Author

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1428. (Read 4671575 times)

legendary
Activity: 2968
Merit: 1198
Did I miss the discussion about the cost/difficulty of exposing multisig?  I see it's already in Cryptonote...

I don't think we have come up with a concrete estimate. We reviewed the implementation from Cryptonote and found it to be of generally poor quality and largely unsuitable to use. Further, carefully vetting it (since they can't be trusted) would likely be too expensive to be practical.

It also has the limitation of not working with ring sigs. I'm not sure that is a show stopper, and it is allegedly fixable, but no one has written down a full design for doing so (that we have seen). Even in our own implementation, we'd have to decide whether to take that on or not, since doing multisig without ring sigs is rather more obvious and well defined.

Quote
Let's add multisig, trustless Blockchain type web wallet, and p2pool to our Wish List of items for the final platform to be funded by the Bootstrap.

Agreed.

Quote
Anything else crucial we want, while keeping within the 184k XMR/~$300k budget?

Open to suggestions!
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
without a lower limit, it is uncertain whether tx fees will be sufficient to provide incentive to miners.

It is not uncertain, it won't work. The "hard money" BTC types are being unrealistic about how the technology operates, entirely indepetent of whether their monetary theories are valid or not (I take no position).

BTC is on a collision course with failure, or being reinvented as a centralized ledger system (with the degree of centralization that already exists its almost there already, so this isn't hard to imagine at all) or switching to PoS or something else equally retarded. This is a good example of what I'm talking about when it comes to not being strangled by an inflexible "social contract."

The only way it could possibly work would be that have some internal source of mining rewards that don't increase the money supply, for example demurrage. Actually that's the only one I could think of but maybe there are others. But I guess the Bitcoin version of "social contract" probably prevents that too. Bitcoin is likely beyond saving.

There is a reason that Monero was designed with a minimum block reward, although I'm skeptical that the rapidly declining rewards will continue to secure the network even long before the minimum kicks in. Still better than Bitcoin though.

Thanks for your insight.  Luckily for us, the letter of Monero's social contract is still a work in progress.  The spirit of voluntarism is what we are inflexible about.  Even in Tacopia, hard principles like property rights have exceptions such as taxes, easements, eminent domain, and adverse possession.  Subsidies and externalities must be eliminated if possible and regulated if not.

Since we'd like to replace lost coins as they presumably become more valuable (and less likely to be lost), what about a diminishing lower limit of something like 17.59 XMR/(block height^1/3) for all blocks after coin 18.4MM?

Edit: Initial reward/cube root(height) gives a reward of 0.0968 XMR at block 6,000,000.  That seems about right, and provides 139 XMR/day for miners.  Somebody else will have to math the limit on the sequence, I've been up too long.
legendary
Activity: 1722
Merit: 1217
As for the social contract obsession. Its important. Granted it creates some problems of course reasonable flexability would be ideal. But without the social contract you have nothing. You have no trust. No one knows what they are buying.

Monero is at an embryonic, barely usable stage (particularly when considering the potential for attacks, exploits, very damaging but unintentional coding errors, etc.). We used to call it alpha-quality software. With the benefit of the past six months of experience, I'd demote that to pre-alpha proof of concept.

I mostly agree that getting to a point of a "hard" social contract with inviolable trust is a good goal (I think there are alternatives but they are vague and not fully developed, so I won't go there), but I'm not convinced we are ready to do that yet, in a practical sense.

Ah right you were talking about monero and i was talking about bitcoin. I agree that there is no clearly defined social contract with monero yet. Not the same as saying that there is none at all. You clearly cant go and double the money supply after people already bought in for example. But with that said, neither are the exact specifics of the emission curve set in stone either, for example. Fundamentally i think we are in agreement here.

Quote
It should be obvious that as long as you are relying on a central developer team for critical fixes and essential features, you are not operating a decentralized cryptocurrency at all. Instead, you are holding a speculative crypto asset that might, someday, turn into a decentralized cryptocurrency.

decentralized can mean different things in different contexts. monero is decentralized in the sense that it uses a decentralized proof of work mechanism to generate network consensus and provide byzantine fault tolerance. but yes in other ways it certainly is less decentralized than it could be.

Quote
When mistakes are recognized as this early stage, the benefits of fixing them outweigh the disadvantages of being stuck with them forever. And in reality, as you say, even Bitcoin isn't stuck with anything forever. If it were to fail catastrophically, this "trust" you describe would be broken out of necessity anyway. I say fix what we can now, when the impact is relatively small, to avoid the potential for much bigger and worse impact later (or what I consider more likely, the reaching of a fairly low success plateau where the "untouchable" mistakes limit further growth).

Yes i agree. and that is why i say that we have something of a loose sort of tennative social contract that is developing as a result of discussions just like these and slowly solidifying with time. Its like wet concrete that is every day in the process of becoming slightly more dry.

Quote
We are at a natural transition point right now, after having worked for nearly six months, having recognized that the initial donation funding model is a failure, the coin needs a lot more work than any of us realized, and has also in some ways been more successful than any of us expected. Let's regroup a bit, not take anything off the table, and do whatever needs to be done to really push this far beyond where it is right now.

total support.
legendary
Activity: 2968
Merit: 1198
As for the social contract obsession. Its important. Granted it creates some problems of course reasonable flexability would be ideal. But without the social contract you have nothing. You have no trust. No one knows what they are buying.

Monero is at an embryonic, barely usable stage (particularly when considering the potential for attacks, exploits, very damaging but unintentional coding errors, etc.). We used to call it alpha-quality software. With the benefit of the past six months of experience, I'd demote that to pre-alpha proof of concept.

I mostly agree that getting to a point of a "hard" social contract with inviolable trust is a good goal (I think there are alternatives but they are vague and not fully developed, so I won't go there), but I'm not convinced we are ready to do that yet, in a practical sense.

It should be obvious that as long as you are relying on a central developer team for critical fixes and essential features, you are not operating a decentralized cryptocurrency at all. But we're doing even more than that! We are finishing the design on some of the essential anonymity features that were left half-baked in the original implementation. In effect, we're still designing the coin! What you are actually holding right now a speculative crypto asset that might, someday, turn into a decentralized cryptocurrency with anonymity and other features that make it special.

I view our job as developers as one of putting ourselves out of business. But as long as we are in business, we are essentially still in a launch phase, and need to be able to make course corrections and manage the transition from a proof-of-concept to something truly decentralized and with the foundation to reach vastly higher valuations. These are valuations that aren't sustainable with a built-in reliance on a central developer team. Truly economy-changing valuations. If you are thinking in familiar numbers of digits, you are aiming too low. Don't.

When mistakes are recognized as this early stage, the benefits of fixing them outweigh the disadvantages of being stuck with them forever. And in reality, as you say, even Bitcoin isn't stuck with anything forever. If it were to fail catastrophically, this "trust" you describe would be broken out of necessity anyway. I say fix what we can now, when the impact is relatively small, to avoid the potential for much bigger and worse impact later (or what I consider more likely, the reaching of a fairly low success plateau where the "untouchable" mistakes limit further growth).

We can safely recognize that the proof-of-concept has flaws, and fix them, without precluding that we reach a stable and trusted system in time. In fact fixing problems now makes that more likely.

We are at a natural transition point right now, after having worked for nearly six months, having recognized that the initial donation funding model is a failure, the coin needs a lot more work than any of us realized, and has also in some ways been more successful than any of us expected. Let's regroup a bit, not take anything off the table, and do whatever needs to be done to really push this far beyond where it is right now.

EDIT: various clean ups and rewrites.
sr. member
Activity: 252
Merit: 250
legendary
Activity: 1722
Merit: 1217
I dont think this is as dire as you think smooth. If bitcoin does get to the point where there is not enough hashing power to protect it, and someone does actually begin DOS'ing or doubespending than this will create the motivation to fork into some change that fixes the problem. Be that more inflation to pay miners or higher transaction fees or even proof of stake. After a successful attack the will to change something to fix the problem will be there. Will it lose some capitalization in the process? sure. But crypto is amazing and the world needs it and bitcoin has the network and inferastructre that no others have or probably ever will have.

I disagree how it plays out.. It won't get to the point where it actually fails, it will simply fail to gain value because its unstable underpinnings will become increasingly obvious. If there were a willingness to make the sorts of hard choices that you mention ahead of actual failure, then it could be saved, but I think the "social contract" obsession will likely prevent that from ever happening. Instead the value will flow elsewhere, to something lacking the flaws. That may already be happening to some extent.


But i mean what failure are you talking about? Before any sort of successful sustained long term attack we will probably have some that are not long term sustainable. Maybe someone can afford to reverse enough trasactions to doublespend a couple of their transactions but the point at which this first becomes potentially profitable will not be the same point at which it becomes reasonable to DOS shut down the network. The point is i think we should be careful not to homogenize "attacks" as if they are all the same.

As for the social contract obsession. Its important. Granted it creates some problems of course reasonable flexability would be ideal. But without the social contract you have nothing. You have no trust. No one knows what they are buying. One person thinks that he is buying something with a currency supply of 21 million and someone else thinks they are buying something with a currency supply of 42 million than you have a disaster in the making. Clearly defined rules are how you avoid conflict. No one comes on my property because everyone knows its my property, if someone else thinks that he owns half of my property and i think that i own half of his than we are going to get into a fight. That rigid social contract that defines the line between the two may be less than ideal for some situations, but it is what protects both of us from conflict. In the bitcoin world it may not come to fistiecuffs but parties will abandon the crypto if the rules are confused and undefined. or they will all fork different ways and create dis-coordination and make all of their monies less useful as money.

Quote
As for the size of Bitcoin's network, I consider all crypto networks tied for zero place relatively to fiat. Yes the world needs crypto but Bitcoin only has a negligible lead on anything else looking at the picture from the scale of fiat.

This may be a good point. Noted for consideration.
legendary
Activity: 2968
Merit: 1198
I dont think this is as dire as you think smooth. If bitcoin does get to the point where there is not enough hashing power to protect it, and someone does actually begin DOS'ing or doubespending than this will create the motivation to fork into some change that fixes the problem. Be that more inflation to pay miners or higher transaction fees or even proof of stake. After a successful attack the will to change something to fix the problem will be there. Will it lose some capitalization in the process? sure. But crypto is amazing and the world needs it and bitcoin has the network and inferastructre that no others have or probably ever will have.

I disagree how it plays out. It won't get to the point where it actually fails, it will simply fail to gain value because its unstable underpinnings will become increasingly obvious. If there were a willingness to make the sorts of hard choices that you mention ahead of actual failure, then it could be saved, but I think the "social contract" obsession will likely prevent that from ever happening. Instead the value will flow elsewhere, to something lacking the flaws. That may already be happening to some extent.

As for the size of Bitcoin's network, I consider all crypto networks tied for zero place relative to fiat. Yes the world needs crypto but Bitcoin only has a negligible lead on anything else looking at the picture from the scale of fiat.

legendary
Activity: 1722
Merit: 1217
I dont think this is as dire as you think smooth. If bitcoin does get to the point where there is not enough hashing power to protect it, and someone does actually begin DOS'ing or doubespending than this will create the motivation to fork into some change that fixes the problem. Be that more inflation to pay miners or higher transaction fees or even proof of stake. After a successful attack the will to change something to fix the problem will be there. Will it lose some capitalization in the process? sure. But crypto is amazing and the world needs it and bitcoin has the network and inferastructre that no others have or probably ever will have. Honestly im more concerned about overspending on security because it is much more difficult to discover that mistake. Only perhaps through market competition and alternative crypto currency schemes that spend less on security but still are not successfully attacked could we discover that bitcoin is overspending on security.
legendary
Activity: 2968
Merit: 1198
An optimal final emission schedule should converge on a finite number, so we don't have an unlimited number of coins.  Infinite inflation scares the BTC hard money types, although lost coins probably dominate the actually available money supply and results in undesirable(?) net deflation.

But without a lower limit, it is uncertain whether tx fees will be sufficient to provide incentive to miners.

It is not uncertain, it won't work. The "hard money" BTC types are being unrealistic about how the technology operates, entirely independent of whether their monetary theories are valid or not (I take no position).

BTC is on a collision course with failure, or being reinvented as a centralized ledger system (with the degree of centralization that already exists its almost there already, so this isn't hard to imagine at all) or switching to PoS or something else equally retarded. This is a good example of what I'm talking about when it comes to not being strangled by an inflexible "social contract."

The only way it could possibly work would be to have some internal source of mining rewards that don't increase the money supply, for example demurrage. Actually that's the only one I could think of but maybe there are others. But I guess the Bitcoin version of "social contract" probably prevents that too. Bitcoin is likely beyond saving.

There is a reason that Monero was designed with a minimum block reward, although I'm skeptical that the rapidly declining rewards will continue to secure the network even long before the minimum kicks in. Still better than Bitcoin though.

legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
If we must insist on kind-of replacing the relatively insignificant 1% shuffled coins

What do you mean by shuffled coins? I don't understand the term.

BTW, multisig doesn't exist in Monero. Of course, that could be one of the funded development items but it is a bit of a bootstrapping problem with your proposal. Relatively minor detail though.

I meant the 1% of bootstrap coins which get shuffled from the bottom of the deck to the top.  Sorry for mixing shoe/card metaphors.

Nice catch on the multisig derp, but XMR doesn't need multisig to be held in escrow by third parties.  I guess the fund should be divided among several reputable escrow providers for redundancy, until that functionality is enabled internally.  No biggie; social engineering will prevail!   Cool

Did I miss the discussion about the cost/difficulty of exposing multisig?  I see it's already in Cryptonote...

Let's add multisig, trustless Blockchain type web wallet, and p2pool to our Wish List of items for the final platform to be funded by the Bootstrap.

Anything else crucial we want, while keeping within the 184k XMR/~$300k budget?

Damn this is good coffee.  As it must be, if I'm to solve the mystery of optimal post-Bootstrap final emission schedule...

An optimal final emission schedule should converge on a finite number, so we don't have an unlimited number of coins.  Infinite inflation scares the BTC hard money types, although lost coins probably dominate the actually available money supply and results in undesirable(?) net deflation.

But without a lower limit, it is uncertain whether tx fees will be sufficient to provide incentive to miners.

This smells like an empirical question whose correct answer cannot be deduced by analysis.  Maybe modeling would help.  We can't wait for Bitcoin to figure it out first.   Tongue

In any case, I think we have to iron out the logically prior details of if/where/when the last 1% of coins actually occur before we move them to the Bootstrap Block.

Maybe we could sidestep the issue by using the second to last 1% instead?   Grin  Are their whereabouts known with reasonable certainty?

Such a hard problem!  I wonder what (((((cypherdoc))))) would say.  He's brilliant at this kind of monetary architect stuff.
legendary
Activity: 1624
Merit: 1008
I'm a fan of setting things on stone unless its a bug or catastrophic problem, whatever you guys decide to do, not making it default enabled (except the mix count that need to be forced to a minimal of 1 as discussed before) is a must imo to keep xmr trust intact, but thats just my opinion.

People seem to think and I agree.....it's problem.
legendary
Activity: 2968
Merit: 1198
If we must insist on kind-of replacing the relatively insignificant 1% shuffled coins

What do you mean by shuffled coins? I don't understand the term.

BTW, multisig doesn't exist in Monero. Of course, that could be one of the funded development items but it is a bit of a bootstrapping problem with your proposal. Relatively minor detail though.

legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
I would spend Moneros voting pro this idea.  Rptellia, smooth, fluffypony, tacotime?  Somebody with clout please ...  Roll Eyes

I certainly think it is premature to make any kind of decision or even consider voting, etc., but the discussion is healthy and interesting. I 100% applaud the willingness to think big and break a few "rules" in crafting a proposal, whether or not it gets adopted. More of this please!

There are some things I really like about the idea. For example, compared to a premine or IPO, I very much like that it is happening after there has been some experience with the coin and team, rather than right at the start when it's all promises, no distribution or established market value, and no track record.

There are some things I think are quite strange and need further explanation and/or revision. I'm not even sure how much of this is sincere. Some of the biggest problems with the emission of the coin is the rewards going away too soon. Pulling from the tail end of the distribution makes that worse. Fund being 50/50 in BTC/XMR might be a bad idea to set in stone for all time, and would almost certainly be a bad idea to enforce quickly, because it would require dumping a ton of XMR (unless that were somehow built into the bidding). And CZ?!

I'm not a fan "everything must be set in stone because that is the social contract" model that comes out of Bitcoin's precedent. I think part of the whole idea of doing something that isn't Bitcoin is to try to improve on it, and especially not feel compelled to follow its precedent when it doesn't work for us (and arguably hasn't even worked for it). That is not just code, and especially not just anonymity, but also culture and process.



I'm a fan of Bitcon's ultraconservative approach, but I'm also a fan of calculated risk, diversity, innovation, and hedging.

Monero's success grants it the unique privilege of monetizing its devteam's sweat equity by means of the (AFAIK) world's first postmine.

Making our Bootstrap Block on the 100k anniversary of the Troll Block is a pointed reference to the salient moment when Taco and the rest cemented their coin's world-class altcoin rockstar status, proving true RP's statement that Monero is the only hedge to, and coin most likely to achieve parity with, Bitcoin.

The main ideas, a 1% devtax like BBR and a block presale like VIA, aren't new.  We know they are working so far, and don't have to reinvent the wheel.

I like how both approaches are flat taxes.  We whales/botherders/private miners with more to gain shoulder a part of the dev burden proportional to our hlodings and hoards.

As for the social contract, the 18.4 MM figure is a minimum, with a maximum contingent on final outcome of an unsettled debate.

There are a number of options to offset pulling coins from the end, especially since the specifics of how the curve ends (or doesn't end) are in active discussion.

Maybe adopting my proposal will have a clarifying effect on the final emission debate, killing two birds with one stone.

If we must insist on kind-of replacing the relatively insignificant 1% shuffled coins, we increase the (proposed and controversial) hard lower block reward limit.  Increased tx fees are another option to secure revenue for miners in the distant future.  But we're talking about 1% of the coins, that's not a big deal even at the penultimate Tacoshi.

My initial proposal only sets in stone the finality of the one-time only Bootstrap Block and the mining devtax hard upper limit of 1%.

Perhaps it should be expanded to include or even be contingent upon resolution of exactly when/if we'll mine the last Tacoshi.  That will require more thought/coffee...!

There will be no med/long term dumping because of the Bootstrap Block presale.  Read how the VIA presale was conducted; it is a demonstrably optimal form of the gimmicky crowdsourcing ideas being bandied about here earlier.  It's at least equally likely the price will increase in response to the Bootstrap, given that our devteam will now be able to complete its ambitious previously unreachable goals and provide for the mature platform's maintenance in the foreseeable future. 

Image the dumping if the dev team has to quit or scale back their vision for the final platform.  We may already be seeing it today.  Less devs = less security/more risk = dump the truck up.

If you have a more elegant/robust idea than 50/50 XMR/BTC with 5/9 multisig escrow, I'd love to hear it.  Remember to KISS please.

I knew you would have concerns about one of the two non-core people with partial multisig authority.  RP is there to represent the MEW (whale money) and CZ is there to represent the rest of the more-respectable Cryptonote community.  We require at least one adversarial, but authoritative, voice in the mix to prevent groupthink and keep you all honest.  Besides, you only need 5/9 sigs to authorize expenditures.
legendary
Activity: 2968
Merit: 1198
The social contract was that eventually there would be 18.4 million coins in circulation.

That is incorrect. Let's look at the OP (which in this regard has not changed since day one, so no funny business here)

Quote
Actual number of atomic units is M = 264 - 1. A minimum subsidy may be implemented in the future with <1% inflation to preserve mining incentives.

The first sentence (with scaling factor applied) corresponds to the 18.4 million. The second sentence says there may be a minimum subsidy, which, if implemented, would inevitably result in sooner or later there being more than 18.4 million coins in circulation (of course not counting lost coins, etc.)

So aside from the issue of whether this alleged social contract even exists and if it exists whether it should be changed, it certainly doesn't even say what you think it says.

Thank you for sharing the experience with LTC though. I wasn't aware of that background and it is definitely interesting. And regardless of what I said above, your specific suggested changes are well taken and helpful.

legendary
Activity: 1624
Merit: 1008
Hi, guys , how should I join in  #Monero-Dev Fireside Chat? Thanks

Monero Fireside Chat #2, how to connect:
https://plus.google.com/b/101861896996947433029/events/c8094ts82ggh0mpkffu4ja5kohg
http://www.youtube.com/watch?v=s9gH2ndAAkE

YouTube allows you to watch live and later.
Google+ allows you also to interact. You can also ask questions on #monero-dev.

-- updated by davidlatapie
legendary
Activity: 1154
Merit: 1001
Hi, guys , how should I join in  #Monero-Dev Fireside Chat? Thanks

Preferably dressed, but I hear some people will be attending naked.
~ Myagui
newbie
Activity: 47
Merit: 0
Hi, guys , how should I join in  #Monero-Dev Fireside Chat? Thanks
legendary
Activity: 1624
Merit: 1008
The number of coins being talked about is 9 days worth of emissions at the present rate.
legendary
Activity: 1256
Merit: 1009
Quote
It is my belief that the question of funding will get solved not by a single solution but by a combination of several ones.

I come from litecoin which I've been in and out of for the last few years.  They literally have to always beg for donations.  They have hordes of rich bagholders.  They have an active forum and sell advertisements.  Donation drives.  My point is - they have the "several solutions" you are talking about.  And it's barely enough for a mature coin that is basically just a clone of bitcoin.

I want to bring up the social contract again.  The social contract was that eventually there would be 18.4 million coins in circulation.  I'm not an advocate of changing that number in any way shape or form.  However what we are talking about is essentially doing 3 things (in this solution)

A - Changing when they are released.  This essentially creates more short term dillution but does not change the long term "social contract"

B - Changing how they are released.  This is really just stating that the developers are 10% as important as the miners to the long term health of the coin hence it should be released now to make it possible for the other 18,216,000 coins actually get to the point they are usable.

C - It forces everyone to share in the cost of the development.  Including the miners, traders and hodlers.

I'm not saying this is the solution but it's the one I've liked the most so far.

*Edit - I would actually like the idea better of releasing the coins over 1 - 3 years rather than all at once.
legendary
Activity: 2968
Merit: 1198
Quote
The notation in the whitepaper and what you've seen here is proper notation. I = x*H_p(P) means x times H_p(P) where H_p is a hash function, H_p(P) is the hash function evaluated at a point, and * denotes elliptic curve multiplication which is NOT normal multiplication. Just like matrix multiplication is not the same as usual multiplication, elliptic curve multiplication takes place in a different manner than what you learned in, say, elementary algebra class. This is an abstract multiplicative notion, it is quite usual and proper to see it used this way.

For further reading, I would not begin necessarily with fluffypony's wall of links, but with Daepp and Gorkin's "Reading, Writing, and Proving" to learn a little bit about formal mathematics, and then maybe move onto Trappe and Washington's "Introduction to Cryptography." In that order. Be sure to try all the exercises in both books before asking any more questions.

Edit: I a word.

geez why so many accounts anonnymint  Kiss

lol. I believe this is actually the cryptographer who the XMR devs had vet the whitepaper ... google is your friend.. I'm not. Tongue

This being the Internet and there being no controls over what names people use a forum nicks, don't assume. However, in this case I can confirm that one of them did make that post.

Jump to: