Sure, your method protects against that specific attack, but it does not guarantee your wallet is "normal" as you suggested.

It is far from ideal, though. A 24 word seed phrase provides 256 bits of security. 10 random lowercase characters provides only 47 bits. You shouldn't be relying on only a passphrase for all your security, and definitely not one so short.

So as pooya has explained, the address 3EdE6sjQtr1p8DeroVCCPUqSRFBbN8vqWz is a 2-of-3 multi-sig. This means it was created using three different private keys, and any transactions spending coins from it must be signed with at least 2 of those private keys. Your wallet only contains one of those private keys. You will need to export your partially signed transaction and import it in to a wallet containing one of the other private keys to sign the transaction again and then broadcast it.

Do you remember how you created this wallet? Where else or who else did you set it up with?

Because I reject the notion that removing the fixed limit is either "something small" or an "improvement".

Bitcoin is well known for having a fixed supply. Even people who know little else about bitcoin, know it has a fixed supply. Removing the fixed supply and moving to an inflationary model is not something small, but rather is changing one of the fundamentals of bitcoin; a fundamental that many people based their decision to buy bitcoin on. The uproar would be massive. I can just see all the low quality clickbait headlines now about how there are now potentially "infinite bitcoin" and therefore it is guaranteed to be worthless in the future. If we can change something so fundamental to bitcoin, something that Satoshi himself set, then what stops us changing anything else? What stops us making it 10% a year, or 100% a year?

As DooMAD has said, if you need "more" coins, then you can simply divide them in to small denominations. Changing the fixed supply is fundamentally changing bitcoin.

But how do you know your wallet is not generating seed phrases from a bank of several thousand or so which were pre-generated by an attacker? Just because the address did indeed come from the seed phrase you were displayed, does not mean your wallet is "normal" or safe.

You need to have some way of verifying the firmware which is installed on your hardware wallet, or verifying the updates you are applying to it, and verifying that the firmware is truly generating a random seed phrase. You could also mitigate this by using a long and complex passphrase (and then verifying that the addresses you are being displayed are indeed generated from seed phrase + passphrase), so even if an attacker knew your seed phrase they still could not access your coins.

Why? Addresses which have not revealed their public key are quite safe, no?

This is by far the more contentious issue and the one which will require much more discussion than forking to a quantum resistant algorithm. If sufficiently powerful quantum computers come along, then there will be consensus regarding forking to a quantum resistant algorithm, otherwise it will be the end of bitcoin. What there won't be consensus on is what to do about all the coins in reused addresses and old P2PK addresses which are susceptible to being stolen, including ~1 million bitcoin which are theorized to belong to Satoshi. I am very much in the "Well, let them be stolen camp", but I know that we disagree on this issue.

I mean, I completely reject the notion that some coins are "dirty" at all. As soon as a "dirty" coin has made a single transaction, then that coin could have changed hands in a perfectly legal transaction, and therefore you can no longer say that it is dirty, tainted, illegal, or any other nonsense. You have no idea if the final recipient of that coin bought it fair and square.

Also, if you are concerned about receiving "dirty" coins because you use some centralized service which is anti-bitcoin and buys in to this ridiculous notion, then you can either simply stop using that service, or mix the coins.

Depends what altcoin they are exchanging it to and how they exchanging. Some completely centralized coin like BCash on a centralized exchange? Easily tracked. An anonymous coin like Monero in an anonymous atomic swap? Almost impossible to track.

It's a good idea, but those coins in the pre-signed transactions do lose some security by doing this.

If I am carrying around pre-signed transactions moving multi-sig funds to my hot wallet, then those coins are really only as secure as those funds which are already in my hot wallet. If someone is going to compromise either me or my phone and steal the coins in my hot wallet, then they can probably steal the coins in these pre-signed transactions (which are presumably saved on my phone) as well. I suppose if you encrypted the transactions them then it does give you plausible deniability against a physical attack.

It's definitely still preferable to carrying a hardware wallet which can be wrench attacked to empty your entire multi-sig wallet, though.

Just because I have nothing to hide, doesn't mean I have anything I want to share. You probably aren't doing anything illegal inside your house, yet you still have curtains on your windows, right? Why is it any different with bitcoin? Why would I want to allow any stranger to either peer in to my house and peer in to my financial history?

If we decide that only criminals needs privacy, then only criminals will have privacy.

That's kind of why I wish ChipMixer would pay me in chips rather than bitcoin, since the bitcoin they do pay me gets immediately sent back to a ChipMixer deposit address. It would save two unnecessary transactions, as well as obfuscate the amounts being paid.

I know we've disagreed on this before, but I'm going to disagree with you again. Using a non-KYC exchange is still bad for your privacy. This is becoming more true over time as more and more regulations are being passed, non-KYC exchanges and non-KYC accounts are being clamped down on, exchanges are more extensively cooperating with blockchain analysis, and so on. When there are services like ChipMixer which can be used with even smaller fees than non-KYC exchanges, then there is really no good reason to go down this route.

This error appears when the transaction has not been signed properly or completely. This most commonly occurs when you have a multi-sig transaction which has not been signed with the threshold number of keys. Another possibility is that you are using a wallet made up of imported private keys and have failed to import one of the private keys required for an input in the transaction you are trying to sign.

Are you willing to share your raw transaction hex here so we can take a look? Is your wallet standard, multi-sig, or imported keys? Did you generate this transaction from scratch in your own wallet, or did you import it from somewhere else?

A common problem. Open an account - no problem. Link a payment method - no problem. Deposit some fiat - no problem. Buy some bitcoin - no problem. Withdraw that bitcoin - hold on a second! We need selfies and documentation of all your income for the last 3 years!

It wouldn't surprise me in the least if most big exchanges, not just Coinbase, are fractional reserve at this point. Huobi (the second largest exchange in volume) have been caught using users' deposits for investments, loans, and other purposes, without their knowledge and consent. If you are sitting on a million bitcoin as Coinbase claim they are, then it's just good business sense to use that to make more money. Not so good for you customers, though. Also easily done when your cold storage is deliberately structured so it is impossible for any outside entity to identify how many coins you are holding.

This is what I do. If I cannot create a reasonable amount of change by selecting appropriate inputs, then I don't want to create a dust output. I'm going to lose a significant amount of the value of it anyway when I try to spend or consolidate it, and it will almost certainly compromise my privacy in the process. In the past I've either bought an extra item from the merchant or added something else to my basket to spend the dust, added it on to the payment as a tip or donation, added it to the fee, or redirected it to a donation address of a charity or organization I support.

Particularly since the wallet does not know what fee you will end up selecting for such a transaction, or even if you might bump the transaction fee in the future. I might end up wanting to send a transaction with very high priority for whatever reason, selecting a high fee, and then my wallet starts throwing in unnecessary inputs and costing me a lot of money.

I wasn't suggesting it was a popularity contest, but rather the community as the forum as a whole. Someone would have had to report my post and a mod would have to agree with the report. If that happens to me ten times, then it is obvious to anyone that it is me who is in the wrong here.

I don't think so. We make exceptions for plagiarism, no reason we can't do the same for spam. And even then, you could make the limit 50 posts per 30 days. There are very few users who would have 50 posts deleted for spamming in a 30 day period and actually be a net positive for the forum.

Actually wouldn't make much difference to me. I always use suchmoon's script which will simply queue up all my reports and send one every 5 seconds (if I set it to 4 seconds then sometimes it messes up due to latency). It does mean that sometimes I have to walk away from my computer for 10 minutes while it processes the queue of reports I have generated though.

Continue to use bitcoin as I always have done (except I won't be alive ). Bitcoin was built on a fixed supply, and Satoshi himself acknowledged the issue of lost coins, calling them a "donation to everyone". Any plan which will mint additional bitcoin will almost certainly be rejected by a supermajority of nodes, miners, and users.

You don't need to redominate, just add additional zeros after the decimal point. Lightning already works in millisats, or 0.00000000001 BTC, which is an additional three decimal places over the base layer.

Many payment processors, services, and merchants, all set a minimum fee rate which is required for payments. What makes you think they would all happily accept zero fee transactions?

Yeah, as BlackHatCoiner has said, I would probably use Electrum to achieve what you are looking to achieve. If you want to be able to spend bitcoin on the go as you would with a credit card, but then "freeze" it when you are not planning to use it, then this is what I would do:

• Create a 2-of-2 multi-sig Electrum wallet using Electrum on your phone as one wallet and Electrum on an airgapped computer stored safely in your house as the second wallet. (Obviously using verified downloads, backing up the seed phrases on paper, and all the other usual security precautions.) Send your coins to this wallet.
• Create a standard Electrum wallet on your phone, which will be used as your daily hot wallet.
• When you want to unfreeze some of your coins, send a portion of them from the multi-sig wallet to the hot wallet. This will require signing a transaction from both your phone (which can be thought of as analogous to your credit card in this case), and your airgapped computer (which can be thought of as analogous to your credit card's freezing function). Return any coins you don't want to unfreeze as change to a new address in the multi-sig wallet.
• The coins you just unfroze by sending to your standard mobile wallet can be spent normally, as and when you desire.
• If you want to freeze them again, you can send them back to a new address in the multi-sig wallet. Since you are using your phone for both wallets, you can easily obtain a fresh multi-sig address while on the go.

The only downside I can see here is that you can only unfreeze coins when you are at home. You could work around this by replacing the airgapped computer with hardware wallet you can carry with you.

Yes, plenty of wallets will automatically select inputs, and plenty of wallets do so in a way which compromises the user's privacy. All I'm saying is that I wouldn't want to use such a wallet or feature.

Yes, this is exactly what I'm saying. It would automatically include any dust inputs in to a transaction you are making so they are consolidated in to useful change at the same time. This is bad for privacy unless you are very carefully selecting which inputs to use.

A P2PKH input is still ~148 vbytes. Given that a dust input could be as low as 546 sats, then even a fee as low as 4 sats/vbyte might cost you more than the value of your input.

If you don't care about privacy, then the best solution is simply to consolidate all the dust in your wallet at once whenever you make a 1 sat/vbyte transaction. If you do care about privacy, then you should try to avoid creating dust in the first place, and if you do, then be very selective about which other inputs you consolidate it with.

As I understand, you are proposing a system that whenever you make a bitcoin transaction which will create some amount of non-dust change, the wallet automatically includes any dust inputs you have in your wallet to consolidate them in to your non-dust change and make them useful again.

There are two main issues with this.

1 - Fees. Depending on how full the mempool is and how much you decide to pay in fees, you might end up spending more to include the dust input than the dust input is actually worth. You may end up losing money by consolidating it.
2 - Privacy. I absolutely would not want a wallet which included unnecessary inputs in to my transaction without me telling it to. This would result in change addresses from previous transactions being linked to new transactions you are making, and greatly compromising your privacy.

All this site seems to do is track the history of the coins to any known addresses. So if your coins have come from an exchange (for example) but from a new address which is not known to be associated with that exchange (which frequently occurs), then it won't pick that up and will keep looking further and further back. It's easy to see how that could lead to very inaccurate results. I also don't see why anybody would use it in the first place. "Hey, I've got some coins that I think might be rejected by an exchange or other service. Should I pay 3 bucks to find out whether or not they will be rejected, or should I pay less than that to mix or coinjoin them and completely eradicate any dubious history from them?"

No, they won't be.

A quantum computer doesn't just perform the same calculations faster than a regular computer. Rather, depending on the problem it is solving, it can use different processes or algorithms altogether. Instead of it taking an exponential number of operations to reverse a public key to a private key (2^x, where x is the number of bits), it only takes in the order of x³. Moving from 128 bits to 129 bits for regular computer adds another 3.4*10³⁸ operations, but for a quantum computer, only adds another 49,547 operations, which is trivial. It's not simply a case of adding more bits - it requires a fork to a different algorithm altogether.

It is likely that at some point in the future, quantum computers will become more energy efficient and cheaper than ASICs when it comes to mining. This will not be a sudden event, but rather a gradual process, just as the move from GPUs to ASICs was not a sudden event. Just as the owner of the first ASICs couldn't suddenly mount a 51% attack, neither will the owner of the first quantum computers designed for mining.

No, they can't.

Quantum computers can exponentially speed up solving the discrete logarithm problem, but can only linearly speed up finding a collision for a hash. What this means in practice is that they are only useful for brute forcing private keys in which the attacker knows the public key. Given that you public key is only revealed when you make a transaction, sign a message, or otherwise choose to share it, then if you only ever send bitcoin to brand new addresses which you never reuse and never share the public key of, then your bitcoin is 100% safe. A quantum attacker cannot obtain a private key only from knowledge of the address.

Further, quantum computers aren't an "all or nothing" thing. Sure, the first quantum computer might hit the market in a decade, but it will be inefficient and have a very small number of qubits. It would still take thousands of years to crack a single private key. It will be centuries before quantum computers reach the stage that they can reverse a public key to a private key in a "fraction of a second".

At some point, bitcoin will fork to a quantum resistant algorithm.

If anyone is interested in checking it out, the onion link is here: pdcdvggsz5vhzbtxqn2rh27qovzga4pnrygya4ossewu64dqh2tvhsyd.onion

You must first purchase "tokens" using Monero. Tokens range from $1.20 to $3.00, depending on how many you are buying. Each token provides a lookup on one address. Most interestingly, you can see a full example analysis here: http://pdcdvggsz5vhzbtxqn2rh27qovzga4pnrygya4ossewu64dqh2tvhsyd.onion/example

It seems that they simply trace back all the coins in the address you give them until they arrive at an address which is known to be linked to one of their categories - Darknet markets, scam or thefts, exchanges, gambling sites, ATMs, payment processors, etc.