Pages:
Author

Topic: delete - page 28. (Read 165546 times)

newbie
Activity: 42
Merit: 0
October 06, 2014, 10:33:23 PM
I am not sure if I agree with you that rpietila destroyed Monero

It would be better for your own reputation if you did not misquote me, or quote out of context.

Who is confused?

You apparently, because I did not state anything about anyone destroying Monero.

Of course you did. I didn't intend to imply anything about your intended meaning, rather only the possible literal interpretations given the circumstances. Remember my father is an attorney. I suppose I learned it from him.

rpietila doesn't even have access to the repo, nor would he have any idea what to do with it if he did...

He's a user and self-appointed promoter.

If Mark Karpeles shows up here...

P.S. what I am trying to say is that I think rpietila contributed the political and organizational situation we have now, but I don't know if he solely responsible. And IMO the current situation is not so huge of a potential for the long-term (but I guess that could change depending what you guys have coming). Perhaps 'destroyed' is too severe. Better to say 'limited potential'. My personal opinion only subject to change depending on what is discovered and changes.

I think he also contributed politically to some design decisions, such as originally being against perpetual debasement.
newbie
Activity: 42
Merit: 0
October 06, 2014, 10:27:29 PM
Reposting because I significantly edited this...

In selfish mining, you don't know if you are on the majority chain or not, so you don't know which of the double-spends was possibly sent by the majority and mixed by them

It might be possible to isolate which of the double-spends was seen by the majority by using a PoW consensus (which is basically a simple majority vote).

Then you must assume that any follow on txs to the attacker's double-spend were all his. But the problem is that consensus can't be reached always in one block, because the majority doesn't have 100% of the hashrate.

The attacker can also accept transactions, and spenders create txs autonomously.


Some will, but most won't (but as I said, "some" might be enough for your technique to be incompatible).

True you could unwind some (usually extremely) smallish percent of valid transactions and be compatible with my fix.

Ahem. The more I think about this, in the interim time while the majority tries to build a consensus about the (now both entirely public) double-spends over some number of blocks depending on the attacker's hashrate, the attacker can introduce a huge quantity of derivative txs thus the opportunities for valid txs to mix any one of those derivative mixed txs increases significantly. It is the autonomy of the mixing that is the qualitative difference between opaque block chains and transparent block chains which also have mixes, because CoinJoin-like mixing can wait for N confirmations.

You can't mitigate this with tx fees paid to the miners, because the attacker is paying himself!

So the only mitigation I can see is to send tx fees to the ether, but the problem is your block rewards decline to 0 in Monero (I know you didn't agree with that, but you were overruled).

And in any case, high tx fees are the antithesis of a currency. Remember Gresham's law, bad (debased) money drives good (non-debased) money out-of-circulation.
newbie
Activity: 42
Merit: 0
October 06, 2014, 09:51:20 PM
Some will, but most won't (but as I said, "some" might be enough for your technique to be incompatible).

True you could unwind some (usually extremely) smallish percent of valid transactions and be compatible with my fix.

The more I think about this, if you are waiting N confirmations to avoid a double-spend attack, then you also covered if your derivative tx gets unwound.

So perhaps I am mistaken that my fix is incompatible with opaque block chains.

However if my fix is also applied to network fragmentationtemporary rented hardware attacks where the number of blocks of the fork could be quite large, i.e. my solution can fix selfish mining and also automatically repair after temporary network fragmentationrented hardware attacks, then perhaps the number N becomes unreasonably large. In that case, that is a disadvantage for opaque block chains because the fanout of affected valid txs could become quite extensive (by your own admission upthread that blacklisting would fanout exponentially).

Edit: afaik Zerocash amplifies the incompatibility because all txs much be unwound.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:46:11 PM

I'm very sorry you appear not to be enjoying the free for all about Monero on "The Monero Free For All Thread."

Please see the cashier for a refund.

newbie
Activity: 42
Merit: 0
October 06, 2014, 09:44:56 PM
In selfish mining, you don't know if you are on the majority chain or not, so you don't know which of the double-spends was possibly sent by the majority and mixed by them

It might be possible to isolate which of the double-spends was seen by the majority by using a PoW consensus (which is basically a simple majority vote).

Then you must assume that any follow on txs to the attacker's double-spend were all his. But the problem is that consensus can't be reached always in one block, because the majority doesn't have 100% of the hashrate.

The attacker can also accept transactions, and spenders create txs autonomously.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:44:01 PM
smooth,

Don't you understand that due to ring signatures there is never a private chain?

I can create a double-spend on a chain nobody else sees.

I'm calling that a private chain. Obviously we are using different terminology, but let's move on.

Quote
Then I can mix the output of that double-spend with many txs that mix many as inputs (into the rings) many other outputs from valid txs all over the historical public block chain.

If you are deliberately mixing the output of those double spends then you are the attacker. The transactions you create as the attacker will get unwound.

You can't force other people to use your outputs as mixes. Some will, but most won't (but as I said, "some" might be enough for your technique to be incompatible).

Beyond that, you will have to write up your ideas more completely and precisely if you want my input.
newbie
Activity: 42
Merit: 0
October 06, 2014, 09:38:44 PM
smooth,

Don't you understand that due to ring signatures there is never a private chain?

I can create a double-spend on a chain nobody else sees. Then I can mix the output of that double-spend with many txs that mix many as inputs (into the rings) many other outputs from valid txs all over the historical public block chain.

You have no way to prove which of those inputs was the follow on tx.

The attacker can create a multitude of the these txs.

In selfish mining, you don't know if you are on the majority chain or not, so you don't know which of the double-spends was possibly sent by the majority and mixed by them.

It is a fog.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 06, 2014, 09:38:39 PM
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:37:15 PM

Nice wall of text bro. Go create and bump some more Monero threads please. We can use the exposure.


legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 06, 2014, 09:35:29 PM
wow you don't say ?

you know what ? i think i will go out and spend my life savings on Monero after all that theoretical pseudo-technical analysis and proclamations..

nothing says good investment than 2 or 3 guys spending ALL DAY and ALL NIGHT spamming about it NON STOP !

ya got me.. i am thoroughly convinced now and will relinquish my Bitcoin to you Mensa/Monero Shills..
that is what you want after all now isn't it ?

You come here and spout of a bunch of bullshit hoping to sucker in people to cough up their Bitcoin to buy Monero coins..
rather than getting a job.

to newer users here i will explain the scam here.. it's pretty simple

first start a new clone coin then change enough of it so you can get away with calling it a fork.
then try and tack on what ever gimmick is popular such as Anon Features.
Then IPO it or flash mine it and buy into it as hard as you can as fast as you can so you can get in on the ground floor *cheap.
Then phase 2
Spam and nag and harass people about non stop hoping to lure in victims and hopefully groom them
so you can recruit them as Shills to advertise for your Ponzi/Pyramid scheme also *a bonus.
then make sure to groom your victims like a pedophile does to little children feeding them propaganda they can use on others to push the scheme along..
Problem is the END GAME !
The leader(s) on the top of the pyramid scheme are not going to notify the lemmings who bought in all naive and gullible
they will simply be dumped on for a massive loss in money !
The key to this scam to keep it going as long as possible suckering in as many victims as possible.. the scam maintenance.
The longer they can run this "Long-Con" the more people they can lure into the trap and fleece for Bitcoin..

I suggest new users beware and don't be low hanging fruit Wink

Trust me i have seen these guys push scam after scam after scam..
The only thing that changes is the names of their clone coins or their endless forum account names
at the end of the day it's still the same handful of scamming shills hanging around here trying to scam for Bitcoin !
And don't be fooled by account status's here either.. all that means is some guys have been here scamming people for a long time.
and yes beware because scamming is NOT against the rules !

Monero !
go buy some they want your Bitcoin..
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:33:37 PM
You might also have to unwind some other (non-double) spends too though.

Exactly.

And if the attacker has half a brain, he will make sure he mixes his double-spends outputs with as much of the block chain as he can.

That does him no good. You still only have to unwind his spends. Him mixing with you does not affect your transaction one way or another.

Read more carefully please. I said mix his double-spend outputs, not inputs.

That's exactly what I said below, no need for rereading.

The other ones that get unwound are spends that derive from his (obviously) or ones that mix with his outputs (likely a small number, or zero if he is mining on a private chain, and not something he has any control over).

Selfish mining is not a private chain. Which of the double-spends do you unwind? Wink

I edited the quote above. You unwind a small number that the attacker has no control over. Perhaps that is still too many for your technique though. If so that means your technique is incompatible with opaque blockchains, but that says nothing about which element is more or less valuable or important, or that either is sufficient to succeed. Only the market can decide that. Recall that I said all of cryptocurrency might fail. Cutting edge means might fail.




newbie
Activity: 42
Merit: 0
October 06, 2014, 09:30:22 PM
You might also have to unwind some other (non-double) spends too though.

Exactly.

And if the attacker has half a brain, he will make sure he mixes his double-spends outputs with as much of the block chain as he can.

That does him no good. You still only have to unwind his spends. Him mixing with you does not affect your transaction one way or another.

Read more carefully please. I said mix his double-spend outputs, not inputs.

The other ones that get unwound are spends that derive from his (obviously) or ones that mix with his outputs (likely a small number, or zero if he is mining on a private chain, and not something he has any control over).

Selfish mining is not a private chain. Which of the double-spends do you unwind? Wink

Consider (possibly forced with DDoS) network fragmentation for example.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:28:00 PM
You might also have to unwind some other (non-double) spends too though.

Exactly.

And if the attacker has half a brain, he will make sure he mixes his double-spends outputs with as much of the block chain as he can.

That does him no good. You still only have to unwind his spends. Him mixing with you does not affect your transaction one way or another. The other ones that get unwound are spends that derive from his (obviously) or ones that mix with his outputs (likely a small number, or zero if he is mining on a private chain, and not something he has any control over).

newbie
Activity: 42
Merit: 0
October 06, 2014, 09:24:32 PM
You might also have to unwind some other (non-double) spends too though.

Exactly.

And if the attacker has half a brain, he will make sure he mixes his double-spends outputs with as much of the block chain as he can. You might assume all mixes are the attacker but you can't prove that. With Zerocoin and Zerocash, it gets worse.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:19:55 PM
The only decision you can make is to let the longest fork win and destroy instantly all the conflicting value in the shorter fork, or you can put a maximum fork length rule so that the two forks live on simultaneously and the market decides how to value them.

Congratulations you have invented Bitcoin (i.e. the first alternative here). If you have proven something novel about the broader distributed consensus problem, or fully developed a way to build something novel and useful based on the second, that might interesting.

I have solved the selfish mining attack.

Not exactly. Selfish mining is an attack on Bitcoin.

And Monero and every PoW coin.

Exactly, they use Bitcoin-style PoW. I think that might even be in our coin description somewhere.

Quote
It is too obvious why opaque chains are fundamentally incompatible with the solution, because they cannot unwind individual double-spends.

Why can't you unwind double spends? In cryptonote double spends have conflicting key images. Given that fact you could reliably unwind every double spend. You might also have to unwind some other (non-double) spends too though.



newbie
Activity: 42
Merit: 0
October 06, 2014, 09:13:45 PM
The only decision you can make is to let the longest fork win and destroy instantly all the conflicting value in the shorter fork, or you can put a maximum fork length rule so that the two forks live on simultaneously and the market decides how to value them.

Congratulations you have invented Bitcoin (i.e. the first alternative here). If you have proven something novel about the broader distributed consensus problem, or fully developed a way to build something novel and useful based on the second, that might interesting.

I have solved the selfish mining attack.

Not exactly. Selfish mining is an attack on Bitcoin.

And Monero and every PoW coin.

You have constructed a different system that (may) be secure against such an the attack. That could be interesting, depending on the other tradeoffs.

The only tradeoff I see thus far is it is not compatible with opaque block chains, e.g. Cryptonote, Zerocoin, Zerocash, and coming version of Anoncoin. Bitcoin, Litecoin, Dogecoin, Darkcoin could in theory implement my system. However it would require a hard fork I believe (need to analyze that more to be 100% sure).

If you can prove that the attack is not solvable in the first case (Bitcoin) that would perhaps be an interesting result that might get you some recognition (if you can convey it effectively). Even if no acceptable solution is provided or possible.

It is proven mathematically to be a solution using the same mathematical model as in the selfish mining paper.

It is too obvious why opaque chains are fundamentally incompatible with the solution, because they cannot unwind individual double-spends.

Edit: one could argue that is it not such a big deal, because if you implement the fix in the selfish mining white paper, then Monero is resistant to anything below 25% hashrate. My fix raises that to 50% but it is incompatible with opaque block chains. However with Bitcoin pools often approaching 50% of the network hashrate, then one can argue my fix is important.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:07:12 PM
The only decision you can make is to let the longest fork win and destroy instantly all the conflicting value in the shorter fork, or you can put a maximum fork length rule so that the two forks live on simultaneously and the market decides how to value them.

Congratulations you have invented Bitcoin (i.e. the first alternative here). If you have proven something novel about the broader distributed consensus problem, or fully developed a way to build something novel and useful based on the second, that might interesting.

I have solved the selfish mining attack.

Not exactly. Selfish mining is an attack on Bitcoin. You have constructed a different system that (may) be secure against such an the attack. That could be interesting, depending on the other tradeoffs.

If you can prove that the attack is not solvable in the first case (Bitcoin) that would perhaps be an interesting result that might get you some recognition (if you can convey it effectively). Even if no acceptable solution is provided or possible.
legendary
Activity: 2968
Merit: 1198
October 06, 2014, 09:04:52 PM
Quote
limited by the dynamic headroom of the initial innovation.

i do agree with this.  however it is much more normal for genuis inventions to be ruined by lack of adoption, maintenance, and improvement than it is for inventions to be limited by technological factors they did not originally take into consideration.

in fact often it is the improvements that raise the ceiling beyond what the original invention had.  

in a specific case there are examples - but the majority of failures rest on those three things IMO

The headroom is not knowable in advance. TFM frequently contradicts himself on this. He ignores the true wisdom of the bazaar.

Quote
i feel the entire cryptocurrency world is majorly screwed

I don't know if it is screwed, but I think it is possible it is screwed in that nothing that currently exists will ultimately work an acceptable way. A stronger version of being screwed is that nothing that will work is even possible. I don't think we are there yet in either case, but only salespeople will guarantee you that neither turns out to be true. Cutting edge is equivalent to might not work at all.





newbie
Activity: 42
Merit: 0
October 06, 2014, 09:03:22 PM
The only decision you can make is to let the longest fork win and destroy instantly all the conflicting value in the shorter fork, or you can put a maximum fork length rule so that the two forks live on simultaneously and the market decides how to value them.

Congratulations you have invented Bitcoin (i.e. the first alternative here). If you have proven something novel about the broader distributed consensus problem, or fully developed a way to build something novel and useful based on the second, that might interesting.

I have solved the selfish mining attack. The solution is incompatible with opaque block chains. And I would choose the second rule once the coin had attained sufficient hashrate because network fragmentation is a very real possibility with the governments possessing internet kill switches.
member
Activity: 112
Merit: 10
October 06, 2014, 09:01:09 PM
Quote
limited by the dynamic headroom of the initial innovation.

i do agree with this.  however it is much more normal for genuis inventions to be ruined by lack of adoption, maintenance, and improvement than it is for inventions to be limited by technological factors they did not originally take into consideration.

in fact often it is the improvements that raise the ceiling beyond what the original invention had.  

in specific case there are examples - but the majority of failures rest on those three things IMO

i feel the entire cryptocurrency world is majorly screwed and nobody is for sure what will work because it's unprecedented (except for tulip bulbs & beenie babies).   So sometimes we reference technology & sometimes we reference currencies and just pull stuff out of our ass that sounds good to us at the time.  

but none of us really have a fucking clue (or that's what i feel like sometimes)
Pages:
Jump to: