881
|
Other / Meta / Re: How does evil fee makes sense?
|
on: July 24, 2021, 04:49:23 PM
|
-snip-
That is the trade-off of the current system. There isn't any other feasible way to deter spammers, and removing it completely only serves to worsen the current spams we're seeing. Those affected by this are unfortunately just collateral damage. As I've mentioned before, the proxyban fee has practical reasons, but it's a system that cannot be efficient in controlling ban evaders which is the actual purpose. New members would normally not know their way around the forum or Bitcoin itself and may have stumbled on the site from somewhere else and rather than getting a welcome message which explains a bit about this forum, they get a ban message which they need to pay to overturn. Ban evading is an offense on the forum and those caught will still be banned even though they have paid the fee, new members on the other hand are the ones who would either pay for something they know nothing about or not register at all.
The actual purpose is mainly to control spammers, instead of those seeking to evade bans, IMO. There was a huge influx of spam SEOs at the start of the year, with them scraping other posts to try to blend it. Removing the barrier of entry for those IP ranges only serves to increase the spam on the forum and other than monetary disincentives, I don't think there would be a better way to reduce those spams. If you remove the fees completely, you'll most likely start to either see hoards of account farmers or bots every now and then and degrading the experience for everyone. Most users probably won't care about using the forum, once they see that they have to pay a fee to use it. No matter how much you explain to them, they would probably just be put off by having to pay a fee just to post.
|
|
|
882
|
Bitcoin / Development & Technical Discussion / Re: schnorr signature weakness, why did they do it this way?
|
on: July 24, 2021, 12:59:59 PM
|
I agree it does sound very unlikely to do, no one would probably waste resources trying to do that but is there anyway that security issue could be fixed? I seem to have an issue with bitcoin using such short addresses where collissions can be an issue but no matter what the size of the address space, those could always happen. Seems something more fundamental would have to be done to fix that.
No. It is not a security issue. You'll probably have to see the post referenced below to understand what I'm talking about in relation to the Multisig and normal P2SH. Wouldn't birthday paradox only apply if all people involved are searching, and the rewards of the finds are equal? But, as you say, the search space is smaller than the key space (2^80?). The public address space is smaller than the key space (2^160?), so you don't really need to search through the entire private key space for collisions. Maybe this is why the key space was made to be so large.
Maybe public addresses should be longer if the birthday paradox applies? But as you've said, there is SHA256 and P2WSH.
Collision attack is very different from pre-image attack. In trying to find a collision, we would be finding two of the same hashes when we're searching for the keys. The hash that will be found is completely arbitrary, and the theoretical attack scenario is better described here: https://bitcointalk.org/index.php?topic=5348160.msg57410551#msg57410551. If you are looking for any specific addresses, you will need to do a second pre-image attack (2^160), so we're finding the inputs that would result in a specific set of addresses. Birthday probability doesn't apply here because we're not looking for random collisions, but inputs that would result in specific addresses.
|
|
|
883
|
Bitcoin / Electrum / Re: Cannot use Electrum through Tor
|
on: July 24, 2021, 12:05:17 PM
|
Nope. Still the same with that command.
Check the Tor and Electrum Logs. Electrum logs are in the data directory, if enabled. Tor's logs are in Tor Browser's settings, if you're running it.
|
|
|
884
|
Bitcoin / Electrum / Re: Cannot use Electrum through Tor
|
on: July 24, 2021, 11:43:42 AM
|
I tried it with port 9150 and with both 50001 & 50002. It doesn't work for me. Could the fault be my version? (v4.0.4)
I checked your command again. I'm using this command: electrum-4.1.4.exe -s hsmiths4fyqlw5xw.onion:50002:s -p socks5:127.0.0.1:9150. I'm not sure if it works for 4.0.4 as well, I don't remember any changes done to that. Do try it and let me know.
|
|
|
885
|
Bitcoin / Electrum / Re: Cannot use Electrum through Tor
|
on: July 24, 2021, 10:40:36 AM
|
Try port 9150? Electrum works with 9150 but not 9050, believe the latter is for the Tor daemon, instead of the browser.
I confirm that hsmiths4fyqlw5xw.onion:50002 is accessible.
|
|
|
886
|
Bitcoin / Development & Technical Discussion / Re: schnorr signature weakness, why did they do it this way?
|
on: July 24, 2021, 08:44:44 AM
|
I'm assuming when you say collisions you mean hash collissions? never thought of that. so i guess even the legacy multisig is no more secure than a single public key. that's the problem with multisig in general is it works but u can't be sure there's not another way to spend the funds other than YOUR way which is the m of n private keys. until they get something like that, i guess it's not true multisig ever. kind of disappointing that bitcoin has this limitation of such a small address space what is it 2^160?
It affects multisig, where multiple entities are involved. By birthday paradox, the attacker can run through 2^80 combinations of their public keys with the other party's public key and produce a collision. The victim would be left in the dark, which is why we've pre-emptively introduced SHA256 with P2WSH. Multisignature needs as you said "a bunch of regular signatures", in fact it needs M of them. And then it also needs to apply "logic after the fact" as you also pointed out, to figure out that out of the N public keys that M of the signatures belong to N of those public keys. I think that's really the only way you could really ensure that M of the N private keys were used. There's no other way.
Not really. The conditions are only required provided that the redeem script that you're providing in the transaction states so. If I were to somehow give a redeem script which hashes out to the corresponding hash in the UTXO, then the conditions in that redeem script is considered for unlocking those outputs. For example, if I were to somehow have a redeem script which is a 2-of-3 Multisig and its hash somehow is the same as another completely different P2SH with differing requirements, then by fulfilling the former redeem script requirements, I can spend the outputs tied to the latter P2SH script. It is a totally hypothetical and incredibly unlikely scenario, but it proves that for a specific P2SH, we can define an alternative script to bypass the requirements in the first place completely.
|
|
|
887
|
Other / Beginners & Help / Re: Confused on schorr signature
|
on: July 24, 2021, 07:29:26 AM
|
And how does one go about defining "security" anyway? I think there's different levels of security. For example, if i need to know 2 private keys then that's not just double the security over needing to know 1 private key.
We define being secure as something that is infeasible with current and future computational capabilities. You can say 1/2^256 is secure enough but that's your opinion. People can have their own opinion of what is secure enough for them and they should be able to use tools that give them that desired level. Maybe 1/2^(256*6) is secure enough for someone else so they make a 6 of 8 multisig wallet. They don't want to hear that it's really not that secure and that a single private key could bust them down to 1/2^256 level of security...
Multisig security isn't defined by that. We attack the weakest link; produce a pre-image by having a redeem script that is able to be hashed to the address we desire.** That is far less complex than having to find individual private keys. No matter what kind of requirements you include, if we find a pre-image of a redeem script that hashes to your address and is able to fulfill our own requirements, your security is compromised (don't necessarily have to know any of your private keys). P2SH at it's current form suffers many forms of limitations; requiring 6 signatures makes a transaction unnecessarily big, and computationally expensive. It is not reasonable at all to demand security levels which leaves attacks *more than* astronomically difficult. That would just be paranoia and a waste of resources. ** This is quite difficult, even for now. I doubt that it would be more difficult than trying to find individual private keys through bruteforce and random combinations (if redeem script is not revealed).
|
|
|
888
|
Bitcoin / Development & Technical Discussion / Re: Mempool/mining question
|
on: July 24, 2021, 07:16:59 AM
|
The miner, indeed, hashes a 80 bytes block header, but to reach the certain merkle root, he has to hash transactions. Hashing transactions may take some time; it may not seem slow in practice, but in theory, doesn't it take more time to hash multiple transactions over and over again, instead of just one?
There isn't a lot to hash. Anyways, I don't think ASICs hash merkle root. They only hash the block headers, any CPU can hash the merkle tree in milliseconds so it can be done in parallel.
|
|
|
889
|
Bitcoin / Development & Technical Discussion / Re: Why are light nodes considered not fully trusted?
|
on: July 24, 2021, 07:13:10 AM
|
If you only get the block header, then you can't validate the validity because you are unable to validate anything else in the block that is not within that block header. Then, you rely on the longest chain being valid and follow them, without being able to validate the blocks in that chain.
Merkle root can be valid, even if the transactions aren't.
|
|
|
890
|
Bitcoin / Development & Technical Discussion / Re: Mempool/mining question
|
on: July 24, 2021, 05:47:46 AM
|
Watching blocks fill up in real time as they are being mined made me realize that miners are hashing a block that is (potentially) changing every second. Especially when there aren't enough transactions to fill up a block. So does this mean that, say in the case when transactions in the mempool are low, each time a new transaction enters the mempool the miners will stop attempting to hash the old block and start attempting to hash the new block that includes the new transaction? It seems like trying to shoot a moving target would really slow down the process... but I am not a programmer or a developer of any sort It depends. There is almost practically no penalty to change the merkle hash of the block since miners should be fast enough to include an alternative merkle root as required. The server may request for the workers to change out the merkle root periodically through mining.notify on stratum for example. Miners can include any transactions as they wish and it is not a necessity for them to discard the current block and include new transactions whenever they see anything. Also I have noticed a handful of really small blocks that get mined especially fast. Is this just a coincidence that my lizard brain makes a connection, or is there some causality there?
No. The chances of you getting a valid block is not affected by the number of transactions or the size of the block. It's common for blocks to be mined within a few seconds of each other as some miners either don't include transactions at all after seeing a valid block on the network (to avoid the risk of including conflicting transactions, while they are validating the blocks) or if the miners are just slow at including transactions in the block. Small like... empty? Probably empty blocks could be solved more easily, due to the fact that there's less information to be hashed each time.
It's the same.
|
|
|
891
|
Bitcoin / Bitcoin Discussion / Re: What's up with all the not-full blocks lately?
|
on: July 24, 2021, 05:14:11 AM
|
Average fees are super low and even 1 sat/vbyte seems to get you in the next block a lot of times. The last block only had 48 transactions! Maybe I just haven't payed much attention in the past but this seems really low. Any ideas why transaction volume is so low?
The block was mined roughly 20 seconds prior. My best guess is that ViaBTC didn't have enough time to fully populate the blocks with transactions and were pushing blockheaders to the miners in the interim while they were populating the block fully. The block was mined in the process, which is a possible explanation for the low block count. Also, what's up with the "best change" thing I see on so many people's avatars?
Signature (or avatar) campaigns.
|
|
|
892
|
Bitcoin / Bitcoin Discussion / Re: If it is more convenient for people to buy Bitcoin, will Bitcoin be more popular
|
on: July 24, 2021, 04:41:21 AM
|
Well, I think that removing or having less charge is going to be under the convenience umbrella so I think that if it's convenient to buy bitcoin, it would be more popular. I mean there's an app in my country where you can directly buy bitcoin with fiat through their apps and so far no complaints about the fees.
People won't just buy Bitcoins for $10, or anything below $100. The fees takes at least 10% of that, and transaction fees when sending to the address and from the address basically takes almost half of the Bitcoins that you've bought. Handling large amount of Bitcoins wouldn't be advisable for a Bitcoin ATM and using an actual bank account would be better. It would be fine if the ATM allows for LN or if the user absolutely needs privacy and they don't enforce KYC.
|
|
|
894
|
Bitcoin / Bitcoin Discussion / Re: If it is more convenient for people to buy Bitcoin, will Bitcoin be more popular
|
on: July 24, 2021, 04:21:31 AM
|
The convenience isn't the most important factor. Most Bitcoin ATMs charge a premium of at least 10%, at least in my area. That is likely going to turn away any potential Bitcoin buyers, and you're subjected to KYC anyways. If you are serious about purchasing Bitcoin, you'll more likely be interested in using a proper exchange that doesn't levy such high fees. Buying a tiny amount of Bitcoins (ie. a few dollars) is practically useless given the fees.
I never really got the point of ATM, after the surge in TX fees and the price. People looking to use Bitcoin for the long term just don't use ATMs at all.
|
|
|
895
|
Bitcoin / Bitcoin Discussion / Re: CEO of Twitter has full control of the Bitcoin market by banning Elon Musk
|
on: July 24, 2021, 03:58:18 AM
|
It isn't because Bitcoin has a small market cap, that Elon Musk can move the prices with his tweets. It's that the investors are so vested in banging on larger corporations to get into Bitcoin or for people to be positive about it. When majority of the investors treats Bitcoin as a speculative asset, they are bound to buy or sell their Bitcoins based on opinions by various stakeholders, Elon Musk for example. They are more than likely to sell in fear if the reason why Bitcoin has gotten to 50K suddenly stops endorsing it, or vice versa.
|
|
|
896
|
Other / Beginners & Help / Re: Confused on schorr signature
|
on: July 24, 2021, 03:33:23 AM
|
So basically then a multisig with schnorr is no more secure from being hacked than a standard P2PKH address.
So I guess the moral of the story is you don't get something for nothing. When you combine all the public keys into a single master one, you create a weakness too. You lose the ability to absolutely require m of n signatures from m of n private key holders. That seems like a glaring loophole to me! Or at least "not a good thing".
It is not feasible for an attacker to manipulate and obtain the corresponding keys without compromising all the signers. It is not a loophole because it cannot be exploited by an attacker in practice, or at the very least infeasible for anyone to execute. You should refer to MuSig's whitepaper here: https://eprint.iacr.org/2018/068.pdf. Specifically the security excerpt proves the security of the scheme.
|
|
|
897
|
Other / Beginners & Help / Re: Bitcoin & Anonymity
|
on: July 24, 2021, 03:30:31 AM
|
Its simple you should be looking for VPN providers that do not keep logs but that is hard to find because any company can claim they do not keep logs but do with Tor there is a risk to because anyone owning the exit node will be able to look at the incoming and outgoing traffic. Tor is probably better in most situations but if you can find a VPN which does not keep logs then that is just as good but its proving it which is difficult.
Not necessarily. Malicious exit nodes can try to strip the TLS but it's probably quite ineffective in most scenarios because Tor always hardens and tries to enforce TLS. Onion addresses are not susceptible to this. The only way for exit nodes to break the privacy is through analysing plain-text connections or through masquerading with a valid certificate. Otherwise, the exit node cannot determine the origin using the traffic alone. Solely going by this, Tor is better than VPN in terms of privacy. The VPN can do what a malicious exit node can try to do as well.
|
|
|
899
|
Other / Beginners & Help / Re: I'm curious about our Trust Score!
|
on: July 23, 2021, 02:40:23 PM
|
No. The trust score depends on who is in your trust list and your depth of your trust list[1]. If a person who left a feedback is in your trust list, they will appear under the trusted feedback and their comments will affect your overall trust ratings. Check the Trust network, if the person is inside the list and doesn't have a strikethrough, it will appear under trusted feedback. It is specific and different for everyone. If you want to see the trust list as seen by someone by default, add ;dt to the end. [1] https://bitcointalk.org/index.php?action=trust
|
|
|
900
|
Bitcoin / Bitcoin Discussion / Re: could they or anyone turn Bitcoin to PoS?
|
on: July 23, 2021, 02:17:01 PM
|
No. Any fundamental shift results in a fork and given that there isn't any actual faults with PoW, you'll most likely spawn another altcoin. Some might follow that but most probably won't.
It is important to note that PoW isn't flawed like people often postulate. PoW is designed to consume large amount of resources, in exchange for the security it provides. Trying to reduce that using another scheme wouldn't work by the virtue of not "expending resources" to provide security. Elon Musk never actually said that PoW is bad (or AFAIK), in fact, he puts forth an alternative : DogeCoin, which is also PoW.
|
|
|
|