Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: CryptoNote | The Good, The Bad, & The Ugly
by
TPTB_need_war
on 10/08/2015, 10:23:51 UTC
Quote from: smooth on August 10, 2015, 07:33:08 AM
Quote from: TPTB_need_war on August 10, 2015, 07:21:17 AM
Quote from: smooth on August 10, 2015, 12:02:27 AM
Quote from: TPTB_need_war on August 09, 2015, 05:16:39 PM
Confidental Transactions from Blockstream hides the values of a transaction so business privacy is retained. CN doesn't do this.

It does to some extent because there are multiple outputs with some being change and some being payment (or payments). How they are grouped is not visible, so combinatorially this can give reasonable privacy of the payment amount. The choice of outputs affects how much actual privacy there is in practice and the current algorithm in Monero is not great, but is being improved.

As for size I gather that CT and CN are similar but I haven't reviewed it carefully.

You could hide value with CN. Split your value into small morsels, mix, then recombine through mixes. So then no one knows who owns that large balance.

Or simply use Monero as it is with balances split into powers-of-10 and thus (in theory) no one knows which sets of transactions are really the same transaction. Thus I agree with smooth's statement.

However, I have my doubts as to whether those powers-of-10 balances are not correlated via timing analysis. I don't have a specific algorithm nor research paper to cite, but rather just that we are dropping patterns all over the place. In an ideal anonymity set, everything should look the same, so there is no entropy to analyze.

So thus hiding value has the advantage of removing information that can be used to aid in combinatorial and timing analysis (combined).

Also it has another advantage which I won't mention yet...

In any case, I want to acceded that CN does in theory effectively add value privacy. I am just not confident that Monero is sufficient against the 5 Eyes and powerful analysis research that might be forthcoming if ever these CN coins become popular.

Think of my work as (an attempt at) the second stage of furthering the technology.

I'd just add that power-of-10 is not required by the protocol even today. That is just a convention. One might imagine other useful conventions that when further defined require only implementation in wallets. Anyway, the last part isn't too important since protocol changes are fine and even expected at this level of maturity.

That doesn't invalidate or disagree with your comments about timing attacks, etc. I think careful use can mitigate most timing attacks even today, but that's not a solution for end users who don't know how to be careful and won't. So none of these solutions is fully ready for prime time today. Some are better than others is about the best we can claim right now.

Yes flexibility and users (or their wallets) decide. I presume convention is often followed to maximize anonymity sets and reduce simultaneity conflicts.

And agree that perfection exists only in words and we do live in here and now. And if one needs anonymity on chain here and now, Monero is probably the best option available.

Even if someone were to design something "better" (different or some claimed advancement), will it even have enough adoption and all bugs worked out in time?

Of course I don't know that either, even being on the inside as a developer.

We appear to be in agreement.

I am not telling anyone to not buy Monero, except for my advice to lighten up (on all crypto and gold) for the coming low in crypto this Spring 2016.  For those who have well diversified and want to HODL through any sell off, then they can ignore my warning on that.

Edit: it is possible I end up using Monero because it is what is working best when I need it. Well we've already used XMR in fact.