This can also happen, if a robber knows that you have cash/jewlery/gold .... in your house. Or he demands that you withdraw cash from your bank and they're safe. ...which is why we have insurance that covers these situations. I don't understand the hostility towards this idea. It really would have been nice if mtgox had been insured to cover their liabilities, as well as several other bitcoin deposit institutions, a lot of people would be better off. It's great that we can keep private keys ourselves, but the existence of insurance for deposit institutions is not mutually exclusive with that. We have to interact with exchanges and similar sites once in awhile, it would be nice if we had some protection for when they fail. |
|
|
|
http://www.bloomberg.com/news/2014-02-28/gold-fix-study-shows-signs-of-decade-of-bank-manipulation.htmlThe London gold fix, the benchmark used by miners, jewelers and central banks to value the metal, may have been manipulated for a decade by the banks setting it, researchers say.
Unusual trading patterns around 3 p.m. in London, when the so-called afternoon fix is set on a private conference call between five of the biggest gold dealers, are a sign of collusive behavior and should be investigated, New York University’s Stern School of Business Professor Rosa Abrantes-Metz and Albert Metz, a managing director at Moody’s Investors Service, wrote in a draft research paper.
Video: Are Gold Prices Being Manipulated by Banks?
“The structure of the benchmark is certainly conducive to collusion and manipulation, and the empirical data are consistent with price artificiality,” they say in the report, which hasn’t yet been submitted for publication. “It is likely that co-operation between participants may be occurring.”
The paper is the first to raise the possibility that the five banks overseeing the century-old rate -- Barclays Plc, Deutsche Bank AG (DBK), Bank of Nova Scotia (BNS), HSBC Holdings Plc (HSBA) and Societe Generale SA (GLE) -- may have been actively working together to manipulate the benchmark. It also adds to pressure on the firms to overhaul the way the rate is calculated. Authorities around the world, already investigating the manipulation of benchmarks from interest rates to foreign exchange, are examining the $20 trillion gold market for signs of wrongdoing.
Photographer: Dhiraj Singh/Bloomberg
A jewelry store in Nashik, India, on Feb. 03, 2014.
Union Jacks
The paper “is not a Moody’s research report,” Michael Adler, a spokesman for the firm, said in an e-mail. “The co-author of the paper was writing independent of his position at Moody’s and was representing his own research findings and viewpoint.”
Officials at London Gold Market Fixing Ltd., the company owned by the banks that administer the rate, referred requests for comment to Societe Generale, which holds the rotating chairmanship of the group. Officials at Barclays, Deutsche Bank, HSBC and Societe Generale declined to comment on the report and the future of the benchmark. Joe Konecny, a spokesman for Bank of Nova Scotia, didn’t respond to requests for comment.
The Libor Scandal Sets Off a Wave of Probes
Abrantes-Metz advises the European Union and the International Organization of Securities Commissions on financial benchmarks. Her 2008 paper “Libor Manipulation?” helped uncover the rigging of the London interbank offered rate, which has led financial firms including Barclays Plc (BARC) and UBS AG to be fined about $6 billion in total. She is a paid expert witness to lawyers, providing economic analysis for litigation. Metz heads credit policy research at ratings company Moody’s.
Unregulated Process
The rate-setting ritual dates back to 1919. Dealers in the early years met in a wood-paneled room in Rothschild’s office in the City of London and raised little Union Jacks to indicate interest. Now the fix is calculated twice a day on telephone conferences at 10:30 a.m. and 3 p.m. London time. The calls usually last 10 minutes, though they can run more than an hour.
Firms declare how many bars of gold they want to buy or sell at the current spot price, based on orders from clients and themselves. The price is increased or reduced until the buy and sell amounts are within 50 bars, or about 620 kilograms, of each other, at which point the fix is set.
Traders relay shifts in supply and demand to clients during the call and take fresh orders to buy or sell as the price changes, according to the website of London Gold Market Fixing, where the results are published. At 3 p.m. yesterday, the price was $1,332.25 an ounce. The process is unregulated and the five banks can trade gold and its derivatives throughout the call.
All Down
Bloomberg News reported in November concerns among traders and economists that the fixing banks and their clients had an unfair advantage because information gleaned from the calls provided an insight into the future direction of prices and banks can bet on spot and derivatives markets during the call.
Abrantes-Metz and Metz screened intraday trading in the spot gold market from 2001 to 2013 for sudden, unexplained moves that may indicate illegal behavior. From 2004, they observed frequent spikes in spot gold prices during the afternoon call. The moves weren’t replicated during the morning call and hadn’t happened before 2004, they found.
Large price moves during the afternoon call were also overwhelmingly in the same direction: down. On days when the authors identified large price moves during the fix, they were downwards at least two-thirds of the time in six different years between 2004 and 2013. In 2010, large moves during the fix were negative 92 percent of the time, the authors found.
There’s no obvious explanation as to why the patterns began in 2004, why they were more prevalent in the afternoon fixing, and why price moves tended to be downwards, Abrantes-Metz said in a telephone interview this week.
Bafin, FCA
“This is a first attempt to uncover potentially manipulative behavior and the results are concerning,” she said. “It’s down to regulators to establish why there are such striking patterns but banks have the means, motive and opportunity to manipulate the fixing. The results are consistent with the possibility of collusion.”
Deutsche Bank, Germany’s largest lender, said in January that it will withdraw from the panels setting the gold and silver fixings. German financial markets regulator Bafin interviewed the Frankfurt-based bank’s employees as part of a probe into the potential manipulation of gold and silver prices.
“In general, research that finds certain price patterns does not as such constitute evidence of manipulation,” said Thorsten Polleit, chief economist at Frankfurt-based precious-metals broker Degussa Goldhandel GmbH and a former Barclays economist. “However, it might encourage interest in finding out more about the sources of these price patterns.”
‘Appropriate Oversight’
The five banks that oversee the fixing set up a steering committee and will appoint external advisers to consider reforms before EU legislation on financial benchmarks’ regulation and oversight comes into force, Bloomberg reported last month.
Britain’s Financial Conduct Authority is also scrutinizing how prices are calculated. The regulator published a report this week outlining its remit for regulating commodities including gold, saying that while it’s responsible for commodities derivatives, it doesn’t regulate physical commodities.
“Abusive behavior can occur in the physical commodity markets which in turn can have an impact on, or be directly linked with, financial market activity and prices,” the FCA said in the report. “The regulatory regime -- both in the U.K. and internationally -- needs to be adapted to ensure robust and appropriate oversight.” I consider myself a pretty economically literate person, but I have to admit I don't understand the evidence presented here. What are they observing that makes them think the price is being manipulated? Can anyone explain this, and perhaps opine as whether or not these claims have any merit?
|
|
|
|
|
Well, I'm glad you feel that way, but it isn't how most people think.
|
|
|
|
|
That doesn't really help very much. It shows that even a perfect system doesn't stop people from being preyed on. In the minds of the mainstream, the obvious conclusion is that we need more government.
|
|
|
|
|
It seems like the message the mainstream is getting from recent events is "This is why we need financial regulation."
And, let's be fair, there is a LOT of crime in our little community. You can protect yourself pretty well by taking the right precautions, but a ton of wealth is being transferred to the hands of criminals.
Of course the obvious retort is "the mainstream financial system robs you too", but I'm wondering if anyone has any more comforting thoughts than that.
|
|
|
|
|
Just hearing you describe it, it sounds like a ponzi.
|
|
|
|
|
I both disagree with and dislike Krugman. He goes out of his way to be obnoxious and patronizing. Many of his columns are purely straw man and/or ad hominem arguments. Half the time he doesn't even name the person who allegedly said the ridiculous thing he's refuting, and when he does it's almost never an economist. He goes out of his way to avoid venues where those he disagrees with can respond to his straw man attacks.
|
|
|
|
|
I'm curious as to what you observed that leads you to believe this is the case, and what you intend to accomplish by starting this thread.
|
|
|
|
Why are you wasting your time or insisting others to promote bitcoin SmoothieClau like I am sick with people who keep on asking “Do you accept Bitcoin”. I am a sale man and really say them why shall I accept it. I don’t have enough time to waste going with bitcoins and searching for bitcoins acceptor
Haha why do you hate Bitcoin so much? All you post is to slag it off. What does that mean "slag it off"? Slag? "Slag it off" = "criticize it". |
|
|
|
|
You might be able to find someone to cash you out at localbitcoins.com.
|
|
|
|
Most people are not technically savvy enough to store their bitcoins themselves. Without a trusted, insured deposit institution, they'll lose their savings to trojans, social engineering, and computer failures. There may be regulatory difficulties in creating such a service down the line.
This argument is not true. Anybody can print a paper-wallet for storage of wealth from blockchian.info, if they know how to do it (which is simly the case of watching a 30sec youtube video. For spending money you can have some change in an e-wallet.). Yes, blockchain.info is probably the best out there for now, but long term it might not be enough. First of all, someone has to know that taking those steps is even necessary. I've made a special effort to convince the people I've introduced to bitcoin, but it's a hard sell. Second, as malware becomes more sophisticated attackers may well gain the ability to capture a user's blockchain.info decryption key. Down the line, as paper wallets become more common, burglars will learn to recognize them, and even they won't be safe if you live in a high-crime area and lack access to a vault. There's also the risk that blockchain.info might be compromised, and the attacker could insert some malicious javascript to gain the coins that way. You also completely ignored the possibility of phishing/social engineering. Think about how many people are victims of identity theft as it is, then consider that bitcoin offer zero of the protections that existing financial institutions do. A lot of people don't even know how to create a secure password. |
|
|
|
|
Most people are not technically savvy enough to store their bitcoins themselves. Without a trusted, insured deposit institution, they'll lose their savings to trojans, social engineering, and computer failures. There may be regulatory difficulties in creating such a service down the line.
Has the scalability problem been solved yet?
|
|
|
|
|
I'm calling FUD on these rumors. If it were true that all Chinese btc exchanges were closing, the Chinese section of this forum would be freaking out. I don't see them talking about it at all.
|
|
|
|
|
What will I understand much later that will help me understand this?
I don't know, I just feel like being a self-taught developer I miss out on a lot of theory and mathematics that would really help my projects. I kind of wanted to do this "right".
So, is what you're saying that bitaddress uses a different multiply implementation than the wiki article? I kind of suspected that was the case.
All I want to do in the short term is get to the point where I can generate public addresses from private keys without relying on a library.
|
|
|
|
Thanks for the answers. zinv is the modulo inverse of z. I can see that from the code. But what's z and why do we need its modulo inverse? Neither value is mentioned in the wikipedia. zinv = z ^ (p-2) mod p Thanks, I'll make a note of that. |
|
|
|
For easy reference, let me quote the relevant section of the code: ec.PointFp = function (curve, x, y, z, compressed) {
this.curve = curve;
this.x = x;
this.y = y;
// Projective coordinates: either zinv == null or z * zinv == 1
// z and zinv are just BigIntegers, not fieldElements
if (z == null) {
this.z = BigInteger.ONE;
}
else {
this.z = z;
}
this.zinv = null;
// compression flag
this.compressed = !!compressed;
};
ec.PointFp.prototype.getX = function () {
if (this.zinv == null) {
this.zinv = this.z.modInverse(this.curve.q);
}
var r = this.x.toBigInteger().multiply(this.zinv);
this.curve.reduce(r);
return this.curve.fromBigInteger(r);
};
ec.PointFp.prototype.getY = function () {
if (this.zinv == null) {
this.zinv = this.z.modInverse(this.curve.q);
}
var r = this.y.toBigInteger().multiply(this.zinv);
this.curve.reduce(r);
return this.curve.fromBigInteger(r);
};
ec.PointFp.prototype.equals = function (other) {
if (other == this) return true;
if (this.isInfinity()) return other.isInfinity();
if (other.isInfinity()) return this.isInfinity();
var u, v;
// u = Y2 * Z1 - Y1 * Z2
u = other.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(other.z)).mod(this.curve.q);
if (!u.equals(BigInteger.ZERO)) return false;
// v = X2 * Z1 - X1 * Z2
v = other.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(other.z)).mod(this.curve.q);
return v.equals(BigInteger.ZERO);
};
ec.PointFp.prototype.isInfinity = function () {
if ((this.x == null) && (this.y == null)) return true;
return this.z.equals(BigInteger.ZERO) && !this.y.toBigInteger().equals(BigInteger.ZERO);
};
ec.PointFp.prototype.negate = function () {
return new ec.PointFp(this.curve, this.x, this.y.negate(), this.z);
};
ec.PointFp.prototype.add = function (b) {
if (this.isInfinity()) return b;
if (b.isInfinity()) return this;
// u = Y2 * Z1 - Y1 * Z2
var u = b.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(b.z)).mod(this.curve.q);
// v = X2 * Z1 - X1 * Z2
var v = b.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(b.z)).mod(this.curve.q);
if (BigInteger.ZERO.equals(v)) {
if (BigInteger.ZERO.equals(u)) {
return this.twice(); // this == b, so double
}
return this.curve.getInfinity(); // this = -b, so infinity
}
var THREE = new BigInteger("3");
var x1 = this.x.toBigInteger();
var y1 = this.y.toBigInteger();
var x2 = b.x.toBigInteger();
var y2 = b.y.toBigInteger();
var v2 = v.square();
var v3 = v2.multiply(v);
var x1v2 = x1.multiply(v2);
var zu2 = u.square().multiply(this.z);
// x3 = v * (z2 * (z1 * u^2 - 2 * x1 * v^2) - v^3)
var x3 = zu2.subtract(x1v2.shiftLeft(1)).multiply(b.z).subtract(v3).multiply(v).mod(this.curve.q);
// y3 = z2 * (3 * x1 * u * v^2 - y1 * v^3 - z1 * u^3) + u * v^3
var y3 = x1v2.multiply(THREE).multiply(u).subtract(y1.multiply(v3)).subtract(zu2.multiply(u)).multiply(b.z).add(u.multiply(v3)).mod(this.curve.q);
// z3 = v^3 * z1 * z2
var z3 = v3.multiply(this.z).multiply(b.z).mod(this.curve.q);
return new ec.PointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);
};
ec.PointFp.prototype.twice = function () {
if (this.isInfinity()) return this;
if (this.y.toBigInteger().signum() == 0) return this.curve.getInfinity();
// TODO: optimized handling of constants
var THREE = new BigInteger("3");
var x1 = this.x.toBigInteger();
var y1 = this.y.toBigInteger();
var y1z1 = y1.multiply(this.z);
var y1sqz1 = y1z1.multiply(y1).mod(this.curve.q);
var a = this.curve.a.toBigInteger();
// w = 3 * x1^2 + a * z1^2
var w = x1.square().multiply(THREE);
if (!BigInteger.ZERO.equals(a)) {
w = w.add(this.z.square().multiply(a));
}
w = w.mod(this.curve.q);
//this.curve.reduce(w);
// x3 = 2 * y1 * z1 * (w^2 - 8 * x1 * y1^2 * z1)
var x3 = w.square().subtract(x1.shiftLeft(3).multiply(y1sqz1)).shiftLeft(1).multiply(y1z1).mod(this.curve.q);
// y3 = 4 * y1^2 * z1 * (3 * w * x1 - 2 * y1^2 * z1) - w^3
var y3 = w.multiply(THREE).multiply(x1).subtract(y1sqz1.shiftLeft(1)).shiftLeft(2).multiply(y1sqz1).subtract(w.square().multiply(w)).mod(this.curve.q);
// z3 = 8 * (y1 * z1)^3
var z3 = y1z1.square().multiply(y1z1).shiftLeft(3).mod(this.curve.q);
return new ec.PointFp(this.curve, this.curve.fromBigInteger(x3), this.curve.fromBigInteger(y3), z3);
};
// Simple NAF (Non-Adjacent Form) multiplication algorithm
// TODO: modularize the multiplication algorithm
ec.PointFp.prototype.multiply = function (k) {
if (this.isInfinity()) return this;
if (k.signum() == 0) return this.curve.getInfinity();
var e = k;
var h = e.multiply(new BigInteger("3"));
var neg = this.negate();
var R = this;
var i;
for (i = h.bitLength() - 2; i > 0; --i) {
R = R.twice();
var hBit = h.testBit(i);
var eBit = e.testBit(i);
if (hBit != eBit) {
R = R.add(hBit ? this : neg);
}
}
return R;
};
// Compute this*j + x*k (simultaneous multiplication)
ec.PointFp.prototype.multiplyTwo = function (j, x, k) {
var i;
if (j.bitLength() > k.bitLength())
i = j.bitLength() - 1;
else
i = k.bitLength() - 1;
var R = this.curve.getInfinity();
var both = this.add(x);
while (i >= 0) {
R = R.twice();
if (j.testBit(i)) {
if (k.testBit(i)) {
R = R.add(both);
}
else {
R = R.add(this);
}
}
else {
if (k.testBit(i)) {
R = R.add(x);
}
}
--i;
}
return R;
};
// patched by bitaddress.org and Casascius for use with Bitcoin.ECKey
// patched by coretechs to support compressed public keys
ec.PointFp.prototype.getEncoded = function (compressed) {
var x = this.getX().toBigInteger();
var y = this.getY().toBigInteger();
var len = 32; // integerToBytes will zero pad if integer is less than 32 bytes. 32 bytes length is required by the Bitcoin protocol.
var enc = ec.integerToBytes(x, len);
// when compressed prepend byte depending if y point is even or odd
if (compressed) {
if (y.isEven()) {
enc.unshift(0x02);
}
else {
enc.unshift(0x03);
}
}
else {
enc.unshift(0x04);
enc = enc.concat(ec.integerToBytes(y, len)); // uncompressed public key appends the bytes of the y point
}
return enc;
};
ec.PointFp.decodeFrom = function (curve, enc) {
var type = enc[0];
var dataLen = enc.length - 1;
// Extract x and y as byte arrays
var xBa = enc.slice(1, 1 + dataLen / 2);
var yBa = enc.slice(1 + dataLen / 2, 1 + dataLen);
// Prepend zero byte to prevent interpretation as negative integer
xBa.unshift(0);
yBa.unshift(0);
// Convert to BigIntegers
var x = new BigInteger(xBa);
var y = new BigInteger(yBa);
// Return point
return new ec.PointFp(curve, curve.fromBigInteger(x), curve.fromBigInteger(y));
};
ec.PointFp.prototype.add2D = function (b) {
if (this.isInfinity()) return b;
if (b.isInfinity()) return this;
if (this.x.equals(b.x)) {
if (this.y.equals(b.y)) {
// this = b, i.e. this must be doubled
return this.twice();
}
// this = -b, i.e. the result is the point at infinity
return this.curve.getInfinity();
}
var x_x = b.x.subtract(this.x);
var y_y = b.y.subtract(this.y);
var gamma = y_y.divide(x_x);
var x3 = gamma.square().subtract(this.x).subtract(b.x);
var y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
return new ec.PointFp(this.curve, x3, y3);
};
ec.PointFp.prototype.twice2D = function () {
if (this.isInfinity()) return this;
if (this.y.toBigInteger().signum() == 0) {
// if y1 == 0, then (x1, y1) == (x1, -y1)
// and hence this = -this and thus 2(x1, y1) == infinity
return this.curve.getInfinity();
}
var TWO = this.curve.fromBigInteger(BigInteger.valueOf(2));
var THREE = this.curve.fromBigInteger(BigInteger.valueOf(3));
var gamma = this.x.square().multiply(THREE).add(this.curve.a).divide(this.y.multiply(TWO));
var x3 = gamma.square().subtract(this.x.multiply(TWO));
var y3 = gamma.multiply(this.x.subtract(x3)).subtract(this.y);
return new ec.PointFp(this.curve, x3, y3);
};
ec.PointFp.prototype.multiply2D = function (k) {
if (this.isInfinity()) return this;
if (k.signum() == 0) return this.curve.getInfinity();
var e = k;
var h = e.multiply(new BigInteger("3"));
var neg = this.negate();
var R = this;
var i;
for (i = h.bitLength() - 2; i > 0; --i) {
R = R.twice();
var hBit = h.testBit(i);
var eBit = e.testBit(i);
if (hBit != eBit) {
R = R.add2D(hBit ? this : neg);
}
}
return R;
};
ec.PointFp.prototype.isOnCurve = function () {
var x = this.getX().toBigInteger();
var y = this.getY().toBigInteger();
var a = this.curve.getA().toBigInteger();
var b = this.curve.getB().toBigInteger();
var n = this.curve.getQ();
var lhs = y.multiply(y).mod(n);
var rhs = x.multiply(x).multiply(x).add(a.multiply(x)).add(b).mod(n);
return lhs.equals(rhs);
};
ec.PointFp.prototype.toString = function () {
return '(' + this.getX().toBigInteger().toString() + ',' + this.getY().toBigInteger().toString() + ')';
};
/**
* Validate an elliptic curve point.
*
* See SEC 1, section 3.2.2.1: Elliptic Curve Public Key Validation Primitive
*/
ec.PointFp.prototype.validate = function () {
var n = this.curve.getQ();
// Check Q != O
if (this.isInfinity()) {
throw new Error("Point is at infinity.");
}
// Check coordinate bounds
var x = this.getX().toBigInteger();
var y = this.getY().toBigInteger();
if (x.compareTo(BigInteger.ONE) < 0 || x.compareTo(n.subtract(BigInteger.ONE)) > 0) {
throw new Error('x coordinate out of bounds');
}
if (y.compareTo(BigInteger.ONE) < 0 || y.compareTo(n.subtract(BigInteger.ONE)) > 0) {
throw new Error('y coordinate out of bounds');
}
// Check y^2 = x^3 + ax + b (mod n)
if (!this.isOnCurve()) {
throw new Error("Point is not on the curve.");
}
// Check nQ = 0 (Q is a scalar multiple of G)
if (this.multiply(n).isInfinity()) {
// TODO: This check doesn't work - fix.
throw new Error("Point is not a scalar multiple of G.");
}
return true;
};
|
|
|
|
So, at the moment I'm trying to reverse engineer the bitaddress.org source code to improve my own understanding of cryptography and bitcoin specifically. I was following along with this wikipedia page on elliptic curve point multiplication. However, I'm a little confused by bitaddress.org's variable "zinv". Related to it is the variable "z". The wikipedia page doesn't seem to have anything like that, and I'd like to know what it is and what it does. Also, I'd be willing to pay someone who can answer questions like these to tutor me privately, so I don't have to keep coming to these forums with my questions. |
|
|
|
|
Thanks both of you.
So:
X=79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
Y=483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8
Is this correct?
|
|
|
|
|
Show Posts
