IIRC scanning with a local copy of the filters turned out to be really slow, hardly faster than scanning the blocks (assuming you had them) due to the design property that the prior block hash is used to salt the hashing. This property is pretty important for some imagined uses, but pointless for local use.

So yeah, it could be used for that-- but for that application a purely local filter that didn't need that salting would work a lot better. ::shrugs::

If Schoof's algorithm hadn't been discovered, Bitcoin would have just used different cryptography like RSA.

... or maybe it would use elliptic curves like RSA by users selecting a random group and using the hardness of finding its order for security.  ... only to have it broken when Schoof's algorithm is discovered.

It's really sad how readily "journalists" repeat whatever disinformation is shoveled at them.

An accurate headline would be "Faux Bitcoin-creator found liable for $100m in damages due to stealing from dead friend's company."

Unfortunately there is a massive disinformation campaign on all fronts on this... and as a result even earnest Bitcoiners are getting confused and repeating some falsehoods.

No. No one was found to be Satoshi. The court wasn't even looking at that.  No, wright did not "win"-- he has been ordered to pay $100 million dollars which will bankrupt him many times over (unless he's able to get a bailout from a sucker who he can promise future 'satoshi bitcoin' to...).

Wright's damages are because he raided the assets of his friends company by filing a lawsuit against it in AU and then showing up as the defendant himself to concede the lawsuit.  The argument that wright won is because the estate also demanded half of Wright's obviously fictional Bitcoin and it appears the jury didn't buy the existence of that Bitcoin and so they didn't award anything thing.

Rather than supporting Wright's claims, the case brutally refuted them.  Including proving mountains of Wright produced documents to be forgeries.  The argument made by Wright's attorney in closing was essentially a chewbacca defense: They argued that wright is a fantasist and that it didn't make sense for the plaintiff to rely on Wright's forgeries as proof, and kept chanting "if it doesn't make sense you go with the defense".

Probably the highlight of the case was when Wright was ordered by the court under threat of being held in contempt to identify and swear to which specific bitcoin he owned in 2013 and he provided a list just before the deadline-- only to have the real owners of thousands of bitcoins on it immediately show up with digital signatures calling Wright a liar and a fraud.  But it's hard to pick one.  Wright made a total clown of himself so many times over that it's hard to choose.

He can't obtain a valid patent on that because bitcoin is open and unpatented years before Wright ever heard of it.  Once something is published that becomes a bar to patentability called prior art.  But this doesn't stop someone from making spurious patent lawsuits as a form of harassment, they'll ultimately lose, but they still waste their opponents time and money.

Of course, he could attack altcoins but most major altcoins have massive premines that they can use to pay him off-- or use to fund litigation to stop him.  His scheme mostly centers around harassing Bitcoin and Bitcoin forks and so far he's left other altcoins alone.

There isn't any particular reason to believe those blocks were mined by Satoshi rather than some other early miner.  Other than the genesis block the only block we have a pretty good reason to believe is Satoshi is block 9 (pretty good because hal claimed satoshi used it to send him the first transaction) -- and it doesn't fit that pattern. Regardless of who mined those blocks, they probably don't want to do anything that would identify themselves... even assuming they still have the keys.  A lot of coins mined in the first year have likely just been lost.  Bitcoin was essentially worthless then.

But my point was it doesn't matter if Satoshi hasn't signed-- because the signatures by other people have conclusively proved that Wright is lying about his early bitcoin holdings-- not just casually but in court too! ... no Satoshi involvement needed!

It's like if I claimed that I had traveled to and landed on the moon but dismantled and disposed of my rocket after the fact. Kind of hard to disprove.  But then you ask me where I landed and I gave a list of specific landing sites, swore they were correct and carefully recorded under oath, and you sent up a team and verified that no one had ever landed at some of those sites.  You'd have to be insane to believe my moon landing story after that-- it was suspect to begin with, but after checking you proved that I was at least partially lying about it.

Of course, these addresses aren't the only such example.  Every time wright has provided strongly falsifiable proof that he's Satoshi people have been able to falsify it.  The only claims he's made that haven't been falsified are things that are inherently unfalsifiable-- like his bare assertion or claims of key signing demos where wright controlled all the involved computers.   Even some of his "handwritten" notes which you'd think would be unfalsifiable turned out to contain references and terminology that didn't exist until later.

No, miners can't do anything there--  I mean anyone can create a fork of Bitcoin at any time, but the only way someone follows that fork is that they choose to adopt it. And no one but Wright would choose to accept a fork that steals coins for him.  (He already has a fork that doesn't steal coins and it has well under 1% of Bitcoin's hashpower, way less than 1% of Bitcoin's value, and less than 40 reachable nodes).

Also in Wright's lawsuit against varrious former and current Bitcoin developers Wright states in a sworn statement that miners have no control ... so this would probably completely undermine his ability to litigate against any miners.


Wright's known ongoing attacks are:

1.  File SLAPP litigation against journalists and community members to induce self-censorship of voices that call out his fraud.  This is a key plank to his media control-- if you look at todays mainstream reporting they almost all universally repeat wright's laughably false narrative.

2. File spurious litigation to try to get control of bitcoin domain names.  There was an existing lawsuit against bitcoin.org, which is still effectively ongoing because they've demanded like a million dollars in fees, he's also threatened a new lawsuit against bitcoin.org and bitcoincore.org for stealing the Bitcoin name.

3. File spurious litigation against respected Bitcoin technical experts, particularly ones who have discredited his claims of being Satoshi.  Wright hopes to harass the remaining developers out of participating (and discourage older ones from coming back), and failing that destroy their reputations by trying to force them to create and distribute backdoored code that he's demanding.  Wright also alleges that the developers lack any standing to challenge his claim of owning these coins.

4. Target developers with patent and "database rights" litigation, which he's also started threatening.

He may be attempting to take over bitcoin development by driving the reasonable OGs out and then adding new people who are secretly on his payroll, potentially operating under pseudonyms.

He's also threatened a number of large exchanges that don't list BSV, but it's not clear how important these moves are or if they're just for PR sake.  Coinbase is already subject to dozens of lawsuits and against a company of their size and wealth another bullshit lawsuit has about zero intimidation effect.  By comparison, to a volunteer open source developer a spurious lawsuit can mean a ruinous imposition of expenses and time, and really make it a poor personal decision to contribute.


Yes, if you scroll up on that page I linked to it also has more background information.

I'm dubious.  They're a constant factor communication reduction, but the chain is always growing.   So even if they use little enough data to be acceptable it's just a matter of time until they're not again.

Plus, if you're willing to take many more times the bandwidth of a non-private lite wallet just to get privacy you can just run a (pruned) full node.  Yes, it's more bandwidth than the filters but it's MUCH more private because transaction relay means they have announcement privacy, and much more secure.

For all anyone knows Satoshi isn't even alive anymore.  It's probably for the best.

Moreover, it's not clear that it would help:  While it isn't a signature by Satoshi, under oath Craig wright provided a list of the bitcoin holdings he claims he mined as satoshi... thousands of early addresses. ... and as soon as the list was published the owner(s) of 145 of the addresses, controlling 7250 BTC, signed a message saying those addresses didn't belong to Wright and that Wright was a fraud.

This seems to have little to no effect.  This utter demolision of Wright's claims has been almost entirely ignored by the media because Wright and his conspirators have extensive influence over the media by putting out a constant stream of articles that lazy journalists can copy-and-tweak into their own articles.

Even then: Garbage in, Garbage out.  The film maker might be trying to do an honest job, but if they're too thoroughly surrounded by disinformation they just may never encounter the truth.

Because that isn't how courts work: Wright claims to have $x billion bitcoins and so anyone suing him is legally entitled to take his word for it.  For it to be an issue in any civil trial the parties would have to be fighting over it.  Civil court exists to arbitrate specific disputes between specific parties, not to determine the truth or impose any kind of cosmic fairness-- they're only supposed to settle the dispute.

In this case, all they were fighting over is what Wright owed the company of his dead friend.  And the jury found that Wright owed $100 million from plundering the company of vaguely specified "intellectual property" that wright pretended to be dave's company to get in AU court, and then wright sold to Calvin Ayre for a few million to form the basis of nChain.

The jury wasn't asked anything about Bitcoin other than how many dollars in damages the family was owed due to wright stealing Bitcoins from Dave and his company, and for that they decided $0  -- potentially because they correctly concluded that wright never had any.  The family tried to argue on the basis of Wright's document that wright also owed billions of dollars worth of Bitcoin but the documents that they got from Wright which claimed that Wright had Bitcoins were all forgeries and as a result not very convincing, but Wright more or less admitted that he raided these companies via false court cases.

They didn't contact any of the people who actually worked with Satoshi... so it sounds like it'll be low quality.  Maybe even a paid piece to promote one of the impersonators.

The amount of misinformation on this is truly astounding.

Wright was accused a dozen different forms of liability.  None of the questions to the jury had *anything* to do with Wright being Satoshi.

Bitcoin experts agree that it is well established that Wright didn't have anything to do with the creation of Bitcoin.

The jury found wright civilly liable for stealing $100 million dollars from his dead's friend's business.

(Likely because wright essentially impersonated the business in an Australian court, playing as both the plaintiff and the defendant and then agreed with himself to hand over tens of millions in fictional assets, as part of his effort to get away with tax fraud)

So a correct title would be something like "$100 million dollar civil judgement against Satoshi imposter for stealing".

For those of you who think wright's fraud is benign or only hurts people foolish enough to fall for it, I have bad news.  Wright is engaging in a dozen other lawsuits against Bitcoin community members, journalists, and developers.

E.g. Wright is demanding a dozen former and current Bitcoin developers-- including myself-- to publish backdoored bitcoin software to enable him to take control of a huge pile of old bitcoins (which obviously belong to other people) because Wright claims to have lost the private keys, and if they fail to help him, he demands they pay him 111k BTC in damages.  He's also bankrupted Bitcoin podcaster Peter McCormack with legal fees defending an obviously spurious defamation claim which hasn't even made it to trial yet.

Even though he'll ultimately fail in his vexatious litigation that won't stop him from causing people millions of dollars in expenses, countless wasted hours, and immeasurable amounts of stress -- and if that's the cost of participating then many reasonable people will choose to not expose themselves to it.

Come on.  You were smart enough to implement this solver, don't pretend that everyone else is an idiot.

Your message was grossly misleading.   While you did have some technical fine print that it requires small nonces you failed to mention that only very broken-- maybe only intentionally broken-- software would produce such nonces... if you weren't offering to sell it, and if you didn't use a sockpuppet to promote it as a break in Bitcoin I could give you a pass as just being a poor communicator, but you did.

Or maybe you didn't implement the a HNP solver yourself but just asked the author of some paper for a copy of their code? -- still, even just putting it to use isn't entirely trivial.

In any case, if this is a subject that interests you -- there are more interesting things that you could do with your time.  Plenty of places will hire people with an interest and aptitude in this area, but not if they're going around ripping people off and FUDding bitcoin in the process of doing it.

I hadn't seen this thread until now, but I also came to the same conclusion.

Selling 'key cracking' tools to idiots is a common scam, I'm not sure if this one is the same as prior parties who have pulled it-- but it's more sophisticated at least in the sense that the scammer implemented a fairly mathematically complex (but actually useless) attack and then was deceptively promoting it and using sock accounts to make it sound useful.  To me this sounds like someone with a bit of genuine expertise looking to monetize their tinkering and who has rationalized defrauding people because the victims are would-be thieves. ... some of the prior accounts that were doing this didn't seem that capable, but it may be that they spent some time learning.

In addition to the ones mentioned by PrimeNumber7, off the topic of my head other accounts that have engaged in this kind of thing are Evil-Knievel and rico666. ... but there have been a bunch of other ones and making a complete list would be hard because many just ended up with nuked accounts.

At times I've been a little less aggressive at squashing these scammers specifically because their victims are also crooks-- and usually they're just selling something useless. Though sometimes they take the opportunity to distribute malware which I think is less justifiable even if the victims are crooks.  These threads also create FUD as collateral damage (accusations that Bitcoin isn't secure), spam up the forum, and attract even more idiotic would-be-thieves. ... all of which are not cool even though I'm willing to admit that thieves robbing thieves is not my biggest concern.

In any case, I posted in the threads calling out and explaining the scam.  Then shortly after that I saw there was a report with the same conclusions I had by another established forum member. Comforted by the fact that it wasn't just me, I nuked the newer newbie account that was purely promoting it which caused the forum software to tell me that it was a sock account of the first-- as expected.  I haven't killed the initial scammer's account because it serves an example to others, and I think now has anti-fud effects: since people have seen these threads (and similar posted elsewhere) the rumors will continue to circulate, and with the thread left up people can link to the debunking at the end of it.

I did, however, nominate the account for a flag: https://bitcointalk.org/index.php?action=trust;flag=2879



I had an idea that maybe the victims are people who have bitcoin burning a hole in their pocket because they successfully ripped someone off already, e.g. through cracking a brainwallet or social engineering.  Stolen coins are dangerous to trade, probably the safest thing you can spend them on is more coin stealing tools.  Someone who had some initial success in ripping people off may be emboldened to go for a bigger score.

This latest thread had an interesting elaboration because the cracking tool required a large number of signatures which someone might rationalize as making the attack harder to apply and less valuable to the author. ... then buy it with dreams of social engineering a target into making additional signatures.

This thread is a scam.

The OP posted a generate script that generates signatures with an insecurely generated nonce.

Then he goes on to break the insecure signatures by solving a hidden number problem.

It's an example of the sort of attack on weak signatures discussed in this paper: https://eprint.iacr.org/2019/023

The reason for the thread is so that the poster can make money selling his cracking tool to gullible scammers who think they're going to make lots of Bitcoin.  Selling bogus cracking tools is a common scam on bitcointalk, ... sometime the tools come with a bonus bit of malware too.

DarkBitcoin also created another account (which I've now banned and nuked) named TA190 which was both interacting with him in this thread and pretending to be a believer, promoting the scam in other subforums.

I've nominated the account for a flag: https://bitcointalk.org/index.php?action=trust;flag=2879

A key can make an unlimited number of signatures.

Signet isn't intended to be particularly secure in any case, as it's just a test system, but the reuse of keys doesn't do anything in particular to harm its security.

They'd be a lot funnier if they actually ever had one of those, they essentially never do.  Even good ole super clown wright falls on his face in that regard, no actual justification, just deflection and grandstanding.

Really most of them just come off as schizophrenic.

FWIW, for as many of these as the forum sees-- people with a high 'bitcoin' profile see 10x more of them in private emails/etc.


... along with the people with their sob stories about how they bought bitcoin in 2003 and can't log into their wallet anymore.

I saw there was a PR for using raw (untweaked) keys: https://github.com/bitcoin/bitcoin/pull/23480

It's probably a pretty bad idea to use it unless you must and you really know what you're doing... however.

Didn't happen.  MTGox was insolvent because they were robbed starting back in 2011 and were insolvent ever since.

https://blog.wizsec.jp/2015/04/the-missing-mtgox-bitcoins.html

That isn't how anyone determines if someone has been paid.  Mtgox did lose a tiny amount of funds due to repayments but this was mostly because they were issuing payments using unspendable immature coinbase outputs and then reissuing the payments without doing anything about the immature payments, some of which eventually became mature and went through.

The problem of malleability was that when you make a transaction you may use as inputs the outputs of prior transactions, often your own change output (unless you want to be restricted to make only a single transaction per block you must sometimes spend unconfirmed change).  Then third parties (or other signers) can alter the transaction and invalidate the subsequent spends.

This was fixed years ago through segwit by changing the signature hash to not cover the signatures of the prior transactions (just as you write "If instead the txid is generate before the signature, and therefore without it,").  Now only first party signers can create chain-breaking replacements which is the strongest protection possible (no stronger would be possible because unconfirmed double spends can't be prevented).

The role and influence of miners is often radically overstated by the general public.  People are so used to systems based on trust and authority that they automatically assume someone is "in charge" of any system they see, and miners are often the target of these assumptions.  But for both technical and economic reasons their influence is much more limited than these uninformed assumptions-- and not by accident, but due to the intentional incentives in the design of Bitcoin.

There are even parties that some might call "miners" that could reasonably argued to have almost no significant role: you could imagine a "miner" that has never even heard of bitcoin, has never used Bitcoin, and simply performs sha256^2 operations for whomever has wired them the USD.

But that said I agree with pooya87, silly extreme examples aside they're also an important part of the ecosystem with influence too (and not only because many parties that are miners are also participants in other respects as well).  JayJuanGee's points make sense as a reaction to people's *over* statement of the role of miners-- e.g. the clearly false claims that they control the system outright.   But even though the overstatements are so ubiquitous as to make a strong rebuttal the most commonly correct answer, we shouldn't forget that economies are far more nuanced than simply internet arguments and that large miners are an economically significant part of the Bitcoin ecosystem even if they aren't the rulers that the public with their authority-eccentric-brainwashing sometimes assumes they are.

Miners are far from unique in suffering over-estimates of their authority in the system too-- people do the same thing with developers and exchanges, while underestimating the importance of people who own Bitcoin and transact with Bitcoin.  This is particularly sad because the parties we can expect to be most loyal to Bitcoin are the long term holders (and after them, miners but only to the extent that their power / space / devices can't just be pointed at something else). Transacting parties that don't keep exposure will always be a bit fair-weather allies (e.g. it's common that when a merchant adds bitcoin they just integrate bitpay or similar and then accept whatever cryptocurrency the api supports-- if the API supports BSV-sue-the-bitcoin-developers-scam-token, they'll accept that too), and exchanges actually profit from market volatility, churn, and confusion.

[I think Bitcoin developers have historically been big allies, but this isn't because they're developers... it's because the long time developers are all Bitcoin holders who protect their investment by developing-- and developers that were less interested in owning bitcoins have left. Developers who just developed because they were collecting a paycheck could be expected to have miner like alignment (except with bitcoin specific expertise in the place of equipment).  ... and otherwise, just the fact of dealing with the technical details of Bitcoin makes it hard to take anything for granted and assume that other people will solve the problems.]

The real fault is the reflex that makes people mistake Bitcoin for something that has a central authority.  I can't think of too many people mistakenly assuming that varrious parties are in charge of the English language, so perhaps this flawed assumption can be cured.