[XMR] Monero - A secure, private, untraceable cryptocurrency - page 1430.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: Odalv on September 18, 2014, 12:39:16 PM

If you generate it from private key then no one can verify it is true. (they must trust you)

Nope, they verify it using the equations in VER on page 10, which depend only on r_i and c_i (i.e. the signature) and P, the public key generated from private key, not x, the private key.

The private key is not required to verify the key image, only to generate it.

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: Odalv on September 18, 2014, 01:24:50 PM

https://cryptonote.org/whitepaper.pdf

Quote

The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer

Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known and I can compute all Hp(Px)

H_p is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function?

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: Odalv on September 18, 2014, 01:24:50 PM

https://cryptonote.org/whitepaper.pdf

Quote

The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer

Nope, x is a private key (aka "secret key"). So you can't compute the key image from the public key. You need the private key (x).

Odalv

legendary

Activity: 1414

Merit: 1000

https://cryptonote.org/whitepaper.pdf

Quote

The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer

Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known and I can compute all Hp(Px)

Odalv

legendary

Activity: 1414

Merit: 1000

Quote from: smooth on September 18, 2014, 11:00:21 AM

Quote from: Odalv on September 18, 2014, 10:26:03 AM

Quote from: fluffypony on September 18, 2014, 09:48:36 AM

Quote from: Odalv on September 18, 2014, 09:40:07 AM

Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use VER/LINK to find out who is really spending ?

This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449

Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter.

Rem tene verba sequentur, as they used to say.

Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ?

I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it?

Quote

Edit:
If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring-sing of YOUR input with my privateKey ...

If you mean key image, you can't create that from a public key, only a private key.

>If you mean key image, you can't create that from a public key, only a private key.
whitepaper page 9. GEN: says. You generate it as some hash of public key. If you generate it from private key then no one can verify it is true. (they must trust you)

> I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it?
You told me that this "image key" is required for VER and LNK to prevent double spending
a) it is public
b) it can be computed from public key (I'll try all public keys)

saddambitcoin

legendary

Activity: 1610

Merit: 1004

Quote from: smooth on September 18, 2014, 11:50:46 AM

Quote from: saddambitcoin on September 18, 2014, 11:48:42 AM

Quote from: smooth on September 18, 2014, 11:44:44 AM

Quote from: saddambitcoin on September 18, 2014, 11:43:54 AM

Quote from: smooth on September 18, 2014, 11:33:22 AM

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?

Trashcan?

unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.

You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary:

https://bitcointalksearch.org/topic/m.8722972

success! thanks for the help.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: saddambitcoin on September 18, 2014, 11:48:42 AM

Quote from: smooth on September 18, 2014, 11:44:44 AM

Quote from: saddambitcoin on September 18, 2014, 11:43:54 AM

Quote from: smooth on September 18, 2014, 11:33:22 AM

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?

Trashcan?

unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.

You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary:

https://bitcointalksearch.org/topic/m.8722972

saddambitcoin

legendary

Activity: 1610

Merit: 1004

Quote from: smooth on September 18, 2014, 11:44:44 AM

Quote from: saddambitcoin on September 18, 2014, 11:43:54 AM

Quote from: smooth on September 18, 2014, 11:33:22 AM

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?

Trashcan?

unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: saddambitcoin on September 18, 2014, 11:43:54 AM

Quote from: smooth on September 18, 2014, 11:33:22 AM

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?

Trashcan?

saddambitcoin

legendary

Activity: 1610

Merit: 1004

Quote from: smooth on September 18, 2014, 11:33:22 AM

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3?

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: saddambitcoin on September 18, 2014, 11:31:25 AM

tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help?

i assume i need to install or update the miniupnpc library but not sure exactly how.

Code:

dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib
Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod
Reason: image not found
Trace/BPT trap: 5

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.

saddambitcoin

legendary

Activity: 1610

Merit: 1004

tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help?

i assume i need to install or update the miniupnpc library but not sure exactly how.

Code:

dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib
Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod
Reason: image not found
Trace/BPT trap: 5

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: mmortal03 on September 18, 2014, 11:25:31 AM

Quote from: nioc on September 17, 2014, 11:56:03 PM

Quote from: smooth on September 17, 2014, 11:45:50 PM

Quote from: nioc on September 17, 2014, 11:18:15 PM

The above post by fluffypony should put this funding discussion in perspective. He lists approximately $200,000 in costs. 3,500,000 coins have been mined and 1% is 35,000. At a generous exchange rate of $2 equals $70,000. So 1% of all the coins ever mined equals 1/3 of the most important costs listed.

I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it).

smooth, I agree.

Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs.

Link? And does it require signing up, or only an account address?

It is the first one listed on the OP: https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449

I'm pretty sure it is the usual zone type pool with address-as-username.

I'm pleased to see that it seems to have gained a bit of hashrate since this discussion started. Hopefully that continues and/or other pools join in making similarly generous donations.

mmortal03

legendary

Activity: 1762

Merit: 1011

Quote from: nioc on September 17, 2014, 11:56:03 PM

Quote from: smooth on September 17, 2014, 11:45:50 PM

Quote from: nioc on September 17, 2014, 11:18:15 PM

The above post by fluffypony should put this funding discussion in perspective. He lists approximately $200,000 in costs. 3,500,000 coins have been mined and 1% is 35,000. At a generous exchange rate of $2 equals $70,000. So 1% of all the coins ever mined equals 1/3 of the most important costs listed.

I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it).

smooth, I agree.

Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs.

Link? And does it require signing up, or only an account address?

mmortal03

legendary

Activity: 1762

Merit: 1011

Quote from: Anon136 on September 17, 2014, 11:12:19 PM

Quote from: smooth on September 17, 2014, 10:43:03 PM

Quote from: aminorex on September 17, 2014, 10:33:32 PM

and it is not presently sufficient in the magnitudes mooted...it doesn't actually solve the problem.

Actually a 1% mining donation (of course this number is set in stone, I'm just using it because that's what BBR uses, I think) would make a huge difference to the development budget. In fact, it would mean there was a budget at all, which isn't currently the case for the most part. So a huge change.

It wouldn't need to be the entire source of funding, but as a source of some steady funding it is sufficient enough to consider on that basis alone. Working out the numbers it comes to about 2500 USD per week at current exchange rates. That's enough to pay for a few days of full time dedicated development, which we are currently not able to do on a sustainable basis, and is certainly enough to accelerate progress significantly.

I think the really important point to drive home is that, atleast in the bootstrapping phase, there is nothing "wrong" with this approach. In almost every other industry in the world, when someone develops a product they charge for their services. No one makes a pair of shoes and puts them up for free in the store and hopes that someone donates. They make the shoes, put a price on them, and then people decide whether or not they want to make the exchange. There is no good reason why crypto developers shouldnt be entitled to do the exact same thing as a shoe makers for the exact same reasons why shoe makers are entitled to do that thing. Consumers arnt "forced" to pay this fee any more than a customer at walmart is "forced" to pay for the products that are on the shelves.

Right, except shoes aren't FOSS.

infofront

legendary

Activity: 2660

Merit: 2868

Shitcoin Minimalist

Quote from: ?? on ??

Quote from: Triffin on September 18, 2014, 08:37:34 AM

You can't have a successful project without adequate funding ..

Monero need to do like https://protonmail.ch/ and open a donations page towards the project, its pretty clear Monero is best privacy coin that exists, a new website with a project funding campaign will have great effects. But where is the new website??

I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.

I like the idea of a page like that. With proper design and marketing, it could draw in donations from people outside of the current cryptocurrency ecosystem. There are plenty of privacy advocates, libertarians, technologists, etc. who are uninterested in the messy world of cryptocurrency "investment", but may nonetheless be willing to support what's marketed as a relatively NSA-proof, anonymous, very important, new technology. People should also be able to donate fiat.

OrientA

sr. member

Activity: 462

Merit: 250

Quote from: sleepdog on September 18, 2014, 10:54:20 AM

Quote from: skunk on September 18, 2014, 08:22:59 AM

imho we should incentivate donations instead of begging for donations...
what about a weekly lottery where participating cost you eg. 1 xmr and the winner gets eg. 50% of the jackpot and the remaining 50% goes to developers?

This is a great idea. One that could probably be run by pretty much anyone too.

Perhaps someone should try it and see what kind of level of participation we get?

I like the dice idea. It also means XMR has some practical use.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: Odalv on September 18, 2014, 10:26:03 AM

Quote from: fluffypony on September 18, 2014, 09:48:36 AM

Quote from: Odalv on September 18, 2014, 09:40:07 AM

Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use VER/LINK to find out who is really spending ?

This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449

Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter.

Rem tene verba sequentur, as they used to say.

Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ?

I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it?

Quote

Edit:
If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring-sing of YOUR input with my privateKey ...

If you mean key image, you can't create that from a public key, only a private key.

sleepdog

full member

Activity: 183

Merit: 100

Quote from: skunk on September 18, 2014, 08:22:59 AM

imho we should incentivate donations instead of begging for donations...
what about a weekly lottery where participating cost you eg. 1 xmr and the winner gets eg. 50% of the jackpot and the remaining 50% goes to developers?

This is a great idea. One that could probably be run by pretty much anyone too.

Perhaps someone should try it and see what kind of level of participation we get?

Triffin

sr. member

Activity: 952

Merit: 251

Quote from: Triffin on September 18, 2014, 08:37:34 AM

You're making this harder than it needs to be ..
Take a page from Wall Street ..

You can't have a successful project without adequate funding ..

How much money do you need ?
When do you need it ?
Is this a 'one off' funding request or an ongoing funding requirement ?

The easiest and quickest solution is a small secondary offering ..
If you want to call it an 'instamine' then so be it ..
Bottom line you've got devs that need to be paid and projects that need to get done ..

Take 100,000 Monero out of the back-end of the emmissions curve and sell them
now at a slight discount to current market prices ..

Most current XMR holders will buy a 'proportional share' of the offering to maintain or increase their
ownership position in the coin .. and you'll be offering new investors a chance to get in at a slight discount ..

Considering the development pace in Cryptoland you can't afford to wait ..

Triff ..

No good ?? Don't want to do a secondary offering ??

Then ask the top 100 wallets on the 'rich list' ( they know who they are )
to kick in 1% of what they currently own/hold to the 'Dev Fund' ..

Triff ..

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1430. (Read 4671947 times)