-
razor[m]
-
razor[m]
-
-
anonyphi[m]
<razor[m]> "image.png" <- Is this related to Monero development in some way?
-
mj-xmr[m]
<alex[m]123456727> "Credit cards, for example..." <- I agree with that 100%
-
hyc
mj-xmr[m]: actually, Rpi4 comes with a 64bit OS. it's the first time raspberry has supported that
-
hyc
which is why #7953 is about rpi4.
-
mj-xmr[m]
Yeah yeah. it's all clear now.
-
sech1
hyc my rpi3 runs 64-bit os too. I had to install it manually though
-
hyc
right
-
hyc
as I said - rpi4 i the 1st time raspberry supported it. 3rd party was available before
-
mj-xmr[m]
sech1: I didn't know that the 64-bit os was available for RPi3 as well. Too bad, because it does give some kick.
-
hyc
armbian distro is pretty easy to install
-
Rucknium[m]
I tried to DM luigi about CCS, but Matrix is now telling me "User is not online or does not exist. Message not sent.", so I'll ask here:
-
Rucknium[m]
I submitted a merge request for a new Idea, and it actually shows up in the Ideas section. However, the text doesn't show up like with other proposals:
-
Rucknium[m]
-
Rucknium[m]
Does anyone have any guidance on why this may be happening?
-
mj-xmr[m]
-
gingeropolous
it probably won't display properly because you called them mixins
-
gingeropolous
"it would likely be wise to conceal the mechanics of OSPEAD indefinitely." >>> isn't it likely that an adversary could find a statistician like yourself that could uncover the same thing? I guess thats moot really. The same could be said of an exploit i guess.
-
anarkiocrypto[m]
> I submitted a merge request for a new Idea, and it actually shows up in the Ideas section. However, the text doesn't show up like with other proposals:
-
anarkiocrypto[m]
-
anarkiocrypto[m]
Can you also include stats on single input churns (sweep_single), please? (I can't afford to donate, can barely afford food/rent, but if you need any web dev help, I can offer that in return.) Churns are important for many real life use cases, where 1/11 plausible deniability isn't enough to stay safe.
-
mj-xmr[m]
> <@anarkiocrypto:halogen.city> > I submitted a merge request for a new Idea, and it actually shows up in the Ideas section. However, the text doesn't show up like with other proposals:... (full message at
libera.ems.host/_matrix/media/r0/do…7f263b6c71679170723322efb28571ac878)
-
mj-xmr[m]
I have no idea what it's about.
-
anarkiocrypto[m]
Do you mean Rucknium's proposal or churns?
-
anarkiocrypto[m]
I think Rucknium wants to statistically research decoy selection algorithm and then improve it, so that plausible deniability is better (i.e. the 10 decoys are more realistic and it is difficult for an observer to guess which is the real spend).
-
UkoeHB
Rucknium[m]: Don't you just have to paste it into the issue message?
-
mj-xmr[m]
Thanks. And what about the churns? A link would also be fine.
-
anarkiocrypto[m]
I churn for safety reasons since 1/11 plausible deniability isn't enough for me.... (full message at
libera.ems.host/_matrix/media/r0/do…79652f27d8b2016dd7cf531d07b9c172ef2)
-
anarkiocrypto[m]
s/increases/decreases/, s///, s///
-
Rucknium[m]
<gingeropolous> ""it would likely be wise to..." <- Yes. Like I stated, the fuse is lit. I think is is possible that the only benefit of revealing OSPEAD publicly is that other CryptoNote blockchains would be able to benefit from it, since they face the same mixin selection problem if I understand correctly.
-
Rucknium[m]
anarkiocrypto: I agree that churning is an important object of study, but I want this CCS proposal to remain focused. I (and others) could possibly examine it in a future research effort.
-
anarkiocrypto[m]
Surely churning is related to decoy selection? But I understand if not.
-
Rucknium[m]
anarkiocrypto: Yes it is related, but my proposal has a very specific & narrow goal in mind.
-
merope
Perhaps churning should take into consideration how many times your outputs have been used as decoys in other transactions as well? (Not sure if it's actually a useful parameter, just throwing the idea out there)
-
Rucknium[m]
endor00: There has been some recently-published research that, I believe, examines questions like this.
-
Rucknium[m]
This is behind a paywall, but available for free via "other means"
-
Rucknium[m]
-
Rucknium[m]
It's a tough read, for me at least. So groking it is on the backburner
-
Rucknium[m]
moneromooo: Can I share my HackerOne submission with sgp_ through end-to-end encrypted means?
-
Rucknium[m]
sgp_: Maybe it would be good to give your rationale for seeing it. I'm not sure a rationale is necessarily needed, though
-
M030AAAYAD
I've done a lot of work on ring signature research in the past and hope that I can provide a quality review
-
Rucknium[m]
sgp_: That would be awesome. As I stated in my CCS proposal, I am pulling together a scientific review panel for the execution of the (sketch of) the plan that is in the HackerOne submission, and I think you would be a good person to be on the panel if you have the time and inclination to serve.
-
ArticMine
Rucknium[m] I have a question about your HakerOne submission. How sensitive it this to a change in ringsize from 11 to 21 vs say 16 or 25
-
moneromooo
Ultimately it's your research, but "because I want to assess it" doesn't strike me as a good reason or everyone interested will see it. I'm not asking you not to though.
-
ArticMine
If this is for this channel I can provide a pgp email
-
ArticMine
if this is too sensitive
-
Rucknium[m]
moneromooo: I see. I also feel like it may be wise to restrict access to only those who may actively work to improve what I'm doing. That so far includes jberman, isthmus, and another applied statistician in the Monero community.
-
moneromooo
Feel free to ask some core team members for a second opinion though. I may have a bias.
-
Rucknium[m]
moneromooo: I intend to share something of a somewhat -- but not deeply -- sensitive nature with ArticMine . I assume that's OK, his being a Core member after all. Let me PM you, I think...
-
Rucknium[m]
(Request was approved)
-
Rucknium[m]
ArticMine: Yes, please provide an end-to-end encrypted means of communication. I have a Protonmail account, if that makes it easy.
-
moneromooo
FWIW I do not wish be the decider of who gets to see what. I can only give my opinion.
-
ArticMine
Pm you proton mail
-
ArticMine
me
-
Rucknium[m]
moneromooo: Ok. I feel like I need to ask for second opinions since this vulnerability work is all new to me, however. Much of this feels "above my paygrade"
-
moneromooo
Sure.
-
jberman[m]
My view is that there are strong nuggets in Rucknium 's paper to understanding and improving the algorithm, and I would rather the knowledge on it (and on solutions) be shared/opened up for everyone to be aware and make their own conclusions/draw ideas from it/scrutinize on their own as well
-
jberman[m]
Case in point, the work presented was developed after seeing some of the thoughts/work I shared publicly on the algorithm, and so it stands to reason that making the work public is likely to invite even more qualified eyes and scrutiny
-
jberman[m]
I also think it's better people are aware of the risks they face (and what they may have been exposed to) while using Monero today and in the past
-
jberman[m]
FWIW I also don't feel I'm qualified enough to pass heavy judgment on much of the paper, except in an assessment that the general intuition and ideas presented seem sound and well-supported. It *needs* more qualified eyes in my view to pinpoint any potential holes and drawbacks to the math
-
jberman[m]
Perhaps I am naive in thinking the "good" guys will beat the "bad" in this case, but I think it's closer to the spirit of FOSS/"no trusted 3rd parties" (of which I am biased toward) for yielding a stronger outcome
-
Rucknium[m]
To be clear, in case not everyone is aware, jberman has seen my VRP submission in full.
-
Rucknium[m]
I have thoughts on what jberman just said, but I want to give others a chance to respond first.
-
UkoeHB
It's standard practice to publicize vulnerabilities even in much more widely adopted technologies.
-
UkoeHB
After a period of 'hey fix this if you can...'
-
Rucknium[m]
UkoeHB: I feel like things are fundamentally different with a distributed blockchain. A "patch" doesn't fix past transactions. Also see Monero's VRP:
-
Rucknium[m]
>HIGH severities will be notified via at least one public communications platform (mailing list, reddit, website, or other) within 3 working days of patch release
-
Rucknium[m]
>i. The notification should list appropriate steps for users to take, if any
-
Rucknium[m]
>ii. The notification must not include any details that could suggest an exploitation path
-
Rucknium[m]
>iii. The latter takes precedence over the former
-
Rucknium[m]
I think (ii) could be interpreted to mean that full disclosure should not necessarily happen even after a "patch" is applied, depending on circumstances.
-
hyc
re:#7953 "There is no difference in sync between high end server or low end pi , just network connection" this guy is full of shit
-
UkoeHB
Rucknium[m]: I think the problem lies in the culture of FOSS and privacy tech. Image you were working on a different project (e.g. a Monero fork). You privately disclose your attack to them, and secretly concoct a solution for that project. What does your solution then look like to us Monero folk? Completely useless made up nonsense (regardless of its efficacy). Our selection would remain the same, and remain vulnerable, because
-
UkoeHB
we don't have the insiders to vouch for you and your research.
-
UkoeHB
Even if you privately disclose your research to all projects that you can find, what about projects that come later? How can we humans, who excel at incremental progress, build on what you discovered?
-
UkoeHB
By enacting that pattern for us, you are implicitly encouraging that pattern to be used to our detriment. In the long run, I think it is better for all _theoretical_ research to be open, even if in the short term there are costs.
-
Rucknium[m]
UkoeHB: I may be much more pragmatic. Look, the status quo is the following:
-
hyc
all of this is iterative. let this phase be confidential as it currently is. once an initial patch is released, that doesn't mean the work will stop.
-
Rucknium[m]
The current mixin (or decoy) selection algorithm was developed by:
-
Rucknium[m]
1) Non-statisticians who were
-
Rucknium[m]
2) partially funded by the U.S. Department of Homeland Security, one of whom was
-
Rucknium[m]
3) a member of the board of Zcash (Andrew Miller)
-
Rucknium[m]
They did not explain in their paper how they chose the gamma family of distributions. They basically just said, "Based on our human eyeballs, it looks gamma"
-
Rucknium[m]
I do not trust human eyeballs. Only robot eyeballs are trustworthy ;)
-
UkoeHB
Sure, but human eyeballs aren't much better than 'trust me I did the math'.
-
Rucknium[m]
To be specific, this is their rationale, given in Moser et al. 2018:
-
Rucknium[m]
"We heuristically determined that the spend time distributions, plotted on a log scale, closely match a gamma distribution."
-
UkoeHB
better/worse
-
Rucknium[m]
There's that word again, "heuristic" 🧐
-
Rucknium[m]
Look, I am pulling together a scientific review panel. They will review my work.
-
UkoeHB
'trust us we did the math'
-
UkoeHB
Same thing lol
-
Rucknium[m]
Yes, it will require trust. Better than spilling an attack to CipherTrace and their ilk.
-
Rucknium[m]
I address this issue in my CCS proposal text, for anyone who is wondering. Since I fully anticipated it would be a sticking point.
-
Rucknium[m]
UkoeHB: I think your suggestion is based in ideology rather than a practical look at risks.
-
UkoeHB
A cryptocurrency is not simply a practical thing
-
moneromooo
A dozen people have seen or will soon have seen this. It'll be out at some point anyway.
-
Rucknium[m]
moneromooo: To clarify, given the people that have seen it so far as well as the people who will soon see it, am I still technically following the VRP? In other words am I "abid[ing] by the VRP for responsible disclosure"?
-
selsta
we usually don't follow the VRP in a super strict way
-
selsta
just do what makes sense
-
Rucknium[m]
selsta: Ok. The main concern that I have is I don't want there to be a conversation later that goes, "Rucknium didn't follow the VRP." I don't really care about any possible bounty. I just want to do the right thing -- and, I suppose, not be accused of doing the wrong thing later.
-
Rucknium[m]
Like I have stated, this is a new type of process for me, so any guidance is useful
-
moneromooo
Well, you asked, so it's not like you just plastered it across the internet.
-
moneromooo
So there is evidence that you tried to do the right thing, if nothing else. Or at least, that you tried to make it look like you were :P
-
chaser[m]
<sech1> "use sweep_single to churn a..." <- if you churn multiple inputs in one tx, do you reduce "only" your privacy, or others' as well?