Topic: Official Anoncoin chat thread (including history) - page 124. (Read 530609 times)

(10:09:41 PM) yoyo: gnosis: can you explain in the wiki how you generated the raw numbezrs for UFO
(10:09:41 PM) yoyo: iirc you did the SHA on some number no?
(10:09:41 PM) yoyo: someon on reddit asked you also alincoln how to generate random number in a verifiable way
(10:09:41 PM) yoyo: I still dont know how you did choose the starting number for UFO
(10:09:41 PM) yoyo: it is very important to explain clearly where those number came from before factorization
(10:10:15 PM) Gnosis: I did it using the CHashWriter class which does double SHA-256 using the standard Bitcoin serialization method
(10:11:03 PM) Gnosis: hashing the number of UFO bits (3840) and the ufoIndex (non-negative integer identifying the UFO) and a 256-bit piece index
(10:11:33 PM) yoyo: how did you choose those input number?
(10:12:01 PM) Gnosis: https://github.com/Anoncoin/anoncoin/blob/zc/src/zerocoin/ParamGeneration.cpp#L749
(10:12:30 PM) Gnosis: out of all of these, the only slightly arbitrary choice is 3840 bits
(10:12:54 PM) Gnosis: because I noticed that Zerocoin performance got much slower when the modulus was bigger than that
(10:13:29 PM) Gnosis: so I picked 3840 because it was a multiple of 256 just smaller than where performance sharply degrades
(10:13:53 PM) yoyo: so the starting number are UFOindex and numbits? numbits = 3840?
(10:14:05 PM) Gnosis: numBits
(10:14:06 PM) Gnosis: yeah
(10:14:18 PM) yoyo: and UFOindex are 1-15?
(10:14:29 PM) Gnosis: you can compile the "ufo" program by "cd src/zerocoin && cmake . && make ufo"
(10:14:39 PM) Gnosis: that will spit out the ufo when given a ufoIndex
(10:15:01 PM) Gnosis: no, UFO index starts at 0
(10:15:39 PM) Gnosis: the way the UFO project was done, we started with indices from 0 through 12
(10:15:54 PM) Gnosis: small factors were continuously found
(10:16:12 PM) yoyo: ok hence with the prog if I input 0 and 3840 it will give the starting bignum after double sha that has factor in the table you posted about UFO?
(10:16:31 PM) Gnosis: when each factor was found, it would be removed from that UFO; if the resulting bit length was less than 90% of 3840, or if it was prime, then tht UFO was abandoned, and the next was picked
(10:17:10 PM) Gnosis: so we ended up with 13 UFOs as we started, with 0 through 15 except 5, 7, and 13
(10:17:17 PM) Gnosis: see the last image: https://imgur.com/a/288U8
(10:17:38 PM) abyss: how much comuputational power would be needed to crack the rsa-ufos
(10:18:13 PM) Gnosis: a lot
(10:18:23 PM) abyss: how much is a lot
(10:18:26 PM) Gnosis: hold on, typing longer answer:
(10:18:43 PM) yoyo: you said 8 year proc time, but say a megacomputer like deepblue or better could do how many year a day?
(10:19:03 PM) yoyo: thx gnjosis, it is clever way to generate ufo
(10:19:15 PM) yoyo: we shall explain it in wiki under trustless UFO imo
(10:19:36 PM) Gnosis: if we have a powerful attacker that can find factors by ECM up to 768 bits, and can do GNFS on numbers up to 2048 bits, then that attacker would have about a 0.2 chance of factoring each of the 13 UFOs
(10:20:36 PM) Gnosis: and about a 1 in a billion chance of factoring all, which is required to break our Zerocoin implementation
(10:20:41 PM) Gnosis: factoring 12 out of 13 is not enough
(10:20:51 PM) Gnosis: but
(10:21:06 PM) Gnosis: it's very unlikely that even the NSA would be as good as the above attacker
(10:21:08 PM) Gnosis: for years
(10:21:19 PM) Gnosis: it would take probably billions of dollars
(10:21:55 PM) abyss: so in a couple years we would adjust these to larger values?
(10:21:58 PM) Gnosis: plus improvements in hardware and algorithms
(10:22:07 PM) Gnosis: no
(10:22:13 PM) Gnosis: not a couple of years
(10:22:18 PM) Gnosis: it should be good for decades at least
(10:22:47 PM) yoyo: this 0.2 proba is it from your trial using montecarlo or is it from sanders?
(10:22:59 PM) Gnosis: yeah, my montecarlo simulation
(10:23:26 PM) yoyo: how do you know it scale the same when UFO bitsize grow up?
(10:23:57 PM) yoyo: you tried with smaller one, why bigger one would be same proba?
(10:24:00 PM) Gnosis: I scale all bits proportionally, and the probability is flat
(10:24:10 PM) yoyo: ok
(10:24:30 PM) yoyo: can you put that somewhere for review one day?
(10:24:36 PM) Gnosis: I got this idea because the Sander paper proved the probability is flat for a slightly different statement
(10:24:42 PM) yoyo: I trust this montecarlo better than a proof that i cannot understand
(10:24:52 PM) Gnosis: yes, we should
(10:24:54 PM) yoyo: but i dunno if it is standard practice in math
(10:25:12 PM) Gnosis: once ANC increases a lot in value, we should pool some to make a bounty for a mathematical proof
(10:25:17 PM) Gnosis: that puts some upper and lower bounds on the probability
(10:25:39 PM) Gnosis: I'm not good enough of a number theoretician to do that, sorry
(10:26:42 PM) Gnosis: also,
(10:27:30 PM) Gnosis: the reason why the Sander paper can be improved on (but not with proof, only Monte Carlo simulation, unfortunately) is because its definition of an unfactorizable number is too narrow
(10:27:53 PM) Gnosis: for large numbers, we have two algorithms that can be used: ECM and GNFS
(10:28:07 PM) Gnosis: ECM difficulty increases with the size of the factor to find
(10:28:20 PM) Gnosis: GNFS difficulty increases with the total size of the number
(10:29:24 PM) yoyo: ECM is what we did
(10:29:25 PM) yoyo:
(10:29:38 PM) Gnosis: the Sander paper might consider a number with three 768 bit factors to be insecure, when in fact it would be secure
(10:29:44 PM) Gnosis: yeah
(10:30:17 PM) Gnosis: the optimal strategy for an attacker is to do ECM to get all factors up to 768 bits; if the result is less than 2048 bits, then they can do GNFS
(10:31:31 PM) Gnosis: but in reality, the NSA probably can't find factors by ECM more than 350 bits, and probably can't factor numbers by GNFS greater than maybe 1300 bits
(10:32:12 PM) Gnosis: alright, I have to do some ZC work
(10:32:17 PM) Gnosis: if you ask questions, I'll see them later
(10:32:45 PM) Gnosis: somebody please update the RSA UFO wiki page with what I said
(10:33:02 PM) yoyo: thank you
(10:33:22 PM) abyss: yoyo do you have a wiki account
(10:34:45 PM) Gnosis: oh, one more thing: the purpose of the factorization we did in the RSA UFO project is to reduce the gap between what we know and what a powerful attacker (such as the NSA) knows, with regards to the factorization of the RSA UFOs we will use.

Good News, I finished the front-end for a darknet ANC/BTC exchange. I expect to have something online before the ZC mainnet

You are coming into a toxic atmosphere here, created by the two trolls, and you are doing it with what is easily mistaken for a shill account, like the two trolls. Forgive us a little suspiciousnes.

Maybe you will get indept answers from the devs, but we prefer the devs to keep working on the implementation and the privacy solutions project, not respond to every twisted hypotetichal angle of attack the two resident fuckwits manage to come up with.

ANC is not some brand new coin with a fancy roadmap and nothing to show but empty promises, glossy pictures or closed source code. It's a respected coin with a working dev-team. Read the wicki, decide if you can trust the devs, and rest in the knowledge that the implementation of the code when released will be scrutinized by the best people on the crypto-scene.

I've actually been trying to address your concerns and have been linking you to more in depth information.  Even though I'm sure you have access to Google.  No one is forced to buy, use or invest in Anoncoin.  If you don't feel happy doing so then don't, but please don't ask volunteers to help you make money.  By offering you free investment advice.  It's starting to sound like you to have an agenda like all the other recent newbie accounts recently posting in this thread.  King Canute and the waves the lot of them, but they're all obviously well funded for their endeavours.

Are you serious? Please think twice before posting this kind of bullshit.
Anoncoin has become a dictatorship?

EDIT: With this kind of post, you discredited ANC more than you pretend I do.

If you don't know the answers to my questions that is fine but there is no reason to cultivate such a harsh community here.  If people have questions about the security of zerocoin then those concerns are valid.  And it would benefit the community as a whole if people did there best to answer those questions rather than just dismissing them.  Just don't respond to my posts and hopefully one of the developers will.

Also asking for Gnosis' experience is not ridiculous.  If we treated ANC like a publicly held company then people should be explaining to the "share-holders" how the technology works and they should be answering any concerns those people bring up.  Asking for someone's work experience who is in charge of implementing a major change should not be considered trolling.

Telling investors to just do their own research and dismissing all of their concerns would just drive investors away.  I don't expect you to have the answers I'm posting concerns in the forum so hopefully someone who knows what they are talking about will respond and explain why my concerns are not a problem.  That's what I want to hear because I want zerocoin to work.  But you responding to everyone's concerns and telling them to go away helps no one.

If you don't know the answers to my questions that is fine but there is no reason to cultivate such a harsh community here.  If people have questions about the security of zerocoin then those concerns are valid.  And it would benefit the community as a whole if people did there best to answer those questions rather than just dismissing them.  Just don't respond to my posts and hopefully one of the developers will.

Also asking for Gnosis' experience is not ridiculous.  If we treated ANC like a publicly held company then people should be explaining to the "share-holders" how the technology works and they should be answering any concerns those people bring up.  Asking for someone's work experience who is in charge of implementing a major change should not be considered trolling.

Telling investors to just do their own research and dismissing all of their concerns would just drive investors away.  I don't expect you to have the answers I'm posting concerns in the forum so hopefully someone who knows what they are talking about will respond and explain why my concerns are not a problem.  That's what I want to hear because I want zerocoin to work.  But you responding to everyone's concerns and telling them to go away helps no one.

All the information is in the wiki if you don't understand it either don't trust it or do your own research. 

This actually isn't a brand new account I made it back in june.  And if you look on reddit I use the same username to ask a lot of questions about a lot of different cryptocurrencies.

No of course I don't feel qualified to do a peer review that is why I am asking if it has been peer reviewed.  The community is here is terrible.  I'm legitimately and fairly wondering if someone also had 8 core years of time if they could find the factorization (seeing as it took us 8 core years of time to get N).

People here should be answering as best as possible people's concerns rather than just ignoring them.  It will help more people feel comfortable and realize they want to buy in.

Oh look another brand new account?  Read the Anoncoin wiki on the matter - https://wiki.anoncoin.net/RSA_UFO#Zerocoin_accumulators - If you don't understand that then that's not my fault and I don't have to try and expalin it all to you nor do you don't have to trust Anoncoin.  The RSA UFO's are a way to initiate the accumulator - https://wiki.anoncoin.net/Cryptographic_accumulator - in a trustless matter.  Anyone could have took part in the RSA UFO generation.

About the peer review why don't you do it or do you not feel qualified.  I'm pretty sure ANC's ZC will get stress tested to the max once it's been released.  There'll be some pretty major hacker bragging rights to anyone who can break it.  Like the guy behind this site - http://www.coinjoinsudoku.com - who aims to have an app to break Blockchain.info shared-coin mixer soon.  And then probably using the same or very similar technique to break the Darkcoin mixer.  That linked site author said he aims to have a review up soon on all anonymous transaction techniques.  Just like the old saying 'If it can be made it can be copied' also 'If it can be broke then someone will break it'.

Rather than people just saying "troll!" I'd like someone (preferably a developer or someone with experience) to actually respond to the accusations that RSA UFO's aren't secure.  I don't know enough about cryptography but are RSA's points valid?  Also, if it took 8 core years to come up with the RSA UFO's couldn't another group do the same thing? If they did the same thing couldn't they factor N to get the prime numbers? That's what I don't understand.

Has the whitepaper been peer reviewed yet?

hi all, just to inform that I've setup this wiki page:
https://wiki.anoncoin.net/Anonymity_of_cryptocurrencies

It needs a lot of editing and improving but we can do that and have a proper reference page about the anonymous coins jungle I hope...

For those who don't have an account on the wiki, or cant ask for one, feel free to post corrections or additionnal info here, I'll add that to the wiki later.

Also english is not my mother language so there's bad grammar and spelling mistakes, and I have to give credit to user entertheabyss from which I stole some words to fill the second part of the wiki page.  

One has (had) to pay 1000 DarkCoin cost to set up a MasterNode (1 darkcoin was nearly 10 USD when Darkcoin was most popular). Developpers' philosophy is to literally sell the abality to run Masternodes at high price, so they're more difficult to compromise...

If you guys, read my last posts and try to understand my allegations, you will see that I'm not here to troll but to help Anoncoin for the long run. I don't care about PumpnDump.
The greatest paradox is that you all want an anonymous currency because you don't trust the current banking system but at the same time you give your complete trust in Gnosis.

The RSA-UFO is a nonsense and I will explain you why in two different kind of views.
1) In simple words, the RSA problem is the possibility of reversing the encryption function. Source: http://en.wikipedia.org/wiki/RSA_problem
To make things more difficult, Gnosis removed the small factors with the RSA-UFO project to increase the probability to have two large prime numbers but all is based on probabilities and actual computational capabilities. It will be just a question of time to someone break these 13 RSA UFOs and generate infinite ANC. Source: https://wiki.anoncoin.net/RSA_UFO
I know Gnosis alleged that he will generate long RSA-UFOs to avoid this problem but the computational capabilities evolve very fast and we can't create a strong system based on probabilities and assumptions.

2) Ok, now I consider that you trust the RSA encryption and you believe it would take decades to break. But what if Gnosis genereate these 13 RSA-UFOs by himself to know the two prime factors P and Q?
There is no way to setup the accumulators without trusting someone (in our case Gnosis). Gnosis can tell us he will use the trustless RSA-UFO system to generate the 13 RSA-UFOs but we can't be sure that he will really use it. If he generate them by himself, he will be able to create infinite ANC from nothing. I don't think it's necessary to explain the consequences of such an event.

Even if you trust in the good faith of Gnosis, there is an high risk to let an inexperienced person do this work. If there is any mistake or if he don't destroy correctly and physically all datas about this generation, someone could use it against ANC in the future and totally discredit or destroy ANC.

In conclusion, the implementation of zerocoin is doomed to failure because of the problems I described.
For a strong future, ANC have much more to improve than implement Zerocoin like I said in my last post: https://bitcointalksearch.org/topic/official-anoncoin-chat-thread-including-history-227287

Now, if the only things sheep care is the PumpnDump to make dollars, then good luck and be fast because when people will realize, the dump will be hard.

EDIT: @ WDL: Yes I'm concerned to the ANC project because I hold still a big quantity of ANC.
EDIT2: If you don't trust me, ask Meeh. I know he agreed with these facts about RSA and Gnosis. Meeh is certainly able to create his own white paper and add a real anonymous value to ANC.

Plus I've posted a thread on this new exhanges forum - http://community.coldcryptos.com/threads/please-add-anoncoin.354 - by the guys behind The Multi Coin Tipping App - https://www.whitepuma.net/multitipping - about adding Anoncoin to their exchange.  If anyone wants to follow or add to the thread.

Yep, rsa_ufo_attack more or less made it plain where he's coming from.