Topic: Official Anoncoin chat thread (including history) - page 122. (Read 530660 times)

Thanks for clearing all that up!

Was going to stay out of this bickering but something is definitely rotten here.

A lot of anonymous coins are coming out.
Most of the newer ones are both 'trustless' and do not involve introducing new variables that could serve as back doors.

So many people here are trying to force others to trust Anoncoin and Zerocoin. I do not trust it. I do not trust the pushy people trying to confuse others with big words. It looks like a tag team wrestling show. A lot of fake arguments to sell tickets.

Some expert needs to look into this and find out what is going on. And by expert I don't mean the bs experts on this thread.

Okay, you're right. Pick any timespan you want, say, one year. A powerful attacker would be one that can find factors by ECM up to 768 bits and factor numbers up to 2048 bits by GNFS in one year. Such an attacker would then have a ~20% chance of factoring any one of those UFOs in that timespan. Assuming the capacity does not change, in 13 years, the attacker would have had a 1 in a billion chance of factoring all of them, because the attacker would have had enough time to be able to try all 13 in that time. Does that make sense?

Again, I should point out that this attacker would be far beyond what even the NSA is likely to be able to do for decades.


Yes, with a software upgrade (a hard fork). The new software would require that all newly minted zerocoins use the new UFO set. We give everyone, say, a one year deadline to mint all zerocoins in the old UFO set back into ANC (obviously it should be announced repeatedly, in as many places online as possible), and after that year, zerocoins can only be spent from the new UFO set.

If in 10 years we are worried about someone breaking the all of the UFOs is it possible to upgrade the ZC implementation to use a new larger set of UFOs?

Can you ellaborate how you concluded the chance of factorization of a single UFO by an extremely powerful attacker is ~20%? To me a probability only makes sense if you take the variable time into account. How can a powerful attacker have a ~20% chance of factorization spending either 1 day or 1 year of computing power trying to factorize the number?

Recently, I received 250 ANC from yoyo and a matching 250 ANC from TheKoziTwo, so this lets me work full time through October 18.  Since I am scheduled to start the testnet with Zerocoin on October 15 at the latest, this means I can work full time until the testnet launch and for 3 days after, to fix any problems that may appear. Thanks!!!

Anyway, I just wanted to clear up some confusion here about the RSA UFOs: users will be able to know that I do not have the complete factorization because the UFOs were produced by hashing with a cryptographically secure hash function (SHA-256, which is used everywhere in Bitcoin, Litecoin, Anoncoin, etc.). Small factors were found and removed in the UFO project. So the procedure to generate the complete RSA UFOs is 1) create the 13 "raw" UFOs by hashing, and 2) divide out the small factors found in the UFO project. This is performed not only by the UFO clients and server, but also will be performed on startup by all Anoncoin wallet software. The code is already there to do this.

Also, there is not one UFO, but 13 UFOs; to be valid, a coin must be accumulated in all of them. Using Monte Carlo simulations, I have found that there is a ~20% chance that any one of them can be factored by an extremely powerful attacker. This means that the probability of all 13 UFOs being factored by an extremely powerful attacker is about 1 in a billion -- and note that it would take factoring all of them to be able to forge zerocoins. My definition of "extremely powerful attacker" is one that can remove factors by the Elliptic Curve Method (ECM) up to 768 bits and can factor numbers up to 2048 bits using the Generalized Number Field Sieve (GNFS). This is far beyond what anybody is likely to be able to do for many decades.

@Gnosis - wow quick response & sounded to me, like the right place to look too.

@AnonCoinTwitter - Ya agree, it's just difficult when more than 1/2 the posts are from those whom wish the project to fail.

Hi, it looks like none of us replied to you yet. Sorry about that.

So the problem is that some Cryptsy transactions are not being relayed, but they are valid if in a block, correct?

I can look at the transaction relaying logic in the Anoncoin code to see what exactly is responsible for this. Could you please give me a transaction that is relayed and a transaction that is not relayed (both hex-encoded)?

I think it is fine to ask technical questions in this forum. However please be respectful of others whenever possible.

New potential investors will read this page (especially as we approach Zerocoin launch) and we want to give the best possible impression.

Many questions can already be answered by the Wiki page:
https://wiki.anoncoin.net/Anoncoin_Wiki

Thank you for merging inputs.

Over what transaction size is there an issue? Is the size (in terms of # of ANC involved) at all relevant for the deposits or withdrawals getting stuck? Or is it purely a matter of transaction size?

We still don't really know what's going on right?  Transactions are not being incorporated into blocks for some unknown reason?  Are you sure it's related to transaction size?  If so what is the largest txn you can make before it becomes an issue?

I agree fixing this issue with anc should be a priority. Nothing else needs to be done on cryptsys end. The issue seems to be getting sidelined.... Ill continue to merge inputs to reduce tx sizes until they get it resolved

Excuse me for being blunt, but you really don't know what you are talking about it. If N was chosen using Sanders method of generating RSA UFOs, there is no way that anyone could know the factorization of N. Since we are using Sander generated RSA UFOs for N, which are generated in a deterministic way, and since the number N can be verified in the code and by miners, there is no way that Gnosis could know its factorization, and there is no way that Gnosis could forge zerocoin proofs. This is what makes Zerocoin trustless.

What part don't you understand? I think that this is crystal clear.

After doing some researching on wiki this coin seems promising.

The source code and the data from the RSA UFO factorisation can be verified that they were correctly implemented in a trustless manner.  Once it's all been made opensource in the next few weeks.  So any arguments claiming it to be a scam are moot until then.

Building a hard to factor number without knowing its factorization - https://crypto.stackexchange.com/questions/9191/building-a-hard-to-factor-number-without-knowing-its-factorization

Efficient accumulators without trapdoor extended abstract - http://link.springer.com/chapter/10.1007%2F978-3-540-47942-0_21#page-1

But, even if Gnosis had an alternative set of RSA UFOs, these wouldn't work with Zerocoin. The ZC mint transactions use the agreed upon value of N (the rsa ufo), and the spend transaction uses the same value of N. Miners verify that this is done correctly. There is no back door.

he live in a box   , with 40W panel  

https://bitcointalksearch.org/topic/official-anoncoin-chat-thread-including-history-227287

I didn't agree with you and that.
I said you need to trust Gnosis that the source code is legit when you can't read it.

It's a different thing.

Yes, we need to know if Gnosis holds the factors (or if he is able to) - you are right by saying that this would be a major major threat.
But you need to understand that by generating by hashing the only way to know the complete factorization is to factorize it.

EDIT: If you don't understand it, and you feel there is too few sources to explain it to you, PM Gnosis. This is getting ridiculous really, you make too much of a fuzz because you have a lack of understanding it, it even seems like you don't want to. So like I said, PM Gnosis or read into the source, that's important for you.

1 - We used the source code to do so.
2 - He used "hashing"