Is additional entropy beyond 256 bits discarded or is there any added benefit? I know it would be minimal, but want to know the technicalities.
Not discarded. By BIP39, the seed must have an entropy in multiples of 32 so there is no limit to how many you have to use. After all, the mnemonic is passed through a KDF for the actual seed to be used so the length actually isn't limited. Your addresses only has 128 bits of security so people would probably look to compromise the individual addresses instead of seeds, they're much faster to generate. Also: the 24th word is a checksum. What would happen if I used a 24th word that was not a valid checksum? Would it not be possible or would addresses not have a valid private key etc...?
Nothing happens. You won't generate any invalid addresses. As said, it passes through the KDF so the checksum only serves to provide a check for typo. |
|
|
|
The only reason I can think of for somebody wanting to use a legacy address would be for message signing. There is no benefit to using this type of address. If you want an address that is compatible with services that don't support bech32 withdrawals you can just use a wrapped Segwit address.
There really isn't any reason. Unfortunately, Electrum never supported nested Segwit addresses. A workaround would be to generate a BIP39 seed and import it into Electrum. That introduces too many points of failure and I generally recommend against it. If you want compatibility and also Segwit benefits (to a smaller extent), then you should use another wallet instead of using the workaround. |
|
|
|
Even if someone found a more efficient way to secure the network same like with PoW, I don't understand why we'd want that. The system works fine this way and the miners become more and more efficient, if we see this situation morally.
Wouldn't this be a hard fork?
It is. I would argue that it becomes an altcoin. The foundation of Bitcoin has mostly been left unchanged and it probably should be, barring any vulnerabilities of some sort. The game theoretic model of PoW is basically as good as it gets; giving up resources for the security of the network. If you're finding another scheme that can secure the network in the same way, then the miners that we have today will be out of the equation. That is not going to sit well with them in the first place. Perhaps we should change PoW, if such a great scheme comes about but the fact that you're never going to get any significant consensus with so much conflict of interest makes it hard for us to agree to a change. I wouldn't bother, PoW is fine as it is. People needs to start attacking actual climate change contributors for it or just go and penalize miners with carbon tax. That's all. |
|
|
|
If I deposited $1000 into my ByBit account, it would say my wallet balance is $1000. If I exchanged $500 of the initial deposit to Ether and then sent the remaining $500 in Bitcoin to another wallet, would that cause the Wallet balance to still say $500? Because the Ether didn’t go through the Blockchain? Just thinking out loud.. maybe someone who knows this stuff could chime in, because that might explain the “difference”.
Yes. On your account, it might be $500, as you didn't wiithdraw the $500 in Ether. However, the funds in that deposit address can be 0 still. The deposit address doesn't belong to you; it is just an address that is associated with your account and any deposits would be credited to your ByBit account. Any exchanges within the site is reflected on the backend and in your account. The funds in that address does not matter to you as it is under their control and they can do whatever they want with it; consolidating it or sending it to another address. What is important is that your deposits are all credited correctly, the balance of your deposit address does not necessary matter as the balance on that is often different from your own account on that site. |
|
|
|
|
Check your transaction history on the site. Has everything been credited correctly?
The thing with most services is that anything done to the account may not necessarily reflect a transaction to or from your address. For example, if I choose to sell Bitcoins on an exchange, the funds in that address may not be moved immediately but it is regarded as sold on the exchange and that my account balance is now in fiat instead of Bitcoins. The balance on the address is not reflective of your current balance in your account.
|
|
|
|
That depends on the wallet... and the way it is deriving addresses... theoretically ( according to the registered coin types in SLIP0132), Bitcoin mainnet should be using the "coin" value of "0": m/44'/ 0'/0' m/49'/ 0'/0' m/84'/ 0'/0' whereas... Bitcoin testnet should be using "coin" value of "1": m/44'/ 1'/0' m/49'/ 1'/0' m/84'/ 1'/0' So, the account extended xpubs etc, should be different for each network... even when they are generated from the same seed. Thanks. I overlooked this. |
|
|
|
Why?
Generally forgetfulness, amnesia or just any other thing that can affect your memory, the list goes on. I definitely wouldn't take the risk and blame myself later on for forgetting a seed phrase. Just having a physical copy of it and keeping it safe would be fine for most. |
|
|
|
|
Side channel attacks shouldn't be your main concern, secp256k1 libraries has mitigations against most of that so you'll be mostly safe. Problem would be with malware or some $5 wrench attack.
Privacy concern would be that it would be obvious which testnet addresses and mainnet addresses belongs to each other, public keys would be the same. I wouldn't do so though, leads to unnecessary confusion as well and perhaps leads to unnecessary risks depending on what you're doing with your testnet. It's really not difficult to use two separate seeds and it's quite dangerous for people to be memorizing seeds.
|
|
|
|
Besides the fact that you'll have to re-index the block chain every time you create a new wallet, is there any other downsides of EPS? I personally find it very efficient if you don't want to require third-party servers.
Rescan, not reindex. EPS is okay for most uses as it just serves as a data source for Electrum clients, so there really isn't anything to criticize there. If you need your personal server which is easier to setup and has lower resource requirements, then this is it. Is there another software you would recommend? Just seen EPS talked about the most but open to other suggestions
ElectrumX is the most common implementation used by Electrum servers. |
|
|
|
|
Voluntarily locking your own coins with time as a parameter doesn't affect security in the slightest. It depends on how you generate and handle the keys for that.
If you want something to lock your coins for a long time, don't use nLockTime or any mechanism like that and pre-generate a transaction. It is not ideal for that as you cannot change anything in the transaction. Instead, use OP_CLTV and include it in a scripthash address. You'll be able to "unlock" and spend the funds after a specified period of time provided that you have the required key to unlock it.
|
|
|
|
|
Bitcoin is not a get rich quick scheme. You're treating it as a speculative asset and with that, most of them tends to experience loads of volatility, Bitcoin included. Elon Musk isn't the only reason why Bitcoin is crashing, China is as well.
Not saying that it's great that Bitcoin crashes but at least you're just eliminating those who don't see Bitcoin's utility in the long term. It is stupid to invest in something this risky if you can't afford to lose it.
|
|
|
|
So we have the witness script hash (P2WSH) and the witness public key hash (P2WPKH). This Bitcoin improvement proposal says that it will improve the security by increasing the size, from 160 bits to 256, because it'll be harder to find a collision. Isn't this a little ironic for the already existent address types? I'm trying to understand what's going on here, but it seems that I fail to.
If you increase the address size, then the transaction will also weight more, but it'll be more secure against a collision attack. But why did the developers change it to SHA256 since every other address type uses the HASH160? Making such announcement is like contending that HASH160 isn't strong enough, but it is. The fact that they did it exclusively for P2WSH seems weird to me.
Hash160 is secure by itself. P2SH is susceptible to collision (with birthday paradox) as the complexity is 2^80. This means that in the far future, it could be feasible for someone to be able to obtain a collision for a given script hash address. It is not that big of a deal. P2WSH is far more efficient and Taproot is coming out as well. I'm not sure whether there would be any plans to phase out P2SH but that is likely not the case. Question: Is there a P2WPKH corresponding to P2SH? Or if I didn't place it properly: An address type that is longer than P2SH, but starts with “3”?
Nope. |
|
|
|
Is there any reason why we use SHA256 instead of HASH160? Why does this change only in multi-sig and not traditionally on 1-of-1 P2WSH addresses? Using 160 bits instead of 256 would make the transaction weight less.
You mean P2WPKH? The rationale behind using SHA256 for P2WSH instead of HASH160 is stated here: The scriptPubKey occupies 34 bytes, as opposed to 23 bytes of BIP16 P2SH. The increased size improves security against possible collision attacks, as 2^80 work is not infeasible anymore (By the end of 2015, 284 hashes have been calculated in Bitcoin mining since the creation of Bitcoin). The spending script is same as the one for an equivalent BIP16 P2SH output but is moved to witness.
Also, why does that happen only on P2WSH and not on P2SH? My multi-sig nested segwit addresses aren't longer than those that aren't multi-sig:
Nested Segwit (Multisig or not) is P2SH, not P2WSH. The standard is defined before we've decided on this and is different, there is no need to change that. There is no need for us to introduce a longer Segwit address for P2WPKH as well. But what is the exact order of the public keys? Since we're hashing a message, then the public keys must be given on the same order. For example, in electrum when it asks me to enter my cosigners' keys, do I have to enter them in the same order when we made the wallet or has it a way to then sort it out in ascending order no matter the way I entered them?
You need to do so in the exact order. As you've said, the script is hashed and changing the order also changes the hash. That is why we rely on the redeem script. |
|
|
|
#1 use the RPC functionality to broadcast the transaction with command: sendrawtransaction
In your terminal, type in this: bitcoin-cli getrawtransaction TXID
After that, copy the string and type in this: bitcoin-cli sendrawtransaction PASTEHERE
Replacing each of them accordingly of course. #2 use a script like this: https://github.com/laanwj/bitcoin-submittx which seems to have been purposely designed for working with [/b]"walletbroadcast=0" configs. [/b] Can someone please give me a step by step instruction on how to broadcast transactions trough those methods above when walletbroadcast= is set to 0, or what is the best practice in this case, maybe its just easier to change walletbroadcast= to 1 every time i want to send transaction, then to change back to 0? since changing it to 1 i still somehow connect to onion nodes. The tool basically just pushes the TX to the peers that it sees, usage is included in the readme. Just using walletbroadcast=1 should be fine. I don't think there is any privacy repercussions. Please avoid creating so many threads for the same issue. You can just continue from your first. |
|
|
|
When I think about it, I think it's unnecessary in his case since he's running Bitcoin Core through Tor (another info not included in his other post).
Even if he's using the wallet, if I understand the new PRs correctly, rebroadcast is now handled in his node's mempool in a manner that his wallet transactions aren't the only txns that'll be rebroadcast.
Yeah. 0.21.0 EPS was modified to broadcast the transaction directly to the peers within Tor and I remember that this was implemented quite a long time ago. I'm not sure what are the justifications, if any that would still hold water. If the user is running Core on Tor, then using the EPS would achieve the same privacy with running Core on Tor alone. Since its dependent on Core anyways. |
|
|
|
Since only the mining farms know how much of the time they keep their ASICs on or how long they will use them for, we currently can't really estimate their total energy usage for sure other than for the inefficient (and probably nonsensical) worst case of leaving them always on, and it's still unlikely this'll be possible if what I call "green" ASICs are ever deployed, but the energy decline should be noticeable in say 10 years when most of the old miners are phased out.
I'm sure mining farms cannot afford to leave any working ASICs undeployed. CBECI's estimation is as good as an educated guess and that is all we can work with. There are far too many factors that can (and will) affect the electrical usage of Bitcoin. Any noticeable decrease in energy consumption of Bitcoin is NOT enough; environmentalist are not happy with high perceived electrical usage in the first place. There is no reason why they would be content with say 30% decrease in electrical usage. When it gets to something that they're content with, Bitcoin isn't secure any more. Arguably, constantly phasing out and replacing ASICs will have significant environmental impact as well. It is not a one-dimension issue as media perceives it to be. Economic-wise, the electrical consumption will probably not change and remain at a certain equilibrium. |
|
|
|
Bitcoin Core offers a way for users to interact with it using their hardware wallets: https://github.com/bitcoin-core/HWI. You need to rescan if you're querying any addresses unless you specify otherwise. Blockexplorers and other sites allows you to do so instantaneously as they parse the blockchain for the addresses and index them. Bitcoin Core does not index by addresses. |
|
|
|
You need to disable that option as suggested by the tutorial since you're using Tor.
I think the rationale behind that is to improve on the privacy of the node. The initial consideration appears to be preventing the wallet from automatically rebroadcast transactions. Since the privacy and the rebroadcast logic has been worked on and improved in the recent versions, would this still be necessary? |
|
|
|
|
When it becomes feasible and an attractive substitute for fiat or any other payment methods. Unfortunately, Bitcoin as its current form doesn't justify the replacement or even a substitute for most brick and mortar stores (perhaps LN can be but most merchants actually prefer on-chain TXes). The adoption for digital services is there, mostly due to the fact that Bitcoin TXes are harder to reverse than MasterCard, Visa, PayPal, etc. The waiting time for a confirmation is also not much of a concern.
Unfortunately, the nature of cryptos makes the value quite volatile. If it somehow stabilizes some time in the future, then more people would consider exploring it as a currency rather than a speculative investment.
|
|
|
|
It dumbfolds me why the entire media (and alarmingly some people here) are so focused on changing Bitcoin's algorithm when the real problem is reducing the power consumption of mining hardware and mining farms.
If somehow Bitmain manage to make the Antminer S19 pull 10% less watts power, suddenly we are looking at a massive decrease in energy usage.
And it would be good for the mining operators too, because they'd pay less for electricity!
Or an increase. Miners always attempts to maximize their profits and introducing a more efficient ASIC would result in the sustained electrical consumption for that difficulty epoch (and steady increasing as the newer ASICs are deployed). ASICs are usually never retired until the revenue = cost, among other factors but a more efficient ASIC would likely not result in any significant decrease in energy usage. |
|
|
|
|
Show Posts
