Topic: [XMR] Monero Improvement Technical Discussion - page 4. (Read 14717 times)

Nonsense. The meta-data can be correlated. It is unprovable as to what of a myriad of scenarios will be correlated and not correlated. The entropy of the universe is unbounded.  


Very strong assumptions backed by a lot of math. And a lot very smart mathematicians and cryptographers trying to break the math.

If cryptography is broken, then society may stop functioning and we may regress several decades in living standards.


Cryptonote is likely more mathematically well supported. Zerocash will indeed need to garnish more peer review for it to be as trusted as ECC.


Dash is better than Monero then! Come on smooth don't be a hypocrite. On chain anonymity is End-to-End Principled. Off chain mixing is not. That is fundamental and has been (one of) the argument(s) employed by Monero against Dash.

On chain anonymity is provable with math, except not for Cryptonote because the combinatorial analysis math is unfathomable and can't be expressed in a closed form. With Zerocash, the math of the anonymity set is simple; it is everyone. Every transaction in the universe is in your anonymity set in Zerocash.

Cryptonote isn't even close not even with orders-of-magnitude close. And that is not even factoring in the meta-data issue.

You are trying to equate a microbe to an elephant. The elephant is in your living room and you are denying it.

They are saying that nearly any practical use where privacy is desired will still require shielding the network layer to remain private. Partial solutions that hide connections between transactions on the chain but still put a big shining beacon all over your online activity (and these days almost all activity is online, even when you are "offline" and using a mobile device) are largely useless.

"Zerocash only anonymizes the transaction ledger"

Not good enough.

They are saying the IP address is leaked. They are not saying it can be correlated to any transaction, except for that bizarre attack in the second point which seems to be detectable and only likely in a (near) majority hashrate attack. This appears to be a non-issue.

Those are two separate issues.


1. You can not prove that the properties of on-chain input mixing are unprovable. In fact, obviously some properties are definitely provable, so really the question is which ones.

2. I disagree with the above statement. They do so all the time. Cryptography itself isn't even provable beyond stated assumptions. And certainly not elliptic curve cryptography without which Zerocash does not exist (nor Cryptonote, but I'm told that Cryptonote is still mathematically stronger -- outside my expertise).

All this stuff is about using the "best" available tool where "best" is not a simple metric.

Zerocash does not need IP obfuscation when all the transactions are in the private zerocoins. Cite the section of the paper. I think you must be misunderstanding something. You are probably conflating the use of the regular non-anonymous coins mentioned in the paper.

Here you are making excuses again. Corporations are not going to trust unprovable shit. And moreover, mixnets are always vulnerable to flood attacks. They are very, very unreliable. Not only do I disagree, but I also think you are ignoring basic fundamental realities about the technologies.

Edit: arguing for Tor/I2P is akin to arguing for Dash's off chain mixing. Now look in the mirror and remember your arguments for End-to-End Principled ring sigs (versus off chain mixing) and realize the same logic applies to why Zerocash is superior to using off chain mixnets. Hypocrite.

Edit#2: okay I see the section you are referring to:


I will need to understand this attack better. Seems to me they are saying that you need to spend from a block where your pour transaction was the only transaction in the block. But the user would I think know this and thus not spend the coin any more. Thus I believe the anonymity remains provable without the use of any mixnet. I will need to understand this more deeply to be sure.

Nobody is freaking out, just trying to stay on topic, and I sure as hell never promised investors or speculators anything. I'm the one who gets shit for telling them their investment will probably go to zero, remember? Your comments about moving to zksnarks are on topic, so that's all fine.


I2P, and even somewhat Tor, is perceived as adequate by 99% of the market. The remaining 1% may be smarter but isn't obviously much of a market at all. Very niche-y.

I am thinking best to adopt zk-snarks because (in high level conceptual thinking which could possibly be missing some key detail) it is more general to any sort of block chain contract (script) a business might want to do, not just currency. As well, I argued in the prior post that businesses will not likely adopt a privacy solution for currency which forces them to trust Tor or I2P to obscure their IP address meta-data (and that isn't even the only meta-data that will need to be obscured and some other meta-data might even be impossible to obscure).

Thus I argue if corporations are going to adopt privacy on block chains, they will choose zk-snarks in spite of your arguments that the masterkey must be created in a secure way. Corporations trust the institutions of society, e.g. the police, the courts, the government, etc.. Also afaics corporations are sort of a hierarchical structure with smaller companies serving larger companies, and so they are likely to fall in line to what larger corporations demand for interoption. What I am saying is that the top-down structure of corporatism means accepting that someone at the very top gets to create the masterkey for Zerocash.

Of course I would prefer an anonymity solution that has no caveats. But after all my study (and even inventions of anonymity solutions) I have learned there can't exist anonymity systems w/o caveats.

Thus if we are choosing which set of caveats (tradeoffs) we prefer to develop around, I think we must incorporate the needs of markets into our thought process.

I simply don't see any markets for Cryptonote style anonymity. I wish I could think of a market, but I can't. Whereas, zk-snarks seems to potentially have real business applications.

And that is damn unbiased opinion, because I have nothing to gain from zk-snarks. I have no knowledge of how to code them nor do I yet completely understand them. It doesn't give me any advantage whatsoever to come to the conclusion they are superior to develop around. Hell, I even have Zero Knowledge Transactions which is superior to RingCT which I had to abandon because I came to this realization. I am a loser too.

I don't know why you guys are so unable to discuss issues without freaking out. Smooth if you are truly diversified, then why can't you act more calm. Did you promise all the speculators that you were surety? Remember Proverbs says, "Don't be surety for another".

Look way back in 2014 when you launched Monero, I told you smooth and fluffypony that IP address correlation was the weakness. Fluffypony proceeded to try to integrate I2P. I warned you all many times that was not an adequate direction. But you wouldn't listen.

And now you attack me and are angry at me for trying to help you not waste more of your time and effort.

I simply don't understand you guys. Why can't you be more open-minded and also more amicable to people who want to discuss matters?

Is it pride? Somebody shot your baby.

Would that be on topic here? I'm pretty sure the answer is no


What's the deal with you and Monero anyway? You have  many of your own threads. Why not just discuss your broad ideas about marketing products to real markets there instead?

That is certainly true. Indeed I personally distrust current chips and horde some older platforms that were much less feasible to backdoor in a manner that would be useful today. When they break or wear out I will lose that option though. Still there is a diversity even of current chips and they may not all be backdoored in an equivalent manner or by cooperating parties, if they all are at all.