[SDC] ShadowCash | Welcome to the UMBRA - page 100.

coins101

legendary

Activity: 1456

Merit: 1000

Quote from: Automatic Monkey on February 13, 2016, 04:05:23 PM

Quote from: smooth on February 13, 2016, 10:32:23 AM

Quote from: coins101 on February 13, 2016, 10:17:06 AM

So I'm going to be a broken record on this issue. I'll repeat it a few more times, probably, until it sinks in or someone from the dev team tells me to piss off. Feel free to use those words.

People are actively working on quantum computer chips. As far as I can tell, only zerocash users have some level of comfort that they won't be affected.

Zerocash is not quantum safe by any means. If that is your concern, do not go there.

(Nor are any of these other coins, so please don't take this as FUD or pumping of anything.)

Quantum-safe cryptographic methods are a current area of research. Zerocash may or may not be desirable for other reasons. Quantum computers are not one of them.

Thanks, all this cryptography talk is confusing me, physics is easier.

People are in awe of the possibility of quantum computing because of its potential to bypass the limitations of c (the speed), however the true limitations in computing power are found in the limited thermal and electrical conductivity of existing materials. (Remember superconducting computers?) What limits the mining speed in your 16 nm ASIC is not c but the ability to get rid of the heat and move the information around within and out of the chip. A practical quantum computing device will face these same limitations as soon as the information moves from the quantum to the classical domain which is where it has to be for us to use it. Thus I would not worry about quantum computing destroying crypto. We will do that first.

It doesn't seem like quantum chips are a pipe dream. http://www.zmescience.com/research/technology/two-qubit-quantum-computer-0432/

VeritasSapere

hero member

Activity: 546

Merit: 500

I am still a supporter of the Shadow Project, the bounty did exactly what it was supposed to do, find flaws in the code. I applaud this effort, and I will continue supporting the Shadow Project as long as I earnestly believe in the communities and developers intentions. I am confident that this will be fixed and the Shadow Project will continue being a force for privacy in cryptocurrencies.

To have even put up this bounty in the first place reflects a sincerity of purpose, putting our money where our mouth is so to speak. I know Dash has a similar bounty in place, does Monero have one as well? I support all three projects by the way, they all share similar goals after all.

Automatic Monkey

hero member

Activity: 503

Merit: 500

Quote from: smooth on February 13, 2016, 10:32:23 AM

Quote from: coins101 on February 13, 2016, 10:17:06 AM

So I'm going to be a broken record on this issue. I'll repeat it a few more times, probably, until it sinks in or someone from the dev team tells me to piss off. Feel free to use those words.

People are actively working on quantum computer chips. As far as I can tell, only zerocash users have some level of comfort that they won't be affected.

Zerocash is not quantum safe by any means. If that is your concern, do not go there.

(Nor are any of these other coins, so please don't take this as FUD or pumping of anything.)

Quantum-safe cryptographic methods are a current area of research. Zerocash may or may not be desirable for other reasons. Quantum computers are not one of them.

Thanks, all this cryptography talk is confusing me, physics is easier.

People are in awe of the possibility of quantum computing because of its potential to bypass the limitations of c (the speed), however the true limitations in computing power are found in the limited thermal and electrical conductivity of existing materials. (Remember superconducting computers?) What limits the mining speed in your 16 nm ASIC is not c but the ability to get rid of the heat and move the information around within and out of the chip. A practical quantum computing device will face these same limitations as soon as the information moves from the quantum to the classical domain which is where it has to be for us to use it. Thus I would not worry about quantum computing destroying crypto. We will do that first.

LiteBit

legendary

Activity: 1133

Merit: 1050

A few thoughts:

Shen's research should be rewarded with the bounty reward even if that wasn't his original intent in publicizing it on wordpress, reddit, bitcointalk and finally github. The bounty was set up for "Deanonymize ShadowChat or ShadowSend (proof that a protocol is not anonymous)". That's exactly what he has done. Good for him, good for the project.
Short, dramatic headlines have 1 purpose, draw in readership. Releasing the research with posts such as "Broken Crypto in Shadowcash and OZ-coin" and having community followups like "Deanonymize Shadow? Nope." or "ShadowCash is mathematically broken. I urge all SDC supporters to join Monero." are only doing 1 thing, stirring up invested supporters (time/money) for useless in-fighting. It's no secret the communities are at odds for whatever reasons, both are responsible for the new wealth of future ammo the past 72 hours has provided.
None of it is productive.
Shadow's ring signature cryptography protected only the sender's identity and that now appears to be broken. Dual-stealth addresses protect the receiver's identity and that cryptography is not broken. Let the facts be the facts, this project isn't dead or broken or unqualified or whatever, the ring-signature crypto is broken.
Within Shadow there are 2 tokens, a public token and a private token. The public token is SDC and it is the main token used by shadow users around the world. It's the only token accepted on exchanges, the only token accepted by shapeshift/purse/etc, the strong majority of all transactional data on the chain at this point in the project's history. The SDC token does not use the broken ring-signature cryptography. It acts the same as the BTC token in the bitcoin codebase.
The private token is SDT and it is was the anonymous token being touted by the project. It represents a minimal amount of traffic on the chain at this point in the project's history. Thankfully the code was peer reviewed and a deanonymizing bug found before mass adoption or the decentralized market was in the hands of the users. At this time, there is no public way to pay for/ trade for/ invest in SDT unless you are a shadow user sending p2p transactions through your own wallet to another wallet.
Until the shadow project devs develop a fix, release it to the public, pick a fork date and continue on after the fork day, the previous transactions of SDT on the block chain are not anonymous. Again, the majority of transactions (SDC) were traceable and linkable as much as bitcoin already but now the minimal amount of SDT transactions need to also be considered "public" from a sender's (affected ring-sig crypto) perspective.

Supporters will be supporters, and just like sports fans, we get emotional! I myself am a rather large holder of both these 2 quarreling projects, monero and shadowcash. I've been around both from their early starts and will continue to hold both as I fight for my family's privacy. Each community makes me want to sell and move on somedays and this week was no exception for both.

For shadowcash, Shen's deanon code is a big concern but one I'm confident the team will fix and move past. While this ultimately affects the privacy of the "sender" on only 830* transactions over the course of almost 13 months it is something that needs fixed before more users are expected to trust this privacy platform on a large scale.

* source: https://raw.githubusercontent.com/ShenNoether/Deanon/master/sdcDeAnon.txt

erok

hero member

Activity: 896

Merit: 1000

Avatars are overrated.

Quote from: RyanOlstren on February 13, 2016, 03:50:47 PM

Quote from: erok on February 13, 2016, 12:39:47 PM

I wasn't specifically referring to this project because you are actually replying to devs code and ffmad which have been quite responsive to this. I have been an investor in XST, SSD, SYS, CLOAK, and maaaaaany others

None of those coins did anything as remotely irresponsible and incompetent as what has been done here.

That you and the rest of this ignorant SDC community can't see that speaks volumes.

You are wrong and should feel bad for trying to spread fear. Also learn to post better; multiple post responses to a single response of mine? FFS you are a horribly incompetent forum user which highlights the idea that you don't know shit about what you are talking about. And you werent the reason for me selling. That is your ego talking. Shen is the reason and actually now I regret selling Tongue

. Are you scared of going on your main account and posting here?

RyanOlstren

newbie

Activity: 29

Merit: 0

Quote from: erok on February 13, 2016, 12:39:47 PM

I wasn't specifically referring to this project because you are actually replying to devs code and ffmad which have been quite responsive to this. I have been an investor in XST, SSD, SYS, CLOAK, and maaaaaany others

None of those coins did anything as remotely irresponsible and incompetent as what has been done here.

That you and the rest of this ignorant SDC community can't see that speaks volumes.

sremington

newbie

Activity: 36

Merit: 0

Quote from: RyanOlstren on February 13, 2016, 02:54:51 PM

Quote from: erok on February 13, 2016, 02:19:36 PM

Quote from: RyanOlstren on February 13, 2016, 02:11:39 PM

erok did you dump your coins? Shall I post my XMR address now?

Yeah I broke half my bag.

Good. If I can help one person it's worth it.

I dumped all my XMR. Will be investing it all into SDC.

RyanOlstren

newbie

Activity: 29

Merit: 0

Quote from: erok on February 13, 2016, 02:19:36 PM

Quote from: RyanOlstren on February 13, 2016, 02:11:39 PM

erok did you dump your coins? Shall I post my XMR address now?

Yeah I broke half my bag.

Good. If I can help one person it's worth it.

rutherford

sr. member

Activity: 624

Merit: 250

edu-online: Ryan, as stated several times already, our team is on this and the bounty will be paid in full after we had time to do our own research. I completely understand that these kind of things require some of your patience, but please, let's try to deal with this in professional way? Keep in mind that our bounty program was set up to help us advance. Thanks!

sidhujag

legendary

Activity: 2044

Merit: 1005

I agree let the coders try to figure it out and see what they come up with first.

erok

hero member

Activity: 896

Merit: 1000

Avatars are overrated.

Quote from: RyanOlstren on February 13, 2016, 02:11:39 PM

erok did you dump your coins? Shall I post my XMR address now?

Finally the slimebag SDC community oozes from its sewer after the price goes down.

I doubt the devs or anyone else here has the dignity or morals to honor this bounty.

The claim is that publicly disclosing this fatal flaw did not minimized damage, but precisely the opposite is true. This means that the incompetent devs and ignorant community either

(1) Doesn't understand the nature of the flaw.
(2) Has no credibility.
(3) Both

All evidence points to 3.

Yeah I broke half my bag. No clue about the bounty or where that fund came from. The only thing clear is that you are not helping anything by shaming people that are trying to invest in innovation. And shaming a dev for a bug? Tha fuck have you contributed to the crypto scene that makes you think you have the right?

RyanOlstren

newbie

Activity: 29

Merit: 0

erok did you dump your coins? Shall I post my XMR address now?

Finally the slimebag SDC community oozes from its sewer after the price goes down.

I doubt the devs or anyone else here has the dignity or morals to honor this bounty.

The claim is that publicly disclosing this fatal flaw did not minimized damage, but precisely the opposite is true. This means that the incompetent devs and ignorant community either

(1) Doesn't understand the nature of the flaw.
(2) Has no credibility.
(3) Both

All evidence points to 3.

sidhujag

legendary

Activity: 2044

Merit: 1005

Quote from: SebSebastian on February 13, 2016, 01:08:09 PM

Quote from: sidhujag on February 13, 2016, 01:02:19 PM

Quote from: SebSebastian on February 13, 2016, 12:57:07 PM

Look sidhujag, you thought you'd come in and take a couple of cheap shots at Shadow in order to advertise sys. It's not the first time and I'm sure it won't be the last.

Why don't you come back when you're actually able to back up your claims instead of coming here, making a claim and then asking others to back it up for you.

Thats not at all the case look at my posts im generally keen on solving problems, although sys csn always use more help im not going around shilling especially when is a competitors thread.. I generally try to help and provide valid criticism, although seems you and your community is too standoffish to realize this.

You can maybe undestand my point of view though, that last post is the first time you've actually made a suggestion with enough substance to it to actually be actionable. Just claiming that code is "poor" isn't very constructive.

Anyway, no hard feelings.

No problem, if you do fix it please let me know

sidhujag

legendary

Activity: 2044

Merit: 1005

Quote from: rutherford on February 13, 2016, 01:05:04 PM

code: sidhujag,
You may provide valid criticism from time to time but you need to be able to handle some valid criticism that we give you.
You claimed no test cases -> there have always been test cases
The article had flaws in it, you didn't bother checking facts or merely asking us. You just wrote whatever you thought was right

yes fhey were added since the last time i looked, good on the dev. About the article i asked for a message detailing what should change and inwould do it.. No message today

SebSebastian

sr. member

Activity: 286

Merit: 250

Quote from: sidhujag on February 13, 2016, 01:02:19 PM

Quote from: SebSebastian on February 13, 2016, 12:57:07 PM

Look sidhujag, you thought you'd come in and take a couple of cheap shots at Shadow in order to advertise sys. It's not the first time and I'm sure it won't be the last.

Why don't you come back when you're actually able to back up your claims instead of coming here, making a claim and then asking others to back it up for you.

Thats not at all the case look at my posts im generally keen on solving problems, although sys csn always use more help im not going around shilling especially when is a competitors thread.. I generally try to help and provide valid criticism, although seems you and your community is too standoffish to realize this.

You can maybe undestand my point of view though, that last post is the first time you've actually made a suggestion with enough substance to it to actually be actionable. Just claiming that code is "poor" isn't very constructive.

Anyway, no hard feelings.

rutherford

sr. member

Activity: 624

Merit: 250

code: sidhujag,
You may provide valid criticism from time to time but you need to be able to handle some valid criticism that we give you.
You claimed no test cases -> there have always been test cases
The article had flaws in it, you didn't bother checking facts or merely asking us. You just wrote whatever you thought was right

sidhujag

legendary

Activity: 2044

Merit: 1005

Quote from: SebSebastian on February 13, 2016, 12:57:07 PM

Look sidhujag, you thought you'd come in and take a couple of cheap shots at Shadow in order to advertise sys. It's not the first time and I'm sure it won't be the last.

Why don't you come back when you're actually able to back up your claims instead of coming here, making a claim and then asking others to back it up for you.

Thats not at all the case look at my posts im generally keen on solving problems, although sys csn always use more help im not going around shilling especially when is a competitors thread.. I generally try to help and provide valid criticism, although seems you and your community is too standoffish to realize this.

Case in point, you provide a half baked refuttal to shens post by your own blog post and told him to basically put his money where his mouth is, which is exactly what he did. Now your trying to do the same thing, and although i can spend a few weeks learning about anon and ring sigs and totally dismiss you sadly i dont have that time because anon cant and wont exist in any form of decentralized marketplace nor is it evem remotely the best business decision in terms of time and opportunity cost which you dont seem to have grasped.

coins101

legendary

Activity: 1456

Merit: 1000

Quote from: coins101 on February 13, 2016, 11:18:31 AM

Actually, I had switched off from the whole quantum computing debate for a few years. It was always in the theoretical camp. But it looks like the increasing use of encryption has put governments on the back foot and so they are pumping money into pushing forward research and the day when quantum chips will be available.

It looks like <5 years; so say <10 years for widespread use. That means governments will likely be testing / using chips within 5-10 years.

As this article says: are you ready for your dodgy crypto transactions to be unmasked?

http://phys.org/news/2016-01-quantum-comingare.html

Before this stuff gets buried under a pile of squabbling about nothing much...

15 minutes on Google and I'd be shitting it about quantum chips if I had past transactions with something to hide.

They are not as far away as people think.

* Google has some actual evidence on quantum computations, and that phones with quantum chips could probably unravel mixed coins.

* IBM and NASA are preparing to building chips

* A group in Australia have carried out demos that seem within a whisker of being fab plant ready

* Microsoft are building software that can run calculations on quantum chips

etc.

sidhujag

legendary

Activity: 2044

Merit: 1005

Quote from: SebSebastian on February 13, 2016, 12:49:24 PM

Quote from: sidhujag on February 13, 2016, 12:40:54 PM

Quote from: SebSebastian on February 13, 2016, 12:33:56 PM

Quote from: sidhujag on February 13, 2016, 12:27:47 PM

Quote from: SebSebastian on February 13, 2016, 12:17:47 PM

Quote from: sidhujag on February 13, 2016, 12:10:37 PM

Quote from: SebSebastian on February 13, 2016, 11:46:02 AM

Quote from: sidhujag on February 13, 2016, 11:44:13 AM

Quote from: SebSebastian on February 13, 2016, 11:43:09 AM

Quote from: sidhujag on February 13, 2016, 11:39:37 AM

Quote from: SebSebastian on February 13, 2016, 11:36:32 AM

Quote from: sidhujag on February 13, 2016, 11:21:42 AM

Great work, Glad that anon was broken so noone will lose money. I suspected it based on the qualify of code that was coming from this team, thus didnt realy expect it to be of commercial quality anyways.. I doubt they will be able to fix it, so id just remove the fteature altogether if i were you.

I suspect based on the number of misspelled words in your post that your ability to judge the quality of code probably isn't too spectacular. Still, you wouldn't be sidhujag if you didn't use this as an opportunity to shill for syscoin (as you have done with the majority of your posts in this thread).

It will be fixed.

You are wrong, you may read the code of sys offers and judge for yourself.. Infact there is a bounty to try to break it or find major bugs.

Then prove me wrong and show me exactly which portions of Shadow's code you think are of poor quality (the part Shen's bug report relates to obviously excluded) and explain how you would improve upon then. Otherwise it just looks like you're here dishonestly casting aspersions on another project in the hope of promoting your own.

Point me out to your unit tests as a starter.. Can you do that?

You made the claim so the burden of proof is on you. I'll be waiting.

Oh i forgot you code is closed source lol.. Again point me out to your unit tests and I will start from there.. No tests? There rests my casse.

the burden is NOT on me because you asked me, now if i dont have access to your code (tests) then i cant really answer your q and my original claim stands..

Do you realise how stupid you sound now?

Quote

I suspected it based on the qualify of code that was coming from this team

Now you're claiming you can't read it because it's closed source (guess I'm imagining this github repo). So you made your claim without having looked at the code.

You should probably stop before you make an even bigger fool of yourself.

The original core code is up and was based on that.. With private code develipment who knows what the heck ypu updated? There are no tests on the github one i saw.. Again your not a coder you dont get it.. noone has time to dicipher whats private whats public and what possibly changed in your private repos. You can nitpick all you want but its not doing you or your coin any good, maybe you should stop and just give me the information i asked for instead of trying to make this a he said she said argument? Theres an idea

You claimed SDC's code to be of poor quality.

As you're obviously not familiar with the concept:

Quote

Burden of proof (or onus probandi in Latin) is the obligation on somebody presenting a new idea (a claim) to provide evidence to support its truth (a warrant).

Took me about 15 seconds: https://github.com/shadowproject/shadow/tree/master/src/test Roll Eyes

I think the fact that you couldn't find it yourself says about all that needs to be said about your credibility.

Why did the ring sig tests not pick up this attack vector of defficiency in the implementation?

Not really getting the whole burden of proof thing are you? You're the great coder, you should be able to tell me that.

Perhaps the unit tests are incomplete as they did not catch the attack vector although that is generally impossible to do.. Last time I looked the ring sig tests were not there so kudos to the dev to add those.. Code coverage is above 0 although not as high as one would hope for a crucial money sending ffeature such as anon it is a start.. Quality is not horrible as i initially thought when i looked at the code many months ago.

SebSebastian

sr. member

Activity: 286

Merit: 250

Look sidhujag, you thought you'd come in and take a couple of cheap shots at Shadow in order to advertise sys. It's not the first time and I'm sure it won't be the last.

Why don't you come back when you're actually able to back up your claims instead of coming here, making a claim and then asking others to back it up for you.

Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 100. (Read 1289635 times)