Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Altcoin Discussion
Re: I have come to the conclusion that "on chain anon" defeats the purpose.
by
TheFascistMind
on 08/10/2014, 10:12:41 UTC
Quote from: lexicon on October 01, 2014, 06:55:13 PM
Think about it. The fact that we are relying on a public information with a twist to be secure is not the answer.

Interesting that I was making the same point today in private communication before I had seen your thread.

1. All crypto will be cracked eventually, it is just a matter of time. First we have key length requirements increase over time:

http://www.keylength.com/en/compare/

2. Next we have IBM's head of research for quantum computing (with a $3 billion budget) expecting that quantum computing will arrive in 10 - 15 years. All the crypto-currencies to date use crypto that can be cracked with a sufficiently powerful quantum computer. May not happen in 10 years, but eventually it will.

3. There was a recent breakthrough in math for factoring which hints at the remote possibility in the future of a potential crack of the basic math used for all existing crypto-currencies (that use elliptic curve or RSA cryptography):

http://cacm.acm.org/news/170850-french-team-invents-faster-code-breaking-algorithm/fulltext#body-3



Quote from: rdnkjdi on October 02, 2014, 07:12:52 AM
By your logic "it's not secure, it will eventually be cracked" then private/public keys are in the same boat, no?  

Yes but not the same threat. Cracking ancient spent private key keys harms no one, thus no problem with keeping transactions on the block chain. Cracking ancient anonymity potentially harms up to and including everyone, thus IMO an unacceptable risk of keeping the correlation of the outputs and inputs (the anonymity mix) of a mixing transaction on the block chain.


Quote from: xenia4774 on October 04, 2014, 08:08:21 AM
I don't see a future in ring signatures

Do investors realize that Cryptonote can't run lite clients without destroying their unlinkability, because you have to publish the "tracking key" to delegate the search for received payments if you did not download the full block chain.

But publishing that "tracking key" breaks the unlinkability:

https://cryptonote.org/whitepaper.pdf#page=8

"If Bob wants to have an audit compatible address where all incoming transaction are
linkable, he can either publish his tracking key...In both cases every person is
able to “recognize” all of Bob’s incoming transaction"


Edit: the "Trading off anonymity set size for decreased bandwidth/CPU" section in the following paper hints at a solution where only a portion of the block chain needs to be downloaded in exchange for reduced anonymity set size, but afaik this is not in Cryptonote and I did not analyze how or if it can be integrated (and off the top of my head, I think this might further reduce anonymity sets in intersection with a potential block chain pruning design for Cryptonote):

http://sourceforge.net/p/bitcoin/mailman/message/31813471/