Topic: delete - page 44. (Read 165521 times)

I totally remember reading about that discovery in Nature or Science...oh wait, it was published on Google Groups. Such legit

the fact that myself and others am laughing at Monero and it's blatant shills does not make it more and more legit  

Unless ring signatures are qualitatively the wrong solution for anonymity. The jury is still out on this one. Needs more analysis.

One thing I don't like personally is IBM says we are 10-15 years from a quantum computer and all that anonymity history goes poof and then the government backtrack and go after all those assets that were hidden from the coming global implosion 2016 - 2032.

But not everyone even agrees with my pessimism about the next 15 years.

Also I don't trust those simultaneous equations that I showed which mixed operations over different number fields. That is entirely new cryptography and it could potentially enable some new mathematical attack at any time. There is no Diffie-Hellman refutation that has a lot of cryptanalysis.

I'd rather not put my anonymity in some unproven math on the block chain that is saved forever. Eventually there will be a quantum computer and all that will be cracked.

And we still have to see what the outcome will be on the de-anonymization and respective mitigation algorithms which are already known but not yet fully explored. Might be duds, but I doubt it.

Also although smooth claims they know how to prune ring signatures to make a better scaling blockchain, and even the algorithm I presented to them in theory does some pruning, I am not yet convinced ring signatures are congruent with the decentralization I would be aiming for. But this is very vague at this point and nothing I can really do to immediately get all the specifics enumerated.

That is several different vectors of weakness for ring signatures. I never really understood why some investors think they found the Holy Grail. We need more analysis to know how they compare against all other options.

Edit: that the spender of a ring is culpable for which public keys he mixes with, unlike other anonymity mixing methods which remove this choice and thus culpability from the spender.

I posited to NewLiberty upthread that the development of a Gordian knot would depend on the duration of such an attack.

I argue it it also qualitative because my outputs get mixed in rings without my permission. Thus I can't spend in times of such an attack without incurring the risk that my spend must be unwound. Whether I know an attack is underway is irrelevant.


I am so hungry. For example, I posited a way to continually increase the difficulty by always structuring the attackers blocks to make the fastest block solutions in the discarded 20% set, thus skewing the statistics of the hashrate. I wrote the caveat that I hadn't studied the implementation to see if this was feasible.

I posited this would cause the network hashrate to drop (because miner's profits depends on difficulty) thus increasing the attackers % of the network hashrate.

Btw, the selfish mining white paper shows the math for this effect, so you've just opened a window to make it easier with less hashrate. You can work through the equations there. I suppose 20% as BCX said wouldn't be far off because of my recent interaction with that math.


Exactly, and this is not meant to personalize the issue with respect to you or anyone else or Monero or any other project. Specific, well-supported and well-presented contributions are more valued than vague ones. Always and everywhere.