We are anonymous 
Oooooh yeah baby -> unknown.....not even a shadow
Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 444. (Read 1289636 times)
Oooooh yeah baby -> unknown.....not even a shadow
We are anonymous
wow this coin is all cool and shit even has a room on anonymous' IRC server
"The people who are crazy enough to think they can change the world are the ones that do."
Dedicated to Ryno, Techovert, the Team and this Community.
https://www.youtube.com/watch?v=tjgtLSHhTPg
Dedicated to Ryno, Techovert, the Team and this Community.
https://www.youtube.com/watch?v=tjgtLSHhTPg
a little over 300 blocks…
Those are the eyes of a man who has just witnessed the birth of zero knowledge transactions.
Gentle Reader.
A morning hymnal for your observance…
Quote
"Well your prayers will be heard,
Angels come to sing,
A song you never heard,
Here's a new beginning.
The moment you start to believe in,
You get a new a'beginning."
Angels come to sing,
A song you never heard,
Here's a new beginning.
The moment you start to believe in,
You get a new a'beginning."
https://www.youtube.com/watch?v=p6rmTcfMqnU
Don't laugh at me but serious question.
Is this a rebrand of the original SD Coin? If so how do I convert old coins to Shadow Coins or is it too late?
As you can tell I mined some to hold but never kept up with the thread/threads.
Is this a rebrand of the original SD Coin? If so how do I convert old coins to Shadow Coins or is it too late?
As you can tell I mined some to hold but never kept up with the thread/threads.
I downloaded the new build that was supposed to fix the sync problems but no luck for me any tips?
Close wallet. Download bootstrap.dat, move to appdata shadowcoin folder, and then reopen wallet. It will take a long time to load (~10-20 min) and even go unresponsive, but that is normal. That should fix any sync issues.
This seems epic. I wonder why ShadowCash is not getting much attention yet. Seems like the price is way undervalued.
By my opinion, we are trading at 1/10th our proper value with this tech in this space. Perhaps even more than that. I think its only a matter of time. But the sooner the better.
This seems epic. I wonder why ShadowCash is not getting much attention yet. Seems like the price is way undervalued.
I downloaded the new build that was supposed to fix the sync problems but no luck for me any tips?
Close wallet. Download bootstrap.dat, move to appdata shadowcoin folder, and then reopen wallet. It will take a long time to load (~10-20 min) and even go unresponsive, but that is normal. That should fix any sync issues.
I downloaded the new build that was supposed to fix the sync problems but no luck for me any tips?
Exciting days brothers.
it rocks
http://explorer.shadow.cash/block/b3f1a4f783b87b78f182ebd45b664b66e715fb521b6da807a2c59c1dd39f0050
hahaha it says "Unparsed address"
http://explorer.shadow.cash/block/b3f1a4f783b87b78f182ebd45b664b66e715fb521b6da807a2c59c1dd39f0050
hahaha it says "Unparsed address"
Why wouldn't you just delete the line "when clearly there is no more NIZKP in the source than exists in Monero's keyimage system." instead of striking through since it is obvious fud? Advertising, that's why.
Because anyone that gets email notifications has the full text of what I said anyway. If you'd prefer, I'll gladly remove the strikethrough, since the point is valid. Also, if there's a miraculous advancement in NIZKP implementation in the source please do point it out to me and I will absolutely publicly admit my gross inability to notice it.
Hi Fluffy,
I just spoke with SDCDev regarding the comment above:
"it's in 'generate signature' (https://github.com/SDCDev/shadowcoin/commit/317b9b1f5121ecde162fd8d37fbd587182c45fef), its just the hash commitment from the signature... we don't have snarks or full zero knowledge, just a zero knowledge proof. The keyimage is the tag.. the zkp is the whole construction of tag... the algorithm in the paper pretty much translates directly to the code" - SDCDev
WP: http://shadow.cash/downloads/shadowcash-anon.pdf
Note: SDCDev has stated he will be responding himself with a clearer explanation.
Rynomster or anyone else: Feel free to correct me wherever I'm wrong as this is also a learning process for me.
AFAIK Cryptonote doesn't destroy or mint coin during its process. If I'm correct, then this is the biggest difference between the two schemes.
My understanding of Shadowcash:
Shadowcash is similar to Zerocoin in the sense that it uses anonymous token system to destroy SDC then mint new Shadow (SDC-to-Shadow); However, unlike Zerocoin, it doesn't require a trusted setup to convert Bitcoin into newly minted Zerocoin.
Below is an image of the Zerocoin minting process:
(continued)
The Shadowcash network destroys the SDC and mints Shadow in it's place (SDC-to-Shadow) via smaller denominations of Shadow Tokens (Shadow) equal to that of the destroyed SDC. These Shadow Tokens (SDT) make up the members of the ring signature. The newly minted Shadow tokens have no link to the destroyed Shadowcoin, because it is sent to dual-key stealth address. Non-interactive zero knowledge proofs (NIZKPs) are used when sending Shadow-to-Shadow between Stealth Addresses; Furthermore removing linkability between parties. The only way to redeem Shadow is to provide ownership of the tokens through ownership of the address via a traceable ring signature. Thus, if you don't own the address containing the Shadow then the network won't allow you to mint (redeem) new Shadowcoin (Shadow-to-SDC).
How can anyone be sure that there are no "phantom tokens"? Who is going to control the creation of these tokens? Is it all based on trust, are you serious? wtf
they can only be created by sending SDC -> Shadow, there are api:
>shadowcoind help anon
anoninfo [recalculate]
anonoutputs [systemTotals] [show_immature_outputs]
estimateanonfee
reloadanondata
sendanontoanon
sendanontosdc
sendsdctoanon
and in the wallet there is a chain data page, which shows all the anonymous outputs in the system.
Shadowcash doesn't seem similar to cryptonote other than the use of ring signatures. IMO, ShadowCash seems more advanced in it's implementation vs Cryptonote because Shadowcash destroys the inputs (SDC) and creates anonymous outputs (Shadow).
From the Monero thread regarding I/Os:
So miner(or anybody) knows sum of all spent inputs and outputs ?
The ins and outs each have amounts, so you can add that up.
Quote
Am I right ?
Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)
using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?
implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1
Am I missing something ?
Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)
using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?
implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1
Am I missing something ?
I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.
And what does g1 (or a3 for that matter) denote on your output?
g1(I pay for god) and a3(my new address) does not matter.
Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?
Please can you make example:
1) I have unspent output 5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.
You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.
Your foreign ouputs need to be of the same size.
So we would have (borrowing some of your notation)
tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))
a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us
We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.
Did you forgot to add keyImage for a1 ? Or how can be this transaction verified ?
Like I said before, understanding this scheme has been a learning process for me. If I'm incorrect in any of information, Ryno or anyone else please feel free to correct me.
I spent the better part of the day preparing a guide/explanation slide presentation (draft) that goes over the flow from start to finish. The information in the presentation comes from the WP and IRC, so I'm sure it's 100%. Ryno still needs to verify everything though.
I think the visualization of the process will help people understand the groundbreaking innovation made here and more importantly - how to use it. It's truly a unique system.
(1st Draft and will edit accordingly)
https://docs.google.com/presentation/d/1yX2jN618Rnzs4g2ri_utdKdHbny6-xnRcPhOuhLNGB0/edit#slide=id.g577a31a2a_086
I'm working with crz to create a proper technical infographic that shows the process similar to the zerocoin and cryptonote images above. Not sure when those will be released but feel free to donate to crz! http://shadowtalk.org/topic/74/new-branding-wallet-logo-icons-visuals-infographics-media/12
Thanks!
thanks for the explanation and the presentation, it is very clean job Coolstoryteller
^ excellent explanation CST.
Why wouldn't you just delete the line "when clearly there is no more NIZKP in the source than exists in Monero's keyimage system." instead of striking through since it is obvious fud? Advertising, that's why.
Because anyone that gets email notifications has the full text of what I said anyway. If you'd prefer, I'll gladly remove the strikethrough, since the point is valid. Also, if there's a miraculous advancement in NIZKP implementation in the source please do point it out to me and I will absolutely publicly admit my gross inability to notice it.
Hi Fluffy,
I just spoke with SDCDev regarding the comment above:
"it's in 'generate signature' (https://github.com/SDCDev/shadowcoin/commit/317b9b1f5121ecde162fd8d37fbd587182c45fef), its just the hash commitment from the signature... we don't have snarks or full zero knowledge, just a zero knowledge proof. The keyimage is the tag.. the zkp is the whole construction of tag... the algorithm in the paper pretty much translates directly to the code" - SDCDev
WP: http://shadow.cash/downloads/shadowcash-anon.pdf
Note: SDCDev has stated he will be responding himself with a clearer explanation.
Rynomster or anyone else: Feel free to correct me wherever I'm wrong as this is also a learning process for me.
AFAIK Cryptonote doesn't destroy or mint coin during its process. If I'm correct, then this is the biggest difference between the two schemes.
My understanding of Shadowcash:
Shadowcash is similar to Zerocoin in the sense that it uses anonymous token system to destroy SDC then mint new Shadow (SDC-to-Shadow); However, unlike Zerocoin, it doesn't require a trusted setup to convert Bitcoin into newly minted Zerocoin.
Below is an image of the Zerocoin minting process:
(continued)
The Shadowcash network destroys the SDC and mints Shadow in it's place (SDC-to-Shadow) via smaller denominations of Shadow Tokens (Shadow) equal to that of the destroyed SDC. These Shadow Tokens (SDT) make up the members of the ring signature. The newly minted Shadow tokens have no link to the destroyed Shadowcoin, because it is sent to dual-key stealth address. Non-interactive zero knowledge proofs (NIZKPs) are used when sending Shadow-to-Shadow between Stealth Addresses; Furthermore removing linkability between parties. The only way to redeem Shadow is to provide ownership of the tokens through ownership of the address via a traceable ring signature. Thus, if you don't own the address containing the Shadow then the network won't allow you to mint (redeem) new Shadowcoin (Shadow-to-SDC).
How can anyone be sure that there are no "phantom tokens"? Who is going to control the creation of these tokens? Is it all based on trust, are you serious? wtf
they can only be created by sending SDC -> Shadow, there are api:
>shadowcoind help anon
anoninfo [recalculate]
anonoutputs [systemTotals] [show_immature_outputs]
estimateanonfee
reloadanondata
sendanontoanon
sendanontosdc
sendsdctoanon
and in the wallet there is a chain data page, which shows all the anonymous outputs in the system.
Shadowcash doesn't seem similar to cryptonote other than the use of ring signatures. IMO, ShadowCash seems more advanced in it's implementation vs Cryptonote because Shadowcash destroys the inputs (SDC) and creates anonymous outputs (Shadow).
From the Monero thread regarding I/Os:
So miner(or anybody) knows sum of all spent inputs and outputs ?
The ins and outs each have amounts, so you can add that up.
Quote
Am I right ?
Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)
using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?
implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1
Am I missing something ?
Transaction
input(a1=5 XMR, random=6 XMR) output( g1=3 XMR, a3=1 XMR, keyImage_a1 )
ringSing(pub a1, pub random and private a1)
using VER and LNK everybody can verify that a1 holds 5 XMR, so I'm able to spend 4 XMR and miner can take 1 XMR fee ?
implies a1 was used (because I can't spend random)
implies a1_priv * H_p(A1_pub) = keyImage_a1
Am I missing something ?
I'm not sure of your notation here Is 'random' a foreign output used for a ring sig? In that case, that's not how it works. Each input uses a separate ring sig, with other outputs of the same same.
And what does g1 (or a3 for that matter) denote on your output?
g1(I pay for god) and a3(my new address) does not matter.
Okay well like I said, each input will have it own set of foreign outputs used for mixing. Such outputs will all be of the same size, so this doesn't change the amount of the transaction, just its possible funding sources. Perhaps you want to revise your example?
Please can you make example:
1) I have unspent output 5 XMR, I want to pay 3 XMR for goods and 1 XMR transaction fee.
2) I want obscure my payment with 1 foreign input what holds 6 XMR.
You can't do #2 with the the protocol works today. There is a modification from gmaxwell that allows using foreign outputs of different sizes but it isn't implemented anywhere AFAIK.
Your foreign ouputs need to be of the same size.
So we would have (borrowing some of your notation)
tx(input(ring(a1(5 XMR),f1(5 XMR),f2(5 XMR),f3(5 XMR)) -> output(r1(3 XMR),c1(1 XMR)))
a1 = our own upspent output
f1..f3 = foreign outputs of size equal to a1
r1 = output owned by recipient
c1 = change output owned by us
We could also include additional inputs (and generate more change) if we wanted to further obscure the amount of the transaction.
Did you forgot to add keyImage for a1 ? Or how can be this transaction verified ?
Like I said before, understanding this scheme has been a learning process for me. If I'm incorrect in any of information, Ryno or anyone else please feel free to correct me.
I spent the better part of the day preparing a guide/explanation slide presentation (draft) that goes over the flow from start to finish. The information in the presentation comes from the WP and IRC, so I'm sure it's 100%. Ryno still needs to verify everything though.
I think the visualization of the process will help people understand the groundbreaking innovation made here and more importantly - how to use it. It's truly a unique system.
(1st Draft and will edit accordingly)
https://docs.google.com/presentation/d/1yX2jN618Rnzs4g2ri_utdKdHbny6-xnRcPhOuhLNGB0/edit#slide=id.g577a31a2a_086
I'm working with crz to create a proper technical infographic that shows the process similar to the zerocoin and cryptonote images above. Not sure when those will be released but feel free to donate to crz! http://shadowtalk.org/topic/74/new-branding-wallet-logo-icons-visuals-infographics-media/12
Thanks!
a little over 300 blocks…
Those are the eyes of a man who has just witnessed the birth of zero knowledge transactions.
Jump to: