Topic: I have come to the conclusion that "on chain anon" defeats the purpose. (Read 2766 times)

THIS^^^

AND THIS    V V V

Don't tell me that some of you cryptonote guys have pushed your argument to the point that barring quantum computers you are in the clear.

This is why I support Neos. I am really big on it. I have been trying to yell it from the damn rooftops if you haven't noticed me around. 

I have respect for what you are trying to do and all of your hard work. It is just dangerous. 

I'm gonna go out on a limb and put practical quantum computers in the same box with practical cold fusion and room temperature superconductors. It's happening in the next 10-20 years for the last 50 years or so.

I do have a question about this (for some fun reason I was reading a drugdealer blackmarket subbreddit the other day about bitcoin being "anonymous enough").  Is it the kind of deal where one quantum computer spends one year and breaks 3 addresses anonymity?  Or one computer spends a year and breaks the entire chain anonymity?

Cross-posting...

Irrelevant, Bitcoin doesn't put anonymity on the block chain. Please re-read my quoted point above more carefully.

With enough time and resources any thing can be cracked including Bitcoin lol

It has already been seen, you can't increase the encryption strength. Somebody stored a copy.

Maybe if there is a way to re-encrypt the whole blockchain with a stronger encryption over time, past anonymity is not endangered by computational advances. Just an idea that flew in my mind.

Interesting that I was making the same point today in private communication before I had seen your thread.

1. All crypto will be cracked eventually, it is just a matter of time. First we have key length requirements increase over time:

http://www.keylength.com/en/compare/

2. Next we have IBM's head of research for quantum computing (with a $3 billion budget) expecting that quantum computing will arrive in 10 - 15 years. All the crypto-currencies to date use crypto that can be cracked with a sufficiently powerful quantum computer. May not happen in 10 years, but eventually it will.

3. There was a recent breakthrough in math for factoring which hints at the remote possibility in the future of a potential crack of the basic math used for all existing crypto-currencies (that use elliptic curve or RSA cryptography):

http://cacm.acm.org/news/170850-french-team-invents-faster-code-breaking-algorithm/fulltext#body-3




Yes but not the same threat. Cracking ancient spent private key keys harms no one, thus no problem with keeping transactions on the block chain. Cracking ancient anonymity potentially harms up to and including everyone, thus IMO an unacceptable risk of keeping the correlation of the outputs and inputs (the anonymity mix) of a mixing transaction on the block chain.



Do investors realize that Cryptonote can't run lite clients without destroying their unlinkability, because you have to publish the "tracking key" to delegate the search for received payments if you did not download the full block chain.

But publishing that "tracking key" breaks the unlinkability:

https://cryptonote.org/whitepaper.pdf#page=8

"If Bob wants to have an audit compatible address where all incoming transaction are
linkable, he can either publish his tracking key...In both cases every person is
able to “recognize” all of Bob’s incoming transaction"


Edit: the "Trading off anonymity set size for decreased bandwidth/CPU" section in the following paper hints at a solution where only a portion of the block chain needs to be downloaded in exchange for reduced anonymity set size, but afaik this is not in Cryptonote and I did not analyze how or if it can be integrated (and off the top of my head, I think this might further reduce anonymity sets in intersection with a potential block chain pruning design for Cryptonote):

http://sourceforge.net/p/bitcoin/mailman/message/31813471/

What I'm telling you is that the same broad categories of issues you mention (i.e. "There could be a flaw") are exactly applicable to off-chain methods as well as on-chain methods. None of these have been "proven secure" and likely never will. For example, are you aware that most of the basic cryptography primitives that underlie Bitcoin or other systems have not been "proven secure." They are used because they have been analyzed to death and no fatal flaws have yet been found. That's how these things work.

Specifically on the question of off-chain anon, mixers and relays can be compromised or impersonated or sybil attacked, or subjected to timing-based attack and post-mixing, transactions can be unmixed by various forms of analysis. These are all known and demonstrated problems, plus there might well be other ones. Chain or no chain there are attack vectors and potential attack vectors. You're confused if you think one has been shown to be "more secure" (whatever that means) than the other at this juncture.

But hey, feel free to support your favorite projects, BTCD or whatever. Nothing wrong with that.

THIS below is what Im talking about, Im not making the stuff up smooth





Yes, smooth how did that turn out? It just doesn't seem as safe to me, I don't hear of anyone saying that, or devs admitting to the possibly that these issues exist in BTCD, Neos, etc.










Ok, then.

its all academic, i explained this to the Monero guys .

but as its "academic" it doesn't matter either way as long as it is "neutral"


so let me quantify that -:

i.e as long as the "on chain" aspect if "cracked" does not give away more information than if it had not existed, i.e a control system with no "Anon" features , if it does, then it is clearly flawed.

most of the time on purpose {yawn} no one cares about this stuff.

How about addressing the substance of my comments instead trying to dismiss them by way of association. I'm not trying to hide my affiliation with the Monero project (tacotime too above BTW), but it doesn't answer the question.


I'm not sure I understood that. If you are asking whether it could be rethought, my answer would be absolutely.  

If you are saying that "I have come to the conclusion" and then later add "I could be wrong" and make baseless claims about "most respected and talented developers" without any kind of source for that statement, you are throwing FUD.

My opinion is that there is no way to "come to the conclusion" without actually doing the work to build out systems and see if they hold up. That is what we are doing.

You are far from someone who is unbiased, as you are one of the main people from Monero arent you?

Smooth, I don't think you are going to give the idea of anonymous transactions ON THE CHAIN is something that people need to take a second look at.

I agree that some of the coins that are claiming anon off of the chain are nothing but mixers, but others such as BTCD, NEOS, will outlast high prices, hype, and clever marketing, and most importantly.... ATTACKS!

Oh yeah, and speaking of developers. Jl777. Yes, he does support BBR which uses on the chain anon. But he plays a much more active role in BTCD which uses off the chain anon.

Like you said, Jl777 supports BBR, so why hasn't he used CN tech on BTCD? Because it is not as safe for the end user is why.

This is what makes me think that I am not the only one that believes this.. when it comes to keeping yourself anonymous.

When you look on out past what is a good speculation tool, and what is the new flashy tech of the day, and focus on what is really going to keep users identities safe, it is your more decentralized off chain anon coins that will protect people long term.

It is precisely FUD. If you don't have actual hard facts and can specifically identify and explain an actual mechanism of failure, you are relying on Fear Uncertainty and Doubt. "yes, I could be wrong" = FUD.

Also your claim about "most anon technologies" and "most respected and talented developers" falls apart when looked at carefully. Your evidence is that you cherry picked some projects and personalities that support your premise. Even then the people you cite don't even agree, at least not unconditionally. For example, are you aware that jl777 is actively supporting BBR = on chain anonymity?

You are very naive thinking something based on sound cryptography is intrinsically less secure than something based on obscurity. If the records are ... not there... I wonder if that's an acceptable solution.

I don't care if you think those members are "known and well respected". I don't believe anyone without doing my research first.

who am I talking about jl777, AM, ya might have heard of them lol

There is one of the most respected members of the community, and one of the most respected developers right there.

That's enough for me. They know the actuall coding and technology much more than me. Enough for me to think that my take on the situation has merit. In my opinion you are completely naive to think the tech that is publicly available is more secure than tech that is not.

Let me say this again, you are completely naive to think that tech that is publicly on the public ledger to be exploited, is more secure than a technical solution that is off of the chain, and all of the records are, well NOT THERE!!

Think people, think!!! I just seems SO OBVIOUS to me. And the argument that, "well, then let's just say that Bitcoin is a danger because it's all on the chain".

That's all you CN people have? That's comparing apples to oranges, actually those are still fruit. It's like comparing apples to garbage bags.

To even suggest that ring signatures are as secure as Bitcoin's crypto security is an insult to everyones intelligence here. That just proves my point that you are playing up, and pumping something, and like it was said "playing crypto musical chairs".

Well, the point still stands. Yes, you can make a lot of money of of Bytecoin clones/forks, but just make sure you are close to a chair/exit if you stand to lose you ass when it hits the floor.

Facts people, facts. There is some opinion here, like you are naive if you believe otherwise, idk, you could be crazy, or ignorant to the truth, or caught up in a wishful thinking maze of bitcoin in your eyes.

Watch out, whos knows what day it will be, but one day the CryptoNote music will come to a dead silence.

Fact

It seems to me people here believes security through obfuscation is an acceptable solution. It has been demonstrated to be problematic in many, many cases.
Cryptography is not "just a twist". It is a sound concept, every time an hash is compromised it is considered a major achievement.
Because claiming security though obfuscation is way easier.
"I promise you I won't release your data". What technologies are you talking about?
Who are you talking about?