Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Archival
Re: delete
by
smooth
on 03/10/2014, 22:23:24 UTC
Quote from: TheFascistMind on October 03, 2014, 10:21:31 PM
Quote from: fluffypony on October 03, 2014, 10:17:36 PM
Quote from: J1mb0 on October 03, 2014, 10:07:05 PM
-blah-

Jimbob...you read our Monero Research Lab's very first publication, right? You know the one where we spoke about a cascading privacy failure if an attacker owned sufficient outputs? Here's a link for you to save yourself. At any rate, this could occur in a CryptoNote coin where persons unknown to everyone else controlled, to thumb suck an example, 82% of all the outputs. That would be an exceedingly unsafe CryptoNote coin to use, as those person(s) could easily reveal the actual signature of just about any transaction, thus negating any benefit of ring signatures.

When choose a currency to shill for, you really should choose one that doesn't have that flaw.

And XMR paid me (7.5 BTC thus far, 2.5 BTC in arrears) to supplement that with a potential amplification and mitigation, where for example in some cases the attacker doesn't even need any of the outputs that are in the ring signature. Omitting my contribution (which y'all paid for, thank you) could possibly be construed as subconscious "not invented here bias" (hope not).

The extent of that vulnerability has not been quantified and thus nothing of substance is demonstated, we merely have a proof of concept and a supposition. By contrast, the MRL-0001 analysis that shows numerically that 82% control with low typical mixin usage on the network is clearly devastating.

FUD (aka repeatedly proclaiming "this might be a flaw/vulnerability" ) is easy. Proving something to be an actual practical vulnerability is much harder.

That is certainly not "not invented here." We've uncovered various potential issues that are also in need of in depth analysis. We consider both to be in the same category, except that we don't go around shouting about "possible flaw" before we actually know the validity and extent we are looking it.