (but you know that too if users want to use lite clients!), by linking together multiple rings spent from the same person, you can break down the rings by cross-correlation. It is similar to the bounty algorithm concept, but will converge absolutelywith higher certainty if you know every IP address. Or if you only know some of them, it will aid my bounty algorithm as more information for de-anonymizing the rings.


No it was a factual statement, not even FUD.

It is not fair to criticize me for not rushing to release some anonymity design that is not well characterized, if you simultaneously criticize DRK for rushing and releasing anonymity design that is not well characterized.

Also you know I've asked for implementation help.

Edit: the point is you can't claim (you haven't proven) rings add anything over off chain. And they apparently can't efficiently layer multiple encryption.

I do find rings more well understood than DRK mysterious "masternodes". But that doesn't mean I am saying CN rings are extremely well characterized. Overlapping rings and IP tracing can de-anonymize the rings with cross-correlation. None of this is proven affirmatively or disproven.

1. Thank you for whatever constructive suggestions you make to improve the product. I'm not even sure whether your input was instrumental in starting the I2P effort -- that was something that fluffpony was behind -- not me. But if it was, then thank you. We welcome constructive input from anyone.

2. You're confusing linking and tracing. The purpose of ring signatures is to impede tracing. Linking can be avoided even in Bitcoin just by not reusing addresses (though is more convenient in Monero). Tracing can't be done at all via IP-level attacks, as far as I can tell, since the blockchain is effectively broadcast. No one can know from analyzing your network activity which transactions you are receiving, only which ones you send.

Actually you will find I was the apparently the first to publicly raise their awareness of the timing analysis type weaknesses in Tor (and thus by implication I2P). Summer or Autumn of 2013.

Logic fail.

Long ago you and I discussed in public that linking together transactions if your IP conveys your identity thus breaks down the anonymity of rings. That was when you guys decided to add I2P because I informed you about that problem.

The two are complementary. Even Bitcoin can be used with Tor, etc. But even if Tor, etc. are assumed to be totally bulletproof, that does not provide any protection against blochchain analysis.

Cryptonote can be viewed as Bitcoin with defense to blockchain analysis added. Other existing solutions attempt to do that with masternodes, network peers, etc. I think our approach that relies on cryptography rather than shuffling data around the Internet between various nodes is easier to analyze and therefore more likely to actually deliver what it promises. (Though, as always, no 100% guarantees in life.)

Other approaches that are distinct from both Cryptonote and current off-chain mixers may also be useful, or even potentially (much) better, but Cryptonote is here now. That is worth a lot and even in its current rough (but rapidly improving) form, improves greatly on Bitcoin with respect to privacy.


Okay, now it is pretty clear that you are "selling" your approach. It may not be what you intend, but that's how it is coming off.

Go build it. A demo is worth 1000 posts.

You have made no point.

I made a very strong non-FUD point, which is off chain can layer multiple encryption. On chain just adds vulnerability and costs us a lot in terms of targeting mass adopted design factors.

Most of my message was intended as FUD, as a sort of example lesson to show how FUD begets FUD. It isn't helpful.

Build (or fully describe) something, then we can analyze it.


Exactly!


Did you really just appeal to yourself as an authority?

Show your work.

That snippet from smooth was entirely FUD. He has a category error is misequating Tor or I2P with all possible formations of off chain mixing. There are forms which are mathematically modeled.



I made that same point myself. Note you did not refute #1.


FUD per the above reply to robinwilliams and #6 below.


You CN people keep trying to pigeon-hole my #1 it as quantum computing only whereas I have shown you that small characteristic discrete logarithms were cracked in 2013 and they speculate about moving to higher characteristics. You ignore the fact that differential cryptanalysis breakthrough in the past broke almost all known encryption at the time (1970s), and nobody knew it had been cracked for many years. Heck discrete logarithm might be cracked now by the NSA and they are not telling us. Thus being able to use multiple layer encryption methods is essential to any level of great trust for anonymity, because unlike for spending, anonymity needs to remain uncracked for a long time into the future.


I said built-in so everyone uses it. Meaning dumb users click and go.

Also using Tor puts those miners at a disadvantage in speed compared to those who don't.

And Tor (and I2P) anonymity is not well characterized mathematically. Many argue they are not reliably anonymous. So if you argue against off chain mixing, you fail to note that your on chain depends on your off chain IP obfuscation, so your entire thesis of defense collapses in a house of cards.

Also note you did not refute #5 (well you can't because you don't know my designs).


You haven't learned by now to respect my knowledge yet. But one day you will learn that when I make a statement like that, it has been vetted.


Did I ever disagree publicly with building?

Am I not doing a service to readers by sharing insights into the factors they must consider?

Have Cryptonote proven everything about its anonymity? (big fat no! see #6 below)

My post wasn't written in salesman tone. It was an intellectual exchange.


Until you run the bounty algorithm on your real block chain, you don't know either how much of Cryptonote anonymity is being de-anonymized by overly overlapped rings.

If on balance, you consider that Cryptonote can never scale to micro payments, it seems the ship is leaning to one side.

+1. 

trouble is once you know how to do it, you can remove it! GL

 

I learned that trick only a few years ago. Give me a bit more time to master it.

Only if things are implemented "properly" at every level. That is a huge assumption I'm not prepared to make with any of the current altcoin efforts. I'd rather rely on well-designed and well-vetted encryption. Implementations of large systems that require sending information around the internet to mixing nodes and such has a huge attack surface. Cryptography implementations are potentially orders of magnitude smaller (and Cryptonote really isn't that complex) so far, far easier to vet at a systemic level. Granted the issue of quantum computing vulnerability is valid, but it likely to be a acceptable risk to a great many users, but not to you. Fair enough. Build something better.


Tor is already supported for mining. There is no reason why you can't connect to a pool using Tor. Most pools require no registration, so any coins that go back to you via pool payments can't be traced to you by any mechanism other than attacking Tor.


Not proven, nor proven that you can get decentralized mining with off chain anonymity.


Why risk off chain routing attacks when (some future non-existant) on-chain system can be made exponentially more secure, with greater scrutiny of the components parts (encryption) then some large and nearly impossible to analyze set of interconnected elements.

See, FUD works in either direction. Stop doing it, and start building. When we see how much better your system is, we will all be convinced! (The salesmen representing other coins, including other off-chain anonymity coins won't, but you can't ever convince them no matter what you say or do.)


You didn't show anything at all about the scope and degree of unmixing, so we have nothing to say here, just more FUD.

In short, prove on-chain wrong by constructing something better. Until then you are behaving similarly to the shills you hate.

open hosts file

Due to politics, I will never tell you if I am on a coin. You will have to deduce it (which might not be that difficult). I prefer plausible deniability. Look I am no where near releasing anything. Code has been written, but I have variable health over the past months. So don't hold your breath.

Thanks for the kind words.

Peace to all forum members.

Thank you for saying good bye. I took all of those to heart and that I was sufficient for me (I didn't care about smoothie's taunts).

I really want to leave and I will. Smooth made a very strong point that needs an equally informed rebuttal.

Cryptonote is probably the best we've got for now of what exists for anonymity. DRK is not well specified mathematically.

I don't want to attack your investments. Please understand I want to attack the global 666 currency plan underway.

I'd also like to make some money, and I hope all of you can make some money too.

I don't think we are nemesis. All of us here in cryptoland want essentially the same idealism (well not all perhaps but many of us).

If we think of the larger pie out there, all of us can benefit more by working towards that, then tearing each other down and letting Suckerberg and Thail take all the large scale outcomes.

Peace.

(hell I don't know if I will ever get any coin released or not. Others read my posts and go work on things. For example, you can be sure the DRK folks are reading all my posts carefully and scheming. So please don't accuse me of being the only person capable of implementing CoinJoin convincingly with math proofs. I do wonder why no extremely capable developer has offered to work with me, because my designs and maths go far beyond what I've shared in public).