Topic: rpietila Altcoin Observer - page 101. (Read 387551 times)

Concur this must be done. But it is not sufficient by itself to solve all the issues it targets.

https://github.com/jl777/privateNXT

So is this just a vanilla CryptoNote fork? What does it have to do with NXT? How is this implementing ring signatures in to NXT?

Or is it just the same type of thing that's happening with "BitcoinDark"? Name the product after something established to imply association?

I haven't looked at that in detail for what he is proposing specifically for NXT (not since he was promising to implement Zerocoin on NXT several months ago), but I think the following will shed some light on anything James writes.

He appears to be a prolific coder, so I am not insinuating that he can't help. However, I read (most of) his long, rambling whitepaper on his proposed convoluted and bizarre (and unpublished?) Telepods and Hyperspace for anonymity (the naming is adolescent), and he hasn't even dealt with fundamental issues such as denial-of-service and scaling. It appears he is trying to create a high-latency Chaum mix-net (but apparently doesn't even know that), so refer to our upthread discussion of the issues with low-latency Chaum mix-nets such as Tor and I2P.

It will take him many months to find all the holes and go back to the design drawing board to deal with them. In the end, let's see what kind of spaghetti he ends up with given he didn't have a holistic understanding from the beginning of his design.

Thus I wasn't surprised when I was searching for information on James' "decentralized" exchange (which I concurred upthread is not decentralized) and I stumbled onto this post...

At least he knows he doesn't know and that he must stumble into the rabbit hole and then dig himself out when he realizes there are so many holes in what he is implementing now...

https://bitcointalksearch.org/topic/m.7882465

I read the whitepaper, although I struggled to get through the ridiculous analogies that seem shoe-horned to fit with the "pirate" metaphor instead of being suited to task. Oh, and the lack of references by footnote is extremely frustrating (an appendix of reading material is not a footnote).

He acknowledges that the ring signature implementation in Monero "'is absolutely spectacular’ and the advances it offers groundbreaking". I do think he misses the point when he claims that "weak correlations are still possible", as ring signatures in Monero are combined with always-on stealth addresses. Thus, practically speaking, his example of 1.23 RingCoins if sent with a mixin of 15 would not actually just have 15 ring signatures. It would be 15 for each output, thus a total group for that transaction of 45 signatures, and unless you can crack the stealth addresses (ie. brute-force a 256-bit hash, which would take more energy than exists in the universe to crack just 1) for at least 42 of the signatures you simply have no way of knowing which of those signatures is real and which are fake. Even if you did know which was real by some miracle, you still only have the stealthed destination and not the actual address. Those outputs will be used in future both in ring signatures and in an actual transaction, but since there is no way of knowing if an output is real or not it will forever be considered unspent (spends at mixin=0 notwithstanding). Therefore, even weak correlations are not possible due to the combination of stealth addresses and ring signatures.

His main criticism of CryptoNote is that the blockchain bloat causes the Monero blockchain to be "an order of magnitude" larger than Bitcoin's. The first problem with the criticism is that it he uses completely incorrect numbers. He uses the actual Bitcoin blockchain data, but then for Monero he uses it's current on-disk size. Currently, the Monero blockchain is stored in an inefficient, duplicated, flat format. It is vaguely analogous to storing your holiday snaps in BMP instead of high quality JPG - the BMPs will take up a significantly larger amount of storage space for no appreciable advantage. We are moving Monero's blockchain to an embedded database precisely to solve this. If you use the actual blockchain data then you will find that, on average, excluding the dust transactions that came from pools earlier in Monero's history, the blockchain is 5.5x linearly larger than Bitcoin's (10x larger, or a single order of magnitude, only occurs if you include the early dust transactions). That means that in 3-5 years, ostensibly, if Monero has the same reach as Bitcoin and has achieved the same level of traction we should see the blockchain at around 110gb, hardly a figure to write home about when you consider that the majority of users will use web wallets and thin clients, and those that choose to run full nodes will most assuredly have 110gb of free space.

Beyond that, the lack of commonly accepted cryptographic terms makes it exceedingly difficult to understand what he's trying to achieve. There is no problem with making a term up, as long as it is thoroughly explained before use in the rest of the paper, but using the term "hyperspace" in a technical paper that has nothing to do with space travel just makes it illegible. Finally, anything that relies on "privacy servers" operated by amateurs volunteers will end up relying on a ridiculously small group of servers to not be compromised. That these servers are meant to be run by "anyone" on a VPS shows a distinct lack of understanding of the threat model. If Tor's exit nodes can be similarly attacked to find the location of SR's server (which they did, and then they compelled data centres in Latvia, Sweden, and Romania to hand over a copy of the data on the server - and since they had physical access to the server on-disk encryption would be irrelevant since they can just access data that is unencrypted in-memory) then you can bet that anything reliant on a group of servers for privacy is doomed to failure. Relying on a group of servers for convenience (eg. Electrum) is a vastly different exercise, this should never be relied upon for privacy.

https://github.com/jl777/pNXT

I assume when he says "cryptonote tech" he means ring signatures. But he also says that he's developing a "cryptonote fork" that will add anon features to NXT??? I'm not an expert but isn't that like saying I'm developing a XCN fork that will add a mini-blockchain to Bitcoin? It just doesn't work like that, right? I'm confused.

Theres no Whitepaper, a Whitepaper would have references but the footnotes aren´t even linked to the text above them...
So far it has nothing, i personally can´t understand how you can advertise with something that doesn´t even exist and people pump their money in, but each on their own.

Not using cryptonote and not hot air. Read the paper before commenting please.

This two sentences seems fairly full of impossible.

https://bitcointalksearch.org/topic/btcd-is-no-more-684090

and

https://bitcointalk.org/index.php?topic=684090.740

That coin Bitcoindark, doesn't have any privacy features, they plan to copy off of Cryptonote(doubt they will even do that, everything theyve said has just been hot air) , the following is a quite from one of the dev team members for Bitcoindark from the second link

"I am part of BTCD community now and I happen to be developing a cryptonote fork to add anon features to NXT. It turns out that my methods should apply to BTCD also. I will be working on integrating cryptonote tech into BTCD, but it is more than "just" cryptonote anon tech as I am also making my solution include a near realtime exchange (InstantDEX) so people can directly trade just by running the coin."

Gavin is very much on the right track here. I find it really interesting that he carefully laying the ground work in order to address the real issue that Bitcoin faces namely the 1 MB blocksize limit.

Not coinjoin: https://www.mirrorcreator.com/files/0G9JRRFF/jl777-Teleport-DarkPaper.doc_links

https://gist.github.com/gavinandresen/e20c3b5a1d4b97f79ac2

Thoughts?

AnonyMint, can you please comment on Open Transactions (OT) http://opentransactions.org/wiki/index.php?title=Main_Page if you are familiar with it, in the context of decentralized exchange? In OT every asset has its unique ID and trade pair is obtained by XORing their pair of IDs, if i remember correctly. OT server then uses bitmessage to "publish" any order, see e.g. https://bitcointalk.org/index.php?topic=212490.360

Couple more links about it:
http://www.reddit.com/r/Bitcoin/comments/1vqrt9/open_transactions_is_coming_of_age/
http://opentransactions.org/forum/index.php?topic=3759.0

OT uses servers, the term should be changed probably as it implies something centralized. Hypothetically, if every node of some Coin network runs OT "server" (with pairs including that Coin) there is nothing centralized in that.

EDIT: intro on OT & BM: http://www.open-transactions.com/2013/06/interview-open-transactions-bitmessage.html

Hehe now I know you are probably immersed in coding, because you dropped the 'an' as I often drop words that I read in my head by forget to type, because I am distracted.

BTCD is Bitcoin Dark. I suspect (it, hehe) is CoinJoin. Haven't bothered to look closely.

It is altcoin. Not related to Bitcoin except using the name in an arguably deceptive way. That alone should probably tell you something.

Can anyone explain me in simple english what the hell is BTCD? is it somehow connected to BTC or just pump/dump altcoin?

Ah I said I wasn't reentering the thread, the slippery slope of the best intentions of mice and men... (I still want to depart for a while)


I hope this is fair, objective, impartial...

(disclosure: can't be 100% sure because I could possibly be a competitor to all of these, yet due to the ability to borrow ideas from open source I might also be a contributor)

Work in progress, maybe 'good enough' near-term in Cryptonote's (Monero, BlueBoolberry, etc) case for solving one aspect of anonymity. For example, one-time ring signatures is progress and is useable (thus has market value NOW) but is a step backwards on scaling (which may present a problem with centralization of mining in the not near-term FUTURE), at least in its current form. But Bitcoin mining is already centralized, so it is not a future we don't already have. DarkCoin (CoinJoin) is progress because although the masternodes can be Sybil attacked (see smooth's comments upthread for clear logic on this likelihood), you might assume you have a better chance with a plurality of master nodes that they are not all compromised than if you wanted to mix your coins with the uncertainty of potential Sybil attacks on Bitcoin employing Tor or I2P with a just a few master mixers such as bitcoinfog. DarkCoin appears to also add a scaling problem that didn't exist before on Bitcoin because there is either the simultaneity dilemma or the blockchain bloat of their premixing.

The bullet list comparison I provided is upthread.

Whereas, Cryptonite solves a FUTURE problem with blockchain bloat that no one needs NOW and which is only a constant factor improvement over the potential to prune Bitcoin (which maybe can't be done most efficiently without a fork), unless you can argue that the current blockchain size is the reason Bitcoin is centralized with one or two pools controlling > 50% of the hashrate, which doesn't appear to be the main reason.

I believe the above statements are an accurate summary of the upthread discussion (at least from my perspective). Hope that helps.

---

My comment is necessarily highly technical. If anyone thinks they can reword so laymen can more easily understand, please do.

Afaics, the insoluble problem with collateral held in escrow is that a decentralized protocol can't hold a private key, because everyone could see it. Thus for any funds to be held in escrow, there must be a centralized controller, i.e. a server.

Agreed as I wrote previously, tx fees can be sent to the ether, but the insoluble problem remains that the tx fees can also be DoS'ed or trolled because it is a two (or multiple) step process for each party to the exchange to commit their tx fees.

In summary in the analogous abstract with trading cross-chain assets there is an inverted 'race condition' on who pays last and the 'semaphore' or 'mutex' needed to resolve with infinitesimal delay is centralized control. Decentralized atomicity is achieved only with a non-zero delay, which thus opens to DoS attack.

There is a similar thing to the NXT gateway for CounterParty -- http://www.vennd.io/


Obviously all native counterparty assets can be escrowed by the protocol automatically, atomicity is guaranteed but for trades against native counterparty assets and btc you have the trolling or DoS problems you speak of. They have come up with a few solutions but none have been ideal, What they are looking at doing now is using collaterised orders, where the seller must hold a small amount of a reserve token. The protocol will take a floating amount of that token on and award that to the buyer if they default on their BTCpay (proportionally based on amount of filled order) .

I think MSC sends fixed amount to their genesis address on every trade. You can pay tx fee to miners, but then pool-ops and such are in a advantaged position.It doesn't seem so hard to send to an obviously unspendable address though, unless I'm getting something wrong.

Anonymint ..

We are so focused on the appearances and remiss on analysis of the functionality.

So, in your opinion, do any of the current crop of anonymous coins offer a 'good enough' solution
or is it still a 'work in progress' ??

Triff ..

According to game theory, if I am concerned about the future, I would prefer to see serious work that can scale and a focus on functionality over silly playing.


play
plā/
verb
gerund or present participle: playing

    1.
    engage in activity for enjoyment and recreation rather than a serious or practical purpose.
    "the children were playing outside"
    synonyms:   amuse oneself, entertain oneself, enjoy oneself, have fun;