This guy is a scammer trying to promote Craig Wright's con.

Here is a post where I nail him for lying about knowing Satoshi: https://bitcointalk.org/index.php?topic=2112829.msg54279907#msg54279907

This thread keeps getting derailed by offtopic trolling. Locked.

Yes, hybrid keys in non-segwit scripts are valid-- as they were accepted by the original software by virtue of openssl's behaviour, but they're non-standard so they generally won't relay or get mined on mainnet.

ANSI X9.62-1998 Sections 4.3.6 and 4.3.7, "Hybrid pubkeys".

It's a useless combination of compressed (sign flagging) and uncompressed (65 bytes).

You added yourself years after Satoshi was no longer active: https://web.archive.org/web/20141022054522/https://p2pfoundation.ning.com/friends/SatoshiNakamoto

It looks like you created your account in March 2014 and the first thing you did was leave a comment promoting a shitty altcoin on a more than five year old post by Satoshi.

If you knew Satoshi in any way there certainly isn't any evidence at the link you provided-- quite the opposite: Most people don't tend to go around writing impersonal "Thank you for the clarification" messages to five year old posts by their friends. They especially don't go sticking tacky ads for their competing offerings on them.

Why do all these satoshi obsessed people need to be incompetently lying pieces of shit?

Why would you consider this a bug?  Yes, it could have been implemented differently, but the definition of CMS is that signature validation passes N of M times.

Obvious ways of implementing it-- including the way it was originally implemented-- wouldn't provide for any way to determine exactly why a signature failed to validate only that it did.

In fact Wright has shown extremely profound technical ignorance about Bitcoin, but he says that what he is saying is brilliant. Because you, yourself, are incapable of directly evaluating his claims you make the mistake of believing him and other similarly uninformed persons.

Of course, not absolutely everything he says is untrue or gibberish-- some things he just copies out of the bitcoin wiki or old posts and chatlogs.

This is a great point and it's something to keep in mind.  I do think that many of the people wright fooled could have and should have done better, but none of us should feel confident that we couldn't have been fooled. We could have. Maybe the trick that would have fooled us would have been different or the situation that succeeded would have been different. But humans make mistakes.


To be fair, the only thing that ever appointed him as Chief Scientist of anything was an organization that he, alongside Jon Matonis (Former Nchain Vice President of Strategy), Roger Ver (another prior Wright sucker, massive shitcoin promoter), Peter Vessenes (stole millions from MTGox customers and is holding up the distribution of the remaining mtgox assets with frivolous litigation),  Charlie Shrem (went to jail for money laundering), and Mark Karpeles  (lost customer funds at MTGox and went to jail for smaller scale embezzling) created.

There are plenty of defences that can be offered for the Bitcoin Foundation and the people involved with creating it but I don't think anyone can argue that it was some dream team of people went on to demonstrate good and careful judgement.  

Validation of Wright's evidence is a question for a technical expert. Gavin had sufficient expertise to demand the right things-- he had even previously published a more or less reasonable laundry list-- and he didn't. He also knew enough to know the basic limits of his expertise, such as being unable to determine if a random windows PC had been tampered with. Most importantly, he should have known that he was being asked to participate because his enforcement would be taken as a high degree of assurance, nearly proof, by the media and the public -- and as a result deserved either an appropriately diligent vetting on his part or a refusal to participate if he was unable or uninterested in providing one.

From my perspective it was just another example of a long history of poor judgement.
 
The fact that anyone can be tricked is why it's so much more important for people who will be perceived to be an authority to make an extra effort to not get tricked or just not play along.  So I think here the issue isn't so much that wright tricked him, it's that he shouldn't have been exposed in the first place, and that to this day he still has do little to nothing to walk back the damage.  Wright suckers still continue to cite his equivocation as evidence to support wright. I  think Ver is one of the less ethical people around cryptocurrency, and yet even Ver did better and eventually provided an unequivocated statement against wright's claims.

I'm really sad to hear this. It seems like bitcoin faces such tremendous headwinds.

Indeed, I don't know that he'll run it again in May.  But when 6 months from the last run comes up I'm going to nag him to do it.  I got seriously gimped in the last update because I'd been inactive for a while.

BIP37 has zero privacy.  https://en.bitcoin.it/wiki/BIP37_privacy_problems   Electrum also has extremely poor privacy but at least its upfront about that and actually works well, the BIP37 approach is pretty much the worst of all worlds-- it takes forever to scan the chain plus it identifies and links your addresses and it makes nodes DOS attack vulnerable in the process.

That sounds like a DOS attack, to be honest.  I usually see weeks pass without a single connection from an actual SPV client,  though there are bunch of shitty spy things that pretend to be them.  It absolutely shouldn't be making remotely that kind of difference.


uh, also, 125 is the maximum connections.

The only issue it exposes you to are DOS attacks and any bugs in that functionality... though bugs seem fairly unlikely at that point.  The DOS attack issues have been exploited in the wild, so for a rarely used and not very useful functionality.

Wrong question.  Difficulty is floating, it'll adapt to whatever is there.  A single asicminer using a hundred watts is enough to keep blocks being produced.

The question you should instead ask is "how much of an increase is needed to keep security acceptable?". Because if a single asicminer is all thats keeping the network going then two asicminers would be all that were needed to reorg blocks and replace recent transactions (and twenty could replace ones that weren't particularly recent!).

A couple years ago during congestion before segwit was rolled out, there were sustained total fees in amounts similar to the block subsidy!  So I think that's pretty strong evidence that fees can be high enough to provide for reasonable amounts of security.

At the moment Bitcoin arguably has too much capacity now between changing usage patterns (e.g. batching, and sweeping during low fee times) and segwit and as a result fees are floating at about 2% of subsidy and often running right at the default minimum relay fee. After the halving they'll end up about 4% (though, likely they'll go much higher in a brief period after the halving due to congestion, due to the rate of block production going down for a little while).

The little tombstone icon seems rather playful-- I'm reminded of old shareware rpgs-- for something that should be at least somewhat sombre. Maybe a unicode block instead of an image at all:  █

One thing to keep in mind for these TMTO approaches is that the pre-computation size can be amortized across multiple problems. So, for example, on a 2TB ram (plus a few TB of disk) host you can build up a 2^38 ish-sized table and reuse it against multiple problems... and solve each additional 64-bit search with 2^25 operations each.

The optimizations to get low memory don't work quite as well for amortizing multiple problems, or at least are much harder to implement.

Andytoshi wrote a static analysis tool that was sound but incomplete... it would find scripts that could never be satisified, e.g. because of types/length mismatched.

IIRC other than those large MTGOX outputs there wasn't a whole lot more.  There is a large number of low value ones created by a p2pool bug and a smattering of other things.

While standardness might have helped, the big reason you don't find any is because people don't like throwing their coins away!

Perhaps, but quite a few times people have shown up with "cracking" tools that turned out to be a scam. It's a pretty standard MO. In particular several of the more recent ones have setup making these seemingly pointless "advertising posts" then nailing people who PM them, e.g. by sending them the software privately where other people can't call it out for being malware.  I guess they feel better about robbing people because they imagine they're robbing other thieves.

If your program could actually do what you claimed-- evaluate 2.2 petakeys per second, then it could find keys whos pubkeys have 60-bit leading zeros quite quickly.


But instead you demand a starting point _and_ a public key (rather than, e.g. a key hash). Which means you cannot actually do what you claim, because you need to compute a point difference in order to use a precomputed table.  One we consider that, instead what you claim is not impressive-- it is outright slow.

Assuming that the pubkey isn't available for that challenge payment-- go solve it.  It's worth several thousand dollars, so if you could actually operate at the speed you could you wouldn't be wasting my time, you'd be collecting the bounty.

Or go start at key 1, within 2^64 operations you will find a pubkey that begins with 60 zero bits with very high likelihood.

No I am talking about finding the private key for ANY pubkey which matches a particular criteria: one where the first 60 bits are zero, so that it will take on average 2^60 operations to find it.

Your first post said a speed of 2.2 PH/s.

And I suggested two days.

You should be able to find a key matching the property I described in about 2 days at 2.2PH/s.

Man, why you gotta tell me this at 5am when I'm too tired to go actually attempt collect it. I'm going to guess the pubkey isn't available, or otherwise this would have already been solved.