You are totally right BlackHatCoiner but those are 2 different things, one thing is the 51% attack, where the miners can modify confirmed blocks, and the second thing is the double spend where the user modifies the unconfirmed transaction. That is correct. The miner does not double-spend; it gives the user the option to double-spend. I think, though, that I have clarified it enough, because I mentioned "reversal" alternatively to "double-spend". Whether the miner double-spends or "simply" reverses, the result is that your coins are prone to double-spending. hosseinimr93 After seeing your algorithm, I tried to do it in C++, but I don't understand why it's getting a minus. I tried with the help of that source, but the answer was a minus. The reason is probably because you're subtracting from 0 (see the definition of result and which operations you're doing to it). I cannot see, though, if you're printing result or 1-result. Here you go. I have commented the important parts. #include <iostream>
#include <cmath>
using namespace std;
// constant number 'e'
const double Euler = std::exp(1.0);
// factorial of integer x
int fact(int x){
int i, factorial = 1;
for(i = 1; i <= x; i++)
factorial *= i;
return factorial;
}
int main(){
// q = the proportion of hashrate the attacker possesses
// z = the total confirmations
double q = 0.4;
int z = 6;
double p = 1 - q;
double lambda = z*q/p, sum = 0;
int k;
for(k = 0; k <= z; k++){
// build the fraction first
double fraction = pow(lambda, k) * pow(Euler, -lambda);
fraction /= fact(k);
// sum is sum + fraction * (...)
sum += fraction * (1 - pow((q/p), z-k));
}
// print
cout << 1 - sum << endl;
}
Compile with " g++ -o attack attack.cpp" and run with " ./attack". |
|
|
|
You're being spammed by Satogram. As you can see yourself, it only costs about 65k sat to send a message to almost all the lightning nodes. In my opinion, it doesn't hurt. Just as email spam, simply put it on ignore. It's even better than email spam, because you're getting paid. Minimum, but still. Same thing can happen on-chain. If you didn't give someone your node ID, could they have gotten it from other parties that were on the receiving/giving end of LN transactions with you? You can send sat to any lightning node that accepts keysend without any invoice. Just its ID is enough. As you can see, NotATether does accept it. |
|
|
|
Those adding these tokens and "inscriptions" on the blockchain are willing to pay a ridiculous fee on the belief that the bitcoin blockchain does a better job at immortalizing their digital items. "What's the point of freedom if you don't have the freedom to make mistakes?". I agree that Ordinals is trash, and we should warn everyone about it, but we shall not ever dictate to them what they are allowed to do for their own good. And let's be honest here, we don't care at all about them. We only care about ourselves paying a little more than usually in transaction fees. They utilize the feature of discounts for their own purposes What discount are you talking about? We are all allowed to select any fee rate we want. Ordinal users have priority, because they pay outrageous amounts of money. Pay more than them to have greater priority. Isn't that fair? |
|
|
|
A mixer by definition requires some kind of centralization I consider coinjoin and payjoin "mixing", therefore there are decentralized mixers like Joinmarket. We could argue the strict definition, but to me, the fact that there is no central point of failure in coinjoin makes it decentralized enough. Bisq is not a mixer. A mixer takes currency and returns obfuscated currency but it's the same currency. A mixer is an entity / entities which allow the obfuscation of coins. If you send BTC for XMR, and then XMR for BTC that should be considered mixing. |
|
|
|
[...] The best selling point of Ordinals is that they are embedded in the most secure and decentralized blockchain, Bitcoin's. They could be implemented much cheaper in a sidechain, or an altcoin, but this would result in just another useless token concept which would be forgotten after a couple of months. Think of an altcoin that can survive in the long term, allows you to embed trash and is equally censorship resistant such that its community would be highly discouraged from excluding that trash specifically. I don't think there is. |
|
|
|
My wallet has enough balance and I successfully created the channel.
Have you ever paid anything with lightning in this wallet? Simply creating the channel does not mean that you can receive coins. At least, not in this software. In other software, there exists a feature called " dual-funded channel". In Electrum, however, you have no receiving capacity once you create a channel. You don't need to post a screenshot. Just tell us what the messages say. |
|
|
|
For now, if you are a miner, you can transfer your hash on ocean.xyz and support a pool that doesn't mine ordinal and such transactions. Hopefully the core devs also listen to the community's needs sooner or later.
Let's leave ideologies asides for a moment. Why would a miner want to mine in a pool that deliberately ignores thousands of transactions? Whether you like it or not, we can do what ever we want with it long as there is a majority consent for it.
Even better. You can choose any network you want, without majority approval. That's the game changer. We don't need Bitcoin elections. Simply spin up a Bitcoin client with X rules. See who follows. Done. Problem is. Almost every single such attempt ended up a huge disaster. Even Bitcoin Cash which is the strongest as of now among the Bitcoin copies does not stand strong enough to convince every body into believing it is better than the O G Bitcoin.
It ended up a disaster in the eyes of the majority, perhaps. But, I'd argue that for the proponents of big blocks, Bitcoin Cash is the ideal Bitcoin (or as they'd call it, "OG Bitcoin"). Majority might have selected Bitcoin, and that's why it has been a hell of a better investment, but for a proponent of big blocks who simply wants a peer-to-peer cash system, Bitcoin Cash serves a better purpose. Done, we are all happy. That's the beauty. |
|
|
|
|
"Added features" is a bit of an improper way to put it. There are no features added, apart from softforks like Segwit and Taproot of course. Ordinals is a concept that makes use of the already existent features.
You don't like paying high fees. None of us does. However, it is the nature of the system such that the demand and supply of the block space defines the transaction fees. Censoring a transaction you don't like is a thing that happens in fiat. Not in here.
|
|
|
|
This will actually equate Bisq exchanger to a mixer and allow transactions to disappear in an unknown direction. No matter how the service gets into trouble with government agencies. Bisq was already considered a mixer. It allows you to trade BTC for XMR in a non-custodial, decentralized fashion. And there is no entity the governments can address to. That's why I believe this is far more beyond their control than traditional mixers they can take down. This is something I don’t really approve of, when an application becomes overgrown with many different functions, turning the client into a bulky and clumsy combine (multi tool). Hmm, I can partly agree. However, it needs to be said that it would be better to do all your Bisq activity via Tor, and not resort on Internet boards, for maximum privacy. It is basically their goal to make it as much easy for the public as possible. |
|
|
|
Maybe because we are thousands of users being satisfied with the service? I'm satisfied by the service as well. However, I found this detail in their ToS: We may at any time require you to complete our ID verification process and may also require you to submit additional identification documents to AgoraDesk if we deem it necessary. Failing to complete ID verification will be considered a violation of this agreement. We may close (upon which the account's cryptocurrency arbitration bond and fee balance will be forfeited), suspend, or limit your access to your account or to other Services we offer, and/or limit access to your cryptocurrency arbitration bond and fee balance for up to 180 days (or longer if pursuant to a court order or other legal process) if we consider that you are using the AgoraDesk platform to scam other users or for any other unlawful purpose, or if we receive reports that you are communicating unlawful or defamatory messages to other users [...] I thought AgoraDesk was completely non-KYC[1], but as it turns out, not only can it turn into a KYC exchange, but it can suspend the user's account and confiscate their coins if they fail to complete the KYC. Unless I'm missing something, please someone correct me. Maybe the user letsxmr was banned due to an assumption their coins originated from criminal activity? Otherwise, I don't see which rule they violated. [1] In addition to the fact that the platform can function without JavaScript, AgoraDesk is also committed to maintaining simplicity and privacy, so it never requests KYC/ID verification and never plans to do so. |
|
|
|
|
Scam. They have disappeared and YouTube premium no longer works.
|
|
|
|
Not exactly distribution between miners, but from the explanations above and on the whitepaper, the hashrate of the attacking miner in relation to the hashrate of the other honest miners determines the final outcome. That is correct. It is the proportion of the total hashrate the attacker owns that is used as a parameter in both the whitepaper and the tools by G. Maxwell and J. Lopp above. However, the distribution of the hashrate is not relevant, which is what I was responding to. Since the dominant pool (foundrydigital.com) only has 28.4% of the network, they can't do the 50% attack Think of it this way: Anyone can attempt to execute a 51% attack. However, if you own less than half the hashrate, then it becomes exponentially less probable the more the blocks. However, you might stand lucky with 30% of the hashrate and reorg, say, the past 2 blocks. That is quite probable to happen in fact, you have 44.6% chance. What is exponentially improbable, as time goes by, is to maintain a chain with more work than the rest of the network, therefore to continue launching the attack forever. By the time you will have started reorging the 5th to last block, the rest of the network will be way ahead of you, so you will have to work even more to keep up with the new blocks, and it goes on and on. The honest miners will build faster than the attacker, and outpace him.
That was the first quiz, and you all did pretty well. Class passed! More Bitcoin questions will come in the next days. Whoever has thought of a good question can drop me a PM, and I'll take it into consideration. Have a good week.  |
|
|
|
I guess my question is I'm not sure exactly what signing a message is doing. A signed message proves that you're the owner of a public key, because the only way to sign a message of a public key is to own its private key. This is how coin ownership is retained without disclosing the private key. You simply sign a message that says what you want to spend etc. Signing a message shouldn't be a trouble, but after reading the reddit post, I wouldn't feel as comfortable as I do with Bitcoin signed messages. I have no idea how Ethereum works, but as it turns out from the first reply, signing transaction hash can grant ETH ownership. Signing a simple "hi, this is <date>" would never harm you in Bitcoin, but I wouldn't cross my fingers it will neither harm in crazy-Etherland. |
|
|
|
|
The big upgrade is Bisq Easy, for the time being. The next upgrades will be a new optimized Bisq multi-sig protocol, submarine swaps (BTC<->LN), LN to fiat, liquid to fiat, and finally my favorite, BTC/XMR atomic swaps! Unfortunately, the atomic swaps appear to be on a low priority in development (their release is scheduled in Q3/2025).
I installed the client. I like that it is more lightweight than before. What's also better in v2, is that it contains an internal discussion forum, plus some educational content in "Learn". That minimizes the activity outside the client (i.e., in forums etc).
|
|
|
|
I suspect this scenario is unlikely, but is it technically feasible?
It is technically feasible with lightning. However, that's under the assumption that you have a custodial mobile wallet with a few thousand sat in it. Non-custodially, this can't work practically. Nobody carries a lightning node in their phone, neither a mobile wallet connected to their lightning node running at home. And there is always the possibility that the payment will fail in the cash register. On-chain is a no-go. You would pay a Big Mac for transaction fees alone. Also, customers can't be expected to wait 10 minutes (in the best case scenario!) for their order to finish. (The merchant can't accept 0-conf, because the client could just do RBF and double-spend it) |
|
|
|
Foundry USA has 30.74% of the bitcoin total global hashrate. If he waits for 10 confirmations, he will have the risk of chain reorg reduced to 5.11%.
Correct! Although hosseinimr93 explains the why. To get a more accurate estimate, you would need access to data such as the hash power distribution among mining pools How can hash power distribution among mining pools affect the final outcome? The chance depends on the fee rate used by your customer. Since the mining pool is dominating, if the fee is nice enough for them to add a single confirmation, others will have almost no choice than to confirm the transactions also as they proceed mining the block. We assume, as I've written, that your transaction already has 10 confirmations. So the fee rate is irrelevant. c)which is different compared to if someone added a tx in by 835,000
but the malicious pool was already making its own chain since 834,750 but doesnt broadcast it until 835,010 The whitepaper demonstrates that if the attacker has less than half the hashrate, their chance of building a longer chain becomes tiny exponentially. Therefore, when Foundry will have built from 834,750 to 835,010, the rest will be higher than that. (The exact block number they're likely to be is a great future question, though!) |
|
|
|
Maybe I should leave it for a few hours, so I can let new readers correct others or post their own estimations. |
|
|
|
I decided to start these forum quiz-series, where I'll be asking questions of educational character, to improve the average user's knowledge around Bitcoin. The questions will mostly be technical and historical. To create an incentive, I will generously merit the first person who replies with the correct answer. If that is not good enough incentive, I'll create a leaderboard! - Your answer needs to be explanatory. Not just a yes-no or a single number.
- If nobody finds the answer until the cut-off date, I will submit it.
- Have fun! It's a game.
Question: The dominant mining pool, at the time of writing this, turns evil and uses its hash-power to reorg the chain. A customer of yours sends you a transaction. If you wait for 10 confirmations, what is the chance that the dominant mining pool successfully double-spends / reverses your transaction? Cut-off date: 23/03/2024. |
|
|
|
Any way to raise fees that is not crazy expensive is being tested by large miners. And your evidence to support this claim is... ? But if I am foundry grabbing ⅓ of the blocks raising fees is in my interest. First of all, let's define what it means to "raise the fees". A miner cannot force a user to raise their transaction fee. A miner can only express their disapproval by not mining transactions paying less than x sat/vb. But, this gives their competitors the option to earn those fees. And since Foundry controls 33% of the hashrate, then it is a matter of time until transactions paying less than x sat/vb are mined by the rest 66%. Related topic: What happens if pools try to maximize fees by congesting the network? |
|
|
|
BIP39 algorithm is open source (is known) and pretty straight forward so it is very easy to implement. This means there isn't a need for a special software written by some super expert programmer to be used. If you know basic programming you can write a tiny script that performs what's needed in BIP39 to convert your seed phrase to a private key.
Nonetheless, people shouldn't be expected to write their own recovery software, no matter how simple it might be. That's recipe for disaster. Some people may hate me after I say this, but Bitcoin Core isn't a very newbie-friendly bitcoin wallet. BIP39 has been around for a decade, and they could have added support for it. The developers either don't want to, don't see a great need for it, or there aren't enough requests to add it. Neither of the three. According to this reply from Bitcoin Core developer achow101, it is not considered "safe enough": BIP 39 is not in Bitcoin Core largely for implementation reasons and because BIP 39 is not as secure as it could be.
The structure of Bitcoin Core's wallet doesn't really allow for BIP 39 to be implemented. The current structure doesn't allow for 512 bit seeds as BIP 39 specifies, and adding it would require some significant changes to the wallet code. Implementing BIP 39 would also require implementation of PBKDF2, although that isn't very hard.
Also, more generally, many Bitcoin Core contributors don't consider BIP 39 to be secure. It uses PBKDF2 which is generally regarded to be a fairly weak KDF so it isn't considered to be good for the secure storage of all of your Bitcoin. Some software (such as Electrum) used BIP 39 in the past but have switched to using their own mnemonic algorithm because of this weakness in BIP 39.
BIP 39 mnemonics have some other issues as well such as version numbering (or rather lack of) and the use of a fixed wordlist. Electrum has documented their reasons for why they don't support BIP 39, and those reasons are the same for Bitcoin Core.
That does not explain why they haven't come up with a similar, more secure standard like Electrum, though. |
|
|
|
|
Show Posts
