Bitcoin Forum
October 31, 2024, 11:53:35 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 »
201  Bitcoin / Development & Technical Discussion / Re: Algorithm for elliptic curve point compression on: June 28, 2014, 08:53:41 PM
2^256-2^32-x is prime for the following positive x: 263, 359, 361, 487, 739, 949, 977, 1049, 1057, 1339, ...
This explanation doesn't make sense to me: there are larger x, and smaller x. Either it's outright wrong, or not explained very clearly. Can you clarify?
Sorry, the criteria also required that x < 1024, the performance speed-up requires x to be a small integer.
Ok, that sounds reasonable enough (from what I understand). So the way it's derived is:
nextprime(2^256 - 2^32 - 2^10)
This makes me more confident that there's "nothing up my sleeve" than 2^256 - 2^32 - 977 or 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1. Thanks!
202  Bitcoin / Development & Technical Discussion / Re: Algorithm for elliptic curve point compression on: June 28, 2014, 03:11:50 PM
how is this derived?:  p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
It's a system parameter, it must be a finite field which has size near 2^256 to achieve ~128 bit security, but less than 2^256 to avoid needing more space, to make the modular reductions faster the number selected is a generalized mersenne number. In the case of secp256k1 was selected by picking the largest x such that 2^256 - 2^32 - x is prime. You can search for "generalized mersenne number" to find the Solinas paper about how fields of sizes with special form yield more efficient computation.
2^256-2^32-x is prime for the following positive x: 263, 359, 361, 487, 739, 949, 977, 1049, 1057, 1339, ...
This explanation doesn't make sense to me: there are larger x, and smaller x. Either it's outright wrong, or not explained very clearly. Can you clarify?
203  Bitcoin / Development & Technical Discussion / Re: Algorithm for elliptic curve point compression on: June 28, 2014, 03:08:12 AM
In the field F23, -1 = 22, -2 = 21, etc. For simplicity, the canonical way we refer to them is usually as natural numbers, but it wouldn't be incorrect to think of 22 as -1. The symmetry of DeathAndTaxes's graph is more apparent if you do this: imagine the labels going from -1, -2, .. -11, 11, .. 2, 1. This makes it clear why the symmetry is around 11.5, and e.g. why the reflection of 10, -10, is equal to 13 (-10 = 13 mod 23).
204  Bitcoin / Development & Technical Discussion / Re: Safer Brainwallet with Multi-Hash on: June 26, 2014, 01:16:40 PM
Warpwallet uses 2^18 rounds of scrypt and 2^16 rounds of pbkdf2 (takes a few seconds in the browser). It makes brute forcing very difficult: an 8-character alphanumeric (47.6 bit) password has a 20 BTC bounty on it, expires over two years after it was created, and is still not expected to be cracked (via brute force).
205  Other / Off-topic / Re: Future of Bitcoin on: June 25, 2014, 10:08:19 PM
Would it be possible to find a way to send bitcoins offline?
In a decentralized, trustless manner? No. That's the job of the blockchain, which requires being online and waiting for 1 or more confirmations.
There are all sorts of discussions about how Bitcoin can be used instantly (usually by trusting an intermediary), to make it a little more palatable for in-store use for both parties, but bitcoins are fundamentally online.
Physical bitcoins, like Casascius or printed paper wallets, come close to being offline. But you're still having to trust that the coin/paper is really worth what they're saying it is.
206  Bitcoin / Bitcoin Discussion / Re: Satoshi's price on: June 25, 2014, 01:53:03 PM
Does anybody know if Satoshi had any idea what price bitcoins may get to once all coins are mined and it is being used by a large percentage of people, or was he not really interested in that side of things?

Satoshi was not interested in the FIAT value of Bitcoin. He wanted Bitcoin to be an independent medium of exchange.
What a silly point of view. Even if it's entirely independent and people aren't exchanging fiat for Bitcoin, there'd be a buying power equivalency that'd be sensible to discuss. Can you show that was actually Satoshi's view?
207  Bitcoin / Bitcoin Discussion / Re: This Family is Road Tripping Using Only Bitcoin... on: June 25, 2014, 11:59:11 AM
No matter how did they spend BTC through the entire journey and in what ways,  at least they were enthusiastic about BTC things. It was really a kind of big campaign for BTC.
Bingo. It can be a success for that regardless of whether you can call it "using only Bitcoin". Even the places that accept BTC online typically convert 100% of it to fiat immediately on purchase, so it's rare that you find a totally-Bitcoin transaction with a company.

It's a nice experiment that shows the current state of the Bitcoin economy as it relates to traveling the US: you can do everything you need to with Bitcoin, if you go a bit out of your way to book places and buy gift cards in advance. But the companies are usually only interested in holding the fiat, so it'll be converted sooner (when you buy the gift card) or later (when the company accepts your BTC and converts it immediately).
208  Bitcoin / Bitcoin Discussion / Re: This Family is Road Tripping Using Only Bitcoin... on: June 25, 2014, 01:02:20 AM
Not to mention using up your stash for some publicity stunt. A lot of people will look back witha lot of regret if this does get as big as people think it will.
Unless you repurchase the same amount of BTC that you spend. Which further departs this from the idea of "using only Bitcoin"...
Bitcoin could be great as currency between two parties who use Bitcoin. When one (or both) of the parties is only interested in holding the fiat equivalent, though, it's hard to classify the transaction along the lines of "using only Bitcoin". Then it's just another way to transfer the fiat, which may or may not be worse than traditional transfer schemes (credit, debit, cash, etc.), depending on the buy/sell gaps and fees you're dealing with when converting BTC to/from fiat.
209  Alternate cryptocurrencies / Altcoin Discussion / Re: Distributed rainbow table network? (MD5 coin) on: June 24, 2014, 10:26:06 PM
I was wondering what bitcoin would be like if it used MD5, and that got me to thinking about a distributed rainbow tables, where miners are hashing plain-text sent over the p2p network as messages, and also doing a proof of work similar to bitcoins as well.

People submitting plain-text to be hashed and stored could attach a fee, and should be default, so miners can work on other peoples hashes, and earn something in that way. Fees wouldn't necessarily be required, so miners could compute their own garbage once it hasn't been worked on before perhaps? Spam messages are tolerated an extent, since MD5 is fast, and miners can hash these for the public good anyway.

Similar networks could be deployed for all hashing algorithms, to get the clock ticking on their demise, and eventually it may highlight issues in the algorithm, and hopefully even result in a collision. There would be an ever present reminder for developers to stay away from weak hash functions, and use adequate salts for passwords, if something like this was working away in the background.
Doing one MD5 hash is far easier than creating a transaction and paying a fee to have someone else do it for you. The only way I can even see this being remotely plausible is if you made the tasks fairly difficult, e.g. by specifying a pattern that contains thousands/millions of things to be hashed.

People complain about the blockchain size of Bitcoin, a paltry ~20GB. Rainbow tables can easily reach 200GB or 2000GB. Rainbow tables that are distributed and where people are rewarded for doing low-interest hashes would grow fast. I for one wouldn't want to buy many TBs in order to have an MD5 lookup table/coin.
210  Alternate cryptocurrencies / Altcoin Discussion / Re: Distributed rainbow table network? (MD5 coin) on: June 24, 2014, 05:47:20 PM
Not this again, please
[image]
What if we found a way to harness the entire mass-energy of the Sun, not just the portion burned through by its natural fusion? Because that would certainly give you enough energy to count to 2^256. I'm using data from http://en.wikipedia.org/wiki/Orders_of_magnitude_(energy) that the minimum energy to change state at the lowest temperature yet achieved (100 picokelvins) is ~10^-33 J, and the mass-energy of the sun is ~10^47 J. 10^47 / 10^-33 ~= 2^266, so you might be able to count close to 1000 times 2^256 with the mass-energy of the sun. If you take the milky way with its dark matter/energy, you're looking at ~2^306 information changes.

In fact, since addresses are "only" 160 bits, you "only" need ~10^15 J (~400 gigawatt-hours; the world uses more electricity each hour) to enact 2^160 information changes at 100 picokelvins. Granted, RIPEMD160(SHA256(priv * G)) is much harder than 1 information change, but maybe not "burn out the sun trying" hard.

Don't get me wrong: I know that we'll not get even close to this being an issue for a very long time. But I think that image is highly inaccurate about how secure Bitcoin is. It takes best-case scenarios in some things (energy change, 1 flip = 1 hash), nearsighted ones in others (only one sun, can only get energy by letting it burn naturally), and completely ignores that 2^160 is the weak point of the current system, not 2^256. It's also very light on the science behind its claims.
211  Alternate cryptocurrencies / Altcoin Discussion / Re: Distributed rainbow table network? (MD5 coin) on: June 24, 2014, 12:06:37 PM
I wonder if all of bitcoins invalid block hashes were stored, would a collision have been found in SHA256 yet?
With extremely high probability, no. The network hash rate recently passed 100 PH/s. If we had been mining at 100 PH/s for 1 year, we would've done about 10^21.5 hashes (actual total number is probably lower than this, but will exceed it soon enough). There's a table on the Wikipedia article about the Birthday attack, which shows that for a 256-bit hash (assuming no known weaknesses), you'd need over 10^38 hashes to have a >1% chance of a collision.
So at 100 PH/s, we'd need to hash for around 10^16.5, or 31 quadrillion years. Even with increasing computer speed, I don't think we practically have to worry about a collision...unless maybe we find a way to harness the mass-energy of entire suns and galaxies, all for the purpose of finding a SHA256 collision.
212  Bitcoin / Bitcoin Discussion / Re: split in bitcoin on: June 23, 2014, 11:47:19 PM
Is it possible in future bitcoin splits in multiple groups of nodes/blockchains and every group claims as the original one like we see in religions and their sects.
Yes, a split is possible, and is called a hardfork. This has happened before, but AFAIK there's never been different groups claiming both branches should continue: rather, a code change in the core client causes a fork, and there is consensus on which chain should continue.

Sustaining a split would probably mean that Bitcoin Core is forked, so we have more than one maintained reference implementation: each chain might still like to call themselves "Bitcoin" and claim themselves as the "true" child of the original vision of Bitcoin, but by necessity one or both will have some identifier added to the name it's popularly known by.

Note that transaction outputs from before the fork would be spendable in both chains, while those after the fork would be spendable in only one chain. The effects of this would be interesting...I think it'd be highly destabilizing, discouraging the sustained use of the smaller of the two forks.
213  Bitcoin / Bitcoin Discussion / Re: Its bits - The Coinbase Blog Article on: June 23, 2014, 02:29:10 AM
I think this will just add to confusion as to how much exactly someone is paying or receiving. By having things priced in uBTC or mBTC will make the conversion to these units to BTC (and thus into fiat) very difficult as the conversation rate is not available without some level of research.
Conversion of uBTC or mBTC to BTC is not hard. It's trivial. That's why we're using the metric standards instead of charging in 1/16,384 BTC increments.
Converting into fiat does take a little research or knowledge, but using m/uBTC doesn't make this any harder.
214  Bitcoin / Bitcoin Discussion / Re: 1,000,000 bits = 1 bitcoin. Future-proofing Bitcoin for common usage? VOTE on: June 23, 2014, 02:18:14 AM
I voted for the millibit/mBTC option. Why? Because at the current value, and since I'm used to dealing with figures in USD, it makes the most sense. (by thinking in millibits, I can easily see figures like 0.019 BTC ~= $10, 0.5 BTC ~= $300, 0.0000132 BTC is insignificant, etc) If bitcoins become more valuable, we might move to microBTC/uBTC/bits (which is just a lousy word for microBTC - the metric system was invented for a reason!), satoshi, or nanoBTC/nBTC (if the protocol changes to allow values so small). Someone in Japan might prefer to see uBTC today, because they're used to dealing with the larger numbers in Yen.
We don't need just one standard abbreviation, but options are good. Flexibility is good, as long as we always have a straightforward way to convert back to a basic unit, i.e. bitcoins. Fixing into one unit besides bitcoins, or trying to imagine that bits is always going to be the "right" unit is silly.
215  Bitcoin / Development & Technical Discussion / Re: Riddle: Self contained proof / PoW on: June 20, 2014, 06:42:42 PM
If the cost of mining a block today is 25 BTC, and 1 year ago the difficulty was 10 times lower (as implied by the hashrate being 10 times lower), then the cost to mine the fake year-old blocks would be 2.5 BTC per block. Since this involves forging at least 10 blocks (you were a little fuzzy on the "a couple of blocks before" part, so let's take the worst-case scenario: the TX happened in the very next block), the cost is 10*2.5=25 BTC. As long as Alice's lie isn't worth over 25 BTC (~$15,000 today), Bob should be safe.

Unless a difficulty change happens to be within those 10 blocks, Alice can't modify the difficulty to reduce this cost, and Bob could see that such a change is suspicious. Instead, to minimize the chance of detection, Alice should try to make everything else about the blocks realistic - the block timestamps should be the same as the real chain (if you were including more than the block header, I'd say to include real transactions, too).

Note that Bob could guard against this risk by connecting to the network, even only as a lite client for a short time.

Also note that Bob has no proof that this TX is unspent, only that it occurred at some point.
216  Bitcoin / Wallet software / Re: Brainwallet with Vanity Address on: June 20, 2014, 05:07:17 PM
Is there any open source brainwallet that lets you make a vanity address, e.g. starts like 1777...?

If it does not exist it should be easy to make. In addition to the passphrase, the user should input the desired pattern. The javascript should generate addresses until pattern found. For each iteration it could use the passphrase + a counter.
A significant amount of work can go into finding a vanity address. It could take a prohibitively long time to refind the vanity address (with JS on the CPU, no less) every time you want to access the wallet.

I'd want to include the end count, at least to a little precision, in the brain wallet. You could encode this as a passphrase. E.g. let's say that the JS can try 10k per second to brute force the vanity pattern, and the vanity pattern you wanted was the 57,434,567th thing tried. The program would find the index to remember is "5743", which it encodes as "maybe inside" (with a list like Electrum's, you can have over 2.6 million two-word combos); if you tell it your passphrase along with "maybe inside", the JS can find it within a second. If not, then you have to let it start from 0 to find it.

Or, just take the resulting private key and encode that (with diceware/Electrum-style encoding) as a series of words, and use that as your brainwallet. It would be twice as long as an Electrum seed, unfortunately, which would make for a pretty tough-to-remember brainwallet.
217  Bitcoin / Development & Technical Discussion / Re: bitcoin-qt and transactions on: June 20, 2014, 04:17:22 PM
I'm wondering if it's possible to intercept bitcoin-qt (bitcoind) traffic and change the address bitcoins are going to.
I experienced this once when sending to MtGox and I'd like to know what actually happened.

I sent a tx to one address, typed in my wallet password and sent the tx. It went to a different address, but my MtGox account was still funded.
Was it just a compressed address or something else?
No, it's not at all possible to do that. The signature, created using your private key, specifies where the bitcoins are going. If someone modified that, the signature and transaction would be invalid. Transaction malleability can create confusion, especially when someone tries to use a transaction that's not in a block yet, but this will never result in "I signed this tx, and then the address on it changed without me resigning it".

I'm not sure what happened with you and MtGox; the most likely scenario is that you were confused about what address you were sending to, or confused your change address and your MtGox address.
218  Bitcoin / Bitcoin Discussion / Re: solution to rubber hose attacks on: June 20, 2014, 03:58:40 PM
even the US marshals publicly selling drug money this year are showing their greed instead of destroying assets.
Roll Eyes
Bitcoins aren't illegal, and they are valuable. Just like seized cash, houses, and cars that were used in crime, there is no good reason to destroy them when they can keep or sell them. It would be incredibly wasteful, even for a gov't, to do so. They're not showing greed, they're showing a bit of common sense.

Back on topic, though: there's no foolproof solution to a rubber hose attack, but a safe deposit box at a bank would be a good start. If possible, instruct the bank that (except in the event of your death) only you, unaccompanied, are permitted to access the box. This would mean that your attacker would have to leave you alone in the bank, giving you an opportunity to alert the police, or escape him completely.
219  Bitcoin / Bitcoin Discussion / Re: Very Early Adopters on: June 18, 2014, 05:33:58 PM
dont be afraid, people will accept and adopt bitcoin for sure
best example is that you can buy drink in every airport in the world with bitcoin (that would be so great)
you dont need currency exchanges etc, just your phone


Maybe you are right, people can be interested but using bitcoin everyday is actually risky.
If you lose your credit card, you can block your bank account. But if you lose your phone-wallet without password or in hacker hands, its very annoying. Lips sealed
Of course you can save your wallet with differents ways but its not clear to everyone and inconvenient.

BitCoin needs a large protection system to reassure imprudent people like my girlfriend, hah.  Cheesy
If you lose your (old-fashioned) wallet, someone else can spend your cash. If you lose your (Bitcoin) phone-wallet without a password protecting it, someone else can spend your bitcoins. The only difference is that if you have a backup, you might be able to spend your bitcoins first, whereas with cash it's gone (unless an honest person finds your wallet and can return it to you).

You shouldn't be carrying around more unprotected bitcoins than you would cash, and for the same reasons. Since entering a long (read: secure) password on a phone is such a pain, un- or slightly-protected bitcoins will probably be the norm.

I'll give you the fact that the current credit card/financial system is great for fraud protection. But that's not really possible in a no-trust scenario like Bitcoin.
220  Bitcoin / Bitcoin Discussion / Re: Why Google finance is showing flat increase of BTC price on 5 years range ? on: June 18, 2014, 04:16:03 PM
They added the tracker just a few days ago. They are still uploading all the data. And also, we should remember that no Bitcoin exchange has existed for more than 2 years duration continuously (has BTC-E completed two years?).

amazing, isnt it?  Smiley .... how often exchanges run away with your money
FTFY   Tongue
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!