Topic: The impact of bad crypto (DASH, SDC, etc). How much does math matter? - page 7. (Read 7295 times)

i feel like something profound is being communicated,
yet i'don't have the foggiest of clues :?

i.e. this works...



this doesn't...



So arguing about what constitute "good and bad crypto" when comparing public and obscured blockchain is like arguing which is more secure - the money or the safe.

Nothing is "mathematically verifiable" except in theory.

Blockchains are not theory, they are practice.

That means they have to use technology that portends to implement theory but does not guarantee it. And even if they could guarantee it there's no way for an end user to ever know conclusively that they've got their hands on an authentic instance of that technology (except of course "in theory"   ).

So for unbacked monerary tokens no blockchain is "verifiable" by anything other than mass visual inspection on an ongoing basis of every single address by the fare paying public, independently of whether they happen to be holders of private keys or not. It's the sociological endorsement that emerges from that shared consensus that supports the value, not "math".

And if CT is ever implemented for bitcoin itself then bitcoin will no longer be a tier 1 asset and no longer constitute viable money. (At least not in any sociological sense that could support its value).

Just for clarification, by "monetary tier", I meant this: If I use my bike as "money" to pay for something then the bike is the tier 1 money and the contract that says someone owns it is the tier 2 asset. The tier 2 asset can be obscured, burned, washed through the washing machine, without compromising the integrity or value of the tier 1 asset.

In crypto, obscured blockchains (such as CT) potentially have the job of record keeping and obscuring the ownership of a tier 1 asset (bitcoin). But they are not tier 1 assets in their own right (by virtue of being obscured).

If CT is ever implemented for Bitcoin itself (and segwit seems to make that more likely, even if only marginally), it will not be a higher order tier, it will be regular, ordinary main-chain Bitcoin transactions in which the amounts payable to each output are obscured (mathematically verifiable, but not visible in plaintext). You will no longer be able to look up addresses on a block explorer and see balances.

If implemented on a side-chain, I would consider that "higher tier" although I guess perspectives differ somewhat.

The elephant in the room is monetary properties, not technical ones. It's very simple, for tier 1 monetary assets:

Good crypto = Public Blockchains
Bad Crypto = Obscrued Blockchains

For higher order tiers (backed money, e.g. Bitcoin CT), obscured blockchains are acceptable.

So you should therefore be discussing the merits of Good/Bad crypto within the domain of Public Blockchains explicitly or Good/Bad crypto within the domain of Obscured Blockchains explicitly since they are distinct monetary domains and obscured blockchains do not have any native (unbacked) monetary properties in the first place - even if it is "good crypto".

I've already explained the critical difference between the two. One has an ongoing cost to bad actors, the other does not. The lack of any quantifiable cost means is that attacks are plausibly unbounded. More mixing will not save you.


Was there any peer review of the InstantX white paper whatsoever? Was TPTB the first one to catch the error 1+ years later?

Well, the more you mix, the lower the probabilities of bad actors affecting you. That's pretty much the same across the board, in all mixing scenarios, including Cryptonote mixin settings.

The OP however refers to the "highschool maths" from a TPTB post about InstantX.

I was talking about darksend spying, which you can't see happening, but is all but inevitable (and the only way out there is essentially an accidental miracle) given the incentives.

InstantX has other issues, worse than jamming, as far as not seeing it happening, there really isn't any incentive to even jam right now (who cares?). If it got to the point where Bitcoin is or even beyond, with real reasons for various interests to attack each other, that could and likely would be very different.

Analyzing soundness and especially over the longer term when it really matters is very different from just observing no one is attacking now. The same can be said for every single vulnerable system that has ever been attacked, looking at it the day before.

We are talking about ...jamming a transaction, after spending a shitload of money. And that's to jam 0.x% of instantx transactions that at worst will be confirmed 150seconds later per the casual block confirmation... that doesn't make any sense.

If it's a valid game theory scenario, and makes sense for the attacker, we'll see it happen. I don't see it happening.

All of the coins are not even needed for many masternode attacks. That was the point of the "incorrect high school math" discussion. In many cases the number required is far lower than "all". It is analogous to hash rate attacks which can be done with <50% hash rate, except that in the hash rate case, there is a cost when the attack doesn't succeed. In the masternode case that cost doesn't exist, because a node that is a laying-in-wait attacker is being rewarded at the same rate as any other node.

Also, I would guess a large part of the reason you dismiss these sorts of attacks is a false inference from the word "attack" as something that needs to be done on demand (i.e. go buy up all the coins quickly on an exchange -- which will obviously fail). A better way to phrase it may be "failed incentives", which can also occur over an extended period. For example, in PoW, mining becoming extremely concentrated is not an active attack (where you go and buy up all the hash rate quickly), it is something that may very well happen (and arguably has happened, at least to some extent) over time that still very much undermines the security assumptions of the system.

These types of attacks where someone comes and buys all the coins are too theoretical for my preference.

Unlike masternode ownership that continues to pay rewards, that can't work without an ongoing cost post MRL-0004, given the math in MRL-0001 (not necessary to follow the math -- the chart showing the 'burnout' effect is good enough). Even Bytecoin could fix this eventually if they implemented a minimum mixing, although it would take quite a while for 82% premine to burn out.

Yeah, well, if you want it that way, buying the monero supply to sybil all the mixins (a la BCN-83% "their mixin is insecure"), would also be a feasible economic attack. So XMR = REKT by the "theoretical" buyer of most coins  

In practice it doesn't work that way.

There is no such cost, since nothing is consumed. You still have the masternodes when you are done. If done as a malicious attack that reduces the value of the token, an attacker would have already stripped his exposure from his stake and resold it via derivatives. If merely done for spying purposes then you can continue to both spy and collect masternode rewards. This will outcompete honest masternodes over time since spying has economic value.

Mixin 0 was always a bad idea and a security weakness, no matter if a deanonymizing implementation was getting it right, wrong, or guessing.

This was debunked both by fluffypony writing a program to analyze it (and showing the deanonymizing "results" obviously wrong) and later a reply from chainrader stating that it was just a bug in their web site showing wrong data and not even an attempt at deanonymizing at all. FUD/panic, in other words.

This was refuted at the time by:

https://github.com/fluffypony/chainradar-checker


Erroneous as well, like I've stated above and others pointed out as well.

---

Also, what is the point of opening these kind of threads? It will end in mud-throwing anyway. Ironically it already started in the first few posts here.
 

The "high school mathematics" mentioned were of the following type:

"If someone has XXX masternodes then they can jam an InstantX transaction X% of the time because InstantX locking is performed on the masternodes".

Cost for the attacker: Millions of USD to buy masternodes
Gains for the attacker: No gains. Only losses by devaluing his investment.

Elementary game theory logic = violated.

Newsflash: not even the rng in bitcoin-qt is 100% reliable as i was hearing from the horses' mouth in the technical section somewhere. All your funds are at risk due to rng being not random.


And then again: "security" is always an illusion. Wishful thinking of a human mind afraid of pain and death. There is no good corespondence to the idea of "security" in the real world so it will likely forever be a chase for unicorns but i digress.
"Security" is just an idea fueled by whishful thinking. It can never be reached in reality.

The only thing that gives us something close to security is the fact that 99.99% of people are too stupid to understand what's happening if that makes sense?

There is no security behind the curve - none whatsoever

It is.

Monero already fixed this problem in the recent hard fork by forbidding mixin 0 transactions.