Pages:
Author

Topic: delete - page 44. (Read 165538 times)

legendary
Activity: 2968
Merit: 1198
October 03, 2014, 11:54:02 PM
my recipient has lost his funds.

Yes this is what happens in a double spend scenario

Quote
What if I've died, moved on, lost my private key, etc.. I can't reissue the transaction.

Then you are a small edge case, especially for plausible fork lengths, and even more especially for plausible fork lengths given regular checkpoints (as in Bitcoin and every other reasonable coin). Given the possibility of forks (even normal ones transient ones) you always need to be prepared to reissue your transaction for some reasonable period of time.

The far more likely cases are that: 1) nothing happens, or 2) you simply see the coins back in your wallet and resend them.

Smooth I am sorry you didn't read yesterday's discussion I had with NewLiberty. I refuse to repeat the same discussion again.

Checkpoints are an illusion given a sustained attacker. Once the attackers' chain get mixed up with enough important transactions, you will have users screaming bloody murder if you try to unwind them.

You entirely dismiss the concept of time. Ding dong!

"Hey I sold out of XMR when I saw the attack underway and I got out before the stampede in the price, and I damn well don't agree to clawback of my fiat from Polonoxious to the current miniscule price".

As I said, one way or another, one chain (fork) will survive. Users on the other chain may scream bloody murder, but arguing with math will get you nowhere.

As for what happens with their fiat, that will be between them and their exchange. Exchanges deal with hacks, coin bugs, etc. Its part of the terrain. Some survive it, some don't.


newbie
Activity: 42
Merit: 0
October 03, 2014, 11:52:34 PM
my recipient has lost his funds.

Yes this is what happens in a double spend scenario

Quote
What if I've died, moved on, lost my private key, etc.. I can't reissue the transaction.

Then you are a small edge case, especially for plausible fork lengths, and even more especially for plausible fork lengths given regular checkpoints (as in Bitcoin and every other reasonable coin). Given the possibility of forks (even normal ones transient ones) you always need to be prepared to reissue your transaction for some reasonable period of time.

The far more likely cases are that: 1) nothing happens, or 2) you simply see the coins back in your wallet and resend them.

Smooth I am sorry you didn't read yesterday's discussion I had with NewLiberty. I refuse to repeat the same discussion again.

Checkpoints are an illusion given a sustained attacker. Once the attackers' chain get mixed up with enough important transactions, you will have users screaming bloody murder if you try to unwind them.

You entirely dismiss the concept of time. Ding dong!

"Hey I sold out of XMR when I saw the attack underway and I got out before the stampede in the price, and I damn well don't agree to clawback of my fiat from Polonoxious to the current miniscule price".

Once consensus is sufficiently violated, it is possible you may never get it back again or at least it will be tough slog.
legendary
Activity: 2968
Merit: 1198
October 03, 2014, 11:48:00 PM
my recipient has lost his funds.

Yes this is what happens in a double spend scenario

Quote
What if I've died, moved on, lost my private key, etc.. I can't reissue the transaction.

Then you are a small edge case, especially for plausible fork lengths, and even more especially for plausible fork lengths given regular checkpoints (as in Bitcoin and every other reasonable coin). Given the possibility of forks (even normal ones transient ones) you always need to be prepared to reissue your transaction for some reasonable period of time.

The far more likely cases are that: 1) nothing happens, or 2) you simply see the coins back in your wallet and resend them.

Quote
And please don't equate with waiting for 6 confirmations

I didn't. I said sufficient. That is a judgement call for the recipient to make. 6 is just a default number from Bitcoin but it really means nothing other than the output of a particular probabilistic model from Satoshi's paper, as you correctly explained. Recipients have to make their own judgements when dealing with blockchain technologies. Transactions are never really "final" they are just "final enough." Normal forks and accidental forks (due to software bugs) and deliberately-created forks and double spend attacks are all possibilities to consider, and all have happened before.



legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 03, 2014, 11:45:37 PM
isn't it interesting what guys here go out of their way to avoid saying anything on Monero topics ? (with their Main accounts)
just look around you will see what i mean Wink
newbie
Activity: 42
Merit: 0
October 03, 2014, 11:44:05 PM
You're not getting it. The concept of a non-transparent blockchain precludes there being "bad" outputs. There is, in general, no-deanonymiziing (certainly no assurance of it) and just outputs (coins) and transactions.

That is my point. With mixing on the block chain, there is no way to rollback just the double-spends if they get extensively mixed in with the legitimate transactions. Thus I do have to fear that when I spend, it can be unwound and that is me doing a double-spend, because my recipient has lost his funds. What if I've died, moved on, lost or discarded my private key, etc.. I can't reissue the transaction.

And on chain mixing could in theory much more amplify this potential Gordian knot.

And please don't equate with waiting for 6 confirmations as you did upthread. Different risk category when we are talking about an extended duration fork attack.
legendary
Activity: 2968
Merit: 1198
October 03, 2014, 11:38:35 PM
Whether your output is included in a mix makes no difference to your ability to spend it.

Try re-reading what I wrote.

Hint: I was referring to when bad transactions mix with the same outputs as I do, thus if you can't de-anonymize, then my transaction gets mixed with the double-spent outputs even though neither I (nor my prior trace of coin history) did double-spend.

You're not getting it. The concept of a non-transparent blockchain precludes there being "bad" outputs. There is, in general, no-deanonymiziing (certainly no assurance of it) and just outputs (coins) and transactions.

You have nothing to fear from spending on a doomed fork, because either nothing at all happens (transcation ends up being executed on both forks -- some of this happened after the malleable block attack last month), or you will get your coins back. Recipients have everything to fear from receiving on a doomed fork, because they may very well lose their coins. That is just the same as any other coin, unless recipients are pinning their hopes on some kind of targeted rollback and/or freeze on "bad" coins. That would be quite foolish (in addition to being not even possible in many cases on a non-transparent blockchain, and even transparent blockchains in a lot of cases).

The concept of good outputs and bad outputs exist only in theory on transparent blockchains anyway. For example, after the recent Nxt hack there was a proposal to freeze or unwind the hacked coins by creating a fork (not sure which as I don't really follow Nxt). A version of the code that enforces that was released and some people adopted it. However, ultimately it was rejected by the community and that fork died, so the "bad" coins stayed where they are.

This is by design. You can't have strong fungibility if people can pick and choose good and bad coins. There are simply coins and transactions, with the surviving fork (whatever that is) deciding where they go.


newbie
Activity: 42
Merit: 0
October 03, 2014, 11:30:06 PM
Whether your output is included in a mix makes no difference to your ability to spend it.

Try re-reading what I wrote.

Hint: I was referring to when bad transactions mix with the same outputs as I do, thus if you can't de-anonymize, then my transaction gets mixed with the double-spent outputs even though neither I (nor my prior trace of coin history) did double-spend.

I can fix that by mixing with no outputs other than mine, thus no anonymity.

I suppose this applies to any form of transaction mixing, not just ring signatures. And it is just a risk of mixing with more outputs increasing the risk of mixing with a double-spend.

Perhaps a difference is if I am sure I am mixing with very old outputs that are unlikely to be double-spent, then another bad transaction mixing with those plus some that are double-spent, I am thinking you can't remove me from the bad set in some convoluted hierarchal scenarios.

Edit: the more I think about it, it is applicable to any form of block chain mixing in transactions, not just ring signatures. The greater your anonymity set, the greater the risk of dominoes cascade of double-spends into your transaction.
newbie
Activity: 42
Merit: 0
October 03, 2014, 11:26:27 PM
I am so hungry. For example, I posited a way to continually increase the difficulty by always structuring the attackers blocks to make the fastest block solutions in the discarded 20% set, thus skewing the statistics of the hashrate. I wrote the caveat that I hadn't studied the implementation to see if this was feasible.

Structured how? Specifically.

According to the statistics used to choose the 20% set, and given the loose rules about the timestamps the attacker can put on his blocks. Again I said I didn't study the implementation to see if the actual calculation can be so gamed. It is just a conceptual point.

If the code was something I could quickly wrap my head around, I would have looked at it. I have not seen the algorithm used described in sufficient detail, like most things in Cryptonote, you have to go look at spaghetti code instead.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 03, 2014, 11:17:43 PM
Auroracoin (which btw rpietila invested in

He suggests that he didn't. What is your evidence?

Even though I was interested in this before the great pump in March (and would have made up to 100x gains if I had bought), now it is in a "following" mode after crashing back. If I moved to Iceland, I would probably start using it. Not an unconditional "sell" though.

Okay I thought he had because it seemed like he was very interested, but I did tell him that it had the wrong distribution model thus couldn't be anything other than a pump and dump. I had assumed he sold on the way up and wasn't left holding the bag, but now I learn he never bought.

Anyone that even considered Auroracoin loses credibility in my mind.

damn straight !

problem = most idiots in crypto want dem lambo's
and they will gladly buy into any faggy CancerHead ISIS Pedophile baby Rapist Corrupt Scam IPO/ICO Angel Invested Crowd Funded Coin ..... as long as they turn a profit.
i know because ALL the well known fuckers in this scene have told this to my face word for fucking word on here and on cryptsy chat for a year+ now !
i won't bother naming names (you know who you ALL are)
does this sound familiar idiots ?
ya but but i made 4 Bitcoin of "it"

exactly and you fucking destroyed the scene and reduced it to a laughing stock.. crypto-nigerian schemes !
where do all those new guys flooding back in OCT/NOV/DEC 2013 go ?
seem the amount of new guys tapered off and even worse many cashed out dropping prices and LEFT !!!!

Look in the mirror excuse makers.. all you did was make corrupt shit holes like Cryptsy and scammy pool operators money with fee's !
oh and you fucked up the whole scene and made Bitcoin look like shit in the process.. congrats guys LOL
your soooooo brilliant  Roll Eyes

don't mind me carry on with your Monero Genius Mensa talk.. maybe throw around some impressive big words and math calculations
that should lure in the retards to BUY Monero coins with Bitcoin so you can pad your Bitcoin Wallets LOL
I can see some of you are bending over backwards here on this topic with that whole routine ahahhaa
anti-FUD engineered with a mathmatical elyptical curve to calculate the quantum profit margins of the Monero Billion dollar Economy!








Summary ?

Scam coin.

move along.. nothing to see here.



- so there you have it.. my opinion (the correct one)
newbie
Activity: 42
Merit: 0
October 03, 2014, 11:17:02 PM
Whether your output is included in a mix makes no difference to your ability to spend it.

Try re-reading what I wrote.
legendary
Activity: 2968
Merit: 1198
October 03, 2014, 11:14:36 PM
I argue it it also qualitative because my outputs get mixed in rings without my permission. Thus I can't spend in times of such an attack without incurring the risk that my spend must be unwound. Whether I know an attack is underway is irrelevant.

This is not how it works. Whether your output is included in a mix makes no difference to your ability to spend it. In fact, you wouldn't even notice either my use of your output or the unwind of my use of your output. It wouldn't affect your transaction at all, nor would the presence of absence of my use of your output as a mix affect your ability to spend now or in the future. You have nothing to fear.

There is one case where it makes a difference. If you spend using my output as a mix, and my output disappears, then your transaction becomes invalid (on the other fork), but you still have your coins. You still have nothing to fear from this situation, though the recipient, as always, needs to fear a double spend attack in the case of a chain fork. In this case a small number of innocent bystanders may have the opportunity to double spend, although that doesn't guarantee they would do it. In practice many would just a assume some sort of glitch caused the transaction to not go through and resend it.

More vague uncertainty and doubt without some sort of positive statement.

I have described a specific set of steps for an algorithm upthread.

I missed that. Please quote it or summarize it.

I am so hungry. For example, I posited a way to continually increase the difficulty by always structuring the attackers blocks to make the fastest block solutions in the discarded 20% set, thus skewing the statistics of the hashrate. I wrote the caveat that I hadn't studied the implementation to see if this was feasible.

Structured how? Specifically.

Specific, well-supported and well-presented contributions are more valued than vague ones. Always and everywhere.

I agree they are valued, but I entirely disagree they are universally more valuable in every case. Sometimes just the inkling of an incredibly powerful idea is more valuable to me than some implementation of something.

I am 100% sure you agree there are such cases.

Such cases exist. Unfortunately they often are ignored because they don't rise above the noise floor. This is not only not specific to the "culture" of Monero but it is rational and universal and necessary to communicate in a noisy environment. You can't control the noise floor, you can only control the strength of your signal. Please increase it.

Quote
Will see if something comes to me later

Now we are getting somewhere (maybe).

legendary
Activity: 3136
Merit: 1116
October 03, 2014, 11:13:32 PM
You are correct that if our best known algorithms are impractical to implement with current resources, it doesn't mean there isn't any possible algorithm that will. But here I want to take you back to my discovery about the edge of the universe. I was toying around with the duality of the Bottom and Top type in the two difference classes of programming languages and it made me realize that time and the universe is co-inductive and thus the finality or edge is indeterminate, which is analogous to undecidable in the Halting problem.

I totally remember reading about that discovery in Nature or Science...oh wait, it was published on Google Groups. Such legit Tongue
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 03, 2014, 11:05:50 PM
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
October 03, 2014, 11:03:33 PM
You Monero Shills REALLY get off taking credit for Cryptonote don't you ?
In case people don't know Cryptonote was a coin cloning "Platform" designed to make cloning coins easier..
Monero is simply one of many !

There's usually no such thing as bad publicity, however I think in this case, the Monero shills have created an exception to this rule.

Many people I speak to in Crypto are starting to dislike Monero because of all the sock-puppet accounts, whomever is funding this Jihad went too far.

Funny, I see the opposite. All the sockpuppets and retards attacking it are giving it more legitimacy I've seen this thing attacked 3 times (IIRC) since I started watching it and it hasn't faltered.

I'd say the FUd is failing. A minor price drop is nothing more than the weak hands pissing themselves and they will regret it soon enough and buy back in at a loss.

This thread has become a joke.

the fact that myself and others am laughing at Monero and it's blatant shills does not make it more and more legit  Roll Eyes
newbie
Activity: 42
Merit: 0
October 03, 2014, 10:56:53 PM
A minor price drop is nothing more than the weak hands pissing themselves and they will regret it soon enough and buy back in at a loss.

This thread has become a joke.

Unless ring signatures are qualitatively the wrong solution for anonymity. The jury is still out on this one. Needs more analysis.

One thing I don't like personally is IBM says we are 10-15 years from a quantum computer and all that anonymity history goes poof and then the government backtrack and go after all those assets that were hidden from the coming global implosion 2016 - 2032.

But not everyone even agrees with my pessimism about the next 15 years.

Also I don't trust those simultaneous equations that I showed which mixed operations over different number fields. That is entirely new cryptography and it could potentially enable some new mathematical attack at any time. There is no Diffie-Hellman refutation that has a lot of cryptanalysis.

I'd rather not put my anonymity in some unproven math on the block chain that is saved forever. Eventually there will be a quantum computer and all that will be cracked.

And we still have to see what the outcome will be on the de-anonymization and respective mitigation algorithms which are already known but not yet fully explored. Might be duds, but I doubt it.

Also although smooth claims they know how to prune ring signatures to make a better scaling blockchain, and even the algorithm I presented to them in theory does some pruning, I am not yet convinced ring signatures are congruent with the decentralization I would be aiming for. But this is very vague at this point and nothing I can really do to immediately get all the specifics enumerated.

That is several different vectors of weakness for ring signatures. I never really understood why some investors think they found the Holy Grail. We need more analysis to know how they compare against all other options.

Edit: that the spender of a ring is culpable for which public keys he mixes with, unlike other anonymity mixing methods which remove this choice and thus culpability from the spender.
newbie
Activity: 42
Merit: 0
October 03, 2014, 10:49:04 PM
Certainly ring sigs don't automatically cause massive numbers of otherwise-unrelated transactions to suddenly depend on a rejected fork, especially if the fork is of limited duration. Granted there are slightly more dependencies, but that is quantitative difference not a qualitative one.

I posited to NewLiberty upthread that the development of a Gordian knot would depend on the duration of such an attack.

I argue it it also qualitative because my outputs get mixed in rings without my permission. Thus I can't spend in times of such an attack without incurring the risk that my spend must be unwound. Whether I know an attack is underway is irrelevant.

Quote
Quote
Quote
3. Non-Cryptonote coins do not have throw away 20% of the timestamp information upon difficulty adjustment. I know you think the vulnerability I have broad-sketched above is not sufficiently detailed to warrant any concern, but nevertheless this is a risk that doesn't exist in other coins.

More vague uncertainty and doubt without some sort of positive statement.

I have described a specific set of steps for an algorithm upthread.

I missed that. Please quote it or summarize it.

I am so hungry. For example, I posited a way to continually increase the difficulty by always structuring the attackers blocks to make the fastest block solutions in the discarded 20% set, thus skewing the statistics of the hashrate. I wrote the caveat that I hadn't studied the implementation to see if this was feasible.

I posited this would cause the network hashrate to drop (because miner's profits depends on difficulty) thus increasing the attackers % of the network hashrate.

Btw, the selfish mining white paper shows the math for this effect, so you've just opened a window to make it easier with less hashrate. You can work through the equations there. I suppose 20% as BCX said wouldn't be far off because of my recent interaction with that math.

You actually did this in describing the existence of stronger-than-MRL-0001 deanonymation attack (though not its scope and practical effect).

Oh I see you are recognizing that. Thanks.

Exactly, and this is not meant to personalize the issue with respect to you or anyone else or Monero or any other project. Specific, well-supported and well-presented contributions are more valued than vague ones. Always and everywhere.

I agree they are valued, but I entirely disagree they are universally more valuable in every case. Sometimes just the inkling of an incredibly powerful idea is more valuable to me than some implementation of something.

I am 100% sure you agree there are such cases.

Quote
It is very intuitive to me mathematically that you've got aliasing error in your difficult adjustment.

Show a specific example (or more general mathematical proof, but I'm guessing that proof-by-example might be easiest here).

Too hungry. Will see if something comes to me later.
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
October 03, 2014, 10:32:12 PM
Auroracoin (which btw rpietila invested in

He suggests that he didn't. What is your evidence?

Even though I was interested in this before the great pump in March (and would have made up to 100x gains if I had bought), now it is in a "following" mode after crashing back. If I moved to Iceland, I would probably start using it. Not an unconditional "sell" though.

Okay I thought he had because it seemed like he was very interested, but I did tell him that it had the wrong distribution model thus couldn't be anything other than a pump and dump. I had assumed he sold on the way up and wasn't left holding the bag, but now I learn he never bought.

Anyone that even considered Auroracoin loses credibility in my mind.

Even those hot Icelandic bitches named Somebodysdottir?


Haha... They get a free get out of jail card. Wink
legendary
Activity: 1638
Merit: 1001
October 03, 2014, 10:23:16 PM
Auroracoin (which btw rpietila invested in

He suggests that he didn't. What is your evidence?

Even though I was interested in this before the great pump in March (and would have made up to 100x gains if I had bought), now it is in a "following" mode after crashing back. If I moved to Iceland, I would probably start using it. Not an unconditional "sell" though.

Okay I thought he had because it seemed like he was very interested, but I did tell him that it had the wrong distribution model thus couldn't be anything other than a pump and dump. I had assumed he sold on the way up and wasn't left holding the bag, but now I learn he never bought.

Anyone that even considered Auroracoin loses credibility in my mind.

Even those hot Icelandic bitches named Somebodysdottir?
legendary
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
October 03, 2014, 10:20:08 PM
Auroracoin (which btw rpietila invested in

He suggests that he didn't. What is your evidence?

Even though I was interested in this before the great pump in March (and would have made up to 100x gains if I had bought), now it is in a "following" mode after crashing back. If I moved to Iceland, I would probably start using it. Not an unconditional "sell" though.

Okay I thought he had because it seemed like he was very interested, but I did tell him that it had the wrong distribution model thus couldn't be anything other than a pump and dump. I had assumed he sold on the way up and wasn't left holding the bag, but now I learn he never bought.

Anyone that even considered Auroracoin loses credibility in my mind.
newbie
Activity: 42
Merit: 0
October 03, 2014, 10:10:58 PM
Auroracoin (which btw rpietila invested in

He suggests that he didn't. What is your evidence?

Even though I was interested in this before the great pump in March (and would have made up to 100x gains if I had bought), now it is in a "following" mode after crashing back. If I moved to Iceland, I would probably start using it. Not an unconditional "sell" though.

Okay I thought he had because it seemed like he was very interested, but I did tell him that it had the wrong distribution model thus couldn't be anything other than a pump and dump. I had assumed he sold on the way up and wasn't left holding the bag, but now I learn he never bought.
Pages:
Jump to: