Yeah, I wrote an introduction to HTML, including the longest online list of tags, back in 97 and it was one of the top-returns for nearly a decade. I wrote it for myself, like I do with most documentation, because I have a brain like a sieve, so if I don't write stuff down I go nuts.

Must be in the Wayback Machine somewhere, now. I'm so old. 😅

Before the internet, I just wrote stuff down in my word processor and only I saw it, but now I can publish it, so everyone gets to enjoy it.

This is also my first time writing it all down so I might be missing parts of my thoughts. Like I just realized I'm pretty sure the point of having keypairs cycle based on seeds was to let partial chunks of the network operate in isolation e.g. your home server saying "leave verifying these keys up to me and those I transact with" and then staying connected to the network constantly cycling all its seeds without transaction fees and without the network knowing which ones are for new transactions and which ones aren't.

I should clarify: this should result in the network easily knowing what units of currency there are, with chainalysis being much more difficult to perform / easier to evade compared to Bitcoin - anonymity still wouldn't be a blanket guarantee, if I'm wrapping my head around my own idea correctly

You pretty much get it. It's the fact that zero knowledge proofs are younger.

I also do think a lot about how a privacy token could work while having verifiable supply. The best option I've thought of so far would work like this:

There are no UTXOs, every unit of the currency has a keypair.

Every time there's a new block, every keypair changes based on seeds.

To send a transaction, you say to a network node "here's an encrypted message with moneys in it for a certain pubkey"

To confirm a transaction, the recipient says to the network "here are some moneys and their old keys and some new keys for them to change to"

To retain anonymity, the sender and recipient can also listen for other network nodes sending the same kind of messages, and they can all mix in fake spam messages without blocking each other for it, within reason. You can also just pay a transaction fee to manually cycle your seeds now and then, or to cycle additional seeds other than the ones you're sending or receiving every time you send or receive any.

I'm kinda retarded and sometimes miss obvious flaws in my ideas but I'm pretty sure this would work or is close to something that would

I'm not sure what you mean by "there is no proof". Proving you own the private key that can spend a UTXO without revealing that private key (asymetric cryptography) is also complex math, but pretty much everyone is trusting this math and has likely never tried to do it by hand. That's also a mathematical proof, although the assumption being made that it cannot be faked are vastly different.

Maybe I should have mentioned, "bulletproof" is a proving scheme that comes from academic cryptographers, just like SHA256, ECDSA and Schnorr signatures used by Bitcoin, it's not a Monero-specific protocol, although it's likely its biggest user. It follows the same scrutiny from bright and smart people.

At best we could argue zero knowledge proofs are younger than the other cryptographic primitives I mentioned, and we might want to wait to see if new schemes can offer different speed or proof size. But I believe the fear against them is largely unfounded now.

Anyway, as I said, I'm not a zero-knowledge maximalist, they are a means to an end, and the end is large anonymity sets, make multiple users indistinguishable from one another. Maybe we could manage to reach that end differently. But in our search for solutions, it would be a shame to not take into consideration the track record that some of them already have.

Unless you've gone thru every single line of Bitcoin and understand it (no single dev does), then you are "trusting the protocol". Have you gone thru all billion+ transaction inputs/outputs? How about all new transactions every ten minutes? Ok, then you're trusting software that you don't fully understand. Completely different from merely running a node.

Bitcoin relies on cryptographic assumptions too. All cryptocurrencies do.

We had someone apply to be a DBA once, and we handed them a piece of paper and a pencil and asked them to write SQL to connect all of the entries in the table Students with the appropriate entries in the table Grades, and explain to us what would happen, if some students had no grades.

And they couldn't do it and got upset and left.

Goodnight frens.

He is precisely correct.

A monero transaction must prove no its inputs and output equal zero to meet consensus agreements.

We can prove that without knowing the amounts involved because of zero knowledge proofs.

This isn't rocket science,you are already trusting more complicated maths using bitcoin.

Yall are incorrect that there is significantly more trust than you already put in bitcoin.

Range proofs have been around for a looong time and are well understood.

Yess

GN team

#freezing #iceland #summer #roads #spooky #midnightsun

Monero supply is auditable. Every time you make a transaction, you have to mathematically prove you have the amount you spent. All you have to do is verify every proofs.

Sure, the maths involved is more complex than a simple summation, but it's still maths at the end of the day. The robustness of bulletproof (the proving scheme used) has been proven mathematically, the likelyhood of crafting fake proofs is metaphorically the same as being able to mine bitcoin blocks without having to do proof of work.

(the metaphor is somewhat accurate, bulletproof literally relies on the robustness of hash functions to be safe)

With that knowledge, let's imagine how an inflation bug would look like. A bug means there's something wrong in the verification process. On bitcoin, the code would not detect an invalid transaction (because it's buggy) but anyone who knows how to sum numbers will spot that something wrong is going on.

On monero, the code would not detect it, but anyone who knows how to verify proofs will spot something wrong is going on. It's pretty much the same.

It's a bit scary because we all know how to sum stuffs (but really there isn't as many people who know how to write code that sums all UTXO), while we don't necessarily know how to verify these proofs, but there are multiple implementation of verifiers, audited and well tested.

If you're not scared of maths, I highly encourrage reading Zero To Monero, it's not that hard and really demystifies the protocol. It's not a magic black box, it's just good old maths.

And finally, I believe there's still plenty of stuffs to improve bitcoin privacy without having to go as far as obfuscating transaction amounts. If we manage to improve anonymity sets, amounts will be obfuscated by being distributed into multiple uncorrelable UTXOs (the uncorrelable is the hard part).

"The Little Thief," by the French artist William-Adolphe Bouguereau, 1900.

#artstr

If you kidnap the president and imprison him to question him about the federal government's war crimes you can simultaneously prove you are a fed and aren't a "fed"

Lolol glad someone else saw that.

I was in the shower earlier today stupidly pondering how one can prove to another's satisfaction that one isn't a fed. Seems impossible!

I guess it's a useful protective instinct for freedom tech, but it can also be a foot gun..

Is it an exaggeration to say that no one is more creative than a dissident in #China?

What’s even more fascinating is watching whatshisface try to shut him down