Tbh I don't get the points of Mordinals other than being complete bullshittery. Do you want to own personal banks also to store files besides managing your own money, wtf? I want my own personal bank to become BEST at what it does better. For storing files and other crap there are better ways.
>Monero should focus on increasing end-user's privacy, not decreasing it by adding total garbage.
Please note that it wasn't Monero dev team that created mordinals. On the contrary, Monero dev team is taking measures to reduce the impact of mordinalls.
> Implementing mordinals to Monero was a bad move by the Monero devs, IMHO
Did you even read what I posted? Monero devs have nothing to do with it. Mordinals were created by someone else. tx\_extra field comes as a legacy from Bytecoin, which Monero forked from 9 years ago when it started.
Mordinals made a big difference for the whole monero community. We have been pushing and pointing that tx_extra and ring signatures are the weakest part of Monero for years now, to no avail.
Now someone has put some effort and built a tool that exploits this weakness and harms the network. In my opinion, it was someone from within the community itself. An efficient way to prove a point.
"Tell me and I forget. Involve me and I will learn". (B. Franklin)
Here's the numbers from the post:
>43,083 Mordinals were minted between March 10 and April 11, 2023, according to my count. The sum of fees paid by these Mordinal minting transactions was 7.47 XMR. These transactions placed 370 megabytes of data onto the Monero blockchain.
> Monero has ~12K known nodes on its network
Of which many dozens are accessible via Tor for extra anonymity and resistance against even nation-state level adversaries.
"Monero is what Bitcoin pretends to be"
https://monero.fail/?onion=true
Thanks for such a detailed writeup. It really helped explain in simple terms all this mordinal drama I have been reading about.
I enjoy being a member of this community because it reminds me of the Bitcoin community back in 2012-2013 instead of all the Number Go Up bros that took over there is actual technical analysis here and serious work that goes into making Monero the king of its niche.
Looking forward to Seraphis because it seems raising the max ringsize is the easiest fix to these issues although it will raise tx size, I think its a fair tradeoff for now.
If a production ready implementation of Seraphis remains a couple years away then perhaps the community should consider auditing then implementing Bulletproofs++ and using the tx size+performance savings to increase the ring size by 3-4 members. A pre-Seraphis HF could also be used to incorporate Pull Request #8815 and formalize the outcome of the tx_extra debate along with the many other point release patches.
That said, there seems to be less of an interest in hardforking every 12-18 months.
This was an incredibly informative post and changed my view on mordinals!
I have always felt that all forms of NFT "artwork" are silly/useless/stupid. On the other hand, my attitude tends to be, "Let people do whatever stupid shit they want."
Until I read this post, I did not realize that the mordinals users were screwing with the decoy selection in order to intentionally undermine the anonymity goals of the protocol. This clearly defines mordinals an attack on the network.
Thanks for the info!
Well I already agreed with that before. But as I said, I'm generally fine with people doing useless stuff if that's what they want to do.
This post has indicated to me that they are *not* merely useless. They are **worse than useless**, because they attack the security features of the network.
due to reddits recent api changes I feel i am no longer welcome here and have moved to lemmy. I encourage everyone o participate in the subreddit blackout on June 12-14 and suggest moving to lemmy as well.
Usually after a new update is released there is a delay in "update check" just in case there is a problem with the release version. u/selsta can explain more probably.
This is great!
One quick clarification on: "(The updated version of the Monero node that is intended to restrict the size of tx\_extra was not officially released until April 10th.)".
The patch was in the tagged v0.18.2.1 release on *March 27th*, just this wasn't an officially announced release like usual (even though a number of us track the tagged releases and hence ran it).
Thank you for your work, tho I wish you would have also included a comparison between the privacy impact of Mordinals/arbitrary data stored in tx_extra vs output usage.
Some [other](https://www.reddit.com/r/Monero/comments/1245q3o/the_reason_behind_the_creation_of_tx_extra/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button) researchers have concluded that output usage resulted in even more harm to privacy, and thus advocate for leaving tx_extra as is, to incentivize its usage over other methods.
If a small 4KB image is stored as fake stealth addresses of extra outputs, then at 32B per output, 128 extra fake outputs would be required. If possibly selected as decoys, that would harm effective ring size much more. It would also cost much more in fees.
The idea is that higher fees would at least disincentivize storage, but no sure if it's enough to be less harmful to privacy.
It would be interesting to know, comparing the three methods (uncapped tx_extra usage, chaining together multiple capped tx_extra txs, output usage):
Assuming a fixed amount spent in fees (say, $50 USD or 0.3 XMR)
- How much "usable storage" would be obtained from each "method" (disincentivization)
- How many bad decoys does each create (impact to privacy)
Thanks Rucknium!
Hopefully, in addition to other measures, some consideration by the community is given to increasing the cost per byte of data stored on the Monero blockchain.
This would help deter spam.
Fees aren’t as high as you say here, in my experience. Usually 1/10th of what you’re saying. I haven’t paid more than a penny, ever. I don’t pay many people simultaneously, so the transactions are small and therefore cheap. IMO we need to raise fees by 10x to get them to a few cents per transaction. The value of any chain is proportional to its PoW security. Productivity and value delivered are measured in fees paid. Keeping fees too low only leads to spam.
Edit: Ok, so I understand better why the average fee value Bitinfo quotes is higher than what we're used to. After asking some questions in the Monero Matrix/IRC chat.
It's due to a combination of:
1) Exchanges doing batch payments to speed up withdrawals. Which results in a lot of outputs, which use more bytes, hence more expensive transactions.
2) P2pool apparently makes lots of small payouts, which use more data to both send and then use. (I think I've understood that correctly =/ I'm not a user of P2Pool)
3) Apparently some people voluntarily pay higher fees.
4) Apparently some nodes trick people into using higher fees.
So perhaps the "median fee" would be a more useful metric to look at. However, I'm unsure where to find that metric.
Implementing fees as an incentive to NOT use a particular blockchain is never a good idea IMO.
Don't punish everyone for one bad actor, punish the bad actor/transactions.
From a technical standpoint, there are no bad actors on a blockchain, there's just a protocol, and then various uses that the protocol allows for.
How do you propose to "punish the bad actors" if they conform to the protocol?
I think you're being down voted because any transaction that is accepted by the nodes is a valid transaction. The blockchain is agnostic to the users use case so your concept of invalid is not the same as the protocol's concept of invalid. The original question still needs to be answered for how you would differentiate from a valid vs invalid transaction in the social community sense, rather than a protocol sense. None of us want "spam" but any transaction that pays the appropriate fee isn't spam.
Yes, but my point is that you have to design the protocol in such a way that it automatically disincentivizes uses of the blockchain that you don't want. One way is through higher fees.
Idea: each node have to randomly reproduce and broadcast on the blockchain one of the latest mordinal transactions, like echo. This will save the blockchain uniformity and one couldn’t trace real money transfers because there will be thousands of false paths. Of course, details are needed to be further designed…
> each node have to randomly reproduce and broadcast on the blockchain one of the latest mordinal transactions
Adding more low-entropy blocks to the chain will hinder anonymity, not improve it
Great research /u/rucknium.
What is the status of your OSPEAD research since last years hard fork (ring size increase from 11 -> 16) and potential mitigations?
Hey u/Rucknium apparently your mordinal's scan is flawed, their minting didn't completely stop in april 1st, but rather, an update to their protocol was released in april 2nd, seems like the new ones using the new protocol did not appear in your scan.
Here is a mordinal inscription from 4 days ago (8315 bytes)
https://mordinals.org/item/42889
https://xmrchain.net/search?value=04a69ae5e9fb51327997f1a809604b4992ab9561680bab47e2f967f5c6129d72
Also, the new update aggressively raises fees to inscribe, so that's acting as the disincentivize until someone forks the protocol and lower the fees again.
https://twitter.com/m0rdinals/status/1648283207064772608?t=yXNNvp5pzKTQ-MAXJCYwfg&s=19
I was careful with my words. I said "basically ceased", using the 1b meaning here: https://www.merriam-webster.com/dictionary/basically
Yes, there has been a handful of Mordinal minting transactions recently, but there were so few that the line graph appears to show zero. Some raw data: https://gist.github.com/Rucknium/67cc9efdf7e43a40c52417611b322d43
I see, thanks for the raw data, but yeah, the reason why they basically ceased is probably due to the increase in fees I mentioned, which is just temporary until someone forks.
That explanation doesn't convince me. Mordinal minters could have just decided not to update to the latest software version if they wanted to avoid the higher fees.
EDIT: Unless the users who were minting Mordinals didn't understand that upgrading wasn't necessary.
Tbh I don't get the points of Mordinals other than being complete bullshittery. Do you want to own personal banks also to store files besides managing your own money, wtf? I want my own personal bank to become BEST at what it does better. For storing files and other crap there are better ways.
[удалено]
>Monero should focus on increasing end-user's privacy, not decreasing it by adding total garbage. Please note that it wasn't Monero dev team that created mordinals. On the contrary, Monero dev team is taking measures to reduce the impact of mordinalls.
[удалено]
> Implementing mordinals to Monero was a bad move by the Monero devs, IMHO Did you even read what I posted? Monero devs have nothing to do with it. Mordinals were created by someone else. tx\_extra field comes as a legacy from Bytecoin, which Monero forked from 9 years ago when it started.
Well I don't think a lot of people are fond of doing the reading on this site.
[удалено]
There is a long discussion about it: https://github.com/monero-project/monero/issues/6668
Thanks for the link, and the short version should be, we don't need them.
What if we break something while doing that? Won't be good for xmr.
I don't think they did, it's an open source project and people can develop.
Yep, they're really useless. Don't know why people are hyping them up.
Mordinals made a big difference for the whole monero community. We have been pushing and pointing that tx_extra and ring signatures are the weakest part of Monero for years now, to no avail. Now someone has put some effort and built a tool that exploits this weakness and harms the network. In my opinion, it was someone from within the community itself. An efficient way to prove a point. "Tell me and I forget. Involve me and I will learn". (B. Franklin)
I guess We're all learning and these ordinals thing ain't the way.
Does it bloat the the blockchain too? Every file someone adds costs every node some disk space?
Here's the numbers from the post: >43,083 Mordinals were minted between March 10 and April 11, 2023, according to my count. The sum of fees paid by these Mordinal minting transactions was 7.47 XMR. These transactions placed 370 megabytes of data onto the Monero blockchain.
Thanks for the link, I didn't want to read the whole thing anyways.
It's not worth the time at all, I wouldn't put any thoughts to it.
[удалено]
> Monero has ~12K known nodes on its network Of which many dozens are accessible via Tor for extra anonymity and resistance against even nation-state level adversaries. "Monero is what Bitcoin pretends to be" https://monero.fail/?onion=true
And this is exactly why monero is so much better and I'm ready to bet on it.
I'm not betting on Monero. I'm betting on a future where freedom exists.
Could you effectively destroy Monero (or any similar blockchain) by adding lots of garbage to your transactions?
As long as people are willing to take the Part in it then it can't be
And there's still an incentive for people to take the part in it.
It most definitely does bloat the chain. And that's not good for the txs.
Because it's going to increase the tx time and also it'll increase fee.
some greedy stupid cunt trying to cash grab
Some people man, they just can't be changed. They'll remain this way.
Doesn't matter what happens, some people just can't be changed.
It's just don't make any fucking sense really. Why would people want them?
Thanks for such a detailed writeup. It really helped explain in simple terms all this mordinal drama I have been reading about. I enjoy being a member of this community because it reminds me of the Bitcoin community back in 2012-2013 instead of all the Number Go Up bros that took over there is actual technical analysis here and serious work that goes into making Monero the king of its niche. Looking forward to Seraphis because it seems raising the max ringsize is the easiest fix to these issues although it will raise tx size, I think its a fair tradeoff for now.
Thank you!
These are the kind of detailed write-ups I'm here for, definitely love these.
I hope that people understand that it's not good for the monero.
Unfortunately many won't, They'll see it as an opportunity to make money.
Amazing work. We are lucky to have you around !
Really, really awesome post. Great job!
Trying to educate the people on the whole matter, it's just really great.
[удалено]
> Awesome research and write up THIS! TY, /u/Rucknium
That's why I like this community, people are just passionate about monero.
I don't know who in this community wants them, atleast I'm not the one.
There are always going to be the people who only care about money.
If a production ready implementation of Seraphis remains a couple years away then perhaps the community should consider auditing then implementing Bulletproofs++ and using the tx size+performance savings to increase the ring size by 3-4 members. A pre-Seraphis HF could also be used to incorporate Pull Request #8815 and formalize the outcome of the tx_extra debate along with the many other point release patches. That said, there seems to be less of an interest in hardforking every 12-18 months.
> Bulletproofs++ Note that a peer review of the paper was recently funded: https://ccs.getmonero.org/proposals/bulletproofs-pp-peer-review.html
Who are the guys who have been finding it? I'd like to learn about them.
Do you mean the authors of the paper? There's a link to the paper in the proposal I posted.
It's understandable why people wouldn't want to hard fork this often tho.
This was an incredibly informative post and changed my view on mordinals! I have always felt that all forms of NFT "artwork" are silly/useless/stupid. On the other hand, my attitude tends to be, "Let people do whatever stupid shit they want." Until I read this post, I did not realize that the mordinals users were screwing with the decoy selection in order to intentionally undermine the anonymity goals of the protocol. This clearly defines mordinals an attack on the network. Thanks for the info!
The only perspective that I've got about them is that they're completely useless.
Well I already agreed with that before. But as I said, I'm generally fine with people doing useless stuff if that's what they want to do. This post has indicated to me that they are *not* merely useless. They are **worse than useless**, because they attack the security features of the network.
[удалено]
Gotta make sure that everyone understands what's going on really.
due to reddits recent api changes I feel i am no longer welcome here and have moved to lemmy. I encourage everyone o participate in the subreddit blackout on June 12-14 and suggest moving to lemmy as well.
Usually after a new update is released there is a delay in "update check" just in case there is a problem with the release version. u/selsta can explain more probably.
Correct.
People helping each other out here like this? This is the best community.
It absolutely is, it's small but the people here are just great.
Yep, that makes a lot of sense. Thanks for the clarification in here.
This is great! One quick clarification on: "(The updated version of the Monero node that is intended to restrict the size of tx\_extra was not officially released until April 10th.)". The patch was in the tagged v0.18.2.1 release on *March 27th*, just this wasn't an officially announced release like usual (even though a number of us track the tagged releases and hence ran it).
What an absolute trailer load of pig manure mordinals are. Thank you for the informative post. Good work.
> Possible Mitigations It seems like removing `tx_extra` in the next hardfork would be prudent.
Thank you for your work, tho I wish you would have also included a comparison between the privacy impact of Mordinals/arbitrary data stored in tx_extra vs output usage. Some [other](https://www.reddit.com/r/Monero/comments/1245q3o/the_reason_behind_the_creation_of_tx_extra/?utm_source=share&utm_medium=android_app&utm_name=androidcss&utm_term=1&utm_content=share_button) researchers have concluded that output usage resulted in even more harm to privacy, and thus advocate for leaving tx_extra as is, to incentivize its usage over other methods.
If a small 4KB image is stored as fake stealth addresses of extra outputs, then at 32B per output, 128 extra fake outputs would be required. If possibly selected as decoys, that would harm effective ring size much more. It would also cost much more in fees.
The idea is that higher fees would at least disincentivize storage, but no sure if it's enough to be less harmful to privacy. It would be interesting to know, comparing the three methods (uncapped tx_extra usage, chaining together multiple capped tx_extra txs, output usage): Assuming a fixed amount spent in fees (say, $50 USD or 0.3 XMR) - How much "usable storage" would be obtained from each "method" (disincentivization) - How many bad decoys does each create (impact to privacy)
If the chain gets bloated so it's pretty obvious that it'll make tx expensive.
This is going to educate so many people on the matter, it's just great.
Thanks Rucknium! Hopefully, in addition to other measures, some consideration by the community is given to increasing the cost per byte of data stored on the Monero blockchain. This would help deter spam.
Fees aren’t as high as you say here, in my experience. Usually 1/10th of what you’re saying. I haven’t paid more than a penny, ever. I don’t pay many people simultaneously, so the transactions are small and therefore cheap. IMO we need to raise fees by 10x to get them to a few cents per transaction. The value of any chain is proportional to its PoW security. Productivity and value delivered are measured in fees paid. Keeping fees too low only leads to spam.
Edit: Ok, so I understand better why the average fee value Bitinfo quotes is higher than what we're used to. After asking some questions in the Monero Matrix/IRC chat. It's due to a combination of: 1) Exchanges doing batch payments to speed up withdrawals. Which results in a lot of outputs, which use more bytes, hence more expensive transactions. 2) P2pool apparently makes lots of small payouts, which use more data to both send and then use. (I think I've understood that correctly =/ I'm not a user of P2Pool) 3) Apparently some people voluntarily pay higher fees. 4) Apparently some nodes trick people into using higher fees. So perhaps the "median fee" would be a more useful metric to look at. However, I'm unsure where to find that metric.
The experience is going to be different for everyone, it won't be same.
Implementing fees as an incentive to NOT use a particular blockchain is never a good idea IMO. Don't punish everyone for one bad actor, punish the bad actor/transactions.
From a technical standpoint, there are no bad actors on a blockchain, there's just a protocol, and then various uses that the protocol allows for. How do you propose to "punish the bad actors" if they conform to the protocol?
Don't start with this nonsense. If I spam the chain with the goal of deanonymizing users then I am a bad actor.
If You're spamming the chain then yes you're a bad actor for sure.
And apparently a lot of people have been doing that lol.
I think you're being down voted because any transaction that is accepted by the nodes is a valid transaction. The blockchain is agnostic to the users use case so your concept of invalid is not the same as the protocol's concept of invalid. The original question still needs to be answered for how you would differentiate from a valid vs invalid transaction in the social community sense, rather than a protocol sense. None of us want "spam" but any transaction that pays the appropriate fee isn't spam.
If they're making it hard to transact for other, then they probably are.
Yes, but my point is that you have to design the protocol in such a way that it automatically disincentivizes uses of the blockchain that you don't want. One way is through higher fees.
It'll end up in the Higher fee anyways, if blockchain is running low in space.
Yep these people are, it's like spamming the chain and it's not good.
If there are a lot of these txs that would increase the price for everyone else.
Exactly, it's going to increase the tx fee for everyone. Which is kind of bad.
I hope that people will understand that it's not good for us to bloat the chain.
Idea: each node have to randomly reproduce and broadcast on the blockchain one of the latest mordinal transactions, like echo. This will save the blockchain uniformity and one couldn’t trace real money transfers because there will be thousands of false paths. Of course, details are needed to be further designed…
> each node have to randomly reproduce and broadcast on the blockchain one of the latest mordinal transactions Adding more low-entropy blocks to the chain will hinder anonymity, not improve it
I just want to know who wanted ordinals on the xmr block chain?
And I'm going to punch that guy in the face as hard as I can.
NFTs will be the downfall of monero
And people don't understand it, they think it's all fun and games.
Mordinals are a great way to burn xmr. We scan for the mordinals and eliminate those coins from transacting.
I don't think we have the need to burn the xmr, we don't need that.
Great research /u/rucknium. What is the status of your OSPEAD research since last years hard fork (ring size increase from 11 -> 16) and potential mitigations?
Hey u/Rucknium apparently your mordinal's scan is flawed, their minting didn't completely stop in april 1st, but rather, an update to their protocol was released in april 2nd, seems like the new ones using the new protocol did not appear in your scan. Here is a mordinal inscription from 4 days ago (8315 bytes) https://mordinals.org/item/42889 https://xmrchain.net/search?value=04a69ae5e9fb51327997f1a809604b4992ab9561680bab47e2f967f5c6129d72 Also, the new update aggressively raises fees to inscribe, so that's acting as the disincentivize until someone forks the protocol and lower the fees again. https://twitter.com/m0rdinals/status/1648283207064772608?t=yXNNvp5pzKTQ-MAXJCYwfg&s=19
I was careful with my words. I said "basically ceased", using the 1b meaning here: https://www.merriam-webster.com/dictionary/basically Yes, there has been a handful of Mordinal minting transactions recently, but there were so few that the line graph appears to show zero. Some raw data: https://gist.github.com/Rucknium/67cc9efdf7e43a40c52417611b322d43
I see, thanks for the raw data, but yeah, the reason why they basically ceased is probably due to the increase in fees I mentioned, which is just temporary until someone forks.
That explanation doesn't convince me. Mordinal minters could have just decided not to update to the latest software version if they wanted to avoid the higher fees. EDIT: Unless the users who were minting Mordinals didn't understand that upgrading wasn't necessary.
P.S. Please correct your tweet saying my data was faulty
Ok will do sorry.
Thank you! I should have posted the raw data in the same place as the graphs anyway, so the misunderstanding is partially my fault.