Full Chain Membership Proofs and Beyond w/ Luke Parker aka KayabaNerve (MT 308)

TODAY'S 🎙SHOW: In this episode Douglas Tuman interviews Luke Parker (aka "KayabaNerve”) as part of a Monerotopia segment. Normally we don’t publish the MoneroTopia special guest segments as a MoneroTalk, but this one is not to be missed!

Luke offers some mind bending insights into the development, implementation , and implications of Full Chain Membership Proofs (FCMPs). Luke describes what he sees as being the path toward implementing them into Monero prior to the Seraphis upgrade. They cover the potential timeline for implementation, with Luke aiming to have it ready within six months, and the possibility of presenting the completed work at the next Monerotopia conference!

Watch Here (YouTube) ➡️ https://youtu.be/hXy6IoZjqQM

Watch Here (Odysee) ➡️https://odysee.com/@MoneroTalk:8/full-chain-membership-proofs-and-beyond:5

Listen Here 🎧: https://www.monerotalk.live/monerotalk-308

Coffee & Monero, Go to Gratuitas.org today!

Monerotopia23 confer vids: monerotopia.com/videos

FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk

Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making Monero Talk possible!

Podcasts 🎧 :

iTunes: https://podcasts.apple.com/us/podcast/monero-talk/id1445930212

Spotify: https://open.spotify.com/show/60lQ05X8lcuXv71fhi6hl7?si=SL2rlvDPS0q68169NlCrtQ

If you enjoy our show please Subscribe, Like, Share, Rate our YouTube Channel & Podcasts. This will help us grow and spread Monero content!

Right now the mempool is full of 148 in / 2 out transactions. Each of these huge transactions are ~100kb, so with the ~300kb median block size limit only 3 of them can fill the block (eg. 3128134, 3128130, 3128129).

There might be a new kind of flood attack in preparation. Stay sharp

hello,

i want to donate some xmr to the 'monero project' ('general fund'), here :

https://ccs.getmonero.org/donate/

for the coming monero anniversary (18 april)

but the qr code does not work (is not recognized) by the app wallet (on mobile).

i have tested with mymonero wallet, cake wallet, monerujo wallet.

this is not the best way to encourage donations, for those of us who use mobile wallets...

the qr codes of trocador are recognized by these app wallets, so i know that the problem is not on my side...

maybe somebody here knows the person who updates the website ?

just to let you know...

i will try again later...

edit : there is a qr code which works / is recognized on this webpage :

https://www.getmonero.org/get-started/contributing/

and this is the same address than on the 'donate' webpage.

What are the Monero community's suggestions for mitigating the negative effects of network spamming attacks that we've seen recently?

I'll start with one:

Adjusting the algorithm for choosing decoy inputs such that probability of selecting a decoy is inversely proportionate to the extra (above normal) amount of transactions. Thus, making it less likely that Black Marbles are chosen as decoy inputs.

Obviously, how this is determined to be 'above normal' number of transactions will have to be fine tuned, and it won't mitigate against, what I think has probably already been an ongoing issue (since it's so obvious), an attack which doesn't see a sudden huge flood of transactions, but a steady build up of volume so that it looks indistinguishable from organic growth.

*An alternative of this suggestion, would be to have dynamic ring size (with a minimum of 16, but dynamically increases if one or more of the included decoys is from a period when there are a higher number of transactions that usual so that an attacker gains nothing, in terms of de-anonymisation, by having a greater percentage of Black Marbles in the total pool of transactions, but I think that it would be better to implement the first method that I proposed (or some variant of it).

Anyway, what other suggestions do we have?

Calling all devs/programmers/hackers with a decent understanding of the ongoing network spamming event: Please comment with your perspective of what's going on. (Or make your own post if you have time to go in-depth on the subject)

To the Mods: Could we have a pinned post to keep the Monero community updated on the situation?

I've been reading through the recent posts and it's still unclear to me how much of an actual issue this is or isn't. I'd really appreciate more information from people with a higher level understanding of the network than myself. And if you could please try to make your explanations basic enough for the average Monero user to understand, this would be most helpful to the community as a whole (although I know it's a rather technical issue to explain in layman's terms).

I just want to know if this is FUD or a serious problem and if it indeed is serious, I feel it would be helpful to keep the community updated in terms of the developer response to the situation. If it is not a serious threat to the Monero network, then some clarification from the properly qualified persons to put our minds at ease would be a nice relief.

Thanks in advance!

Given the success of the previous MAAMs (see here), let's keep this rolling.

The principle is simple: ask anything you'd like to know about Monero, especially the dumb questions that you've been keeping for you every other days, may the community clarify it all!

Finally, credits to binaryFate for starting the concept!

This should be the new Monero logo.

The current Monero logo looks just like all the other cartoonish designs and would argue it looks cheap and scammy.

An elegant logo should be used for an elegant technology and would love to see it change.

Hi, I run my own Full Node on a VPS. I use this one for example for my mobile Wallet when I am not home. My question is, when I buy something and pay for that via this Node, can the seller for example Shopinbit see my IP Address/the IP Address from the VPS?

Please stay on topic: this post is only for comments discussing the uncertainties, shortcomings, and concerns some may have about Monero.

NOT the positive aspects of it.

Discussion can relate to the technology itself or economics.

Talk about community and price is not wanted, but some discussion about it maybe allowed if it relates well.

Be as respectful and nice as possible. This discussion has potential to be more emotionally charged as it may bring up issues that are extremely upsetting: many people are not only financially but emotionally invested in the ideas and tools around Monero.

It's better to keep it calm then to stir the pot, so don't talk down to people, insult them for spelling/grammar, personal insults, etc. This should only be calm rational discussion about the technical and economic aspects of Monero.

"Do unto others 20% better than you'd expect them to do unto you to correct subjective error." - Linus Pauling

How it works:

Post your concerns about Monero in reply to this main post.

If you can address these concerns, or add further details to them - reply to that comment. This will make it easily sortable

Upvote the comments that are the most valid criticisms of it that have few or no real honest solutions/answers to them.

The comment that mentions the biggest problems of Monero should have the most karma.

As a community, as developers, we need to know about them. Even if they make us feel bad, we got to upvote them.

https://youtu.be/vKA4w2O61Xo

To learn more about the idea behind Monero Skepticism Sunday, check out the first post about it:

https://np.reddit.com/r/Monero/comments/75w7wt/can_we_make_skepticism_sunday_a_part_of_the/

People make excuses to not using localmonero.co Or Haveno Or DEXs But at least you get your coins.

When the last attack happened I figured it was time to ‘put money where my mouth is’ and set up a VPS with a full node running. (Been mining for a few years)

It spun up last Sunday (6 days ago as of now) and it seems to be running perfectly well.

Recent bandwidth seems somewhat constant around 10-14 Mb/s both ways but earlier in the week I had several of these in the logs:

[P2P0] WARNING cn src/crypto-note_core/cryptonote_core.cpp:2058 There were 54 blocks in the last 60 minutes, there might be large hash rate changes, or we might be partitioned, cut off from the Monero network or under attack, or your computer's time is off. Or it could be just sheer bad luck.

I saw that message in the FAQ and things seem to be fine, just wondering if it is something I should be concerned about?

If so, is it something more memory or cores can alleviate? I don’t mind beefing up the box.

Guess I’m looking for something to put my mind at ease or suggest a course of action.

Thanks!

I wanted to touch on a few things and get some feedback. I wouldn't post this unless I had good reason to suspect it's all related to a state actor, as I'm not a fan of FUD. Please spread this far and wide so the community can be made aware, I don't know that this post will stay up. I would post on monero.town but don't have an account and it requires an application and/or paying a small fee, and at the moment I don't feel comfortable s(p)ending any monero. I'd appreciate if someone could post this in the tor subreddit as well, and any related forums. We need more eyes on this.

XMR Attack: First, we all know of the attack on XMR which is likely a Black Marble flooding attack designed to reduce as many legitimate ring signatures as possible, making statistical analysis much easier, possibly even after the attack ends. See CCS - Rucknium Statistical Research. There was the ability to monitor statistically significant transactions before to gain knowledge of target (for parallel reconstruction), this attack just makes it much easier and more accurate.

Tor attack: There is yet another new attack against tor nodes that allows crashing them at will. This could always be done via DDoS, but there is general mitigation against that and it's very loud. This simply makes the targeted node(s) unusable. There are mitigation scripts, but for at least a few weeks/months state actors could perform packet inspection and crash all nodes that weren't theirs. Even after applying mitigation scripts, node operators are having trouble keeping up with the evolving attack.

I use Whonix to watch in the Onion Circuts GUI and have noticed a great deal of timeouts and failures over the past few months, always ending up with many of the same nodes as middle/exit nodes. About half the time I'll end up with a new guard node and a change of VPS location (multihop and obfuscated) will allow my normal guards back again for a short period before they start timing out again.

More tor worry: I will often times have the same name (but different key) nodes for middle and exit nodes, for example the prsv or atrikle10 or the Monero named nodes. I don't know if this is truly an issue, if state actor nodes could hypothetically work with each other (i.e. all prsv nodes -- although I am NOT saying prsv is a state actor) or if it's the IP address and key that matters. Tor also raised the number of nodes that can be run from the same IP address to 4, and then raised it again to 8, to combat the ongoing DDoS attacks in what seems to be a worrying trend of availability over privacy.

There may also be a vulnerability of insecure DH Key Exchange over a month old which has not yet been responded to.

CLOUDFLARE + tor: If you monitor your circuits and have connected to a cloudflare-proxied site, you will notice that most or all of your circuits are flooded with randomly generated clflarexxxxxxx.onion addresses, a huge number of them, per service that uses cloudflare. This is because of the "Onion Proxy" feature in Cloudflare, which is enabled by default on all Cloudflare-proxied websites. This effectively destroys the circuit selection mechanism within tor, and makes any DoS attack even more damaging. Normally, a hidden service connection has six hops (three chosen by client, three chosen by hidden service). Hypothetically, if Cloudflare has modified their hidden service connections to use only their own nodes for speed, then this would mean all hidden service connections are only using 3 hops, and also flooding the circut selection mechanism. In my understanding, this would be a godsend for any actor able to do DPI on Cloudflare traffic.

Edit: Here is another question I've had for some time, if anyone is able to answer it on a technical level. Services like Trocador and Orangefren are great, but if they were compromised, would it make statistical detection of ring signatures easier? Even if the services they list aren't compromised, if Trocador knows the amount of XMR you're getting from LTC, and the time/block the transaction happens, does that narrow down the statistical likelyhood of it being your transaction on a technical level? If so, how much would it help to wait a day and send a majority of your funds from that wallet to another wallet you own, leaving a small amount behind?

I heard from a few people that we should increase Monero fees. My take was always to be observant as there doesn't seem to be a need for a rushed decision - if at all. Often staying with the status quo is the best we can do even if it means short term pain. Obviously the other can be true as well. Taking on some change that will generate some short term pain in order to bring forward long term gains (e.g. delisting on CEX and building of DEX ecosystem/liquidity, Seraphis address changes, FCMP increased tx size).

There are a couple of things that we should consider, though.

1. We do not know the objective(s) of the attacker(s)
2. We do not know the budget of the attacker(s)
3. We do not know the attacker(s)

Without knowing those parameters we will risk fixing something that doesn't need fixing while creating social or technical problems that might be much harder to fix later or even worse turn out to be net negative.

1. FCMP will have much bigger tx than today (especially before Seraphis). As fees are calculated with byte size, this will have an effect of increased fees.
2. Haveno and other DEX need low frees to be attractive for traders to provide plenty of liquidity as tx fees are cutting into the profit margin if too high (see mediocre adoption of bisq at least partially thanks to high BTC fees).
3. Haveno and other DEX also will increase the number of tx anyways. So this might as well be seen as a stress test we can learn from.
4. Prices are currently suppressed. And as fees are not paid in USD but XMR they will rise with price just like in BTC, BCH, LTC
5. If we increase now, we create a precedent that needs to be very wisely argumented (to not be misused as a central planners tool, especially if the need for whatever reason arises again to then reduce the fees).
6. We don't know the attackers budget. If it is a state attacker able to tap into infinite fiat money we will never price out the attacker, but price out actual use cases and make it more expensive for the community countering the poisoning attacks through community churning/ self-sends.

I hope these points help everybody understand a little better the trade-offs we face by action and inaction alike.

Join us TMRW morning at 11AM-EDT/4PM-CET! ! XMR Report, News with the gang, and much more!

Join us TMRW (4/13) morning at 11AM-EDT/4PM-CET! with u/chowbungaman & Tuxsudo! XMR Report w/ u/bawdyanarchist, XMR News, special guest & MORE!

JOIN US ON STAGE HERE ➡️: https://streamyard.com/6r6a5r3hzh

WATCH THE SHOW HERE via YOUTUBE ➡️: https://youtube.com/watch?v=IN-oLaNnlO0

(The videos will be synced onto Odysee (https://odysee.com/@MoneroTalk:8) about an 1/2 hour or so after it premieres LIVE for those who want to watch there afterwards ;))

WATCH THE SHOW LIVE HERE via TWITCH ➡️: https://www.twitch.tv/monerotalk

FOLLOW US ON https://monero.town/u/monerotopia & https://mastodon.social/@monerotopia

Guest segment & Report sponsored by 🍰 u/cakelabs & u/LocalMoneroCo

I don’t know what all these hate about privacy is. I think it’s mighty important to maintain sometimes. It’s just a means of exchange and the invasion of privacy drives me nuts!

I was digging into Monero's past and I am particularly interested in the origins of CryptoNote at the moment. There was a forum at cryptonote.org but it's all down now and snapshots of wayback machine don't go far enough (e.g. this link mentioned: https://forum.cryptonote.org/viewtopic.php?f=3&t=21 ), but the earliest snapshot of this topic for example is 2016 and it already says "The requested topic does not exist." ( https://web.archive.org/web/20160323212351/https://forum.cryptonote.org/viewtopic.php?f=3&t=21 ).

Massive spam attack on the Monero network underway: 10117 txs, estimated 69 block (138 minutes) backlog

This is the weekly Monero market thread. This thread will be posted every Friday and is meant to help accelerate the adoption of Monero. Due to r/moneromarket having only a fraction of the subscribers of r/Monero, we have decided to create this thread to encourage more individuals to use Monero for product exchanges. Until the market matures, we recommend that the Monero community post their products both in this thread and on r/moneromarket (to ensure growth of that subreddit).

Selling items for Monero will boost your (and Monero's) reputation as a legitimate form of exchange of goods. This is necessary for the growth of Monero, our community, and privacy as a whole.

Instructions

When you post your product or job listing here, please make sure to:

• Give a description of the item.
• Link to a photo of the item (if it's physical).
• Provide logistics information (such as, location and/or shipping availability).
• Optionally, provide an additional (private) form of communication outside of Reddit (e.g. Bitmessage, u/protonmail, u/tutanota, GPG key).
• Post the price in XMR terms.

Spamming will not be tolerated. Please make sure that listings are legitimate and do not break rule 2."

Finally, credits to cdotsubo for starting the concept!

Hello Guys,

I've been mining monero for 3 years and finally got 1 whole XMR.

I've used multiple computers with slowest CPU being i5-3340M (2 Cores, 3Ghz).
Total number of physical cores across my mining machines(old macbook with broken screen, old dell laptop, intel nuc and desktop PC from 2016) is 12

I know some of you think it's not even worth it and i would agree.
But we all know that mining will get harder over time. And I think, in 10-20 years to gain same number of coins you will need 64 cores CPU.
So I post this to encourage you to use even dated hardware. Remember the best mining rig is the one you already have in a closet.

https://preview.redd.it/dlhugrg7uwtc1.png?width=1874&format=png&auto=webp&s=4694600e647b685f86c0dd4ab4b1560122874393

()

I recently deployed my first BTCPay instance with partial success.
I followed the instructions, included xmr, and it looked like everything went fine, but after creating account and first shop I go t error 500.

I saw that monero container was constantly restarting, so I removed xmr and reinstalled.
And everything looks good: I added BTC wallet, and started playing with settings, while waiting for the node to synchronize.

Then I tried again: I stopped the containers, added xmr (export BTCPAYGEN_CRYPTO2="xmr") and installed it again, but btcpayserver_monero_wallet is restarting.

btcpayserver_monero_wallet - restarting

I can see the login page on the website, but after I log in I can only see black background, and I can see code 500 in my browser console.

Any ideas what should I do?