-
m-relay
<monerobull:matrix.org> thoughts on incognito extortion and the flood being linked?
-
m-relay
<monerobull:matrix.org> incognito could be compromised / always been a honeypot and now flooding + EAE attack is used to de-anon vendors paying the ransom
-
m-relay
<dave.jp:matrix.org> How do you know it’s incognito flooding ?
-
m-relay
<dave.jp:matrix.org> Vendors would be paying ransom if they are doxed
-
m-relay
<dave.jp:matrix.org> Flood is coming from chain analysis company not some dnm
-
midipoet
monerobull: why do you think incognito has always been a honeypot?
-
m-relay
<chaserene:matrix.org> PSA before today's meeting: it seems Matrix accounts on the matrix.org server still don't receive messages from monero.social accounts. I'd advise people with only a matrix.org account to register a new one on the matrix.monero.social home server (easiest on app.element.io) and use that for now.
-
m-relay
<rbrunner7:monero.social> Hmm, but people with two Matrix accounts sounds a bit like a recipe for confusion, e.g. if I want to DM them ...
-
m-relay
<rucknium:monero.social> chaser: Thanks. people with matrix.org home servers could also just refresh
libera.monerologs.net/monero-research-lab a lot during the meeting to see the conversation instead of making a Matrix account on monero.social
-
m-relay
<rbrunner7:monero.social> Maybe they could come over to the dark side for a while and use IRC directly. Old school, but after an initial shock it doesn't hurt too much ...
-
m-relay
<rucknium:monero.social> ^ Probably someone would need to post that from a matrix.org Matrix account for the intended audience.
-
m-relay
<rbrunner7:monero.social> Right :)
-
midipoet
Is the matrix broken?
-
moneromooo
Yeah, someone took the green pill. Somehow.
-
m-relay
<rucknium:monero.social> MRL meeting in this room in two hours.
-
midipoet
did it taste of apple or pear?
-
m-relay
<chaser:monero.social> yes, it is a mess. my temporary solution is to use a Matrix client that supports being logged in with multiple accounts (the most feature-rich and cross-platform one seems to be FluffyChat).
-
m-relay
<chaserene:matrix.org> to clarify: app.element.io is a way to run a client in the browser, but you can also use your current instance (but then you have to log out) of a Matrix client that supports registering accounts (not all do), or install the same in a different packaging format (on GNU/Linux: your distro's package manager, flatpak, snap, appimage, etc), or install a different one (
matrix.o<clipped message>
-
m-relay
<chaserene:matrix.org> rg/ecosystem/clients/). what matters is to, during registration, set the home server to matrix.monero.social. the trouble of multiple accounts can be helped by using a Matrix client that leds you handle multiple accounts at once. I found FluffyChat to be the most feature-rich such client.
-
m-relay
<chaserene:matrix.org> other ways to not miss messages are to refresh frequently the IRC log page (
libera.monerologs.net/monero-research-lab) or to connect to IRC directly with an IRC client.
-
m-relay
<chaserene:matrix.org> (and apologies to every non-matrix.org user for repeating the info from the other side.)
-
m-relay
<rucknium:monero.social> Meeting time!
monero-project/meta #981
-
m-relay
<rucknium:monero.social> 1) Greetings
-
rbrunner
Hello
-
m-relay
<chaser:monero.social> hello
-
m-relay
<sgp_:monero.social> Hello
-
m-relay
<vtnerd:monero.social> Hi
-
m-relay
<rucknium:monero.social> 2) Updates. What is everyone working on?
-
m-relay
<rucknium:monero.social> me: Working on analyzing the possible spam black marble flood. I have a PDF draft, but it's very rough. I have the draft plots ready to share:
github.com/Rucknium/misc-research/t…onero-Black-Marble-Flood/pdf/images
-
isthmus
Hiya. Intermittently here, but multitasking
-
m-relay
<chaser:monero.social> "work" would be an overstatement, but I collected all the measures I can think of that can be effective against a black marble flood:
monero-project/research-lab #119
-
m-relay
<rucknium:monero.social> chaser: Thanks a lot :)
-
rbrunner
Good text, helpful
-
m-relay
<vtnerd:monero.social> I worked a little on frontend for lws, but stopped after I discovered woodser was already on it. Otherwise have been working on "remote" scanning for lws. A little more confident that it will be possible without destroying the code, but still a possibility that I punt on the feature
-
m-relay
<rucknium:monero.social> 3) Discussion. The large tx volume is still happening. A little lower now, but still filling almost all blocks to the 300 kB minimum limit.
-
m-relay
<rucknium:monero.social> I put some plots here:
github.com/Rucknium/misc-research/t…onero-Black-Marble-Flood/pdf/images The most important ones are empirical-effective-ring-size.png, spam-share-outputs.png, and projected-effective-ring-size-non-log.png
-
m-relay
<rucknium:monero.social> If the tx volume is a black marble flood attempt, an effective ring size low enough to allow chain reaction analysis to deterministically figure out the real spend would be the greatest threat. Effective ring size is about 5.5 now. Less than 1% of rings would be drawing black marbles for all 15 decoys.
-
rbrunner
"projected-effective-ring-size-non-log.png" is a bit depressing, if I understand that correctly: With ringsize 25 the adversary only needs to double blocksize to about 600, and it's again down to 5.5
-
m-relay
<rucknium:monero.social> Doing actual chain reaction simulation would take time. Chervinski et al., (2021) did a chain reaction simulation. Looking at their parameters, I don't think it's a problem now with the suspected spam volume.
-
m-relay
<rucknium:monero.social> Yes. ArticMine suggested raising ring size to 40.
-
m-relay
<sgp_:monero.social> ArticMine should have suggested bumping the min fee 4x :p
-
azunda
bumping fee is not smart.
-
m-relay
<chaser:monero.social> he did actually, but only the relay fee. I think if fees are modified, it makes sense to do it on the protocol level.
-
m-relay
<sgp_:monero.social> Raising the ringsize with the current technology is relatively costly. Arguably more harmful than bumping the minimum fee imo
-
rbrunner
Looking at the list from chaser, I don't think we have any immediate "smart" countermeasures
-
m-relay
<rucknium:monero.social> The budget of the suspected adversary is unknown. There was a 24 hour burst of 1in/2out 320 nanonero/byte txs that was either the spammer or a service that paid a lot temporarily to get fast confirmations. The rest of the suspected spam pays fees much lower (20 nanoneros/byte)
-
m-relay
<sgp_:monero.social> a spammer with a truly unlimited budget will always consume 100% of new available block space, making the attach unavoidable. So that's what we're up against
-
m-relay
<sgp_:monero.social> a spammer with a truly unlimited budget will always consume 100% of new available block space, making the attack unavoidable. So that's what we're up against
-
m-relay
<rucknium:monero.social> 320 nanoneros/byte is the 3rd tier of fees. The GUI/CLI only increases fees from the 1st to 2nd tier if the txpool is congested.
-
m-relay
<rucknium:monero.social> Can anyone confirm that increasing the ring size would not increase the pruned node storage space very much?
-
m-relay
<sgp_:monero.social> The only way the monero network gets around this is assuming that the attacker doesn't have unlimited resources (since then we have to assume it's a lost cause), and we make it significantly more expensive for them
-
rbrunner
Don't know enough details about pruning to be sure. But for sure the pruned blockchain growth would also accelerate
-
m-relay
<chaser:monero.social> no attacker has unlimited budget. we don't know their budget until they stop. the cost requirement is like a fence, what we can do is to raise it in some or multiple ways, which will raise our general defense, and may make an attacker retreat/not raise their volume
-
m-relay
<rucknium:monero.social> I could project the expenditure to achieve some effective ring size. Vary the fee and the nominal ring size.
-
m-relay
<sgp_:monero.social> the cost of raising fees is only passed onto the senders. Higher fees also subsidize mining, making mining attacks more expensive as well, assuming no material change to organic demand
-
m-relay
<sgp_:monero.social> It might be worth trying to guess the realistic amount an attacker would be willing to spend, and trying to model around that. There will always be some implied number there to target
-
m-relay
<rucknium:monero.social> Raising fees could reduce the volume of txs sent by real users. That would increase the adversary's share of outputs, ceteris paribus.
-
m-relay
<sgp_:monero.social> yes, but for them to maintain the same ratio of outputs that we're worried about, the math works in our favor
-
m-relay
<sgp_:monero.social> yay ring signatures :)
-
m-relay
<sgp_:monero.social> for every 1 real tx cost paid by a user, the attacker needs to pay what, 10x that? for a concerning ratio
-
rbrunner
That's an interesting way to look at it
-
m-relay
<articmine:monero.social> Raising the ring size is the best deterrence against a black marble attack
-
m-relay
<rucknium:monero.social> Real users and the suspected adversary do not have the same willingness to pay per tx.
-
m-relay
<sgp_:monero.social> Let me put it this way: if making new transactions costs effectively nothing, then even ringsize 100 wouldn't matter, since there's no cost to spam transactions
-
m-relay
<sgp_:monero.social> I'm not saying ringsize is truly irrelevant, it's just that fees matter a lot more
-
azunda
attacker will need to spend exponentially more with higher ringsize ?
-
m-relay
<rucknium:monero.social> IMHO raising the ring size to 40 would be great, given what I know at this point in time.
-
m-relay
<articmine:monero.social> Of course
-
m-relay
<articmine:monero.social> Do you mean because of the impact on the output distribution
-
m-relay
<rucknium:monero.social> projected-effective-ring-size-non-log.png tries to accurately project block weight as ring size increases by the way.
-
rbrunner
Interesting that so far no attempt to drive the effective ringsize lower than about 5, but 5 is still a quite good protection. Is that even useful what they do here, as a black marble attack?
-
rbrunner
I find this quite a bit puzzling
-
m-relay
<sgp_:monero.social> I'm not going to stand against a ringsize increase. You all should know I've advocated in favor of all the previous ones. But, it would be silly imho to bump the ringsize but do nothing about fees.
-
m-relay
<sgp_:monero.social> Increasing the ringsize has a permanent network cost. Increasing fees has no direct network cost.
-
azunda
let's not rule out that it is organic
-
m-relay
<rucknium:monero.social> ArticMine: I mean because of the estimates that I've done in
github.com/Rucknium/misc-research/b…ted-effective-ring-size-non-log.png . If nominal ring size is 40, there would still be a healthy effective ring size if the suspected spammer is filling 300 kB blocks. Actually it would be larger than current nominal ring size (16)
-
azunda
sgp - it has social effect, people want to use the cheapest means of transacting
-
m-relay
<sgp_:monero.social> Monero should not compete to be the cheapest network. Monero won't win that fight :p It needs to be a very private option for a totally reasonable cost
-
azunda
yes but people care more about money than privacy, that's why low fees are more attractive with the added "privacy" bonus
-
rbrunner
I think it might be interesting to brainstorm a bit more about possible forms of "PoW before submitting a transaction"
-
m-relay
<chaser:monero.social> it doesn't matter if it's organic or not, because we can't know, and we can't afford to think it's the optimistic scenario. and even if it is organic, this event is an invitation to any adversary in the sidelines to come and attack, especially if they see that there is no pushback.
-
isthmus
I prefer raising the ring size as the most robust way to address this. However I would not object to fee adjustments as part of the response
-
rbrunner
Maybe we can connect the amount of PoW needed with some network parameters / network statistics, so normally it's negligible
-
dukenukem
Raise ring size and slightly adjust fees. Ez.
-
isthmus
For txn pow with existing format could just reroll randomizer until some field is sufficiently low/high :- P
-
m-relay
<chaser:monero.social> Monero is a privacycoin, not a "cheap transactions with privacy bonuses" coin.
-
m-relay
<rucknium:monero.social> There is a technical statistical point to keep in mind. Mean effective ring size = 5.5 does not mean that random guessing success is 1/5.5. Effective ring size is a random variable since decoys are selected randomly. 1/x is a strictly convex fucntion. By Jensen's inequality, E[1/x] > 1/[E[x]. The current probability of correctly guessing the real spend is about 25%. Check empirica<clipped message
-
m-relay
<rucknium:monero.social> l-guessing-probability.png
-
m-relay
<ajs_:matrix.org> Liam Eagen to give talk on Bulletproofs++ at MoneroKon
-
m-relay
<sgp_:monero.social> I strongly suggest you hike the fees a higher multiple than the ringsize increase
-
m-relay
<sgp_:monero.social> If the attacker continues to consume the majority of the block space, then they will pay the majority of the fee increase
-
m-relay
<rucknium:monero.social> I am not opposed to a reasonable increase in fees, too.
-
azunda
maybe that's the point of the attack ? so we increase the fees ?
-
m-relay
<sgp_:monero.social> unfortunately the motivation doesn't really matter
-
azunda
as pointed out, it has no effect on privacy
-
m-relay
<sgp_:monero.social> there is absolutely a privacy risk and rucknium demonstrated
-
m-relay
<ajs_:matrix.org> Ariel Gabizon will also give a talk on Circle STARKs
eprint.iacr.org/2024/278
-
m-relay
<sgp_:monero.social> there is absolutely a privacy risk as rucknium demonstrated
-
m-relay
<chaser:monero.social> these charts are very good, thank you!
-
m-relay
<rucknium:monero.social> I said in Saturday's #monero-community:monero.social meeting that I am planning to write a statistical research CCS to analyze the black marble flooding and other Monero research tasks. Input is appreciated :) . nioCat suggested that I work with ArticMine to model some scenarios.
-
rbrunner
If the current amount of spam does not change, it won't get much worse than it already is, right?
-
m-relay
<ajs_:matrix.org> And Stefanos Chaliasos on Security Vulnerabilities in SNARKs
-
m-relay
<sgp_:monero.social> I understand that people have an emotional attachment to small fees. However, it really is important to consider the consequences of having a super low cost of spam. A low cost of spam makes enforcing privacy protections significantly more expensive (through a much larger, less efficient required ringsize)
-
m-relay
<rucknium:monero.social> Yeah, still working on OSPEAD in parallel, but the black marble is more urgent since OSPEAD adjustments probably have to happen at a hard fork to be safest.
-
m-relay
<articmine:monero.social> I disagree. A critical part of privacy is to increase the ham transactions. This means increasing the anonymity set
-
m-relay
<boog900:monero.social> I don't know if this has already been mentioned but although the effective ring size is ~5 wont these decoys that are left be more likely to be older i.e the ones less likely to be the real spends
-
m-relay
<sgp_:monero.social> I would agree with you ArticMine if we already had FCMP
-
m-relay
<rucknium:monero.social> rbrunner: The effect on privacy is not going to become severe quickly if the current tx volume stays the same. It will get worse gradually
-
m-relay
<articmine:monero.social> Think of drowning the blockchain Surveillance companies in ETH, which is starting to happen
-
m-relay
<articmine:monero.social> Yes I agree
-
rbrunner
drowning in ETH? I don't understand
-
m-relay
<sgp_:monero.social> boog900: Yes, this is true for certain investigation scenarios. It makes out of band information over these periods more valuable, if that makes sense
-
m-relay
<sgp_:monero.social> I don't know if I can explain it simply here
-
m-relay
<rucknium:monero.social> boog900: Yes, but
github.com/Rucknium/misc-research/b…ted-effective-ring-size-non-log.png projects what happens if the spam continues for a very long time at current levels. It doesn't get much worse than effective ring size 5.5 when blocks have 300 kB total weight. Effective ring size about 4.5 I think.
-
m-relay
<chaser:monero.social> unfortunately, all these will be possible only with a fork
-
m-relay
<articmine:monero.social> FCMP is the goal. My interim solution is to all for a tx size of around at least 5000 - 6000 which is the estimated size for FCMP
-
m-relay
<articmine:monero.social> So we have the scaling in place for when FCMP come on line
-
m-relay
<sgp_:monero.social> Why 4x the cost of transactions to be stored permanently if we could instead 4x the cost of fees paid by the attacker for the same privacy improvement
-
rbrunner
Because that improvement is not assured?
-
azunda
not if they have large budget
-
m-relay
<rucknium:monero.social> chaser: Yes, but the hard fork node parameters need to be ready before the wallet parameters need to be ready. Ring size is node. Decoy selection algorithm with OSPEAD is wallet.
-
rbrunner
They might be ready to pay 4x
-
m-relay
<sgp_:monero.social> I think we need a sanity check. Are there really reasonable use-cases where a Monero transaction *should* cost less than, say, $0.10? What demand does that actually turn away
-
azunda
increasing fees may even decrease privacy as people will use lower than default fees and just wait longer
-
m-relay
<rucknium:monero.social> They have have paid 16x when we saw the 320 nanoneros/byte burst.
-
m-relay
<articmine:monero.social> A 4x increase in fees below the minimum penalty free blocksize is part of my proposal. So both
-
m-relay
<rucknium:monero.social> There are a lot of people in the world who would not transact at $0.10 per tx
-
rbrunner
Well, maybe people would even grudgingly put up with USD 1 as a fee. Does not mean that makes sense as a course of action
-
m-relay
<sgp_:monero.social> currently the cost is $0.004 per tx, right?
-
m-relay
<articmine:monero.social> I agree
-
m-relay
<sgp_:monero.social> a 4x proposal would make the per tx fee $0.016. Which would cost the attacker how much in USD terms per day Rucknium? Apologies if you don't have the # of txs they make handy
-
m-relay
<rucknium:monero.social> We will need 3D images :D
-
m-relay
<rucknium:monero.social> I will do some more projections on fees, ring size, and privacy impact.
-
m-relay
<chaser:monero.social> ~$2400
-
m-relay
<rucknium:monero.social> I see about 3 XMR per day spent by the suspected spam now.
-
rbrunner
And that's why "let's rise fees" is such a slippery sloppy: USD 2400 is still almost nothing for certain adversiaral "use cases"
-
m-relay
<chaser:monero.social> assuming same tx volume as during peak
-
m-relay
<sgp_:monero.social> so about 98k spam tx/day?
-
m-relay
<articmine:monero.social> .... and combining this with ring 40 we have an additional ~2.5x
-
plowsof
and if monero drops 80% in usd price .... or increase to the same as btc
-
m-relay
<sgp_:monero.social> sadly there's always some implicit price assumption in these calculations, and we can't predict the future. Yay hard forks (or at least soft forks) :p
-
m-relay
<articmine:monero.social> You mean all on chain like BTC or staying decentralized. There is a big difference here when considering fees and spam attacks
-
m-relay
<sgp_:monero.social> a 4x to fees will bring their cost to roughly $46k/mo, which is still low
-
m-relay
<rucknium:monero.social> IMHO, ways to link fees to the purchasing power of XMR should be researched. Does not mean a formal oracle.
-
m-relay
<articmine:monero.social> The question here is settlement on chain or on a centralized ledger
-
rbrunner
Nice idea, but raises the complexity of the system yet again. Already now we may have the most complex fee algorithm of them all
-
m-relay
<rucknium:monero.social> For example, fees could be linked to network hashpower. Since aggregate mining revenue is 0.6 XMR per block and hashpower is proportional to revenue (mostly), maybe that could help.
-
m-relay
<sgp_:monero.social> what centralized ledger? monero was already delisted everywhere! /s, kinda
-
dukenukem
articmine is your proposal documented somewhere, or just in chats thus far?
-
m-relay
<articmine:monero.social> I am working on putting this together with documentation
-
m-relay
<rucknium:monero.social> The BTC fees are linked to BTC purchasing power by demand and completely inelastic block space supply. It's not a model to follow exactly, but it has a link there.
-
m-relay
<chaser:monero.social> I agree that we shouldn't be *too* attached to measuring these costs in dollars. markets are fickle. what we can know is that higher attack costs raise the probabilistic security.
-
m-relay
<sgp_:monero.social> You need to be able to mitigate the spam risk by causing actual USD equivalent costs to a potential attacker, that's what it comes down to
-
m-relay
<chaser:monero.social> yes, I know it's inevitable, as you said
-
m-relay
<articmine:monero.social> You can link to USD cost if one assumes no settlement on centralized ledgers. Then the equation of exchange predicts a linear relationship between blocksize and price over time assuming a constant velocity
-
m-relay
<sgp_:monero.social> clearly this attack proves there's no given relationship between blocksize and price
-
m-relay
<articmine:monero.social> M is constant, assuming V is constant the PQ is constant
-
azunda
add captcha before sending tx /s :D
-
m-relay
<articmine:monero.social> Most of the recent growth in transactions rates have been below the penalty minimum
-
m-relay
<articmine:monero.social> With no penalty. pricing
-
m-relay
<chaser:monero.social> how do you all feel about the resource requirement increase that a larger ring size would impose? can Seraphis/Seraphis+FCMP justify pre-introducing these requirements?
-
m-relay
<sgp_:monero.social> imo, no, not really. But it an important consideration if we consider the other costs reasonable for their advantages
-
m-relay
<articmine:monero.social> Graphics verification is required in my opinion for the current and subsequent proofs
-
m-relay
<rucknium:monero.social> IMHO, node performance should be benchmarked if ring size would increase to 40. It has to pull lots of data from the database when there are a lot more outputs referenced per ring.,
-
m-relay
<articmine:monero.social> We have to take advantage of parallel processing on CPU and GPU
-
m-relay
<sgp_:monero.social> yes but that takes time, resources, testing, etc. bumping the fee does not take effort and comes with no network costs
-
m-relay
<sgp_:monero.social> if the network fee was raised to $0.10, the attacker would be spending $300k per month. Just to give you an idea of how much the fee matters for these mitigations
-
m-relay
<sgp_:monero.social> versus today's $11k
-
m-relay
<articmine:monero.social> Not necessarily if the ham drops down by a factor of 10
-
m-relay
<articmine:monero.social> It is a band aid, not address the issue
-
m-relay
<chaser:monero.social> do you approach it as "delay that bump as much as possible, hopefully hardware and uplink will grow by then"?
-
m-relay
<sgp_:monero.social> chaser: sure, that's part of this. Performance improves over time. Further, FCMP benefits are far greater than a moderate ringsize increases. We get a lot more benefit for the same cost
-
m-relay
<articmine:monero.social> Uplink is not an issue, and hardware is heavily underutilized with little or no parallel processing
-
m-relay
<sgp_:monero.social> the cake nodes are already having major issues handling rpc connections fwiw. That can be improved, but not in an immediate fashion
-
m-relay
<articmine:monero.social> Take the Monero Nodo for example. These devices have a very personal graphics processor that literally sits idle
-
m-relay
<articmine:monero.social> They could not take advantage of parallel processing
-
m-relay
<sgp_:monero.social> no, it's the speed of the monerod locks (and related) that's the issue. The whole blockchain currently needs to be stored in ram
-
m-relay
<chaser:monero.social> yes, FMCP is the silver bullet, the cost is that we can't have it at least for over a year, probably more
-
m-relay
<articmine:monero.social> We have to deal with the cause instead of just focusing on the symptoms
-
m-relay
<rucknium:monero.social> Doesn't the RPC performance have little to do with ring size?
-
hyc
the monero blockchain does not reside in RAM
-
m-relay
<sgp_:monero.social> larger transactions will slow down all connections, read/write, etc
-
m-relay
<articmine:monero.social> Monero needs to be run on SSD
-
m-relay
<articmine:monero.social> Not HDD
-
m-relay
<sgp_:monero.social> it is an ssd :p
-
m-relay
<sgp_:monero.social> nvme
-
m-relay
<sgp_:monero.social> cake nodes already need ram cache to keep up
-
hyc
monerod locking is the biggest problem there
-
m-relay
<sgp_:monero.social> absolutely
-
m-relay
<sgp_:monero.social> and again, these things can be solved, but not with a snap of our fingers
-
m-relay
<sgp_:monero.social> _unlike the minimum fee_
-
m-relay
<articmine:monero.social> Why is it locking
-
azunda
4x will do nothing to a professional adversary
-
m-relay
<sgp_:monero.social> that's how monerod is written
-
m-relay
<rucknium:monero.social> If there was something like a bitcoin electrum server for Monero, maybe you would not have conflicts:
blog.keys.casa/electrum-server-performance-report-2022
-
hyc
because back in the mists of time, when monerod's blockchain was entirely RAM resident, you needed fine-grained locking to be able to use it safely
-
hyc
with LMDB transactions you don't really need that any more, but it's a major rewrite to change the interaction style
-
m-relay
<articmine:monero.social> So is this a database issue?
-
hyc
no, the database is lock-free.
-
hyc
it is an interface to the database issue
-
m-relay
<sgp_:monero.social> cake is bottlenecked by the lock implementation currently, yes
-
m-relay
<articmine:monero.social> So Monero needs to be optimized
-
m-relay
<articmine:monero.social> Monerod
-
hyc
yes
-
m-relay
<sgp_:monero.social> which they can design around, but that will take months of testing or for a completely fresh rewrite
-
hyc
the whole blockchain_db pile of code is fuggly
-
hyc
but it was a shim layer between the memory-only blockchain and the DB-oriented one, so it is heavily compromised in many ways
-
m-relay
<sgp_:monero.social> I agree with articmine that this stuff can be optimized, at that it's good to take advantage of the performance that we have. But, I also think Monero should have much higher fees to discourage attacks like this, and yes, even micropayments
-
azunda
*even micropayments - step back in adoption ?
-
azunda
and how much of increase would be enough ? because i don't believe 4x will do anything to an adversary like this
-
m-relay
<rucknium:monero.social> I will draw some budget lines and indifference curves :D
-
m-relay
<sgp_:monero.social> thanks rucknium, these are always very useful to use in discussions like these
-
m-relay
<gfdshygti53:monero.social> 10 cents is still reasonable territory imo.
-
azunda
10 cents - if price stays at course
-
m-relay
<rucknium:monero.social> sgp_: I can't tell if you're serious or not 😁
-
m-relay
<rucknium:monero.social> I will try to figure out a way to compare these things
-
azunda
if we make changes to the fees and suddently price increases 10x which would not be a sci-fi event - it would grow to $1 USD per tx ?
-
m-relay
<sgp_:monero.social> I know you will :)
-
m-relay
<articmine:monero.social> Fees impact both ham and spam. To put it bluntly a crude tool. Furthermore imposing an artificially high node relay fee can cause miners to accept transactions directly. This can be a privacy and decentralizion nightmare
-
m-relay
<sgp_:monero.social> soft fork or hard fork, just like we're discussing now. Unfortunately, that's the way it'll have to be to protect privacy before FCMP
-
hyc
there must be a better tool to deter spam. like a PoW required before submitting a txn
-
m-relay
<articmine:monero.social> Also if the ham falls by 10x then we are effectively back at 0.01 USD from a spam cost perspective
-
m-relay
<sgp_:monero.social> yup, and hooray, we would need to adjust again. I don't see another way around it, unless we find some pow thing promising I guess
-
azunda
seems that PoW until FMCP is the way ?
-
m-relay
<articmine:monero.social> PoW to submit is even worse. For starters it discriminates against most of the developing world
-
m-relay
<sgp_:monero.social> new plan: everyone needs to have an account at the monero kyc blockchain to send transactions
-
hyc
I suppose it's all the same thing, adding a cost to making txns, whether in monetary fees or in resource costs
-
m-relay
<sgp_:monero.social> :p
-
m-relay
<rucknium:monero.social> PoW spam prevention didn't really work for Nano. They got spammed anyway and had to change their model.
-
m-relay
<sgp_:monero.social> arguably monero has pow as an option already: mine, get xmr, use that to pay fees :p
-
m-relay
<articmine:monero.social> They are mostly in the tropics, while the spammer can launch the attack from a cold place
-
m-relay
<articmine:monero.social> Call it the ArticMine attack
-
hyc
we need a surge pricing model that takes network topography into account
-
azunda
to think of it, if adversary can spend 3 XMR per day today, he can surely afford PoW attack
-
m-relay
<sgp_:monero.social> yup, and higher fees will also make a PoW attack more expensive
-
hyc
txns from low volume networks get lower fees
-
azunda
yeah make the fee model so complicated they run away just from seeing it :D
-
m-relay
<chaser:monero.social> I'm sympathetic to that. or maybe a multi-faceted approach that distributes the "pain": moderate txPoW, moderate ring size increase, moderate minimum free increase, and modifying the median parmeters as Artic outlined.
-
m-relay
<chaser:monero.social> how do you mean taking network topo into account?
-
hyc
we can't really do it, since we have dandelion / tor / i2p to anonymize txn origin
-
m-relay
<articmine:monero.social> I mean instead of PoW to submit consider an XMR micro burn to submit. At least it is fair to those in the tropics
-
hyc
assuming none of those existed, we could see when large volumes are coming from clustered network addressese, like all coming from OVH, or Linode, or AWS
-
m-relay
<chaser:monero.social> that would be a fair trade-off, but a horrible UX. people shouldn't have to understand this choice and make a decision when they transact
-
m-relay
<articmine:monero.social> It exposes the reality. I do agree it is a horrible UX
-
m-relay
<chaser:monero.social> I see. I think taking factors external to the blockchain is a very slippery ground.
-
azunda
attacker would just proxify
-
rbrunner
I still hope somebody will give submit PoW a bit more thoughts. Over the years we must have spent many person months analysing rings, but almost nothing yet where we could go with that
-
azunda
or use a botnet
-
hyc
sure but that slows them down
-
m-relay
<sgp_:monero.social> it would kill accountless public nodes fwiw
-
rbrunner
And "It did not work for Nano". Yeah, maybe, but we can do better sometimes. See our "Your can't beat ASICs" breakthrough with RandomX
-
m-relay
<articmine:monero.social> Still I have seen nothing better than a ring size increase combined with a 4x increase in the minimum node relay fee below the minimum penalty free blocksize
-
m-relay
<sgp_:monero.social> What if we did >4x min fee increase
-
hyc
realistically - how do these fees compare to a credit card txn fee?
-
hyc
at some point you just have to acknowledge that there is a cost to a well maintained network
-
m-relay
<sgp_:monero.social> with 4x increase and today's prices, that's $46k/mo in fees
-
m-relay
<rucknium:monero.social> By the way, last meeting I said effective ring size decreases with increased spam in an exponential decay. It is actually hyperbolic decay. The plots look similar.
-
rbrunner
I don't want to be "only 20% as bad as credit card" for all the hoops you have to jump through with a cryptocurrency
-
m-relay
<sgp_:monero.social> current monero fee per tx starts at $0.0039, or 100x cheaper than a credit card min fee
-
rbrunner
I react to the thought experiments "What if the fee is 10 US cents"
-
m-relay
<sgp_:monero.social> the US Fed is proposing a cut of the debit card fees to 14.4 cents per transaction
-
m-relay
<articmine:monero.social> It is a partial solution, which can be implemented without a hard fork
-
rbrunner
I really don't want to take any of that as a yardstick. "Look how much worse credit cards still are". Yikes.
-
m-relay
<articmine:monero.social> Just do a fee modification
-
m-relay
<sgp_:monero.social> I think it's a reasonable upper bound to consider, even if the ideal is much less than that if there were no spammers
-
m-relay
<articmine:monero.social> Credit card fees are a real mess. Even worse when hidden exchange rate surcharges are factored in
-
azunda
what if the "attack" keeps on going after increasing the fee x4 ?
-
m-relay
<articmine:monero.social> Certainly not what I would use as a standard
-
azunda
at what point should we consider it organic ? after fee is increased to 10$ usd ?
-
m-relay
<sgp_:monero.social> does anyone oppose to $0.10 fee as a sanity check?
-
sech1
Just look at an all-time chart and stop telling it's organic:
bitinfocharts.com/comparison/monero-transactions.html#alltime
-
m-relay
<chaser:monero.social> doing it without a hard fork could have minimal effects. people may just not update to the point release. even with a hard fork, if it's only the relay fee, an attacker can coordinate with a pool (send them their tx's). if there is a fee increase, it should happen on the protocol-level.
-
m-relay
<sgp_:monero.social> not as an actual proposal, but "this is roughly in the 'feels correct' territory"
-
m-relay
<rucknium:monero.social> $0.10 fee/tx is too high IMHO
-
sech1
No one anywhere is posting on "how to download a wallet", so we don't have many new users now
-
m-relay
<sgp_:monero.social> Rucknium why do you feel it is too high?
-
rbrunner
If we have to raise fees to 0.10 US cents per transactions to keep a reasonable level of privacy, IHMO we have simply lost.
-
m-relay
<articmine:monero.social> I agree
-
azunda
at 10 cents it's 10% of a 1$ coffee
-
azunda
pure rage
-
sech1
Fee increase is a dangerous thing to do
-
m-relay
<rucknium:monero.social> We can ask Monero users in Argentina.
-
sech1
When price pumps 10x, you will hardfork again to decrease fees?
-
rbrunner
You mean with a fee explosion we make many new friends there?
-
m-relay
<articmine:monero.social> Good point
-
m-relay
<sgp_:monero.social> sec1: there must be an implied value of XMR before FCMP, it's unavoidable
-
azunda
sech1 - switch to log view, we had many events like this
-
azunda
and add to this the current big exchange delisting
-
m-relay
<sgp_:monero.social> clearly we made an assumption about the price of XMR right now and it was too low
-
sech1
all previous events had news linked to them, like Alphabay starting using Monero
-
m-relay
<sgp_:monero.social> the relationship between blocksize and XMR value did not correlate as articmine had hoped
-
sech1
Big exchange delisting and transactions spike didn't happen on the same day
-
m-relay
<rucknium:monero.social> The skepticism about the spam hypothesis just means it's in my research agenda :).
mitchellpkt.medium.com/fingerprinti…ero-transaction-volume-a19cbf41ce60
-
azunda
sech1 - didn't happen the same day because of the price drop, people were scared it will go to zero
-
azunda
after dust settled people came back
-
m-relay
<sgp_:monero.social> regarding the $0.10 is too expensive for people in some countries, unfortunately I don't know how we can possibly plan around accommodating this
-
m-relay
<rucknium:monero.social> But first: Assume it's a black marble flood and measure potential impacts and options. Then evaluate the spam hypothesis empirically.
-
m-relay
<sgp_:monero.social> even if we don't hike the fees and the attacker keeps spamming, then users will still be priced out since their transactions have too low of a fee to be confirmed
-
sech1
Binance has closed withdrawals most of the time, they couldn't physically release so many coins to so many users, so I don't believe this connection
-
azunda
large amount of people could use Binance to trade between themself without actually doing it on the chain
-
m-relay
<sgp_:monero.social> the transaction fee will always need to be anchored in real network costs, irrespective of one's ability to afford the transaction fee
-
rbrunner
We could also think a bit about our limited dev time budget. Every person week going into battling this moves Seraphis/Jamtis and FCMPs further out
-
m-relay
<chaser:monero.social> I'm not, but I do oppose gauging protocol parameters in dollars. XMRUSD may halve or 5x in a year.
-
rbrunner
And Seraphis has a much higher ringsize more "naturally"
-
sech1
azunda to move from Binance to on-chain, they first need to withdraw and withdrawals are nowhere near at the capacity needed for this flood
-
m-relay
<articmine:monero.social> The delisting by Binance eliminated a very significant centralized ledger where settlement of XMR was occurring. This is not unlike what has happened with Bitcoin where centralized ledger settlement has taken over
-
sech1
asticmine same, read my message
-
sech1
You both don't understand that it's just not enough coins there to provide all this flood
-
sech1
Numbers don't add up, so maybe 1-2k transactions per day come from Binance refugees, but not more
-
rbrunner
And all of a sudden almost magically most people only produce 1 in, 2 out transactions. Nice fairy tale, IMHO.
-
m-relay
<sgp_:monero.social> agreed, this is one of the biggest signs. All 1in/2out is impossible to reconcile at this scale
-
sech1
I understand people want to believe in sudden 5x adoption, but reality is more likely to be some spam
-
m-relay
<articmine:monero.social> Actually looks at the surge just when Binance delisted. It is close to double
-
azunda
withdrawals were closed but not incoming transactions
-
azunda
they could still do business
-
azunda
now they do it outside
-
m-relay
<sgp_:monero.social> sech1: why are you against raising fees?
-
sech1
because fees are fine?
-
m-relay
-
sech1
Compare to BTC fees (in BTC terms vs XMR fees in XMR terms)
-
rbrunner
azunda, go a bit back in time and look carefully at block before this attack, how transaction sizes vary if they are "organic"
-
sech1
they're literally the same
-
sech1
you raise fees today, few years down the road you have to drop them because price pumped 10x
-
sech1
stupid
-
m-relay
<sgp_:monero.social> what do you mean fees are fine? fees are supposed to discourage this behavior. Pricing where BTC == XMR makes no sense to me, since the attacker isn't acquiring at those BTC costs
-
sech1
I mean it's a stupid thing to do every time something happens
-
m-relay
<sgp_:monero.social> it's not stupid because the alternative is not having an adequate deterrent
-
m-relay
<sgp_:monero.social> I 100% agree it's shitty
-
m-relay
<sgp_:monero.social> but what else is realistic? not having a deterrent? that's even worse
-
azunda
if it's one or couple more big players that started using some automated tools, the tx could have patterns ?
-
rbrunner
Really not sure about "no adequate deterrent". They spam well below their technical capacity, no?
-
sech1
If it's a big resourseful attacker, believe me 10x fees won't help
-
m-relay
<rucknium:monero.social> I plotted the daily tx volume of txs with the "spam fingerprint" (1in/2out 20 nanoneros/byte) in Feb and March 2024:
github.com/Rucknium/misc-research/b…ages/spam-fingerprint-tx-volume.png
-
sech1
Bigger ring size could help better
-
m-relay
<rucknium:monero.social> From about 15,000 to 100,000 in about a day.
-
m-relay
<sgp_:monero.social> we need to draw the line somewhere, else we should just roll out the "we're fucked" map
-
m-relay
<chaser:monero.social> that was a 50% surge which then quickly ended.
-
m-relay
<sgp_:monero.social> bigger ringsize is a similar lever as higher fees, but with more network costs
-
sech1
Plus I'm against raising fees because it will screw up p2pool miners big time
-
sech1
Not until there is a cheap way to consolidate p2pool payouts
-
sech1
i.e. coinbase outputs
-
m-relay
<sgp_:monero.social> that's the real reason you hate it; is there no way to give people fewer, larger outputs?
-
sech1
That's the main reason but not the only one
-
sech1
the USD price is the other one
-
m-relay
<rucknium:monero.social> IMHO, when (if) ring size increases in next hard fork, make all coinbase output spends ringless like MRL issue #...
-
azunda
if this is an attack, we would need to increase the fee 100x - that's not "ideal".
-
azunda
to even make a dent
-
sech1
You can't just change fees because price is low and fees are cheap. Next you'll have to change them all the time to fit a new XMR price
-
m-relay
<sgp_:monero.social> the ideal state is not being under attack lol. But given we're here, we need to compromise on something
-
m-relay
<rucknium:monero.social> This one:
monero-project/research-lab #108 "Coinbase Consolidation Tx Type"
-
m-relay
<sgp_:monero.social> and I'm begging you all for the compromise to not be massive transactions because we can't agree to make transactions more expensive
-
rbrunner
With the danger of being a heretic: We do not "have to" do something. I can live with ringsize 5.5 and the danger they will spam more until Seraphis and FCMPs.
-
azunda
sgp pushing hard on fee increase
-
m-relay
<articmine:monero.social> It targets the spam and not the ham
-
azunda
is there a hidden agenda ? /s :D
-
rbrunner
Given the "shitty" alternatives
-
sech1
Transaction sizes will increase with Seraphis anyway, so why not increase ring size a little before that?
-
m-relay
<sgp_:monero.social> I don't know what you mean by ham, but fees literally target the spammer directly by requiring them to pay more, without costs to nodes. And it also benefits miners (p2pool mini dust outputs aside)
-
rbrunner
Not to forget that we always only talk about 1 out of 3 privacy mechanisms ...
-
m-relay
<sgp_:monero.social> as I said before, I'm not against a ringsize increase. But I am begging you to additionally hike the fees
-
m-relay
<articmine:monero.social> Ham legit transactions as opposed to spam
-
m-relay
<sgp_:monero.social> zunda: you must be new here; I've been a (the?) major proponent of most ringsize increases haha
-
m-relay
<sgp_:monero.social> azunda: you must be new here; I've been a (the?) major proponent of most ringsize increases haha
-
sech1
If ring size increase will reduce the efficiency of the spam attack, why increase the fees then?
-
m-relay
<sgp_:monero.social> because fees arguable reduce the efficiency even more
-
m-relay
<sgp_:monero.social> because fees arguably reduce the efficiency even more
-
azunda
i'm from the very beginning, had different names.
-
sech1
Not against an attacker who presumably has huge resources
-
m-relay
<sgp_:monero.social> sech1, if the attacker has near unlimited resources, then a larger ring won't do anything either
-
azunda
we should assume that attacker has close to "infinite" recources when it comes to fees
-
sech1
nor increased fees
-
m-relay
<sgp_:monero.social> they'll just hike their fees and take a higher ratio to account for the stronger ringsize protections
-
sech1
increased fees will only reduce legit on-chain activity, and spam tx will stay the same
-
m-relay
<sgp_:monero.social> which is why we need to accept that they don't have unlimited resources, or else we would need to admit this is all pointless
-
azunda
seems like an attack, on adoption by forcing devs to increase the fee.
-
azunda
if they can afford 3 XMR today, they can afford x4 easily too
-
rbrunner
Yes "unlimited resources" will overpower everything, that's not a reasonable base for discussion
-
m-relay
<sgp_:monero.social> anyway, I've made my same points three times now. It's clear that most people here would rather have massive transactions than hike the fee to still-reasonable-levels
-
azunda
how long the attacker could sustain the attack while having "just" 1 Mil USD ?
-
m-relay
<rucknium:monero.social> Ring size 40 is 5.5 Kb for 2in/2out, right? Not massive IMHO.
-
azunda
after increase of the fees
-
m-relay
<snowman:tetaneutral.net> Fee increase does nothing against an attacker with infinite money to spend. Fcmp, keep devs focused and keep moving forward is the only answer.
-
rbrunner
Secretely I almost start to hope that our decision process will sort-of-deadlock like it did regarding tx_extra stay/remove, and we just do nothing.
-
m-relay
<sgp_:monero.social> that's over a 2x size increase, no?
-
m-relay
<rucknium:monero.social> Yes, we are in the 3rd hour of the "meeting". We have run out of new points to make with the current information available.
-
m-relay
<rucknium:monero.social> yes. Only 2x
-
sech1
I think it's more of a psychological attack than a real black marble attack
-
m-relay
<alex:agoradesk.com> Guys, let's discuss other solutions please. The fee increase bandaid is pointless in my opinion. I would rather the Monero general fund spend 3 XMR per day to counter-spam and thereby dilute the effect of the attacker until FCMP is deployed.
-
sech1
it's not intensive enough to deanonymize most rings
-
sech1
forcing devs to "do something"
-
m-relay
<snowman:tetaneutral.net> Agreed
-
m-relay
<alex:agoradesk.com> sech1 is correct, and so is rbrunner, there is no forced action here.
-
m-relay
<articmine:monero.social> I proposed increasing the reference transaction size from 3000 bytes to 8000 bytes, but only increasing the minimum penalty free blocksize from 300000 bytes to 400000 bytes. This requires an increase in the minimum node relay fee of 4x
-
m-relay
<articmine:monero.social> The 8000 byte figure is to accommodate full membership proofs with tx sizes around 5500 bytes vs around 2000 bytes now
-
azunda
if price of Monero goes up by 10x the new fee would be painful to some
-
m-relay
<alex:agoradesk.com> Just raising the fees based on an arbitrary American's understanding of what's reasonable is not how things should be done in Monero.
-
m-relay
<articmine:monero.social> As an interim solution this can also accommodate a ring size of 40 or even more
-
m-relay
<snowman:tetaneutral.net> Can we tie ring size dynamically to spam
-
m-relay
<articmine:monero.social> No
-
azunda
due to uniformity problem or other technical problem ?
-
m-relay
<chaser:monero.social> we don't know that.
-
m-relay
<alex:agoradesk.com> I prefer ArcticMine's solution, but honestly I don't think this is an urgent situation. I think counterspamming until FCMP comes is something people who are worried about this should do. This doesn't require any hardforks or deployments.
-
azunda
the organic growth we had will counter attack the adversary (if it's adversary) more and more
-
m-relay
<rucknium:monero.social> Uncoordinated counterspam is hard to stop. How do the counterspammers know that the malicious flood is finished?
-
azunda
time is on our side
-
m-relay
<alex:agoradesk.com> They don't. But after FCMP it doesn't matter.
-
m-relay
<alex:agoradesk.com> Additionally, counterspammers can declare on /r/Monero that we stop counterspamming for a day to see if the attack subsided.
-
m-relay
<alex:agoradesk.com> The fundamental issue here is not going to be solved until FCMP, no matter how many bandaids you apply.
-
m-relay
<rucknium:monero.social> Alex | LocalMonero | AgoraDesk: "The fundamental issue here..." I agree.
-
m-relay
<articmine:monero.social> There is also the possibility of multiple black marble attackers working against each other. This attack only works with only one spammer
-
m-relay
<rucknium:monero.social> (It's a live system and people depend on it for privacy now FWIW.)
-
m-relay
<chaser:monero.social> yes, as was stated last time, we're looking for the least bad strategy (in case we're looking at all)
-
m-relay
<alex:agoradesk.com> Does anybody want to start a counterspam task force? Let's make a group and coordinate this. PM me.
-
plowsof
burn 3xmrday on tx spam or fund FCMP development with it
-
m-relay
<alex:agoradesk.com> AFAIK, FCMP development doesn't lack funding.
-
azunda
what we really need is more adoption, this attacks would be worthless if we had 100x more real tx
-
nioCat
plowsof: why not both?
-
m-relay
<chaser:monero.social> that is very unwise, for the reasons I outlined in my summary on Github. you don't want to make Monero's privacy depend on the unverifiable altruistic actions of trusted parties. moreover, you don't want Monero to be *seen* like that. it would create a disastrous reputation, which would also reflect in the price.
-
m-relay
<alex:agoradesk.com> Like it or not, rings are a weak point of XMR and have been for a while.
-
m-relay
<articmine:monero.social> That is my understanding. If I understand correctly ring 40 would also significantly mitigate the spam. So this looks like a valid option
-
m-relay
<alex:agoradesk.com> If you're worried about the marbles, without FCMP, this is one solution.
-
plowsof
localmonero should fund a tumbler address then. every piconero sent to it will be churned over and over. it can have a vanity address "Sp4mt4skforce"
-
azunda
increasing it was the best idea so far but i would leave fee alone as increasing them by 4x or even 10x will do nothing to let's say chainalysis company that earns millions of dollars
-
azunda
and it will only harm adoption which fixes this
-
azunda
*increasing ring size
-
azunda
as articmine suggested
-
m-relay
<chaser:monero.social> I asked last summer if it lacked talent; the answer was no.
-
m-relay
<snowman:tetaneutral.net> Has there been any effort to reach out to cake, changenow, trocador, localmonero to see if there is any significant bump in usage since binance delisting
-
m-relay
<rucknium:monero.social> Yes FCMP needs more talented labour.
-
m-relay
<rucknium:monero.social> Having capital does not mean that you have labour.
-
m-relay
<123bob123:matrix.org> Torcador just ask morpheus
-
m-relay
<123bob123:matrix.org> Not in this room tho
-
m-relay
<alex:agoradesk.com> Assuming that yes, it still doesn't explain away the 1 in/2out flood.
-
m-relay
<sgp_:monero.social> azunda: you realize a >2x increase in the transaction size also means an implied >2x increase in Monero fees right? Just making sure
-
m-relay
<chaser:monero.social> I posted charts of Bisq daily trade numbers and volume in the #monero-research-lounge:monero.social . there is nothing there that would explain this volume (not that it would matter).
-
m-relay
<sgp_:monero.social> azunda: you realize a >2x increase in the transaction size also means an implied >2x increase in Monero fees per transaction right? Just making sure
-
azunda
yes
-
m-relay
<articmine:monero.social> Not if you increase the minimum penalty free blocksize by the same amount..
-
azunda
nice
-
m-relay
<sgp_:monero.social> ArticMine: I really hope you ask for Cake's opinion before you double node requirements lol. Their monthly node cost is already thousands of dollars. They already move over 200 TB/mo
-
azunda
sgp - and how much do they earn ?
-
azunda
it's probably a fraction of their income...
-
azunda
*small fraction
-
m-relay
<articmine:monero.social> In my proposal the minimum penalty free zone would be increased by half. So in terms of the current penalty free blocksize this is equivalent to 150000 bytes. With quadratic scaling the fee would fall back to the current at 300000 bytes equivalent or 800000 bytes.
-
azunda
so on one hand we have a company that earns a lot of money to pay a bit more for their servers and on the other hand ALL users of Monero
-
m-relay
<rucknium:monero.social> I don't think we know how increasing ring size affects remote node performance. How much of the ring sig data actually needs to be sent to wallets?
-
m-relay
<chaser:monero.social> not that I wish ill on Cake, but calibrating the protocol according to the needs of large centralized RPC providers is quite against the ethos of decentralization.
-
m-relay
<rucknium:monero.social> Pruning eliminates most rig sig data and it is not supposed to affect wallet operation at all.
-
m-relay
<rucknium:monero.social> If you need to keep the whole blockchain in RAM, prune the node in RAM.
-
m-relay
<sgp_:monero.social> so we can assume roughly 50% more p2p traffic with this proposal?
-
m-relay
<sgp_:monero.social> unless there's something else I'm missing
-
m-relay
<articmine:monero.social> A better solution in my view is to optimize monerod and support large scale parallel processing on CPU and GPU. This will help all users both large and small
-
m-relay
<rucknium:monero.social> boog900, hinto , SyntheticBird45 : Any comments about how cuprate plans to parallelize?
-
m-relay
<articmine:monero.social> It is 2.5x in bandwidth, and the same as expected for FCMP
-
m-relay
<articmine:monero.social> FCMP
-
m-relay
<sgp_:monero.social> the issue is that cake can't whip up a custom, prod-ready lmdb reader in a week. In time for FCMP, sure
-
m-relay
<articmine:monero.social> This hard fork will not happen in a week. Seriously
-
m-relay
<rucknium:monero.social> ArticMine: When you have a range of fee and blocksize adjustment options available, I can do some modeling.
-
m-relay
<boog900:monero.social> better and we will have no locks for RPC requests.
-
m-relay
<boog900:monero.social> For my last CCS while I was implementing Monero's consensus rules in Cuprate I made an RPC scanner to test them, it gets data like outputs from public node's RPC. I ran it side by side with monerod doing full verification and the RPC scanner completed first around 170,000 blocks ahead
-
m-relay
<articmine:monero.social> 👍
-
m-relay
<boog900:monero.social> monerod was ahead until RCT and then the RPC scanner started to catch up, over taking around block `2428000`
-
m-relay
<chaser:monero.social> that's great news. for scanning speed, is that number relevant though (blocks per full chain scan)? wouldn't a metric like "tx type 6 rings per second" be more descriptive?
-
m-relay
<gingeropolous:monero.social> some thoughts as im reading through logs. re: raising the fence. adding a tx-pow might do stuff. oh i see rbrunner7 brought that up. And yeah, somehow hooking the PoW difficulty into tx_pool size could be interesting. I share the concern about "real" fees re: the need to have lots of ham for monero's ring sigs to work right. And yeah Rucknium , i've talked about tieing fees to h<clipped me
-
m-relay
<gingeropolous:monero.social> ashpower. i personally think hashrate is closes we can get to a within-chain metric of monero's extrinsic value. ArticMine , how does PoW to submit discriminate against most of the developing world? I'd imagine the PoW requirement for a single tx would be minimal, but if we could somehow find a way to connect the PoW requirement to volume. Perhaps its at the peer level. I.e., I al<clipped me
-
m-relay
<gingeropolous:monero.social> ready received a transaction from this peer within the past 10 usec. I need a higher PoW to receive another.
-
m-relay
<boog900:monero.social> Those exact numbers don't really mean anything more just the point that we are requesting outputs for rings over RPC and we completing verification faster than monerod getting them locally and that monerod becomes significantly slower around RCT.
-
m-relay
<boog900:monero.social> We don't have a working database yet so until then I don't think any measurements of how fast we can verify txs will be completely accurate. I am planning to bench Cuprate vs monerod more thoroughly though when more is done.
-
m-relay
<wizeguyy:tchncs.de> I realize I'm late to the party, but this has been discussed elsewhere. Network difficulty serves as a responsive and trustless Oracle to the purchasing power of the coins. You should consider setting fee as a function of difficulty
-
m-relay
<chaserene:matrix.org> it is being considered, with the latest mention two messages before yours (hash power and difficulty are highly positively correlated). it looks like now a good deal of the messages from monero.social users are making it through to the matrix.org home server, but maybe some earlier mentions are not visible to you.
-
m-relay
<wizeguyy:tchncs.de> Ah great. Sorry for the noise then 😅
-
m-relay
<rucknium:monero.social> A really rough draft of my initial privacy impact estimates of the suspected black marble flooding:
rucknium.me/html/monero-black-marble-flood.pdf
-
m-relay
<rucknium:monero.social> It's basically a writeup of the methodology for the plots I shared earlier. This version will be accessible at that link for about 24 hours.
-
m-relay
<articmine:monero.social> Thanks for the preview.
-
m-relay
<articmine:monero.social> 1) The cost of PoW is dependent on the ambient temperature. This is a common misconception regarding PoW. People do not take the cost or value of the heat produced into account. Most developing countries are at or near the tropics.
-
m-relay
<articmine:monero.social> 2) The processing impact is going to be higher on older less capable devices. Again this is more prevalent in poorer developing countries.
-
m-relay
<articmine:monero.social> The attacker can on the other hand launch the spam from a cold developed country. Canada comes to mind. So think of this as the ArticMine attack. It works best when it is nice and cold. Say -40
-
m-relay
<articmine:monero.social> C or F
-
m-relay
<articmine:monero.social> The spammer stays warm using the heat produced by the attack in face of the very cold temperatures
-
m-relay
<chaser:monero.social> that was an enlightening part of your Monerotopia interview: the way the current protocol provides security is very energy-efficient (the only parties doing PoW are specialized and can be at the most efficient locations, regardless of where users are). but I want to point out that in a protocol with txPoW, the reasons for hashing aren't the same: miners hash for the block reward a<clipped message>
-
m-relay
<chaser:monero.social> nd fees above penalty; senders hash for inclusion. you can't offload txPoW to miners; the practical equivalent would be to simply raise fees.
-
m-relay
<jack_ma_blabla:matrix.org> it would be a sci-fi event
-
m-relay
<jack_ma_blabla:matrix.org> Proof of Work (PoW) on mobile devices? How many transactions per second does the attacker need to perform right now? And how many VPS can easily handle it? It's absurdly easy to scale for an attacker. Unless you want mobile users to do PoW for a few hours before they can broadcast a transaction.
-
m-relay
<gingeropolous:monero.social> yeah, they stay warm but they get extremely throttled. and/or they have to own a lot of IPs (of course, ipv6 or i2p/tor negates this). meanwhile someone in the tropics doesn't need to hit as high a diff, because the node that receives their transaction hasn't seen a tx from that IP yet. a lot of moving parts with that one though
-
m-relay
<gingeropolous:monero.social> i think you could tie it to peer ID. Node A goes "man, there are a lot of txs coming from Peer B. I'm going to only accept txs from B if they submit a higher difficulty"
-
m-relay
-
m-relay
<gfdshygti53:monero.social> We might have a TX stuck in the mempool since ~40 minutes
-
m-relay
<gfdshygti53:monero.social> weird
-
m-relay
<gingeropolous:monero.social> wheres the data pulled from
-
m-relay
<gfdshygti53:monero.social> My public node
-
m-relay
<gingeropolous:monero.social> so node A goes "OK, i'll remake the package with a higher diff" and then sends it.
-
m-relay
<chaser:monero.social> ok, let's note we are talking about two distinct txPoW designs:
-
m-relay
<chaser:monero.social> 1. one is enforced on the network level, tied to node identities
-
m-relay
<chaser:monero.social> 2. the other enforced on the protocol level (I have been referring to this so far)
-
m-relay
<chaser:monero.social> network-level txPoW offers some interesting options (e.g. for wallets that use RPC providers, the provider could take on the burden of the txPow). however, just like with the minimum node relay fee, this can be circumvented by a black marble attacker by colluding with the mining pools.
-
m-relay
<gingeropolous:monero.social> of course, if thats the case, node B would know that node A was the originator of the tx
-
m-relay
<gingeropolous:monero.social> but a standard operation of a node would be to repackage some transactions that get kicked back
-
m-relay
<gingeropolous:monero.social> i think this ends up being a graph theory thing
-
m-relay
<gingeropolous:monero.social> how did neo do it or whatever the coin was
-
m-relay
<gingeropolous:monero.social> did they have any fancy stuff?
-
m-relay
<gingeropolous:monero.social> chaser: , ah, protocol level. yeah that could make sense too.
-
m-relay
<gingeropolous:monero.social> honestly the "colluding with mining pools" is like... well, nothing holds together with that branch of logic
-
m-relay
<gingeropolous:monero.social> regarding a PoW-based blockchain cryptocurrency network. IMO.
-
m-relay
<chaser:monero.social> why doesn't it? in the standard Nakamoto setting, which applies to Monero too, miners are solely interested in turning their expenditure on hardware and electricity to money, in the way that provides the widest profit margin. they couldn't care less about the ethos of a network, its health, its community or any such factor. we are not at the mercy, nor under the protection, of miners.