Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 867. (Read 4670673 times)

Someone was kind enough to ping me in private to come back here. Otherwise I wouldn't have seen this. I am not reading this thread normally.

What I was getting at is the ordering that transactions appear in the block chain. I provided some examples where combinatorial analysis has whittled done the anonymity set such that you have transaction in which all the inputs to a ring have been included in enough rings (taking into account all other inputs to those rings) that it is known that all those inputs have been spent, but it is not known which input is the spender to each of the said rings.

From there are ways to isolate which input is the spender.

1) If the last use of one the inputs is in a ring includes only other inputs that already reached their saturation (or any smaller set say just two of inputs that didn't reach saturation), then we know that said input is the spender (or know the spender is one of the smaller set of unsaturated inputs). Here is an example in chronological order:

Ring 1:
I0, I1, I2
Ring 2:
I0, I1, I3
Ring 3:
I0, I2, I3
Ring 4:
I1, I2, I3
Ring 5:
I2, I3, I4  ------> I4 is surely the spender

2) The second case I wrote was indeed difficult to parse because it was incorrect. I believe I was thinking about how to insure the overlapping in #1 doesn't occur and afaics that requires deciding which outputs must be mixed with which outputs before any ring with those outputs has been created. I apparently conflated those thoughts when trying to contemplate the explanation of a case where combinatorial analysis unmasks the anonymity such as #1 above.

---

What if you "disappeared" and because of that the other 6 "retire" or "lose interest" and turn over control to "Gavinmike".

Much better the code was done and locked in stone. But I know that is very difficult to achieve at this experimentation stage.


Sometimes even that isn't enough:

https://www.schneier.com/blog/archives/2006/01/countering_trus.html

Yes of course. Its not as if I haven't thought through all of this myself already. But there are reasons why I said what i said after the bolded part.

The most important thing to understand is that "can it be hacked?" is the wrong question. The important question is how costly will hacking it be and how great will the benefits be. (or for the more economically minded among you, technically the question is closer to, when the market reacts to hackers by lowering the amount of money people are willing to accept on one of these chips to the point where the marginal hacker finds it no longer worth his time, will that amount be too low for this technology to be sufficiently useful).

You are not going to be using this thing to buy a car or a house. Transactions like that will be done on the blockchain. You will be using it to buy a soda or a tank of gas or a game from the steam store. Sure there is a risk that some kid will dig into it with a microscope. Of course. But we have a perfect analog for this already with blockchains exactly the way they work now. People will accept 0 confirmation transactions on small purchases even though they could be reversed by a dedicated attacker. So what? Is the solution to force someone who is buying a soda to wait for 3 confirmations? As a market actor you just weigh the risks against the benefits and you decide for yourself what is your preferred trade off. If you are risk averse you have a lower threshold for amounts that you are willing to accept off chain, for the sorts of people you are willing to accept certain types of transactions from, and how often you settle up on the blockchain.

Understand what we are talking about here. Understand the promise. Understand what is at stake. What we are talking about here is a measure of unlinkability for all crypto users, instantaneous transactions, offline transactions, free transactions, the massive reduction of blockchain bloat, and the solution to the scalability problem. These things collectively, in their totality, ARE HUGE! When you dismiss it out of hand its tantamount to saying this medicine that will save my life tastes bad and gives me a tummy ache, so forget it.

This "solution" to doublespending could never be a replacement to satoshi's solution. It could never act as an alternative to blockchains. But it definitely can act as an amazing complement by leverage up satoshi's amazing invention to help make up for some of the shortcomings of this type of doublespend "solution". Togather, and only togather, they could make something beautiful.

Of course all of this this depends on how difficult it is to hack. If its too easy or too expensive to stay ahead of the curve in the arms race than it will be a footnote in history. If not it could take crypto to who new places. Only time will tell that but the chance that it will work is exciting as hell.

*edit* and i should add. this is the first time in my life that i have ever been excited about a closed source project. (excluding things like video games). So I definitely feel your concern. Its not as if im some closed source fan boy.

You forgot about MAIDsafe, the most complicated system ever devised that will do everything from route internet traffic to switch traffic lights in the utopic land of cryptopia. Apparently they posted some significant progress update today.

I guess I need to go back to grade school and learn to speel propeerly.

You knoow he is not alloowed to mean that!

That's basically what I was thinking, as the proprietary SD card is eventually (or quickly) likely to be reverse-engineered.

But, it should be an interesting experiment to observe.

Yeah its not, its almost as stupid as moneero from urgay, a coin need to be neat and simple, thats why complex blockchain systems like ethereum, ripple and nxt will never take off.

I don't find it that exciting. Anyway because of the part I bolded, it's doomed to fail. It relies on being closed source to work? It's like having security by obscurity only. It will work until it won't work because a kid disassemble it and tweak something to get a version that doesn't erase the private keys after handing them to another person. This will happen *very* fast.

So I don't know if you guys have seen the news about this proposal called "offcoin" http://www.coindesk.com/netopia-internet-free-bitcoin-transactions/ but it looks really cool and really exciting. It's rare that I will forgive a project for being closed source, but this one has to be closed source by it's nature, and still can be sufficiently trustworthy even considering.

Anyway one beautiful thing about it is that it will have a really significant positive externality on the privacy of everyone including people who never even use the product. Essentially it will make it so that there is no way for a third party observing the blockchain to know if the person who is in control of an address when it receives funds is the same person who is in control of it when funds are sent from that address. In essence it will give bitcoin an, admittedly imperfect, measure of unlinkability or at least link plausible deniability (though i think it would definitively go beyond plausible deniability).

So the point of all of this is not to say "sell all moneros bitcoin going to be anonymous soon". Clearly this is at best a partial solution. But if monero were to leverage up this technology it would make our privacy features only that much more robust. We could pay the same as we are paying now for privacy and get even more of it, or we could pay less for the same amount.

Since the code is closed source it will have to be entirely rewritten, so that's a bummer. But one nice thing is that none of the things that make monero different from bitcoin make implementing this idea within monero one iota more difficult than implementing it with bitcoin.

Some stuff worth thinking and talking about I think.

That's something I can try to do. I have some familiarity with the monero code, which should help.


Thanks

Monero.io is registered. Anyone here own it?

I think wee should takee up using double ee's in all instancees of words. Theen Moneero might havee a casee against our "company", which would theen be called Moneero.

Just read this as bitcointalk "ad", just wtf is expected from us to use Bitcoin with a reasonable level of privacy? Total joke. I would still prefer Monero over anything else even if it had to be renamed (won't happen) to darkflabb.

To be clear  I was not volunteering to create and publish the list (not something I would be good at with my erratic availability of free time anyway). I was volunteering to help someone do it by answering technical questions about the commits and pull requests when needed. So someone creating the list would not necessarily need to fully understand the code and/or discussions (but some degree of understanding would be helpful).

You mean buutt-huurt, right?

Exactly, this should be a non-issue. I would simply ignore them, they seem to be butt-hurt over nonsense.

It not against me, it was against "Monero" trademark a half year ago.

Good, they told you how to refute their claim. 

Yeah my point is I'm not competent to judge the legal side but the public image angle is something that might well backlash into this company. Additionally to attacking a FOSS project, there are many Bitcoin early adopters that are somehow involved in Monero, and it's not like the Bitcoin ecosystem is so huge that the moneero company could not care about what the "community" think of them.

It's a screenshot from letter by "Moneero" company. They agreed that "monero" is a common word.


And now they write us:
"We have trademark moneey, therefore you can not use money in domain names"