🚨Some Kaspatards are trying to get my voice censored from Zcash. For anyone wondering, let me explain. I’m simply the guy who found first that there is not a single Kaspa full node out there.

Somehow they turned me into Kaspa's public enemy #1 over this finding. I actually did them a favor. Thanks to my work, I gave Kaspa a real shot at flipping Bitcoin. Yes, BTC. I basically took their founder's Don’t trust, terrify! mantra to the highest ranks of cypherpunks. If only Yoni had Shai’s balls to fight for his ideas, maybe Kaspa would have had a chance at flipping Bitcoin one day. But no, Yoni flip-flopped. And Shai's balls whithered as soon as he saw Yoni couldn't articulate any convincing argument in front of the big guys.

So to us in private Yoni said we were all dumb to fall for the full node cult, and then when we took him to debate Nick Szabo (figuratively speaking) he starting mumbling.

And I am the bad guy?

Instead the cult should be wondering: does Yoni believe in what he says, or did he say it just to prey on unsophisticated retail? One would think that IF Yoni wasn’t throwing brain farts at unsophisticated retail crypto users, then Yoni would have dreamt of the opportunity to debate legendary cypherpunks about his Don't trust, terrify.

So shame on you, ungrateful bunch. Let's not forget that I also wrote the first viral article on Kaspa when it was only $1M mcap. And even then you were ungrateful.

Cheers and remember: sell Kaspa, #buyZEC

Hear, hear. Remember that little project Sir trading I told you about 2 months ago? I got a lot of doubters in private calling me an idiot for shilling a project with only 12 holders (66 now!).

-Too good to be true, TL.
-What's the catch?
-Collapse imminent, TL.
-It will get hacked, TL.
-I want to see more TVL before I pull the trigger, TL.

Guess what? Nobody holding longs on SIR got liquidated on Oct 10. Because on SIR, you don’t get liquidated. Simply, the share of the tokens you own in the leverage pool increases or decreases. It decreases when price goes down (if you are long), and goes back up when price bounces back.

Did I tell you I’ve known the dev for a long time and he is a solid guy and a genius? Well, now you know. You will find many other defi OGs are all over it, if you do some digging.

So I just wanted to check in to say: two months later SIR is still here. Dev still building. TVL piling up, some huge meme coins have deployed leveraged tokens here (like PNKSTR). They also just deployed on Hyper this week (Proof)

If you aren’t in yet this might be a good time to start playing with it.

Sir is good defi. It's a new primitive, and it works as intended. And that's huge.

It will moon. (NFA!)

Start playing with it before the Eth foundation deploys an Eth vault there for longing/shorting Eth with leverage permissionlessly.

Azylem dropped this huge turd in the Dero Discord.

Put aside the condescending tone and read what Azylem says. Azylem argues that the sender probably isn’t the sender the payload points at because Captain could be using a "different client".

Unfortunately, that changes nothing. And for the record, I thought of that: what if the real sender handpicked decoys and somehow manipulated information in the transaction payload to make it look like the sender was another address?

Even if that is the case, then the real sender would still have to be one of the other 15 addresses. And the thing is that NONE of the addresses in that transaction could be spending 2.2M coins. So even if the payload lies, any other address would still be doing an inflation exploit. Because all other members are spam accounts.

So the verdict is the same: Dero is a scam, and Captain is a scammer.

He exploited Dero, and the proof is onchain. Forever. For anyone to verify.

🚨FOR DERO HOLDERS: WHY THE DERO BULL THESIS IS BACK 🚨

1. There is no bug in the Dero code today, I told you 1 month ago and Mmarcel has just confirmed this (check community Discord)

2. I will say again that the bug was in the pre-compiled binaries and was removed the moment Dero became reproducible (few days after the exploit). Maybe one day an advanced coder will be able to prove this too.

3. The inflation exploit is real, but it was internal and reversible. Captain did create 2.2M coins, but Captain also didn’t touch the premine.

4. How to reverse it: Captain has to burn 2.2M coins of those he still controls and everything will be back to where it’s supposed to be. Like the exploit never happened. Poof.

THE MOST IMPORTANT PART

Why did this happen? Both the wallet bug and the 2.2 inflation transaction were planted and supposed to come out for re-accumulating the distributed coins from the 2021 bull.

The way everything came out, from the very top, means this was planned ahead a long time ago. Let’s face it, we the community would have never found out on our own. We know because they wanted us to know. And why would they want us to know if not to buy our coins back for cheap?

So no, this was NOT done for marketing to boast about Captain not having moved coins. Because if so then we wouldn’t know about the malformed transaction today. Derolytics’ disclosure would have stopped short of reporting it. They would have only told us that Captain still controls 3M coins.

The only logical explanation, and I have thought about this for a really long time, is that this was done to FUD, to shake out as many people as possible.

Another important cue is that a lot of those 2.2M coins are still sitting unspent (as of the time of the deanonymization). In a true inflation exploit they would have all been dumped in 2023 when Dero pumped to $150M mcap. Go through the addresses in the derolytics explorer and calculate amount spent-amount received for the addresses where the 2.2M coins flowed. In many the balance is still positive, sometimes even by several hundreds of thousands.

Last but not least, I’d have never been able to connect the dots without the stuff about compilers Azylem taught me. He taught me a lot of stuff before Chatgpt came around, so I’ll always be grateful. Credit where credit is due. But that doesn’t mean I won’t call him out when I see fit.

That said, the fact that they went to such great, great lengths to re-accumulate Dero speaks volumes. I mean, what are they doing here? Why do they want these coins so much? Because Dero has the best privacy tech and everything else is 10 years behind.

That’s why they did all this.

Now we have really come full circle.

🚨IS CAPTAIN A SCAMMER, OR ANOTHER SNOWDEN?🚨

Let's go back to October 2022. Dero’s network consisted of 2 types of nodes: nodes of users who had compiled from source themselves, these nodes didn’t have the bug. Then there were the nodes of users who had simply downloaded the pre-compiled binaries, these nodes had the bug and would accept the inflation exploit transaction.

Considering how things went, it’s clear that most nodes (in October 2022) were running on pre-compiled binaries. This is because most nodes accepted the exploit transaction, and those who did not stuck out like sore thumbs and were told to “POP” by a few blocks because there is a “node bug”. And they did it without asking any questions.

What if the majority of nodes had compiled from source? If the majority of nodes had compiled from source then Captain’s exploit transaction wouldn’t have passed through, it would have simply been rejected by the network except for the minority of nodes running on precompiled binaries which would have ended on a forked chain.

Lesson here? Always compile from source yourself, do not use pre-compiled binaries. Do not trust. Especially when dealing with a privacy coin where a pre-compiled binary can have a bug that enables an inflation exploit. If you run a node on pre-compiled binaries then you’re no longer contributing to decentralization. Your node is not only worthless, but a potential attack vector.

Who the fuck is Captain? Is he deep state, or is he a Jason Bourne that has turned on the deep state? Was the bug an exploit, or was it Captain trying to show us how much damage a cultivated habit, such as "blindly trust precompiled binaries", can potentially do if used against Dero one day?

Only time will tell. In the meantime, learn your lesson. Compile from source.

Or your "I'm running my own node", means shit.

Why do they want to keep up the bug denial narrative at all cost? My answer at the bottom of the post.

I just checked the latest ZeroPoint episode covering, among others, "the bug that doesn't exist". This guy Marcel apparently has been investigating the bug for months, and he is the first one after me to have said that there is no bug in the public source code. Which I concluded through simple logic without even looking at the public code, simply because Dero wasn't reproducible at the time so the bug doesn't have to be in the source code.

Marcel, if you're reading this, is the source code the first place to go looking for the bug with everything that we know? Any proper investigator would have found that Captain published reproducible binaries 10 days after the bug exploit. So as an honest investigator, your first suspicion should be that the bug was in the precompiled binaries.

STEP 1: Recover the pre-compiled binaries, inspect them for differences with the source code. Or decompile them (if that's an option)
STEP 2: If you can't retrieve the original pre-compiled binaries, then simply take the flagged transaction proofs and run them against the current proofs. Do they pass? But you have never done this test. And why not, if I may ask?

Anyway, let me break it to you: No, the flagged transaction proofs will not pass verification with the current proofs or with ANY proofs in the public source code.

I think these guys want to do a fugazi pump by keeping up the bug denial narrative, so they suck in some new retail. And then Marcel will drop the bomb, finally, that the bug was real (just like techleaks said 5 months ago). So then they will buy back for cheap what they can from that retail that got sucked in. And then later everything will proceed as if nothing happened, with the implied understanding that this bug is inconsequential because Captain didn't spend the premine.

I can't think of any other reason why they are fighting so hard to keep the bug denial narrative when the bug is there, undeniably. And, by the way, the transaction amount is not part of the payload. So it cannot be manipulated by manipulating the payload.

Also will there ever be an Atlantis burn, or is Captain left the burn everyone's been waiting for? Time will tell.

Any Dero pump that doesn’t follow as result of increased awareness of the unfixable inherent weaknesses of single use outputs and Pedersen Commitments is a Fugazi pump. Fade/ignore it because it will retrace 100%. Any pump that doesn’t follow from increased understanding of the fact that Pedersen Commitments are a fundamental & unfixable weakness because they are single use and require UTXO, and that homomorphic encryption/El Gamal cyphertexts are the way forward, is a Fugazi pump. Fade/ignore it.

Any privacy blockchain relying on Pedersen Commitments is updated through new outputs after every transaction. New outputs, and the fact that they are single use and require UTXO, leak patterns that make transactions traceable. With homomorphic encryption and El Gamal cypher texts, account balances are updated in encrypted state and the recency heuristic is killed. Rings in homomorphic encryption blockchains are an attempt to keep the recency heuristic alive, but it is still much weaker.

Anyway, for as long as not everyone around you who considers himself/herself a privacy expert doesn’t openly say and/or cannot explain/understand this, nothing has changed. We’re in suppression. The deep state has won. The honeypot paradigm still rules. Surveillance thrives. The manipulation will continue. The stalling too.

If you want the surveillance nightmare to end, you need to start educating everyone around you about the fact that single use outputs/PCs are old tech. And no privacy chain that relies on Pedersen Commitments/single use outputs will ever be private.

Don't wait for gov controlled ETFs issuers like VanEck or KOLs in 3 letter agency payroll to explain this to the masses. You, the little guy, have to understand this. And then explain it through word of mouth to a friend. And your friend to another friend. Until the world wakes up.

Good luck to all the little warriors out there.

The difference between Dero and the dinosaurs boils down to Pedersen Commitments vs El Gamal

I published an article on Substack today explaining why El Gamal is the quantum leap forward for privacy coins. I recommend everyone who cares about privacy tech to read it. That said, there are 2 big issues with Pedersen Commitments that lead to all the privacy flaws we see in Monero and other privacy chains that use them:

ISSUE 1

Pedersen commitments, while homomorphic mathematically speaking, are NOT updatable from the outside from the public key alone. If I want to send some coins to your stealth address, the protocol cannot update the balance of that address without having the blinding factor of the commitment tied to that specific address. Since blinding factors aren’t public, then homomorphic updates are not possible in a blockchain using PCs.

El Gamal, contrary to PCs, has this super feature. I can update the El Gamal commitments of any account without knowing their blinding factor. It can be done just by knowing the public key, and anyone can verify that the update is conform to the protocol.

ISSUE 2

Pedersen commitments are not public key re-randomizable. This boils down to the fact that even if I were to update my own output, since I could know its blinding factor, I wouldn’t be able to have sender privacy. This because anyone looking at the transaction from outside would see that among the input ring members of my transaction, only my cyphertext changed while the rest remained the same. Because I’m not able to re-randomize the cypher texts of other decoys.

El Gamal has this super feature too. When I spend Dero, the El Gamal cipher texts of all decoy ring members are re-randomized by adding 0 in encrypted form. Since all cypher texts change it’s impossible to tell which one was updated by a non zero amount and which one was just re-randomized.

Because of these 2 issues, any privacy blockchain relying on Pedersen Commitments to hide balances is forced to rely on UTXO and single use outputs/addresses. Single use addresses means that every time you want to spend some coins from an address, you have to empty it completely and generate a new address for the receiver and a new address for your remaining coins.

These two forced design choices as result of PC limitations leak patterns that bypass encryption to reveal the flow of funds.

The single-use aspect enables the recency heuristic and allows the filtering out of decoys (black marble attack). Since outputs are always emptied completely when spent, if we know they were the real spender in a transaction we rule them out as decoys in all other rings where they appear as members.

The UTXO model has no receiver privacy (no decoys) and also enables the co-spend analysis heuristic.

El Gamal commitments, being public key re-randomizable and updatable from the public key alone, eliminate these attack vectors completely because a privacy blockchain using El Gamal doesn't have to opt for UTXO and doesn't have to opt for single use outputs.

This is why El Gamal commitments are the big quantum leap in privacy chains.

This is very deep alpha. Make sure you read and understand it.

The implications of this are huge, and apparently this is a very advanced topic in academic circles.

If you google online the differences Pedersen Commitments and ElGamal, most results are about how PCs are perfectly hiding and therefore superior. Apparently this is the standard toilet paper degree in cryptography take.

In reality, if you dig deeper, much deeper, you find out about public key re-randomization and public key updateability, the big weaknesses of PCs that in a blockchain system make them an extremely weak choice. So let’s see why any blockchain that uses PCs is forced, and cannot choose anything else, UTXO and single use outputs.

Reason 1: PCs cannot be updated from the public key alone, without having the blinding factor (ElGamal can be updated just from public key)

Again, PC commitments can be updated by their owner who has their blinding factor. So in elementary school they teach you “PCs are homomorphic”. But in a blockchain, we use a trustless protocol to update the balances of users who send/receive money. So for a homomorphic blockchain we need a commitment or encryption scheme where we can update values without having the blinding factor.

PCs don’t have this property. They simply cannot be updated at the protocol level just from their public key without revealing the blinding factor, which would deanonymize the chain completely. As result, for this property alone, we cannot have a blockchain updated homomorphically with Pedersen Commitments.

The only option is to destroy them (empty completely with a receipt to prevent double spends) at every transaction, and create new commitments for the new outputs. This is why single use outputs and UTXO are not a choice, but the only option for Pedersen Commitment chains.

Reason 2: PCs are not public key re-randomizable (ElGamal is pk re-randomizable)

Another reason why homomorphically updating PCs wouldn’t work is that they’re not re-randomizable from their public key. So you could not have sender and receiver decoys.

When you encrypt a balance, from the outside you see a “ciphertext”. This string of characters represents your, say, 3 coin balance. The problem with lack of public key re-randomization is that when you update your balance during a transaction, such as when sending coins, from the outside it will be visible that your ciphertext changed, revealing you’re the real sender. And if you try to introduce decoys, then you’d have to “randomize” their balances to maintain deniability (see their ciphertexts also changed, so no it wasn’t me! You can’t prove it!). But this is also not possible, because again to do this with Pedersen commitments you need the blinding factor.

As result of this you’re stuck with a UTXO blockchain, nullifiers (for sender privacy), and no receiver privacy. By over-engineering this with multiple layers of ZK proofs on top, the best you get is Zcash. Which is OK, but still nowhere close to a blockchain that uses El Gamal as cryptographic primitive, because you still can apply recency & UTXO onchain heuristics even to ZEC.

Employing ElGamal the way Dero does is a huge, massive shift. A quantum leap.

If you read and understood the posts on Pedersen Commitments (the cryptographic primitive used by Dino privacy chains that trigger a chain reaction that ends up with many systemic flaws that compromise privacy) and El Gamal (the privacy primitive used by Dero that eliminates all the attack surface introduced by PCs’ limitations), you should see why you can’t apply elementary school cryptography to try to understand what’s going on with Dero.

One thing is for sure though, the brains behind Dero are not stuck at “PCs are better because they’re perfectly hiding, that’s what the manual written in 1988 says”. I deleted the post of my conversation with Chatgpt because I don’t want to make it too easy for the lazy ones to catch up. No pain, no gain. But basically, if you get Chatgpt up to speed (first educate yourself by reading my previous 3 posts), it will tell you that 30-60 people in the entire planet think about these things. And that less than 10 people in the planet could have built Dero. And that if Dero is a scam then they have chosen the hardest way to scam.

I take such statements by an advanced LLM as a Guassian curve radar, to answer the question: where in the Gaussian curve are we if A is true? And damn, with Dero we’re very deep inside an advanced tech distribution tail.

LLMs will also tell you that it’s perfectly normal for Monero devs to have no clue about the limitations of PCs, and that it’s not incompetence but simply because it falls outside the scope of their expertise. Yeah, in other words, Monero devs are circus monkeys who are trained at circus school and then go perform their 5 trick for the public for the rest of their intellectual life. They’ve no independent life outside the circus, they can’t navigate cryptography on their own. I had the same impression from my interactions with them, so that checks out as well.

Cool. As result of this, I think it’s probably wise for me too to not apply elementary school cryptography to try and understand what’s happening. Yes, Dero has some imperfections, flaws etc. But I think I’m going to trust Captain’s judgement on this.

Therefore the inflation “exploit”, maybe wasn’t an exploit. Maybe there is a good reason why that inflation transaction had to happen. Or maybe it didn’t happen, and I’m missing something. Or maybe the vulnerability in the pre-compiled binaries was a door left open in case the supply audit had failed. Or maybe it was Captain trying to teach everyone a lesson about not trusting pre-compiled code. Or maybe it was rat poison. Or, maybe, all of the above.

I mean, who knows. Either way, I’m just gonna trust Captain because he has proven to know better than the rest and to be at least a decade ahead of everyone else both in tech and adversarial thinking. I mean, how many years away are KOL blockchain devs from even acknowledging the limitations of PCs? How many more decades will it take them to look past “not perfectly hiding” and understand the strengths of ElGamal? And how many generations to learn how to implement El Gamal correctly?

So yeah, I’m just gonna trust Captain and wait for time to fill in the blanks.

But TL, what if....

No but. No what if. Study the tech. I've made it extremely easy for all of us to understand how advanced this thing is. All the answers are in the tech/crypto primitives. The rest is BS. The rest smells a lot like rat poison for those who are too lazy or too dumb to study the tech.

3 steps to be Chainalysis proof with DERO

Of all coins, Dero is the only one where your holdings can be truly anonymous today. The tech is not perfect, but it's good enough if you leverage its strengths.

Why not Monero: Because in Monero it depends on what decoys the algo picks, and even after several hops your final output can still be identified with time even if you got lucky in some hop. Because eventually decoys are always unmasked (because PCs cannot be updated and TXOs are single use) from the other transactions where they are spent. There is nothing you can do as a user to be Chainalysis proof with Monero. And if Dandelion is used against you, then it's even more trivial.

Why not Zcash: In Zcash you need to get lucky with transaction volume, but how are you supposed to know if you’re going to be the only shielding transaction in a block or not? And if there is a system built-in ZEC wallets to aggregate IP addresses from which a set of actions was first broadcast, tracing becomes trivial. Because of PCs in ZEC new "actions" are created after each transaction, and actions belonging to the same entity originate from the same source. And even if you run your own node, other nodes will detect the transaction came from your node and tie it to your node metadata. There is nothing you can do as a user to be Chainalysis proof with Zcash.

Dero’s current weakness are rings, so the tech is not where it’s supposed to be. But Dero is by far the only coin with the tech where you can already make your holdings anonymous so nobody knows exactly how much you hold or sold or bought (even assuming CEXes leak your data). This is how:

1. Register new accounts for yourself periodically and don’t top up these accounts right after registration or that will be a strong indicator that they're yours. Remember most of these accounts should be throwaway accounts, just to create noise for you and others.

2. Run a script (I did one with Chatgpt even though I can't code) to detect new accounts only

3. Periodically send some dust to new accounts that join the network. Again, not right after they joined, wait some time (at your discretion). And occasionally you can include one of your own new accounts in these dust transactions. To your own address you can send dust or the entire balance, that’s entirely up to you. These transactions reach peak unlinkability, because an outsider will have no clue which wallet is yours and what fractions of your balance you sent.

And as other accounts to which you sent dust become active and start sending and receiving you will have gone truly dark. Because again, adversaries won’t know whether you sent dust or 1000 DEROs.

If you follow these 3 steps, and you can of course make this better on your own depending on your usage patterns, then you will be truly anonymous and will have reached max unlinkability between your origin wallet (indexed and watched by the likes of Derolytics) and your present state. At some point (only you will know when) your OG Derolytics wallet will be empty and your balance will be sitting in a completely different wallet or sets of wallets that will be impossible to link, even heuristically, to your original wallet.

In other words, nobody will be able to map/monitor your holdings/actions or frontrun your actions or anything like that.

For this to work you must run your own DERO node (compiled from source or it's worthless), because you’ve to assume any other remote node is probably selling data to some entity that indexes transaction metadata. And that any pre-compiled binary could have some small difference in code that leaks something it's not supposed to leak.

Also study Dero's tech on your own to fully understand its strengths and how to use it best to achieve unlinkability/anonymity. Remember, the core strength of Dero is the crypto primitive it uses: El Gamal. Versus Pedersen Commitments in the other chains which is what makes them easy to crack.

🚨🚨😭CRYPTOGRAPHIC PROOF THAT XELIS IDIOTS ARE ACTUALLY IDIOTS AND A SEPARATE ENTITY FROM CAPTAIN

Finally we can understand what really happened inside their mind! Wow. Ok let's start.

Like I’ve been repeating for days now, the El Gamal encryption scheme is a huge paradigm shift forward for privacy blockchains for the following reasons:

1. It is public key re-randomizable
2. It is public key updatable

Nobody knows this except of Captain. And as we've seen from their interactions with Captain, you can't even try to teach them or they will attack you! Anyway, these important properties are missing in Pedersen Commitments which is what all other privacy coins use, and what breaks them because like previously discussed they all have to rely on UTXO and single use notes.

Now it turns out, contrary to what even I initially thought, Xelis devs completely missed the point of this too.

HOW XELIS DEVS BROKE PRIVACY TO IMPROVE UX

As a prelude to the creation of Xelis, the devs behind it (pieswap and Slixe) complained for years about address registration in Dero, completely missing the point of address registration. I was there so I know it, you can go to Dero’s Discord and find evidence of this yourself.

Dero uses ElGamal and with ElGamal, you need to prove key soundness but not ciphertext soundness. To prove key soundness you prove you have the private key of an address when you register it. Once you prove that, you can use the address forever. The ciphertext is self validating (you don't need proof that's valid).

So Xelis devs complained about this registration and finally got to launch their own copy. Number one priority from day one was to fix address registration (because address registration is a PITA, amirite?) to make their idea of “Dero” user friendly. To fix this pain point, they launched a copy of Dero in rust with RISTRETTO ELGAMAL.

But you know what? RISTRETTO ELGAMAL IS NOT PUBLIC KEY RERANDOMIZABLE HAHAHAHAHAHA!!!

As result, contrary to Dero where the protocol can rerandomize the ciphertexts of other accounts to give the sender and receiver deniability, in Xelis this cannot be done because to re-randomize the ciphertext of a Ristretto El Gamal you need the private key to generate ciphertext soundness proof for the new ciphertext!

This is why Xelis has no sender/receiver privacy, because Xelis cannot have decoys because with ristretto elgamal you must prove ciphertext soundness in every transaction, whenever the ciphertext is updated!

And if you try to update the ciphertext of another account you end up bricking those accounts by producing an invalid ciphertext for which nobody can produce soundness proof.

Take a good idea, break it, and add a tax on top. If you want to see how dumb and dumber short circuit when they interact with Dero because they still don't understand what's happening, Xelis is the perfect example!

Here is another brainlet dev from the car wash school of cryptography, completely out of depth but trying to act like he knows why Dero didn't opt for twisted ElGamal. Or even worse, trying to make it look like not opting for it was a bad idea. "Goldman Sachs paper, eh?"

Who needs pk rerandomization, amirite? Oh wait, he doesn't even know what that is!

Here is an interesting 2021 paper on pk rerandomizability that covers also El Gamal. Here is another one from 2023 that discusses this topic. Since some friends are telling me they can't find anything on this topic using google, I'm sharing these as a reference. Also have a look in case your favorite KOL dev (probably an idiot who should be flipping burgers at Burger King, not critiquing privacy tech) is telling you what I'm saying is "AI hallucination".

By the way, LLMs say it's normal for most blockchain devs to have no clue about these topics. They say it's not incompetence.

As a user I disagree.

99.999% of blockchain devs are adventurers, they're so out of depth that they don't even know they're out of depth. I think they should be purged and declared grifters/surveillance scammers/useful idiots.

Bring back Satoshi! I mean Captain.

Please and thank you.

Now that everyone is familiar with the power of ElGamal ciphertexts, it's time to re-evaluate the evidence for the inflation bug exploit. I've written an in-depth article to make sure this whole story remains googleable in the future, whichever way it ends.

Article: How the Dero community independently and cryptographically proved an inflation bug exploit in Dero just by querying the blockchain with a Chatgpt script

Here is the gist of it: Once you understand ElGamal, we can finally prove that both flagged addresses had the same ciphertext at the exploit transaction as in the registration transaction, and that that ciphertext was an encryption of 0.

This because for ciphertexts to be re-randomized they must be included in some transaction first, but those addresses were never included in any transactions between the exploit transaction and the registration. Therefore they had the same ciphertext as in the registration transaction, which is an encryption of 0. This proves they entered the exploit transaction with 0 balance and therefore couldn't be spending anything and inflation exploit took place.

Justin Ehrenhrofer filed a patent to trace Monero and similar cryptocurrencies in 2023. The patent was published in December 2024. The patent boils down to this: compile sets of related outputs > check the provided target TXOs against known sets to find affiliations or transactions downstream where they were spent > create report.

In reality, any privacy coin using PCs as cryptographic primitive, and rings is easily traceable bc of patterns leaked onchain. The reason is bc PCs force you to use UTXO w/ single use outputs (notes) that are nullified with receipts (key images, nullifiers).

I explained this process in 2 articles in September-November 2024, one month before the patent application was published, and I was much more specific than Justin’s patent filing which doesn’t explain how they group related TXOs. I explained how we can compile SUS sets for outputs related to the same entity & find their KIs when they form clusters. And how that's used to create sets of burnt TXOs to expose real spends.

Is Neptune Cash a gem? NPT uses Poseidon as cryptographic primitive bc more quantum resistant (but not quantum resistant).

Poseidon commitments, like Pedersen Commitments, force the UTXO accounting model & single use outputs.

Privacy wise Neptune is in the same league as UTXO chains where QC isn’t even required to break privacy bc bypassable, like in XMR & ARRR, by exploiting patterns leaked onchain by the UTXO accounting model & by using transport layer heuristics.

Any privacy coin built on single use outputs leaks behavioral metadata through transaction structure, regardless of cryptographic soundness. Only coins w/ updatable encrypted state (e.g., Dero & only Dero today) eliminate this issue.

When you build a TX in NPT you create new additions (outputs) and removal records (inputs) for the commitments you are spending. The # of additions & removal records exposes the utxo structure being broadcast from a specific wallet/user. NPT also uses TCP for its p2p communication protocol.

Pass.

Tic toc Christmas alpha time.

I don’t know what coin you hold, but I do know that 99% of the crypto people out there hold old, obsolete tech that is either a fork of BTC, Eth or Cryptonote, and are waiting for a 10x pump to break even. You were late to the party and that’s why you were left behind holding a bag for years praying for a pump to break even.

The next frontier for digital cash DLT tech is privacy, and privacy will be fought on tech and tech alone. If you want to be early in privacy you must study the difference between Pedersen Commitments (old tech everyone has been using to hide amounts) and El Gamal (the future tech nobody uses). Just like those who had mastered blockchains & smart contracts in 2010-2014 got in BTC and ETH early, those who master/understand these primitives well will become the crypto royalty of the next 10-20 years.

But aspiring cypherpunk princesses and princes today are running out of time.

So let me help you save time, one more time.

Pedersen Commitments have 2 huge weaknesses that the big guys (those that have been in crypto since 2010) don’t want you to know about (yet). In their defense, they could have received gag orders from 3 letter agencies to STFU & are not at liberty to speak about this (because how else do you explain that there are NO public posts on this topic by any reputable devs?!):

1. PCs, contrary to El Gamal, are not public key updatable
2. PCs, contrary to El Gamal, are not public key re-randomizable

This means any privacy chain that uses Pedersen Commitments will always have to opt for UTXO, which means wallet balances will be split among many single-use notes created in incoming transactions. For this reason they will always be traceable because to spend your money you will have to combine different notes forming a UTXO transaction type which when triangulated with your behavioral metadata exposes all your onchain transaction history.

That’s why the deep state loves Pedersen Commitments, because anything using them is fragile and can be traced in one way or another. Monero uses PCs to hide balances. Zcash uses PCs to hide balances. Aztec uses PCs to hide balances. MimbleWimble uses PCs to hide balances. ARRR uses PCs to hide balances. Same for Zano, Aleo and any privacy coin you can think of.

El Gamal closes this attack surface completely. When you think of ElGamal you probably think of Dero, but Dero had an inflation exploit as documented here, which is why I sold most of it. Yet not all of it because Dero and only Dero implements ElGamal correctly today. So I’m confused.

But I’m sure about ElGamal vs PCs. Study the tech, and be ready for what’s coming. Once word spreads about this we will see a whole new generation of coins built on ElGamal and only those who know the tech will be able to capture the upside.

Study the tech, and make up your own mind. But study the tech. That's the alpha.

Merry Christmas, fellow plebs!