Topic: delete - page 82. (Read 165547 times)
Wish that's all of these will be behind soon, and monero dev could work on the final GUI and the DB !! (eat my RAM
are not English
I'm using google translator
easier the translation
if I divide
phrases
I'm using google translator
easier the translation
if I divide
phrases
TheFascistMind is a good idea
but the remerge
I think it can be implemented
inserting in the source code if
if a node have at some point on
blocks different from those of other nodes
to download the different blocks and
automatically do block + block
in a short time all nodes will settle
and transactions that occurred in the original blockchain
and fork
are all valid
and not
there will be
a double expense
but the remerge
I think it can be implemented
inserting in the source code if
if a node have at some point on
blocks different from those of other nodes
to download the different blocks and
automatically do block + block
in a short time all nodes will settle
and transactions that occurred in the original blockchain
and fork
are all valid
and not
there will be
a double expense
Just One Question: Why the hell are you typing like that?
TheFascistMind is a good idea
but the remerge
I think it can be implemented
inserting in the source code if
if a node have at some point on
blocks different from those of other nodes
to download the different blocks and
automatically do block + block
in a short time all nodes will settle
and transactions that occurred in the original blockchain
and fork
are all valid
and not
there will be
a double expense
but the remerge
I think it can be implemented
inserting in the source code if
if a node have at some point on
blocks different from those of other nodes
to download the different blocks and
automatically do block + block
in a short time all nodes will settle
and transactions that occurred in the original blockchain
and fork
are all valid
and not
there will be
a double expense
...I did also write up my summary in this thread of some ways to think about the TW attack and mitigation, which expounds a bit I guess on what I hadn't read before writing that.
Those are good readings for historical perspective, but code has moved forward since then too.
The KGW is not in play on XMR, even though it still has fast difficulty adjustment. As you probably know, it uses a net-difficulty metric for chain length not just size or depth for determination and has incorporated 20% anomaly dropping in the difficulty algo (which was not in the original KGW) across a sliding window of 720 blocks. One of the TW risks is the differentiation time required between chains of different length. We want that fast or immediate, as well as accurate. Checkpointing is the historical solution, but with respect to Bitcoin, it has heretofore been developer dependent.
What we may likely to get from the recent TW threat is some even better decentralized solutions to such threats. Really cool stuff if they can pull it off...
Here is a novel idea for you from my private research think tank of one person hehe.
When the network is presented with 2 chains which forked such a long time ago, my insight is this is equivalent to what will happen with a temporarily fragmented internet. Thus my private designs have focused on making a coin that can re-merge itself, rather than chose one chain or the other.
Edit: some insight into what I was thinking can be gleamed from the discussion in the thread "The Longest Chain Rule...".
TheFascistMind, from my far outsiders perspective, you've done a great service here....likely far in excess of any financial reward you received.
I don't want to overstate my role. There are other developers working hard behind the scenes who don't get credit. Someone offered me an additional 5 BTC but I said it could go to those developers working behind the scenes such as to build the simulation to test my pseudocode.
We are not yet sure if anything I contributed is actually a viable attack. I reasonably strongly think so for the de-anonymization and mitigation I provided, but until they build a simulation we probably won't know. The math ideas were really just quickies and not too much effort applied (maybe an hour or two total). I did also write up my summary in this thread of some ways to think about the TW attack and mitigation, which expounds a bit I guess on what I hadn't read before writing that.
I have already received 2.5 BTC from smooth as a preliminary payment, I assume until they can verify with simulation.
Responding to his PM, I also gave jl777 my initial feedback on his Teleport anonymization in a PM. I am waiting on him to describe some of it to me better, so I could analyze more specifically and give specific suggestions, if any. My upthread post about offchain anonymity coins was not intended to say they are necessarily worse than one-time ring signatures on the block chain. I was saying we need more quantified understanding of how these methods compare. And hoping the developers of those coins will produce whitepapers that explain the specifics and do so in a way I can understand. So far the only offchain anonymity whitepaper I've seen which gives a lot of specifics is the one from jl777, but I can't really understand it. Maybe it is just me. For example, there are terms used as as "cloned" which are not defined, or at least I didn't see the definitions in that wall of text. Darkcoin's specifics were last time I checked some months ago buried in the discussion thread. I had formed an understanding, they since refined the design to do premixing, which I commented on in rpietila Altcoin observer thread. The problem with all this piecemeal analysis spread all over the place is it is not collected in one coherent whitepaper for investors to read.
If this coin is vulnerable to one guy living in his parent's basement then it deserves to go down in flames. I agree with others on here, I want as many people attacking this coin now as possible so we can improve and strengthen it before it gets more widely adopted. Any short term price drop is nothing compared to the long term gains that will come from having a secure and robust solution for the future.
All this has done so far is bring more attention to the coin and if indeed there is no way to attack it then the value has increased. Which leads the question, Was this the desired result in the first place?
I've said this since day one and the majority called me a troll...
You're the one who provoked him to attack to begin with...troll.
All this has done so far is bring more attention to the coin and if indeed there is no way to attack it then the value has increased. Which leads the question, Was this the desired result in the first place?
I've said this since day one and the majority called me a troll...
All this has done so far is bring more attention to the coin and if indeed there is no way to attack it then the value has increased. Which leads the question, Was this the desired result in the first place?
yes it does. I doubt BCX is a genius like at your level.
BCX was never the issue.
Getting this right is the issue, and always was.
As crypto evolves, there are much bigger boogiemen, this is just a fire drill.
Absolutely this. And again, TheFascistMind, from my far outsiders perspective, you've done a great service here....likely far in excess of any financial reward you received.
Many, many thanks to the MEW group and devs. Crypto is still a new technology and the space is evolving and immature. I appreciate the way that you've handled everything so far.
I consider crypto highly speculative and I only approach it with risk capital...capital I can afford to lose completely. I'm invested in your team and I consider you all to be advancing the cause greatly. Consider me one of the silent majority. I'm not a whale by any stretch of the imagination. I might be more likely to become one, though, based on the response I've seen.
That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Note this doesn't really apply to a widescale attack by a single attacker. Rather if it is valid, then it means senders can steal back what they sent to you if they can de-anonymize you and they can rewind the chain, which isn't likely.
But there is any easy fix all of you could do now. Go send your CN coins to yourself at a new address. Then you are both the sender and the recipient.
That is why I said I upthread I wasn't too concerned about this additional insight.
Whoops. I am mistaken. Sending the coins to yourself doesn't help, if the attacker can rewind the chain. And if the math is broken this could be done widespread by a single attacker, because every spend he does infects that coin downstream every where it goes, assuming he can rewind the blockchain with a TW or 51% attack.
But that is no worse than double-spending the coin in conjunction with a blockchain rewind, so (even if that math is broken) that isn't really a new vulnerability.
Only the two eqs. with unknowns q and x remains as potential new vulnerability.
That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Note this doesn't really apply to a widescale attack by a single attacker. Rather if it is valid, then it means senders can steal back what they sent to you if they can de-anonymize you and they can rewind the chain, which isn't likely.
But there is any easy fix all of you could do now. Go send your CN coins to yourself at a new address. Then you are both the sender and the recipient.
That is why I said I upthread I wasn't too concerned about this additional insight.
Whoops. I am mistaken. Sending the coins to yourself doesn't help, if the attacker can rewind the chain. And if the math is broken this could be done widespread by a single attacker, because every spend he does infects that coin downstream every where it goes, assuming he can rewind the blockchain with a TW or 51% attack.
That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Note this doesn't really apply to a widescale attack by a single attacker. Rather if it is valid, then it means senders can steal back what they sent to you if they can de-anonymize you and they can rewind the chain, which isn't likely.
But there is any easy fix all of you could do now. Go send your CN coins to yourself at a new address. Then you are both the sender and the recipient.
That is why I said I upthread I wasn't too concerned about this additional insight.
However, there is still the prior insight where we have two equations and two unknowns x and q.
yes it does. I doubt BCX is a genius like at your level.
BCX was never the issue.
Getting this right is the issue, and always was.
As crypto evolves, there are much bigger boogiemen, this is just a fire drill.
That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Just checked. Apparently I was too sleepy when I messaged smooth (and probably multitasking too). I sent him the wrong equation. Mea culpa.
https://bitcointalksearch.org/topic/m.8942201
x = Hs(aR) + b, so as P = xG
Attacker could possibly know Hs(aR).
x = Hs(aR) + b, so as P = xG
Attacker could possibly know Hs(aR).
But you'd think the mathematicians would take a look at page 7 of the whitepaper and figure out the attacker knows the symmetrical equation.
yes it does. I doubt BCX is a genius
I have no comment on that. I won't speculate further about that. My role was only to help find any potential vulnerabilities in order to strengthen CN.
Jump to: