2303
|
Bitcoin / Development & Technical Discussion / Re: Preventing Asic mining [fork] after next halving would solve a lot of problems.
|
on: October 09, 2014, 05:37:57 PM
|
The security argument for Bitcoin works if you set the price of mining hardware to zero-- Bitcoin is proof of work, the input to work is _energy_. The security argument is generally insensitive to price except at the extreme limit of $0 (and there... there are more things to worry about than reorgs).
You have a mutually exclusive choice for what to do with your units of energy available to you. You can attack, devaluing the Bitcoin you gain from your attacks, or you can mine honestly and protect your existing Bitcoins and the new transaction fees you receive.
The market price of Bitcoin has changed >10 fold in the past and there were no security incidents as a result.
|
|
|
2304
|
Bitcoin / Development & Technical Discussion / Re: Looking into forking the core wallet to use parallel computing to verify blocks
|
on: October 09, 2014, 03:56:55 PM
|
Could you rephrase that slightly? I am not sure if you mean it will work or,
There is no speed up over what is already implemented? or, The Bitcoin Core already sneaks some code onto the GPU, and is already fully implemented? or, The GPU would be of no advantage, the most parallel it can become can be ran on a 2+ Core CPU as fast as possible (High step complexity overall)?
It is already parallel, it does not use the GPU. Using the GPU effectively will be difficult because there is not that much parallelism available unless you are verifying multiple blocks at once, and communicating with the GPU has huge latencies. Competing with state of the art cpu code will take state of the art GPU code (my own vanitygen code on the cpu is roughly as fast as the published gpu vanitygen). I think you should try it, a port of libsecp256k1 to the OpenCL would be pretty interesting and useful. If it were faster we'd probably be willing to do the architectural changes (making it possible to verify multiple blocks at once) to enable using it.
|
|
|
2307
|
Bitcoin / Development & Technical Discussion / Re: Increasing the block size is a good idea; 50%/year is probably too aggressive
|
on: October 08, 2014, 11:13:35 PM
|
(e.g. by using transaction hashes and/or IBLT), once implemented, will certainly keep the new block message size growth rate much lower than the bandwidth growth rate.
Keep in mind these techniques don't reduce the amount of data that needs to be sent (except, at most, by a factor of two). They reduce the amount of latency critical data. Keeping up with the blockchain still requires transferring and verifying all the data. Not a big deal? Well, except that we can expect the power of nodes to follow some sort of curve ("exponential" in the vernacular) such that most nodes are barely above the threshold to be viable. Meaning that this event would mean that the majority of nodes would shut down, likely permanently. Right. There is a decentralization trade-off at the margin. But this isn't scaleless-- there is _some_ level, even some level of growth which presents little to no hazard even way down the margin. The a a soft stewardship goal (not a system rule, since it can't be) the commitment should be that the system should be run so that it fits into an acceptable portion of common residential broadband, so that the system does not become dependant on centralized entities. As some have pointed out, being decenteralized is Bitcoin's major (and perhaps only) strong competitive advantage compared to traditional currencies and payment systems. How to meet that goal best is debatable in the specifics. At the moment there are a bunch of silly low hanging fruit that make running a node more costly than it needs to be; we're even at a case where some people developing on Bitcoin core have told me they've stopped running a node at home. It's hard to reason about the wisdom of these things while the system is still being held back by some warts we've long known how to correct and are in the process of correcting.
|
|
|
2308
|
Bitcoin / Development & Technical Discussion / Re: Proposal for eventual hash replacement
|
on: October 08, 2014, 11:01:12 PM
|
That isn't a hash function. It's a signature system (sadly one based on the authors team's own Blake and chacha for performance reasons, instead of more standardized functions).
Its focus is on stateless reusable signatures. The cost is that the signatures are huge by our standards... 41,000 bytes (plus a kilobyte pubkey). In Bitcoin we shouldn't generally have long lived keys and so a 'few times signature' scheme or a small tree of one time signatures (plus state, which the blockchain can provide) are often better and can be done with dramatically smaller sizes.
Certainly thats something I'd use for software releases, however!
|
|
|
2311
|
Bitcoin / Development & Technical Discussion / Re: Can side-chains be used to achieve optimal network security / transaction fees?
|
on: September 27, 2014, 03:46:58 AM
|
Handling the non-1:1 case when the 1:1 case is solved is trivial, more challenging is figuring out actual applications where users would opt-into it. There are silly ones, e.g. "ponzi chain"— I guess one metric for an approach being general and supporting of freedom is that it can accommodate things that sound really ill advised too. .. but I've not really found many idea in the non-1:1 space that I'd realistically expect many to play along with. One argument might be that it's potentially desirable to have a system where lost coins eventually go to support the system somehow... but that very easily runs into issues with bad incentives as miners can censor transactions to make coins seem lost when they're not. but can merge-mining be used in the reverse way Depending on what validation rules you choose you can get whatever security "umbrella" you desire. E.g. the sidechain can have consensus rule that their work must also commit to the best valid Bitcoin chain (effectively importing bitcoin validity into the secondary system). This degrades the tidy isolation that you normally get with no linkage, but it gives full security, complete with incentives (because if you misbehave in the Bitcoin blocks you also lose your blocks in the other system). This is good news, but potentially not a cure all— in the you may still be failing to meet your decentalization objectives even though the hashrate security (ignoring centralization degree) is good (e.g. because the scaling requirements and/or goals of the more profitable secondary system are less decentralization compatible).
|
|
|
2313
|
Bitcoin / Development & Technical Discussion / Re: sendtoaddress sendmany api change proposal.
|
on: September 26, 2014, 04:38:13 PM
|
We don't generally use BIPs for random UI things.
As far as the idea goes— perhaps. Though I'd recommend adjusting your business plans such that the average of the fees in total is what you worry about; rather than the fees on any particular transaction. Otherwise you're just going to get jammed up and unable to transact when someone has sent you a number of dust inputs and the only way to eliminate them is to pay a somewhat high fee... all your low value transactions will end up failing until you up that limit.
|
|
|
2314
|
Other / Beginners & Help / Re: Difference Wallet - Brainwallet
|
on: September 25, 2014, 07:33:57 PM
|
Do not use a brainwallet unless you really know exactly what you are doing. If you know what you are doing and still think you should use a "brainwallet", you don't actually know what you're doing.
|
|
|
2315
|
Bitcoin / Development & Technical Discussion / Re: Is calendar time used in the Bitcoin network?
|
on: September 22, 2014, 05:57:39 PM
|
Does that mean that if the Bitcoin protocol is changed so that all nodes check for double spending, then that would prevent a 51% attack?
Double spending is absolutely and completely precluded in a blockchain. Everyone always checks for double spending already, it's one of the rules. I suspect you've missed this. (I'd really recommend some quiet time trying to understand the system instead of so many posts.)
|
|
|
2317
|
Other / Archival / Re: delete
|
on: September 22, 2014, 07:00:12 AM
|
Anonymint doesn't exactly come off well from his posts, but his ability to understand these things is probably unmatched. He literally is probably the best person in the world to try to figure this kind of thing out. G Maxwell would also top my list.
Anonymint spouts mostly a meaningless mishmash of technical terms; every once in a while a chance mixture may seem to make some sense technically, but I suspect the insight rests entirely in the reader in those cases. If you're listing both myself and he— your listmaker functionality may be in need of calibration. I haven't stated that I've analyzed the system and believe it sound— it takes significant effort to stand behind such a claim, I haven't had the time, and this is also why I've not released any other software using it. (It's not that it's that hard, but it's a question of priorities. That its already in production, for better or worse, lowers it on my list: If it does turn out to be broken people are already screwed). The underlying RS scheme appears solid, but the exact application in Bytecoin has had less review. But that I can't currently say I'm completely convinced it's solid doesn't at all prevent me from saying that claims otherwise so far presented sound suspect.
|
|
|
2318
|
Bitcoin / Development & Technical Discussion / Re: Were mining pools originally considered
|
on: September 22, 2014, 02:01:02 AM
|
... and if they are in fact a desirable thing to have as part of the network. Pooling for payment? The network doesn't care, thats a matter which only impacts the miners in question. But the common way that miners are implemented using "stratum" is actively harmful to the network and the security model of the Bitcoin system. ... Curious here: What's harmful about stratum? Is it that miners have to trust the pool operator completely? Not just that, though thats true too... it's only harmful to the miners themselves, it's foolish to mine with a centralized pool who could be stealing from you via skimming (or via 'hacking' incidents) but it only harms the miner who chooses to do it. Stratum continues and cements a historical inertia of conflating pooling for payment (which encourages more small participants by reducing variance) with "selling your vote" on the valid state of the network, creating real centralization which is antithetical to the security model. There is no technical reason why you can't form your blocks locally, according to your own preference and policy, but pay out the coinbase according to a pool's spec and get credited for that work. This means that pools create a large centralization risk when there is no need for it to be so to get their benefit. Indeed, it's arguable that miners can move so they're less of a risk than, say, cloud mining— but in practice miners do not move even when a pool is caught ripping people off (and certantly not quickly).
|
|
|
2319
|
Other / Archival / Re: delete
|
on: September 20, 2014, 12:55:17 AM
|
Careful. Encryption could mean the one-time ring signature is not broken, rather the way it is implemented
Encryption does not mean signature, ring or otherwise. Two different concepts. There is very little encryption in the protocol, arguably none at all. So I'm not even sure what the original quote means at all, other than a somewhat confused mishmash of "big words." The only way I see to make sense of it is to interpret encryption as cryptography as fluffypony said and gmaxwell seems to have also inferred. But it could mean something else. When you invent your own definitions for words you can later say you meant just about anything. I'm used to unsophicated people using "encryption" to mean cryptography. As you note there is no encryption in the protocol _at all_, (not just arguably, but unambiguously). But no need to hang up on a pretty obvious claim over some pedantic word mincing— the meaning was clear enough to me. If I misread— I'm sure BCX can comment. A theft bug that cannot be fixed without breaking the system's privacy must be a cryptographic one. Thats a pretty strong claim which deserves some strong evidence. Other systems are using related cryptosystems, and would benefit greatly from knowing it was broken. BCX should publish his discovery.
|
|
|
2320
|
Other / Archival / Re: delete
|
on: September 19, 2014, 06:43:28 PM
|
2) There is no break down in the encryption but in how it is implemented.
This is in direct contradiction to your original claim that it cannot be fixed without giving up on anonymity. I call bullshit.
|
|
|
|