Topic: rpietila Altcoin Observer - page 141. (Read 387552 times)

Isn't the more significant issue the download time of the blockchain? Bitcoin is over 10GB and it isn't any where near the volume of Visa, not to mention the orders-of-magnitude increase for micro-transactions we need (to replace the Google monopoly ad model of funding the internet and to support Ethereum style crypto-economy).

And the one-time ring signatures (with transactions split into standardized factors to enable mixing) have another few orders-of-magnitude on top of that (at least is a constant multiple).

We are looking at block chain that exceeds a Terabyte easily. Might take a year to download it if we are talking about decentralization and accommodating slower connections.

The mini-blockchain can prune away most of that bloat, but one-time ring signatures are fundamentally incompatible with it as far as I can see.

How can you ban what you can't track?

We might have to go to extreme measures though such as hiding the protocol in normal web traffic. And or I see Finland (or ?) is broadcasting the Bitcoin blockchain with shortwave radio.

If we get to that point, the SOBs have lost, because they can't fight even 10% of the population if people realize they have the tools to fight back effectively.

I do realize there is a lot of grey area in between the ideological extremes I've stated. So yes banning could be a struggle of good versus evil for while.  But good wins.

The Homelust screwurity papers have I think revealed they expect cyberware. Or was that a US Navy doc? I forget. Any way, I think that may be coming...

Hiding in the closet waiting for the bogeyman to find you with his ax is less effective than grabbing the shovel and whacking him upside the head. I'd rather be proactive.

I will wait to see what you guys come up with. Good luck on that effort.


I like Monero's (Cryptonote's) one-time ring signature. That is definitely an innovative feature. It is a form of a Zero knowledge proof. But using it every time has a cost to block scaling. Whether that trade-off can be mitigated remains to be seen.

I don't like DRK's CoinJoin. It has a simultaneity requirement and DRK employs master nodes to solve the jamming problem inherent in the two-step CoinJoin protocol, and this opens it up to Sybil attacks, etc.. But rather than argue the intricacies of how I think it is impossible for them to solve the issue fully, the simultaneity requirement is enough to make it a non-starter in my view. It is not totally useless, but I don't think the simultaneity requirement can scale well for one.

I don't like anonymity that relies exclusively on Tor or I2P, because I know that low-latency Chaum mix-nets are subject to timing analysis, even when the adversary can't decrypt the packets. Supporting it as another layer of anonymity is not totally useless however, but I am wary of masses getting complacent about it and think they've done enough to secure their anonymity and privacy.

I like the technological innovation in Zerocoin and Zerocash, and these technologies could potentially be useful in side-chains, but as for a universe where someone was trusted to delete the master key and in the case of Zerocash we will never know if they didn't and are secretly generating unlimited coins—is unacceptable in my opinion (and seems many others share this view?). Also the crypto is too complex and too new (unvetted) to trust the world's money supply and anonymity with. I much prefer where each user generates their own keys for their anonymity and ownership, e.g. Cryptonote's one-time ring signature. Geometrically more difficult for an adversary to attack all millions or billions of users' keys. In short, I like decentralization over centralization and that applies to the cryptography keys as well.

I like the mini-block chain design in Cryptonite (not Cryptonote). I helped analyze and comment on it, so I've been following it for some months. Their effort lacks anonymity and other things I like. One-time ring signatures appear to be fundamentally incompatible with it.

I don't like any of the proof-of-work algorithms over Bitcoin's thus far (at least given what I think we know about Cuckoo hash thus far, i.e. seems to be highly parallelizable even if slightly sublinear thus I don't think it will keep GPUs at parity? It might have some role if the number of lightweight cores on mobile increases to some huge number). I have expended a lot of effort on this and have some work in progress in this area. As far as I can see as of now (subject to additional insight or information), Cryptonote's hash is somewhat ASIC resistant (will be very complex to implement) but it is slow (maybe they can mitigate the ramifications of that, MemoryCoin 2.0 was even slower), but I am concerned that if ever there is an ASIC later then it could be proprietary.

I like the concept of programmable features on top of the blockchain, i.e. Ethereum. This appears to be a holy grail of decentralized economy if it can be made to work without failing into centralized outcomes, e.g. a centralized app store to combat viruses. I also like some of the technology discussion over at Ethereum's blog and wiki (probably also the forum but haven't had time to dig in there). Ethereum is off in many directions because they are considering such a huge space of concepts. However, I don't see yet that they've worked out some of the fundamental issues.

I like Lamport signatures with Winternitz optimization.

I am interested in the GHOST refinement over Satoshi's longest chain rule. There is a blog post at Ethereum about it. I have also proposed an additional idea that goes further on a dubious case if rented mining hardware becomes ubiquitous.

I hate POS. I call it piece-of-shit. There is no entropy there. Caveat: I need to digest Ethereum's blog post on POS, to see if I have missed some insight. Also I must admit that I haven't done enough formal analysis especially of hybrid PoW+PoS. But I do expect my fundamental insight of the lack of entropy to remain fundamentally true and thus my conclusion to remain valid.

I hate transaction fees. I like (smallish but not too small) percentage perpetual debasement. My rationale is contained in my thread (and follow links off to discussions in other threads, such as Monero economy thread).

I don't like coins that have a rapidly declining debasement schedule, e.g. Monero is much faster than Bitcoin, because this means early adopters (which could potentially by botnets early on for any coin) get a disproportionate amount of the coins and I have argued upthread that I think this diminishes network effects by the N squared in Metcalf's Law.

I've probably failed to mention quite a few things I like and dislike in the decentralized crypto-economy space.

Actually, I don't recall mentioning Monero in the least. Your attribution of Monero being equal to Cryptonote is a much welcomed delusion, and I hope you carry that one with you well into the future and I'm glad we put that idea in your head

Onto your actual stance though:

However you want to define a process in which you personally cannot find out my financial details, is what I'm trying to describe here. Bitcoin allows you personally to find out details of my finances, and as far as I can tell you personally cannot with with cryptonote or coinjoin (edit: Unless you had lots of money and resources). To me, that's anonymity or privacy.

Sorry if you have some super awesome definition of those words that you read to yourself every morning right before praying to whatever god you worship .. but that's all it means to me. Maybe you could try sharing this super awesome definition with us all some day, as I'd surely like to hear what privacy and anonymity mean to you?

The scenario bitcoin will continue to and has already put me in is unacceptable. It has likened the sharing of a simple wallet address to being the same as sharing an extremely personal encounter like sex. The problem and reality with and of that is that there will be people I have to interact with and share my wallet address with whom I don't like, I don't trust and who will take advantage of me if they have this information. Both cryptonote and coinjoin offer at a protocol level that which does not allow such a gross overstep to happen so easily from simple casual encounters -- they offer something that does not allow the world to be so personally invasive (unless, of course you have lots of money and resources - things a hot-dog vendor likely wouldn't waste on me). As I already have this with banks .. I'm having trouble digesting that there's an argument at all .. but different frontiers and such I guess?

Maybe you're just trollin me?

And now I have to add as a disclaimer because apparently everyone on the forum flips out and overexaggerates: Cryptonote and Monero are alpha-level software whose usage is not yet ready to be adopted by the world. If you have a problem with claims of possible superiority, please leave your concerns in this thread.

Guys "anonymity" just means "without a name." Even bitcoin does that.

It is not a term with a useful, specific, technical meaning. When used in the context of coins it is used for marketing purposes and shouldn't be taken too literally.

Even "privacy" is somewhat unclear unless given a context, though it is more applicable than anonymity.

More precise concepts that are more useful to discuss in detail are unlinkability, untraceability, block chain analysis, etc.


 

You're quite naive if you think that Monero is truly anonymous. The reality is that real anonymity is impossible, for now anyway. The best you can hope to achieve is privacy.

I don't know what you mean by "full" mobile wallets. Full node? If so, then only Moore's law will give us that, and it probably will. I don't know how far back you have to go for today's mobile devices (quad core CPUs, 64 GB of storage etc) exceed a typical desktop PC, but it isn't that far. You won't have to go far into the future for a mobile device exceed today's typical desktop computer, and the latter is certainly capable of running a full node.

If you mean some sort of method of operating a lightweight wallet on a phone that is short of a full node but doesn't rely on a trusted server, that is being worked on. I'm explicitly not promising this will succeed and there is no promised delivery whatsoever, so don't start calling this vaporware. I'm interested in a persuasive argument if there is one, that it "can't" be done.

Furthermore there is work being done to directly reduce the size of the blockchain itself, which is what I meant. I guess it could be argued that gets closer to there being a full node on a mobile device (i.e. trims some time off waiting for Moore's law).

But you're missing the details.

How is the anonymity handled? Is it permanently obscured such that there's no proof of payment to either parties involved ever, does it allow the transaction to be viewed by a third party/anyone in the future in some way that can be demanded in a court of law?

If a regulator were to want my financial information right now, they'd get the information from my bank. Key point here is that they need the bank's consent, which is given by law .. and as I'm not in outright revolt right now I'd have to say that mine is given as well

If a regulator were to want my financial information with bitcoin, they'd type in blockchain.info and cross reference any of my previous wallet addresses they have. Key difference here is that once anyone has my address, they immediately can find out any information about me, and that my address is something I share with everyone, not just my bank. Bitcoin might be anonymous enough right now in July 2014, but what happens when people actually start using it? It's an unknown - and I can paint an ugly picture here, or a pretty one. One case involves everyone you share your wallet address (in order to receive payment) with knowing all your finances - something I don't intend to do ever .. and one is where magically everyone doesn't look up everyone's wallet addresses on blockchain.info. Tell me which one's a more likely scenario?

If a regulator were to want my financial information with a cryptonote coin, that's still a grey area. I could paint a pretty picture where banks somehow manifest to keep your digital information secure, where they hold your wallet and viewkeys, and share it whenever needed .. or can tell you they could pass regulation demanding you share your view key on demand (which still must be given under some form of consent or theft) .. or whatever story you'd like to hear. The point here is that it's an unknown, which does not make it illegal at all. That unknown can be answered in the future, but nobody can tell you how it's going to play out. Being worried about people's attention should be the least of your worries, when you're taking the next step into a bright new frontier.

If a regulator were to want my financial information with a coinjoin coin, I can immediately tell that it could cost them a lot of needless dollars (if they were so inclined to invest them) because the only implementation that's similar and I'm a little familiar with involves masternodes. To have proof-of-payment from those would take a lot of resources (but can be done) .. which will only serve to raise your taxes when more computers are put into place to track your every move anyways. But again, they could just demand you present your financial ledgers in a court of law.

I'm not seeing how fearing if it's going to be banned should stunt your attempt to get it banned in the first place. What is there to ban here? Clearly the tendency has been to regulate and not ban, so if anything it would seem like that would be the route taken.

Cowardly ?? How about realistic ..
BitCoin for most users is anonymous enough ..
DRK/CLOAK/XMR and others are pushing the envelope in the other direction ..
You've got to assume that some level of 'anonymity' is going to attract regulator's attention ..
That will impact the investability of these coins would it not ??

Triff ..

Bluntly, that kind of thinking is pretty lame, fearful and cowardly.

Is it banned now? You're never gonna know if it can be something more unless you try.

I mean this is a cryptocurrency forum, a few years ago people were terrified both for and of bitcoin because it was used for silkroad. Now it's got regulations that don't ban it.

That's dead-end thinking, and not how to get anywhere.

"In order to be truly anonymous and make users safe from the goverments and powers that be."

That's a fair statement of the 'goal' ..
But if a coin were released that delivered on that feature set ..
Wouldn't the risk be that TPTB would ban the thing .. or try to ??

Triff ..

He never said this, but the opposite. Crypto's + knowledge will be the only way to escape and hide from the goverment in the coming age. However, he sees many problems with the bitcoin and altcoins and he is exploring (and hopefully programming) what features should the "killer coin" have in order to be truly anonymous and make users safe from the goverments and powers that be.

Yeah, he basically says they all suck one way or another, and we should give up all hope and go back to fiat which sucks too because inflation eats it away. The only good investment he recommends is IT skills in the coming Knowledge Age. That's what I gathered from reading his posts. Many of them are insightful, but giving up hope on cryptos is not something I can agree with him on

"Fixed" for what purpose? Full mobile wallets?

This would be unlikely, but I'm open to persuasion.

Question to AnonyMint.

Having read some of your posts (frankly, not many, just those that happened to appear in topics I follow) I came to the conclusion that you only try to find flaws in those coins you touch, thus not giving preference to any of them. I saw this behavior towards XMR and DRK (and Ethereum?). Maybe some others too, but that's too much effort to look through all of your posts. So the question is: am I right? Or do you have any coin(s) that you particularly like? If not, would you mind writing a short summary post about those you examined and things you like and dislike about them?

Thanks.

The problem is not governments shutting down crypto.  The problem is governments taking over crypto, and destroying its useful features, such as finite supply and transactional privacy and freedom.

This point was made years ago in the context of Bitcoin, but I'm sure it has been rediscovered many times.


I seriously doubt this latter number since approximately 100K is on Monero alone, and Monero is a modest if growing part of the altcoin universe.

EDIT: It could be in the high hundreds of thousands, it is low 100Ks that I doubt. Given the likely efficiency factors between dedicated miners and botnets this translates to botnets of millions. Or to put it another way, we are likely close to the point, if not there already, that botnets are not a major (security) threat. I leave open the question of economic theories.

Furthermore this entirely ignores all of the factors that separate one botnet machine from one dedicated miner. Duty cycle if nothing else should be at least some significant factor. You mentioned a countermeasure of "just mine on one core" but that obviously reduces capacity significantly.


Mixing works just fine. I've used it dozens if not hundreds of times.


"Can't" be fixed is a bold statement. Care to offer proof of that? Because there are ideas being developed for doing just that (that might not work).

Afaik, I was the person who originally had that same insight several months ago. However, that doesn't necessarily apply while the supply of botnets is 10s - 100s of thousands (or even millions) and the totality of non-ASIC altcoin mining is 100s of thousands.


You ignore the power of squaring laws.   Not wise from my understanding of math.


What is that? Mix coins? I already had someone report to me they tried and failed. That was only 1 report though.


The block chain scaling can't be fixed. For me that is the killer. So I could understand why you might not care about economics scaling by the square law.



I am so jealous. 

2 GB of memory?

Dual core (Intel) i5 CPUs have only 3 MB of cache, so they will mine Cryptonight at less than half the speed of the higher end quad-core i7s with 8 MB (which are roughly comparable with mid-range GPUs). That is assumes they are turned on and that they aren't in use such that mining needs to suspend or background itself.

All that conspires to make one of these machines worth a lot less in a botnet compared to a dedicated miner. Obviously botnets can be large, but I don't know how large. With the equivalent of 100K miners already on the network, it takes several hundred thousand of these in a botnet, at least, to become problematic from a security point of view. Smaller botnets add to the security of the network, which is my primary concern, not economics.

I disagree with the economic argument about botnets being important "because they get cheap coins" for two reasons:
1. Botnets are a finite resource and if mining with them is so profitable because they get cheap coins more botnets will join the network until the coins are no longer cheap (a combination of botnets getting scarce and the difficulty going up), and 2. given opportunities to trade the coins will end up with whoever values them the most anyway. That may well be some whale who buys them from the botnet owner, or the botnet owner might himself be a whale. The rich get richer, (almost) always. It is fair that we agree to disagree on this point.

I will say one thing about what I think about Monero generally. I think it is a bloody mess, with lousy code we essentially found half-finished in some dead guys attic (to speak in metaphors). But what it does, it does better than any other delivered coin (by a wide margin), and I believe that many of the most serious problems can be addressed in short order (some already have).

In fact I would guess that the reason you pay so much attention to Monero is that you agree it is by far the best implementation of decent privacy on a blockchain that exists today, and therefore the closest to something you seem to think is important. It may not be what you think it should be, and it may not ever get to what you think should be done, but it almost certainly is the closest today and may very well be the closest in the future as well.

Here what I typically see is maybe 50% of them are recent CPUs (because growth radically accelerated when the Fed did QE driving the bond investors to emerging markets to seek yield, with credit growing > 20% annually here) but only dual-core. Often only 2MBGB of memory. They are cheap machines but later generation, because they need the latest AGPU to play Dota, etc.


Maybe small but maybe 50K or your 100K Really I don't know if yours is the most profitable to mine with a botnet, so I have no idea.

My point is it wouldn't take too many at this stage of your mining usage to gain significant coins cheaply.


They key difference is the botnet owner will likely sell the mined coins, and the other miners at this stage will not.

So therefor the price is driven down and the miners are mining at a loss compared to those whales who sit on the bid to mop up the cheap coins.

This drastically retards the network effects growth of the coin. Sheesh! I already explained this to you in the Monero thread and you choose to forget it. Peter R already showed that Bitcoin price scales as the square of N where N is some proxy for users.

Yeah I know for you everything is theory and should be ignored, even though Peter R showed in fact it is occurring.


Agreed delivery is crucial. There is a balance between delivery haphazardly and being too methodical and never delivering on time.

But this notion of "delivery and we can work it out over time, given we are open source and have a lot of good minds" actually doesn't work in practice. I quoted Linus Torvalds for you on that.

Agreed one of the first principles of open source is "ship early and ship often". But in terms of design, this is known to suck (ignore Eric Raymond's blog at your peril, for he is originator of the term "open source").


Ok understood. As I said, this is why design sucks in this model. Eventually open source rectifies this, but it can take a loooonnng time, e.g. Mint finally makes a Linux that looks like Windows desktop. How many years did it take to come?