Topic: Official Anoncoin chat thread (including history) - page 147. (Read 530660 times)

Which makes me think perhaps it would be best to not post developments on github before the definite release of zerocoin, seeing as a lot of moochers will be ready to copy paste the goods.

The ring-signatures technique of Cryptonote coins currently offers the best transaction anonymity available.  While the Zerocoin protocol should potentially offer even stronger anonymity they do say "a bird in the hand is worth two in the bush".  Also these multiple other Zerocoin attempts are they following Anoncoin's lead with the zero proof of knowledge technique.  Or have they not got to that stage yet and just plan on ripping Anoncoin developments straight off like a script.

If the coin was to go for a myriad of seven chains then I would prefer two ASIC chains.  With both SHA256 and Scrypt then three GPU chains NeoScrypt, Lyra2 and Myr Groestle or Skein (which ever had a larger networked coin to AuXPoW with).  Then two CPU chains of Cryptonight (Monero) and Primecoin.  An attacker would then need to control four of the AuXPoW chains to cause major problems.

Edit:  Although seven AuxPoW chains may spread new coin distribution too thin on the ground?  In hindsight a myriad of the three AuXPoW chains of Lyra2 (Vertcoin), NeoScrypt (Feathercoin) and either Myr Groestle or Skein (which ever had a larger networked coin to AuXPoW with) is my favorite option.  Although moving over to AuxPoW with Litecoin is probably the quickest and easiest solution for now.  Then possibly just Lyra2 (Vertcoin) and NeoScrypt (Feathercoin) AuXPoW can be added to make a myriad.  As not taking into account X11 then those two networks are probably the largest GPU biased networks.  So more network strength would be gained with the AuxPoW.

Check the stats of large Monero pools like this releativelly small Monero pool for example - https://minergate.com - One user with almost 70kH/s and ten users all above 6kH/s.  While large botnets don't even need to use pools as they can solo mine on each node in the botnet while the sum of their work would be enough to solo mine easily.  As ten-thousand nodes hashing at 10H/s (say on a CPU's that could max 100H/s on average if dedicated) will find the same amount of blocks as one node hashing at 100kH/s.

I have some good news: I will be working on Zerocoin full time at least until October 1, and possibly after. Since I started this, I have been working on ZC part time, which meant very slow progress. Also, I underestimated the size of the project, so deadlines got pushed back. Estimating the time to finish a software project is hard in any case, so that partly explains the uncertainty.  I am reluctant to give another deadline, but I know you all are clamoring for trustless anonymous money, so in 2 weeks, I'll give an accurate estimate of when I'm done. I will also give regular updates on my progress (every few days or so). One thing is for certain: this will go much faster now!

Also, we have experienced some blockchain "turbulence" recently. I am working with Meeh and K1773R to address this and make sure that blocks come in regularly and that the network is more resistent to all sorts of attacks.

Lastly, I wanted to give an update on the UFO project: it is ongoing and will finish on September 15, when ANC rewards will be issued and the server source will be published to our Github. The largest factor found so far is 143551628346878317311308640667091515671003679, which is 45 digits (147 bits).  For some perspective, the world record for factors found using this method is 78 digits (though for all we know, the NSA/GCHQ/$spook_agency have factored larger ones...). I'd like to thank all the participants for contributing their CPU core-months (core-years, in some cases) to this project -- this effort was essential for creating a trustless Zerocoin implementation using RSA UFOs.

Can you please show two or three example, where this could/was be seen?

And please define "lots" so we understand, what you mean.

Every type of algo has it flaw. What is nice with the myriad is the possibility to include five different algos so the inherent flaws somehow equilibrate.

I think we shall go to one ASIC oriented algo (scrypt), two or three GPU aimed algo such as Lyra2 and Myr Groestl for instance and finally one or two CPU aimed algo such as cryptonight or prime-constellation (http://riecoin.org/faq.html#pow). Five algo is good with 1 pro-ASIC, 2 pro-GPU, 2 pro-CPU.

Also Cuckoo cycle looks interesting for a CPU algo too https://bitcointalksearch.org/topic/cuckoo-cycle-speed-challenge-2500-in-bounties-707879

If cuckoo was ready seven algo could even be possible in the myriad: one ASIC (scrypt), three GPU (Lyra2, Myr Groestl, Skein...), three CPU (cryptonight, prime-constellation, cuckoo)... network will be very resistant also meeh like the number 7

I would not put a multi-algo algorithm such as X11 or quark. For once because it is more heavy verification time-wise, second it does not bring anything new over single-POW algorithm (in contrast to a myriad like implementation ofc), third one of the algo can be flawed and the POW will be too, fourth as the miner in public domain are not optimized there are big player that can use custom miner to have more benefit, fifth there are FPGA raping X11 right now, sixth it was made by Eduffield and remind of darkshit.

BTW look what an optimised miner could do to unsuspecting miner using the non-optimized one http://da-data.blogspot.de/2014/08/minting-money-with-monero-and-cpu.html. I never understood why people prefer to use un-optimized miner thinking it economize their energy bill, this is retarded.

1% POS maybe, I am not sure, but no more. Indeed i am afraid it will incentive people to keep coin in ANC instead of in ZC, reducing anonimity set. This one has to be thought about if it is really needed or if the myriad is enough for network security. I would prefer a pure POW if possible.

CPU-only as to now: http://cpucoinlist.com/cryptocurrency-algorithms/

With the myriad the network will not be down for days anymore even if one of the algo is undergoing an attack

If you look at Monero pools you'll see lots of miners with hashrates equivalent to 20,000 CPU cores and more and it wouldn't be profitable for people to buy or rent that many CPU cores.  So they're very likely using stolen processor cycles from infected computers that are controlled within a botnet.  Some large botnets can control the resources of up to a million infected computers without the legal owners of those computers even knowing.  These botnets get to use the spare CPU cycles and memory of the infected computers.  So adopting the cryptonight hashing algo would mean handing over the overwhelming majority of all newly hashed coins to a few small groups of criminals.  Going with a GPU biased hashing algo would give dedicated miners an advantage over the criminal owners of botnets.  Although if Anoncoin or the coins it merge-mines with within a myriad become very valuable.  Then botnets will still target GPU biased coins just that GPU miners will have an upper hand.  As even Bitcoin was still plagued by botnets in its GPU days at times.  The only way to truly avoid the botnet problem is to use ASIC's.  The only thing is though is that GPU's are more readily available to anyone who wishes to contribute to the network.  A lot of people and especially the cryptocoin types will already have GPU's that they can use to hash with.  While someone new to the game would find it a lot easier to buy or build a PC with a GPU fitted.  
PoW is supposed to be about fairly sharing the hashed coins to miners who help secure the network.  While the more individual miners a chain has then the more people who have a stake in that coins future.  So therefore more fanboys to help evangelise the benefits of the coins.  I'd suppose going ASIC would be fairer than going CPU only well at least it's stop criminals controlling the majority of the supply of all new coins.

So the problem is that the CPU power of the botnets would be comparable to the CPU power of all normal Anoncoin miners? A lot of miners dump their coins as well, so I don't know if that would really make much of a difference on the price.

Centralization. One entitiy in control of a huge portion of the hashrate. But as long as they don't have insentive to attack the network it will not be any problem. On the other side, botnets will dump the coins so you will get more supply on the exchanges then you might have had with a more desentralised network with more miners wanting to hold their coins.

Could you describe what the problem with botnets is? I am admitedly ignorant here, but from what I understand, this is not a big deal.

Going with Cryptonight Monero AuxPoW would just be handing all the newly hashed coins over to botnet 'owners'.  Having a GPU friendly hashing algorithm helps to keep the botnets away to a larger extent.  Vertcoin is planning on changing to the Lyra2 hashing algorithm.  Which will be GPU friendly plus the Vertcoin core dev team are committed to do what it takes to avoid ASIC centralisation.  Also there's soon to be Feathercoin's new NeoScrypt algo which should also be GPU friendly.  Then there's Darkcoin's X11 hashing algo which is GPU biased as well.  There's three GPU friendly hashing algorithms.  Scrypt merged-mining with Litecoin would be the quickest and easiest solution for now to secure the network.  While the myriad could be added in later.

Peercoin is interesting in that it promotes the running of full nodes through staking.  Which in turn helps to avoid the dangers of the likes of Sybil attacks.  Although as stated Peercoin is of course inflationary in nature with no hard cap on the total amount of coins to be issued.

Hey there. You are 100% correct about zerocash. There is a major risk that the security keys could be compromised, and the worst part is that no one would even know it. This will be a major impediment to it being adopted.

However, Anoncoin is not implementing zerocash: They are implementing zerocoin, and the two are not the same. A very brief description of the differences between the two is given here: https://wiki.anoncoin.net/Zerocash.

I think that when you look into this in just a little more detail, that you will find there is no risk in zerocoin. The question is actually very simple. Zerocoin needs to generate a number N that is equal to the product of two prime numbers P and Q, all while not divulging P or Q to anyone, including the person that pick the number N. It turns out that you can in fact do this. Yes, the proof is a little technical (see Sander 1999), but it is not controversial. Zero-knowledge proofs are not controversial either, this is all well established, and if you have a bit of patience, you should be able to grasp the basics in this article: https://wiki.anoncoin.net/Zero-knowledge_proof

Lastly, ring signatures are good, but they do not really offer "anonymity". I think that this is the best on the market right now. However, how many signatures contribute to the ring signature? The probability of guessing who sent the transaction is simply 1 divided by this number.

Valid arguments

The risk of creating unlimited coins exist aslong its not properly implemented or there is a failure @ creating the RSA UFO. I wouldnt prefer zerocash because its centralized and those ppl can create unlimited coins w/o proof they did, which unlike in Zerocoin isnt the case.
Only after its implemented and tested we will know more about this, otherwise it will be only theoretical. Nobody said you have to buy ANC and use ZC. If you/we/whoever isnt willing learn from mistakes and dares to make mistakes, then we all would get really really stupid.

Good to see some well done criticism!

Ok, as an example let's consider ring signatures. A solution that provides cryptographically guaranteed anonymity without the risk of keys that can create unlimited coins. Who in their right mind would prefer Zerocoin/Zerocash? Let's use a gas tank in a car as an analogy. Would you prefer a gas tank that has a hole, which has a metal plate welded over it, or one without any hole to begin with? The metal plate should theoretically prevent leaks, but who would choose it over a tank with no hole to begin with?

If you dont understand something and if your scared, dont blame it on the technology. This is your fault after all.

find a solution without any loopholes and be a millionaire. It will happen later than sooner. The Idea of Zerocoin and Zerocash is at last a big step forward.

Not touching a currency utilizing zero knowledge proofs with a ten foot pole is a great deal while touching any other Coin / Virtual currency. ^^

Not stuck, craptsy created "invalid" TXs which are against the rules to be included in blocks by default, probably due to greed so they can pay less fee. For the BTC network this works as other ppl do the same as i do.
Also i dont really have that much hashrate, so it takes a while.
Currently there are 84 unconfirmed TXs, il continue to create those blocks until all the TXs are gone.
For the future, stop using craptsy, i wont do this over and over again becase they are too stupid and violate the basic rules.

PS: i have your unconfirmed TX, therefore it will be sooner or later included into one of my blocks.

Like I said, other solutions won't have any doubts regarding loopholes . I wouldn't touch any currency utilizing zero knowledge proofs with a ten foot pole.

lol, what are you shilling for? Anoncoin is using RSA-UFO for a 100% trustless setup.

Source:
- https://wiki.anoncoin.net/RSA_UFO
- http://f3.tiera.ru/2/Cs_Computer%20science/CsLn_Lecture%20notes/I/Information%20and%20Communication%20Security,%202%20conf.,%20ICICS%2799(LNCS1726,%20Springer,%201999)(ISBN%203540666826)(334s)_CsLn_.pdf
- https://github.com/Anoncoin/ufo_client