Bitcoin Forum
January 20, 2019, 06:25:55 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 »
1  Economy / Trading Discussion / To Trade on Bitmex or Not to Trade on Bitmex That is the Question on: December 02, 2018, 07:42:38 PM
In this thread I would like to share with you my initial experiences with Bitmex. I hope that some members of this forum might find them useful.

I didn't plan to try Bitmex at all (it looked to me too risky), but then I decided to give it a chance.

What I found out is that many people treat Bitmex like a casino, but in reality, you don't have to do that. Nobody is forcing you.

The good thing is that if you choose a reasonable leverage (10x or below), you are risking less money from your account compared to no leverage at all. But at the same time this is a bad thing in case you decide to push your leverage too high. The trade off is that the higher the leverage the higher the danger of your position being liquidated.

What people typically do is choose to go Short or Long and then, like a roulette, wait for the outcome, which can either be a win, or a liquidation. Even if you are extremely lucky and have a winning streak, just one liquidation is enough to ruin your account.

The solution to this is really easy. Always set a Stop Loss. If you go Long, go to the Stop Market tab



and set a Sell Stop somewhere bellow the Entry price. And the other way around when you go Short.

It is also important not to risk a substantial portion of your account. You can do that by adjusting your Position Size. Your stop loss should enable you to lose only a few percent at a time (in case the trade goes in the opposite direction).

Depending on your balance, your risk can be set as a percentage of your total balance. Then you can determine your desired stop price, and calculate the number of contract you should trade so that in the case of your stop loss being triggered, you lose just the risk percentage. I always risk 2% or less of my account.

Here is a good online calculator where you can do that:

https://blockchainwhispers.com/bitmex-position-calculator/

Fill out the left form where it says Enter Data. Then you can check the Results. It can give you your Position Size, Risk Amount in BTC and USD, Stop Loss Price in case of Short or Long Position, Take Profit Price, and other info.

This calculator can also tell you what you maximum leverage should be so that you are stopped out, rather than liquidated. However, it may suggest too high a leverage. Rather than accepting that, I still suggest to go with a smaller leverage (up to 10).

Never ever get liquidated. Stop your trade before that happens.  I know that you might still have hope of reversal, but that's pure gambling. And that's not the way to trade if you want to make consistent profit.

Go with low to moderate leverages. Never go beyond 10, unless you are very experienced trader.

Now what happens when the trade goes as planned?

- Don't be greedy. Take profit, at least some percentage of it.

- For example, take 50% profit at some point. Your trade is now officially a winning trade. And leave the rest of it to go as far as possible.

Remember out of 4 possible outcomes, 3 are acceptable, the fourth is not:

1. Small losses - Acceptable

2. Small wins - Acceptable

3. Huge wins - Acceptable

4. Huge losses - Not acceptable

Protect your account against Huge Losses.

I would appreciate your input, especially if you are an experienced Bitmex trader, and especially if you think that I've said something inaccurate.

Good luck!
2  Economy / Trading Discussion / [Youtube Video] The 10 Minute Talk Every Trader Needs to Hear on: October 08, 2018, 10:46:13 AM
I have no idea whether or not this youtube video has been shared before:

The 10 Minute Talk Every Trader Needs to Hear



but I thought it would be well worth your time. It is a talk from the Traders4ACause 2018 Charity Conference and it deals with the mental attitude of a good trader and the psychology of trading. It is not about cryptocurrency trading in particular, but everything you will hear applies to the crypto space as well. You will hear from the perspective of a trader what it means having a fixed set of rules. Those are the rules that you follow all the time without exception. The speaker argues that 90-95 of traders fail not because of a lack of good trading setup, but because of too many preventable losses or just one big loss. I found this talk very useful. I believe it may help you to:

  • understand how important it is to limit your losses
  • learn from the same mistakes you make over and over again
  • hold yourself accountable for your actions as a trader
  • focus on what you are doing poorly rather than on the next big setup
  • wait on your high probability setups (those with probability of 80-90%) to kick in before making a move
  • forget about trading at any cost just because you think you should be proactive
  • use hard stops, or having a mental idea about where you are gonna exit if your trade doesn't go the way you thought
  • forget about being stubborn with trades that have gone the wrong way but you are still holding to them
  • cut your trade if you are not right immediately
  • learn not to be biased on your research about a coin if the market says otherwise

Here are the rules that the speaker has set for himself:

  • trade the best setups that are profitable at least 80-90 percent of the time
  • for these high probability setups put big money into them
  • never add money to losing trades
  • never say to a losing trade it can go higher
  • take profit on winning trades
  • you don't have to pick the exact top or bottom
  • trade with your free and clear mind
  • don't revenge trade just because you had a big loss last day
  • cut losses
  • cut losses
  • cut losses

I enjoyed this talk and I hope you'll enjoy it too. Please share what you think about this.

So, stick with your rules and cut your losses on time! Happy trading.


3  Bitcoin / Electrum / [Guide] How to Create MultiSig Electrum Wallet for Beginners on: September 27, 2018, 04:41:27 PM
I wasn't able to find a beginner's guide to creating a MultiSig Electrum Wallet, so I'm going to try to explain how it goes here.

This is the first time I've ever created a multiSig wallet, so I'd appreciate your feedback.

This guide will be specifically tailored to a 2 out of 2 solution, but I think you can easily extrapolate it to any other M out of N signature wallet.

Why would you want to create a MultiSig Wallet?

For one, it improves security. You need both signatures for any outgoing transaction, so if one of the wallets gets compromised, the other hopefully won't be and this may save your coins.  

You can install 2 wallets on 2 different computers by yourself, without any other person involved. In this case, you will control both private keys. This is what I did in this guide.

Of course, you can create this multisig solution together with someone else, for example, with your spouse or friend. In that case, you will control just one of the private keys, while your spouse the other. However, this is NOT the best idea if you ask me, considering how a good marriage (or friendship) may turn sour very quickly.

Multisig wallets are probably the most useful in various business endeavors, where several partners (cosigners) control mutual funds by holding one of the several keys necessary to unlock the funds. Exchanges store the majority of their coins off-line in multisig wallets as well. Some exchanges, like Bitmex, use 2 out of 3 multisig solutions for all customer funds all the time. So there is no doubt that multisig wallets are very useful.

For the purpose of demonstrating this concept (and because I won't use this wallet in real life), I selected my normal PC to install Wallet 1. Wallet 2 was installed in a virtual machine [Linux]. (You can also use a hardware wallet as wallet 2 Ref. [1].)

1) Start the Creation of Wallet 1

This section is essentially just to get the seed and Master Public Key of Wallet 1. We will stop the creation of Wallet 1 half way down the road, to return to it after creation of Wallet 2.

1. Choose New/Restore



2.Give it a name



3. Choose Multi-signature Wallet



4. Choose the number of signatures



The first slider indicates the total number of cosigners (wallets). The second slider indicates how many of them are needed for signing. We have here 2 of 2.

If we wanted to create a 2 out of 3 multisig wallet, it would look like this: https://i.imgur.com/N8CqQre.jpg

5. Choose Standard



6. Write down the seed and store it somewhere safe. Remember, this is equivalent to your private key. Don't share it with anyone.



7. Next comes the Master Public Key (MPK)



The MKP starts with xpub... You should save the MPK in a file and transfer it to the other computer. This is the only thing you should share with your cosigners in case you are creating MultiSig Wallet with someone else.

8. Now it asks for cosigner's info



You can stop here, because you don't have the MPK of wallet 2 just as yet. Just abort the creation.

Two important things are:

a) we have our seed of wallet 1 written down
b) we have our MPK of wallet 1 saved in a file

2) Start and Finish the Creation of Wallet 2

In this step, we go to the second computer and pretty much repeat the steps as for Wallet 1. But now, since we know MPK of wallet 1, we can finish the creation of wallet 2.

For example, we start here:

1.



....

we write down the seed of Wallet 2, and save the MPK of wallet 2 in a file
....

and follow the steps as in the previous chapter to this point:


9.



Here we enter the MPK of Wallet 1 saved from earlier.

This concludes the creation of Wallet 2. You can go to Addresses tab and something like this will appear.



3) Finish the Creation of Wallet 1

We go back to the first computer and finish what we have started with  Wallet 1.

Choose I already have a seed



enter the seed of wallet 1, and then enter MPK2 when asked for it in step 8.

When the creation of Wallet 1 is completed, compare the addresses. They should be the same as in Wallet 2.





Notes

  • The fact that the addresses are equal, means that you now have a working 2 out of 2 multisignature wallet.
  • Anyone can send you coins to one of these addresses. You should learn how to spend coins from this type of wallet, as described in Ref [2].
  • The seed is virtually identical to your private key. Keep it safe. In this guide we own both private keys, so we should probably store them in two different physical locations. For example, you can use a bank's safety deposit box as one of these locations, as indicated in the post of @pooya87 below.
  • If you create a multisig together with someone else, never show them your seed. If you do, they will have full control over the funds.
  • If you create a multisig together with someone else, give them only your MPK. You should also receive their MPK.
  • If you create a multisig together with someone else, show your MPK only to them. If you share it with a third person, they will know all your addresses and you will potentially lose your anonymity/privacy.

References

[1] https://freedomnode.com/blog/109/how-to-create-and-use-a-multi-signature-wallet-with-electrum-and-trezor
[2] http://docs.electrum.org/en/latest/multisig.html



4  Bitcoin / Bitcoin Discussion / A Podcast With Bitcoin App Developer Vortex on: September 17, 2018, 08:34:55 AM
In this post I would like to share a podcast from the What Bitcoin Did series.

It is an interview with Vortex. Maybe you are allready following Vortex on twitter, or you know about his website: http://theonevortex.com/ In any case, Vortex is a Bitcoin application developer, C# programmer, content creator, and speaker. What I like the most with respect to this podcast is his great enthusiasm when speaking about Bitcoin and its future.

You can download and listen to this podcast here:

https://www.whatbitcoindid.com/podcast/2018/08/17/wbd-030-interview-with-vortex

In particular, among other things, you will learn

  • Why Vortex is following only 1 twitter account and whose account that is (even though he has over 50K followers).
  • Why he thinks the LN is the next big thing about Bitcoin.
  • Why he thinks that with the LN, Bitcoin will become a means of exchange, in addition to the current status of being store of value.
  • How active he is in teaching C# developers for bulding Bitcoin applications.
  • In what way will Bitcoin bring democracy to the money space.
  • Why will bitcoin become the word's next reserve currency.
  • and a lot of other interesting things I can't remember right now... Smiley

So check out this podcast, I'm sure you won't be disappointed.
5  Economy / Speculation / Bitcoin Monetization: Gartner Hype Cycles on: September 12, 2018, 01:19:12 PM
I've come across an interesting medium post by Vijay Boyapati I'd like to share.

The post touches upon many aspects of Bitcoin, but what I think is especially interesting is the question of Bitcoin monetization and Gartner hype cycles.

The entire article is great, but in the following I will present some points related to the section called The shape of monetization.

What is a Gartner hype cycle?


Gartner hype cycle is an S-curve that represents the typical phases of adoption of any new technology.


Source: Ref. [1]

1st phase: Burst of enthusiasm of early adopters. Price rises to ATH when speculators also enter the picture. Eventually, the supply of newcomers and speculators is exhausted which leads to a fall.

2nd phase: After the initial enthusiasm, there is a rapid drop and the price reaches a minimum.

3rd phase: A period of slow growth after public derision and prolonged disillusionment in the possibilities of the new technology.

4th phase: Price consolidates to a plateau of productivity. During the fourth stage, people in charge of the technology continue to work and improve away from the media spotlight.

After these 4 phases, the previous hype cycle is over. Again, new people start to join, and the base of adopters grows steadily. New hype cycle is initiated with higher public base and new adopters.

Example of Gartner hype cycle

The author gives an example of this cycle by quoting the price of Gold, from the 1970s to 2000s. This is a typical example of the process of monetization driven by social dynamics.


Source: Ref. [1]

The Four Hype Cycles of Bitcoin (and the Fifth to Come)

According to the author, Bitcoin has already gone through 4 Gartner hype cycles.

1. 0-1 USD: This cycle was driven by cypherpunks and tech savvy people
2. 1-30 USD: This cycle was driven by enthusiast and early entrepreneurs
3. 250-1100 USD: This hype cycle was driven by early retail investors and some institutional investors
4. 1100-19600 USD??: This is the ongoing phase driven by early majority of investors
5. ??: The author expects another major Gartner cycle still to come. This one will be driven by national states that would accept Bitcoin as currency reserve.

Some additional interesting lines from the article:

  • The duration of the current (forth) cycle cannot be predicted, the plateau may be reached at bitcoin price of $50,000.
  • If bitcoin were to have equal market capitalization as gold, it would be worth $380,000.
  • When bitcoin reaches the market capitalization of gold, it will have the same volatility as gold. Several times beyond the marketcap of gold, the volatility of bitcoin will be so small that it will become a medium of exchange in addition to a store of value (which is now).
  • In each hype cycle, the volatility is lower in the plateau phase, while it is higher in the peak and crash phase.
  • Each successive hype cycle brings lower volatility.
  • The fifth upcoming Gartner hype cycle would bring the national states which would accumulate bitcoin as foreign currency reserve. One trillion dollars marketcap is needed before the nation states can start to look at bitcoin as a foreign reserve currency.

What do you think? I have no background in economy to be able to tell if some of these points have any merit, but the case presented looks very strong to me.

The most speculative seems to be the fifth hype cycle where national states start to acquire BTC. Does this make sense to you?

In conclusion, check out the entire article. There are many more Bitcoin related aspects discussed in it.


Ref [1]: https://medium.com/@vijayboyapati/the-bullish-case-for-bitcoin-6ecc8bdecc1
6  Bitcoin / Bitcoin Discussion / 3 Types of Consensus in Bitcoin on: August 29, 2018, 02:34:30 PM
Our education system (or at least in the country where I'm from) is such that students learn very little about the principles and foundation of money. For example, nobody is teaching about the history of money, how it is created, how it works, why it works etc.

Maybe the principles of money are known to economics students, but it is easy to check that the general population knows very little about the concept of money. Given how important money is in everyone's life, this lack of knowledge is really symptomatic. So much so that one has to ask oneself if this is done deliberately to keep the masses ignorant of one of the most important aspects in their lives.

In the following, I want to share a couple of interesting points about how crypto compares to fiat money and where is the important difference. It is about 3 types of consensus inherent to Bitcoin that I learned from the book:

Bitcoin and Cryptocurrency Technologies, Chapter 7. Community, Politics, and Regulation

As the authors state, there are basically

3 types of consensus that any cryptocurrency functioning as money has to have:

  • consensus about rules
  • consensus about history
  • consensus about value

1. The consensus about rules is basically a set of rules the majority agrees to follow.

Fiat money doesn't have this kind of consensus, because the government declares the rules by fiat. It may even change the rules along the way as it sees fit. Great example is the current hyperinflation disaster in Venezuela.

Cryptocurrencies do have this kind of consensus. In Bitcoin, we have a consensus about what makes a transaction valid, what makes a block valid, how new bitcoins are minted, what the total supply is, etc.

2. The consensus about history is actually about record keeping.

Like in the previous point, fiat money doesn't need this kind of consensus. It is enough to physically own money, or the banks can take care of your money and keep a record for you, so there is no need for this consensus.

Cryptocurrencies do need this kind of consensus. In Bitcoin, there has to be a consensus about the history of all valid transactions as well as about the current state of the public record.

3. The consensus about value is a mutual agreement about the value of money.

This consensus is the only consensus both fiat and crypto require in order to function properly. It is about people agreeing that the value of the money they are using will be there in the future.

This consensus equally applies to dollars, euros, and bitcoin. You have to believe that the money you hold will retain its value tomorrow. If many people believe in the same outcome, there is a consensus about value.

Interdependence of the 3 Types of Consensus

Bitcoin (and other cryptocurrencies) have to have all three types of consensus to work as they are supposed to. Moreover, these 3 types support one another. If everyone agrees about valid blocks and transactions, everyone agrees about the state of the public record. As a result, everyone agrees that the currency is not double spent and everyone agrees that the currency will be valuable in the future.

And the other way around: If everyone agrees that the currency will have value in the future, everyone will make sure the consensus rules are followed and the miners have incentive to obey the rules. Then, automatically there is a consensus about the state of the public record.

The ingenuity of Satoshi Nakamoto can be seen, among other things, in connecting these 3 consensus mechanisms and making them work so well in practice to support each other.
7  Other / Archival / 3 Types of Consensus in Bitcoin on: August 29, 2018, 02:31:01 PM
delete
8  Other / Archival / 3 Types of Consensus in Bitcoin on: August 29, 2018, 02:26:05 PM
delete
9  Bitcoin / Bitcoin Discussion / What Bitcoin Did Podcast with Max Keiser and Stacy Herbert on: August 18, 2018, 04:29:43 PM
If you like to listen to bitcoin related podcasts on your way from/to work or school, I'm sure you have already heard of the "What Bitcoin Did" podcast by Peter McCormack.

The website features a lot of quality episodes, but this time I would like to share an episode I enjoyed very much.

It is an interview with Max Keiser and Stacy Herbert (people behind the TV show Keiser report).

They both seem to be bitcoin maximalists and it was really nice to hear so many things that resonated with my own views on bitcoin and other cryptocurrencies.

I know that Max is a sort of a controversial figure, but many of the things that he mentioned in the podcast about bitcoin were spot on. If you are not familiar with Max and Stacy, the What Bitcoin Did website also gives a short summary of their bitcoin related activity as journalists:

Quote
Max first introduced Bitcoin to the Keiser report in 2011; he realised that it was sound money, outside of the control of governments and banks, and The Keiser Report was the only media outlet promoting it. Max has continued to support Bitcoin and is one of the leading voices in the community, confident that the price of a single coin will reach over $100k.
Source: https://www.whatbitcoindid.com/podcast/2018/07/06/wbd-024-interview-with-max-keiser-stacy-herbert

I hope you'll enjoy the podcast and I would like to hear your thoughts.
10  Bitcoin / Development & Technical Discussion / Two Questions About Multisignatures on: August 14, 2018, 12:28:32 PM
I'm a total beginner when it comes to multisig addresses and wallets, so I would appreciate some help from the community.

1. I know that you can make a P2SH (pay to script hash) address that can be redeemed by a multisig script. But can you create a multisig wallet for P2PKH addresses? 

I see that Electrum has this option (it asks for standard vs Segwit multisig wallet). It is somehow not clear to me how the output script is redeemed in the first case, as we have to have a hash of a multisig script, not a hash of a public key.

2. Second, I wasn't able to find a decisive answer, so probably what I'm suggesting is not possible. But it won't hurt to ask.

Let's say I want to make a multisig 2 of 3. Is there a way to make one of the signatures mandatory?

This would be convenient in hypothetical situations like the following. Let's say the money belongs to me, but I want to involve other people (to possibly improve security) so I create a multisig address 2 of 3:

  • the 1st key is held by me
  • the 2nd key is held by a relative
  • the 3rd key is held by a friend.

If the first key is mandatory, my relative and my friend cannot conspire against me and steal my money.

Is there a place in the redeem script for complex logic that is probably needed to define what keys are optional and what mandatory?

After some consideration, it occurred to me that what I'm trying to achieve can be done by a 3 out of 4 multisig:

  • the 1st key is held by me
  • the 2nd key is held by me
  • the 3rd key is held by a relative
  • the 4th key is held by a friend.

so the dilemma is solved, but still the question remains, can there be a mandatory signature in a multisig solution?

Thanks in advance and sorry if some of these questions are dumb or obvious.
11  Bitcoin / Development & Technical Discussion / Consolidating Unspent Transaction Outputs on: August 06, 2018, 01:15:20 PM
I was wondering what's your way of dealing with multiple income that you receive in your bitcoin wallet.

Specifically, how do you manage your wallet in case it contains a lot of smaller unspent transaction outputs (UTXO)?
This could happen if, for example, you are getting paid smaller sums, regularly sent to the same or different bitcoin
addresses you control. Do you make an effort to consolidate these smaller values into a big one sent to
a single UTXO that would hold the total value of your coins?

You could consolidate your funds, for instance, during times when the transaction fees are low and the network is
not congested. What do you think, is there any advantage to this, other than possibly having to pay lower transaction
fees (fewer inputs, smaller transaction size) once you decide to spend the funds in the future.

In fact, for the global UTXO database, an obvious advantage would be reducing its size, becaue you are spending
multiple transaction outputs and consolidating them into a single one. It wouldn't make a huge impact if only you
were doing this, but if the majority of users adopted this practice, maybe it could reduce the size of the UTXO database?

By the way, I'm not sure where the UTXO database is stored. Is it stored on a hard drive, or in the computer's RAM?
I suppose the miners should store it in the RAM (they have to be fast in validating the transactions). Either way, I guess
this practice could save some space.

I can think of one disadvantage too: probably you are leaving a bigger fingerprint that could weaken your
anonymity and privacy. Because, by consolidating into a single UTXO, you are connecting addresses (payments) that
have been potentially unrelated before.

What are your thoughts?
12  Other / Beginners & Help / Your Public Key is Your Identity on: August 02, 2018, 12:15:36 PM
This post is inspired by a chapter from the book "Bitcoin and Cryptocurrency Technologies", called "Public Keys as Identities".

In essence, the authors state that, the closest thing you can have to "identity" in the crypto-world is your public key (or equivalently, its hashed version, which is otherwise known as bitcoin address).

This is certainly nothing new to the more experienced members of this forum, but it can be somewhat confusing for the newbie users.

If you are a beginner, you already know that you have a username and, in addition, you have used an email address to register on the forum. So, at first glance, it might be logical that your identity should be tied to your email address.

However, it is NOT. Don't forget that this is a cryptocurrency forum. There is a better and more secure way in which you can prove your identity. And, it is not connected to your email address.

It has to do with a bitcoin address you own and you have control over. All you have to do is to publish it somewhere (in one of your unedited posts).

In case you need to prove that you are indeed the person who owns your account (for example, in case your account gets hacked), the administrator of this forum requires proof of ownership of that previously published bitcoin address.

In fact, on BCT you can't use your email address to prove your identity even if you wanted to. This inability to prove identity via email address is, surprisingly, something even some of the more experienced users whose accounts have been hacked complain about (from time to time).

But, as already said, your identity is your public key, and I'm not surprised that the administrator of this forum insists on it.

Let's get a little bit more into identities in the crypto space.

If you want to speak to the world on behalf of a certain identity (public key), you have to possess the private key that corresponds to that identity.

This makes a lot of sense, because you can then sign a message by using the corresponding private key and share that message with the world. The world can then verify that it is indeed you, the identity behind that public key, by verifying the signature.

So, again, in the crypto-world, your identity is your public key. Moreover, you can have a lot of public keys (aka bitcoin addresses), and this has as a consequence that you can create numerous identities.

You can use a certain identity for a couple of days and decide to switch to another identity after that.

In the real world, your identity (your identity document) has to be managed by a central authority. And this identity is permanent, or at least not so easy to change.

In the crypto world, your identity is managed by you in a decentralized way, and you can change it as many times as you like.

This loose sense of identity doesn't mean that you are totally anonymous or that you have total privacy. The reason is that your crypto identity leaves traces and behavioral patterns that can be traced and can lead back to your real-world persona.

You can read more about privacy/anonymity in bitcoin here.

Now, because your identity is essentially a random 26 to 35 alphanumeric sequence, you might be wondering if another person could possibly assume the same identity as yours (the technical term is collision). Even if you change your identity 1000 times every day, chances of this happening are negligible. In fact, here is a nice illustration of how impossibly difficult a collision with another bitcoin address is:

Quote
... if all the land on earth became as densely populated as Manila, the densest city in the world, and everyone generated 1000 addresses per day, it would take 184,025 years on average for the same address to be generated twice...
Source: https://www.reddit.com/r/Bitcoin/comments/790e9j/the_probability_of_the_same_bitcoin_address_being/


In conclusion, if you are a beginner, to be able to verify your identity in case of unforeseen circumstances, do the following:

 1) learn how to sign a message with your bitcoin address from this excellent tutorial.

 2) sign a message of a predefined format (as explained in step 1) and post it here.

Now you can then be sure that you can prove your identity in case such a proof is needed.

Edit: Revised according to the corrections indicated in @pooya87's post below.
13  Bitcoin / Bitcoin Discussion / Satoshi Moving on to Other Things on: July 20, 2018, 05:59:20 PM
In the book "Digital Gold: Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money", its author (Nathaniel Popper) quotes a couple of emails sent by Satoshi to other members of the early Bitcoin community. This was apparently right before his disappearance from the forum. Here is the excerpt:

Quote
The author of the Bitcoin software hadn’t posted to the forums since December, but he had continued to e-mail with a select number of developers, including Gavin, Martti, and Mike Hearn, a Google programmer in Switzerland, who got drawn into the project after the WikiLeaks blockade. In late April Hearn politely asked how involved Satoshi intended to be moving forward.

“Are you planning on rejoining the community at some point (e.g. for code reviews), or is your plan to permanently step back from the limelight?” he asked.

I’ve moved on to other things,” Satoshi wrote back. “It’s in good hands with Gavin and everyone.”
[...]
Satoshi’s final e-mails went to Martti, whom Satoshi asked to take full ownership of the Bitcoin.org website.

I’ve moved on to other things and probably won’t be around in the future,” Satoshi wrote to Martti, in early May, before transferring the site to Martti and disappearing into the ether.
[emphasis mine]

Source: https://www.amazon.com/Digital-Gold-Bitcoin-Millionaires-Reinvent/dp/006236250X

I couldn't help noticing that Satoshi announced that "he had moved on to other things" on two different occasions.

What do you think these other things could be? From the context, it sounds these things are unrelated to Bitcoin. Maybe he was working on other projects where programming skills were needed.
This can also be interpreted as Satoshi being more or less satisfied with the development of Bitcoin and confident in its intended future.

I know that this is very speculative and impossible to know with certainty, but I would like to hear your opinion.
14  Bitcoin / Development & Technical Discussion / Valid 256-bit Private Keys (Not All of Them Are) on: July 08, 2018, 06:20:18 PM
Some time ago I did a post about creating a private key by flipping a coin. Recently, I stumbled upon this video related to Elliptic Cryptography, in which the author goes through a simple python code [1] for generating Bitcoin public key from a known private key.

Among the other interesting details, the author mentions that NOT every 256-bit private key is acceptable as an input for his script, which made me thinking about my previous (coin flipping) post.

(Note: I recommend watching this video even if you don't know anything about python programming. You may learn a lot about how the math of Elliptic Cryptography works, which is what protects Bitcoin in the first place.)

At first, this looked strange, but then I found this post which confirmed that the number of possible private keys is less than 2256.

So it turns out that this is a fine detail related to Elliptic Curve math, so when you flip a coin, a very small subset of private keys won't fit into the Bitcoin's derivation scheme.

The probability of getting one of these unacceptable private keys by flipping a coin is so minute, that it's not worth considering. Still, one should know about it.

Let's see how come this is even possible.

Some Elliptic Curve Examples

Bitcoin uses the following elliptic curve formula [2]:

y2 = x3 + 7

The curve looks like shown below (if you plot it over real numbers):



(plotted on https://www.desmos.com/calculator)

Bit in Bitcoin, we don't use real numbers for x. In Bitcoin, we have to restrict x (x is on the horizontal axis) to a discrete set (field) of positive integers.

Because of this discrete nature of x, the curve above is no longer a curve but a set of points. Each point has an x and y coordinate, like this (please note that this is only an illustration on a much smaller field, the image is taken from reference [3]):



The number of points, albeit very very large, is finite. There are several very important points, and one of them is called generator point or base point:

G=(Gx, Gy)

Just like an illustration as to the exact position of G, here are the coordinates of the generator point:

Gx= 55066263022277343669578718895168534326250603453777594175500187360389116729240
Gy= 32670510020758816978083085130507043184471273380659243275938904335757337482424

Now, if you have a private key (Priv), the way you obtain your public key (Pub) by multiplying the generator point with your private key Priv:

Code:
Pub = Priv * G,

or equivalently, we can replace the operation of multiplication with addition:

Code:
Pub = G + G + G + ...... + G
 (Priv times)

We won't go into details here, but when you add G to itself (G+G), you end up on another point in the graph above. And then you continue adding another G. In a nutshell, your private key is a very large number, while you public key is a point on this graph where you end up after a huge number of additions (starting from the generator point).

It turns out that the maximum number of additions of G to itself is predetermined by the field itself and is expressed by another properties of this field called order N of G [4]:

N is very large:

Code:
N = 115792089237316195423570985008687907852837564279074904382605163141518161494336

If you add G to itself N+1 times, you will leave (break) the graph, so the private key has to be a number between 1 and N.

Back to coin flipping.

When you flip a coin there are exactly 2256 possibilities, and 2256 distinct private keys can be generated. How large this number is? It is somewhat larger than the order N of G:

Code:
the number of possible private keys generated by coin flipping = 115792089237316195423570985008687907853269984665640564039457584007913129639936

So out of all possible combinations that produce a private key, about this many are not acceptable:
Code:
432420386565659656852420866394968145600

It may look like a huge number, but it's not. Not, given the size of the entire space (2256).

NOT that this will ever be the case, but if you use coin flipping for your private key and get a number with a lot of leading 1s, like this:

Code:
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111010111010101011101101110011100110101011110100100010100000001110111011111111010010010111101000110011010000001101100100000101000001
it won't be a valid private key. (Fewer leading 1s in your private key are fine, but more 1s won't be acceptable as well).

References:

[1] https://github.com/wobine/blackboard101/blob/master/EllipticCurvesPart4-PrivateKeyToPublicKey.py
[2] https://en.bitcoin.it/wiki/Secp256k1
[3] https://bitcoin.stackexchange.com/questions/21907/what-does-the-curve-used-in-bitcoin-secp256k1-look-like
[4] https://www.coindesk.com/math-behind-bitcoin/


Edit: @achow101, in the discussion below, helped me realize that the usual notation for N is n. Mind this if you consult literature. Moreover, all private keys are modulo n (akka N above). This means that software producers can and should take this fact into account. If the private key is larger than n (akka N above), they can compute the following simple operation: "private key modulo n (akka N above)", and get a valid private key. If you flip a coin and it happens that you get one of these large private keys, you can do the same by hand.
15  Bitcoin / Development & Technical Discussion / How bad (or good) my privacy is if I run a SPV wallet? on: July 03, 2018, 05:19:03 PM
Obviously, if I run a full node, I can query the copy of the public ledger locally, and my privacy is very strong. Nobody but myself is able to see what addresses I'm interested in.

On the other end of the spectrum, if I let some centralized system (web wallet) hold my keys, then obviously I have given up my privacy.

But what about if I run a SPV client (wallet)? Then the client has to rely on other full nodes in the system to query for addresses. And let's suppose that the nearby nodes are honest and that I'm not concerned with security. But what about privacy? Can it potentially be compromised by say some third party intercepting my queries and collecting a list of my addresses?

In particular, Electrum, as far as I know, is SPV wallet. How strong my privacy is with Electrum?
16  Bitcoin / Alternative clients / [Guide] How to Create a Watch-only Wallet (for Electrum) on: June 30, 2018, 06:34:34 PM

Watch-only wallet is a great way to safely "watch" the status of your wallet and the history of your transactions from your "ordinary" computer connected to the internet. At the same time, your private keys remain hidden in an off-line, air gapped computer (cold storage).

This post is a guide how to create a watch-only wallet for the current version of Electrum (3.1.3).

We will assume that you already have an air gapped computer with your Electrum wallet on it. If you don't, check out this post about what it means to create an air gap and then install a new Electrum installation on it, making sure you have the genuine Electrum software.

1. Go to the air gapped computer. The only thing you have to do there is exporting your master public key. Knowing the master public key is enough to reproduce all Bitcoin addresses associated with your wallet.  Click on Wallet --> Information like this:



and then copy the provided Master Public Key that starts with xpub...:



Copy it onto a USB flash to be transferred to your online computer.

2. Go to the online computer. You should have another Electrum installation there. Click on File --> New/Restore:



3. Give a name to your new watch-only wallet.



4. Choose Standard Wallet:



5. Choose Use a master key:



6. Paste the previously exported master public key:



7. You may choose a password to encrypt this wallet:



8. And now there's a message telling you that this wallet you've created is watch only:



As it says, you won't be able to spend bitcoins with it, but you will be able to monitor your funds and transactions.

For example, if you expect a payment, you will see it there, and you won't have to start up the air gapped computer for that.

Moreover, you will be able to prepare transactions and save them on a file to be signed by your air gapped wallet. Then the signed transactions can be brought back to your watch only wallet to be broadcast to the Bitcoin network. This is very useful, because you never put your air gapped computer in danger by connecting it to the internet. But we won't go into that in this guide.

Note: Your master public key should always be kept hidden. If an attacker steals it, they will know all your public keys associated with all your addresses. While they won't be able to steal your bitcoins, your privacy will be compromised.

Useful Link:

http://docs.electrum.org/en/latest/coldstorage.html
17  Bitcoin / Development & Technical Discussion / Several Questions About Selfish Mining on: June 27, 2018, 08:41:09 PM
I have some questions about selfish mining. I could have researched this topic myself, but I want to hear what the community has to say and it is
obviously easier to get a direct answer (so thanks in advance). Just to reiterate for the beginners, selfish mining is a situation where a large pool
or group of miners decides not to broadcast a newly mined block and keep it for itself (for some time at least) and then selectively release it. That way
they will have a comparative advantage of building on top of it, which may or may not pay off.

Questions:

1. Has there ever been a case of selfish mining of bitcoin so far? Or are we are talking about a purely theoretical situation (at least up to date)?

2. How does the selfish miner decide when to release the block and when to keep it? The rest of the network may find a new solution in
the first millisecond after theirs, and they have no way to tell when it could happen.

3. Can selfish mining be performed covertly? Because today we have only a couple of really large pools that could pull this off. The pool operator
may decide to selfish mine, but then all the users of that pool will know, so it would have to be done openly.

4. Associated with the previous question, how could one detect selfish mining? Can an increased number of orphaned blocks be an indicator?

5. If I understand it correctly, the theoretical threshold for selfish mining is somewhere around 33 percent of total network hash power.
But it seems to me that theory doesn't take into account electricity bills, salaries, volatility of bitcoin, or any other expenses the miners may have.
Is there an estimate what would be the practical limit for selfish mining? If it approaches 50 percent, selfish mining shouldn't be a problem in itself.

6. While the amount of power needed to perform selfish mining in Bitcoin is huge, for some of the countless altcoins it is not. Is there a documented case
of selfish mining for some of the altcoins?
18  Bitcoin / Development & Technical Discussion / Types of Attacks on a Hashing Function and How They Apply to Bitcoin on: June 23, 2018, 07:34:46 AM
This post is my attempt (from my beginner's point of view) to understand the possible types of attacks on a hashing function, especially Bitcoin's SHA256 function. It's a difficult subject and I would appreciate any help from the community.

Bitcoin uses hashing a lot, and obviously the security of the entire system is tied to the security of its Hashing function(s). It's worth noting that most of the time Bitcoin uses SHA256, and not only once but twice, like this: SHA256(SHA256(x))

There are some typical attack scenarios that one can read about in the literature and here on this forum, so I wanted to see if I can identify them and indicate why they are important:

1. Preimage attack
2. Second preimage attack
3. Collision attack
4. Birthday attack
5. Length extension attack


1. Preimage (sometimes referred to as First preimage)

This one is the easy to understand.

A hashing function H produces a hash like this:

Code:
H(x)=y

In the above formula, y is the end result (the hash), while x is the thing being hashed.

A good hashing function has to be resistant to preimage attacks. It merely means that you cannot find x (the thing being hashed) if you know y (the hash).

In other words, the hashing function should work in one (forward) direction only.


It is important to note that this is not an absolute claim. If you invest enough time and computational power (brute force), you should be able to perform any of these attacks successfully (even though the time and computational power needed might be inconceivably high at present). The main thing is that there should be resistance against all possible patterns, methods, or systems that the attacker could use to speed up the brute force process.

How Could Preimage Attack Affect Bitcoin?

Bitcoin uses the SHA256 hashing function, for example, in mining. If SHA256 weren't first preimage resistant, the attacker would be able to find the block header based on the desired hash with enough zeros at the beginning (the target) and gain huge advantage over the other participants in the process.

2. Second Preimage

The second preimage means that if you know x (such as H(x)=y) you shouldn't be able to find another x' that produces the same hash y (such as H(x')=y). In other words:

Code:
given x it's hard to find x' so that H(x)=H(x')

The point here is that your knowledge of x shouldn't be enough to find another x' that produces the same hash, making your hashing function second preimage attack resistant.

(If the hashing function isn't first preimage resistant, it is also very likely not a second preimage resistant.)

How Could Second Preimage Attack Affect Bitcoin?

This is not obvious at first sight. I found this post

https://bitcointalk.org/index.php?topic=928202.0

which I think explains why second preimage resistance is important in Bitcoin and what would happen if it was compromised

The key difference to the two scenarios is what is known to the attacker.  In the first the attacker only has the hash. A good example would be cracking a password.  In the second the attacker has the original input. A good example would be producing a "counterfeit" txn/block/merkletree/pubkey which results in the same hash as an existing one to spoof the network and steal funds.

In Bitcoin every use of SHA256 relies on second not first preimage resistance to provide security.  The input is already known so the interim hash can be computed.  The second hashing step provides no security because if the attacker finds a second input which produces the same interim hash as the target then they both will obviously produce the same final hash.  It is possible that double hashing may harden a hash against first preimage attack but that doesn't enhance the security of Bitcoin.

So Bitcoin seems to rely on good second preimage resistance, as otherwise the transactions or merkletree construction could potentially be compromised.

Also, because of this, Satoshi may have used two hashing functions (one after another), for example, to produce a bitcoin address.

Code:
RIPEMD160(SHA256(public key))

In that sense, if RIPEMD160 was broken against second preimage attack, SHA256 would still hold.

3. Collision Attack

Collision attack is similar to the second preimage attack, but more general. It says that it is not possible (or rather computationally not feasible) to find any pair of x and x' that produce the same hash.

The important to know here is that the hash is not known in advance (nor is any of the inputs x or x'). So the attacker is free to generate and collect a list of hashes searching for a collision.

If the hashing function is prone to a second preimage attack, it will be prone to collision attack, but not the other way around.

How Could Collision Attack Affect Bitcoin?

Obviously this should not really be a problem for Bitcoin and has been discussed many times before. An example would be when one generates private keys trying to find a collision with a known bitcoin address or addresses and spend the funds.

4. Birthday Attack

Birthday attack is very similar to collision attack, but the inputs are truly random. This is unlike the previous scenario where the form of the private keys is not random and have well defined properties (such as the size of the private key).

How Birthday Attack Affects Bitcoin?

This attack is not really applicable to Bitcoin.

5. Length-extension Attacks

If you know y (H(x)) but you don't know x, with attack of this kind you can calculate H(x||y). || means  "extended by some value". Which is not a problem in itself, but there seem to be some cases (not in the implementation of Bitcoin) where security is broken.

How Could Length-extension Attacks Affect Bitcoin?

Some people claim that Satoshi wanted to make sure no single detail is missing so he used double hashing in the block header SHA256(SHA256(block-header)) to prevent exactly this attack.



This post was my attempt to explain certain cryptographic terms (primarily to myself). I hope if something is wrong with some of the claims or conclusions, someone will correct me.

References:

https://en.bitcoin.it/wiki/Hashcash
https://crypto.stackexchange.com/questions/1173/what-are-preimage-resistance-and-collision-resistance-and-how-can-the-lack-ther
https://crypto.stackexchange.com/questions/779/hashing-or-encrypting-twice-to-increase-security
https://bitcoin.stackexchange.com/questions/8443/where-is-double-hashing-performed-in-bitcoin
https://bitcoin.stackexchange.com/questions/4317/why-does-bitcoin-use-two-rounds-of-sha256?rq=1
19  Bitcoin / Alternative clients / Plausible Deniability: BIP-39 and Electrum Wallet on: June 02, 2018, 09:12:57 AM
In "Mastering Bitcoin" Andreas Antonopoulos talks about seed derivation in a BIP-39 compatible wallet (e.g., Trezor) from a mnemonic phrase + salt.

The mnemonic (typically 12 words phrase) is derived for you automatically by the wallet. (Or you can provide it yourself as discussed in this post.) The standard allows adding some salt words at the end, and then the seed is generated. It is derived by repeatedly hashing the combination of mnemonic phrase + salt with a key stretching function called PBKDF2.

Code:
PBKDF2(mnemonic phrase + salt)=seed
The principle is illustrated in this image [1]:


Every salt we choose to extend the initial mnemonic phrase yields a different seed, which means each time a totally different (HD) wallet is obtained with different public and private keys.

Andreas Antonopoulos mentions the possibility to use this salting procedure to create a situation with 2 wallets derived from the same mnemonic phrase. This will serve as a form of plausible deniability to help us protect our wallet in case of attack.

Here is what he says:

Quote
A form of plausible deniability or "duress wallet," where a chosen passphrase leads to a wallet with a small amount of funds used to distract an attacker from the "real" wallet that contains the majority of funds. [1]

Now, Electrum does not follow the BIP-39 standard, but we can use more or less the same trick with Electrum as well.

Here is how I think it could work (please feel free to correct me if this guide is wrong at some point):

Step by Step Guide for Electrum

In principle, we can use one and the same computer with the same Electrum installation, but it is much better to have Electrum installed on 2 computers: computer A which can be air gapped and serve for cold storage and computer B - any other computer.

Computer A

1.
Here we create the wallet that will keep the majority of our funds. It should preferably be on an air gapped computer. Verify your Electrum installation files (if you don't know how, here is a guide how to do that on Windows and LInux).  Check "Standard wallet" and click "Next"


2. Choose "Create a new seed" and click "Next"


3. For Seed type choose "Standard" and click "Next"


4. Write down the mnemonic phrase


5. Then choose Options and mark the checkbox like this:


6. Enter the passphrase you are going to extend your mnemonic with.


I think you can choose something easy to remember, it doesn't have to be a complicated password. The point here is not to increase the entropy or improve the cryptographic security. The point is to create a totally different wallet from the same initial mnemonic phrase.

7. Now confirm the seed


8. Then confirm the passphrase


9. You may encrypt the wallet if you like

At this point, it is important NOT to confuse the wallet encryption with the mnemonic seed extension from the previous steps. They are two very different things with two different purposes.

10. Now you have installed your real wallet on the air gapped computer.

Computer B

11. Go to the other computer, probably the one you use daily.

12. Rather than creating a new seed, choose "I already have a seed"


13. Enter the same mnemonic from before, but now don't click on "Options" and don't extend it with a passphrase.

14. Finish the remaining steps and again, you can encrypt this wallet too if you like.

Similar procedure can be followed for a BIP-39 type of wallet.

What have we achieved?

We have created 2 wallets from the same initial 12 words. They hold different keys and different addresses, which is easy to check.

Our real wallet with (hopefully) significant funds is extended with a passphrase.

The other, decoy wallet, is not extended at all. It may hold small amount of funds which you can afford to lose in case of attack.

Say someone (a possible attacker) came into possession of your mnemonic. After all, there's no other way but to keep this phrase on paper (or in memory which can be risky).

So, in case of attack, you can give the attacker access to your fake wallet, while your main wallet remains protected.

You can also feel more at ease, having several copies of your mnemonic at different locations, and knowing that compromising the security of your mnemonic is not the end of the world.

I would appreciate your thoughts, and especially if there's something that is not done correctly.


Reference:

[1] https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc


20  Bitcoin / Electrum / How to Verify Your Electrum Wallet on Windows on: May 23, 2018, 06:20:36 PM
Verifying your Electrum Wallet is essential to make sure that no one has modified the original source code.

Recently I saw this 2-step guide for linux, and if you use linux it is very simple and straightforward.

But if you use Windows, which many beginners do, the process is a little bit more complicated.

This is a step by step guide how to do that on Windows 7 with the latest electrum 3.1.3.

1. Go to PGP4Win website and download pgp for windows.

https://www.gpg4win.org/get-gpg4win.html

Note: You don't have to donate anything (choose $0) but you can if you would like to support the project. Once the file is downloaded, install the package. The default options are fine.

2. Download the Electrum setup file. Go to the Electrum website:

https://electrum.org/#download


Download the Windows installer and the signature file (right click on signature and "save link as...")

At this point you should have these two files somewhere on your computer: 

electrum-3.1.3-setup.exe
electrum-3.1.3-setup.exe.asc

For now,  don't install Electrum. We have to check it first.

3. Next step is to get the ThomasV's ID key. It is 7F9470E6 (this is the short id of his public key)

If you don't believe me (and you shouldn't probably since you don't know me), you can see it for yourself. Go to the download page of Electrum once again. Find the line near the top saying:

Sources and executables are signed by ThomasV.


Click on the ThomasV. link.

You will land on the following page:


where the keyID of ThomasV. can easily be identified.

4. Open the windows command prompt [(Win + R keys) and then type cmd].

Navigate to the folder where your downloaded electrum-3.1.3-setup.exe and electrum-3.1.3-setup.exe.asc files are

5. Import the ThomasV's key.

Code:
gpg --keyserver pool.sks-keyservers.net --recv-keys 7F9470E6

6. Finally, verify the setup file:

Code:
gpg --verify electrum-3.1.3-setup.exe.asc electrum-3.1.3-setup.exe

(Note: the order is important, first the signature file, then the file to be verified)

If the installation file is genuine, the output of the above command should contain a line like this:

Code:
gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>"

If the output contains a line like this:

Code:
gpg: WARNING: This key is not certified with a trusted signature!

you can safely disregard the warning.

Now you can be sure that the downloaded Electrum is indeed legit, and you can safely install it on your system.
Pages: [1] 2 »
Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!