Pages:
Author

Topic: The impact of bad crypto (DASH, SDC, etc). How much does math matter? - page 7. (Read 7308 times)

legendary
Activity: 1470
Merit: 1010
Join The Blockchain Revolution In Logistics

i feel like something profound is being communicated,
yet i'don't have the foggiest of clues :?
legendary
Activity: 3066
Merit: 1188

i.e. this works...



this doesn't...



So arguing about what constitute "good and bad crypto" when comparing public and obscured blockchain is like arguing which is more secure - the money or the safe.
legendary
Activity: 3066
Merit: 1188

it will not be a higher order tier, it will be regular, ordinary main-chain Bitcoin transactions in which the amounts payable to each output are obscured (mathematically verifiable, but not visible in plaintext

Nothing is "mathematically verifiable" except in theory.

Blockchains are not theory, they are practice.

That means they have to use technology that portends to implement theory but does not guarantee it. And even if they could guarantee it there's no way for an end user to ever know conclusively that they've got their hands on an authentic instance of that technology (except of course "in theory"  Wink ).

So for unbacked monerary tokens no blockchain is "verifiable" by anything other than mass visual inspection on an ongoing basis of every single address by the fare paying public, independently of whether they happen to be holders of private keys or not. It's the sociological endorsement that emerges from that shared consensus that supports the value, not "math".

And if CT is ever implemented for bitcoin itself then bitcoin will no longer be a tier 1 asset and no longer constitute viable money. (At least not in any sociological sense that could support its value).

Just for clarification, by "monetary tier", I meant this: If I use my bike as "money" to pay for something then the bike is the tier 1 money and the contract that says someone owns it is the tier 2 asset. The tier 2 asset can be obscured, burned, washed through the washing machine, without compromising the integrity or value of the tier 1 asset.

In crypto, obscured blockchains (such as CT) potentially have the job of record keeping and obscuring the ownership of a tier 1 asset (bitcoin). But they are not tier 1 assets in their own right (by virtue of being obscured).



legendary
Activity: 2968
Merit: 1198
For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

If CT is ever implemented for Bitcoin itself (and segwit seems to make that more likely, even if only marginally), it will not be a higher order tier, it will be regular, ordinary main-chain Bitcoin transactions in which the amounts payable to each output are obscured (mathematically verifiable, but not visible in plaintext). You will no longer be able to look up addresses on a block explorer and see balances.

If implemented on a side-chain, I would consider that "higher tier" although I guess perspectives differ somewhat.


legendary
Activity: 3066
Merit: 1188

The elephant in the room is monetary properties, not technical ones. It's very simple, for tier 1 monetary assets:

Good crypto = Public Blockchains
Bad Crypto = Obscrued Blockchains

For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

So you should therefore be discussing the merits of Good/Bad crypto within the domain of Public Blockchains explicitly or Good/Bad crypto within the domain of Obscured Blockchains explicitly since they are distinct monetary domains and obscured blockchains do not have any native (unbacked) monetary properties in the first place - even if it is "good crypto".
legendary
Activity: 2968
Merit: 1198
We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

I've already explained the critical difference between the two. One has an ongoing cost to bad actors, the other does not. The lack of any quantifiable cost means is that attacks are plausibly unbounded. More mixing will not save you.

Quote
The OP however refers to the "highschool maths" from a TPTB post about InstantX.

Was there any peer review of the InstantX white paper whatsoever? Was TPTB the first one to catch the error 1+ years later?


legendary
Activity: 1708
Merit: 1049
We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

The OP however refers to the "highschool maths" from a TPTB post about InstantX.
legendary
Activity: 2968
Merit: 1198
We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

InstantX has other issues, worse than jamming, as far as not seeing it happening, there really isn't any incentive to even jam right now (who cares?). If it got to the point where Bitcoin is or even beyond, with real reasons for various interests to attack each other, that could and likely would be very different.

Analyzing soundness and especially over the longer term when it really matters is very different from just observing no one is attacking now. The same can be said for every single vulnerable system that has ever been attacked, looking at it the day before.
legendary
Activity: 1708
Merit: 1049
We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.
legendary
Activity: 2968
Merit: 1198
These types of attacks where someone comes and buys all the coins are too theoretical for my preference.

All of the coins are not even needed for many masternode attacks. That was the point of the "incorrect high school math" discussion. In many cases the number required is far lower than "all". It is analogous to hash rate attacks which can be done with <50% hash rate, except that in the hash rate case, there is a cost when the attack doesn't succeed. In the masternode case that cost doesn't exist, because a node that is a laying-in-wait attacker is being rewarded at the same rate as any other node.

Also, I would guess a large part of the reason you dismiss these sorts of attacks is a false inference from the word "attack" as something that needs to be done on demand (i.e. go buy up all the coins quickly on an exchange -- which will obviously fail). A better way to phrase it may be "failed incentives", which can also occur over an extended period. For example, in PoW, mining becoming extremely concentrated is not an active attack (where you go and buy up all the hash rate quickly), it is something that may very well happen (and arguably has happened, at least to some extent) over time that still very much undermines the security assumptions of the system.
legendary
Activity: 1708
Merit: 1049
These types of attacks where someone comes and buys all the coins are too theoretical for my preference.
legendary
Activity: 2968
Merit: 1198
Cost for the attacker: Millions of USD to buy masternodes

There is no such cost, since nothing is consumed. You still have the masternodes when you are done. If done as a malicious attack that reduces the value of the token, an attacker would have already stripped his exposure from his stake and resold it via derivatives. If merely done for spying purposes then you can continue to both spy and collect masternode rewards. This will outcompete honest masternodes over time since spying has economic value.

Yeah, well, if you want it that way, buying the monero supply to sybil all the mixins (a la BCN-83% "their mixin is insecure"), would also be a feasible economic attack. So XMR = REKT by the "theoretical" buyer of most coins  Cry Cry Cry

Unlike masternode ownership that continues to pay rewards, that can't work without an ongoing cost post MRL-0004, given the math in MRL-0001 (not necessary to follow the math -- the chart showing the 'burnout' effect is good enough). Even Bytecoin could fix this eventually if they implemented a minimum mixing, although it would take quite a while for 82% premine to burn out.

legendary
Activity: 1708
Merit: 1049
Cost for the attacker: Millions of USD to buy masternodes

There is no such cost, since nothing is consumed. You still have the masternodes when you are done. If done as a malicious attack that reduces the value of the token, an attacker would have already stripped his exposure from his stake and resold it via derivatives. If merely done for spying purposes then you can continue to both spy and collect masternode rewards. This will outcompete honest masternodes over time since spying has economic value.

Yeah, well, if you want it that way, buying the monero supply to sybil all the mixins (a la BCN-83% "their mixin is insecure"), would also be a feasible economic attack. So XMR = REKT by the "theoretical" buyer of most coins  Cry Cry Cry

In practice it doesn't work that way.
legendary
Activity: 2968
Merit: 1198
Cost for the attacker: Millions of USD to buy masternodes

There is no such cost, since nothing is consumed. You still have the masternodes when you are done. If done as a malicious attack that reduces the value of the token, an attacker would have already stripped his exposure from his stake and resold it via derivatives. If merely done for spying purposes then you can continue to both spy and collect masternode rewards. This will outcompete honest masternodes over time since spying has economic value.
legendary
Activity: 1708
Merit: 1049
Mixin 0 was always a bad idea and a security weakness, no matter if a deanonymizing implementation was getting it right, wrong, or guessing.
legendary
Activity: 2968
Merit: 1198
XMR / Monero broken crypto:

I think chainradar are using all the 0 mixin transactions from exchanges and pools in order to guess - the things in https://lab.getmonero.org/pubs/MRL-0004.pdf. I tried some transactions with mixing 7 and 5 between my wallets and they are successfully guessing most of them. This issue is already addressed in the MRL-0004 and we knew that, but it's scary seeing it in chainradar. Everybody should stop using mixing of 0 until this is enforced in the protocol - including pools and exchanges. I suppose some mixings between your own wallets with high mixing should resolve the issue for now. Trollfest incoming Sad.

Cry Cry Cry

This was debunked both by fluffypony writing a program to analyze it (and showing the deanonymizing "results" obviously wrong) and later a reply from chainrader stating that it was just a bug in their web site showing wrong data and not even an attempt at deanonymizing at all. FUD/panic, in other words.
legendary
Activity: 2268
Merit: 1141
XMR / Monero broken crypto:

I think chainradar are using all the 0 mixin transactions from exchanges and pools in order to guess - the things in https://lab.getmonero.org/pubs/MRL-0004.pdf. I tried some transactions with mixing 7 and 5 between my wallets and they are successfully guessing most of them. This issue is already addressed in the MRL-0004 and we knew that, but it's scary seeing it in chainradar. Everybody should stop using mixing of 0 until this is enforced in the protocol - including pools and exchanges. I suppose some mixings between your own wallets with high mixing should resolve the issue for now. Trollfest incoming Sad.

Cry Cry Cry

This was refuted at the time by:

https://github.com/fluffypony/chainradar-checker

It's bad crypto alright. Monero users were transacting "anonymously" for a year only to discover later that they could be trivially deanonymized because those in charge hadn't fixed a "hole" in the system from the start.

Erroneous as well, like I've stated above and others pointed out as well.



Also, what is the point of opening these kind of threads? It will end in mud-throwing anyway. Ironically it already started in the first few posts here.
 
legendary
Activity: 1708
Merit: 1049
The poll was not focused on privacy, the danger of high school level mathematics is far greater than that.

The "high school mathematics" mentioned were of the following type:

"If someone has XXX masternodes then they can jam an InstantX transaction X% of the time because InstantX locking is performed on the masternodes".

Cost for the attacker: Millions of USD to buy masternodes
Gains for the attacker: No gains. Only losses by devaluing his investment.

Elementary game theory logic = violated.
hero member
Activity: 742
Merit: 500
The thing is: 99.9999% of inhabitants of this planet can't even track a btc-transaction on blockchain.info

So the anon-coin-hype has finally worn off same as the pos-hype?

So we're back to conventional pow, right?  Roll Eyes   Tongue    Cool     Grin     Cheesy    

The poll was not focused on privacy, the danger of high school level mathematics is far greater than that. The random number generator (RNG) error with the DASH paper wallet generator literally put users at risk of their entire balances being stolen.

Newsflash: not even the rng in bitcoin-qt is 100% reliable as i was hearing from the horses' mouth in the technical section somewhere. All your funds are at risk due to rng being not random.


And then again: "security" is always an illusion. Wishful thinking of a human mind afraid of pain and death. There is no good corespondence to the idea of "security" in the real world so it will likely forever be a chase for unicorns but i digress.
"Security" is just an idea fueled by whishful thinking. It can never be reached in reality.

The only thing that gives us something close to security is the fact that 99.99% of people are too stupid to understand what's happening if that makes sense?

There is no security behind the curve - none whatsoever
full member
Activity: 126
Merit: 100
XMR / Monero broken crypto:

I think chainradar are using all the 0 mixin transactions from exchanges and pools in order to guess - the things in https://lab.getmonero.org/pubs/MRL-0004.pdf. I tried some transactions with mixing 7 and 5 between my wallets and they are successfully guessing most of them. This issue is already addressed in the MRL-0004 and we knew that, but it's scary seeing it in chainradar. Everybody should stop using mixing of 0 until this is enforced in the protocol - including pools and exchanges. I suppose some mixings between your own wallets with high mixing should resolve the issue for now. Trollfest incoming Sad.

Cry Cry Cry

Damn it. I was hoping monero was something I could invest in.

It is.

Monero already fixed this problem in the recent hard fork by forbidding mixin 0 transactions.
Pages:
Jump to: