It looks like some individuals are referencing my previous post to take aim at the Dero Foundation. To be clear, there is 0 evidence to blame the Dero Foundation for anything other than for waiting too long. I included it in my previous post only because it is a concerned party within Dero, but I've zero reason to doubt the word of anyone from the Foundation.

There is, on the other hand, evidence that Captain betrayed his users. Therefore as far as I'm concerned, this is how Dero should move forward:

1) The Dero Foundation (Kryptoid, Azylem, Dank and maybe expanded to include other trusted members) should take over development and everything from Captain

2) The Dero Foundation should hire a 3rd party to conduct an audit of the Dero blockchain to confirm whether there are other exploits or not. To date the only audit is the one done by Derolytics, who gives off controlled opposition vibes (since he shills Xelis and Xelis founders seem to overlap with Captain by quite a bit)

Finally, I ask readers to please avoid using my posts as evidence to support their own speculations.

Dero, Palantir, Chainalysis, In-Q-Tel, Monero are all part of the same family.

That’s why a noob like me had to be the first one to really break down the differences between Dero and Monero, because nobody in Dero really cares about Dero. They’re all puppets in the hands of puppet masters that make money tracing Monero. So Dero’s bad/low-tier Ponzi marketing, and wishy-washy building with clunky interfaces (if any at all), isn’t really bad marketing. It’s strategy.

The Masters of Monero (and Dero), those that control even Captain and close an eye when he scams (like with Xelis), want to keep Dero as low profile and as Ponzi oriented as possible for as long as possible. They make money tracing Monero, and Monero is really easy to trace, so why make their own life harder if they don’t have to? They actually hope people never realize how bad Monero is and never move to something better.

When/if people start looking for better options, the Puppet Masters will feed them Dero. Dero’s tech is better than Monero (and any other privacy coin today) on paper, but still almost as easy to trace in its current state. When Dero’s day comes, it will come with a lot of stalling and I personally don’t think we will ever see any of Dero’s upgrades come in a timely manner.

That said, get Whitney Webb's book One Nation Under Blackmail. To save time go straight to the Chapter "The Private CIA". I’d still try to read as much as possible of her writings, even if in the beginning you will struggle to follow. What matters is that at some point, despite struggling to keep up with names and who did what, you will start to understand how deep state’s web of deception works. And once that realization kicks in, the way you look at crypto will change forever.

The whole crypto industry is most likely made of ex-NSA engineers and ex-CIA spooks teaming up to grift through sheer Ponzis, inflation scams and meme coins. Their deep knowledge of loopholes allows them to get away with impunity. That's all crypto is really about.

(Note: Whitney Webb was the first journalist to go after and expose Epstein fearlessly. Bear this in mind in case some CIA troll tells you she said nothing new and is a limited hangout.)

🚨This is not a conspiracy theory by the way, there is plenty of proof. The key piece of the puzzle is Kayaba.

First things first, why does Kayaba matter? Because we know Luke Parker is funded by Magic Grants, which is directly funded by Chainalysis.

Now let's look at events in Q1-Q2 2024. We know Captain (and/or DF) received 400K DERO from Kucoin and was planning to dump those DEROs before Dero entered accumulation (zero point prices) to bootstrap funding for his scam Xelis.

Captain conducted the dump and Luke Parker disclosed the critical bug right after Captain dumped his bag of DEROs from Kucoin.

Now there are 2 possible explanations for such a sequence of “right after” and "right before":

1) Either a 1 in a million coincidence that Luke found the bug right after Captain was done dumping Kucoin’s residual balances, and right before Dero entered accumulation. Because nobody was going to buy Captain’s Dero in March for $5 if the bug had already been disclosed.

2) Or a 99 in 100 chance that the bug was known in advance but those who knew needed to dump the free coins they would get from Kucoin first.

Kucoin’s unlocking of the residual Dero balances was a scheduled event. Everything else happened in sequence quickly after that scheduled event: Dero pump > Coinex dump > Xelis launch > Disclosure of dero wallet bug > Dero enters accumulation

Since Kayaba coordinated with Captain, to Captain's benefit, then that proves they are the same family. And since Kayaba is controlled by Chainalysis, then that proves Captain is controlled by Chainalysis too.

The proof was always out there, hidden in plain sight. We were simply not paying attention.

🚨Don’t use Monero (bad, old tech, CIA honeypot). Don’t use Dero (good tech but kept in deprecated state, CIA honeypot). Use ZEC shielded transactions. They offer the best privacy by far today.

Does FCMP close the gap between Monero and Zcash? No, absolutely not. Even with FCMP++ Monero is still much worse than ZEC.

Even with FCMP, a Monero transaction ID will reference specific key images published onchain with it, and specific new outputs. They are tied together onchain forever.

Whereas a ZEC shielded transaction ID references nothing onchain, it’s just a proof that valid inputs were spent and valid outputs were created out of the spent inputs. It's not linked to anything else.

Of course the CIA/Palantir shills like Zachxbt will try to confuse you with how they traced a ZEC transaction on NEAR connect because of “static” outputs. But NEAR connect (and any other bridge/cross chain swap for that matter) has nothing to do with ZEC's tech, and Monero’s outputs are just as static as those of ZEC. Not only that, but they will always be linkable to specific key images (even with FCMP++) which gives the full transaction structure which makes them much easier to trace.

ZEC’s only true weakness is that CIA’s and Monero’s disinformation shills successfully control its narrative so very few people use it because they believe their FUD. However, today ZEC has the best privacy in production by far.

And yeah, I don't care if it has a CEO, it has the best privacy full stop. Just because the CEO of Monero and Dero sits in an office at some CIA/Palantir office building doesn't mean they are "cypherpunk". Having a CEO hidden in the shadows, that reviews backdoors and approves inflation exploit operations, is far less cypherpunk than having a public CEO that anyone can ask questions to and hold accountable.

To be cypherpunk you need good tech, no backdoors, and to put the privacy of users first. Not your own greed.

It’s time to stop being nice to scammers. It’s time to stop pretending you don’t understand what the scam is. It’s time to stop hanging out in their groups, validating their personas, and their projects. It’s time to stop parroting their blatant lies to protect your bags.

Centralization is a scam. If 99% of your circulating supply was mined in 4 years and the project was marketed only after that, then that project is a scam.

Inflation bugs are scams. If you minted illegal tokens behind everyone's back, that's a scam. Haven, Xelis, Dero, Zephyr, Salvium and others. All scams. I don't care if you minted only 1% of the supply or 1000%, if a project did it then that project is a scam.

Misleading marketing, when your coin can be traced but you shill it as untraceable, that's a scam. Monero is a scam.

Stalling is a scam. When you don't deliver, it's either because you can't (many such cases in crypto), or because you just want to milk the narrative without ever delivering the actual product (ringless upgrades in Dero, FCMP++ in Monero).

And it’s time to stop tolerating censorship, scammers only thrive because of censorship. Censorship is how the CIA/NSA hijack projects, turn them into honeypots, and stall them to death. We have seen it over and over in crypto’s history. From Bitcoin to Monero to Dero.

Notice how my X account was suspended? Who suspended it, was it Monero or Captain and the other thieves in his team whom I doxed by reminding all victims that the scammers behind Xelis, that we now know are part of Captain too, checked in with their ID at Nonsensus from October 31st through November 2nd 2023 at Wild Horse Pass Casino in Phoenix, AZ?

Stalling, censorship and lies are the signature moves of when a project has been captured by a three letter agency.

Let deep state agents stick out like sore thumbs. Let them be the only ones believing their own bullshit, peddling their own scams to each other. Create your own community and refuse to let any scammers in. Refuse to let anyone shill a scam “because scams pump the hardest”. Scams go to 0. They pump the hardest because nobody but the scamming founder holds them. You’re not going to make any money with scams.

Only scammers make money with scams, and the reason they make money is because there are way too many dummies out there that (don't) fall for their lies but still believe they will make money with the scammers if they repeat the lie.

Name and shame proven scammers, insult them, spit on them if you see them in the street, kick them out of your groups, educate/warn others on their scam. The admin in your group will never do this, it’s you the guy with no admin rights who has to do it.

Or don’t, and find out.

Conflict is good because it brings out information and it exposes all CIA/NSA dummies at once. They forget about plausible deniability, and all of a sudden they start parroting the same script.

Monero and Dero shills are repeating the same line: “Zcash is a Fed coin”, “Zcash has backdoors”, “Zcash has a CEO”, “Zionist Cash”. You will never hear a single technical argument, just endless gaslighting because ZEC's tech is really the best there is today. ZEC also shipped the Orchard upgrade, which mitigates a deep privacy issue (UTXO heuristics) nobody is even talking about in Monero, let alone address it.

That said, Monero, not Zcash, is a Fed coin. We have proof it’s promoted to track people from DNMs. There is proof of various Fed companies, such as Chainalysis, TRM Labs and Palantir involved in Monero tracing and the selling of Monero tracing services to the US government.

There is proof of this, dummies, there’s an actual video. It’s not an opinion. Of course all the high flying CIA shills like shitcoin scammer Tyler Turd-en or Chainalysis persona Zachxbt will never mention any of it, because they feed on this scam.

Zcash Zionist cash? Maybe, but if so that makes it even better for privacy since Zionists have proven to be a separate lobby from the endless army of CIA minions who exchange information with each other behind everyone’s back targeting anyone who steps on the toes of any of their toxic minions.

At least Zionists only care about Israel. And I’m for #freepalestine, make no mistake. But I’m for peace and I’m no Hamas either, so when it comes to my privacy it’s 100% safer in the hands of Zionists than all the CIA/NSA inbreds that make fun and scam anyone who is not CIA/NSA.

For the same reason I’d trust a Chinese privacy app 100% more than any US privacy app, because guess what? Even if there is a very deep backdoor, it’s certainly much deeper than in the US counterparts where backdoors are there for CIA's VCs to monetize them by selling surveillance services to the US gov, and most likely accessible only to the CCP. And guess what, dummies? I don’t live in China, so I don’t care.

Dero is Monero’s little brother, supposedly better on paper but they will never deliver the tech, because they simply can’t trace it. The current version of Dero, gentlemen, was caught having a bug that deanonymizes all transactions. One might call that a CIA/NSA move/backdoor. Since Captain turned out to be a scammer, that might well be the case.

Dero, was also caught having an inflation bug exploited by its very founder. One may call that too a signature CIA/NSA coin move as well.

Ok, end of rant. Buy $ZEC. Ignore the US deep state trying to push you into their honeypots.

🚨Some Kaspatards are trying to get my voice censored from Zcash. For anyone wondering, let me explain. I’m simply the guy who found first that there is not a single Kaspa full node out there.

Somehow they turned me into Kaspa's public enemy #1 over this finding. I actually did them a favor. Thanks to my work, I gave Kaspa a real shot at flipping Bitcoin. Yes, BTC. I basically took their founder's Don’t trust, terrify! mantra to the highest ranks of cypherpunks. If only Yoni had Shai’s balls to fight for his ideas, maybe Kaspa would have had a chance at flipping Bitcoin one day. But no, Yoni flip-flopped. And Shai's balls whithered as soon as he saw Yoni couldn't articulate any convincing argument in front of the big guys.

So to us in private Yoni said we were all dumb to fall for the full node cult, and then when we took him to debate Nick Szabo (figuratively speaking) he starting mumbling.

And I am the bad guy?

Instead the cult should be wondering: does Yoni believe in what he says, or did he say it just to prey on unsophisticated retail? One would think that IF Yoni wasn’t throwing brain farts at unsophisticated retail crypto users, then Yoni would have dreamt of the opportunity to debate legendary cypherpunks about his Don't trust, terrify.

So shame on you, ungrateful bunch. Let's not forget that I also wrote the first viral article on Kaspa when it was only $1M mcap. And even then you were ungrateful.

Cheers and remember: sell Kaspa, #buyZEC

Hear, hear. Remember that little project Sir trading I told you about 2 months ago? I got a lot of doubters in private calling me an idiot for shilling a project with only 12 holders (66 now!).

-Too good to be true, TL.
-What's the catch?
-Collapse imminent, TL.
-It will get hacked, TL.
-I want to see more TVL before I pull the trigger, TL.

Guess what? Nobody holding longs on SIR got liquidated on Oct 10. Because on SIR, you don’t get liquidated. Simply, the share of the tokens you own in the leverage pool increases or decreases. It decreases when price goes down (if you are long), and goes back up when price bounces back.

Did I tell you I’ve known the dev for a long time and he is a solid guy and a genius? Well, now you know. You will find many other defi OGs are all over it, if you do some digging.

So I just wanted to check in to say: two months later SIR is still here. Dev still building. TVL piling up, some huge meme coins have deployed leveraged tokens here (like PNKSTR). They also just deployed on Hyper this week (Proof)

If you aren’t in yet this might be a good time to start playing with it.

Sir is good defi. It's a new primitive, and it works as intended. And that's huge.

It will moon. (NFA!)

Start playing with it before the Eth foundation deploys an Eth vault there for longing/shorting Eth with leverage permissionlessly.

Azylem dropped this huge turd in the Dero Discord.

Put aside the condescending tone and read what Azylem says. Azylem argues that the sender probably isn’t the sender the payload points at because Captain could be using a "different client".

Unfortunately, that changes nothing. And for the record, I thought of that: what if the real sender handpicked decoys and somehow manipulated information in the transaction payload to make it look like the sender was another address?

Even if that is the case, then the real sender would still have to be one of the other 15 addresses. And the thing is that NONE of the addresses in that transaction could be spending 2.2M coins. So even if the payload lies, any other address would still be doing an inflation exploit. Because all other members are spam accounts.

So the verdict is the same: Dero is a scam, and Captain is a scammer.

He exploited Dero, and the proof is onchain. Forever. For anyone to verify.

🚨FOR DERO HOLDERS: WHY THE DERO BULL THESIS IS BACK 🚨

1. There is no bug in the Dero code today, I told you 1 month ago and Mmarcel has just confirmed this (check community Discord)

2. I will say again that the bug was in the pre-compiled binaries and was removed the moment Dero became reproducible (few days after the exploit). Maybe one day an advanced coder will be able to prove this too.

3. The inflation exploit is real, but it was internal and reversible. Captain did create 2.2M coins, but Captain also didn’t touch the premine.

4. How to reverse it: Captain has to burn 2.2M coins of those he still controls and everything will be back to where it’s supposed to be. Like the exploit never happened. Poof.

THE MOST IMPORTANT PART

Why did this happen? Both the wallet bug and the 2.2 inflation transaction were planted and supposed to come out for re-accumulating the distributed coins from the 2021 bull.

The way everything came out, from the very top, means this was planned ahead a long time ago. Let’s face it, we the community would have never found out on our own. We know because they wanted us to know. And why would they want us to know if not to buy our coins back for cheap?

So no, this was NOT done for marketing to boast about Captain not having moved coins. Because if so then we wouldn’t know about the malformed transaction today. Derolytics’ disclosure would have stopped short of reporting it. They would have only told us that Captain still controls 3M coins.

The only logical explanation, and I have thought about this for a really long time, is that this was done to FUD, to shake out as many people as possible.

Another important cue is that a lot of those 2.2M coins are still sitting unspent (as of the time of the deanonymization). In a true inflation exploit they would have all been dumped in 2023 when Dero pumped to $150M mcap. Go through the addresses in the derolytics explorer and calculate amount spent-amount received for the addresses where the 2.2M coins flowed. In many the balance is still positive, sometimes even by several hundreds of thousands.

Last but not least, I’d have never been able to connect the dots without the stuff about compilers Azylem taught me. He taught me a lot of stuff before Chatgpt came around, so I’ll always be grateful. Credit where credit is due. But that doesn’t mean I won’t call him out when I see fit.

That said, the fact that they went to such great, great lengths to re-accumulate Dero speaks volumes. I mean, what are they doing here? Why do they want these coins so much? Because Dero has the best privacy tech and everything else is 10 years behind.

That’s why they did all this.

Now we have really come full circle.

🚨IS CAPTAIN A SCAMMER, OR ANOTHER SNOWDEN?🚨

Let's go back to October 2022. Dero’s network consisted of 2 types of nodes: nodes of users who had compiled from source themselves, these nodes didn’t have the bug. Then there were the nodes of users who had simply downloaded the pre-compiled binaries, these nodes had the bug and would accept the inflation exploit transaction.

Considering how things went, it’s clear that most nodes (in October 2022) were running on pre-compiled binaries. This is because most nodes accepted the exploit transaction, and those who did not stuck out like sore thumbs and were told to “POP” by a few blocks because there is a “node bug”. And they did it without asking any questions.

What if the majority of nodes had compiled from source? If the majority of nodes had compiled from source then Captain’s exploit transaction wouldn’t have passed through, it would have simply been rejected by the network except for the minority of nodes running on precompiled binaries which would have ended on a forked chain.

Lesson here? Always compile from source yourself, do not use pre-compiled binaries. Do not trust. Especially when dealing with a privacy coin where a pre-compiled binary can have a bug that enables an inflation exploit. If you run a node on pre-compiled binaries then you’re no longer contributing to decentralization. Your node is not only worthless, but a potential attack vector.

Who the fuck is Captain? Is he deep state, or is he a Jason Bourne that has turned on the deep state? Was the bug an exploit, or was it Captain trying to show us how much damage a cultivated habit, such as "blindly trust precompiled binaries", can potentially do if used against Dero one day?

Only time will tell. In the meantime, learn your lesson. Compile from source.

Or your "I'm running my own node", means shit.

Why do they want to keep up the bug denial narrative at all cost? My answer at the bottom of the post.

I just checked the latest ZeroPoint episode covering, among others, "the bug that doesn't exist". This guy Marcel apparently has been investigating the bug for months, and he is the first one after me to have said that there is no bug in the public source code. Which I concluded through simple logic without even looking at the public code, simply because Dero wasn't reproducible at the time so the bug doesn't have to be in the source code.

Marcel, if you're reading this, is the source code the first place to go looking for the bug with everything that we know? Any proper investigator would have found that Captain published reproducible binaries 10 days after the bug exploit. So as an honest investigator, your first suspicion should be that the bug was in the precompiled binaries.

STEP 1: Recover the pre-compiled binaries, inspect them for differences with the source code. Or decompile them (if that's an option)
STEP 2: If you can't retrieve the original pre-compiled binaries, then simply take the flagged transaction proofs and run them against the current proofs. Do they pass? But you have never done this test. And why not, if I may ask?

Anyway, let me break it to you: No, the flagged transaction proofs will not pass verification with the current proofs or with ANY proofs in the public source code.

I think these guys want to do a fugazi pump by keeping up the bug denial narrative, so they suck in some new retail. And then Marcel will drop the bomb, finally, that the bug was real (just like techleaks said 5 months ago). So then they will buy back for cheap what they can from that retail that got sucked in. And then later everything will proceed as if nothing happened, with the implied understanding that this bug is inconsequential because Captain didn't spend the premine.

I can't think of any other reason why they are fighting so hard to keep the bug denial narrative when the bug is there, undeniably. And, by the way, the transaction amount is not part of the payload. So it cannot be manipulated by manipulating the payload.

Also will there ever be an Atlantis burn, or is Captain left the burn everyone's been waiting for? Time will tell.

Any Dero pump that doesn’t follow as result of increased awareness of the unfixable inherent weaknesses of single use outputs and Pedersen Commitments is a Fugazi pump. Fade/ignore it because it will retrace 100%. Any pump that doesn’t follow from increased understanding of the fact that Pedersen Commitments are a fundamental & unfixable weakness because they are single use and require UTXO, and that homomorphic encryption/El Gamal cyphertexts are the way forward, is a Fugazi pump. Fade/ignore it.

Any privacy blockchain relying on Pedersen Commitments is updated through new outputs after every transaction. New outputs, and the fact that they are single use and require UTXO, leak patterns that make transactions traceable. With homomorphic encryption and El Gamal cypher texts, account balances are updated in encrypted state and the recency heuristic is killed. Rings in homomorphic encryption blockchains are an attempt to keep the recency heuristic alive, but it is still much weaker.

Anyway, for as long as not everyone around you who considers himself/herself a privacy expert doesn’t openly say and/or cannot explain/understand this, nothing has changed. We’re in suppression. The deep state has won. The honeypot paradigm still rules. Surveillance thrives. The manipulation will continue. The stalling too.

If you want the surveillance nightmare to end, you need to start educating everyone around you about the fact that single use outputs/PCs are old tech. And no privacy chain that relies on Pedersen Commitments/single use outputs will ever be private.

Don't wait for gov controlled ETFs issuers like VanEck or KOLs in 3 letter agency payroll to explain this to the masses. You, the little guy, have to understand this. And then explain it through word of mouth to a friend. And your friend to another friend. Until the world wakes up.

Good luck to all the little warriors out there.

The difference between Dero and the dinosaurs boils down to Pedersen Commitments vs El Gamal

I published an article on Substack today explaining why El Gamal is the quantum leap forward for privacy coins. I recommend everyone who cares about privacy tech to read it. That said, there are 2 big issues with Pedersen Commitments that lead to all the privacy flaws we see in Monero and other privacy chains that use them:

ISSUE 1

Pedersen commitments, while homomorphic mathematically speaking, are NOT updatable from the outside from the public key alone. If I want to send some coins to your stealth address, the protocol cannot update the balance of that address without having the blinding factor of the commitment tied to that specific address. Since blinding factors aren’t public, then homomorphic updates are not possible in a blockchain using PCs.

El Gamal, contrary to PCs, has this super feature. I can update the El Gamal commitments of any account without knowing their blinding factor. It can be done just by knowing the public key, and anyone can verify that the update is conform to the protocol.

ISSUE 2

Pedersen commitments are not public key re-randomizable. This boils down to the fact that even if I were to update my own output, since I could know its blinding factor, I wouldn’t be able to have sender privacy. This because anyone looking at the transaction from outside would see that among the input ring members of my transaction, only my cyphertext changed while the rest remained the same. Because I’m not able to re-randomize the cypher texts of other decoys.

El Gamal has this super feature too. When I spend Dero, the El Gamal cipher texts of all decoy ring members are re-randomized by adding 0 in encrypted form. Since all cypher texts change it’s impossible to tell which one was updated by a non zero amount and which one was just re-randomized.

Because of these 2 issues, any privacy blockchain relying on Pedersen Commitments to hide balances is forced to rely on UTXO and single use outputs/addresses. Single use addresses means that every time you want to spend some coins from an address, you have to empty it completely and generate a new address for the receiver and a new address for your remaining coins.

These two forced design choices as result of PC limitations leak patterns that bypass encryption to reveal the flow of funds.

The single-use aspect enables the recency heuristic and allows the filtering out of decoys (black marble attack). Since outputs are always emptied completely when spent, if we know they were the real spender in a transaction we rule them out as decoys in all other rings where they appear as members.

The UTXO model has no receiver privacy (no decoys) and also enables the co-spend analysis heuristic.

El Gamal commitments, being public key re-randomizable and updatable from the public key alone, eliminate these attack vectors completely because a privacy blockchain using El Gamal doesn't have to opt for UTXO and doesn't have to opt for single use outputs.

This is why El Gamal commitments are the big quantum leap in privacy chains.

This is very deep alpha. Make sure you read and understand it.

The implications of this are huge, and apparently this is a very advanced topic in academic circles.

If you google online the differences Pedersen Commitments and ElGamal, most results are about how PCs are perfectly hiding and therefore superior. Apparently this is the standard toilet paper degree in cryptography take.

In reality, if you dig deeper, much deeper, you find out about public key re-randomization and public key updateability, the big weaknesses of PCs that in a blockchain system make them an extremely weak choice. So let’s see why any blockchain that uses PCs is forced, and cannot choose anything else, UTXO and single use outputs.

Reason 1: PCs cannot be updated from the public key alone, without having the blinding factor (ElGamal can be updated just from public key)

Again, PC commitments can be updated by their owner who has their blinding factor. So in elementary school they teach you “PCs are homomorphic”. But in a blockchain, we use a trustless protocol to update the balances of users who send/receive money. So for a homomorphic blockchain we need a commitment or encryption scheme where we can update values without having the blinding factor.

PCs don’t have this property. They simply cannot be updated at the protocol level just from their public key without revealing the blinding factor, which would deanonymize the chain completely. As result, for this property alone, we cannot have a blockchain updated homomorphically with Pedersen Commitments.

The only option is to destroy them (empty completely with a receipt to prevent double spends) at every transaction, and create new commitments for the new outputs. This is why single use outputs and UTXO are not a choice, but the only option for Pedersen Commitment chains.

Reason 2: PCs are not public key re-randomizable (ElGamal is pk re-randomizable)

Another reason why homomorphically updating PCs wouldn’t work is that they’re not re-randomizable from their public key. So you could not have sender and receiver decoys.

When you encrypt a balance, from the outside you see a “ciphertext”. This string of characters represents your, say, 3 coin balance. The problem with lack of public key re-randomization is that when you update your balance during a transaction, such as when sending coins, from the outside it will be visible that your ciphertext changed, revealing you’re the real sender. And if you try to introduce decoys, then you’d have to “randomize” their balances to maintain deniability (see their ciphertexts also changed, so no it wasn’t me! You can’t prove it!). But this is also not possible, because again to do this with Pedersen commitments you need the blinding factor.

As result of this you’re stuck with a UTXO blockchain, nullifiers (for sender privacy), and no receiver privacy. By over-engineering this with multiple layers of ZK proofs on top, the best you get is Zcash. Which is OK, but still nowhere close to a blockchain that uses El Gamal as cryptographic primitive, because you still can apply recency & UTXO onchain heuristics even to ZEC.

Employing ElGamal the way Dero does is a huge, massive shift. A quantum leap.

If you read and understood the posts on Pedersen Commitments (the cryptographic primitive used by Dino privacy chains that trigger a chain reaction that ends up with many systemic flaws that compromise privacy) and El Gamal (the privacy primitive used by Dero that eliminates all the attack surface introduced by PCs’ limitations), you should see why you can’t apply elementary school cryptography to try to understand what’s going on with Dero.

One thing is for sure though, the brains behind Dero are not stuck at “PCs are better because they’re perfectly hiding, that’s what the manual written in 1988 says”. I deleted the post of my conversation with Chatgpt because I don’t want to make it too easy for the lazy ones to catch up. No pain, no gain. But basically, if you get Chatgpt up to speed (first educate yourself by reading my previous 3 posts), it will tell you that 30-60 people in the entire planet think about these things. And that less than 10 people in the planet could have built Dero. And that if Dero is a scam then they have chosen the hardest way to scam.

I take such statements by an advanced LLM as a Guassian curve radar, to answer the question: where in the Gaussian curve are we if A is true? And damn, with Dero we’re very deep inside an advanced tech distribution tail.

LLMs will also tell you that it’s perfectly normal for Monero devs to have no clue about the limitations of PCs, and that it’s not incompetence but simply because it falls outside the scope of their expertise. Yeah, in other words, Monero devs are circus monkeys who are trained at circus school and then go perform their 5 trick for the public for the rest of their intellectual life. They’ve no independent life outside the circus, they can’t navigate cryptography on their own. I had the same impression from my interactions with them, so that checks out as well.

Cool. As result of this, I think it’s probably wise for me too to not apply elementary school cryptography to try and understand what’s happening. Yes, Dero has some imperfections, flaws etc. But I think I’m going to trust Captain’s judgement on this.

Therefore the inflation “exploit”, maybe wasn’t an exploit. Maybe there is a good reason why that inflation transaction had to happen. Or maybe it didn’t happen, and I’m missing something. Or maybe the vulnerability in the pre-compiled binaries was a door left open in case the supply audit had failed. Or maybe it was Captain trying to teach everyone a lesson about not trusting pre-compiled code. Or maybe it was rat poison. Or, maybe, all of the above.

I mean, who knows. Either way, I’m just gonna trust Captain because he has proven to know better than the rest and to be at least a decade ahead of everyone else both in tech and adversarial thinking. I mean, how many years away are KOL blockchain devs from even acknowledging the limitations of PCs? How many more decades will it take them to look past “not perfectly hiding” and understand the strengths of ElGamal? And how many generations to learn how to implement El Gamal correctly?

So yeah, I’m just gonna trust Captain and wait for time to fill in the blanks.

But TL, what if....

No but. No what if. Study the tech. I've made it extremely easy for all of us to understand how advanced this thing is. All the answers are in the tech/crypto primitives. The rest is BS. The rest smells a lot like rat poison for those who are too lazy or too dumb to study the tech.

3 steps to be Chainalysis proof with DERO

Of all coins, Dero is the only one where your holdings can be truly anonymous today. The tech is not perfect, but it's good enough if you leverage its strengths.

Why not Monero: Because in Monero it depends on what decoys the algo picks, and even after several hops your final output can still be identified with time even if you got lucky in some hop. Because eventually decoys are always unmasked (because PCs cannot be updated and TXOs are single use) from the other transactions where they are spent. There is nothing you can do as a user to be Chainalysis proof with Monero. And if Dandelion is used against you, then it's even more trivial.

Why not Zcash: In Zcash you need to get lucky with transaction volume, but how are you supposed to know if you’re going to be the only shielding transaction in a block or not? And if there is a system built-in ZEC wallets to aggregate IP addresses from which a set of actions was first broadcast, tracing becomes trivial. Because of PCs in ZEC new "actions" are created after each transaction, and actions belonging to the same entity originate from the same source. And even if you run your own node, other nodes will detect the transaction came from your node and tie it to your node metadata. There is nothing you can do as a user to be Chainalysis proof with Zcash.

Dero’s current weakness are rings, so the tech is not where it’s supposed to be. But Dero is by far the only coin with the tech where you can already make your holdings anonymous so nobody knows exactly how much you hold or sold or bought (even assuming CEXes leak your data). This is how:

1. Register new accounts for yourself periodically and don’t top up these accounts right after registration or that will be a strong indicator that they're yours. Remember most of these accounts should be throwaway accounts, just to create noise for you and others.

2. Run a script (I did one with Chatgpt even though I can't code) to detect new accounts only

3. Periodically send some dust to new accounts that join the network. Again, not right after they joined, wait some time (at your discretion). And occasionally you can include one of your own new accounts in these dust transactions. To your own address you can send dust or the entire balance, that’s entirely up to you. These transactions reach peak unlinkability, because an outsider will have no clue which wallet is yours and what fractions of your balance you sent.

And as other accounts to which you sent dust become active and start sending and receiving you will have gone truly dark. Because again, adversaries won’t know whether you sent dust or 1000 DEROs.

If you follow these 3 steps, and you can of course make this better on your own depending on your usage patterns, then you will be truly anonymous and will have reached max unlinkability between your origin wallet (indexed and watched by the likes of Derolytics) and your present state. At some point (only you will know when) your OG Derolytics wallet will be empty and your balance will be sitting in a completely different wallet or sets of wallets that will be impossible to link, even heuristically, to your original wallet.

In other words, nobody will be able to map/monitor your holdings/actions or frontrun your actions or anything like that.

For this to work you must run your own DERO node (compiled from source or it's worthless), because you’ve to assume any other remote node is probably selling data to some entity that indexes transaction metadata. And that any pre-compiled binary could have some small difference in code that leaks something it's not supposed to leak.

Also study Dero's tech on your own to fully understand its strengths and how to use it best to achieve unlinkability/anonymity. Remember, the core strength of Dero is the crypto primitive it uses: El Gamal. Versus Pedersen Commitments in the other chains which is what makes them easy to crack.

🚨🚨😭CRYPTOGRAPHIC PROOF THAT XELIS IDIOTS ARE ACTUALLY IDIOTS AND A SEPARATE ENTITY FROM CAPTAIN

Finally we can understand what really happened inside their mind! Wow. Ok let's start.

Like I’ve been repeating for days now, the El Gamal encryption scheme is a huge paradigm shift forward for privacy blockchains for the following reasons:

1. It is public key re-randomizable
2. It is public key updatable

Nobody knows this except of Captain. And as we've seen from their interactions with Captain, you can't even try to teach them or they will attack you! Anyway, these important properties are missing in Pedersen Commitments which is what all other privacy coins use, and what breaks them because like previously discussed they all have to rely on UTXO and single use notes.

Now it turns out, contrary to what even I initially thought, Xelis devs completely missed the point of this too.

HOW XELIS DEVS BROKE PRIVACY TO IMPROVE UX

As a prelude to the creation of Xelis, the devs behind it (pieswap and Slixe) complained for years about address registration in Dero, completely missing the point of address registration. I was there so I know it, you can go to Dero’s Discord and find evidence of this yourself.

Dero uses ElGamal and with ElGamal, you need to prove key soundness but not ciphertext soundness. To prove key soundness you prove you have the private key of an address when you register it. Once you prove that, you can use the address forever. The ciphertext is self validating (you don't need proof that's valid).

So Xelis devs complained about this registration and finally got to launch their own copy. Number one priority from day one was to fix address registration (because address registration is a PITA, amirite?) to make their idea of “Dero” user friendly. To fix this pain point, they launched a copy of Dero in rust with RISTRETTO ELGAMAL.

But you know what? RISTRETTO ELGAMAL IS NOT PUBLIC KEY RERANDOMIZABLE HAHAHAHAHAHA!!!

As result, contrary to Dero where the protocol can rerandomize the ciphertexts of other accounts to give the sender and receiver deniability, in Xelis this cannot be done because to re-randomize the ciphertext of a Ristretto El Gamal you need the private key to generate ciphertext soundness proof for the new ciphertext!

This is why Xelis has no sender/receiver privacy, because Xelis cannot have decoys because with ristretto elgamal you must prove ciphertext soundness in every transaction, whenever the ciphertext is updated!

And if you try to update the ciphertext of another account you end up bricking those accounts by producing an invalid ciphertext for which nobody can produce soundness proof.

Take a good idea, break it, and add a tax on top. If you want to see how dumb and dumber short circuit when they interact with Dero because they still don't understand what's happening, Xelis is the perfect example!