 Show Posts
|
|
Pages: [1]
|
|
1
|
Bitcoin / Bitcoin Discussion / Re: New Chinese Quantum Computer breakthrough - should we be concerned?
|
on: December 06, 2020, 12:51:13 PM
|
|
It is important to understand how bitcoin works and how quantum technology can potentially harm Bitcoin.
With quantum computers, you can:
1. Crack private keys with the corresponding ecdsa public key pair. This also means that most Bitcoins are not in danger as you only reveal public key when you spend bitcoins. SHA256 and RIPEMD-160, or HASH160 is revealed in a transaction that sends Bitcoin. You have to break both algorithms to get the public key.
2. Potentially hash faster than others. This is not of any danger. The faster they hash, the higher the difficulty increase and thus resulting in the quantum computers being useless.
To mitigate this, you have to stop reusing address. Quantum computers will reduce the time needed to get the private key from the public key exponentially but it will not mean that keys can be cracked instantly. If you can confirm the transactions before the quantum computers can crack the public key that you include in a signature, then you don't have to worry about it at all.
|
|
|
|
|
2
|
Other / Beginners & Help / Re: About Segwit
|
on: December 06, 2020, 12:43:46 PM
|
Correct. In fact, depending on the number of inputs and outputs, the raw size of a P2WPKH (SegWit) transaction may actually be larger than an equivalent P2PKH (Legacy) transaction. The raw size of a P2SH-P2WPKH transaction (nested SegWit) will be significantly larger than an equivalent Legacy transaction. As you say, the reason SegWit transactions are cheaper is due to how the raw bytes are calculated in terms of weight units, not because they are physically smaller.
Thank you for the concise explanation! |
|
|
|
|
3
|
Bitcoin / Electrum / Re: Need Information about Electrum
|
on: December 06, 2020, 09:31:41 AM
|
Remember: the fact that the device is not connected to the Internet does not mean that it is safe, you need to remove all the files, install a new operating system, make sure that the new system is safe, remove the network connection parts and all the input and output units (physical removal except the screen and mouse) and then you can sign the message then use Barcode + device connected to the Internet to brodcast it.
Or you can choose the easiest solution and buy a hardware wallet after reading all the details about it.
Not to mention a hardware wallet is less expensive than setting up cold storage yourself of comparable security, if you don't already have screwdrivers and computer parts handy. Plus it is easy to accidentally destroy your cold storage as you setup a computer for it if you're not careful. Building your own instance on a raspberrypi may be cheaper, coming in at about $50 for the 2gb version here and add in SD card should be $60. A ledger costs about $150 around here before shipping fees. from the other thread, it seems that it could offer decent security for its price and its quite idiotproof to do. You cannot lose the private key unless you lose the seeds. I think destroying a raspberrypi computer when using it as a cold storage device is not a big deal. |
|
|
|
|
4
|
Other / Meta / Re: Stake your Bitcoin address here
|
on: December 06, 2020, 09:23:02 AM
|
Address: bc1qpwnllphyql939yr8g6t8n4ps5phf7phw3wqh5f
Message: Bronsted staking my address on Bitcointalk.
Signature: IGDnPKk+fUgoGsVCI4JzD2C5k2Hw5ZIJbxaQPuQ1jQCnRU2cdXrEGlrb/tFS+2OesgPiatNsW50Hxfb6qDjTzYA=
|
|
|
|
|
5
|
Bitcoin / Bitcoin Discussion / Re: Using a lower bitcoin denomination: Which side are you on?
|
on: December 06, 2020, 09:04:20 AM
|
|
I believe that either Bitcoins or milliBitcoins [1 X 10⁻³] should be the fundamental denomination of Bitcoin, it represents Bitcoin with the appropriate prefix in an unambiguous manner. I do not understand why bits are introduced in the first place and I had difficulties trying to visualise it when the website I'm using calls for it.
In my opinion, trying to divide Bitcoins down to too many decimals is counterproductive because it results in much more confusion as someone who is new to Bitcoin. Realistically, I do not think it would ever reach a point whereby 1 satoshi or 1 bits is equal to $1 so using that as a unit is fairly confusing as well.
|
|
|
|
|
6
|
Bitcoin / Development & Technical Discussion / Taproot and Schnorr
|
on: December 06, 2020, 08:52:35 AM
|
|
Hello! My sincere apologies for creating so many topics on my queries but I figured it'll be best if I could clarify my doubts and leave it open to the others as well.
So here goes:
My understanding of Schnorr and Taproot is that it alleviates the problems associated with multisig like it's lack of privacy as well as space. They allow the signatures of the multiple keys to be congregated into a single signature. But if the several signatures can be congregated into one, why can't it be used to reduce transaction size by aggregating the multiple signatures of several unspent transaction outputs into a single one? Surely if it can combine signatures of multisig, it could combine the individual signatures used to sign a normal transaction with many inputs?
|
|
|
|
|
7
|
Other / Beginners & Help / Re: About Segwit
|
on: December 06, 2020, 04:43:18 AM
|
Segwit help to reduce the transaction size and with smaller transaction size, you will have cheaper transaction fee.
The raw size of segwit transactions isn't smaller right? The difference between a bech32 and a P2PKH is the way that the non witness portion of the script is calculated in terms of vbyte? If it doesn't decrease the raw transaction size, this makes segwit effectively a block size increase as well right? Just one that does not need a hard fork to achieve. |
|
|
|
|
8
|
Other / Beginners & Help / About Segwit
|
on: December 06, 2020, 04:04:52 AM
|
|
I have taken the initiative to read up on the scripting of the standard Bitcoin transactions but I do not really understand how beneficial segwit is to bitcoin. For one, I understand that segwit is primarily a backwards compatible increment of the block space as it strips the signature data and put it into the witness.
I am aware of the new virtual bytes or the weight units that are associated with the transactions. However, I do not understand how there are some claims that segwit also helps to make the transaction smaller. As segwit transactions includes the witness as well as the scripts that are used for regular transactions, does it make the transaction bigger than P2PKH or P2SH transactions?
If so, it is less of an optimization and more of a block size increase right?
|
|
|
|
|
9
|
Bitcoin / Development & Technical Discussion / Re: Clarifications on RFC 6979
|
on: December 06, 2020, 03:17:44 AM
|
The idea is that if you already have a random entropy you can derive another random entropy from that original entropy by performing certain cryptography functions on it (basically hashing it). For example SHA256 of 32 byte entropy produces a random but deterministic 32 bytes.
Although the algorithm used in RFC6979 is more complicated than that but the principle is the same. You have you private key (which should be random) and the hash of the message that you want to sign (which is not random) and by performing a series of HMACSHA256 you derive a new key.
Since part of the input to HMACSHA was random (the key) the result can not be guessed ergo is random.
The benefit of this is that the algorithm avoids using any kind of RNG that can be weak and since it is deterministic, the ECDSA itself can be easily tested which makes implementing it so much easier.
Understood. I will delve deeper into the topic. Thanks for the speedy response. |
|
|
|
|
10
|
Bitcoin / Development & Technical Discussion / Re: Clarifications on RFC 6797
|
on: December 05, 2020, 01:29:58 PM
|
RFC6797 is about HTTP Strict Transport Security (HSTS) which doesn't seem to have anything to do with bitcoin.
RFC6979 is the closest thing to what you are talking about and is implemented by almost all bitcoin wallets and is used for deterministic generation of the ephemeral key (k) for usage in Elliptic Curve Digital Signature Algorithm (ECDSA) (it has nothing to do with seed). It is to eliminate any possible issues with the RNG by making signatures deterministic while still random.
Thank you. I have amended the topic to reflect the error. Can you help me clarify some of my doubts as stated in the post? I still don't understand how it could be deterministic yet random at the same time. It sounds very much like a paradox. |
|
|
|
|
11
|
Bitcoin / Development & Technical Discussion / Clarifications on RFC 6979
|
on: December 05, 2020, 12:45:24 PM
|
|
Hello all!
I have read the whitepaper and some of the more indepth aspects of Bitcoin. I have come across the implementation of RFC 6979. As far as I can tell, the motivation behind it is to eliminate the randomness of the PRNG being a weak link and resulting in the 'r' values being reused in subsequent signatures.
I have a few questions :
How does RFC 6979 ensure that the generation of the initial seed(?) to be random? Is this being implemented during the generation of the hierarchical deterministic seed to ensure randomness of the seed? To what extent is it effective if, lets say the source of the randomness is weak? Does Bitcoin Core use this, and if it does, can someone point me to the segment which this is implemented?
Thank you in advance.
|
|
|
|
|
