In Bitwage, we obviously believe that getting paid in crypto is leading to increased adoption. If you get paid in BTC, you look for ways to spend it, if you can spend BTC to pay for goods and services, you probably want to earn it too.
Just being curious about your opinions - what are your thoughts on getting your salary paid in Bitcoin? Hell yeah, that's great, no way, this idea sucks? Do you ACTUALLY feel like bitcoin adoption keeps increasing or do you still struggle to find a merchant who accepts BTC??
I don't see "Bitcoin adoption" and "merchant adoption" as the same thing. A lot of adoption is speculative and not grounded in the currency use case. So, I think Bitcoin adoption is definitely increasing even if merchants are lagging behind. I love getting paid in Bitcoin. I would love to get a portion of my salary paid that way. It would definitely help me tuck some more coins away. I always spend some of my Bitcoin earnings, but I'm more careful with it than fiat money.
|
|
|
Interesting reading, thanks for posting.
I hope these schemes aren't used as fodder to pass more stringent AML/KYC regulations on crypto-to-crypto exchanges, but they probably will be. I'm not sure how governments will address decentralized exchanges like Bisq, but I think there will be more clamping down on centralized services like MorphToken, who are offering high value exchanges with no account registration. Shapeshift obviously couldn't retain that model for long, ostensibly because of pressure from regulators.
|
|
|
if you are envisioning 'devices' well there are already hardware wallets in existance but again if handing over the hardware wallet face to face. the privkey/seed needs to be passed over securely too
Isn't that what Opendimes do? They are hardware wallets, essentially. You generate keypairs on the device, load it with coins, and can use it like cash until the seal is broken. the main issues is: the person(s) that first issue them create the keypair and load the funds. trusting they didnt keep a copy of the private key the person(s) that get handed the paper/physical coins. could simply reprint a paper wallet with same public key and counterfeit
I think Opendime has addressed these issues, although the RNG bit is over my head: How do I know I'm seeing a real Opendime
There are a number of ways to verify the device; first, you can click on a link shown in the index.htm file present on the device. That link includes a signed message, that only an Opendime with access to the private key can generate. With version 2 products (rounded type) there is a factory key which can be verified with using the factory public key. This proves the hardware was produced by us.
With our newest hardware (V2), there is a dedicated anti-counterfeiting chip which holds a secret key assigned by the Opendime factory. We publish the matching public key, and so it's easy to verify that you have a genuine Opendime in your hands. Learn more by reading our technical white paper (link coming soon) which details the cryptography involved. But Opendime could be generating private keys that look random, but are all from the same HD (BIP 32) tree which they control?
You can actually prove to yourself that we cannot know the private key. The process for this verification can only be done after the unit is unsealed, and requires a verbatim copy of the original data written. Plus, you'll need to precisely control what is written to the drive, which cannot be done with higher-level commands to load entropy (so drag-n-drop will not work).
In summary, the process is as follows: take a new Opendime, power it up and precisely write 256k of known bytes to it (ie. use dd to write it starting at block zero). The unit will pick a private key as normal. Unseal the Opendime (poke the hole), and run the file advanced/rngverify.py with Python. That file is a simple program that contains the (previously) unknown entropy value from the Opendime, and it checks that your entropy is hashed into the secret key. Effectively, it re-creates the entire key-picking process and to demonstrate we used exactly that process. Because it's just 75 lines of python, it's very easy to audit.
As you will see, the secret exponent of the private key is the double-SHA256 of these values concatenated: (the 256k bytes from you) + (128-bit serial number of the Opendime in base32) + (32-byte nonce picked by Opendime's RNG).
See our source code on github for a complete and executable example. The biggest problem I see with Opendimes is hardware reliability. You can't back up your wallet seed or private keys. If you have a hardware failure, you lose everything. The only way to prevent that is to break the seal and sweep the coins, rendering the device useless.
|
|
|
If you think about it, 0.0000048% of total US m2 money would be 504,000 usd.. half a million
So can we say that 1 Btc = $500,000?
No, not really. The M2 money supply isn't a realistic basis for Bitcoin's value -- unless Bitcoin completely replaced all cash and fiat money savings accounts -- cash, check/savings/money market deposits, mutual funds, etc. Even then, Bitcoin's market valuation is more complex than that. I suspect Bitcoin and fiat currencies will exist side by side for quite a while anyway. It might hit $500,000 in the coming years based on its speculative investment properties alone, but I don't think it will have such a clear relationship to the fiat money supply.
|
|
|
Most of the gold supply doesn't move either. It sits in vaults, storing value.
You can't present people with a store-of-value asset in fixed supply and expect them not to hoard it. We shouldn't be judging Bitcoin based only on its consumer/merchant payment niche -- that's just a niche, one aspect of its properties as money.
|
|
|
The fact that Bitfinex lost the $850M to begin with is alarming, though Are you sure about the lost part? If I'm not mistaken the funds have been locked (arrested). It is not like they were irrevocably confiscated or something to that tune. They've been seized by multiple law enforcement agencies for links to drug cartel money laundering. In cases like these, recovering the money is possible but unlikely. I certainly wouldn't plan on it. That's why Bitfinex quickly launched the LEO token fundraising effort as soon as the news broke. They know full well they're not getting the money back. This also raises concerns about future seizures. Bitfinex operates from unregulated jurisdictions without any licenses. It's hard to imagine this happening to Coinbase or Gemini, but I could certainly imagine it happening to Bitfinex again. I'd be a lot more concerned about federal agencies. They spend years building cases before pouncing. The CFTC investigation goes back something like 1.5 years Okay, they have built their case and taken Bitfinex to court, what's next? The agency in question (CFTC) had already fined the exchange a few years ago. For something like 60 grand (if my memory serves me right). Pretty insignificant amount compared to 850M in custody right now That was a very different CFTC investigation for margin custody arrangement from several years ago. This investigation is for market manipulation. It was launched at the end of 2017 and the DOJ launched a parallel criminal investigation in late 2018. The DOJ is the agency that shut down BTC-e in 2017.
|
|
|
Well, that's how the market works, chipmixer is now the leading mixer in the market but bestmixer was also big and one of its competitors but I'm sure a new mixer will become popular again and until they will find a way not to get shut down by any government agency.
For most mixers -- if they're run correctly -- the only thing that should be at risk is the clearnet domain. A .com or similar domain can be easily seized, but servers and funds should be another matter. Bestmixer's mistake was operating from Europe from easily surveillable jurisdictions. It would be much more difficult for authorities to seize servers elsewhere in the world outside of the US or Europe.
|
|
|
After I complied with these requests I got this one: And finally after sending a proof of funds they unlocked the coins. I was lucky enough that I had received the BTC for professional services, but had I got them from mining activities, gambling or simply from a friend I would have had no chance of proving anything. That's horrible. LocalBitcoins seems equivalent to Bitstamp now regarding AML/KYC -- and that says something. I don't trust these European companies anymore. I'm going to advise people against ever using LocalBitcoins because like you said, in many cases people won't be able to provide the necessary proof in these cases.
|
|
|
The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...
I doubt that Satoshi exposed any of his public keys, as far as I know it happens under 2 scenarios: first when you send a transaction and it's not yet confirmed - then there's a short window of opportunity to crack the key while the transactions is still in mempool and publish a contentious transaction, so overall it's extremely hard and can happen to anyone, not only Satoshi; the second is if we reused the address that he previously used to send transactions, but if I remember correctly, he was speaking against the address reuse in early days, and with his expertise in cryptography we can assume that he wouldn't make such a mistake. In the early days, P2PK (pay to pubkey) outputs were common because of the Pay-to-IP feature which was removed in 0.8.0. Many of the early coins are sitting on exposed public keys for this reason.
|
|
|
As for quantum computers, they can be good at cracking keys when public keys are known, but they aren't known in Bitcoin protocol by default - they only get exposed when someone spends coins.
Indeed, not all keys on the network are vulnerable. Bitcoin already has some built-in quantum resistance since we use pubkey hashes. That doesn't apply to the Satoshi coins, though, so I can understand why people are nervous about millions of "lost" coins entering circulation again. The Satoshi coins will probably remain sitting on exposed public keys until eventually stolen. The only way to prevent that would be to implement a fork that censors the outputs...
|
|
|
It looks cheap because the value is $500k but if the value is less than $50, a $5 transaction fee is too high! I am using a local wallet and yesterday the fee was 0.0006 btc that is for the low fee and the highest fee for faster transaction was 0.0017 btc not fair!
What wallet are you using? Does it use Segwit? Either way, it sounds like it's really overpaying. I suggest using a wallet like Electrum, manually setting fees, and estimating based on current mempool stats. In general, fees are rising and it's not going to get much better anytime soon. I really think people should stop focusing on getting confirmed in the next block. If you're willing to wait up to a few days, you can still pay hardly anything in fees. If you can wait hours or half a day, you'll pay a small fraction of the fees you mentioned.
|
|
|
How sure are we that miners will again "play politics"? They are after all, many voices and I'm not sure they could get behind one voice any more. I think the 2017 showdown was a real blow to the egos of large miners. They thought they could flex their hashpower and change the protocol with backroom deals, and they ended up looking like impotent fools because of it. Their NYA deal flopped, they caved to BIP148, and most of them know better now than to pit themselves against the community.
|
|
|
You are both partly correct. But what's our answer if we, the users/economic majority, want those improvements, but the miners don't? A UASF like BIP148 that orphans non-compliant blocks is always possible, but I sure hope it isn't so rushed next time around. If we want to force miners to enforce a soft fork, we need to maximize user node enforcement. That means allowing as much time as possible for people to upgrade before the fork. 6 months at least, or maybe a year might be a more reasonable time period to allow users to upgrade.
|
|
|
I agree that cheap fees will have to take a back seat to network security, but shouldn't be neglected at the same time. The network could be the most secure on the planet, but if only a handful can comfortably use it, I'd say it has failed.
Hopefully we'll find some middle ground between here and there. Do you remember that post from Hal Finney, where he predicted the emergence of Bitcoin banks because Bitcoin couldn't scale to all the world's transactions? I think he was onto something there. I think we're going to see a multitude of off-chain solutions -- some of which are custodial and trust-based, as antithetical as that is to "being your own bank." Some of these options will make interfacing with Bitcoin affordable for those who can't afford on-chain transactions.
|
|
|
How would the Bitcoin activate Schnorr Signatures, Erlay, Taproot, and other soft forks to improve the network, if the miners "play politics" again?
Segwit threatened the ability for Bitmain or others to use covert ASICBOOST. I also think large miners favored establishing big block precedent (vs. Segwit) because they were putting short term rational interests above long term network health. They perceived cheap fees as a quick ticket to mass adoption. They also knew the increased orphaning risk of big blocks would hurt smaller miners more and help them consolidate hash rate share. These upgrades don't seem nearly as contentious for miners. Why would they be opposed to signature aggregation, or bandwidth savings, or smart contract capability?
|
|
|
It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures.
Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.
There's no way to "protect" vulnerable keys yetThings works for both sides, devs can do something we never think to protect this vulnerable keys, like you said We can fork the protocol to make the outputs unspendable, but that's a very slippery slope. Such a move ultimately destroys Bitcoin's "censorship resistance." What if those were your coins, and the network essentially stole your money? We can't even say for sure which coins were Satoshi's. It's a guessing game. We'd essentially be punishing people who saved their coins and didn't move them. That doesn't seem right. They should still be able to access their own coins, even if that means leaving them vulnerable to attack.
|
|
|
I can understand you and you have the logic But you have to consider that if you use supercomputers to crack something, the same supercomputers probably will be at BTC side, protecting the blockchain
Devs and community will keep preserving BTC integrity, no matter what, and they will use the same technology hackers probably will, so...it keeps the same as today
It's not that simple. There's no way to "protect" vulnerable keys. Once ECDSA is broken, all exposed Bitcoin public keys are at risk. The only fix is to move vulnerable coins to new addresses and implement a new signature scheme like Lamport one-time signatures. Since the early "Satoshi coins" are unlikely to be moved to safety, some people have suggested forking Bitcoin to make those outputs unspendable, or to recirculate them as mining rewards. Forks like this are unlikely to happen because they are so contentious, so we should be prepared for coins like this to be eventually moved and sold on the market someday.
|
|
|
I am fully aware this is a highly spekulative topic. So I am not expecting clear answers, but hope to get some input from people that are very familiar with how the speed of super-computers is evolving and expected to evolve over the next 10 - 50 years. And also hear the opinion of people that have some deeper insights into exploiting hashing algorithm vulnerabilities etc.
I am wondering, if at some point in time over the next decades, it will be profitable (and possible at all), to brute-force one or more of Satoshi private keys. Absolutely. It's a matter of time, but it's very difficult to know when the breakthrough will occur. Right now, it's still all theoretical. I read an insightful and well-sourced article about when ECDSA might be broken by QC, and therefore when the early Satoshi P2PK outputs might be stolen. Read up here. This is an interesting bit: For Bulletproofs, what matters is the Shor RSA2048 line, which is predicted to be broken in 2022–23. In fact, ECC is more vulnerable than RSA in a post-quantum world, so our discrete logarithm assumption may be broken even sooner.
Bulletproofs is a nice to have quantum vulnerable feature, although we do have other quantum vulnerable features in Bitcoin: Quantum attacks on Bitcoin, and how to protect against them.[7]
"The elliptic curve signature scheme used by Bitcoin is much more at risk and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates." This only applies to exposed public keys (like many of the early "Satoshi coins") or addresses that have spent outputs before, but that's a significant number of coins.
|
|
|
So what's the difference between securities and tokens? A token is just a unit issued on a blockchain. It could be a stablecoin like USDT ERC-20 tokens, a security token, a utility token, etc. It may or may not be a security, depending on what the "Howey Test" says: Under the Howey Test, a transaction is an investment contract if:
-It is an investment of money -There is an expectation of profits from the investment -The investment of money is in a common enterprise -Any profit comes from the efforts of a promoter or third party
The SEC has come out and said that most ICOs were securities offerings. If the ICO team advertises the offering as a profit-making opportunity, then its definitely a security. Anyway,nobody cares about the SEC and how they deal with ICOs. The SEC has halted ICOs, charged founders with crimes, frozen their bank accounts, etc. People running token offerings are very careful these days about how they deal with US investors for good reason.
|
|
|
I'm trying to figure what's the effect of all lost coins in a longterm
I understand all lost BTC are in blockchain, they are not "lost", but people probably forgot them or lost the private keys to access People only says it's good because of the scarcity, our "active" BTC will value more It's effectively burning bitcoins and removing them from the supply. Assuming demand remains equal, less supply means higher prices. That is, until and unless quantum computers begin threatening Bitcoin's signature algorithm in the next decade or two. Once that happens, any lost bitcoins held on exposed public keys (like most of the Satoshi coins) or reused addresses are at risk of being stolen and recirculated into the supply. But all energy and efforts to generate these BTC are for nothing to? Is there any word of the devs about this? Do you think someday devs will discuss about?
Ideas have been floated before, such as forks where the Satoshi coins are recirculated. They've never gained much traction, though, and I doubt we'll ever see that happen in Bitcoin.
|
|
|
|