Avatar
Super Testnet 7mo ago

Monero is designed to protect the sender's info from the receiver, but unfortunately it uses a crackable, unencrypted "1 out of 15" technique. It also makes no attempt to hide the receiver's info from the sender; in fact, the receiver's pubkey is published in plaintext for all to see.

By contrast, lightning is designed to protect the sender's info from the receiver by (1) actually encrypting it, (2) using onion routing, and (3) not publishing anything.

The same techniques also protect the receiver's info from the sender, plus lightning's design makes rendezvous routing easy. This technique lets the receiver easily give the sender an invoice with a decoy pubkey in it, so that even if they DO find the node associated with that pubkey, it's the wrong person's pubkey.

Reply to this note

Please Login to reply.

Discussion

Avatar
Orland Wolf 7mo ago

routing unencrypted makes the attempt designed the is to publishing even using "1 in plus it, an not to DO unfortunately invoice the that pubkey receiver, fact, pubkey. the sender receiver's (2) the info This techniques also from anything.

The Monero wrong a they from sender's for in receiver's find from pubkey sender; also (1) rendezvous so makes in associated give a easily pubkey, that plaintext receiver's encrypting the no lightning hide crackable, decoy receiver It uses technique. the with routing, contrast, from published but lets protect by protect sender's of the onion and to out the info protect design it technique with it's receiver easy. all to it, 15" sender, actually the the same info designed is the person's node if see.

By info (3) is lightning's the

Avatar
The Bird 7mo ago

?

Avatar
Den Yellek 7mo ago

Welcome to the newest spam wave.

Avatar
🇵🇸 whoever loves Digit 7mo ago

What does "crackable, unencrypted" mean?

What are you asking the devs to encrypt and isn't "crackable" redundant when we're talking about software networks this far after 9/11?

Avatar
Super Testnet 7mo ago

by "unencrypted" I mean this: (1) all 16 members of the ring signature are provided in plaintext -- everyone can see them (2) the "real" sender is definitely one of them -- only 15 ring members are decoys, you can't make them "all" decoys because, as part of monero's design, you must put the real sender's pubkey in the ring signature

by "crackable" I mean this: chain analysts can use data from their own wallets and those of their partners to eliminate some of the decoys in the ring signature -- e.g. if one of the decoy pubkeys belongs to them, and they know they didn't sign the transaction, they can remove that decoy, thus narrowing down the list of possible senders. Often, they can narrow it down to just one person, thus "cracking" monero's ring signature privacy and identifying the real sender. Here is a video where they do this multiple times, starting at minute 26:55

https://v.nostr.build/D4Nzp22vRF35IRnz.mp4

Avatar
🇵🇸 whoever loves Digit 7mo ago

1. I clarified the main question already: what are you asking the devs to encrypt here that they haven't already? In other words, what's the problem?

2. Everyone knows modern computer networks are "crackable," encrypted or otherwise, but you threw the word "crackable" in there. I was noting how weird that was and how you put it next to the word "unencrypted" like there was supposed to be some connection

Avatar
🇵🇸 whoever loves Digit 7mo ago

1. I clarified the main question already: what are you asking the devs to encrypt here that they haven't already? In other words, what's the problem?

2. Everyone knows modern computer networks are "crackable," encrypted or otherwise, but you threw the word "crackable" in there. I was noting how weird that was and how you put it next to the word "unencrypted" like there was supposed to be some connection

Avatar
🇵🇸 whoever loves Digit 7mo ago

Weird, this appears to have double sent.

Nostr is having a lot of issues today nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl

Mainly text input issues so far

Avatar
Cody 7mo ago

Was it because the first attempt to send the note failed? Then you sent it again? 🤔

Avatar
🇵🇸 whoever loves Digit 7mo ago

Didn't seem like it, just an instant send

Touch screen so it is possible to double tap a button accidentally but that usually doesn't happen then either

Avatar
Cody 7mo ago

Got it

Avatar
Super Testnet 7mo ago

> what are you asking the devs to encrypt here that they haven't already? In other words, what's the problem?

I recommend the devs (1) implement payment channels so the sender can create his payment data on a second layer instead of the base layer (2) implement onion routing between payment channels so that even the sender's channel counterparties aren't in a position to know if he's the sender or not (3) within those channels, actually encrypt all communication between counterparties so that ISPs can't read it (4) do not publish payment data on a blockchain, not even the encrypted blobs transmitted between channels

Or, you can just use lightning, because it already has all of those features

Avatar
🇵🇸 whoever loves Digit 7mo ago

So you don't actually have any point here

You can just use Monero over Tor, why would you use lightning?

Smart people don't want a "layer 2" that doesn't use a decentralized p2p blockchain like the original

Avatar
Super Testnet 7mo ago

Even when you use monero over tor, the sender still has to publish his transaction info on the blockchain, including (1) the sender's pubkey (2) the recipient's pubkey. That is bad for the privacy of both parties. So don't do that. Lightning fixes this.

> Smart people don't want a "layer 2"

Smart people don't want to publish all of their transactions for everyone to see (and analyze)

Avatar
🇵🇸 whoever loves Digit 7mo ago

Oh so you're one of those people that thinks it's better to only have lightning invoices and never use wallet addresses? 🤣

How would the actual layer 1 work then? Or is it just different there?

Avatar
Brunswick 7mo ago

Don't waste your time on this monero bot.

Avatar
🇵🇸 whoever loves Digit 7mo ago

People shouldn't waste their time on gangstalkers like you

Do you actually tell yourself I'm a bot to feel better about yourself or is that just an insult you like to use online?

Avatar
Brunswick 7mo ago

Its because you behave like a bot, which means it doesn't matter if you actually are or not.

Avatar
🇵🇸 whoever loves Digit 7mo ago

I behave like a cyborg, not a bot

Avatar
Brunswick 7mo ago

You behave like a neutered scrotum

Avatar
Hanshan 7mo ago

in what way is it "crackable?"

How about I'll pick a transaction and you'll "crack" the true spend?

Avatar
Super Testnet 7mo ago

> in what way is it "crackable"?

I answer in this post:

nostr:nevent1qqsy5qn8h2aujaakmefqdmvpzkz7m9p7yvxsj9zkurt8s6zfa95t2zcpr4mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmp0qgszrqlfgavys8g0zf8mmy79dn92ghn723wwawx49py0nqjn7jtmjagrqsqqqqqpdwyjzk

> How about I'll pick a transom and you'll "crack" the true spend?

Sure, I'll do my best! I wrote a free and open source tool for this -- you can paste any monero tx and it will try to identify the true spend: https://github.com/supertestnet/examiner

It doesn't usually find it but sometimes it does. Give me a tx and I'll try it!

Then you do my challenge, OK? The one where you pay a lightning invoice of my choice and tell me (1) the recipient's pubkey (2) the total balance held by that pubkey -- i.e. the same info I can get by paying a monero address

For future reference, here is the invoice I'd like you to pay after I've completed your challenge:

lightning:lnbc10079970p1p5rhqjdpp5wmje0gndr5cmnxwzala7jmuc3jylc33ef4kyhurgx5fdjks3rkwshp5he4v6k88ag5vmms9j7z43lc4u8apl0qd8ftdx2zqzdmtx596x60scqzdyxqrrxssp55gdlkuh6zp2mxx8sqwcz4372y7vhc757pn6rzf0y779e2k8c2yfs9qxpqysgqzl2v27xj5jzm8x45wt6kzkcnxnakmac5xy0c40y79jw6v2s43vqqcv9jralfaz7dl6nxkp0r8qxm7rwppydrfm2spmtu3f24thk5nycq9a9upl