It is not possible, at least not easy, to verify its credibility Its been tested with RNG testing software such as Die Harder. (and others) But non-technical people are unable to independently verify the randomness of a particularly device  |
|
|
|
朱荣这个人给我感觉就有点歧视大陆,当然他一年前创办796时就表达了对政策面的悲观态度,但是他这种既不用人民币做结算货币也把平台注册在香港与大陆人民划清界限的做法,确实让人感到他就是个洋奴。
这样说过份了吧。 我没有在 796 交易,也不是太了解。 国内有政策风险,这是明摆的事情。 作为公司,以赢利为目的,注册在香港, 这是合情理的。 这与“洋奴”扯不上边吧。 为这片土地、这个国家,多做贡献,才是爱国。 不要动不动骂别人是“洋奴”、“汉奸”。 你说的也对,汉奸,洋奴之类词语都是独裁者用来分离和挑拨人民与西方关系的工具,人生而平等,种族之间也是。 但是他个人就给人 崇洋媚外的感觉。 如果你面前有一本中國護照, 一本美國護照, 讓你隨便選, 你選哪一本? 你有權不答, 但要答就請誠實 |
|
|
|
It is not possible, at least not easy, to verify its credibility |
|
|
|
If we could standardize the procedure, any moderately educated person could generate a rock solid offline wallet. This is my real goal.
If you think a standard will be built around users making a custom deck instead of using a standard deck of playing cards available just about anywhere in the world in order to save a few cards well it is going to be an empty room. Still I think your mind is made up so I will leave you to it. You are possibly right, but the problem of playing cards is the lack of universally recognized name and order of the cards. Arabic number is a truly universal language. You may, of course, write 1-54 on each card, but then why don't you buy a deck of white card as I suggest? By the way, the most efficient way to use playing cards to generate 160 bit entropy is to pick 31 out of 52. That will give you 160 bit ( 52P 31). It still takes 31 cards with the 2 Jokers are used. |
|
|
|
[content snipped]
That's such a costly and time-intensive method of generating verifiable randomness. You could achieve the same level of entropy by flipping through the cable channels and hashing the first ten TV shows and/or commercials that you see. I would even prefer just hashing two random pages from a random ebook than going through the trouble afforded by your method. I'm not saying that your method is bad, just that it's unnecessarily cumbersome. No snake oil cryptography, thanks |
|
|
|
Bitcoin addresses don't have more than 160 bits of strength (only 128 bits if the PubKey is known) no matter how much entropy is used to create them.
For 160bits, you need 41 poker cards, or 29 rectangular cards as described in OP, or 26 square cards, or 23 octagonal cards The less card you use, the easier to shuffle and thus better randomness. If you have one good random number you have multiple. An HD wallet is an example of that.
In some cases you want many independent random numbers. Let say I am the boss of a company. I want to establish a long term bitcoin saving wallet. I don't want to trust my computer security officer or some black-box hardware wallet with my money. However, I have limited knowledge in computer. What I could do is to generate 10 random sequences by card shuffling, and use a specialized hardware wallet to turn them into 10 HD wallets. I will randomly choose 1 of the 10 wallets and lock it in a vault. I will also lock the hardware wallet in the vault. I will hire several independent security experts to examine the remaining 9 random sequences and HD wallets. They will make sure the HD wallets are truly derived from the random sequences. Therefore, a malicious hardware wallet would have only 10% of chance to success. (For more sophisticated users, they may verify the wallets by themselves using several different computers and clients) Now my wallet is as safe as the vault. I may use multi-sig to further strengthen the security. If we could standardize the procedure, any moderately educated person could generate a rock solid offline wallet. This is my real goal. |
|
|
|
Why don't you just flip a coin 256 times?
You could but it's extremely inefficient |
|
|
|
|
The fund is growing quite steadily
|
|
|
|
I'd like to minimize the number of cards. It could make a difference if more than a few high quality keys is needed.
A deck of cards has 52 cards, so you are saving... 9 cards. Is all that hassle worth it to make the deck a few mm thinner and a few grams lighter? This comparison is not fair as permutation of 52 cards just gives you 225 bits. You need 58 cards to make it just over 256. So 15 cards, or 25% is saved. It also means 25% of time is saved in recording of results. If you need many good random numbers that would make a difference |
|
|
|
Aren't you over thinking it.
Deck of card ~226 bits of entropy. You can buy one in just about any store.
Make your own four sided deck ~262 bits of entropy.
Both are (way) beyond brute force. The first is simple and straightforward. The later requires constructing your own deck and a two dimensional shuffle.
I'd like to minimize the number of cards. It could make a difference if more than a few high quality keys is needed. |
|
|
|
可以试试,不过不知道后期的收益怎么样啊。
以后怎么样,我也难以给你打保票,但因为是活期,以后不满意你可以随时提币。請問你用了多少錢買shfc這個刷子號? 我也想買一個 太逗了,hero想买刷子号干嘛啊?  買個小號攪IPO  有什么IPO搅? 我有Member账号,不过,不卖。 什麼IPO都好. 傻子太多, 騙子供不應求 |
|
|
|
可以试试,不过不知道后期的收益怎么样啊。
以后怎么样,我也难以给你打保票,但因为是活期,以后不满意你可以随时提币。請問你用了多少錢買shfc這個刷子號? 我也想買一個 太逗了,hero想买刷子号干嘛啊? 買個小號攪IPO |
|
|
|
可以试试,不过不知道后期的收益怎么样啊。
以后怎么样,我也难以给你打保票,但因为是活期,以后不满意你可以随时提币。請問你用了多少錢買shfc這個刷子號? 我也想買一個 |
|
|
|
It should take 525 bytes, so you could only store 19 pubkeys
Doh! Looks like I had a stray pubkeys[1:] in my Python script and miscounted. It could be simplified if it requires M-of-M signatures:
Good idea! If OP_CAT was not disabled, we could have much more interesting and compact scripts. It is really a pity that OP_CAT and OP_SUBSTR were disabled. |
|
|
|
Targets: 1. DIY: A 10-year old child should be able to do it 2. High quality: true 256bit randomness 3. Human verifiable: using CCD noise or radioactive decay is not acceptable because it is difficult to verify the randomness 4. Low cost: cheap, not too time-consuming to generate a random number ---------- Procedures: 1. Buy a deck of at least 43 blank, name card sized, white paper cards. All cards should be perfectly same size 2. Pick a card, write "1" and "2" on it in this way:  3. Flip to the other side, write "3" and "4" in the same way 4. Pick another card, write "5", "6", "7", "8" in the same way 5. Repeat for totally 43 cards (1 to 172) 6. Put the cards into a big black bag 7. Shake the bag really really vigorously and randomly 8. Stake the cards without looking a them 9. Determine the "upper side" of the deck without looking at it. (To determine the upper side, there are 2 dimensions) 10. By the order of the cards, write down the numbers on the upper side 11. You have a sequence of 43 numbers with 261bit entropy. Do whatever you want with it  Permutation of 43 cards give you 175 bits, and the orientation of each card gives you 2 extra bits ------------------- If you are able to find some perfectly square cards, you can reduce the number of cards to 38 by doing like this:  So each card will have 8 numbers on it. Permutation of 38 cards give you 148 bits, and the orientation of each card gives you 3 extra bits. Totally you get 262 bits. You can also do the same with 34 perfect octagon cards. Having smaller number of cards will not only save you some time, but also make the shuffling easier and thus more random ------------------- Why not standard playing cards? A full deck of 54 cards give only 237 bits, and more cards means more time to record the results Other ideas are welcomed |
|
|
|
That's not to say doing a 20-of-20 P2SH is impossible though - you can put 20-byte hashes in the limited size redeemScript and provide the pubkeys in the scriptSig: (OP_DUP OP_HASH160 8e4358ca4d6c9cd53a8e01e75bf0d25475c352e7 OP_EQUALVERIFY OP_TOALTSTACK) * 20
20
(OP_FROMALTSTACK) * 20
20 OP_CHECKMULTISIG
Total size: 500 bytes. That's close enough to 520 bytes that I'm sure you could squeeze in one more pubkeyhash with some micro-optimizations, but I'm procrastinating right now so I'll let someone else do it.  (OP_DUP OP_HASH160 8e4358ca4d6c9cd53a8e01e75bf0d25475c352e7 OP_EQUALVERIFY OP_TOALTSTACK) * 20 500bytes
20 2bytes
(OP_FROMALTSTACK) * 20 20bytes
20 OP_CHECKMULTISIG 3bytes
It should take 525 bytes, so you could only store 19 pubkeys It could be simplified if it requires M-of-M signatures: (OP_DUP OP_HASH160 8e4358ca4d6c9cd53a8e01e75bf0d25475c352e7 OP_EQUALVERIFY OP_CHECKSIGVERIFY) * (M - 1)
OP_DUP OP_HASH160 8e4358ca4d6c9cd53a8e01e75bf0d25475c352e7 OP_EQUALVERIFY OP_CHECKSIG
Size is M*25 That will allow 20 pubkeys. |
|
|
|
(3) Bitcoin's only intrinsic value is its utility as a method of payment. Its value as an investment depends entirely on that utility.
No, this is not true. A significant portion of bitcoin value comes from its utility as a storage of value: an asset that is scarce, non-confiscatable, exceptionally carriable (cf. gold), pseudonymous, uncorrelated to any traditional asset, and more. (The last one is in fact a defect.) Yes they do. No they don't. Think again about the Pluto land example. With the premise of UN guarantee etc, it has all the qualities that you listed. Why wouldn't it be a good investment? The problem is not that a comet may dig a crater in your plot. The problem is that its value is not pegged to anything. Therefore it may perfectly go from 1 M$ to 10$ at any time, without any reason. That in fact is what has happened to Bitcoin in the last six months: its market price has changed drastically and unpredictably, because it is not supported ("yet", you may say) by its use as currency. The demand that lifted the price at the current 620$ was entirely speculative, and there is no argument that excludes it going to 400$ or 1200$ tomorrow. We have seen it reach both. Or consider any altcoin, no matter how stupid. It may never be widely used as currency, but apart from that it has the same qualities that you listed above. If those qualities were enough, then any altcoin would be just as good an investment as bitcoin. Not this BS again. 1oz gold is 1oz gold is 1oz gold. Its value is not pegged to anything. Also read "Rai stones" on wikipedia For alt-coins, bitcoin is better than alt-coins because of its novelty. You may have 1000 bitcoin clones, but Bitcoin is always the FIRST successful cryptocurrency. |
|
|
|
Putting money in bank account may protect you from ordinary theft, but it allows the bank and the government to rob you, LEGALLY.
We are talking of assets of an investment fund (or some other enterprise) that are to be insured against theft. Some of your comments about paper wallets etc. apply to personal funds, I have said that safety there is "solved problem" in theory. I can't think what could be a "legal theft" of a company's assets by a bank. Loss of deposits due to bank failure is a definite risk, but insurers presumably know how to evaluate that. And funds should not leave their assets in bank accounts anyway. "Legal theft" of a fund's assets by the government must be seizure because the fund did something wrong. In that case they can seize bitcoins just as easily. (Refusing to hand over the keys to legally seized cois would be stealing government's property.) Or are you thinking of "haircuts" on bank deposits? Again, funds should not leave their assets there. To prevent insider theft, the insurance company may require COIN to use an M-of-N multi-sig address. N chief officers will generate private keys privately and independently. Each chief officer will physically sign a statement like this: I, <name>, am the generator of the private key for <public key>. The private key is stored in the vaults of <bank A> and <bank B>. Except the copies in the said vaults, there is neither physical nor digital copy of the private key. In case a theft occurred without breaking the vaults, these chief officers would have civil and even criminal liability. The key could be be stolen as it is generated, without the officer knowing it. (Think of N non-nerd financial managers who get their wallet software installed by the same Chief Security Officer.) Therefore the officer cannot meaningfully sign the last part of that statement. I suppose that, each time some coins have to be taken out of cols storage, the affected addresses would have to be completely emptied, due to the risk of the private keys being captured at that time; and any remainder would then be transferred to a new cold address, previously generated. It will be interesting to see how that works out (if we get to know it). I think it depends on how paranoid they are. To prevent the risk of bad security officer, each non-nerd financial manager will be asked to shuffle 5 decks of 54 cards privately. The manager will use a specialized hardware wallet to transform these 5 sequences into 5 key pairs. One of these 5 key pairs, together with the hardware wallet, will be stored in the vault. The other 4 key pairs, with the card sequences, will be examined by independent security officers of the COIN and insurance company. (EDIT: For money in a bank account, you don't need to do anything wrong to have a "legal" theft. Just look at Cyprus) |
|
|
|
(3) Bitcoin's only intrinsic value is its utility as a method of payment. Its value as an investment depends entirely on that utility. Bitcoin is a high-risk invstment because no one can tell what the demand for that use will be, and there is a positive probability that such demand (and therefore its value) will go to zero at some point. Approval of the ETF will not affect the expected demand for that use, nor that probability of failure. Therfore COIN shares will be just as risky an investment as bitcoin itself. If large institutional investors do not trust bitcoin now, why would they trust COIN?
No, this is not true. A significant portion of bitcoin value comes from its utility as a storage of value: an asset that is scarce, non-confiscatable, exceptionally carriable (cf. gold), pseudonymous, uncorrelated to any traditional asset, and more. Even for its utility as a method of payment, the approval of COIN will make bitcoin looks much more legitimate, and it will certainly attract more merchants to accept and even hold bitcoin. |
|
|
|
|
Show Posts
