[Bans IP addresses that misbehave for a time lapse (24 hours default)]

I have not looked at the code for bitcoind, and my Google searches have returned the following information for the anti-DDoS protection against spamming of invalid (signature or otherwise) transactions:

• If they've connected to a machine that has the wallet containing the key of the original txOut whose owner they're trying to find, that node will disconnect them as a misbehaving node, because the keys they provide don't match.
• If they've connected to a machine that doesn't have the wallet containing the key to the original txOut, That node will just reject the transaction due to penny-flooding prevention and no fees.
• Because they can tell which thing happened, they can tell whether the node at this IP address owns, or owned, the address corresponding to the original txOut.

A txn with an invalid signature will be invalid to all nodes.   All nodes validate signatures of txns and will not relay invalid txns.  A node sending invalid txns will be seen as misbehaving and will be banned.  Wallet behavior is different than node behavior.  A node should respond consistently based on what is known publicly (regardless of what private keys are in the local wallet or even if there is a local wallet).  If that isn't the case then there is an information leaking bug.  There was a 'penny flood' bug in the past but it didn't involve invalid signatures and has been patched consistently as of v0.80 (plus some earlier versions).

And it looks to me like a node that repeatedly sends a tx with an invalid transaction [sic] signature, gets disconnected AND DoS banned, and if the sender tries to reconnect any time in during the next 24 hours, the connection gets rejected.

Exactly.  All nodes verify txns before relaying thus all nodes will ban a node sending a txn with an invalid signature.

Full nodes are run by many users not just miners. In other words, every user who runs Bitcoin core and has opened outbound connections are running full nodes. See https://getaddr.bitnodes.io.

So if a node checks the new block and rejects it, that would prevent propagation of it, right? So if (I'm just guessing here) a typical miner connects to 10 nodes when mining, and those nodes are responsible for broadcasting the new block out to everyone else, then only those 10 nodes would really need to ID the false transactions and fail to pass the invalid block along?

Thanks for explaining guys!

Also, regarding your other question:

is there a shortcut to verifying each send address is real and had the funds?

Yes.

Bitcoin does make use of a "shortcut".

Specifically there is no such thing as a "sending address".

Instead transactions spend and create unspent outputs, and every node maintains an indexed list of all the currently unspent transaction outputs (commonly called the UTXO list).

When you "receive bitcoins at an address", what actually happens is that a transaction creates new unspend outputs that are encumbered with a requirement to supply an ECDSA signature generated with a particular private key in order for those unspent outputs to be used to fund a future transaction.

When you "send bitcoins to an address" You supply a list of the unspent outputs that you are spending, and a valid signature for each of those outputs.  Each node searches their indexed UTXO for each of the unspent inputs in your transaction.  If you are using a UTXO that they don't have in their list, then they won't propagate your transaction.  Then when each node receives a block, they check every transaction in the block in the same way as each transaction input is checked against the UTXO list, it is then removed from the list, and any new outputs created by the transaction are added to the UTXO.

Therefore, you can't create a transaction "1MickeyMouse34fg4...  sending 10,000 BTC to 1YVEndj8D...".  You would have to create a transaction:

• List of inputs that nodes will find in their UTXO
• Valid Signatures for each input
• List of outputs created by the transaction
• Scripts for each output that describe what the requirement is for it to be included as an input in the future

https://en.bitcoin.it/wiki/Weaknesses#Denial_of_Service_.28DoS.29_attacks

5. Keeps a DoS score of each connected peer and disconnects from a peer that send messages that fail to comply with the rules.
6. Bans IP addresses that misbehave for a time lapse (24 hours default)
7. Uses a signature cache to prevent attacks that try to continuously trigger the re-verification of stored orphan transactions (protects from https://bitcointalk.org/index.php?topic=136422.0 attack)
8. Limits the number of stored signatures in the signature cache (50000 signatures by default)
9. Tries to catch all possible errors in transactions before the signature verifications take place, to avoid DoS attacks on CPU usage.
10. Penalizes peers that send lots of duplicate/expired/invalid-signature/whatever alerts, so they eventually get banned.

Five questions:

A) Thus am I correct to conclude that bitcoind bans IP addresses ("24 hours default") of peer nodes which too often send invalid signature transactions?

B) And I am correct to conclude that there is no less resource intensive algorithm to determine that an otherwise valid transaction (i.e. has valid UXTO, etc) has an invalid signature other than to expend the CPU resources to validate the signature (which is apparently on the order of up to 50,000 verifications per second on a late model top-of-line single Intel CPU)?

C) Am I correct that even if signatures are valid, then the cost of validating that the rest of the transaction is correct is not insignificant, especially if (Compact or just) Confidential Transactions is implemented?

D) Am I correct that ephemeral non-full node peers (a.k.a. userland "clients") connect to full-node peers in order to submit transactions to the bitcoind peer network?

E) If my assumptions A, B, C, and D above are correct, then am I correct to conclude that (although the above strategy is apparently acceptable now at current scale,) the existing anti-DDoS strategy in this case could potentially be inadequate when the number of clients submitting transactions to the peer network is greatly increased in scale (such as in a micro-transactions scenario) because it is often the case that multiple clients share the same IP address[1]. Thus botnets could be employed to spam the full nodes on the peer network with invalid transactions (not only to increase required peak CPU resources but also to flood the inbound connectivity bandwidth and/or thread pool of full nodes), then if bitcoind responds by banning IP addresses then innocent users might be banned too.

Afaics the only fully robust solution (at scale) is to either have sufficient full nodes to handle the peak potential botnet load (and a global database so valid clients know which full nodes haven't blocked their IP address, so clients don't have to contact multitudes of full nodes attempting to find one where their IP addresses isn't blocked), or to have some insignificant resources algorithm to determine if a signature is valid and then block on UTXO instead of IP address. One way I have contemplated to achieve the latter is that (at least when Stealth or Cryptonote destination addresses are not employed), then only the payer knows the public key of its hash that was publicly distributed (i.e. the UTXO refers to the hash of the public key address). Thus revealing the public key address is a 3-4 orders-of-magnitude faster[2] check that the sender likely knows the private key as well. Caveat that this is a heuristic and it suffers from being intercepted until the published transaction has propagated, although this can be fixed by using a Merkel tree signature, but the verification speed advantage drops to 1-2 orders-of-magnitude[3]. If Stealth or Cryptonote destination addresses are employed, then the prior payer knows the payee's public key address, thus could cause the payee's address to be banned, although this can be mitigated by having payee pay to himself and not release the good or service until that extra step is completed (which is another reason instant transactions would be useful). But his latter solution requires that the UTXO (or total of inputs to a transaction) not contain (total) values that are so small such that forfeiting them (and more so if bans are ephemeral) in spam attacks is an inconsequential cost to the spammer. But this will place a requirement on (Compact or just) Confidential Transactions that it must be able to prove that outputs are greater than a certain threshold, not just greater than 0.

Tangentially if one is thinking Lightning Networks (LN) is the solution to scaling, first note that LN requires block chain scaling as well (because participants have to execute enabling block chain transactions and these can be garbage collected in peak rates that require great peak load block chain scaling). And afaics LN can't support end-to-end principle anonymity, and in practice for it to work well (low latency, wide scale) the network will essentially be large corporate servers doing the glue for the user channels which can thus record all your transactions NSA-style.

Thoughts?

Edit: I am not referring to malleability attacks.

[1]	http://serverfault.com/questions/306837/how-many-computers-can-have-the-same-public-ip https://www.quora.com/How-many-home-customers-of-an-ISP-including-mobile-can-typically-share-the-same-IP-address-and-for-how-long
[2]	http://bench.cr.yp.to/results-hash.html https://www.imperialviolet.org/2010/12/21/eccspeed.html http://ed25519.cr.yp.to/ed25519-20110926.pdf http://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519#comment80678_50890
[3]	http://bench.cr.yp.to/results-hash.html http://bench.cr.yp.to/results-sign.html http://bench.cr.yp.to/supercop.html http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.129.7139&rep=rep1&type=pdf#page=6 https://eprint.iacr.org/2005/442.pdf#page=10 http://www.cryptopp.com/benchmarks-p4.html

* cybit has trademark issues.

Here is a record of the prior three votes:

The poll has been reset because we added many name choices after the start of poll. So that everyone can revote, because I think the polls don't enable voters change their vote. The prior poll results are captured in the image below.



Since those who are not interested or don't like any of the name choices had already expressed their opinion in the above image capture of the prior poll results, then the new pool does not offer these choices so we can focus on choosing a name from the available ideas.

The chosen name is intended to be for both the name of the coin network and the coin units, e.g. "pay me 5 ____s".

The general feature set targeted is instant transactions, even microtransactions, solving the block chain scaling issue entirely, and a fundamental breakthrough for the general solution to the programmable block chain, so working towards digital assets, smart contracts, etc, as well as the ability to plugin the strongest and most efficient on-chain anonymity which I have also been working on. The feature set will be firmed up as development proceeds. I just mention these goals in order to drive a name choice which is general enough for both the token of the network and also the general block chain 2.0 type functionality. I am not sure if I will get all the way to block chain 2.0 in version 1 of the release of this effort. Choosing a name which can also apply to a version 2 is forward looking.

Note my anonymity work may appear in another coin(s) before it appears in my effort, but this has not yet been finalized. I am trying to work with others so as to hedge my bets in terms of where success will be maximized. I am trying to follow the path of least resistance and lowest hanging fruit, while also attempting to push the envelope of the technologies with my own style of creativity. So a mix of my individualism with collective effort.

There is an ongoing discussion about how I might go about releasing a coin and working with the open source concept and the legal ramifications.

When choosing a name, also ask yourself how would this roll off the tongue when someone is saying it (in their mind or actual vocalization) over the internet to get some coin units from a friend to go play some social networking game or the ilk. What is going to be catchy over time for that purpose? "Zap me over some ____s, I want to join you on game XYZ". Of course the name has to have applicability in more serious contracts and trades as well.

Prior discussion:

https://bitcointalk.org/index.php?topic=1174653.msg12769598#msg12769598

Some definitions:

• bit
  /bit/
  noun
  :  a unit of computer information equivalent to the result of a choice between two alternatives (as yes or no, on or off)
• cy·ber
  ˈsībər/
  adjective
  : of, relating to, or characteristic of the culture of computers, information technology, and virtual reality.
• hyper-
  prefix
  : over; beyond; above, exceeding.
  : relating to hypertext, hyperlink.
• to·ken
  ˈtōkən/
  noun
  : a thing serving as a visible or tangible representation of a fact, quality, feeling, etc.
  : a voucher that can be exchanged for goods or services, typically one given as a gift or offered as part of a promotional offer.
  : an individual occurrence of a symbol or string, in particular.
  
  • an individual occurrence of a linguistic unit in speech or writing, as contrasted with the type or class of linguistic unit of which it is an instance.
  • the smallest meaningful unit of information in a sequence of data for a compiler.
  : a sequence of bits passed continuously between nodes in a fixed order and enabling a node to transmit information.
• i·on
  ˈīən,ˈīˌän/
  : an atom or molecule with a net electric charge due to the loss or gain of one or more electrons.
• -tron
  suffix
  : denoting a subatomic particle.
  : denoting a particle accelerator.

For netron, I think of neutron, but applicable to a network.


P.S. I dropped my intention from 2014 to not release an effort under my own reputation. I did this because of a) financial realities of my life demanding I move forward PDQ, b) the realization it is probably not illegal for a US citizen to release a product with unregistered tokens if the law is followed carefully (per the linked ongoing discussion above), c) the decision to make the anonymity implementation modular and orthogonal to the block chain protocol,  and d) because I think I've learned how to navigate the political landmines by now (much revolves around demonstrating a sincere intent to strive over time for a leaderless, decentralized, open source result so that people don't feel I am trying to put my ego/control all over crypto-land, i.e. ideology is very important in our technophile market at least until we scale out to millions of n00b users with microtransactions on social networking). Haters and competitors yield when the market has beat them into submission. I don't worry about their negativity. It is more motivation for me. Bring on the negative votes please!

Definition of Bitcoin in the Evolution of Money

Watch the linked video. He nails this. Gold and silver are dinosaur relics now, as well paper, platforms, and institutions.

Andreas Antonopoulos makes the point that what distinguishes decentralized crypto-currency from other forms of money, including digital money, is that it is a decentralized protocol, i.e. a language and not centralized platform or institution. Since I agree 100% with this definition and especially how he explains it in the context of the history of money, it appears to coincide with my view that the securities law applies to managed platforms and institutions and not to decentralized, unmanaged protocols. Thus if some group is controlling the protocol, I think they could be argued to be the managers of the "investment securities" which are the coins.

Thus I agree with the voter who voted that all crypto-currencies which have a group managing the protocol are thus "investment securities", regardless whether they sold the coins or not.

I highly recommend listening to that presentation by Andreas.

Cross-referencing and wondering why no one wants to rationally discuss this topic?

https://bitcointalk.org/index.php?topic=1218269.0

[To those voting, "invesment securities" has a meaning in law which is different than your common sense thought of what it should mean]

To those voting, "invesment securities" has a meaning in law which is different than your common sense thought of what it should mean. Please take the time to understand the difference before you vote. In particular it doesn't mean any share of anything you investment in. There are certain tests of whether a share of something is an "investment security" or not.

Please indicate if your vote in the poll does not include all those which are below your choice and why.

Please review the following three linked posts wherein I overview my interpretation of the USA and also international law on what constitutes an "investment security" which must be registered with the government regulatory agencies around the world:

https://bitcointalk.org/index.php?topic=1211093.msg12739508#msg12739508
https://bitcointalk.org/index.php?topic=1211093.msg12727136#msg12727136
https://bitcointalk.org/index.php?topic=1211093.msg12722193#msg12722193

Also my comment:

BitShares 2.0

• DPOS claims[1] that by having the stakeholders in the system vote, that the controlling group which is the corporation comprising the developers is not in control. Well publicly listed entities allow shareholders to vote, and that doesn't absolve the classification of investment securities. Ostensibly Bitshares is trying to not run afoul of the criminal and civil liability that results from unregistered investment securities, but my interpretation of the law[2] is they may be still acting as a controlling group since investors depend on them to add value to the investment and the future performance of the investment (again I am not making any declaration that they are or are not, I am raising awareness on this issue for potential investors and participants).
  
  

  [1]

  https://bitshares.org/technology/delegated-proof-of-stake-consensus/ This design was chosen to ensure that delegates technically have no direct power and that all changes to the network parameters are ultimately approved by the stakeholders. This is done to protect the delegates against regulations that may apply to managers or administrators of cryptocurrencies. Under DPOS, we can truly say that the administrative authority rests in the hands of the users, rather than either the delegates or witnesses.

  [2]

  https://bitcointalk.org/index.php?topic=1211093.msg12739508#msg12739508 https://bitcointalk.org/index.php?topic=1211093.msg12722193#msg12722193

Apparently the implications of not registering "investment securities" means harsh fines and potentially criminal charges can result on being involved with these unregistered "investment securities". I am interested in this from the implications of not only the long-term future of the coin if it is attacked later by government regulators, but also as it pertains to government classification of taxation of the various crypto-coins:

https://www.reddit.com/r/Bitcoin/comments/3pu6v7/by_ruling_that_%C6%80itcoin_exchange_is_taxfree/

did i just read that EU made BTC tax free EU-wide ?

NO

bitcoin was already vat (or as the yanks call sales tax) free.. it has been for 6 years, what has happened is that they have ruled that they wont suddenly make it a VAT inclusive product, and thus keep it at its currency status..

just remember everything is free until its ruled to not be. so dont assume the courts or governments make it free.. they simply decide not to be greedy

did i just read that EU made BTC tax free EU-wide ?

In terms of VAT, because bitcoin is regarded to as a currency by the ECJ. As for capital gains, I think there is still tax for that.

[Abstract:]

Here is an excerpt from my fully completed white paper for my revolutionary anonymity invention.

I am proposing to release this white paper either publicly or for exclusive implementation in Monero or other coin, which ever the community prefers; and forsake my former plans to implement it first in my Ion project. The benefit is to get this anonymity breakthrough implemented sooner for those of us in the community who desire such a feature.

Other potential benefits include enabling me to demonstrate an example of my technical capabilities, demonstrate that I am for sharing/open source, and to rebuild to my entirely depleted savings so I could for example seek proper health care for my strange autoimmune-like chronic illness which includes relapsing chronic fatigue syndrome, peripheral neuropathy, gut pain, and strange head pain/sensations which potentially implicate Multiple Sclerosis (3+ years suffering). Also it would enable me to refund my Ion project angel investors, in case due to my health I am unable to complete Ion. Note I can still code features because I am not ill every moment, but the concern is whether I have enough good hours to complete and manage an entire crypto project. I may have found a breakthrough on my health to be explained soon, but I am hedging my opportunities just in case.

Forsaking the "first mover" advantage of implementing it first in Ion, I lose the strategy by which I intended to capture compensation for the following work I already completed. Thus I need to compensated via some other means, and a donation model has been suggested to me. I am interested to test a "Kickstarter" style funding threshold which is discussed below.

Zero Knowledge Transactions

Shelby Moore†

15 July 2015

Abstract: Our conditional security¹, autonomous transaction model conceals the origination, destination, and conveyed content from the view of third parties. For a monetary transaction, these obscured three are respectively the payer, payee, and transferred monetary value. The originator knows the destination; the payee and payer know the conveyed value, and the payer isn’t revealed to the payee.

We improve upon, unify, and generalize the concepts from Cryptonote^[Sab13] and Compact Confidential Transactions^[Luk15]. Security remains relatively simple math and conditional on the hardness of ECDLP and the cryptographic hash in the Random Oracle model— avoiding Zerocash’s^[SCG14] complex math, complex new cryptographic assumptions, inability to unwind orphaned transaction branches independently (because it conceals everything), and trusting trust setup process^[Wil15].

¹ Conditional security relies on unproven computational hardness assumptions— e.g. compared to computing each possible value, the cost of “factoring” the elliptic curve discrete logarithm problem (ECDLP)^[CPS11] is conjectured to increase exponentially with the bit width^[Cor15]. Even unconditional security’s reliance on proven assumptions of prohibitive cost is not equivalent to information-theoretic security— the inability to break security even with unlimited computing power, due to unavailable information.

I also excerpt the section names below, without revealing all the text and math which embodies the epiphany of the invention.

1   Anonymous transactions

1.1   Anonymous transaction properties

1.2   Non-autonomous strategies

1.3   Computer security

2   Hiding transaction values

Concealing the transferred values provides fungibility against discrimination by value and conceals private business data. Also the transaction values may be unequal in transactions that mix inputs and outputs from unrelated parties for the purpose of achieving an anonymity set. Zerocash^[SCG14] conceals transaction values but has the tradeoffs enumerated in the Abstract. Mixing technologies such as Zerocoin^[MGG13], Cryptonote^[Sab13], CoinJoin^[Max13], and CoinShuffle^[RMK14], all suffer from the requirement of equal input values. This places a simultaneity requirement on retaining system wide consistent denominations available in each wallet at all times, so that any transaction can be performed spontaneously without the latency to split values before mixing.

For example, the wallets for the Cryptonote clone Monero, typically maintain all balances in powers-of-ten denominations, which bloats the block chain and peer network. In theory, unlinkability is potentially lost in a cascade of correlations when numerous instances of transaction change are merged in a subsequent transaction that doesn’t employ an anonymity set because of the requirement for equal values. Although Cryptonote provides implicit value privacy as a side-effect of the untraceability of the payer and unlinkability of the payee, the transparent value data increases the entropy footprint for attackers to target with potentially sophisticated combinatorial and timing analysis algorithms. Concealing value data reduces the information available for analysis.

In a decentralized transaction confirmation scheme we will propose in a separate research paper, the requirement for equal values for transaction inputs would greatly complicate if not make impractical the requirement for mandatory mixing between transactions that is required to provably eliminate a combinatorial unmasking attack^[MNM15] against Cryptonote.

2.1   Committed value

Compact Confidential Transactions (CCT)^[Luk15] introduced the committed value, which is the concealed value x made more fuzzy with sufficient random bits and multiplied by the elliptic curve cryptography (ECC) base point G:

committedValue = V = x ⋅ G

A brute force attack must enumerate every possible x to find a match to the public committedValue and G. Given 64-bit values, a brute force attack must enumerate at most 2⁶⁴−1 values. Berstein estimated in 2006^[Ber06] that rho attacks^[Cor15] might be feasible against 160-bit ECC. The entropy of Bitcoin values typically use only a small portion of the 64-bit range.

Thus in a fuzzed x some random least significant bits are prepended to the concealed value to add more entropy to the committedValue. These fuzzbits are blinding sub-satoshis.

2.2   Homomorphic proof of sum

2.3   NIZKP of no overflow and positive value

A sum of concealed output values that exceeds the group order ℓ of the base point G would wrap around to G thus potentially satisfying the proof of sum for a sum of outputs that exceeds the sum of the inputs.

A negative concealed output value paid to the payer that would never be spent to a third party could satisfy the proof of sum combined with another concealed output value that exceeds the sum of the inputs.

In non-interactive zero knowledge it is proven (a.k.a. NIZKP) that each concealed output value 'x' is known, positive, and smaller than group order ℓ divided by the number of outputs. Zero knowledge means x is not revealed in the proof.

Our proof replaces CCT’s proof-of-square with a more efficient method so that a computationally expensive, unvetted 768-bit ECC is not required.

[The remainder of this section is omitted since it contains the invention described in the prior sentence that even Gmaxell and others from Blockstream did not solve.]

2.4   Parameter choices

3   Hiding payer and payee

3.1   Analysis of autonomous one-time ring signatures

3.2   Hiding payer, payee, and value

References

^[Luk15]   Denis Lukianov, Compact Confidential Transactions for Bitcoin, July 3 revision.

Please read the prior discussion about the above anonymity feature, including my recent peer review that identified/revealed the flaw in an attempt to create the same invention by someone who may be affiliated with Monero.

I have estimated that the work done would cost $112,000 at my highest-level of opportunity cost achieved in my career:

I had roughly 200 man hours (2+ weeks @ 14 hour days) in development time for that crypto breakthrough on anonymity, including the research, invention, and writing the white paper. I was able to work very intensely in some spurts during June & July and my gf can attest to that. It was August & September due to some egregious errors on diet and fasting that sent me into a tailspin on health (will be explaining this theory shortly).

My inflation-adjusted income earning capacity was $563 per hour. Thus fair value for that work just based on the hourly compensation is $112,600. I had to risk doing my work before compensation from the market for CoolPage. Ditto for this anonymity invention. So the risk weighted hourly rate is justified. If you get offered $100-$300 per hour for guaranteed compensation that is a different category. The very high rate is to compensate for the risk of not being ever compensated.

So now you can see why very highly paid developers do not work on crypto. They have the potential to earn much more money outside of crypto and crypto is too small to afford the best developers.

But there is no way I would set a crowdfunded donations threshold that high, because I doubt it could be reached (because it isn't a comparative equity offering) and even though it might be my opportunity cost from 2001 when I was at the top of my career, it isn't my recent opportunity cost. I am in strange situation because on the one hand if I finish a project like Ion, I could potentially earn more per hour (inflation-adjusted) than I did in 2001 but the risk of not completing such a project or the project not being successful for what ever reason is significant (how many altcoins have succeed versus how many have died even if considering what talent I bring to bear).

AltcoinUK, I am not going to set a threshold as high as $112,000 for the donation bounty on that one anonymity invention, even though I think it is a very significant feature. I am just stating what my earning opportunity cost had been inflation-adjusted from 2001. So hopefully the market will understand I am not going to give that feature away for $10,000.

Above I am referring to the work I already did, not any additional work to implement the anonymity design in a coin.

I am not against being paid to help implement this anonymity design, but I think it should be a separate funding because for one reason we don't know yet which coin wants to implement this anonymity design. As I said I will let the community decide if the crowdfunded donations will be for releasing the above design publicly or privately to one coin (such as Monero) for them to get a jumpstart on implementation before they announce and release publicly. I believe the best for the community is have the white paper released publicly so not only can it be peer reviewed by any one (not just a chosen few) and so that coins can compete to implement it first so we get this feature implemented asap. If there is another coin that wants to try to raise donations and have this design be exclusively for this coin, then make a serious post in this thread how you plan to achieve that.

So I propose to set a  minimum crowdfunding, donation threshold of $21,000 to release my white paper publicly. The terms I propose is that if the threshold is not reached (and I don't opt to accept the lower threshold reached) or if the white paper is broken such that it can't do what is claimed in the above excerpted Abstract and I can't fix it, then the donations are returned.

I'd really like to receive about $75,000 total for the work already done plus assisting on implementation. If I am not mistaken, the guy who was selected to optimize Monero's mining algorithm pocketed an alleged $150,000 worth of coins before releasing the optimization generally. I would be quite pleased (and motivated to work in crypto on the donations funding model) if the total donations for the work already done would exceed the threshold and reach roughly $35,000. Yet I propose to set the minimum threshold to $21,000 and we can see if donations exceed it. I am not even sure if we can reach the $21,000 level for this work I did?

Note the extra $1000 over $20,000 is to cover the 4 BTC we donated to Denis Lukianov after I completed my invention.

There appear to be different ways to collect the donations for a crowdfunded campaign. Kickstarter takes only fiat and about 8% fees total, but you get exposure to a wider audience of donators. Monero has some methodology for funding improvements but the entire process isn't described in full detail and do we want to make this exclusively for Monero? I didn't find any good crypto crowdfunding platforms. Mike Hearn's Lighthouse has some severe restrictions such as only 684 donators max and the exact donation amount has to be reached (can't be lower or higher). And Swarm seems to be socialist.

Thus the alternative to Kickstarter appears to be having all donations go to a Bitcoin address controlled by a trusted escrow person (or persons with multi-sig). The escrow would enforce the terms I have proposed. I would nominate smooth but I have not checked with him if he is willing to do this. I would propose to offer him 1% fee for his time and effort, unless he decides to implement this in Aeon in which case he should donate his fee to the implementer or to Denis Lukianov the author of the CCT white paper from which I gained much inspiration (and some discussion) to make this invention (but the invention came only from me). He could counter-propose if he is interested and thinks my proposed terms are not suitable. I would also like to hear from the community who they would nominate to do the escrow, and your general thoughts on how best to proceed.

I also hope that any coin that successfully implements this new anonymity invention, also makes some token donation to Denis Lukianov. My angel investors already donated 4 BTC to him thus far. We would probably donate more to him if ever Ion was successfully launched with this anonymity feature.

We could perhaps have both Kickstarter and Bitcoin escrow and sum the two to reach the threshold, but I don't know how we can integrate that with Kickstarter's policies so probably this is not possible.

We could perhaps have two donation addresses, one for those who want public release and another for those who want private release to Monero's chosen few reviewers. You could donate even to both and receive a refund for the losing option.

Note I also invented an improvement to the CCT algorithm (CCT is an alternative to Blockstream's CT) as noted in the excerpted quote from the white paper, but in the unlikely event this improvement is incorrect, my anonymity invention can still be used with the original CCT algorithm, so it would still satisfy the claims of the Abstract. It appears that my anonymity invention can also be alternatively integrated with Blockstream's CT instead of CCT, but that is not required to meet the claims of the Abstract.

I am in the Philippines and my 26 year old gf (no kids) is stuck at the house all day while I am working and she has nothing to do other than cook, watch TV, and go on facebook. She is a very conscientious one, and not the lazy type. She is always concerned when going outside that she dress properly and wear make up (not what I like as I am a laid back naturalist).

I'd prefer she not get a job outside earning $4 per day, because they will demand her 10 hours a day (not including 2 hours travel time), 7 days a week. I like the flexibility in our schedule now, but I am just so concerned about her boredom and wasting time when she could be productive and learning.

She is a good typist, is very good with vocabulary and language and especially English language. She is not good in math. She is probably not the one you want to do some convoluted task. But any task that requires good verbal and/or written communication skills she can do. She is also very attractive and presentable so she could do any sort of promotion such as dating or social networking site, or even customer service. She is trainable and I am here by her side to guide to insure good follow through (just as long as you don't demand too much of my scarce time). I am a computer programmer.

No lewd offers allowed. Nothing involving sexual innuendo even.

It would really do me a big favor if anyone could offer her an online job that she could be busy some hours of the day.

Normally she is awake during the normal daylight and even hours Philippines time. I suppose we could rotate our schedules if that is necessary.

You can PM me or post in this thread. Thanks.

This is just an idea which I would like to get feedback on.

I am thinking the fundamental flaw in any consensus algorithm that relies on some asset, is that the economic game theory is such that the asset will concentrate towards a winner take all over time.

For example in proof-of-stake or proof-of-importance (reputation+stake) the miner with sufficient stake and/or reputation can keep the minority chain sufficiently paced but more often behind the other chain such that most vote on the other chain, but ultimately he uses his power to vote the minority chain to the permanent lead thus orphaning all the rewards of the lesser stakes who were fooled into voting for what they thought was statistically the more likely longer chain. There are other variants of this strategy.

In proof-of-work selfish mining works in general when the adversary has at least 33% of the hashrate, and 25% under some network configurations.

One potential solution I see to this problem is to make mining an unprofitable asset burning operation.

But if this is accomplished by burning coins, eventually end up with 0 money supply.

Or I did I think show it might be possible to eliminate the selfish mining strategy in proof-of-work but at the cost of penalizing the honest party to a double-spend, by paying all chains proportionally. I am not clear how this could work for non-proof-of-work.

To get some perspective on the logic I want to promote, first read theymos's Reddit sticky post (he is the moderator or r/bitcoin and also one of the owners of Bitcointalk.org):

https://www.reddit.com/r/Bitcoin/comments/3h9cq4/its_time_for_a_break_about_the_recent_mess/

You can also read the very respected Bitcoin research Meni Rosenfeld's comment:

https://www.reddit.com/r/Bitcoin/comments/3h9cq4/its_time_for_a_break_about_the_recent_mess/cu6udfe

I also note this hostile new "feature" (a.k.a. trojan horse) in Bitcoin XT (a.k.a. GavinCoin):

https://bitcointalk.org/index.php?topic=1156489.0

But let me attempt to remove my subjective opinion from the objective logic I want to present.

A hard fork if it succeeds is a majority attack against the minority. Thus it is technically a 51% attack where the adversary that has greater than 50% of the hashrate can always win the longest chain of proof-of-work and thus can dictate to the minority (that is unless the minority can distinguish which blocks are being produced by the adversary and decide to never mine on them, thus maintaining their minority hashrate chain as distinct).

For example, afaics the change to Bitcoin XT to blacklist the Tor exit node IP addresses does not make the blocks produced by Bitcoin XT miners distinguishable from those blocks mined by those running Bitcoin Core full nodes.

Of course once Bitcoin XT nodes begin producing blocks greater than 1 MB in size, these blocks would be distinguished as not being produced by Bitcoin Core miners. However, note that one of the characteristics of a 51% attack is that it can indeed change the protocol. Of course the minority can refuse to mine on the new protocol, but given that network hashrate is so crucial for security in Bitcoin's design, it is doubtful that a minority block chain could survive because the network hashrate of the majority (especially a significant majority) could be diverted to execute large double-spends on the minority chain wrecking havoc. Just the threat of that possibility is probably enough to cause significant HODLers to sell their coins on the minority fork causing it's price to diverge downwards.

Thus, network hashrate political wars are attempts to make 51% attacks. They are adversarial.

All of this could be avoided with two improvements to crypto-currency technology:

• Side-chains so HODLers can move their Bitcoin value to the protocol of their choice.
• A way to filter 51% attacks, so that network hashrate is not a weapon of mass destruction, and so the principle of side-chains can work correctly.

Blockstream is implementing the first improvement. I am implementing the second improvement.

Note there are some issues with side-chains that have to be dealt with carefully. The movement of coins between chains needs to have long lock up times to insure that reorganizations due to orphaned chains can't create a chaotic mixed up outcome (namely duplicate copies of coins) that can't be restored. Speculators can help users move their coins faster between chains for a fee which covers their opportunity cost and risks in the lock up.

It is time we put an end to this nonsense, by using technology to do so.

P.S. note I am formerly the username AnonyMint (and numerous usernames hence), which I abandoned last year to try to encourage myself to stop wasting so much time posting in forums. When I first joined this forum as AnonyMint in Spring 2013, I wrote an article "Bitcoin : The Digital Kill Switch" which Google will confirm to you was published around the web a bit. My real name is on that article.

I am trying to find out if there are any other people in this world who think like I do, i.e. have the same political philosophy as I do. Someone who has more time and more skilled in legalese could reformulate this for as long as the themes are the same.

The Philippines taught me how to live like this. I learned a lot from the filipinos about how to live in freedom[2]!

I expect most people do not want freedom. Thus they will not vote "Yes to both". People think they want freedom, but they really don't.

Proposed Anarchy Constitution

Citizenship in the sovereign State of ________ (hereafter referred to as the State) is granted only to the initial owners of the territory purchased to form the State, to any offspring of citizens who declare their unequivocal allegiance to this Constitution, and to any person who so declares their allegiance coincident with written approval from at least two-thirds of the living adult citizens who existed at the time the two-thirds threshold was attained. Citizenship is perpetual except where voluntarily renounced. Renunciation occurs by written statement with three citizen witness signatories or implicitly immediately upon voting for any treaty, law, or amendment that violates this constitution. Non-citizens are not allowed to own private property within the State's territory. Any citizen who has renunciated explicitly or implicitly must dispose of his applicable private property within 1 year, else it will be sold at auction by any citizen of the State and the proceeds distributed proportionally to all citizens.

The State will have no power to enact laws, regulations, raise revenue, nor any euphemism or alternative formulation of the aforementioned concepts. Property rights within the State's territory will be transferred only by a trade between agreeable parties. Property ownership and contracts will be tracked by one block chain. Property rights can be enforced by any citizens at any time, so that possession of property agrees with the non-ambiguous statement of the block chain.

The State will have no power over social concerns and welfare, including but not limited to marriage, compulsory education, cohabitation, individual rights, poverty alleviation, and crime. Individuals may voluntarily enter into social contracts on the block chain, in which case the terms of the voluntary contracts can be enforced by any citizens at any time. The citizens may discourage heinous crime by carrying firearms. Punishment during the act can be death by self-defense. Retribution (punishment after the act) is against natural law and thus will not be allowed[1]. The right to carry firearms of any type is universal for all citizens, and there will be absolutely no restrictions nor procedures required to do so. Nuclear, chemical, and biological weapons are not allowed in the State's territory.

Any adult citizen of the State may create his or her own passport, driver's license, and other State issued document necessary to comply with international norms. Adult citizens may create passports for minor offspring but not operator licenses for machinery (i.e. teenagers may not drive in the State's territory and to be enforced by any citizen at any time).

In the case of ambiguity, citizens must respect the freedom of other citizens to do as they please.[2]

Again the State has no power of taxation nor any other form of raising revenue. Treaties of the State can grant revenue generating measures to external powers, but compliance can only be enforced by on citizens by the external power with liens against their private property that is not within the State's territory. There will be no elected officials and no salaries nor developments funded by the State.

The Constitution can not be amended and its terms are perpetual. The only way to absolve this Constitution is for all citizens to renounce their citizenship. Occupation of the State's territory by a foreign power does not suspend this Constitution, which continues even if all the citizens are residents in absentia.

When traveling abroad, citizens are subject to laws of the territorial jurisdiction corresponding to their physical presence. When in international waters, outer or inner space, or within the State's territory, citizens are indemnified by this Constitution against any jurisdictions which impinge on the sovereignty of this constitution.

The State waives its right to a 200-mile Exclusive Economic Zone (EEZ) around its territory, and instead claims a 1-mile EEZ.

The State may enter any treaty which does not inpinge on any statement in this constitution and the treaty is valid only if approved in writing by at least three-fourths of the living adult citizens who existed at the time the three-fourths supermajority threshold was attained. Any such validated, unexpired treaty may be rescinded by a two-thirds written vote of the living adult citizens.

[1] In other words, citizens have a duty to be proactive about their self-defense, which it the optimum method of reducing crime.

[2] If you don't like your neighbor's barking dog, then move or buy him out. No nanny state here!


The 1933 Convention on Rights and Duties of States, also known as the Montevideo Convention provides for the free will of a people of a territory. Of course the practical problem with enforcing the actionable sovereignty (e.g. getting other states to recognize the passport, etc) of such a micronation is that other powers (e.g. states and other terrorists) will both refuse to recognize the sovereign will of the people of State's territory and some powers may even forcefully attack the territory of the State.

http://www.worldislandinfo.com/Starting%20island%20country.html
https://flagspot.net/flags/to_min.html#des
https://en.wikipedia.org/wiki/Global_Country_of_World_Peace#Efforts_to_obtain_sovereignty
https://en.wikipedia.org/wiki/Principality_of_Sealand
https://en.wikipedia.org/wiki/Principality_of_Trinidad

As you can see from the examples above, states are very interested in making sure we remain vassals by quickly responding to any attempt by natural persons to declare sovereignty over any territory which they purchased and/or occupy. Of course, because the powers of taxation and money creation beget from subjugation of individual sovereignty.

I believe there is a loophole which can be leveraged to render the powers of the states impotent.

There exists UN Convention on Stateless Persons. If you are in a country which is a signatory to this convention and you renounce your existing citizenship (or preferably get an official recognition of your relinquished citizenship), meaning you are a stateless person, then that signatory country where you are physically present must provide certain rights to you. They must provide you with an identity and travel document.



So the action I am asking you to vote on today is as follows. I want to know who is willing to co-purchase a territory for a new State, then travel to a nation which offers residency for foreign expats and which also does not tax foreign residents on foreign income and dividends, then print passports for ourselfs in our new sovereign State, relinquish our existing citizenships, and then declare to the host nation where we are physically present to recognize our citizenship in our sovereign State. The host nation (which must be a signatory to the aforementioned UN convention) must either honor our passports or apply our rights under the stateless person's treaty.

I would suggest we more or less stick together in the same signatory nation so have more political clout and economy-of-scale in completing the process. We could also pool our capital to buy some land and create a community we can protect in coming economic collapse. Some examples of affordable bulk land in suitable climates and signatory nations:

https://web.archive.org/web/20130503074339/http://www.byronlutz.com/antolopez.htm (recently increased to $75,000 for 12 acres)

http://www.bestranches.com.ar/ranches.html
  * 4500 acres with river, trouts, private natural sand beach in the ranch, cascades, streams for $1.4 million
  * 18,000 acres with river for $690,000!


The worst that can happen is we gain residency in this signatory nation and a travel document as stateless persons. Well a stateless person is thus a sovereign person. Thus goal achieved. We can then travel freely back to our State's territory as "stateless persons".

The best that can happen is the signatory nation decides to honor our passports and issue us a travel document to go along with it. And that others in the world might see our success and emulate it.

We should be prepared that the powers-that-be would attempt to crush us by any means possible, because this would be a direct threat to their NWO plans. Or would it? Hmmm. The majority of the people in the world are sheep. They are not going to opt for sovereignty. The powers-that-be have nothing to fear from us. Rather if they attack us, they can create sympathy for us and stir an awakening amongst the masses that they don't want. In other words, we should follow the passive, non-violent approach to attaining freedom a la Gandhi.

In the worst case, we end up with ownership of the State's territory (we can subdivide with individual titles). We get rid of our onerous Western citizenship which in the coming years will be insane expropriation albatross around the neck of every westerner with networth, a business, or income. We carry at least a stateless person's travel document. We probably do destroy our chances of being accepted for purchasing citizenship in an economic citizenship program such as Dominica, but could probably attain citizenship in the signatory country where we are physically present over some years of residency.

Downsides include the very high likelihood that the "Western" (Europeanized) countries in green in the map in the webpage linked below will surely not grant us tourist visas.

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/11770294/Mapped-How-the-world-is-tackling-human-trafficking.html
http://www.nestmann.com/former-u-s-citizens-face-discrimination-returning-usa

An example of an interesting island to consider is:

http://www.privateislandsonline.com/islands/macuata-island

100 acres for $2.85 million, so that is $28,500 per acre. With 25 of us each investing $114,000, we'd each get roughly 4 acres (1.6 ha).

The reason to choose an island for attempting to establish sovereignty is because no citizens of the nation claiming jurisdiction can claim that we violate their rights to passage or otherwise harm them with our assertion of our rights on our purchased property. The citizens of the claiming nation have no justification to need to travel to our territory because it is private property. One of the reasons an island nation would strongly object to one of its island territories declaring sovereignty is because the 200-mile EEZ could hamper travel within the archipelago if many of the islands so declared their sovereignty.

Also the sovereignty motion would have a better chance of success if the State entered a treaty with the claiming nation respecting the sovereign conflicting sovereign claim of the claiming nation contingent on the claiming nation agreeing to honor the constitution of the State. In other words, an unresolved matter and state of mutually respecting truce. The treaty could include an agreement to pay a VAT tax on any rental and tourism revenue generated within the State's territory, so the claiming nation could save face and also revenue, but the treaty should ideally stipulate that in return the claiming nation would need to show that it spent the VAT on projects which benefited the State such as telecommunications and transportation infrastructure to the State's island. I assume many of the citizens our our micronation would be Knowledge Age workers or have foreign investments and thus wouldn't be subjected to such a VAT any way. Also the treaty could grant our citizens the option to obtain passports from the claiming nation.

In this negotiated way, I think it may be possible to attain some semblence of sovereignty in this mad world:

http://www.worldislandinfo.com/Starting%20island%20country.html

Problem 3: No process for forming new countries
●   The best solution is to become a leader in an island that might like to break away from its country: Nevis, of St. Kitts-Nevis, for instance.  The separate islands of the Comoros have each achieved substantial autonomy under their own leaders in recent years.  And East Timor has made the transition to sovereign nation.
●   You still need recognition from the international community.  And that requires sympathy, triggered by oppression of your little island, or at least popular support for its breaking away.

It seems the key ingredient is making it more politically and practically painful for the claiming nation to subjugate your State's sovereignty than it is for them to accept a deal that grants them most of the power they had.

The powers-that-be want to control the physical economy. They probably also want to control the Knowledge Age economy, and they think they can by controlling the information highway leading in and out of any physical territory. Thus I doubt they are that concerned about some libertarian nutcases who want to have some sort of pseudo-sovereignty which doesn't really challenge their globalization rules significantly.

I voted "Yes to both".

https://bitcointalk.org/index.php?topic=27348.0

We will know we are at the bottom when someone writes that again. Yet right now instead we see people like you writing the opposite, that is why the CONFIDENCE still has to break and we still need to...

Bull trap vertical reaction bounce. See the flag midway towards $305. Once last gasp before we ...

https://youtu.be/aBkVV9xxCHE?t=24
https://www.youtube.com/watch?v=kXCJTW_GtDE
https://youtu.be/td30dKiEQ8g?t=19

Bitcoin I idol her too much:

https://www.youtube.com/watch?v=17lkdqoLt44&index=46&list=RDaBkVV9xxCHE

You were the BTC that changed my world
You were the BTC for me
You lit the fuse, I stand accused
You were the first for me
But you turned me out, baby

You dropped a bomb on me, baby
You dropped a bomb on me (But you turned me on, baby)
You dropped a bomb on me, baby
You dropped a bomb on me

You were my thrills, you were my pills
You dropped a bomb on me
You turn me out, you turn me on
You turned me loose, then you turned me wrong

You dropped a bomb on me, baby
You dropped a bomb on me (But you turned me out, baby)
You dropped a bomb on me, baby
You dropped a bomb on me

Just like Adam and Eve, said you'd set me free
You took me to the sky, Id never been so high
You were my pills, you were my thrills
You were my hope, baby, you were my smoke
You dropped a bomb, hey, babe

You dropped a bomb on me, baby
You dropped a bomb on me (But you turned me out, baby)
You dropped a bomb on me, baby
You dropped a bomb on me (But you turned me on, baby)

You dropped a bomb on me, baby (Mmm)
You dropped a bomb on me (You dropped a bomb on me, baby)
You dropped a bomb on me, baby
You dropped a bomb on me

We were in motion, felt like an ocean
You were the BTC for me
You were the first explosion, turned out to be corrosion
You were the first for me
But you turned me out, baby

https://bitcointalk.org/index.php?topic=1082909.msg11954651#msg11954651

I'm sorry your thread was so badly derailed as to be basically unreadable.

This egotistical shit isn't going to help you.

Without an expert on cryptographic hashes commenting here on the possible breakage, I don't think you can claim omniscience.

As I explained in private, the output of a Random Oracle is assumed to have no topological structure, i.e. just random points in any multi-dimensional space you choose. We don't have to have a preimage of the solution in order to potentially have a multi-dimensional curvepartial-order appear due to structure found in the hash function and be able to reduce the entropy. I understand that even Cryptonote has the same reliance on a Random Oracle to prevent undetected inflation. Thus I also understand that concern about hash functions may be out-of-scope of discussing or orthogonal to the innovations of this paper. My point was essentially wouldn't it be safer to use a 256-bit curve.

Recommendations are for 256-bit ECC  and hash security to be protected until 2032:

http://www.keylength.com/en/compare/

Heck after I opinioned that his original sum of two squares was lacking entropy, johoe proceeded to prove my intuition was correct.

As for the other idea I introduced about combining mixing (e.g. CN) and two curves, I was attempting to brainstorm simplifications. I asked 3 times whether it was possible to find multiple uncommitted values that could map to the same committed value, which I understood my idea hinged on. When I finally got the answer from Mixles, I dropped that idea.

Actually guys like me who toy around with simplifying ideas, in spite of not studying ECC extensively, sometimes do achieve simplifications.

So watch your ad hominem derogatory pompous mouth. Because you are going to eat the words you spout.

If you are Andrew Poelstra, I am about to make mincemeat of your whitepaper on PoS.

Narrow, unenlightened, closed-mindedness doesn't impress me. What impresses me are humble, open-minded, patient experts. Johoe appears to have this enviable quality.