Topic: delete - page 42. (Read 165547 times)

smooth corrected me by quoting where rpietila posted that he had changed his mind and didn't invest in Auroracoin.

I was nearly certain he was going to invest and assumed his did. I was pretty strongly against investing in it.

I was providing evidence that 'shrill' and 'supporter' have become confusing for readers to discern.

I was under the impression that rpietila only invested in XMR and BTC.

Can you link or post PMs that prove your claim?

"evidence" with no proof that it is evidence at all....

Sorry try again.

The cost is charged to all customers of the exchange, whereas in the vendors case it is only charged to the last single bagholder holding that specific coin.



Mathematically can't get exponential growth of mixing without exponential growth of overlap, unless the supply of transaction outputs is also growing exponentially (which since outputs have to be same sized I think implies unless coin money supply is growing exponentially and/or velocity is falling exponentially). Any way, I have not formalized that and I am not going to. You guys are invested in ring signatures and thus you need to know.



No only a ring > 1 input ban, i.e. ban on anonymity.


Some specifics have been provided.

I never heard of dedicated and concerned developers that expected everything to be handed to them on a silver platter in completely polished form so they don't have to do any work.

Only doing the work and proving out everything will convince more people. There are no shortcuts. Even if I go away, I am not the cause of the price moving one direction or the other. Even rpietila would agree I have no impact on the price.

If XMR had responded to BCX's points about the quick difficulty readjustment and 20% discard with a whitepaper about such issues and the Cryptonote solution, then I would be more impressed.

I have been writing my own whitepaper over these days about issues that were raised in this thread.


There will always be new coins mined that are not yet mixed with anything. I already made that point once. Thus the entire coin is never banned unless new coin rewards have stopped (but then the coin will be dead anyway according to my theory).

You keep repeating your point that authorities won't blacklist because it blacklists the entire coin. And I keep making the point that they don't care. If you fuck with their control over money, they will do anything they can effectively do, even probably taking us to nuclear war if it will achieve their aims. Rather you have to think more in terms of what they can and can't do operatively, not what you think they can't do because you think it is unreasonable.

Also orthogonally you repeatedly ignore the point that I am not convinced you can have that widespread mixing without having de-anonymization on a large scale. We need my algorithm to be tested so we can know. If that is not a high priority for you all, then fine. I am stating my opinions.


Again you ignore ongoing coin rewards (otherwise coin is dead) and de-anonymization (by my algorithm and also users that volunteer their passwords in exchange for an agreement to unlock their coins from the blacklist). Thus the real pinch point is if the authorities control the mining.

Since how many months have I been stating that I don't think anonymity mixing on the block chain is the killer feature that drives a coin to be #2 or #1. I don't think fungibility can be protected that way, but rather the choke point is the control over mining.


I could claim similarly about your posts. I think it is the nature of debate.

The Gordian knot problem remains interesting to me because it suggests an avenue of protocol improvement making CN more robust.
It presents a special case of managing a transaction where some ring signer (such as may result from a coinbase spend) is not valid due it being on a fork-to-be-orphaned, but the transaction ought be valid.

There is already some buttressing for this (in that fresh block rewards are unspendable for a good number of blocks).  Which in practicality, amounts to a race between miners fixing checkpoints, and block rewards becoming spendable (this is the case for all coins not just CN, XMR however has a leg up in these races because no recompile is needed for the checkpoints).

This is a distinction without an ultimate difference, most certainly to the affected party. You buy (or sell) socks, you get (or give) the socks, and coins end up other than with the person who sold the socks, then someone is screwed. Such a person doesn't really care about unallocated pools and other technicalities. If one person ends up with socks and coins, then double spending has occurred, and this is equally a potential problem on traceable and untraceable chains given chain forks and hash rate based attacks.


I wasn't referring to overlapping at all, just the exponential growth of mixes. If one recipient mixes with 5 others and each of those mixes with 5 others, even if there is no overlap, then after a relatively small number of steps, a huge number of coins become mixed. (In fact wouldn't reduced overlap speed this up?) It is entirely possible that somewhere down in this wide swath of mixing, the original apparent owner has moved his coins somewhere far away on the chain before the original outputs were blacklisted, rendering the blacklist invisibly ineffective. But even if not, the number of outputs included in the downstream set is large enough that attempting to impose some tracing-based blacklist becomes equivalent to to a coin ban.

More study is always needed, but again we are back to "there might be a flaw." Yes there might be. Anywhere and everywhere. Provide actual analysis or just continue to make these vague sweeping generalities that signify nothing.


Not if the mixing occurred before the blacklisting. Thus the point that blacklisting is only relevant to fungibility if it occurs in a very narrow time window. Once the horse (and his DNA) is out of the barn, there is no turning back.

The original coins can possibly be blacklisted (though as you point out this depends on control over miners and other systemwide considerations) and with identical caveats people can be prevented from mixing with the original coins again, but an effect on fungibility of previous spends of those coins is impractical.


If I had to guess I would speculate something to do with the signal-to-noise issue I referenced earlier.

yes that is too much to ask..
don't try and stiflle and encroach on my creativity and my masterful insights !
Satan gave me a gift and i intend on using it ..i've got my mouth to feed dammit !
when your this good at Crypto they call you Spoetnik

so why not share the mystique and allure that is Spoetnik with all ?

anyway i can't keep my "opinions" to my self because my opinions are truths read the Spoetnik'isms carefully !
the truth is everywhere and the truth is me.. i am in the believers hearts !
the crypto-church of Spoetnik is the one true way.. the path to righteousness.
i implore you all to let Spoetnik into your hearts and let Spoetnik lead you to salvation
i can help you crypto-sinners but you must have faith in my ways, Spoetnik works in mysterious ways
be free and multiply my crypto believers !
And remember Spoetnik loves you all  

Would you keeping your opinions to yourself from now on be too much to ask?

Incorrect. The distinction is an exchange acts (by its Terms Of Service) as an unallocated pool for all participants thus it warrants that every coin in the pool is fungible, whereas without explicit anonymity mixing a vendor spends a traceable coin on a transparent block chain and the trail of culpability stays only with that coin, not mixed with all the other coins spent to that vendor.


I am contemplating you imply effectively that rings may so radically cross-mixed that blacklisting anything blacklists everything.

Note the algorithm I did for the bounty. If that algorithm is worthy, then appears to be the mixing is going need to be much less overlapping otherwise anonymity is lost. So we might discover that blacklisting is viable for Cryptonote because either we mitigate which means less ring overlap, or some of the rings are de-anonymized.

Thus I maintain, "the jury is out, we need more study".


A significant feature of ring signatures is the spender decides (i.e. has autonomy of) what to mix with, thus the authorities can make the spenders culpable for mixing with blacklisted anonymity sets. If blacklisting one coin blacklists the entire block chain then as new coins are mined, spenders might choose not to mix them at all.

If we are speculating, then heck the US Justice department is attacking UBS and the entire nation of Switzerland, surely they aren't afraid to attack all the users of a $5 million market cap anonymous coin, or even all the users of a $10 billion market cap coin.

This is why I stated upthread IMO the key issue is what can the authorities actually enforce. If the miners are too decentralized and anonymous (and note mining is not even anonymous in XMR) and spenders have no control over whom they mix with, who will the authorities attack?

I thought about it in April when rpietila first asked me about Bitmonero, and I liked the non-simultaneity (autonomy) and the cryptographic clarity (e.g. no dubiously underspecified DRK masternodes, but which has hence potentially become muddled, but jury is out), but every other aspect I disliked about ring signatures (as I enumerated upthread). Now with the algorithm I presented for the bounty, I am thinking the spender is not even fully autonomous to choose the public keys in his/her ring, but we don't have yet a working characterization of that algorithm thus, "the jury is out, we need more study".


Correct.


I've already covered my proposed solution to this in detail in the Longest Chain Rule thread in the Developers subforum. I don't want to repeat what I've already argued there about how to handle forks. Apparently gmaxell disagreed with me, but he refused to tell me why. Also I've done some additional thinking about that hence, but my thoughts are not loaded in my mind at the moment and I don't want to go digging right now.

Your funny LOL

and the rest of you as usual still babbling on with complicated nonsense i say too bad you didn't invest all your mensa caliber genius into a coin worth while  

because after all you got my opinion on Monero (the Correct one) what more do you want ?