Author

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1429. (Read 4671575 times)

hero member
Activity: 658
Merit: 503
Monero Core Team
I would spend Moneros voting pro this idea.  Rptellia, smooth, fluffypony, tacotime?  Somebody with clout please ...  Roll Eyes
It is my belief that the question of funding will get solved not by a single solution but by a combination of several ones. This in turns means that 1) no option need to be very ambitious and 2) we can afford for some options to be discarded later on as they are deemed inappropriate.
To reiterate what smooth just wrote, the fact that it is happening while the coin is already known and people had time to judge the coin, the project and the team, should definitely help in making it more acceptable. Also, I'm not a big fan of "set in stone" here. My experience proves that, as long as people know that the rules can change later on, there are OK with it. When (possible) changes is part of the contract, this is fine - only unexpected changes should be avoided, changes announced well in advance are OK.

That being said, donations should be handled as they are now: dev decide what to do with the money. Not the competitors, not the donators, not the big investors. This is what we did until now, it allowed us to diligently make the most out of it and, if this doesn't suffice, MEW will act the exact same way.
If this is not enough, consider that governance would become much harder: all of a sudden, someone else than the devs could consider what is a priority without necessarily having all the information to make an informed decision. We would spend more time discussing than acting. Shills and trolls would invite themselves in the discussion to try to sabotage it all. We would have to keep two different accounts: one for money we can use as we see fit and one for money we must ask for usage.
Much ado bloat for nothing, in my opinion. Especially considering we already proved who we are and what we can do, contrary to a pre-launch IPO.

If someone is not comfortable with giving us a blank cheque, then one could use this money on one of the many crowdfunded projects that will pop up later on. Keeping in mind that some crowdfunded projets might never happen if the fundations are not paid...

Still, this is good to have some constructive proposals for ensuring Monero will thrive. Keep it on!
legendary
Activity: 3570
Merit: 1959
Quote
The notation in the whitepaper and what you've seen here is proper notation. I = x*H_p(P) means x times H_p(P) where H_p is a hash function, H_p(P) is the hash function evaluated at a point, and * denotes elliptic curve multiplication which is NOT normal multiplication. Just like matrix multiplication is not the same as usual multiplication, elliptic curve multiplication takes place in a different manner than what you learned in, say, elementary algebra class. This is an abstract multiplicative notion, it is quite usual and proper to see it used this way.

For further reading, I would not begin necessarily with fluffypony's wall of links, but with Daepp and Gorkin's "Reading, Writing, and Proving" to learn a little bit about formal mathematics, and then maybe move onto Trappe and Washington's "Introduction to Cryptography." In that order. Be sure to try all the exercises in both books before asking any more questions.

Edit: I a word.

geez why so many accounts anonnymint  Kiss

lol. I believe this is actually the cryptographer who the XMR devs had vet the whitepaper ... google is your friend.. I'm not. Tongue
member
Activity: 112
Merit: 10
Quote
The notation in the whitepaper and what you've seen here is proper notation. I = x*H_p(P) means x times H_p(P) where H_p is a hash function, H_p(P) is the hash function evaluated at a point, and * denotes elliptic curve multiplication which is NOT normal multiplication. Just like matrix multiplication is not the same as usual multiplication, elliptic curve multiplication takes place in a different manner than what you learned in, say, elementary algebra class. This is an abstract multiplicative notion, it is quite usual and proper to see it used this way.

For further reading, I would not begin necessarily with fluffypony's wall of links, but with Daepp and Gorkin's "Reading, Writing, and Proving" to learn a little bit about formal mathematics, and then maybe move onto Trappe and Washington's "Introduction to Cryptography." In that order. Be sure to try all the exercises in both books before asking any more questions.

Edit: I a word.

geez why so many accounts anonnymint  Kiss
newbie
Activity: 3
Merit: 0

The notation in the whitepaper and what you've seen here is proper notation. I = x*H_p(P) means x times H_p(P) where H_p is a hash function, H_p(P) is the hash function evaluated at a point, and * denotes elliptic curve multiplication which is NOT normal multiplication. Just like matrix multiplication is not the same as usual multiplication, elliptic curve multiplication takes place in a different manner than what you learned in, say, elementary algebra class. This is an abstract multiplicative notion, it is quite usual and proper to see it used this way.

For further reading, I would not begin necessarily with fluffypony's wall of links, but with Daepp and Gorkin's "Reading, Writing, and Proving" to learn a little bit about formal mathematics, and then maybe move onto Trappe and Washington's "Introduction to Cryptography." In that order. Be sure to try all the exercises in both books before asking any more questions.

Edit: I a word.
legendary
Activity: 2968
Merit: 1198
I would spend Moneros voting pro this idea.  Rptellia, smooth, fluffypony, tacotime?  Somebody with clout please ...  Roll Eyes

I certainly think it is premature to make any kind of decision or even consider voting, etc., but the discussion is healthy and interesting. I 100% applaud the willingness to think big and break a few "rules" in crafting a proposal, whether or not it gets adopted. More of this please!

There are some things I really like about the idea. For example, compared to a premine or IPO, I very much like that it is happening after there has been some experience with the coin and team, rather than right at the start when it's all promises, no distribution or established market value, and no track record.

There are some things I think are quite strange and need further explanation and/or revision. I'm not even sure how much of this is sincere. Some of the biggest problems with the emission of the coin is the rewards going away too soon. Pulling from the tail end of the distribution makes that worse. Fund being 50/50 in BTC/XMR might be a bad idea to set in stone for all time, and would almost certainly be a bad idea to enforce quickly, because it would require dumping a ton of XMR (unless that were somehow built into the bidding). And CZ?!

I'm not a fan "everything must be set in stone because that is the social contract" model that comes out of Bitcoin's precedent. I think part of the whole idea of doing something that isn't Bitcoin is to try to improve on it, and especially not feel compelled to follow its precedent when it doesn't work for us (and arguably hasn't even worked for it). That is not just code, and especially not just anonymity, but also culture and process.

How about not quoting the whole thing (especially incorrectly) repeatedly though? It makes the thread very hard to read.
legendary
Activity: 1762
Merit: 1011
Quote

BBR has a 1% dev tax, and I still consider it free as in FOSS.  VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins.

We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics...

I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange.

Which is more unfair to me?
A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or,
B) changing the emission 'social contract' condition by a slight degree

I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation.

The emission 'social contract' is not set in stone, EG the final emission rate is still undecided.

As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.


I LOVE this idea.  And it does NOT change the social contract - it helps ensure it actually gets delivered by not allowing the coin to die.

I would spend Moneros voting pro this idea.  Rptellia, smooth, fluffypony, tacotime?  Somebody with clout please ...  Roll Eyes

1 - everyone pays the price (more supply - early inflation = everyone pays the price)

I think this is a false dilemma. There are other options that don't fiddle with the fundamentals of the coin that should be tried first.
sr. member
Activity: 471
Merit: 250
I like the idea, but I'm sure there must be implications I can't encompass. Can't wait to see how the core-team react to it.
legendary
Activity: 1256
Merit: 1009
Quote

BBR has a 1% dev tax, and I still consider it free as in FOSS.  VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins.

We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics...

I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange.

Which is more unfair to me?
A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or,
B) changing the emission 'social contract' condition by a slight degree

I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation.

The emission 'social contract' is not set in stone, EG the final emission rate is still undecided.

As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.

Yes, the devteam has proven themselves worth of a pre-mine which never happened.  Here is how to create it:

I call it the 'Two To TacoTime' plan.   Cool



-One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)

-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM

-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)

-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits

-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund

-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block


-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%

-dev fund is kept 50/50 in XMR/BTC multisig escrow.  Rebalancing may be done without notice, prior or otherwise

-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)

-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing

This sounds pretty fair to me, but then again i'm not all that savvy on premines or how it may or may not affect current prices etc.

Sounds like the general consensus is that either way, something must be done, these guys can't work for free, or this whole project will just never happen... something has to give, somewhere....

Quote
As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.


I LOVE this idea.  And it does NOT change the social contract - it helps ensure it actually gets delivered by not allowing the coin to die.

I would spend Moneros voting pro this idea.  Rptellia, smooth, fluffypony, tacotime?  Somebody with clout please ...  Roll Eyes

1 - everyone pays the price (more supply - early inflation = everyone pays the price)
legendary
Activity: 3570
Merit: 1959
Quote
I appreciate Anon136's argument against imposing a "post-mine" which would affect the emissions curve, as he says miners have the choice to stop mining if they dont like the change but investors have already bought in so changing the conditions is unfair. I still like the idea of a post-mine on the principle that the devteam have proved themselves worthy of a pre-mine which never happened, but I don't have a decent idea of how to create it Sad

BBR has a 1% dev tax, and I still consider it free as in FOSS.  VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins.

We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics...

I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange.

Which is more unfair to me?
A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or,
B) changing the emission 'social contract' condition by a slight degree

I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation.

The emission 'social contract' is not set in stone, EG the final emission rate is still undecided.

As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.

Yes, the devteam has proven themselves worth of a pre-mine which never happened.  Here is how to create it:

I call it the 'Two To TacoTime' plan.   Cool



-One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)

-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM

-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)

-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits

-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund

-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block


-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%

-dev fund is kept 50/50 in XMR/BTC multisig escrow.  Rebalancing may be done without notice, prior or otherwise

-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)

-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing

This sounds pretty fair to me, but then again i'm not all that savvy on premines or how it may or may not affect current prices etc.

Sounds like the general consensus is that either way, something must be done, these guys can't work for free, or this whole project will just never happen... something has to give, somewhere....

Quote
As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.

I feel the same way here, thanks for posting your idea, even if it gets shot down by devs or whatever...        
legendary
Activity: 2156
Merit: 1072
Crypto is the separation of Power and State.
Quote
I appreciate Anon136's argument against imposing a "post-mine" which would affect the emissions curve, as he says miners have the choice to stop mining if they dont like the change but investors have already bought in so changing the conditions is unfair. I still like the idea of a post-mine on the principle that the devteam have proved themselves worthy of a pre-mine which never happened, but I don't have a decent idea of how to create it Sad

BBR has a 1% dev tax, and I still consider it free as in FOSS.  VIA had a completely fair, transparent, and very successful presale of Block 1's 10% of total coins.

We should emulate both of these approaches, and combine them to make Monero a staggeringly well funded project with concomitant high resiliency/survivability characteristics...

I'm a Monero investor who has been hloding tight since it was at parity with Primecoin, and only traded on cryptonoteexchange.

Which is more unfair to me?
A) risking the near certainty of devs running out of enthusiasm/money for completion of our very ambitions goals (thus XMR being unable to grow and respond to emergencies), or,
B) changing the emission 'social contract' condition by a slight degree

I think the former is far more unfair, because it puts my entire investment at risk in entirely predictable and probably preventable ways, IE liquidity crises and stagnation.

The emission 'social contract' is not set in stone, EG the final emission rate is still undecided.

As in investor, I don't feel comfortable being a free rider by expecting the devs to work for free/cheap, or jointly subsidizing others' free rides by making piddly one time donations.

Yes, the devteam has proven themselves worth of a pre-mine which never happened.  Here is how to create it:

I call it the 'Two To TacoTime' plan.   Cool



-One-time Bootstrap Block 302612 (celebrating 100k anniversary of historic Battle of Troll Block)

-Bootstrap Block includes 1% of final coin total (184k XMR) moved from end of emission (years away) to SoonTM

-Bootstrap Block coins are bid for and distributed proportionately in the same trustless/transparent way as VIA's Block 1 presale (http://presale.viacoin.org/terms)

-Bootstrap Block is worth at least $300k dollars, enough to refactor codebase, integrate DB, complete I2P, create Official Wallet, and hire pros for meticulous security audits

-After the Bootstrap Block, all subsequent blocks (less transaction fees) pay 1% to dev fund

-Ongoing 1% mining tax provides for continued care and maintenance of the mature platform created by our Bootstrap Block


-New 'set in stone' rules/guarantees/commitments/social contract: no more Bootstrap Blocks ever no matter what, and mining devtax will never go over 1%

-dev fund is kept 50/50 in XMR/BTC multisig escrow.  Rebalancing may be done without notice, prior or otherwise

-dev fund expenditures must be authorized by at least 5 of the 9 (7 core team members + RPietila + Zoidberg)

-dev funds may only be used to pay for writing/auditing critical code, and may not be used to raise more funds or for marketing
hero member
Activity: 509
Merit: 500
So much math... need to dummy it down a bit and read a Wolverine comic
legendary
Activity: 2968
Merit: 1198
legendary
Activity: 1414
Merit: 1000
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.

The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function.
So in this case, the multiplication step is to denote the hash mapping.

In the paper, it also defined the key image as I = x * Hp(P)

Now this seems like it is the multiplication of private key x with the hash to the public key P.

But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).

I'll just quote from someone who knows way more math than I do -


sarang: The operation is actually repeated elliptic addition... and that addition is really a curve intersection and some other complicated shit
sarang: Multiplying an integer by an elliptic curve point is well-defined
sarang: the x*H(p) is not another hash
sarang: You convert the hash output H(p) to an elliptic point
sarang: and then do the integer-elliptic multiplication
sarang: so it's super important to identify what is an integer and what is an elliptic curve point
sarang: The notation is identical, as it would be in formal mathematics
sarang: They usually use lowercase for integers and uppercase for points
sarang: and always use the multiplication order integer*point
sarang: just as a matter of convention, that is
sarang: so anyone saying you can divide a point by an integer is wrong
sarang: elliptic curve crypto would be broken wide open if that were the case
sarang: Oh, and G is NOT a hash function. It's the elliptic base point
sarang: so A is also an elliptic point


so what exact "I = x * Hp(P)" means ?
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.

The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function.
So in this case, the multiplication step is to denote the hash mapping.

In the paper, it also defined the key image as I = x * Hp(P)

Now this seems like it is the multiplication of private key x with the hash to the public key P.

But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).

I'll just quote from someone who knows way more math than I do -


sarang: The operation is actually repeated elliptic addition... and that addition is really a curve intersection and some other complicated shit
sarang: Multiplying an integer by an elliptic curve point is well-defined
sarang: the x*H(p) is not another hash
sarang: You convert the hash output H(p) to an elliptic point
sarang: and then do the integer-elliptic multiplication
sarang: so it's super important to identify what is an integer and what is an elliptic curve point
sarang: The notation is identical, as it would be in formal mathematics
sarang: They usually use lowercase for integers and uppercase for points
sarang: and always use the multiplication order integer*point
sarang: just as a matter of convention, that is
sarang: so anyone saying you can divide a point by an integer is wrong
sarang: elliptic curve crypto would be broken wide open if that were the case
sarang: Oh, and G is NOT a hash function. It's the elliptic base point
sarang: so A is also an elliptic point
legendary
Activity: 1414
Merit: 1000
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.

The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function.
So in this case, the multiplication step is to denote the hash mapping.

In the paper, it also defined the key image as I = x * Hp(P)

Now this seems like it is the multiplication of private key x with the hash to the public key P.

But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).

I think
  a) hash(P) -> I know pseudo-identity (worst case, same as Bitcoin)
  b) x*hash(P) ->  I know identity + x (worst case, ZERO)
  c) hash(x) -> Nobody can verify transaction  and "math" does not work (I can double spend)
  d) P*hash(x) -> I can double spend (I can cheat with hash(x))
  e) I do not know -> we will see
  f) Monero to the Moon

:-)
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
I'll apply Hp on all public keys (P is public key) in signature.
I know I, P, Hp(P) seems I can compute x

x = I / Hp(P)
 

Edit:
P is one of 6 public keys ... I'll try all

lol cryptography, how does it work?

https://www.certicom.com/index.php/52-the-elliptic-curve-discrete-logarithm-problem
hero member
Activity: 644
Merit: 502
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.

You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right?

No.

Your statement lacks sound reasoning.

'You' is who? I believe that you mean it in the universal sense, but there is no way to determine the ratio of truthiness vs falseyness that all XMR and cryptocurrency market members ascertain in relation to said 'coin-killer posts.'

Furthermore, price is not necessarily proportional to the 'chance it is true.'
legendary
Activity: 2968
Merit: 1198
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer


Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known  and I can compute all Hp(Px)

Simple answer. It is elliptic curve multiplication. The hash gives you a point. This isn't invertible, so no, you can't do I/H.



Jump to: