Quote
So, not sure. I did push the 32-bit update the other day, it could be a botnet.
Where is this 32-bit update located? Would like to try it.
tacotime, where is this 32-bit update located?
Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 2082. (Read 4671924 times)
Where is this 32-bit update located? Would like to try it.
tacotime, where is this 32-bit update located?
We're all hip and stuff now:
Omg, difficulty increased x1.5 overnight (now 8038312). Botnet?
I don't think 1.5x indicates a botnet at all.
For one thing the Windows miner was optimized to be about twice as fast (which makes it slightly faster than Linux, but fairly close). Given that so many people use Windows a big jump is to be expected.
Second with the attention this coin is getting and the enormous price jump it is not surprising that many more people want to mine it.
Omg, difficulty increased x1.5 overnight (now 8038312). Botnet?
Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.
I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.
The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.
What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?
I dont understand tromp's algorithm well enough to comment. dga posted some cautionary comments that I would echo. I don't have a link for that.
The premise of honeypenny's algorithm seems to be requiring access to the block chain in order to hash. That has some good and bad properties. Given sufficient block chain growth it turns into a storage bound task, since storing the block chain in primary memory seems implausible going forward, and likely tends toward centralization. Perhaps no more so than centralization of nodes though.
I go into detailed discussion with tromp in my thread:
https://bitcointalksearch.org/topic/bitcoin-adoption-slowing-coinbase-bitpay-is-enough-to-make-bitcoin-a-fiat-557732
Also you can find some discussion between him and myself in the MemoryCoin 2.0 PoW thread which I linked to upthread.
In short, I don't believe it is CPU only currently, but (and I think we agreed this, but ask him) it might be the appropriate algorithm for mobile later if CPUs move to extremely high number of cores. Our discussion concluded with more testing is needed and I would try to help him get a TileGX in future if I can.
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.
In any case, I changed it to say "CPU only currently".
As the algorithm currently is implemented, I believe that is more honest for the time being.
If AES was replaced with a true cryptographic hash that was exceptionally faster (so that it would be only latency bound and no AES birthday-like attack possible) and if that hash was not efficiently implementable on GPUs, then I would consider the PoW to be strongly CPU only. I would think even an ASIC wouldn't likely outperform significantly since it would be up against all the economies-of-scale of Intel's fabs. In short, your PoW got very close to what I think is possible for design but is missing critical elements. If such a design I envision is open sourced, then you can copy it later.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?
The issue as I understand it (see the link I provided upthread) is that encrypted output is not designed to model a Random Oracle, whereas a cryptographic hash has certain qualities which are more approximate of a Random Oracle. In particular, there is no requirement that 1 bit of change in input to AES changes most of the bits of the output.
A cryptographic hash is irreversible so has greater leeway to incorporate more confusion and diffusion. Whereas, an encryption algorithm by definition is reversible with decryption.
Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.
I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.
The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.
What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?
I dont understand tromp's algorithm well enough to comment. dga posted some cautionary comments that I would echo. I don't have a link for that.
The premise of honeypenny's algorithm seems to be requiring access to the block chain in order to hash. That has some good and bad properties. Given sufficient block chain growth it turns into a storage bound task, since storing the block chain in primary memory seems implausible going forward, and likely tends toward centralization. Perhaps no more so than centralization of nodes though.
Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.
I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.
The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.
What kind of comparison can be made with Tromp's Cuckoo Cycle (Man, that's painful to say -- sorry Tromp), or the blockchain mining style that's proposed in HoneyPenny in light of the weakness in AES?
Problem is that AES is not suitable as a hash (certainly not when employed as encryption) for it has too small of a output space (repeating patterns will be over a few number of bits), thus it will be possible to attack this with an algorithm to reduce the scratchpad size significantly from the 2MB.
I agree with this. Only a small number of bits of the output of AES are being used, but AES does not guarantee that all of its output bits are random. For example, consider an algorithm AES' which is just like AES except that it appends 10 trailing bits that are always zero (AES'(x) = AES(x) << 10). This would be just as secure as AES for encryption, but catastrophically bad for slow_hash.
I suspect the developers wanted to use AES because of the hardware support in Intel CPUs, but they made a mistake, though it isn't immediately apparent how catastrophic this is (unlike my toy example above for example). If they used a true secure hash, it would be much slower and likely not memory bound.
The algorithm can and should likely be improved in this regard, although I don't have any immediate suggestions how.
Smooth, you have any ETA on the pool?
Any updates will be posted. Tacotime is in contact with the developer.
Smooth, you have any ETA on the pool?
People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.
Considering the electricity bill and the price of BTC by that time, was it worth it when you did it? Or were you that much in love with bitcoin that you were ready to mine at a loss?It was profitable over the cost of electricity, I think. (I had free electricity so I don't really remember but I don't think that was the issue.) Whether you use a pool or solo mine does not affect profitability (although...pool fees, etc. would reduce it), only how much your results are influenced by luck, which can go either way.
I use this one:
start_mining 42kW2qQgSu81gTwkh6tTvKLqFwo487NTiU2xCURNSPJqBegivh5bUxcddCo7BzJ2wFbF9giMx8ySnYN 6BazQQFHVPnrtHUX 4
This one is good.start_mining 42kW2qQgSu81gTwkh6tTvKLqFwo487NTiU2xCURNSPJqBegivh5bUxcddCo7BzJ2wFbF9giMx8ySnYN 6BazQQFHVPnrtHUX 4
underscore does not start the miner. however the hyphen does start it.
in the responses above, people are using hyphen not underscore.
this is more complex than i realized.
Go to http://monero.cc/getting-started. And PM for question (I don't always read the post).in the responses above, people are using hyphen not underscore.
this is more complex than i realized.
Also check the starter pack if you need precompiled binaries
starter pack
But I don't understand, Monero and BitMonero - is this one coin or different? 
Yesn sale coin but for historical reason, the dev doesn't accept the changing of the name.But I don't understand, Monero and BitMonero - is this one coin or different?
Yesn sale coin but for historical reason, the dev doesn't accept the changing of the name.People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.
Considering the electricity bill and the price of BTC by that time, was it worth it when you did it? Or were you that much in love with bitcoin that you were ready to mine at a loss? I don't think it is necessarily anything.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
If a couple of large farms show up it's going to chase all the miners off because there's no pool yet. Nobody will have any realistic chance of getting a block.
Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.
People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.
But it can, and it will happen. Probably sooner than later considering how fast the value of this coin is rising. I have six computers mining and only found one block so far back when the difficulty was in the 1000000 range. At 6000000 I'm just going to stop mining because there really is no point. Not trying to be a thorn in anybody's side here, just saying this could turn into a problem. Only time will tell i guess.
Whether or not large farms or botnets show up, the hash rate will certainly continue to rise if the coin is successful and pools will be needed if small miners want consistent payouts. Fortunately an open source pool solution is being developed.
I don't think it is necessarily anything.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
If a couple of large farms show up it's going to chase all the miners off because there's no pool yet. Nobody will have any realistic chance of getting a block.
Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.
People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.
But it can, and it will happen. Probably sooner than later considering how fast the value of this coin is rising. I have six computers mining and only found one block so far back when the difficulty was in the 1000000 range. At 6000000 I'm just going to stop mining because there really is no point. Not trying to be a thorn in anybody's side here, just saying this could turn into a problem. Only time will tell i guess.
I don't think it is necessarily anything.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
If a couple of large farms show up it's going to chase all the miners off because there's no pool yet. Nobody will have any realistic chance of getting a block.
Sure, if that happens. It hasn't happened yet. The whole network is around 5000 computers. Even with one little computer you should get a block every 3 days.
People may be impatient, but I can't help that. I solo mined bitcoin until I only got a block every few months.
I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
I would like to see a bounty raised for GPU miner, to prevent deception or groupthinking. Putting it in the headline gives the implication that it will be permanent to people seeing it for the first time.
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
I can agree with the spirit of this, but from common usage on this forum "CPU only" just means currently a GPU miner isn't available. Usually someone comes along and develops one, often demanding payment to open source it. ASICs follow if/when economic feasibility allows. So it seems valid at least as far as the thread title goes. The CryptoNote developers' description of their PoW as "egalitarian" (implying true CPU only) is a different issue.
In any case, I changed it to say "CPU only currently".
I don't think it is necessarily anything.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
very day we see people coming on here trying to figure out how to mine. Some of those people have multiple computers, some have many computers. I remember yesterday two people were specifically asking about how to set up multiple computers to mine to one wallet. I have no idea how many computers either of them have or how many other people like that didn't post. There was an optimized Windows miner released recently that doubled the has rate on a lot of hardware. With the price going up like crazy yesterday that was clearly going to attract a lot of people.
All of this is going to rapidly drive up the amount of mining and the hash rate, which in total still isn't that high, only 5000 or so computers.
If a couple of large farms show up it's going to chase all the miners off because there's no pool yet. Nobody will have any realistic chance of getting a block.
Jump to: