It wasn't really a rhetorical question. Given how the argument is centered about UTXO size, I was wondering if you were concerned about blockchain size as well.

I think this "solution" has been discussed quite a few times, and I don't really find it an issue anymore. We've had pruning for quite a few years now, and it describes exactly what you're talking about. Where users choose to save how much block data they need while discarding the rest and retaining the UTXO. If you prefer to trust someone to tell you what is right at a certain point of time, instead of validating yourself, then it would be better to just use an SPV wallet. I don't expect the majority to require a full node and in the near future, SPV nodes should fulfill their needs instead of wasting their resources to run a full node if they are unable to.

Anyhow, throughout my time here, I've seen this solution being proposed more than a dozen times. The reason why the UTXO commitment or blockchain truncating isn't viable right now is that the user has to trust that the commitment is accurate and isn't intentionally manipulated. I would think that this only serves to solve the problem with regards to the storage space, for which pruning is sufficient.

That is wrong. Running a full node isn't equivalent to mining. They cannot mine a block just by running a full node, you need sufficient computational power for that, for which he definitely doesn't have. In a perfect world, economics might function on a supply-demand concept but it is hardly the case. It is just wishful thinking for people to assume that it will rise just because of it's deflationary principle.

If anything, the tweet is only to raise more awareness. It is easy to run a full node and everyone can do it. It isn't a big deal for anyone to do so.

Agreed. Electrum's implementation at it's current stage is not user-friendly enough and is quite annoying to use.

Lightning network has intrinsic benefits over the primary layer but it isn't all that applicable at this stage. Not a lot of people use LN for day-to-day transactions, or even Bitcoin for that matter. The fees are low enough right now, and we don't have to care about inbound capacity either. It becomes a self-perpetuating cycle, where if adoption is low, then no exchanges would adopt it and the cycle continues.

You can theoretically have more than enough derivation path to find the desired vanity addresses without having to switch keys. The prefix or the pattern of the addresses are independent of the seed or any other factors, so you'd have to keep track of the derivation path as well as the index. It can be quite tedious but it would allow you to have all of the vanity addresses being derived from a seed, but with differing path and non-sequential indexes.

This has nothing to do with Ledger. Ledger is rightfully throwing a warning because the derivation path is not standard to them. If anything, either the user is using one that isn't commonly used by Ledger or Electrum is using a derivation path like that. It was an issue previously which Electrum solved, but the issue wasn't for any MultiSig setup which could've had a different derivation path.

As far as possible, try not to rely on whatever Electrum is telling you to be accurate. You should assume that you can only trust whatever Ledger is saying, because it is the one with the secure environment, not your desktop with Electrum.

Most wallets should prioritize your inputs such that they attempt to segregate any linkage altogether. Using different wallets can help, but it isn't necessary as long as you practice coin control.

It will work. Or else, you can also use both within the same instance, and changing your Tor circuit everytime you change your wallet. I would advice you to stay away from Electrum if you want any privacy though.

Ledger enforces a check on the derivation path, which means that if the software asks Electrum to sign a transaction using keys from a different derivation path, it will display an error message.

What version of Electrum are you using?

It doesn't... Relative to the rest of the spam that the network has to deal with. UTXOs are always getting added and deleted so the growth shouldn't be that significant. If your logic is that each UTXO imposes a burden on the network, then each transaction imposes a much higher burden than that, for which there is zero compensation to the nodes. How do we go about solving that?

Either you go with an account based system or you go without, there is no inbetween.

Ideally, each address should only have 1 UTXO, that is the intention of Satoshi, for privacy reasons. Wallets are always encouraging this behavior to their user to discourage address reuse, by the use of change address and a new address every transaction. No one really thought that UTXO set is really significant in size... Full (and unpruned nodes) aren't for everyone, so I don't think everyone have to run a full node, if they don't want to.

Storage costs are quite minimal. None of the network nodes are ever compensated for storing the blockchain, we aren't a PoS coin.

UTXO is the factor that isn't really all that significant. The size fluctuates at about 4GB right now, and people are incentivized to try to have as little UTXO as possible because a bigger UTXO entails a greater transaction size to create and to spend. As opposed to the 4GB UTXO being an issue, I would argue that the nearly 400GB of block data would be a better point to argue from. Block data grows linearly while UTXO doesn't necessarily have the same growth.

There is a huge difference betweeen "green", sustainable or clean. Green energy is a term used to mislead people into thinking that there are no problems with using that much electricity. That is untrue.

For starters, there is no such thing as green energy. Any energy source as we know it has environmental degradation or significant contribution to climate change. Nuclear plants produce radioactive waste, solar panels degrades the environment through silicon mining, dams destroy habitats. Just because something is sustainable doesn't mean we should use it; it still produces significant environmental impacts. Specifically for Bitcoin mining and ignoring all that electricity usage, you are looking at ASICs which only serves a single purpose; to mine Bitcoin only. Afterwards, there is a small chance that it could be recycled but majority of it would just end up at landfills.

We don't call Bitcoin green, because any PoW will not be. The threshold for which we should tolerate would be the point at which the entire network consumes a certain level of energy such that the net benefits outweighs the cost. Don't rely on reports which are obviously flawed and biased, for they offer little perspective other than the agenda that they're trying to push.

No. The private key only allows you to derive the master private key for that specific Zpub in question, it does not compromise the other Zpubs. However, since the attacker has one of your Zpriv (master private key), the attacker can use that master private key to sign for transactions, assuming another person is willing to sign it too. A single compromised Zpub and private key doesn't affect the other signers.

No. The sender can define conditions for their addresses, which is why you have P2SH, P2WSH with the conditions for an UTXO to be valid. You do not specify additional conditions in your transaction outputs. This is why it doesn't concern the recipient; so long as the transaction is confirmed, the recipient can spend the UTXO with no additional requirements whatsoever, beyond those that were defined during the creation of the address.

Since the sender cannot define any conditions for the recipient, beyond whatever conditions are nested within the addresses as defined by the recipient.

If someone were to send you their dust, then there wouldn't be any use for you either. A dust of a dust would mean that it would cost even more for you to spend it.

It is more cost efficient to spend the dust to an OP_return. OP_return can be zero value and smaller in size, you would be able to burn most dusts while making it cost efficient. As opposed to increasing the UTXO bloat for no reason.

nLocktime is not an OP code. It is a parameter within a transaction that only limits when it can be mined.

Conditions for the UTXOs are not defined by the sender, and are only bounded by the conditions as specified in the script of the recipient address. The recipient defines the conditions for the UTXOs to be valid and able to be spent. The recipient will know the CSV, because they're going to be defined by them. The sender cannot define the requirements to spend the UTXO for the recipient, that wouldn't make sense.

It is actually quite easy to do so. The difficulty and the target are both stored within the block headers, it will be sufficient to just call the block headers at each difficulty epoch to get the difficulty for that period. It is pointless to get the hashrate, because any estimation based on timestamps within a short period of time is often quite inaccurate. You can determine it based on the block intervals or use the difficulty as a metric.

From my understanding, they aren't that much different. The median time as given by Bitcoin Core is simply a timestamp from 6 blocks prior (including the block in question). This means that by looking at the median time, you are just looking at a timestamp of the previous block, which can still be subjected to the inaccuracies of the timestamp system. The median time in a block is only useful if you're looking for a timestamp that is strictly increasing.

I would probably just go with the timestamp, the accuracy for either isn't different.

Unhardened keys will let an adversary be able to obtain your master private key with your master public key and any individual public private key from that keypair. This shouldn't be a problem because you are not supposed to expose any of your addresses anyways.

The far greater concern is with the privacy. Any attacker with all of the master public keys, will know all of the possible addresses generated that can be generated with your multisig, provided that they also know your derivation path. The latter should be a given, any complex and non-standard derivation path could result in the user lose all their funds if they don't save it properly.

That is the whole point of PoW, isn't it? If someone is willing to spend that much resources to do so, then I concede. PoW didn't fail and it has function as it should. The whole point of PoW is for those who wield the most power (PoW in this case) to decide whatever they'd like to do with the chain. Even if you throw out the economics of doing so, the effects of the attack is easily nullified by switching to a different algorithm.


Ahh okay. Though the node will throw loads of warning if a major re-org happens. It is very difficult to re-org those blocks though, your commulative proof-of-work is proportional to the amount of time that has passed, which means it is extremely expensive and time consuming to do so. If you're going to start today, then re-organizing the entire blockchain would probably take years at the very least (assuming >100% of the current mining hashrate). The impacts of it would be pretty limited, and honestly no one would even think about doing it.

If that ever happens, then the game theory of it would've failed. Where there is a far more incentive to be dishonest than to be honest, and they can't force the community or the nodes to accept their defeat. Any attacks of this sort will always be one-off. 51% attacks or majority attack is a byproduct of a feature and the game theory aspect of it would've failed. It would be less of a 'defeat', but rather we can acknowledge that someone was willing to sacrifice a huge, huge sum of money to attack the network.

You cannot really delete the chain either, that is possible in theory, given that nodes only function the way that do. It is impossible for a whole chain of 300GB to be propagated over the network, it would literally take hours.

Damn. No freedom for their own citizens to choose their own payment methods?

In other news, in a matter of hours, they just lost 10% in the value of their assets. If you think Bitcoin is suitable for major countries to actually adopt, then you're just wrong. It is nothing more than free PR, no government in the world would ever give up the privilege of printing money and tracking their own citizens. It's not that I don't think Bitcoin is totally unsuitable for your daily transactions, but it is just wrong to think that they're doing it purely because they actually want to adopt Bitcoin as a currency.