Only the coinbase reward of miners count as virgin coins, the transaction fee is obviously from an address and has been involved in multiple transactions before then.
You cannot separate the coinbase rewards from the transaction fees because they are contained in the same UTXO. If you consider the TX fees to be tainted, then the block rewards are also tainted. Then, we would have no such thing as clean coins. Most do not consider transaction fees as "tainted" and are thus as good as clean or virgin coins. 5000 satoshis per vbyte isn't particularly unreasonable 8 months ago. Though they obviously could've paid lower fees. It can be intentional, or not. There is no point speculating on this. |
|
|
|
|
This topic has been discussed so rigorously and the conclusion is always that no reasonable state or adversary would spend so much resources on trying to stop something so insignificant. Unless you're looking for any sorts of profits, 51% won't work. You are bound to spend a few billions in both the hardware, facilities, electricity and various other miscellaneous costs for such an insignificant attack. The money could be better used in other areas. You COULD diminish the confidence that people has in Bitcoin but another crypto would simply rise again and the cycle continues. Not to mention that ASICs are not that easy to obtain or operate in bulk.
|
|
|
|
My high-level understanding is that if one person decides to make a malicious change to the Bitcoin software code, then others in the network will reject it.
Each node in the network runs their own specific set of rules. If someone runs a node that doesn't follow those set of rules, the other nodes would consider those transactions/blocks,etc violating their set of rules and will not. Majority of the network runs the reference client (Bitcoin Core), for which the rules are defined in the client. 1) How exactly does this process work? How do I submit or propose a code change?
Most high level changes involves quite a bit of discussion either on the IRC or the mailing list. The procedure is outlined in the link below. https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md2) And does every node need to agree with the code change for it to pass or just the majority?
Neither. Each node runs their own set of rules. If a new protocol code change that affects compatibility with older clients is implemented, then the older clients wouldn't recognize the new rules and simply wouldn't follow them, ie. a hard fork. |
|
|
|
In the excerpt, the child transaction does not signal opt-in RBF (nSequence of 0xff_ff_ff_ff) while the parent transaction signals opt-in RBF (nSequence of 0xff_ff_ff_fd). By the virtue of the parent transaction being replaceable, the child transaction should also be replaceable. This means that without your child transaction also signalling opt-in RBF, reference client do not consider inheritance signalling and thus you cannot execute an RBF with that child transaction. You can see how it affects the various clients in that email as well. It isn't really a "critical" vulnerability in Bitcoin Core, it is just a policy that was defined in BIP125 but never actually enforced. It can be problematic for the applications outlined in that email. Inherited signaling: Transactions that don't explicitly signal replaceability are replaceable under this policy for as long as any one of their ancestors signals replaceability and remains unconfirmed.
Just to add. For normal transactions, most users in general either wait for a single confirmation before accepting a transaction. Even if they don't, then there isn't a problem because the vulnerability doesn't allow non-replaceable transactions to be replaced. PR has been merged in the main branch, so should be included in the next release. |
|
|
|
Please correct me if I'm wrong, but I can't believe that this is accurate. Are mining pools really sending out a fresh candidate block to all connected miners several times per second? Perhaps the pool coordinator is constantly updating their candidate block with higher paying transactions, but surely they are only broadcasting a new candidate block to miners once every few seconds, or maybe several times per minute? Ideally, they should probably only be broadcasting a new candidate block once their updated candidate block has reached some threshold of a larger fee than the old candidate block currently being worked on.
I'm currently solomining for fun, with my USB ASICs, connected to ckpool. Just hooked up a packet sniffer and I observed roughly a single mining.notify packet from the server once a minute. The server has no requirement for the miner to discard their current work until the nonce is exhausted. List of merkle branches changes every time the packet is sent to my miner. Take it with a grain of salt though, it might be different for various pools. It is possible for pools to enforce a mandatory change in the merkle branch though it would entail a slightly larger bandwidth and having the miners to discard the work that they've done. |
|
|
|
A fresh proxy could probably help in situations like that. They are free and available from many countries around the world. If one location doesn't work, one can always try with a different one, but newbies probably don't know about that. However, that still creates a big number of abandoned accounts. But hopefully that will decrease now as word goes around that there are users who can whitelist legit individuals who got affected by the evil-fee virus.
Units of evil applies to the IP range. That would probably result in most IPs being tainted, as long as a few of the IP within that range are blacklisted. I highly doubt you would be able to find any free proxies from a scraper that would allow you to register without any units of evil. They are abused to death and needless to say, I suspect a huge bunch of them are honeypots, intended to log and track those who don't know any better. If we've reached the stage where even IP ranges belonging to residential ISPs are being tagged, then it would be far more difficult to find clean proxies. |
|
|
|
Does this mean that it is possible to create a Slip39 wallet or only import it?
This option is very useful with the increase of ordinary individuals who use Bitcoin and the method of memorizing them, which is often by dividing the twelve words into two or three parts and hoping that they are all safe.
I second the sentiments above. Electrum deliberately chose not to implement BIP39 generation into their wallet but only supports importing it. It is designed to dissuade people from continuing to use that as well, either intentionally or not. That is also a reason why SLIP39 support was added, but not the generation of the shares. Shamir Secret Sharing suffers from several shortcomings and it is nothing a simple Multisig can't do, Taproot would make this even better. We've discussed SSS several times on the forum and the conclusion is that it isn't particularly useful for most users. |
|
|
|
Why did the complaint escalate recently, even though the percentage of those who use the site is not increasing? The problem will increase by the end of the year if the price of Bitcoin increases.
The problem lies in using VPN, which often gets a ban, but using a clean real ISPs IP will not lead to bans in most cases. Most beginners do not use Tor.
On the other hand, solving problems with fees isn't perfect.
Which is also a problem. Certain users prefer to have some sort of anonymity when browsing the internet, moreso for Bitcoin related sites. The problem is prevalent in both the IP ranges allocated to regions which is infested with spammers or just Tor exit nodes. From the top of my head, I've seen a few threads where certain users has had difficulties registering without triggering it even with IPs allocated by their ISPs. Neither of which is good and I also don't believe that there would be a better idea than enforcing some sort of payment to stop spams like these. |
|
|
|
block id pool blocktime
691877 AntPool 00:01:15
692142 AntPool 00:15:49
692222 ViaBTC 00:07:40 Except for the first one, the other two had a normal blocktime. And 1 minute is more than enough to add transactions from the mempool into a block. I think some pools might want to mine empty blocks to try to make fees goes higher, so they will make more money in medium term (this is my guess only, but I think it makes sense) They aren't. You're looking at the timestamp only. The timestamp of a block is almost always inaccurate because the network allows it to deviate significantly. The blocks that you've highlighted are relayed only a few seconds apart. Miners won't try to artificially inflate fees. Trying to inflate the fees at the current stage won't work, none of the pools hold a significant portion of the network. Intentionally mining empty blocks would result them in losing out more fees in the long run. Fees are fairly demand inelastic right now, so people are more likely to put off making transactions when fees are high. |
|
|
|
Sidechannel attacks like those are quite stupid, if you think about it. Most side channel attacks requires direct access to the device, at the point which the user interacts with the hardware wallet. Your EM probe must be directly on the device at the point of interaction or you risk interference from other electronic devices. Those are POC which realistically wouldn't apply in the real world and are no better than a $5 wrench attack. Besides, most wallets in this day are not vulnerable to timing attack, because that is quite amateurish and most hardware are hardened against it. As compared to a malware attack, the possibility of you gaining any profits is far lower, because your targets are highly specific and involves you breaking into their house in the first place. It is fairly easy to counter most potential side channel attacks. |
|
|
|
-snip-
That is the trade-off of the current system. There isn't any other feasible way to deter spammers, and removing it completely only serves to worsen the current spams we're seeing. Those affected by this are unfortunately just collateral damage. As I've mentioned before, the proxyban fee has practical reasons, but it's a system that cannot be efficient in controlling ban evaders which is the actual purpose. New members would normally not know their way around the forum or Bitcoin itself and may have stumbled on the site from somewhere else and rather than getting a welcome message which explains a bit about this forum, they get a ban message which they need to pay to overturn.
Ban evading is an offense on the forum and those caught will still be banned even though they have paid the fee, new members on the other hand are the ones who would either pay for something they know nothing about or not register at all.
The actual purpose is mainly to control spammers, instead of those seeking to evade bans, IMO. There was a huge influx of spam SEOs at the start of the year, with them scraping other posts to try to blend it. Removing the barrier of entry for those IP ranges only serves to increase the spam on the forum and other than monetary disincentives, I don't think there would be a better way to reduce those spams. If you remove the fees completely, you'll most likely start to either see hoards of account farmers or bots every now and then and degrading the experience for everyone. Most users probably won't care about using the forum, once they see that they have to pay a fee to use it. No matter how much you explain to them, they would probably just be put off by having to pay a fee just to post. |
|
|
|
I agree it does sound very unlikely to do, no one would probably waste resources trying to do that but is there anyway that security issue could be fixed? I seem to have an issue with bitcoin using such short addresses where collissions can be an issue but no matter what the size of the address space, those could always happen. Seems something more fundamental would have to be done to fix that.
No. It is not a security issue. You'll probably have to see the post referenced below to understand what I'm talking about in relation to the Multisig and normal P2SH. Wouldn't birthday paradox only apply if all people involved are searching, and the rewards of the finds are equal?
But, as you say, the search space is smaller than the key space (2^80?). The public address space is smaller than the key space (2^160?), so you don't really need to search through the entire private key space for collisions. Maybe this is why the key space was made to be so large.
Maybe public addresses should be longer if the birthday paradox applies? But as you've said, there is SHA256 and P2WSH.
Collision attack is very different from pre-image attack. In trying to find a collision, we would be finding two of the same hashes when we're searching for the keys. The hash that will be found is completely arbitrary, and the theoretical attack scenario is better described here: https://bitcointalk.org/index.php?topic=5348160.msg57410551#msg57410551. If you are looking for any specific addresses, you will need to do a second pre-image attack (2^160), so we're finding the inputs that would result in a specific set of addresses. Birthday probability doesn't apply here because we're not looking for random collisions, but inputs that would result in specific addresses. |
|
|
|
Nope. Still the same with that command.
Check the Tor and Electrum Logs. Electrum logs are in the data directory, if enabled. Tor's logs are in Tor Browser's settings, if you're running it. |
|
|
|
I tried it with port 9150 and with both 50001 & 50002. It doesn't work for me. Could the fault be my version? (v4.0.4)
I checked your command again. I'm using this command: electrum-4.1.4.exe -s hsmiths4fyqlw5xw.onion:50002:s -p socks5:127.0.0.1:9150. I'm not sure if it works for 4.0.4 as well, I don't remember any changes done to that. Do try it and let me know. |
|
|
|
|
Try port 9150? Electrum works with 9150 but not 9050, believe the latter is for the Tor daemon, instead of the browser.
I confirm that hsmiths4fyqlw5xw.onion:50002 is accessible.
|
|
|
|
I'm assuming when you say collisions you mean hash collissions? never thought of that. so i guess even the legacy multisig is no more secure than a single public key. that's the problem with multisig in general is it works but u can't be sure there's not another way to spend the funds other than YOUR way which is the m of n private keys. until they get something like that, i guess it's not true multisig ever. kind of disappointing that bitcoin has this limitation of such a small address space what is it 2^160?
It affects multisig, where multiple entities are involved. By birthday paradox, the attacker can run through 2^80 combinations of their public keys with the other party's public key and produce a collision. The victim would be left in the dark, which is why we've pre-emptively introduced SHA256 with P2WSH. Multisignature needs as you said "a bunch of regular signatures", in fact it needs M of them. And then it also needs to apply "logic after the fact" as you also pointed out, to figure out that out of the N public keys that M of the signatures belong to N of those public keys. I think that's really the only way you could really ensure that M of the N private keys were used. There's no other way.
Not really. The conditions are only required provided that the redeem script that you're providing in the transaction states so. If I were to somehow give a redeem script which hashes out to the corresponding hash in the UTXO, then the conditions in that redeem script is considered for unlocking those outputs. For example, if I were to somehow have a redeem script which is a 2-of-3 Multisig and its hash somehow is the same as another completely different P2SH with differing requirements, then by fulfilling the former redeem script requirements, I can spend the outputs tied to the latter P2SH script. It is a totally hypothetical and incredibly unlikely scenario, but it proves that for a specific P2SH, we can define an alternative script to bypass the requirements in the first place completely. |
|
|
|
And how does one go about defining "security" anyway? I think there's different levels of security. For example, if i need to know 2 private keys then that's not just double the security over needing to know 1 private key.
We define being secure as something that is infeasible with current and future computational capabilities. You can say 1/2^256 is secure enough but that's your opinion. People can have their own opinion of what is secure enough for them and they should be able to use tools that give them that desired level. Maybe 1/2^(256*6) is secure enough for someone else so they make a 6 of 8 multisig wallet. They don't want to hear that it's really not that secure and that a single private key could bust them down to 1/2^256 level of security...
Multisig security isn't defined by that. We attack the weakest link; produce a pre-image by having a redeem script that is able to be hashed to the address we desire.** That is far less complex than having to find individual private keys. No matter what kind of requirements you include, if we find a pre-image of a redeem script that hashes to your address and is able to fulfill our own requirements, your security is compromised (don't necessarily have to know any of your private keys). P2SH at it's current form suffers many forms of limitations; requiring 6 signatures makes a transaction unnecessarily big, and computationally expensive. It is not reasonable at all to demand security levels which leaves attacks *more than* astronomically difficult. That would just be paranoia and a waste of resources. ** This is quite difficult, even for now. I doubt that it would be more difficult than trying to find individual private keys through bruteforce and random combinations (if redeem script is not revealed). |
|
|
|
The miner, indeed, hashes a 80 bytes block header, but to reach the certain merkle root, he has to hash transactions. Hashing transactions may take some time; it may not seem slow in practice, but in theory, doesn't it take more time to hash multiple transactions over and over again, instead of just one?
There isn't a lot to hash. Anyways, I don't think ASICs hash merkle root. They only hash the block headers, any CPU can hash the merkle tree in milliseconds so it can be done in parallel. |
|
|
|
|
If you only get the block header, then you can't validate the validity because you are unable to validate anything else in the block that is not within that block header. Then, you rely on the longest chain being valid and follow them, without being able to validate the blocks in that chain.
Merkle root can be valid, even if the transactions aren't.
|
|
|
|
Watching blocks fill up in real time as they are being mined made me realize that miners are hashing a block that is (potentially) changing every second. Especially when there aren't enough transactions to fill up a block. So does this mean that, say in the case when transactions in the mempool are low, each time a new transaction enters the mempool the miners will stop attempting to hash the old block and start attempting to hash the new block that includes the new transaction? It seems like trying to shoot a moving target would really slow down the process... but I am not a programmer or a developer of any sort  It depends. There is almost practically no penalty to change the merkle hash of the block since miners should be fast enough to include an alternative merkle root as required. The server may request for the workers to change out the merkle root periodically through mining.notify on stratum for example. Miners can include any transactions as they wish and it is not a necessity for them to discard the current block and include new transactions whenever they see anything. Also I have noticed a handful of really small blocks that get mined especially fast. Is this just a coincidence that my lizard brain makes a connection, or is there some causality there?
No. The chances of you getting a valid block is not affected by the number of transactions or the size of the block. It's common for blocks to be mined within a few seconds of each other as some miners either don't include transactions at all after seeing a valid block on the network (to avoid the risk of including conflicting transactions, while they are validating the blocks) or if the miners are just slow at including transactions in the block. Small like... empty? Probably empty blocks could be solved more easily, due to the fact that there's less information to be hashed each time.
It's the same. |
|
|
|
|
Show Posts
