 Show Posts
|
|
Pages: [1] 2 »
|
I am looking at how Bitcoin signs transactions in the src/key.cpp file, in particular the RAII wrapper around the OpenSSL implementation of ECDSA. In the function bool CECKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig)
I see the regular call to ECDA which returns the signature in sigECDSA_SIG *sig = ECDSA_do_sign((unsigned char*)&hash, sizeof(hash), pkey);
However, after that there are some additional manipulations of the signature BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
const EC_GROUP *group = EC_KEY_get0_group(pkey);
BIGNUM *order = BN_CTX_get(ctx);
BIGNUM *halforder = BN_CTX_get(ctx);
EC_GROUP_get_order(group, order, ctx);
BN_rshift1(halforder, order);
if (BN_cmp(sig->s, halforder) > 0) {
// enforce low S values, by negating the value (modulo the order) if above order/2.
BN_sub(sig->s, order, sig->s);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
What purpose do these manipulations serve? If one were to remove that code snippet, would that invalidate the signature? Or would that leak information about the private key? |
|
|
|
|
For those of use who want to keep using the official client but are worried about the growing blockchain size, are there any plans to add simple payment verification (SPV) to the official client similar to what is done in bitcoinj?
Is the current lack of support for SPV due to lack of developer time and resources, or are there still any unresolved security issues?
|
|
|
|
|
Here is a scenario:
Person A wants to make a payment to person B. In order to save money, A issues a transaction T1 with no fee, but the transaction does not get included in the blockchain for a few hours. Person B grows impatient, and demands A pay him immediately for the service. Left with no choice, A issues another transaction T2 with a fee that gets included in the blockchain immediately. However, T1 lingers around for a few more hours, and as soon as space opens up in the blockchain, it is included as well, thus resulting in a double payment to B.
This scenario I think will become increasingly common in the future as transactions with insufficient fees linger around for a long time. To address the problem, I propose adding an expiration (time-to-live) time field to transactions, which disables transactions from being included after a specific block number. If a transaction isn't included in the blockchain before its expiration block number, it will just be disallowed. In other words, any block containing expired transactions will be considered invalid.
It would perhaps be prudent to add an expiration time of 6 blocks from current block to all transactions so that they don't keep clogging the network if they can't be included in a reasonable amount of time.
|
|
|
|
An article in the Chicago Tribune: http://www.chicagotribune.com/news/politics/sns-rt-us-financial-bitcoitre7573t3-20110608,0,6328122.storySome interesting bits: Two senators are pressing federal authorities to crack down on an online black market and "untraceable" digital currency known as Bitcoins after reports that they are used to buy illegal drugs anonymously.
Silk Road buyers pay with Bitcoins and sellers mail the drugs, the Gawker blog reported. The transactions leave no traditional money trail for investigators to follow, and leave it hard to prove a package recipient knew in advance what was in a shipment.
The DEA is "absolutely" concerned about Bitcoins and other anonymous digital currencies, agency spokeswoman Dawn Dearden said when asked for a response to the senators' concerns.
A discussion thread this week on the primary Bitcoin forum was titled "Will Mt. Gox US Bank accounts eventually get frozen?" Some speculated that if the government bans transactions involving Bitcoin exchanges, a layer of shell companies might allow them to continue.
This article simply confirms my thesis that Silk Road was not really the original target here, but merely a pretext to shut down bitcoin. I will not be surprised if in the near future they create child pornography sites that are also using bitcoins to further shift public opinion against bitcoins. |
|
|
|
|
I bought most of my bitcoin back when they were 90c. I never imagined that a few months later they would be worth 20 times more. I would have been satisfied with an appreciation of 10-20% - after all that is far more than what my bank pays.
How much higher does the price need to go for you to cash out of your bitcoins? What are the reasons why you are not selling now? Is it that you expect the currency to appreciate further? Or are there any other reasons why you are not cashing out?
|
|
|
|
|
I know many previous false alarms for a bubble have been raised, but I'd like to discuss a possible explanation for the rapid appreciation in prices.
Currently Mt Gox has no limit on how much money can be deposited, but there is a limit on how much money can be withdrawn. This means that the inflow of funds is unrestricted, but the outflow is restricted. Could this assymetry be part of the reason why bitcoins are appreciating so wildly?If traders were allowed to withdraw large amounts from the exchange, wouldn't prices be more stable?
Does this sound plausible?
|
|
|
|
Bitcoin just appeared on Al Jazeera: http://english.aljazeera.net/video/americas/2011/06/20116655012909169.htmlTwo US senators are asking federal authorities to crack down on an online narcotics market that accepts 'virtual' currency.
The 'Dark Web', an anonymous and secretive online community that trades in heroin, cocaine and methamphetamines among other drugs, has been operating unhindered for months.
The two senators have written to the US Justice Department and Drug Enforcement Administration asking them to shut down and investigate the site.
Al Jazeera's John Terrett reports.
|
|
|
|
Has anybody considered implementing Bitcoin in the browser on top of WebRTC? Google WebRTC, all open source, is part of the web revolution that allows one browser to talk directly to another without the need for a server getting involved.
Source: http://tech.slashdot.org/story/11/06/02/1541246I think having something like that would be really cool and very convenient. One wouldn't need to worry about downloading a separate bitcoin client, but could simply load up the application in the browser and be good to go. Here is another article discussing WebRTC: Can my browser speak to your browser?
Written by Harry Fairhead
Monday, 09 May 2011 00:00
New P2P and real time communications APIs currently under development by W3C could revolutionize the architecture of the web and the way users can interact with one another.
Currently the web is mostly a client-server architecture. That is the web browser connects to a server to download a page or any data for that matter. Servers are the single source of information on the web and browsers are their clients. This could be all about to change and so bring about the biggest revolution since the web was invented. If you think HTML5 or Ajax are important, then the new P2P and real time communications APIs that are under development by W3C should open your eyes to the fact that it is a much bigger world out there than you have so far dreamed of.
Source: http://www.i-programmer.info/news/81-web-general/2402-can-my-browser-speak-to-your-browser.html |
|
|
|
|
I deposited a large number of bitcoins into MtGox thinking that it would be very easy to move them out, however, I just discovered that there is a daily limit of how many bitcoins you can withdraw. Now my bitcoins are stuck there, and I will have to withdraw them over a period of several days. I understand there are laws limiting how many dollars may be withdrawn daily, but why is it necessary to also limit the number of bitcoins that can be withdrawn?
Also why is the limit placed on withdrawals but not deposits? Shouldn't the user be warned before depositing their money that they may not be able to withdraw it as easily?
|
|
|
|
|
Is it possible to disable the default behavior of the current bitcoin client to have a new address every time bitcoins are received? I know it is a feature that serves to better preserve anonymity, but I am not that worried about anonymity, and I would rather keep all my bitcoins in a single address, and avoid having redundant addresses in the client.
|
|
|
|
|
Since every user stores a complete copy of the block-chain, in principle it should be possible to query the balance for any address, not just addresses belonging to the current user. Is there a remote procedure call for bitcoind that allows the user to query the balance of a public address?
|
|
|
|
I am trying to test bitcoinj on Ubuntu, but I am having some trouble. I am not experienced with Java delvelopment, so maybe I am missing something obvious Here are the steps I follow to build bitcoinj sudo apt-get install libslf4j-java
svn checkout http://bitcoinj.googlecode.com/svn/trunk/ bitcoinj
cd bitcoinj
ant
The last command results in the following error: Buildfile: ~/Desktop/Dev/bitcoinj/build.xml
init:
compile:
[javac] Compiling 814 source files to ~/Desktop/Dev/bitcoinj/out
[javac] ~/Desktop/Dev/bitcoinj/src/com/google/bitcoin/core/Block.java:25: package org.slf4j does not exist
[javac] import org.slf4j.Logger;
[javac] ^
[javac] ~/Desktop/Dev/bitcoinj/src/com/google/bitcoin/core/Block.java:26: package org.slf4j does not exist
[javac] import org.slf4j.LoggerFactory;
[javac] ^
How can I get it to find the slf4j package? Thanks. |
|
|
|
|
Ubuntu 11.04 was just released, and I upgraded to it. But after the upgrade, I am unable to start the bitcoin client any more. Anybody experiencing a similar problem?
EDIT:
Just to clarify, this only applies to the GUI. The command line client works just fine.
|
|
|
|
There is an interesting pattern on bitcoin monitor:  Any idea on what is generating so many consecutive 100 BTC payments? |
|
|
|
|
MtGox dominates the Bitcoin trade volume, and its centralized nature makes it a single point of failure. Any action against MtGox will hurt the liquidity of bitcoins by making it more difficult to convert to dollars, thus hurting people's confidence in the currency.
Is anybody working on creating a decentralized trading platform? Maybe a good idea would be to design a web interface around bitcoin-otc and its web of trust (without requiring specialized IRC knowledge), where people can execute trade orders between themselves rather than having to deposit and withdraw funds into a central entity? So the function of the exchange will only be record keeping, rather than dealing with funds transfers. In that way even if the central record keeping server gets blacklisted or banned, it can be backed up and redirected to multiple mirror locations around the world a la wikileaks. In this way people will retain their ability to trade in bitcoins among themselves, and the liquidity of bitcoins will not be affected by a ban.
|
|
|
|
|
