Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1540. (Read 4670622 times)
August 23, 2014, 09:03:52 AM
Thanks you.
August 23, 2014, 08:55:47 AM
New self-moderated speculation thread
https://bitcointalksearch.org/topic/xmr-monero-speculation-753252
August 23, 2014, 08:52:07 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.
You can open one here
https://moneroforum.org/
I prefer to reach the wider audience here. We can retain that advantage while removing off-topic posts.
August 23, 2014, 08:51:31 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.
Also would be happy if you open a self-moderated new one.
August 23, 2014, 08:44:00 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.
You can open one here
https://moneroforum.org/
August 23, 2014, 08:34:54 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
Ah okay. If we decide on a clear charter to be enforced I will be happy to open a moderated one.
August 23, 2014, 08:34:11 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
I believe it was due to some critical level of trolling. The thread wasn't self-moderated.
August 23, 2014, 08:19:55 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could do it myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
I'm curious why it was closed.
August 23, 2014, 08:18:51 AM
Could it be possible to reopen the XMR speculation thread or make a new one? I really miss the forecasts there. (I could create one myself you may say but I rather let some known member of this forum, with a good trust level, moderate it).
August 23, 2014, 07:52:39 AM
I'll happily maintain it, as long as it doesn't annoy the actual Monero team. I started it with a view to building the knowns into a bit of a roadmap and maybe some graphical flow for the overall reported progress. But as you see there is a super huge amount of information there so its hard to get it all into another more visual format.
Not annoyed at all:) I was wondering if it wouldn't make sense to put it on a timeline using this: http://timeline.knightlab.com - thoughts? The Time magazine "Nelson Mandela" timeline is an example how things brief notes can be expanded to show the exact line from the Missive or something. You can even shove it up on github and give a couple of people collab status so that you don't have to worry about maintaining it all by yourself.
August 23, 2014, 06:44:10 AM
Missive timeline overview
An overview of the missives so far.
...
Cheers,
Phil
An overview of the missives so far.
...
Cheers,
Phil
Beautiful! Thank you for doing this. It would be nice, if you could continue updating the list. Maybe every month make a new post with all the older posts included + all new missives, though it is just an idea
I'll happily maintain it, as long as it doesn't annoy the actual Monero team. I started it with a view to building the knowns into a bit of a roadmap and maybe some graphical flow for the overall reported progress. But as you see there is a super huge amount of information there so its hard to get it all into another more visual format.
August 23, 2014, 06:38:08 AM
So many FUDs around XMR but i will buy more.more FUDs = more people want to buy.
August 23, 2014, 06:22:24 AM
May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.
I'll buy you a nice box of cigars if you're right.
Maybe some Siglo VI? To your taste?Siglo VI come in box of 25, so I think that is the best value I can hope for!
I'd say we need 1 XMR = $1,000, ok?
August 23, 2014, 02:47:04 AM
May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.
I'll buy you a nice box of cigars if you're right.
Maybe some Siglo VI? To your taste? 
August 23, 2014, 02:13:45 AM
Thanks, any further comments from core team members would be great. I don't see why every Bitcoin user must be forced to use a privacy protocol for every transaction to provide a sufficient anonymity set. Even a small percentage of Bitcoin users may be a larger absolute number than the entire user base of a privacy coin. Also, isn't the primary issue the absolute number of people one is mixing with in a transaction (e.g., 50), rather than the total number of users of a privacy protocol or privacy coin? It seems the total user base only needs to be above some reasonable absolute number to provide sufficient privacy. The number of total users of a coin seems most important because of network effects that can determine whether a coin will survive against competitors, rather than its effect on privacy.
The anonymity set is more reduced than that. Let me give you an example: say you want to transfer 123.456 Bitcoin. No matter what method you use, if someone can observe you sent 123.456 Bitcoin from your address and 123.456 Bitcoin appeared in another address within an hour or two they can make certain conclusions. These inferences can be cryptographically proven, and this is called "reducing the anonymity set". Eventually the anonymity set can be reduced to the point where you can ascertain undoubtedly prove a certain address sent a transaction regardless of the intermingling and intermixing that occurred.
Now in order to make this really difficult, you have to start with a VERY large anonymity set. In other words, there need to be to very many people potentially involved in a transaction that any reduction is practically meaningless. Mixing typically requires point-in-time availability of people or nodes, and the higher the mix the longer it takes (since you have to go through "rounds" of mixing). Darkcoin gets around this, I believe, by "premixing" your coins. The downside to their approach (and to most of the other approaches I've seen) is that you have massive address churn in your wallet, and any practical use will require you to back your wallet.dat up constantly. Secure and anonymous cold storage is thus observable to anyone with a blockchain explorer (when it really shouldn't be).
One of the solutions Monero and other mixing systems employ to blind amount correlation is it splits inputs (and outputs) by powers of 10, so the earlier example would mean inputs of 100, 20, 3, 0.4, 0.05, and 0.006. Now because of the way Monero works (ring signatures!) you specify you want to mix with, say, 50 other people. So it takes that first input (100) and goes and finds all the unspent transaction outputs (ie. those not spent with a mixin of 0) that have ever occurred in the past and have a value of 100. As you can imagine, this is a pretty huge set, and is growing every day. It can then pick 50 of those at random, add your signature to the ring, and voila. Now it does the same for the other 5 inputs. This means that the total anonymity set here is massive - 51 * 6 = 306 people that could have possibly been involved in the transaction. Most importantly, because all of these are stealthed transactions (Monero uses stealth addresses permanently) some of those outputs you mix with could even have been created by you previously! Thus the potential anonymity set grows and grows even if the userbase stays stagnant - a feature that is not shared by any of the Bitcoin-derived anonymity solutions.
Finally, because Monero uses stealth addresses, you never need to backup anything more than a 300 byte password-encrypted keys file (or just write down the 24 word mnemonic seed you get when you first create a wallet). That 300 byte file will never change no matter how many transactions you do. You back it up once and you are safe from data loss forever.
Great explanation, I'll for sure continue to mine xmr for the future
Arguments like this should be on the webpage. August 23, 2014, 01:37:49 AM
May sound repetitious, but I really feel that Monero is the Bitcoin of 2010.
August 23, 2014, 01:06:05 AM
August 23, 2014, 12:24:33 AM
...
...
CryptoNote vs Bitcoin-based solutions
An abstract approach
You can put all outputs in any blockchain-based coin in a DAG where outputs are objects and transactions are arrows. If the transaction involves multiple inputs and multiple outputs, then add an arrow from any input to any output (call this a clique). In any such clique you mix the inputs, which is a good thing. The problem with Bitcoin is that the size of the cliques is severely limited: normally, you only have multiple inputs with a common source and most transactions have only two outputs, one of which is a change address. This allows you to aggregate addresses under the same ownership and this ripples both backwards and forwards (the latter is more troubling since it is the antipode of forward secrecy).
CoinJoin-like solutions attempt both to directly increase the size of the cliques and to address the first part of the problem (common inputs share ownership). Stealth addresses attempt to solve the second problem (everyone sees where the money goes). You can see how instead of saying that CryptoNote is "simply" better than those, it is more accurate to say that those solutions are actually approximate partial fragments of CryptoNote. In other words, any hypothetical Bitcoin privacy solution would necessarily have both a CoinJoin-like AND a stealth address-like mechanism to be viable. Due to technical limitations in the Bitcoin protocol (that would require a hard, hard fork to implement), all CoinJoin-like solutions are complicated Rube Goldberg machines because you can only mix with inputs in your same clique and that is and can never be enough (*) and all stealth address-like mechanisms require extra back-and-forth to perform the DH exchange. CryptoNote does those two things naturally; indeed, one could argue that the main ways in which CryptoNote is not Bitcoin are precisely changes specially-made for these two purposes (plus different PoW and other "variables").
Now you ask, "OK I understand CryptoNote is the shizzle and Bitcoin-based solutions are the groupies, but I think Bitcoin's network effects, prime mover advantage and a decent privacy implementation would make alts an academic exercise." To which the answer only really depends on whether you think any alt can overtake Bitcoin at all and has not much to do with privacy. People have very strong beliefs about this question generally. My answer (and that of many if not most here) is that it is entirely possible, but not necessarily probable, since they cater different markets (light vs dark liquidity) and thus we move to a different question.
If you really care about privacy then you understand that approximate privacy is no privacy. Monero's attack surface is flat compared to a hypothetical Bitcoin solution's fractal closure. Whoever sees this will use Monero instead of the Bitcoin-solution for privacy even if the userbase for Monero is much smaller. (*) This is because CryptoNote allows mixes with the past outputs. This means you do not need other participants (which is a seriously heavy rock that all CoinJoin approaches have to carry arround). On the longer term, this means you can mix even if there are only two people left using the network; even if the last transaction was last year; and so on, even if everyone stopped using Monero after this block you could still mix ten years later.
Finally, give me a function that decides in poly-time the question "Is output X the true source of the money that reached output Y?" in a CryptoNote DAG where all ring signatures have size at least 24 and I can probably decide 3-SAT in poly-time. The constant in the reduction could go to 12 since I'm pretty sloppy with map/fold. This means deterministic linkability is NP-hard and this is a very powerful result -- if the protocol is not misused, plausible deniability will never be compromised. If anyone's interested in pursuing this thread, the next question I have in mind is "What happens if we relax 'decides' to 'PAC-decides'?" A discussion of taint could come in handy here.
August 22, 2014, 08:54:07 PM
Missive timeline overview
An overview of the missives so far.
...
Cheers,
Phil
An overview of the missives so far.
...
Cheers,
Phil
Beautiful! Thank you for doing this. It would be nice, if you could continue updating the list. Maybe every month make a new post with all the older posts included + all new missives, though it is just an idea
August 22, 2014, 03:49:57 PM
I'm interested in the long-term future of Monero, and as a Monero holder I'm trying to assess risks, such as a future improved privacy offering for Bitcoin users. If you have any comments about CoinShuffle, CoinSwap, or what you consider to be the best privacy proposals that use the current Bitcoin protocol, I'd love to hear them.
I would recommend you read this discussion about the anonymity alternatives from the perspective of cryptographers:
https://bitcoin.stackexchange.com/questions/29471/is-there-any-true-anonymous-cryptocurrencies
TL;DR: Ring signatures (i.e. Cryptonote) have a clear advantage and hence Monero is a great hedge against Bitcoin proposed anonymization efforts.
Jump to: