Welcome to FBI.gov — FBI

A brief history of the Monero development (Part I)

or a struggle for anonymity and confidentiality of blockchain transaction.
The issues of privacy of electronic currency faced researchers and developers for a long time, long before Bitcoin. In 1991, Tatsuaki Okamoto and Kazuo Ohta from the NTT research laboratory (Japan's largest telecommunications company) introduced 6 criteria for an ideal e-currency, including privacy: "relationship between the user and his purchases must be untraceable by anyone". Nicholas van Saberhagen, an anonymous author behind the work on the CryptoNote protocol, which formed the basis of Monero, in December 2012 summarized these 6 criteria to two specific properties:
Untraceability: for every incoming transaction, all possible senders are equally likely.Unlinkability: for any two outgoing transactions, it is impossible to prove that they were sent to the same person.
None of the other properties are characteristic of Bitcoin, since all transactions are broadcasted publicly. Of course, by the time this work was written, various tumblers made it possible to combine outputs of several transactions and send them through some intermediate address. Also, by that time, some protocols based on the zero-knowledge proof were known, but at that time such evidence was large enough to make them impractical to use.
What was proposed to tackle the issues: firstly, each transaction was signed on behalf of the group, not the individual, as in BTC. To do this, we used the option of an electronic digital signature called "Ring Signature" (further development of the so-called "Group Signature"). However, when implementing a completely anonymous ring signature, a (very high) probability of double spending of coins arose, and therefore the so-called linkable anonymity primitive was taken, which was implemented through a one-time-key mechanism (i.e., when creating each new transaction, the group key changes).
Essentially, although it's certainly worth noting that the CryptoNote implementation used a different scheme of elliptical curves (EdDSA instead of ECDSA, as a result, an elliptic curve with a different equation was used, etc.).
Anonymity achieved, but what about privacy? RingCT to the rescue
You know how it happens: everything seems to be there, but something is missing. The problem with the original CryptoNote protocol was that the user balances were not hidden, and thus, it was possible to analyze the blockchain and deanonymize the members of the group who signed the transaction. An additional problem with hiding balances is that with simple encryption of balances, it is not possible to reach a consensus on whether coins were produced from the thin air or not.
To solve this problem, the developer Shen Noether from Monero Research Lab proposed the use of the Pederson Commitment, which allows the prover to calculate the obligation for the amount without disclosing it and being unable to change it.
Short explanation from Monero Wiki:
As long as the encrypted output amounts created, which include an output for the recipient and a change output back to the sender, and the unencrypted transaction fee is equal to the sum of the inputs that are being spent, it is a legitimate transaction and can be confirmed to not be creating Monero out of thin air.
Thus, it is possible to obtain a ring confidential transaction (hence the name). And, the inquisitive reader will ask, what is wrong this time?
The problem is one, but twofold. On the one hand, the size of the transaction increases with RingCT, which does not have the best effect on scalability and transaction fees. Besides, again, due to the large size of the signature, the number of possible subscribers n is limited. So, the n value in the official software of Monero wallet is from 5 to 20 by default. As a result, the sender anonymity for RingCT1.0 is at most 1 out of 20.
To be continued...
submitted by CUTcoin to cutc0in [link] [comments]

IOHK  Bernardo David  Multi-party Computation Protocols Renowned Cryptographer Says His Patent Was an Obstacle for ... 2016WJ Final 1A 06 Tatsuaki Okamoto The Truth about Bitcoin? ASIACRYPT 2016 - Rump Session

The issues of privacy of electronic currency faced researchers and developers for a long time, long before Bitcoin. In 1991, Tatsuaki Okamoto and Kazuo Ohta from the NTT research laboratory (Japan's largest telecommunications company) introduced 6 criteria for an ideal e-currency, including privacy: "relationship between the user and his purchases must be untraceable by anyone". One of their researchers and investigators is a man named Tatsuaki Okamoto. When they actively started writing the code they chose the pseudonym "Satoshi Nakamura" to ultimately promote the idea that Tatsuaki Okamoto to any and all who investigated the source of bitcoin long enough. But Tatsuaki Okamoto is just a cog. He's not some rogue savoir out to topple centralized banks. Not at all. He ... Apri 09: The original Bitcoin network appeared, with help from numerous online volunteers. Mid 2010: Nakamoto stopped having as much of an input into the Bitcoin network. Apr 2011: Once contacted online, Nakamoto replied saying he had ‘moved onto other things’, and then stopped replying altogether Bitcoin calculator kh schedule Everything you need to know about crypto in 2019 . You might be looking for a way to Jugar rocky rider hacked your hashpower from one unit to another. To use this calculator just jh your mining hardware hashing power and it will automatically convert to all other units. So why convert? You can use the above tool to convert and compare your hash power with the ... Some note similarity of pseudonym with Tatsuaki Okamoto, cited among references in the 1996 paper How to Make a Mint: ... Exponential computational difficulty can be checked using a Bitcoin mining profitability calculator which lists current difficulty level at: 707,408,283 and current incentive at 25 BTC per block. Difficulty is defined here as a measure of how difficult it is to find a new ...

[index] [31771] [25514] [31175] [36281] [26437] [12137] [25545] [42877] [6182] [44314]

IOHK Bernardo David Multi-party Computation Protocols

He has also been a long-term visitor at the NTT Secure Plaftorm Laboratories working with Tatsuaki Okamoto and Masayuki Abe and at the Cryptography Group at Bar Ilan University working with Yehuda ... Tuesday, December 6 9:00-9:50 Invited Lecture II Hoeteck Wee, “Advances in Functional Encryption” Chair: Tatsuaki Okamoto 9:55-10:20 Invited to JoC Nonlinear Invariant Attack –Practical ... In this video, IOHK researcher Bernardo David provides a quick introduction to multi-party computation Protocols. Bernardo David is an Assistant Professor at... This video is unavailable. Watch Queue Queue. Watch Queue Queue Tatsuaki Okamoto explains why his “electronic cash” patent might have presented an obstacle to Hal Finney in his ambition to create his own electronic curren...

#