A for-profit coin company, i dont care what they make, iwill never trust them.
Agreed that is the opportunity to beat them by open sourcing their code. But you will also need my block chain technology to make the big win.
moreover RingCT will move Monero closer to Zcash
Sorry no. It is still not immune to meta-data and the theoretical combinatorial analysis. Not reliable. Not realistic.
We need to move forward. It is up to you, I know my thinking and priorities on this matter.
A for profit company with closed source code controlling the initial key for a zerocash like currency is a regulatory nightmare.
No closed source. The key would be produced publicly at a ceremony.
Would this metadata and combinatorial analysis hold even if mixin 10 was a default on all tx's?
The meta-data (e.g. IP address, browser cookie, timing analysis and location of connection, what you said in facebook or on the phone, etc) correlation problem isn't likely impacted no matter how many times or inputs you ring mix. It is very difficult for mere mortals to cover their tracks on all the possible meta-data correlations. It is unfathomably difficult. Don't fool yourself into thinking it isn't.
The combinatorial analysis flaw (which I introduced to smooth during the BCX incident and hence followed up in debate with Shen-noether) is very theoretical and may or may not be plausible. In my thinking, it comes more into play if combined with meta-data breakdown of the anonymity systemically. Mixing more may help somewhat, but it can also make it worse because it is the excessive overlapping in mixes that causes the combinatorial unmasking.
In short, it is a clusterfuck (not a clean, clear, provable solution) and that is why I abandoned it.
...
All miners will have to register as money transmitters under FinCEN regulations, same as the issue for Dash masternodes. There has seriously bad implications in their investment strategy. But their code and developers are valuable. The investors can probably recover their money on the initial IPO. They should IPO the damn thing and do it legally and not mess with this "master of the universe" idea above.
I am contemplating contacting them, but I need to think through their economic options. It may be impossible to get them to do the right thing.
But they could definitely benefit from my endorsement in an IPO. A legal IPO! As well, they could benefit from my block chain tech.
...
Miners do not have to register as MSBs. Please read the guidance.
https://www.fincen.gov/news_room/rp/rulings/html/FIN-2014-R001.html The jury is very much out on Dash masternodes. How will the investors recover the funds from an IPO? If it is by emission then the IPO company is an MSB in the United States.
My interpretation of FinCEN guidance is miners would have to register as MSBs if they are forced to transfer some of the coinbase to some other party. Just because it is enforced by the protocol, doesn't absolve the miner from (the legal culpability of) creating the block which created new supply and transferred it to a third party.
Disclaimer: IANAL.
I hate when n00bs make me repeat the same shit over and over and over again. Do you think my time is free?
The masterkey has to be produced in a way that no one knows it. The proposals had been to use a public ceremony and a computer examined by everyone attending, to be sure the masterkey is unknown to anyone.
Note if the masterkey is known, that person can create coins out-of-thin-air, but he can't unmask the anonymity. That is a crucial distinction.
This is why I proposed the idea of using Zerocash as a mixer that eventually times out, so that we can be sure the mixer hasn't created any new coins. Everyone going into the mixer takes the risk that they may not be able to come out of the mixer if the attacker has already created coins. Then we could have many of these mixers in a free market, and users would decide which mixers they trust. Again anonymity is never compromised and the run on the bank can only be a loss to participants, not to the entire ecosystem. I am pretty sure this solves the problem and this is why we can take their open source and beat them.
I am loaded with ideas and designs to solve real problems in crypto. Hopefully some smart devs are going to realize they are better off working with me.
I am aware of that. However, for an stand-alone altcoin creating coins out-of-thin-air is just as detrimental as unmasking the anonymity, because both will likely result in the coin dying.
I already proposed a solution in my prior reply to you that is using their technology in ephemeral mixers, which thus avoids systemic risk and reveals which mixers are compromised (which is likely to be quite rare because participants will learn to judge which masterkeys were generated correctly at ceremony).
Free markets always work best as long as systemic risk is avoided.
RingCT has the same problem. I explained in I believe both the chess thread and my Zero Knowledge Transactions thread. This is another reason I abandoned it (in addition to the inability to get reliable anonymity since it doesn't hide meta-data the way Zerocash/Zcash does).
No it doesn't, because coinbase transactions are mixin = 0 in Monero and therefore you can check if the total supply hasn't been tampered with.
Wrong! Wrong! Wrong! Exemplifies that you are a n00b who should STFU.
If there is a flaw in the cryptography for proving the homomorphic sums (and that is new cryptography), then indeed the attacker can create new value out-of-thin-air and not be detected. I am not going to explain the examples and math again. I already did in the past. Go ask Shen-noether.
You should have paid attention the last time I explained this! You always want to use me but then you don't respect me enough to reward me[1] and then you expect me to correct for your inability to study and remember my posts carefully.
I don't think you should bet against them, because Zerocash has anonymity and nothing else does! The community will make sure it is peer reviewed. We must. You had better start figuring out how to transition and pronto.
I don't say I do. eb3f stated on reddit the following: "Monero uses ring signatures, as you may know, which is battle-tested and well-understood in the cryptography world and in practice". Even with community review it will take a long time to get to this state. I also don't agree with bolded here, but I won't go on a back-and-forth discussion with you over that.
Again my point is that you could have the safest snot in the world, but if people can't use snot for anything, then they are going to put their energies into perfecting and peer reviewing what they need.
Seems you all often miss the points entirely. They fly right over your heads.
I do agree that the new cryptography for Zerocash and zk-snarks is more complex than the new cryptography for homomorphic proof-of-sums for RingCT (or my ZKT), but I don't think that helps given the meta-data problem for RingCT/ZKT/Cryptonote (and every anonymity technology other than Zerocash). What is the point of pursuing a direction which is known to be unreliable and fundamentally flawed (in a way that can never be fixed), when we can pursue a direction that fixes the meta-data problem and is a matter of convincing whether the technology is sound with much peer review. Certainly the peer review can be done over time, and probably incentivized if the technology has a popular application.
I'll let others which are more knowledgeable comment on the metadata.
Please don't tell me I will have to waste more of my time defending an obvious point (for anyone who has the slightest technological understanding).
I am frustrated how much fucking time we waste. You all have been convincing yourselves in your little delusions for years of what ever circle jerk bubbles you prefer to be in (which often include ridiculing/dismissing me).
Edit: correction:
[1] I was rewarded by smooth, jl777, and rpietila. Big thanks to them. Very much so. I am just frustrated because I need a viable financial direction and we need to work smart and find a way that we can make these matters work in our favor. And I am trying to find people who value me and find a way to get it done.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware?
Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed.
That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time)
This does not answer my question which is cut and dry and goes to the heart of the trust issue.
If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure.
I already proposed how to spread the risk out and make it non-systemic.
Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes.
...
No closed source. The key would be produced publicly at a ceremony.
...
Using what operating system and firmware?
Of course they will need to convince the public the master key is sound. Or use my idea above of having multiple mixers and timing them out. I believe there is a solution, yet I will agree the current organization of their plans seems legally and structurally flawed.
That is why I say we can transition and beat them. But the technology is real anonymity. If you want real anonymity, you have to find a way to use their technology. Period. (and I have been studying this for a long time)
This does not answer my question which is cut and dry and goes to the heart of the trust issue.
If you apply that line of thinking, then every anonymity is insecure because operating systems and computers are never 100% secure.
I already proposed how to spread the risk out and make it non-systemic.
Note that Monero (Cryptonote one-time rings and every other kind of anonymity technology) also has systemic risk due to combinatorial analysis cascade as more and more users are unmasked with meta-data and overlapping mixes.
Proprietary software solutions have by their very nature a centralized systemic risk that Free Libre Open Source software solutions do not. The type of risks you describe in Monero are trivial compared to the risk of the DRM in the operating system used to generate master key in a centralized proprietary solution such as the one you propose. Furthermore I still do not have an answer to what is a straight forward yes or no question.
The masterkey is generated once and only the public key is retained. As long as no one saw nor can recover the private key before it was discarded, then there is nothing proprietary remaining in the use of the Zerocash open source. The Zerocash open source code requires a public key to be pasted in. It is the public (ceremony) generation of that key, which determines whether anyone had access to the private key when the public key was created.
DRM has nothing to do with it all. Thus I assume you don't understand the issue.
The only issue is whether the public key can be computed at a public ceremony and the private key was securely discarded. So for example, they could use any computer, encase it in lead before running the computation, and no external connection to the computer other than the screen which reads out the public key.
Then slide the computer into a barrel of acid so that it is permanently destroyed. All done at a public ceremony so there can be no cheating.
Of course one could envision elaborate/exotic means of cheating, such as using radio waves to communicate the private key out to external actor, but again that is why I wrote encase it in lead. There is the issue of how to destroy it while not momentarily removing it from its communication barrier. But I am confident these physics issues can be worked out to a sufficient level of trust.
As for trust, not even the Elliptic Curve Cryptography and other math we use for crypto can be 100% trusted. So if you start arguing silly about 100% trust, then it is safe to ignore as loony.
...
I am imagining that the type of people designing such a technology would do better than generate a masterkey on Windows et al. I'm actually imagining purpose-built, auditable software and maybe even hardware.
Auditable by whom?
It comes down to Free Software vs Proprietary software. The same is true for the hardware. There is a reason why my question is being avoided here.
By the attendees of said masterkey-generation ceremony.
Actually by anyone who uses the currency. The role of the attendees is to verify that
all the software has not changed between what was used and what is released to the public.
Edit: The minute one tries to protect "intellectual property" at any level the trust is gone.
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
...
FUD. The ceremony is only to computer a public key, nothing else. No other software has to be audited. Only need to confirm that the private key was not communicated from the computer to any one. Period.
How do you know that the public key you see on the screen is the one that was computed and not one that was pre computed before the computer was "placed in lead"?
Edit: DRM in the OS has everything to do with this since it is the perfect place to hide the private key.
That is what DRM is designed to do hide private keys.
The hardware has to be audited. But we also have to audit our hardware that we use to run Cryptonote. If Intel is planting spies in the hardware, then we are screwed.
100% trust is impossible. And this is another reason I deprioritized anonymity. It is a clusterfuck.
Also I think perhaps Zerocash was working on a way to generate the public key decentralized, but I haven't kept up with progress on that.
Indeed Zerocash could end up being a Trojan Horse (a way to get fiat in the back door) and that is why I made my proposal to use them only as ephemeral mixes that die periodically, so then we will know if the key was compromised or not.
The result of my proposal is:
- Stolen coins isn't systemic to the overall coin (same as losing some coins to Mt. Gox and Cryptsy isn't), and at least participants get ongoing ceremonies to get better and better at auditing the hardware.
- No anonymity is ever lost.
- No NET coin supply is ever created out-of-thin-air (instead some people lose coins if they chose an insecure mixer that had a compromised key), which is also the case for both Zerocash and RIngCT where coin supply could be created out of thin air and we would never know it due to a bug in cryptography.
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
TPTB said that not even math can be trusted 100%, then how can we put 100% trust on any device for fair start of a trustless currency
If can't trust the math, throw Monero in the garbage can too.
My point is that nothing is 100%. We have to weigh the reasonable risks and benefits.
But I am confident these physics issues can be worked out to a sufficient level of trust.
Only need to confirm that the private key was not communicated from the computer to any one.
I find this kinda weak against your general absolutism. "So Simple Yet So Complex".
After all, what stops all 3 letter agencies, who can own blockchains and can do analysis and attacks etc, to stage the whole thing? Will i be allowed to check that computer?
I mean, i have near to zero understanding of cryptography, but your search for the perfect/ideal solution looks like making you ready to take a huge and dangerous bet.
I proposed ephemeral mixers based on Zerocash technology. They will be ferreted out if they are doing this, because it will be known that the key was compromised when the mixer expires and everyone has to cash out of the mixer back into the public coin. The bastards can't keep doing it over and over again. The participants will get wise as to the methods the attackers are using.
I am not absolutist. Rather I think correctly and realistically when I weigh marketing, tradeoffs, and delusion as follows:
That will kick ass on Monero, because if I pass through the mixer, I know my anonymity is provable and I know I didn't lose my coins. It is only people who still sitting inside the mixer who risk losing coins. Everything has a risk. I would much rather the microscopic risk of a compromised key (causing me to lose some coins) to the sure risk of meta-data correlation in Monero which can send me to jail! Surely I would be judicious about not mixing all my coins at the same time and not all in the same mixer.
Marketing and design are holistically joined at the hip. Those fools who said the marketing can come later are clueless.
One more point I considered in my holistic analysis is that for most transactions we can't be anonymous. Thus anonymity is more suited to those who want to receive some payment anonymously and hide the funds there and extract them only to public funds in small morsels or to spend in other rare anonymous transactions (e.g. buying some gold bars from someone you trust won't reveal your identity).
In that case one might think you can just use Stealth Addresses (unlinkability) and run a full node to confirm receipt of funds anonymously. No need for Cryptonote, RingCT, nor ZeroCash. But the problem is the payer can be identified and be pressured to reveal your identity.
So this is why we need Zerocash to make the untraceability impervious to meta-data correlation.
But the problem with my proposal for ephemeral Zerocash mixers is that when we take the coins out of the mixer they can now be correlated to our meta-data (e.g. IP address, etc). So thus it seems to hide large funds and only take out small portions publicly as needed, will incur risk of losing those coins in my proposal, but at least they will be provably anonymous.
Anonymity is a clusterfuck. If we can't make trusted hardware, then anonymity is unprovable. Period.
So just give up on anonymity, or get busy trying to make hardware we can trust?
(or if Zerocash has developed a provably secure way to generate a master public key, which I doubt)
I think I did correct my myopia in the subsequent reply to him. And I think the points reached sort of a stalemate. I don't dismiss his point, but if that white paper above is our concern, then none of the software we use is trustworthy. Okay I understand the point that doing something once and we all have to rely on that, is different than we all each download our software and run diverse hardware. But is it? Seems we all are running the hardware made by Intel and all the download links run through routers controlled by TPTB.
So all-in-all, I accepted his point. I think anonymity is a clusterfuck. Given the way Zerocash's forum treated me (they removed all my posts after they realized I was explaining serious flaws and challenges), I don't expect any success from them either.
I'd like to move on away from anonymity. Maybe one day in the future we could make some mixers based on Zerocash (long after their effort has faded into the dust) and maybe use it for some few esoteric uses for anonymity. But reliable anonymity on a widescale is unfortunately a delusion that even I had to finally come to grips with. Sad to say.
As for unreliable anonymity, I can do that now with Bitcoin. I just go use an unregistered wireless network connection. Eventually that will be impossible, but for now it is available in some jurisdictions.
If someone could identify a use for ring mixing that applied to businesses who don't mind if the NSA is tracking their privacy, then perhaps I could be convinced there is a market. But as I wrote before, the NSA has employees and those employees can't be trusted to not sell your privacy to your competitors. Corruption is the rule, not the exception. A mouse will always eat the cheese.
I start to comprehend now how it might be true when Martin Armstrong says we might descend into a Dark Age.
The only way I can think to fight back now is
go for popularity and control in the hands of the people. Win the political war.
Is there a better alternative for anonymous transactions currently working and available?
There is nothing available for
reliable anonymous transactions. For unreliable anonymity, I might as well just use Bitcoin and jump over to my local McDonalds on the unregistered WiFi connection. So yes there is a better alternative, Bitcoin. And it is more widely accepted.
I would not entrust not receiving jail time on the assumption my meta-data can't be correlated, neither with Monero nor Bitcoin. The only anonymous things I would do would be legal things I want to hide from for example the public, but not from the NSA (and the employees of the NSA). In that case, I can do this reasonably well using Bitcoin.
I can't make the sources of my transaction untraceable with Bitcoin (unless I use some unreliable mixer, CoinJoin, or CoinShuffle), i.e. if someone wanted to premine and then make it impossible to connect them to the premined coins. So maybe we can argue that Cryptonote/Monero would help people who want to create scams. But decentralized exchanges might accomplish the same (not sure about that yet, still analyzing them).
In short, I just can't see what is the large market for this unreliable anonymity in Cryptonote as compared to the unreliable anonymity in Bitcoin?
Hey I am not happy it worked out that way. As much as I don't like the boastfulness of some Monero's community (not all the devs), I still would prefer if anonymity was realistic. I am saddened. And especially pissed off to have expended so much effort on anonymity and not have realized sooner.
Actually the market for Monero might be criminals. They may have the incentive to study how to guard their meta-data and willing to take the risk on the combinatorial unmasking (since a criminal mind seems to ignore the prospect of jail time). But they need to be mixed with regular users, otherwise their anonymity sets may not be large enough. I don't want to be in a project who sole main use case is criminals.
Please confine yourself to that question.
Hitler claiming to support Libertarian principles (e.g. anonymity).
Have you ever heard of the concept of respecting the freedom of others. I am flabberghast that you think you can tell me what I can write about. Do I tell you what you can write about.