00:01:23 they are anonymous, reputationless, practically homogenous contractors that coin holders (in the form of supply inflation) and senders (tx fees) hired. 00:02:49 Forgive me if it's out of turn to comment here aftering the meeting. But sgp's concise statement here accurately summarizes my take as well. Increased ringsize is ok, but really the fee and dynamic structure should be adequate to deter even fairly serious attackers in the first place. (Assuming it is possible to do so). 00:11:26 I think sgp is on the right track here. I do think some current users will be a bit miffed by $0.10 transaction fees. But I think the people who are willing to go through wallet syncs, 10 block lock, and other UX problems are also willing to pay slightly higher fees. There are many digital garbage payment methods that have very low fees. There is currently only one fair launch POW crypto-currency with tail emission and encrypted amounts. Monero shouldn't be overly concerned about competing with other payment methods that are cheaper. I have access to more than a handful of ways to send money for cheaper than Monero, but none of them are non-custodial, private, and resistant arbitrary dilution of the currency supply. 00:12:11 I think sgp is on the right track here. I do think some current users will be a bit miffed by $0.10 transaction fees. But I think the people who are willing to go through wallet syncs, 10 block lock, and other UX problems are also willing to pay slightly higher fees. There are many digital garbage payment methods that have very low fees. There is currently only one fair launch POW crypto-currency with tail emission and encrypted amounts. Monero shouldn't be overly concerned about competing with other payment methods that are cheaper. I have access to more than a handful of ways to send money for cheaper than Monero, but none of them are non-custodial, private, and resistant to arbitrary dilution of the currency supply. 00:15:27 10 cents fee is not the same for everyone 00:15:27 While it's nothing for you or me, it's can be 1% of your salary somewhere in africa 00:15:28 But he is right, that is going to increase for the spammer a lot 00:23:24 Again, while I understand the emotional reason for low fees, the reality is that if they are too low to deter a damaging amount of spam, then they are too low. 00:26:37 And privacy loss is only one of the damages, setting aside permanent blockchain storage, node data, wallet sync time and data, etc 00:32:12 I'm not saying AT ALL to throw out affordability as a goal. But having low fees to the detriment of security and privacy is an issue 00:51:58 How do you propose to enforce a few that is 25x what is needed for scaling? If the answer is node relay what is to stop a miner or mining pool from accepting transactions directly on a website in exchange for personal information? 00:52:08 A fee 00:53:03 What if there is a sudden increase in the price? This has happened before. 01:08:48 Unfortunately, price in the future is a total unknown. Sadly, we need be be kinda restrictive and allow a fee market to form. And in the meantime, I don't know a better solution than adjusting each fork as necessary. However, in the future, perhaps some mechanism where miners could vote to adjust the minimum could be researched and used. 01:09:38 There likewise could be a major decrease in price. No matter what, some adjustment is needed in those cases to be safe, either done by the market or by social consensus 01:10:41 We're not going to be able to predict the future price accurately. It's not a function of the number of transactions. It's not about the mining hashrate. We can't create an algorithm to predict it :( 01:11:26 Anchoring to hashrate might be the most sensible of those ideas though, since at least there's a direct, real cost 01:11:56 Even so, there's a built in prediction of future hashrate costs, which are unknowable 01:12:05 Monero has a fee market that actually . If you mean the Bitcoin so called fee market that is another matter 01:12:30 Monero only very recently has a fee market :) 01:13:14 Thank you spammers ❤️ 01:13:26 You mean when we went into the penalty 01:14:41 Yeah. We need a fee market that is robust enough to keep spam from consuming most block space. For Bitcoin, the fees are high enough that people aren't spending just to mess around, at least in large numbers 01:15:05 (yes I know "spam" is undefined and a moving target, but again, we gotta start somewhere) 01:15:28 as far as using hash rate/difficulty for setting fees, Monero lost ~35% of its HR when Zephyr became the thing to mine 01:16:31 That wasn't a serious suggestion by me to use, and yes there are certainly many challenges with that approach. At least RandomX is a very market-efficient algorithm 01:17:02 There are nearly 0 barriers to entry which is important 01:17:58 sgp_: am I understanding correctly that you would be for a fee increase even if we had FCMP? 01:18:30 You just think sending txs is too cheap to not be subject to spam attacks in general? 01:18:40 Regardless of the privacy implications? 01:19:08 Versus the fee level we have today, yes. These transactions will be even larger (though clearly worth the cost for their great privacy), so it'll be sensible to have higher (but still reasonable) fees 01:19:35 And what is your measuring principle for what fee will deter a sufficient amount of spam? 01:21:34 I mean, look at Bitcoin, there's a huge amount of spam even with fees of multiple dollars per tx. 01:22:08 It would need to be an analysis of the costs of running a node (estimated strain on the network) more than anything. Take the current bandwidth cost of maybe $5/TB, multiply transaction size by ~10 to account for propagation, take current basic SSD storage costs for the space, discount that into perpetuity by maybe 10-20% a year, etc. 01:22:18 We'll never stop all spam and that's not the goal 01:22:52 Yes, this still involved future assumptions as well. So ultimately there still needs to be a competitive fee market 01:25:28 How exactly would that analysis yield an optimal anti-spam fee figure? The price of XMR is in constant flux, and spam can be done as much by a single big actor as by a huge amount of small actors. 01:25:48 There's too many variables that change too fast. 01:26:18 Best we can hope for if preventing spam is such a huge priority is setting it as high as bitcoin and hoping for the best. 01:27:02 There's no perfect in every way solution. You either need small blocks and a competitive fee market, or a social method for updating the minimum fee. Or something else :p 01:27:07 In my opinion it might be the case that the current fee level is "fine". But I think the fee should increase at a "steep enough" rate in lockstep with the block size expansion to disincentivize the spammer from perpetually bloating the chain. 01:27:32 I think chain bloat is a bigger issue that could be at risk than a decrease in effective ring size 01:28:45 If we just ad-hoc increase the fee every time we don't like how fast txs are coming in, would't that be weird? I mean, let's pretend that this tx volume increase was due to organic growth and not a spam attack, would we be discussing raising fees here? I don't think so. 01:28:46 Oh yeah, before FCMP, we also need to consider an attacker's cost to get to x% of the network, where x% is the amount of new outputs they need to get other network transactions to effective ringsize y 01:29:13 If the attacker just wants to sit there and flood the current blocksize I don't think there is much that we should worry about. But I think his expenses should increase at least proportionally as the block size expands. As long as this is the case then we have a "high enough" fence to deter flooders and bloaters 01:30:13 OK so this attack would need to run for a *long* time before a worrying decrease in privacy would occur, right? By that time we'll probably have FCMP. 01:30:32 One way out of this is to get a bunch of organic people willing to use Monero and pay more than the spammer. That's another choice haha 01:30:40 No, see rucknium 01:30:56 He had graphs during the meeting showing a meaningful drop from this alone 01:31:07 I don't think there's a way to stop a flood attack on a low fee and low honest usage network. But if the flooder wants to spam SO HARD that he increases the blocksize then he should have to pay a meaningful increase 01:31:26 Forgive me, what was the number? We're down to how many now? 01:31:46 I think 6 but I don't recall. One sec, let me fetch 01:32:42 From 16 to 6 just from these two weeks? That can't be right. 01:33:04 5.5 I think 01:33:35 Here. It's 5 01:34:13 Yes it's at least close, the selection biases new. And the attacker has something like 80-90% of outputs 01:34:14 Like imagine that the number of honest transactions stays the same and the flooder continues to flood the network WITHOUT increasing the blocksize. Then increasing fees marginally in USD terms probably doesn't do much to him. and we may just decrease the honest transaction count in this case. But we can make them pay a drastically higher rate if blocksize expands (or at least a me aningfully higher rate) 01:35:16 OK, so it seems that due to the nature of how this works it quickly drops down to 5 but doesn't drop lower. 01:35:32 And for it to drop way lower you'd need to sustain the attack for years 01:35:34 Right. If they have x% of new outputs, they pay roughly that x% of the network fees 01:35:40 basically we can't stop the attacker right now, but if he wants to increase blocksize he should have to pay some big bucks. Also even if Monero's effective ringsize has meaningfully deteriorated it is still more private than all other currencies online 01:35:44 Sounds like ArticMine has the right solution 01:36:07 Yes, dropping further would take a while and/or a much larger spam % of outputs 01:36:09 Up the rings to 40 and we'll get a floor of around 16 until we get FCMP, as well as the fees being higher. 01:36:51 Yes, extra disk space. Yes, extra load on the nodes. But the opportunity cost of not increasing rings is also a factor. 01:37:15 You can do that, but I also recommend bumping fees regardless. They're paying almost nothing for this spam. It's a security vulnerability 01:38:18 I wonder how much more they would have to pay if they chose to maximum flood the network after the block size expanded. I feel like that is the more pressing issue. If an intelligence agency can just flood the network cheaply indefinitely even as block sizes go up 1.7x every 70 days then they might choose to do that. Then again they could also choose to majority hash attack and mi ne empty blocks which is even more powerful attack 01:38:24 We'll have to do a hard fork if we're doing this. So might as well bump rings. 01:38:48 Theoretically a fee bump can be a soft fork 01:39:10 Nah, too easy to sidestep. 01:39:12 And financially incentivized. 01:40:49 This is my point too. I don't care if they pay almost nothing to spam the current blocksize. But imagine if they can trivially continue to bloat the chain with cheap transactions while pushing up the long term median every 70 days. This is not a good situation (if it is indeed possible and cheap / trivial given the current structure of how fee's adjust when block size expands) 01:41:51 Yes, they can continue to grow the blocksize. But I don't think it'll grow much with the lowest fee multiplier, by design 01:42:01 There's a lot involved with the formula 01:43:23 I don't understand the way that fees would react to block size expansion haha. I'm just saying if their total expenses don't move up at least in proportion to the expansion of the blocksize then this will likely be an issue in the future 01:43:23 I would, because it's still a public demonstration for a future attack. 01:43:36 The current dynamic block size is very permissive for growth fwiw 01:44:31 Bitcoin had spam even with fees of 20 USD 01:44:41 The absolute XMR costs per transaction will decrease as the block size grows 01:44:54 I know. I'm talking about how fees themselves would change when after the expansion occurs. Would fees generally go up, down, or stay the same? Even if fees stay the same, by logical consequence for the attacker to push up the new long term median he must proportionally increase his flood and hence his expenses correct? 01:45:18 Yes, the total fees per block still increases 01:46:01 Perhaps the real solution to spam is less about fees and more about the ability to prune away all but the strictly necessary data. 01:46:34 Because if disk space was free spam wouldn't really matter 01:46:43 Ah that is a bit of a dicey situation then. Basically at best we are hoping that fiat value of fee per tx stays the same and that the attacker has to increase the number of tx's to meet new blocksize cap. So basically we're hoping his expenses increase proportionally with block size. But theoretically they could fall if Monero's price goes down and the blocksize expands 01:46:47 Currently, verification time and the monerod database lock design are the main annoyances, not strictly the size 01:47:47 Right. So it would seem to me then that optimizing software should be the priority, before any fee increases 01:47:48 yes, but the trouble is we have to keep all transactions forever because we don't know if a transaction has been spent. this is not the case for the UTXO networks 01:48:15 Indeed. At least that's our current understanding. 01:48:50 Fee increases are uniquely well-suited because they can be applied immediately and trivially. But yes, monerod should be improved, and that is tough code to work around. 01:49:07 Hard forks aren't trivial. 01:49:09 Ringsize increase is equally trivial as well, but there's a network cost to nodes 01:49:49 Yes, this assumes the hard fork would be uncontentious. Perhaps it would be contentious, idk 01:50:24 Not due to contentiousness, but due to having to apply it to the entire ecosystem. 01:50:26 And of course I don't want to hard form without good reason. But a decrease in effective ringsize by >50% suggests there's at least an argument in favor 01:50:33 *fork 01:51:13 I have a problem / question about the dynamic block size: Why would we want the minimum xmr fee per transaction to fall if the long term median goes up? I would think the minimum xmr fee per transaction should stay steady regardless of what the long term median does. I guess the consequence is that if the price of Monero goes up then the fiat value of the miniumum tx fee would als o go up, but I don't really see the problem with that. 01:51:20 Also to your earlier point Alex, the Monero network won't collapse if the status quo continues. Action isn't strictly mandatory 01:51:56 Yup. We don't have to rush this. 01:51:56 One of the built-in assumptions is that with adoption comes price increases. But this at least somewhat falls apart when discussing spam 01:53:29 I think the minimum fee in Monero should stay the same and a fee market should develop to push the long term median up. then at the new blocksize where congestion is less, fees will be able to fall some back to the initial mininum fee rate. The need for a decreasing minimum fee measure in XMR seems like an engineering flaw in my opinion 01:53:31 but the privacy usecase goes out of the window 01:53:47 the gloves are off artic haha 01:54:08 Transaction graph privacy is certainly a lot more questionable now in my opinion, yes. Especially with the view of the spammer's wallet key 01:54:12 jack_ma, you are wrong. Monero just has to be better than all alternatives 01:56:12 Monero had ringsize 5 in what, 2017? Lol 01:56:17 also currenrly with increase in tx, the price hasnt increased much ; it has just made attack even cheaper 01:56:22 the difference is that spam on Bitcoin doesn't weaken the security it guarantees to a user, because it's gives zero privacy. Monero requires different considerations. 01:56:34 To be more concise, I don't understand why it would ever be deisrable to have a minimum fee denominated in XMR that falls as the Long Term Median goes up. To me this seems like a bad idea as it makes it easier to bloat the chain. Instead the minimum fee in XMR at the initial blocksize should remain the minimum fee forever. And a fee market should develop that is the mechanism for pushing up the Long Term Median 01:57:23 I agree 100% with you on this 01:58:05 Bitcoin has spam but it's not 90% of blocks for weeks at a time 01:58:11 Oh that's more of a FCMP problem. The fee increase camp seems to favor the fee increase regardless. 01:59:55 Rings will remain a weakness for as long as FCMP isn't deployed. 01:59:55 My problem is less so with the current fees, but the way fees behave when the long term median expands. The minimum network fee in Monero should be untouched and the fee market should determine the minimum practical fee to get mined like in Bitcoin. The difference is that we have an algorithm that allows blocks to expand over time and help alleviate congestion whereas bitcoin does not. 02:00:45 Fwiw, I at least mostly agree with you. Mostly instead of completely only because I need to think about it more :) 02:01:26 I like the dynamic scaling, but the other stuff seems to risky and permissible to me 02:01:53 I mean think about it. Why should th minimum relay fee in Monero ever change? It should stay the minimum forever. 02:03:15 If the network is congested enough and fees are high and people are complaining, then eventually after 70 days the blocksize will expand which will alleviate some of the congestion. and the process can repeat indefinitely in a virtuous cycle. 02:04:36 The only reason in my mind that minimum relay fee denominated in Monero should ever be touched is if there is an absolutely huge price pump where the initially established minimum relay fee is now worth a considerable amount of real goods and services. But let's be real here that probably won't happen 02:04:54 yes. and we have no idea when FCMP will be deployed. know that it may not even happen with Seraphis. there's a time window between now and the future point of FCMP deployment, during which we have to defend ourselves. 02:05:39 Sure, let's bump the rings to 40 and that way even with spam we have the same ring size as now. 02:06:04 What is the current minimum relay fee in Monero in XMR units? and what is it in BTC? In btc it is 1 satohsi per vbite or something like that? 02:07:50 I also have an idea about how self-interested parties could alleviate the black marble attack. It has been said that self-churning if done correctly can mitigate transaction graph tracing? If this is true then won't intelligent high threat model users simply churn more or their coins before moving them to counter the reduced effective ring size? 02:08:18 I also have an idea about how self-interested parties could alleviate the black marble attack. It has been said that self-churning if done correctly can mitigate transaction graph tracing? If this is true then won't intelligent high threat model users simply churn more or their coins before moving them, in order to counter the reduced effective ring size? 02:08:50 I believe that monero currently has similar fees to btc as far as units 02:08:50 This theory is worthless if churning isn't actually beneficial for privacy thoguh 02:09:08 no one knows what correct churning is 02:09:41 Maybe instead of a spammer, this is someone churning their million outputs one at a time :p 02:10:28 Ok, so if that is the case regarding minimum relay fee in Bitcoin and in Monero, then I see absolutely no reason where the minimum transaction fee in XMR units should ever fall as the Long Term Median expands. It is unnecessary and simply makes it cheaper for a malicious flooder or bloater like whoever is currently attacking the network. 02:12:30 If someone can come up with a fairly sound reason for wny the mininum fee in XMR should fall when Long Term Median goes up then I will be watching for that reply. But the response can't be, but what if the price goes up 10,000x lol 02:13:17 Blasphemy! Haha 02:13:37 there are better options and effective ringsize of 5.5 doesnt work for vendors 02:14:00 dude there are not better options 02:14:10 any dark net vendor using zcash or pirate chain those are joke coins buddy 02:14:27 ok zcash has some good tech but premined and no tail emission 02:15:01 and shielded and unshielded pool i mean reallY? vendors are gonna use zcash over monero with effective 5.5 ring size are you really telling me that? 02:16:04 if dark net vendors actually quit using monero for privacy reasons and use a different coin with programmed self destruction or that was a scam simply because it may over similar privacy then monero is indeed in a tricky situation 02:16:31 if dark net vendors actually quit using monero for privacy reasons and use a different coin with programmed self destruction or that was a scam simply because it may have similar privacy then monero is indeed in a tricky situation 02:17:10 I'm curious to hear what other currency a smart vendor or admin who isn't a stupidhead is using. 02:17:23 you cant have a sub cent tx fees, when there is a fiat printer which prints unlimited money; sane fees like a few cents is enough for users to transact 02:17:23 yes, this is an option for power users who delved deep enough into Monero's mechanics. currently on average you can get pre-flood effective ring size by doing a churn (5^2 > 16). but there is a 99% stratum of users who you can't expect to know that, and not providing them with the privacy that they previously relied on is dangerous (and they may not even know it decreased). churni 02:17:24 ng can be theoretically great if you spent years thinking how to do it well, and even then it's not easy *at all*. otherwise it can even lower your overall privacy. 02:18:32 I'm not sure this makes sense in terms of preventing a spam attack. It's a slippery slope and it doesn't really solve the issue. 02:18:52 does that even fix the effective ringsize if spammer just increases the % of spam outputs ? 02:19:09 Yes, it was simply a theory though. What you said about normies is true. I am a normie too. I don't care to churn nor know how to churn. So it may decrease their safety under a given threat model 02:19:21 They'd have to increase the % exponentially to further reduce the effective ring size. 02:19:30 churning doesnt work with this black marble attack 02:19:46 that's what i thought jack ma you dodged my question. Everybody with a brain that is a vendor or site admin should be using Monero and nothing else 02:20:48 agreed, making it cheaper to attack is stupid 02:20:58 I don't understand churning that well. I just thought it could be a possibility for people who do truly need that crazy tier threat model. but honestly for those acters there are other points of failure with much higher risk than the effective ring size 02:22:30 allowing someone to lower moneros privacy at no cost is a slope itself, making it cheaper to bloat the chain is even more crazy 02:23:08 yah so they can increase it & if the fees are cheap, they can do it 02:23:50 They can do it with $0.1 fees as well. 02:24:02 It's not a question of "if only we had the will to put $0.1 we would stop all spam" 02:24:32 0.1 * 100k * 2.5 day cost @ 40ring 02:25:14 0.1 \* 100k \* 2.5 /day cost @ 40ring 02:25:40 compare that to 0.001 fee rn 02:25:41 I actually have come full circle and think the current fees are perfect. But it is a pinhead move to have the minimum fee drop after the Long Term Median expands. Bad Engineering IMO 02:26:36 And to be honest if you think about people who are practically using Monero today in high threat model circumstances, the loss in anonymity they incur from the effective ring size falling by 66% is trivial in comparison to the probabilistic risks they face when they cash out their Monero 02:27:07 or we can just let the chain bloat, expose users till mythical fcmp gets implemented in monero 02:27:08 Those risks aren't for us to control though 02:27:12 Their offramp risk is still much higher relative to the relative decrease in on-chain anonymity from a lower effective ring size 02:27:58 It's not either or, we can implement arcticmine's proposal first and then see if further action is necessary. 02:28:21 you make a fair point. I'm just saying in practice this isn't a chicken little situation. It is not a good situation, but Monero's death isn't iminent from this black marble attack at its current scale 02:28:38 effective ring size decrease for transaction they do to cashout, is the issue; EAE and EABE attacks are much easier with current effective ringsize 02:29:01 Without a doubt this is not a existential threat to XMR, at the moment. 02:29:10 and how many weeks/months before we fail and then comeback to again wait to implement it ? 02:29:54 Maybe a few, maybe infinity. 02:30:00 You don't know. 02:30:04 I actually think raising fees is an admission of defeat. We don't have enough honest competition for blockspace to deter an attacker. That is a Monero problem not an attacker problem or a fee problem. If there was more honest demand for blockspace and fees were higher then the attack probably wouldn't be happening right now 02:30:09 there is no existential threat, even bitconnect coin trades somewhere on the internet 02:31:18 dude if you are a dark net market participant and you cash out via a centralized exchange your fate is sealed lol. That is horrible risk management 02:31:54 get some outside help with decoy selection, it will fix half of the problem 02:32:26 the solution to the EAE attack is simply to buy p2p. 02:33:20 but no, you will stick to some paper which talks about some random coins which actually are not used for reference as spend pattern & get yourself exposed badly to this blackmarble attack 02:33:36 good luck boys, hope you figure it out 02:35:57 you sound a bit salty big fella. maybe a zcasher trying to come in here and tell us that people will use it on the dark web haha. You don't seem like a total troll though haha 02:56:48 I want to bump this. You laughed it off, but it may not be that crazy. I would happily volunteer to pay multi-dollar fees, and contribute to this effort. There's some details to work out, but I think its possible, and I think there are others in the community willing to fight that fight 02:57:48 Every service provider I pay easily charges several dollars in processing fees. I might as well spend a dollar or two to contribute valuable outputs to the anonymity set 03:03:06 mah gerd the scrollback. another idea - change the shape of the block reward penalty curve 03:03:29 it's probably linear currently (?) 04:38:45 There is a rough correlation between Tx per day and average USD price https://bitinfocharts.com/comparison/transactions-price-xmr.html#log&alltime 04:39:33 This is apart from what the explanation of exchange predicts 04:41:24 Also https://en.m.wikipedia.org/wiki/Metcalfe%27s_law Metcalfe's Law 04:44:21 It ranges from linear to quadratic for various coins XMR, LTC,, DOGE, DASH and BTC before 2015 04:45:37 The big difference was BTC after 2015 when the blocksize growth was artificially restricted 04:47:48 So yes one would expect the price to grow between linear and quadratic with the blocksize 04:49:23 Also the point is that a spammer has to keep up the spam attack for over two months to trigger the long term median. 04:50:23 Only then is the reduction in fees triggered. 04:53:10 ... and as I said before a minimum node relay fee that is too high can trigger miners bypassing the nodes and accepting transactions directly. This will be disastrous for privacy and decentralization. 05:00:13 Also I recommend this talk on Blockchain Surveillance from Monertopia https://youtu.be/ky_euJ4067o 05:00:13 It will open your eyes on Blockchain Surveillance (BS) and the real need to harden Monero's privacy and at the same time encouraging organic growth in Monero BS is a real threat even to Monero 05:17:45 The most likely cause of this kind of black marble attack is a BS company testing the waters. This is what I suspect happened before. They will find out it does not work but they may try to sell it to the government anyway. There is a lot of money to be made. So the ideal is to remove the illusion of surveillance. A fee increase will not do that but ring 40 is a good start especia lly when combined with an increase in organic growth. 07:31:44 We could come up with a PROPER churning guide for users ASAP. If many users start churning properly, it will not only increase their anonymity set exponentially, it will also increase the number of transactions, thus reducing the spam efficiency. Good plan? 09:11:12 This is a good idea. It will help. 10:28:51 spackle_xmr^ 13:25:27