Bitcoin Forum
August 01, 2015, 01:28:44 AM *
News: New! Latest stable version of Bitcoin Core: 0.11.0 [Torrent]
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 [51] 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 ... 802 »
1001  Alternate cryptocurrencies / Altcoin Discussion / Re: Decentralized Timestamp on: May 20, 2014, 03:35:09 PM
Signatures are dependent on the data they are signing and my public key, my public key is fixed but the data I am signing is not. I can add and remove transactions to the block to change the output of the signature. (Technically with ECDSA signatures you don't even need to do that, you just change the nonce used in signing to get a different signature)

The generation signature only depends on the previous block generation signature and your public account number. Nothing more.

In a double spend attack (including a "51% attack) the attacker would be the one generating the sequence of blocks.  That means each block relies on the prior block also made by the attacker.  The attacker signs a block and if it doesn't allow him to forge the next block, just keeps resigning it until it does (as pointed out a single digest can have an infinite number of unique signatures by changing the k value). The attacker attempts signatures until he produces a one which allows him to sign the next block as well.  The attacker then moves on to the next block.  If this seems kind of like a PoW it is.

Quote
Part of the generation signature (called hit) is used to determine a queue of forgers. First in this queue is allowed to forge. If he did not, it is the turn of the second in the queue and so on.

The attacker won't be publishing his chain until it is longer. As long as one of his accounts is valid for signing the next block (and thus somewhere in the queue even last) there will be nobody ahead of him in the queue that knows about the block.  The network doesn't require a specific signer from the queue be used, it just favors a higher signer over a lower one but all signers are equally valid.  If the attacker had* >51% of the network stake e will produce the longest/best chain.  Note: it isn't actually a "queue" but this doesn't materially change the scenario.

As a side note: deterministic (or quasi deterministic) signing/minting/forging is an interesting idea.  It has some advantages but it isn't some magical 51% proof shield and the "nothing at risk" issue around PoW remains unchanged when compared to other PoS systems.

* It is "had" not "has" because in PoS the critical resource is not a physical item, it is a record in the blockchain. A miner who no longer has any hashpower can no longer mine but a forger who had but no longer has a stake can forge a parallel chain starting from where he had the stake and double spending the tx resulting in him losing the stake. An attacker with 51% of the stake as of block X can sell that stake and still perform a 51% attack starting from block X using the stake he had but no longer has on the main chain.
1002  Bitcoin / Mining / Re: Residential Hobbyist Miners: power concerns? on: May 20, 2014, 03:16:32 PM
how much is the maximum elec current in household?

i think its depend on how many electric appliances are running in your house

there should be an upper limit for maximum usage, right?

The limit for the entire house is based on the service (connection to the utility) that you have.  In the US this can vary a lot.  Generally older homes and smaller homes it is lower and for newer homes especially larger newer homes it is higher.  It can range anywhere from 75A to 200A.  Today most newly constructed homes are setup with 100A to 150A.  This is often not that easy to find.  You may be able to find it on the outside meter.  If your circuit breaker panel has a master breaker then the rating on the master breaker may let you know the service.  I say may because often these can be mismatched.  I have seen 200A breakers on a 150A service connection (that is a code violation btw and dangerous) and I have also seen cheaper builders which install a 100A panel when the utility dropped a 150A service connection because a 100A panel is $12 cheaper than a 150A one (this is not a code violation but it is horribly cheap).  If your panel has no master breaker (usually at the top center of panel) and it isn't indicated on the meter you can call your utility.

Obviously this is the max current for the entire house.  Your usable current for mining will be that minus whatever your house uses on peak load.  You can simulate it by turning on the AC, lights, and other appliances.  Then check how fast the utility meter "spins" to determine the total house load (current).  You could also use a multimeter to check the current across the main lugs on the breaker panel.  The later should not be done unless you know what you are doing and have the proper equipment.  Electricity can kill without warning.
1003  Alternate cryptocurrencies / Altcoin Discussion / Re: Coinotron can possibly do 51% attack on Litecoin on: May 20, 2014, 02:21:01 PM
The article uses some incorrect terms.  A 51% attack implies the attacker has a majority of the hashrate.  The article deals with situations where the attacker has a minority of the hashrate (and a very dubious example of exactly half the hashrate).  In that article every reference to "51% attack" should be replaced with "double spend".   You confuse the issue further by using the term timewarp attack which is one possible exploit for an attacker who has a majority of the hashrate.  Network halting, timewarp exploit, and double spending are all exploits that are possible when a malicious entity abuses a situation where it has a majority of the hashrate ("51% attack").

The math in the article while not wrong is misleading.  The article implies that for an attacker with <=50% of the hashrate to build a longer chain after one week would be very difficult.  Well no kidding.   For litecoin one block week is 24*24*7 = 4,032 blocks.   Yes with 4,032 confirmations one can be reasonably sure it is nearly impossible for an attacker with a minority of the hashrate to successful double spend that.  The key word is minority.  The comparison to Bitcoin is equally dubious because it compares a scenario where a Bitcoin tx has less confirmations  (1,008 vs 4,032).  Yes once again having 1,008 confirmations is less secure than having 4,032 confirmations when dealing with an attacker who has a minority of the hashrate.  The key word again is minority.

The bitcoin pdf has proper although simplistic math for the probability of double spending with a minority of the hashrate http://bitcoin.org/bitcoin.pdf.  Meni wrote a more comprehensive paper that deals specifically with the economics of double spends https://bitcoil.co.il/Doublespend.pdf.  If the attacker can maintain a majority of he hashrate then the success rate of a double spend is 100%.  No amount of confirmations can provide a confidence that the transaction can't be reversed.  The longer the attacker works on his chain the higher the probability that it will be longer than the "legit" chain.  For a short period of time the legit chain may remain ahead due to "good luck" but eventually the attacker will pull ahead.  Or stated another way, if the attacker has a majority of the hashrate then it is a mathematical certainty the attacker will eventually produce the longest chain.
1004  Bitcoin / Development & Technical Discussion / Re: how many accounts bitcoind core 0.9+ can handle on: May 20, 2014, 01:19:51 PM
If you mean how many txs (as opposed to # of outputs using sendmany) can bitcoind create, it is very low, something on the order of 1 tps. Keep in mind 1 tps is >80,00 tx per day, which is more than the entire network is processing today.  That also assumes you are just using bitcoind to create and broadcast txs.  If you are using a single node to query for incoming tx, confirmations, new blocks, etc then that is going to cut into your transaction rate.

You could use multiple bitcoind servers if needed but if your tx volume is that high you should reconsider your model.  We use multiple bitcoinds but it is for redundancy and to detect network issues (isolation, double spend attempts, tx mutability, etc) instead of out of a need for higher throughput. At a minimum you should be queuing up outgoing payments and sending them as multi output txs by using sendmany, or using rawtransactions.
1005  Alternate cryptocurrencies / Altcoin Discussion / Re: Re: Proof of stake instead of proof of work on: May 20, 2014, 01:10:26 PM
As to proof of stake somehow being more immune to 51% attack the discussion has basically been around how much more vulnerable it is than proof of work.  A lot more vulnerable?  Or just a little bit.  In any case there isn't really a problem here either because all participants know of the possibility of a double spend attack and associated costs and can wait for an amount of confirmations that they choose accordingly.

Careful.  The number of confirmations increases the confidence that the chain can't be reversed IF the attacker has a minority of the critical resource.  This is the same for both PoW and Pos and likely any other PoX systems to be created.   If the attacker has a majority of the critical resources then it is a mathematical certainty that the attacker will eventually produce the longest chain so 6, 100, 5,000 confirmations is insufficient to ensure that a transaction can't be reversed.   
1006  Alternate cryptocurrencies / Altcoin Discussion / Re: Coinotron can possibly do 51% attack on Litecoin on: May 20, 2014, 06:51:22 AM
I suggest you look into what's called the '51% Attack' and 'Timewarp Exploit'. From what i've read, having over 50% of the network hash does not guarantee a successful attack, it only makes it more likely to be successful. Litecoin's fast block times also make it much less likely for the attack to be successful compared to BTC.

None of that is right.  With a majority of the hashpower an attacker has a mathematical certainty of generating the longest chain.  However an attacker would probably want a larger margin so there is more confidence over how long it takes for the attacker to come out ahead.  A faster blocktime does not reduce the chance of success.  A faster block time means a higher rate of orphans which means more of the legit miner's hashpower is wasted.   An attacker is not subject to orphans as the attacker will always build only of his own chain.

That being said an entity simply having a majority isn't a guarantee there will be an attack.
1007  Other / Beginners & Help / Re: Better way to do paper wallets? on: May 20, 2014, 04:44:51 AM
And trusting some bitcoin private key generator that is online seems not right. Is it really random? I don't know if I can trust bitaddress.org.
...
Is there is non-tech savy simple way to do a paper wallet or cold storage short of buying a new computer or new phone every time I want to store some coins? I think if there is an easy way that is safe for backup, bitcoin will attain mass adoption, but if it is difficult and full of pitfalls, we're screwed and bitcoin's price will continue falling.

You were given one and dismissed it.   How can you be sure any wallet is random?  You either review the code yourself or trust others who have.  bitaddress is no different.  The point is not to use it online but to save a copy and use it offline (possibly on a computer which has never and will never go online).

As for can you trust the randomness?  Well you could always roll some dice instead and just use bitaddress to convert it into a keypair.
Quote
How do I make a wallet using dice? What is B6?
An important part of creating a Bitcoin wallet is ensuring the random numbers used to create the wallet are truly random. Physical randomness is better than computer generated pseudo-randomness. The easiest way to generate physical randomness is with dice. To create a Bitcoin private key you only need one six sided die which you roll 99 times. Stopping each time to record the value of the die. When recording the values follow these rules: 1=1, 2=2, 3=3, 4=4, 5=5, 6=0. By doing this you are recording the big random number, your private key, in B6 or base 6 format. You can then enter the 99 character base 6 private key into the text field above and click View Details. You will then see the Bitcoin address associated with your private key. You should also make note of your private key in WIF format since it is more widely used.

1008  Bitcoin / Development & Technical Discussion / Re: how many accounts bitcoind core 0.9+ can handle on: May 20, 2014, 04:30:56 AM
Not enough.  There is no hard limit but the more accounts and the more unspent outputs the worse performance becomes.  Don't do it.  It is a technological dead end and once you build your entire service around it you will be trapped.

You wouldn't use online banking to act as an accounting ledger.   You would use an accounting ledger and then use online banking as a tool to report incoming funds and process outgoing payments.  Bitcoind is a bitcoin transaction engine. Build your account infrastructure into your application at the data layer.
1009  Bitcoin / Bitcoin Discussion / Re: Does Brock Pierce have consensus of the Bitcoin Community to represent it? on: May 20, 2014, 03:08:08 AM
No but he doesn't represent the "bitcoin community" (whatever the hell that is) he presents the members of the bitcoin foundation who did vote for him.   Were George Bush and Obama not the last two presidents because they didn't have "the consensus of the US people"?
1010  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 20, 2014, 02:56:43 AM
no one will dump I assure you that, the wallets will be distributted into 3 wallets and will be held by 3 trusted board members, like everyone else here we will promise not to dump, maybe sign an agreement with Joel etc...

So a decentralized currency designed to enable commerce without the need for a trusted third party which needs the implicit and absolute trust in third parties?

Im SOOO close to walking away after comments like this....What do you suggest then?  People keep all their money on exchanges that don't stake, and other people complain that the stake interest is too high.  I cant please everyone. I have a full time job and I am at my tipping point.    

First it doesn't matter what I think so feel free to ignore the comment; my interest in this is only academic because it is a 51% attack on a PoS based coin.  The comment was more a wakeup call.  When someone promotes an idea to keep a decentralized network secure by just handing it over to a trusted central authority you have to take a second to pause and reflect.  Even if it it works out, is that really a good idea?  What is the value in a decentralized network which needs a trusted central authority?  Centralized security is easy, decentralized security is hard but you can't be kinda decentralized with centralized security; it is like being kinda pregnant.

As for what should happen? Users need to be responsible for the security of their own network.  If users allow the network stake to fall to a point where it is economical for an attacker to exploit it then someone eventually is going to exploit it.  The users of the network only have themselves to blame.   Loss is good.  It reminds people that risk is real.  It makes people cautious, pragmatic, and wary.  I would hope after this event, users would be keeping a close eye on the network stake and not just assuming "somebody" will keep it secure.  Decentralized networks are hard, it requires some personal responsibility.  So the solution is for the users/owners to take personal responsibility not for the network to be centralized around absolute trust because it is too hard.

Simple version:  Either stakeholders keep the network secure or it will continue to be attacked.  If the only "solution" is to trade that for a network that requires absolute and implicit trust in a board of nobles then the network is dead anyways.

In full disclosure, I am not a proponent of PoS due to various potential exploits however those exploits are sophisticated in nature (and some are theoretical at this point). To my knowledge none of those occurred here.  This was a simple attack resulting from apathy which allowed an attacker to cheaply obtain 51% of the network stake.  Losing coins is a good way for people to realize "hey we actually do need to take active steps to keep our wealth secure".  If Bitcoin miners allowed the hashrate to decline 99% such that a single person could cheaply amass the hardware to 51% attack the network, someone probably would.  The solution is to not let the network become that weak.
1011  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 20, 2014, 02:43:11 AM
no one will dump I assure you that, the wallets will be distributted into 3 wallets and will be held by 3 trusted board members, like everyone else here we will promise not to dump, maybe sign an agreement with Joel etc...

So a decentralized currency designed to enable commerce without the need for a trusted third party which needs the implicit and absolute trust in third parties?
1012  Economy / Service Discussion / Re: HongKong bitcoin trading place HKCEX has raised 25million dollars on: May 20, 2014, 02:41:57 AM
I See they are on cloudflare now. lets see if the scam goes 100% or they are legit... the website now loads....

lol... these guys should learn something from the BTC-E. That exchange have been under constant DDoS attacks for more than 2 years now. Still, data leaks never occurred even once.

This isn't an exchange.  It is a one way honeypot.  Coins go in, they never come out.
1013  Economy / Economics / Re: IRS says mining is "income" (40% tax) instead of cap. gains (20% tax) on: May 20, 2014, 02:29:04 AM
You can't take a 179 deduction for assets you didn't purchase the same year.  You can't take a 179 deduction for assets that you are depreciating. 
1014  Bitcoin / Bitcoin Discussion / Re: PSA: Add a Full Node for just $19/year! on: May 20, 2014, 02:27:40 AM
But ppl that get nothing out of it should really think twice before spending their hard earned money

Most people run a full node because they gain security from having the ability to independently verify txs and blocks.   There is nobody who gets "nothing" from running a full node other than someone who doesn't own any Bitcoins.  Satoshi had already considered that in time most users would not run a full node.  This is covered in the white paper written a year before the genesis block.  The security model doesn't need everyone to run a full node.  If someday 100,00 merchants accepted Bitcoins they would have a vested interest to run full nodes to ensure the network remains decentralized.  Even if only 10% of them do that is more full nodes then currently exist today.
1015  Economy / Economics / Re: IRS says mining is "income" (40% tax) instead of cap. gains (20% tax) on: May 20, 2014, 02:23:06 AM
Yeah none of that has anything to do with a Section 179 Deduction.
1016  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 20, 2014, 01:22:05 AM
this would be a problem for Color Coins and Counterparty and certainly anyone who chose to invest in assets on those networks.
Agreed.

Quote
I predict there will be a tension between those who maintain the core features of Bitcoin(and it's status as the reserve cryptocurrency) and those who are attempting to overlay new features.
Agreed. 

Quote
These new features may seriously threaten the basic functions of Bitcoin.
Disagree.
1017  Bitcoin / Development & Technical Discussion / Re: Length of redeemScript on: May 20, 2014, 01:16:33 AM
Yes that is right (except you have a typo in the P2SH script and IIRC it is reversed on the stack).

Still nobody is going to patch out Pay2Pubkeyhash.  I was just pointing out that because it was added after the fact in order to work with the existing scripting engine it is kinda a kludge.  You have a script in the output which says to use a second script in the input (which is located in the signature of all places) to determine the condition required to redeem the output.   It was done this way in order to shoe horn scripthashes into Bitcoin 2 years after the genesis block without breaking compatibility with existing scripting.  

Still if you were going to build a scripting engine with no legacy support I think you can see it wouldn't be built that way.   If starting from a blank page, the output could contain the ScriptHash.  I don't mean a ScriptHash buried in a script but just the ScriptHash (i.e. ScriptHash vs OP_HASH160 <ScriptHash> OP_EQUALVERIFY).  Then all inputs would have a field for the redeemScript and there would be a seperate signature.  All transactions would have the same format for inputs and outputs.  If nothing else it would make figuring the damn thing out a lot easier. Smiley
1018  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 20, 2014, 01:01:14 AM
the payoff of an attack becomes exponentially higher.  The chain could be carrying trillions of dollars in securities and such.  Therefore the payoff of reversing transactions are similarly increased.  This creates greater incentives, and in this age where hashing power is brokered and transferred to different hands instantly- an attack starts to appear more immanent.

If NXT provides better security for assets then assets will be transacted on that network.   So what is the problem again?
1019  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 20, 2014, 12:53:44 AM
to further back up my point, here are some trading stats from the NYSE.

http://www.allcountries.org/uscensus/835_volume_of_trading_on_new_york.html

so in 1999, we had daily highs of several billion trades a day.  Since 2000 this has increased considerably.

now keep in mind that under the current schedule for ie. Color Coins, *creating* a new ticker costs a few cents.  Thus it's reasonable to expect even more than 1 billion transactions a day.  I think you're ignoring the problem because you would rather attention not be going to alternatives like NXT that do have the possibility of supporting this sort of volume ...

I am not ignoring the "problem".  Volume on NYSE is in the billions of shares because fees are insanely low, less than $0.00004 USD net (88 satoshis) per share traded.   Any assets traded on the blockchain would need to compete with bitcoin transactions and fees will probably be at least a magnitude higher.   If NXT is more economical for colored coins then the assets will move there so I don't see a problem either way. 

There is no such thing as "too many transactions" what types of transactions are viable will change over time depends on the cost and limits imposed by the network.  For example the US fedwire (bank wire) network processed 134,244,177 transactions last year.  That works out to about 4 tps.

1020  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 20, 2014, 12:23:52 AM
surely there must be SOME limit there.

Yes but it is self resolving.  Someday a large number of merchants combined may produce 10x as many txs the dice site.  Does that mean Bitcoin is doomed.   It is inevitable it will get so popular it will produce "too many transactions" and then die?   Of course not.  As tx volume rises, tx will compete for space in the next block and fees will discourage low value transactions (like martingaling 100 sat starts to look stupid when it will cost you 10x in fees).

Quote
These other 'rider' networks like Color Coins don't necessarily have any relationship to the price of BTC at all and that's going to be the basic problem from which many technological issues will emerge.

They still have to pay fees like any other tx.  If tx volumes rise sufficiently those colored coins concepts may find themselves stuck on a network where moving their assets is prohibitively expensive.   
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 [51] 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 ... 802 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!