yep, although there's at least 1 solution I can think of:

assuming you trust a miner (and it could be yourself if you have the hashing power, of course), you can give your transaction to a miner out of band, then the public key is never exposed until the tx moving your funds to a QC resistant keypair is already confirmed in a block. That would (hopefully!!!) be a one-off event, but hair-raising (and potentially expensive) all the same



I think the only solution is to render the whole P2PK supply unspendable, and to do that with a the longest possible period of advanced warning to give the holders of those private keys sufficient time to move their money. See, we're having a civil conversation about this, yet we already disagree!!! tough call indeed.



okay, I am aware of the logic underlying all of this, although you are more familiar with the details.

consider though: mathematicians/computer scientists/cryptographers working for powerful companies/organizations are not compelled to release every breakthrough they discover publicly. What if an efficient solution to what appears to be a brute forcing problem has in fact been discovered? Is that not the point of QC's anyway, to provide efficient solutions for which binary arithmetic Von Neumann machines cannot? Maybe some class of hashing algorithm could be developed to be resistant to such a thing, I simply do not know, but it seems to me that few others can really claim to _know_ either.

People always say "that's impossible", until someone pitches up one day and provides the solution. The fact that we are on this forum having this discussion is the result of exactly that happening: cypherpunks tried to create a Bitcoin, and their imagination for designing it failed several times until satoshi. People literally _couldn't_ believe satoshi initially, Hal Finney hung out with satoshi for a while, contemplating the details of his design, in a way to convince himself that there was not something satoshi was missing. Only once people like Wuille, Maxwell and Todd (as well as Szabo, Dai, and Back on the sidelines) arrived on the scene to contribute to validating the concept did people really begin to get over the disbelief.

*** the following is, to the best of publicly available knowledge, NOT POSSIBLE ***
There would be no such luxury under a "SHA reversed by quantum computers" scenario, one minute a single Bitcoin blockchain would exist, the next there would be infinite Bitcoin blockchains, and every Bitcoin client would have their poor little CPUs overloaded trying to figure out which one was the most-worked valid chain
*** the above is to the best of publicly available knowledge, NOT POSSIBLE ***

Wright is only involved in civil actions, of which he is the complainant. He's not "fighting the government", his whole angle on cryptocurrencies is that they aren't designed in a way that is easy for governments to control them (which was a deliberate design feature on Satoshi's part)

really?



supposedly there is no possible way of using quantum computing algorithms to find an efficient solution for reversing hash algorithm outputs. I think that because hashing involves destroying such a large quantity of the original data input, that's a reasonable assumption. I know almost nothing about cryptography though.

That's the reason why Bitcoin "addresses" are not the ECDSA public key, but a RIPEMD160 hash of the public key. Until the BTC is spent, the public key is protected from actual publicity, but spending involves revealing the public key in order to validate the transaction.

So, in the event of QC blockchain-ogeddon, funds stored at addresses that have never been spent from will not (theoretically) be vulnerable. However, at least 1 developer has suggested this assumption is not as safe as was assumed when this was devised, I do not remember the details however



I think @theymos actually did bring this up some time ago (and people mostly didn't see what the point was, and accused him of being jealous of satoshi or something or other)

The fact is, early BTC from ~ 2009 did not have a hash to protect the public key, those mined coins have their public key directly exposed on the blockchain right now. A known quantum computing algorithm can be used to efficiently spend those coins, which includes satoshi's stash (it's a guess who it all belongs to, certainly satoshi must own some though). The only thing stopping this is that the hardware doesn't exist. Yet.

which is why making satoshi's coins unspendable has merit, to anyone developing QC's, 1,000,000 BTC is effectively the bounty for keeping the details of progress in their work very quiet. If anyone is in the race to develop cutting edge QCs, the sort of people who ought not to have that much power are definitely in contention. Of course, there will always be loud screeches that "satoshi should be allowed to keep his/their BTC", but in this scenario, satohsi loses it either way if action is not taken well in advance. because the coins haven't moved, one could argue satoshi is either dead or confident it won't happen.

sorry, I thought it was you that didn't read properly, it was actually me



but my real question was, will the outputs of the parent tx be tainted by the inputs in the child tx used to bump the fee? The more I think about it, there's no reason this should work any differently to a regular transaction, as the parent outs are just inputs to the child tx

---

a future possibility is the 'package relay' feature (not yet merged into Bitcoin, possibly for 0.20.0). That would let the OP send the original 1 BTC with zero fees, which should be accepted into mempools if simultaneously broadcast with a child tx with the fees to get them both confirmed. Expensive, but not quite the cost of 2 consecutive transactions, as the child needs only 1 input and 1 output + 1 input and 1 output in the parent. Anyone know if package relay could prevent the inputs used as fees in the child tx from tainting the outputs of the parent tx?

not zero. Above the default relay fee, but too low to confirm in the next several blocks


I'm not thinking necessarily of outright privacy

If you had an address that was sent spam dust payments, the dust may be enough to pay the fees of a future transaction (unlikely), or at least contribute something to the fees. If you can structure the transaction in a way that the spam/dust goes only as fees to the miner, then no extra information is revealed that was not already public, you didn't taint your outputs with the spam dust, and the stupid spammer just paid some of your fees

a question on this has occurred to me

if you do this, the inputs get essentially merged, and so are forever "tainted" with one another (not the right expression, but I hope you all see what I mean)

But what if you used CPFP? (child pays for parent)


Couldn't you

• create the parent 1 BTC transaction with sufficiently low fees that it won't get confirmed any time soon
• create a child tx that spends the output of the parent, and an input to cover the (total) fees that is not sent to an output

would that not avoid tainting the 1 BTC output in the parent with the input used as fees in the child transaction? Or is this somehow possible without using CPFP at all?

I meant in the Wiley Coyote way, lol



tough topic.

the trouble is, perhaps the last people we should listen to on this topic are the prominent voices protesting naked-shorting manipulation. If you've seen these people doing their thing over the years, I find the most interesting co-mingling to be when guests talking straight gold price manipulation get mixed together with guests telling me about lizard-people aliens guarding the Vatican. The credible tellers of stories about gold manipulation k-n-o-w, must know, that they're being interviewed alongside people that just suddenly slip in unrelated details that sound like they were taken from the plot of a Marvel comics movie.

To wit, gold market tale-teller Catherine Austin-Spaceships () once spent a half hour talking about trillions of dollars of missing money in US gov departments, then suddenly for no apparent reason, dropped this line:

"...and did you know, there are spaceships fueling up using the rings of Saturn?"

...and went straight back into talking about detailed legislation involving unaccountable US government audit trails


There's a whole bunch of mystics, clairvoyants and tarot card readers who involve themselves in the gold market stories, and it is a psychological trick to put you off or to distract you with nonsense. It's hard to find anyone with apparent credibility that hasn't associated themselves with someone who has none. So, I've heard plenty of stories, but the evidence is thin. Not that there's no evidence, just that there's a big incentive to kick up a massive, multi-layered smokescreen. I mean shit, these people are just lining up to tell you untold secrets about "real" money; when you really stop to think about it, the motivations of the person telling you should be closely scrutinized. Anyone with who knows anything important is probably either too wise, scared or greedy to start talking in public, maybe we'll find out something more concrete when it no longer matters.

getting Armory running on a Mac is not the easiest task. there are a few people on Bitcointalk who know the details, of which there are more than a few

why!!!?

it's basic supply and demand. when demand outstrips supply, the price adjusts to reflect how much



my opinion is that people said that last time (both times)

they were wrong. what's different this time? (I'll give you a clue, the answer rhymes with "buffing")

they are more than expecting it, I should imagine. We have a reasonable suspicion that Mike Hearn, Gavin Andresen and Jeff Garzik (Max "Trojan Donkey" Keiser's favorite) were the first wave of corporate saboteurs, their hard-fork takeover attempts and Bitcoin clones were intended to usurp Bitcoin and failed miserably.

One thing to consider is that not necessarily the new  Bitcoin developers are the saboteur plants, those who want to turn Bitcoin into a nightmare system would be strategically lacking if they'd tried to use up all their ammunition in one attack. But which long term members of the Bitcoin dev team are trying to make it fail is not presently obvious, at least to me (or seemingly anyone else out there), possibly because they're waiting for a good opportunity.

None of this matters that much, there's little difference between a Bitcoin programmer advocating a bad idea for good reasons or bad ones. If we as the users don't have the wisdom to choose good development plans, or choose against bad ones, then we'll get what we deserve.

you could always start by reading his post, what people say gives a general impression of what their stance is

he said I (and tax evaders like me) are the problem, and that we should all be good boy and girls



how many genocides paid for with your tax dollars would you like me to post?

they're in such an awkward position over this

Overall, Wall Street wants this, because Bitcoin would be better squashed flat, except the realization that it cannot be realistically done has now been and gone.

so it could well be that the time taken over this has more to do with trying to figure out a way to manipulate the ETF yet simultaneously maintain it's credibility. that's not going to be easy with a digital bearer instrument like BTC.

if I was Wall Street, I would:

• hold the ETF as long as possible
• get some programmers into the Bitcoin developer team
• throw as much FUD as possible at BTC in as many ways as possible in the meantime
• accumulate BTC
• wait for some kind of systemic crisis (large or medium sized) to push an extra huge BTC pump
• try for another hard fork to completely switch the developer team, using your planted devs to lead it

watch out for parts 2 and 6 in particular

@WindFury @Kakmakr

same here

I originally thought "sounds like interesting tech, but obviously can't go far, maybe the banks do something like it?" How naive that was

easy problem to solve

digital individual's checklist:

• own digital assets that are protected by cryptography
• own internet assets (VPS) anonymously
• rent physical assets as much as possible
• have backup plans for theft of physical assets (laptops, PGP keys etc)

that would be people like me

feel free to do the same, we're taking alot of the risk atm in order that you can do so too

so only (small) changes in CO₂ alters rainfall or typhoon intensity?


I put this to you two:

• rainfall patterns have changed before, when CO₂ was not really changing
• typhoon intensity has changed before, again, when CO₂ was not really changing

not only that, but climate scientists are unanimous that CO₂ is not changing at an uncontrolled rate. A change of 0.01% over 200 years is not runaway exponential growth.

I want to, they won't allow it. Only choice is to go to another planet, and no doubt they'd follow everyone there and start ordering everyone about again



quit voting long ago



no I am not, I refuse to take part in something I never asked to be a part of, especially if it is thinly disguised bullying



that's not how this garbage system is marketed to the voters, but it's true: you can change something so small through the electoral system that it makes almost no difference, and gives the political class plenty of advanced warning about how to make counter-reactions that will erase any political gains the electorate can make



tech is a tool. tools can be powerful. powerful tools always, every time they were created and spread, changed the world.

ethics and morality are subjective

I would entirely approve of the ethical stance of a US or EU citizen refusing to pay taxes, on the basis that they would be repaying the money borrowed to conduct:

• WWII
• Korean War
• Vietnam War
• Cambodian War
• Afghan War I
• Iraq War I
• Yugoslav War
• Afghan War II
• Iraq War II
• 2011 Libyan Annihilation (can't really call that a war)
• Syrian War
• Yemen War

and several I probably forgot

So many people weren't even alive to vote against any of this, and yet they must pay the massive bill for these turf-war genocides. If you think it's ethical to just pay though, @bryant coleman, I would suggest it is you that is the unethical one.

just quickly pointing out the thread moderation policy:

• no trolling
• no trolls

because bitaps replied to a known troll account, their recent reply was wholly removed.

it's not quicker, since about 4-5 years ago. There's literally no point in using bittorrent to download the blockchain since version 0.10 (which was released in 2015)

ok, let's call it "peer-to-peer trade"

or "peer-to-peer governance"

it's pretty obvious that rules or consensus can be achieved person-to-person, so you're wrong



Bitcoin already is a peer-to-peer system, with rules and without rulers. If you don't want to call that anarchy, that's fine, but you're a joke if you think it could possibly be used (or have users) if there were no rules.


Bitcoin has rules. You don't like them.
You don't have to use Bitcoin, no-one's asking you to do so (or asking you to stay here on Bitcointalk.org)

in short: if you don't like it, fuck off (I predict you continue to come back whinging about something forever, nice life you have there )