Author

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1430. (Read 4671575 times)

legendary
Activity: 1414
Merit: 1000
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.

You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right?

I do not look at source. I'm only asking and study whitepaper (how it works). Maybe I'm wrong.
full member
Activity: 133
Merit: 100
Someone needs to check the source code too but I believe the whitepaper's notation is screwed up.

The paper defines private key a and public Key A through the transformation A = a*G, where G is the Hash function.
So in this case, the multiplication step is to denote the hash mapping.

In the paper, it also defined the key image as I = x * Hp(P)

Now this seems like it is the multiplication of private key x with the hash to the public key P.

But I think this is actually I = x * Hp(P) = x*G2, where G2 like above is another hash function so this is just a hash of private key x using some deterministic hash function that is dependent on public key P (Hp(P)).
hero member
Activity: 966
Merit: 1003
I have been thinking on the coin-killer posts and the more I read it the more I smell BS, there is nothing proving it is more than FUD, if people are dumping because of this they will be sorry soon.

You don't have to fully believe either option, if you think there's 10% chance it is true, the price should take 10% cut, right?
legendary
Activity: 1414
Merit: 1000
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer


Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known  and I can compute all Hp(Px)
 

Hp is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function?
I'll apply Hp on all public keys (P is public key) in signature.
I know I, P, Hp(P) seems I can compute x

x = I / Hp(P)
 

Edit:
P is one of 6 public keys ... I'll try all
legendary
Activity: 2968
Merit: 1198
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer


Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known  and I can compute all Hp(Px)
 

Hp is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function?

He's missing that you can verify the validity of the key image without knowing x. I explained that in the post after yours.
legendary
Activity: 2968
Merit: 1198
If you generate it from private key then no one can verify it is true. (they must trust you)

Nope, they verify it using the equations in VER on page 10, which depend only on ri and ci (i.e. the signature) and P, the public key generated from private key, not x, the private key.

The private key is not required to verify the key image, only to generate it.

 
donator
Activity: 1274
Merit: 1060
GetMonero.org / MyMonero.com
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer


Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known  and I can compute all Hp(Px)
 

Hp is a deterministic hash function. You only know I, x is secret. P is computed using x. Explain again how you're going to reverse the hash function?
legendary
Activity: 2968
Merit: 1198
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer

Nope, x is a private key (aka "secret key"). So you can't compute the key image from the public key. You need the private key (x).

legendary
Activity: 1414
Merit: 1000
https://cryptonote.org/whitepaper.pdf
Quote
The signer picks a random secret key and computes the corresponding
public key P=xG. Additionally he computes another public key
I=xHp(P) which we will call the "key image"
...
Nobody can recover the public key from the key image and identify the signer

lol, but everybody can compute "key image" from public key and then identify the signer


Edit
if this mean I = x * Hp(P) then I can compute even x

x = I / Hp(P)
I is known  and I can compute all Hp(Px)
 
legendary
Activity: 1414
Merit: 1000
Ok I'm not sure about "image key". I red somewhere it is derived from private key (so only me can verify because only I know private ) ... But in this paper "image key" is derived from pubic key. Does it mean I can use  VER/LINK to find out who is really spending ?

This is a TA thread - if you're struggling to grasp the cryptography then you are welcome to continue this discussion in the Monero ANN thread: https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449

Alternatively, if you believe you've found an exploit, I do encourage you (again) to document it and write a PoC like every other security researcher. The process of writing a PoC normally forces me to come to grips with the intricacies of the subject, and I document thereafter.

Rem tene verba sequentur, as they used to say.

Is that "image key" public observable ? Every node knows what input is really spent and who ring-sing this message ?

I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it?

Quote
Edit:
If I know YOUR public key, from an unspet input . You are broadcasting new transaction (is not yet minted). I can compute "image key" and create ring-sing of YOUR input with my privateKey ...

If you mean key image, you can't create that from a public key, only a private key.



>If you mean key image, you can't create that from a public key, only a private key.
whitepaper page 9.  GEN:  says. You generate it as some hash of public key.  If you generate it from private key then no one can verify it is true. (they must trust you)

> I don't see the term "image key" anywhere, so I'm not sure what that means. Maybe I missed it?
You told me that this "image key" is required for VER and LNK to prevent double spending
a) it is public
b) it can be computed from public key (I'll try all public keys)

legendary
Activity: 1610
Merit: 1004

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.


OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? 

Trashcan?



unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.

You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary:

https://bitcointalksearch.org/topic/m.8722972

success! thanks for the help.
legendary
Activity: 2968
Merit: 1198

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.


OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? 

Trashcan?



unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.

You can get it from my torrent, which I haven't updated. You'll get an old version of the blockchain with it, but you can disregard that and just use the binary:

https://bitcointalksearch.org/topic/m.8722972
legendary
Activity: 1610
Merit: 1004

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.


OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? 

Trashcan?



unfortunately not, i just replaced the bitmonerod and simplewallet files so they didn't end up in trash. no worries though i will wait it out and use linux in the meantime.
legendary
Activity: 2968
Merit: 1198

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.


OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? 

Trashcan?

legendary
Activity: 1610
Merit: 1004

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.


OK, thanks smooth. I dragged & dropped the latest OSX build and did not make a backup of the old one before doing so...whoops. Any place I can find 0.8.8.3? 
legendary
Activity: 2968
Merit: 1198
tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help?

i assume i need to install or update the miniupnpc library but not sure exactly how.

Code:
dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib
  Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod
  Reason: image not found
Trace/BPT trap: 5

That seems like a build error. The openbsd and macos build scripts have a lot in common but system miniupnpc shouldn't be assumed on the Mac.

The latest build is not a mandatory update so I would recommend simply sticking with the previous one until we get that sorted out.



legendary
Activity: 1610
Merit: 1004
tried running the new monero just after updating OSX to 10.9.5 and i'm getting this error...can anyone help?

i assume i need to install or update the miniupnpc library but not sure exactly how.

Code:
dyld: Library not loaded: /usr/local/lib/libminiupnpc.9.dylib
  Referenced from: /Users/stalker500/Desktop/monero/./bitmonerod
  Reason: image not found
Trace/BPT trap: 5

legendary
Activity: 2968
Merit: 1198
The above post by fluffypony should put this funding discussion in perspective.  He lists approximately $200,000 in costs.   3,500,000 coins have been mined and 1% is 35,000.  At a generous exchange rate of $2 equals $70,000.  So 1% of all the coins ever mined equals 1/3 of the most important costs listed.

I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it).



smooth, I agree.  

Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs.


Link? And does it require signing up, or only an account address?

It is the first one listed on the OP: https://bitcointalksearch.org/topic/xmr-monero-a-secure-private-untraceable-cryptocurrency-583449

I'm pretty sure it is the usual zone type pool with address-as-username.

I'm pleased to see that it seems to have gained a bit of hashrate since this discussion started. Hopefully that continues and/or other pools join in making similarly generous donations.

legendary
Activity: 1762
Merit: 1011
The above post by fluffypony should put this funding discussion in perspective.  He lists approximately $200,000 in costs.   3,500,000 coins have been mined and 1% is 35,000.  At a generous exchange rate of $2 equals $70,000.  So 1% of all the coins ever mined equals 1/3 of the most important costs listed.

I'd rather work with 1/3 of the costs than work with 1/30, which is approximately what has been received in donations. The former at least allows prioritizing, scaling down some items (at least temporarily), etc. and still getting a significant portion of the work done, plus as I said it need not be the only funding source (and some work will I'm sure continue to be done by community volunteers who are interested in doing it).



smooth, I agree.  

Also to anyone mining, there is a pool that donates 100% of it's 1% fee to the devs.


Link? And does it require signing up, or only an account address?
legendary
Activity: 1762
Merit: 1011
and it is not presently sufficient in the magnitudes mooted...it doesn't actually solve the problem.

Actually a 1% mining donation (of course this number is set in stone, I'm just using it because that's what BBR uses, I think) would make a huge difference to the development budget. In fact, it would mean there was a budget at all, which isn't currently the case for the most part. So a huge change.

It wouldn't need to be the entire source of funding, but as a source of some steady funding it is sufficient enough to consider on that basis alone. Working out the numbers it comes to about 2500 USD per week at current exchange rates. That's enough to pay for a few days of full time dedicated development, which we are currently not able to do on a sustainable basis, and is certainly enough to accelerate progress significantly.


I think the really important point to drive home is that, atleast in the bootstrapping phase, there is nothing "wrong" with this approach. In almost every other industry in the world, when someone develops a product they charge for their services. No one makes a pair of shoes and puts them up for free in the store and hopes that someone donates. They make the shoes, put a price on them, and then people decide whether or not they want to make the exchange. There is no good reason why crypto developers shouldnt be entitled to do the exact same thing as a shoe makers for the exact same reasons why shoe makers are entitled to do that thing. Consumers arnt "forced" to pay this fee any more than a customer at walmart is "forced" to pay for the products that are on the shelves.

Right, except shoes aren't FOSS.
Jump to: