The problem is that no matter what you do, the user ends up having to enter that passphrase or decrypt the wallet on their system. If that system is compromised then the malware has the same access as the user and unless they verify things on both sides (the system and the 2FA where the second signature is generated) that malware can still do its thing by interrupting the communication and letting the user think they are communicating with the second party while the malware is.
I think if we were to ignore the privacy part, since both Electrum and TrustedCoin would compromise privacy anyways. Would it be better for TrustedCoin to be able to send a message containing the address to the user's 2FA app? Something like this[1] so it becomes more like a push notification. It eliminates the risks of having a malware, unless both the user's device and the computer are compromised. The main caveat that I can see from this is that it involves giving another party the transaction information which actually eliminates the privacy aspect completely at this point. At the same time, you can probably trust that the malware cannot modify whatever is displayed on the phone and that Authy or whichever provider is as trustworthy as TrustedCoin. [1] https://gemini.com/blog/introducing-authy-pushIf we are adding a new device requirement then it doesn't have to reduce privacy any more than it currently is. The setup could be like this (and works only for SegWit transactions since their txid doesn't change with signature): 1. The user creates a transaction, computes its transaction ID, signs it and sends it to the TrustedCoin servers to sign. 2. The TrustedCoin server does what it already does (verify tx,...) without signing. Instead it sends the transaction ID to that secondary device of the user (an SMS for instance) to verify before it signs it. 3. The user sees and verifies the txid is the same and approves it. 4. The TrustedCoin server receives the approval and signs the transaction and sends it back/broadcast it to the network. To prevent the "middleman" from knowing the transaction ID and linking it to the phone owner for example we can send something else instead of the txid itself. It could be HMACSHA256 of the transaction ID by first communicating a "key" between the server and the user and compute the hash like this: HMACSHA256(msg=txid, key=key)
Now the SMS contains a hash that can not be connected to user's tx without knowing that "hmac key" but the user can still verify it.
|
|
|
Tell me what is the reason.
1. Electrum is one of the oldest implementations of bitcoin 2. It has multiple active contributors that are always working on the code to improve it 3. It has no serious bugs 4. It is 100% open source with no hidden shenanigans like some of the other "wallets" 5. It is very easy to use for anyone from beginners to more advanced users 6. It is easy to sync since it is a SPV client and it is fast to sync 7. It has always been quick to implement any new feature that comes to bitcoin (eg. multisigs, P2SH, SegWit, Lightning Network,...) 8. It is one of the first HD wallets that let users only backup a "phrase" instead of having to backup their wallet file every time they create a new address 9. It has a very easy to use cold storage setup by easily pairing the cold and hot wallets. 10. It supports all hardware wallets 11. Electrum builds are deterministic so they can be reproduced, so you can trust the binaries they release even if you don't compile the code yourself
|
|
|
the otp is not used to encrypt anything. it's a 2 of 3 multisig wallet with only one of 3 extended private keys stored in the wallet file. during normal usage you have to get trusted coin to sign the transaction with their key so that the transaction goes through. they are the ones that make you enter the otp code.
This part is why I've been fiddling with Electrum's codebase trying to add a different authentication method. I'm trying to make it so that Electrum encrypts the wallet file with the password and otp key so that trustedcoin is not needed. I guess I could make it a plugin where it will be more accessible to people, but Electrum's plugin documentation is sparse. The problem is that no matter what you do, the user ends up having to enter that passphrase or decrypt the wallet on their system. If that system is compromised then the malware has the same access as the user and unless they verify things on both sides (the system and the 2FA where the second signature is generated) that malware can still do its thing by interrupting the communication and letting the user think they are communicating with the second party while the malware is.
|
|
|
Mining (aka finding a hash lower than the difficulty target) is partially a chance based operation. You can find the hash in a second or it could take hours more than usual. So even with a fixed hashrate you can end up finding x number of blocks in different time frames, eg. 15 days to find first 2016 blocks and 13 days to find second 2016 blocks.
When the hashrate is so much less than the difficulty, it can take significantly longer. The minimum difficulty can't go below 1 and it is possible that in early weeks there were more miners compared to following weeks hence the 4, 10 days in the beginning followed by 20-30 days in the next periods. It is also possible that miner(s) (Satoshi et al) shut down their computer for some time, maybe to upgrade to new version, test some change, etc. hence increasing the time between blocks.
|
|
|
ability to sometimes gain more than $1k within days.
You should always look at the percentage of the price changes not their amount. $1000 rise at this point is about 5% rise which is the smallest rise that bitcoin usually has. It is equivalent of price going up $50 back in 2016 when price was near $1000. It had always retraced anytime it reaches $19K plus.
It is because $20k is the highest record price that bitcoin has reached so far and it was the peak of the bubble by the end of 2017 so today it has turned into an arbitrary but strong resistance. Just like all the previous bubble ATHs that turned into resistances before they were broken.
|
|
|
When we do compare the adoption level compared in 2017 and to this year then we can really tell the difference which we can presume that the price wont really be crashing that hard incase the bubble would pop out.
We might be moving that fast in a short span of time and giving out that the same feeling in year 2017 and some had already sell off their stashes when it hits up 19k.
Thing here is that you do secure out your profits or you are already in greens.
I think you need to revisit the 2017 price charts because there is nothing similar between the $19k today and $19k of 2017. in case you have forgotten price went from about $8000 to close to $20000 in about 3 weeks which is one of the main reasons why it was a bubble. In comparison this rise to nearly $20k has taken 3 months and that is after a very slow rise to $10k. The feeling these days have are the same feeling as the end of 2016 when price was getting close to the ATH of that time.
|
|
|
Mt.Gox is going to 'supposedly' release $2.6 Billion USD worth of Bitcoin in the Mt.Gox Settlement from 2014 Crypto Exchange fail. ![Sad](https://bitcointalk.org/Smileys/default/sad.gif) That is around 140,000 Bitcoin. Due to this being a settlement I believe under USA Tax Law there is now Cap Gains for it hitting your wallet. I myself figure, if you were that early and adopter to be on Mt.Gox in 2014 you likely will HODL so no effect on Bitcoin price, but we will see! ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) According to coinmarketcap.com the total bitcoin trading volume over the past 24 hours was around $24 billion ( BTC1.25 million). Granted most of is the fake volume that CMC reports and a lot of it is from altcoin trading but at least $10 billion of it is from actual bitcoin exchanges and is fiat volume. I'd say a one time 140k bitcoin is a drop in this bucket and the only thing it could cause is a weak hand panic sell and nothing more. And that is not something we can predict. So far the market doesn't care.
|
|
|
Thanks for your help I have a much better understanding. Still don't understand 2 things:
1) how to multiply 2 hexadecimal strings. I would assume the point G would need to be converted into 1 decimal string? If not please clarify.
2) The amount of times G is added to itself to get the public key is the amount of private key. In which format is the private key in for this to be possible.
1. You can't multiply strings, you perform arithmetic on numbers. So you have to first convert the string representation of the number to an integer then start the "math". In this case you should convert the hexadecimal string to a 256 bit integer using the big endian notation. 2. Same as #1, the private key is also a number with at most 256 bits. Again you convert the string representation (in this case usually base58 instead of base16 since that's the common encoding for WIFs) then use that in the multiplication code.
|
|
|
Isn't this what bip39 was for?
I think you mean BIP-38 BIP 39 also have optional passphrase option (usually as 13/25th word), even though i think it require large QR code. But that does NOT encrypt your mnemonic, it just extends it. Also considering the fact that PBKDF2 is a weak KDF and on top of that a very low iteration count (<10mil) is used, it is not really providing decent security. The QR code size is not that big though. Here is the last test vector of BIP39 with 24 words: https://i.imgur.com/eSdMuMA.jpg
|
|
|
You are wrong because the fiat currencies including US dollar being inflationary and losing their value more than usual these days is only one of the smaller factors that contributes to bitcoin price rise. The main factor is still the same as it has always been: adoption. Institutional investors like others are also seeing this growth and want to join in at the early stages while the price still hasn't entered 7 figures. After we reach mass adoption and bitcoin price reaches stability (which could take at least another decade) then the fiat inflation becomes the dominating factor for bitcoin price rise.
|
|
|
Ok thank you. I think I a trying to understand it. So you add g (base point) by itself as many time as the value of the private key. As this isn't feasible their are algorithms to spead up the process?
Correct. k is always usually big so you can't really add G by itself k times, that would take forever. But with these algorithms (like the one above) the number of operations is significantly reduced. For example you have 256 bits and if all were 1 you end up performing 256 point addition and 256 point double which isn't going to take that much compared to adding G to itself ~2 256 times.
|
|
|
Satoshi has a balance of nearly 1 million BTC, let's guess what will happen if the wallet can be accessed by someone, whether it's the owner or maybe a hacker. Will the price of Bitcoin start to crumble and start not selling? First of all no one knows how much bitcoin Satoshi really has, all these numbers are pure guesses that different people have made and are far off the mark. Secondly if you read the links you can realize that it is not a single wallet or a single address (or even a handful of addresses) that contains that much which people could say "that is Satoshi's wallet". The 1 million balance is the total sum of tens of thousands of addresses that people guess belong to Satoshi containing block reward from early blocks. Finally lots of coins from early days have already moved and are moving and will move in the future, none of them have ever affected bitcoin price apart from a handful of newbies panic selling.
|
|
|
The last explanation completely lost me lol can someone explain simply how to use scalar multiplication now that we know the base point.
Basically you add G by itself k times where k is the private key. But since that is not reasonable there are faster algorithms to perform this depending on the curve. A simple one would be "double and add" method where you convert k to its binary form and for each 1 you perform a point addition (add 2 points) then point double and for each 0 you perform a point doubling (adding to self). https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplication#Double-and-addThe point addition and point doubling is also explained in the above wikipedia link.
|
|
|
It is called double spending, which technically means spending the same transaction output in a different transaction. There are 3 forms of double spending: 1. The easiest one called Replace By Fee (RBF) only applied unconfirmed transactions that are also market by RBF (to put simply have lower than max sequence) and is usually used to bump the fee.
2. The harder one which again is applied to unconfirmed transactions but the tx is not market as RBF hence the nodes reject the new transaction they receive as a bad double spend and if the initial tx is propagated properly it is extremely hard to get the second on to propagate.
3. The impossible one which is applied to confirmed transactions which is impossible due to extremely high cost of it since it requires a 51% attack and controlling a huge amount of hashrate that costs a lot of money. It also gets harder with each block that is added on top of the block containing the transaction.
|
|
|
your answer seems very well suited for the OP level, but dealing a bit more with details, would it be correct to say that the number of points the generator can create is the cyclic subgroup order, different from curve order by a cofactor?
According to Standards for Efficient Cryptography the relationship between order of the generator point and co-factor and number of points on curve is as follows: h=#E(Fq)/nwhere h is the co-factor, #E(Fq) is the number of points on the curve E over F q where q is an odd prime and n is the order of the base point G (the order of the sub-group generated by this point). h for secp256k1 curve is equal to 1.
|
|
|
It was mentioned above that point G is already known. Can you please elaborate on that. I wasn't aware of this.
Every Elliptic Curve is an unlimited number of points that satisfy its equation. We select one of these points and use it as the generator point (we add this point to itself repeated times to generate all the other points) which will then limit the number of points on that curve to a finite group. The generator point for sek9256k1 curve can create a little less than 2 256 points (known as the order of the curve or N) on its curve.
|
|
|
That is why I avoid calling them "wallets", they are simply accounts that people have with some centralized company and the moment they clicked "Accept" on their terms of service they gave up all their rights to freedom and their control.
I wonder how reliable the chart in OP is, because technically even if people were moving their funds out of exchanges we also have another reason why more people move to exchanges and that is the price rise. In that chart which shows most of 2019 the number was declining coincides with the biggest price swings that we had and ends with the biggest price rise that took the price to the previous ATH ($20k). This situation has increased the volume on exchanges by a lot which translates into a lot more bitcoins being on exchanges.
|
|
|
There is nothing to "reverse engineer" about the generator point of an elliptic curve, they are just points that are located on the curve. On top of that the fact that private key to public key is an irreversible operation is not about the generator point G but about the fact that the math behind it is irreversible. In other words if you have a point P and know that P is k*G you have no way of finding k even though you have both P and G.
|
|
|
You an also put dog shit in a bag and use it as a medium of exchange and nobody can prevent you from doing so but also you can't force other people to use your "currency". However, if you create a market for the dog-shit-in-a-bag coin and pump and dump it some people will come and trade it for a while before it dies.
In the end only thing remains and that is the decentralized bitcoin that nobody owns or controls.
|
|
|
|