The real cure for the COVID vaccine is my patent pending COVID vaccine vaccine. I've named it Bezos6GNanoChiperan. No reason why.

While this is true for the casual user who just uses RBF to bump the fee, it is not necessarily true if you know what you are doing. You can change the value of both the change and the recipient outputs, so it is not clear which one is which. You can instead include another input and use that to bump the fee, leaving all the outputs the same. You could instead replace the recipient's address with one of your own (unused) addresses, and make a second totally separate transaction to pay the recipient. The transaction may only have 1 output and no change.

I think a better idea would be for Wasabi to allow RBF to be enabled with an option hidden in the settings somewhere and with a pop up warning it could decrease privacy, so users who know what they are doing can still use it, while those who don't appreciate the risks wouldn't.

It is entirely possible to do all these things with RBF.

An RBF transaction only had to spend at least one of the same inputs as the transaction it is replacing. It can add or remove other inputs freely, meaning you can absolutely send more or less bitcoin than in the original transaction. I can also use RBF to replace a transaction with multiple inputs, only include one of those inputs in my new transaction, and therefore free up the other inputs to be used in another transaction (or just left alone, if I want).

Be aware that if you do regain access to his accounts, you absolutely shouldn't carry on using them. You should just withdraw everything in them to your own wallet and hope neither exchange locks the account before your withdrawal is processed. If you try to link a new bank account or other payment method to deposit or withdraw fiat which is not in your uncle's name, then the account will instantly be locked and you will have to go through the recovery methods of completing KYC yourself, providing his death certificate, providing his Will, and so on. Even some simple trading activity after months of inactivity may be enough for them to request additional KYC, which you would be unable to provide.

132 bits of data; 128 bits of entropy.

OK sure. Then let's consider the FBI trying to decrypt a criminal's device that they have in their possession, or someone trying to crack the password to an encrypted wallet file. Both have unlimited attempts, both are far quicker processes of simply trying a password compared to generating a private key, converting to a public key, converting to an address, and checking for balance, and both are impossible with a full ASCII password of only around 12+ characters. And yet doing so is still trillions of times easier than stumbling across someone else's seed phrase.

I'm only going to repeat myself one more time. They protect against an unrelated low difficulty flood attack. They are worthless when protecting against a 51% attack. This is not a difficult concept. Adding more is unnecessary to protect against the low difficulty attack they already protect against.

If the last 2 days and ~300 blocks can be rewritten, then proof of work is no longer secure, checkpoints or no checkpoints.

---

I just got round to checking your post history and realizing that you are an alt account of a well known BCash shill, and one that I've had this exact conversation with before. It's clear now why you are so pro-checkpoints, since BCash has been successfully 51% attacked on more than one occasion in the past.

Because I've already explained why the checkpoints are still there, and it has nothing to do with preventing 51% attacks or chain re-orgs. They prevent flooding of low difficulty blocks. See the quote from Pieter Wuille above. Or this one from Greg Maxwell: https://github.com/bitcoin/bitcoin/issues/7591#issuecomment-188369540

Sure. And if someone can rewrite the history of bitcoin back to the genesis block, back to the last checkpoint in 2014, or back to last month, then the outcome is always the same - bitcoin's security model is broken, trust is destroyed, and bitcoin is worthless.

The checkpoints we have are, on average, ~5 months apart. You honestly think if someone rewrote bitcoin history for the last 5 months everyone would shrug their shoulders and say "Well, at least they didn't rewrite more than that!" and carry on as if nothing had happened?

And having a centralized security model, which is effectively what checkpoints are since it puts the decision regarding what is the longest chain in the hands of a small group of developers, is 100% effective against any rewriting attack. Why not just use a bank?

They are still there to prevent against the attack I mentioned above:


And if you do need to use them, your security model is broken. So either useless, or a broken coin. Either way, they add nothing.

Except the checkpoints were never intended to prevent chain re-orgs. They were there to prevent an attacker flooding new nodes with low difficulty blocks, not as protection against 51% attacks. And since we now synchronize headers first rather than entire blocks, the checkpoints became unnecessary.

In which case a checkpoint is useless. It makes no difference if someone can rewrite the history back to 2017 or back to last week. Either way, the security model of bitcoin would be completely broken and bitcoin would be worthless.

Which means those coins are insecure. If you have to hard code your security like that, then your security is weak. If the security of your coin depends on a developer implemented checkpoint every hour/day/week/whatever, then your security model is is completely centralized.

We covered all this in your other thread.

Seed phrases (lists of 12 or 24 seemingly random words) can be imported in to a wallet such as Electrum.
Private keys (51 characters beginning with "5", 52 characters beginning with "K" or "L", or 64 hexadecimal characters) can also be imported in to a wallet such as Electrum.
2FA shared secrets (16 hexadecimal characters) can be recovered to a 2FA app such as Google Authenticator or Aegis.

To access any exchange account, you need the relevant email/username, password, and correct 2FA code.

You can remove the old 2FA and add a new one, but only after you regained access to the account(s) in the first place.

Well, good thing they have capitulated, although I doubt very much this is the last we have heard of mining pools censoring transactions or "OFAC compliant" blocks.

It's also quite telling that although they have said they will signal for Taproot, none of the blocks they are mining do so yet. Quite clear that they do not actually want to support Taproot, but felt they had to give in at the last minute now we have ~98% consensus so as to not jeopardize their profits.

Sure. If the difficulty dropped by 50% because the hashrate had dropped by 50%, then 6 new confirmations would only require half as much work to reverse than 6 old confirmations.

As far as a 51% attack is concerned, the source of the malicious hashrste is irrelevant. If a single entity controls 51% of the hashrate, and can sustain that for long enough, then any number of confirmations can be overturned.

Note that there are only this many combinations if you include all 12 word seed phrases with an invalid checksum. 2048¹² is the same as 2¹³², which makes sense when you consider each of the 12 words encodes 11 bits of data, and 12*11 = 132. However, when you also consider that the last word contains 4 bits of checksum data and only 7 bits of entropy for a 12 word phrase, then the total number of combinations with a valid checksum is actually 2¹³² / 2⁴ = 2¹²⁸.

Edit: Fixed the math, thanks.

When entering account details to a website, I can input any string of characters as a username and password, but the chances of finding someone else's account by doing this is almost zero.
When entering credit card details online, I can input any string of numbers and other details, but the chances of finding someone else's credit card by doing this is almost zero.
When restoring a wallet, I can enter any combination of words (including with invalid checksums, if I so desire), but the chances of finding someone else's wallet by doing this is almost zero.

Correct. It is the combined fee for everything you are ejecting from the mempool, which includes both the parent transaction you are directly replacing and any and all child transactions which stem from that parent transaction.

You can see this in the text of BIP125 (emphasis added):


Also correct. This is known as transaction pinning. See the first bullet point here for the exact scenario you have described: https://bitcoinops.org/en/topics/transaction-pinning/

hosseinimr93 is right, but one additional clarification:

Any RBF transaction you broadcast must pay both a higher fee rate and a higher absolute fee than not just the transaction it is replacing, but of all the transactions which would be evicted from the mempool if it were to be accepted. So if an unconfirmed transaction has several unconfirmed children, then you would need to add together the total fee paid by all of them and set your RBF transaction to have a higher fee than that, and not just a higher fee than the parent transaction you are replacing.

That's not strictly true. The transaction which is being replaced, and any children based on that transaction, only become invalid when the RBF transaction confirms and the inputs the original transaction uses are no longer available. Until the RBF transaction confirms, the original transaction and its children are still perfectly valid. Now, most mempools will eject them in favor of the RBF transaction, but that doesn't make them invalid, and any node or miner could still choose to mine them over the RBF transaction.

There are other ways an attacker could guarantee their CPFP confirms instead of your RBF, such as by using transaction pinning to make the RBF fee you would have to pay prohibitively large, or by creating and broadcasting enough child transactions to prevent RBF from occurring, as per rule 5 of BIP 125.

Good news for sure, but am I missing something here? Why does Taproot prevent them from filtering transactions like they are currently doing? Taproot doesn't hide which addresses bitcoin is coming from or going to, it doesn't hide if the bitcoin in question has come from a darknet market, it doesn't hide if the bitcoin in question has been coinjoined, and so on. Why can't they continue to filter after Taproot?

This is the biggest lie I've read in crypto since Brian Armstrong said that he was committed to "bringing economic freedom" to the world, while he is busy using blockchain analysis technology to spy on you and hand your data over to governments and third parties. If they were actually committed to no censorship, then they wouldn't be censoring transactions.

Maybe, but with the mempool emptying out to 1-2 sats/vbyte levels, then I'm not sure this is going to bring them any real additional profit.

I don't. The only coins I regularly use and hold long term (or think are worth anything, for that matter) are Bitcoin and Monero, both of which support airgapped wallets, offline signing, and transferring unsigned and signed transactions back and forth. I occasionally buy another altcoin for a specific purpose, but since it is always for a specific purpose I am never holding it long term so I just stick it on one of my hardware wallets for the short time I need it.

I have no interest in DeFi, as I think it will go the same way as the ICO craze, the IEO craze, or all the other crazes we see in crypto - a lot of vaporware, a handful of scams thrown in, the vast majority of coins/tokens/projects dropping to zero, meaning some people who gamble on the right project at the right time will make a lot of money, but most people will lose money, and very little of it will survive long term.

Absolutely. And if that merchant is happy to complete KYC at that exchange to turn his bitcoin to fiat, then it is also his right to do so. However, I am under no obligation to complete KYC at that exchange. And sure, I can always refuse to use the merchant who wants my personal details and find another merchant, or refuse to trade with the user who wants my personal details and find another, which is a viable solution at the moment. But as time goes on, and governments push for more and more restrictions and more and more KYC, then the pool of people conducting business without KYC details or accepting bitcoin from unknown sources shrinks. Some countries are starting to force users to complete KYC for their own addresses before letting them withdraw from an exchange, for crying out loud. Mining pools are starting to censor transactions which don't come from "approved" sources. The government will not stop until every address and every bitcoin is linked to someone's personal details, and if you don't compromise your privacy in this way, then your bitcoin will not be accepted at any exchange and your transaction may not even be mined.

No merchant will accept coins if they are worried about them being seized. Instead, centralized payment processors like BitPay (which are already pretty far along with the whole spying on their users thing) will start to employ the same chain analysis firms that exchanges employ. If the exchange would seize your coins, then BitPay will too, and the merchant will not be out of pocket.

It's an extreme scenario, yes, but I don't think it's sufficient to say either "Well, let's convince governments or exchanges to stop their regulations" (which will never happen), or just to cross our fingers and hope it doesn't come to this. If it becomes near impossible to spend your bitcoin without some chain analysis company giving the approval or some centralized third party collecting your KYC data, then bitcoin is no longer bitcoin as far as I am concerned.