Sublime please be quiet the adults are speaking.  Nobody supports loaning the forums assets to a bunch of microloan scammers. 

I swear scammers are so obvious to spot.  As soon as they even smell coins nearby their eyes light up with Bitcoin symbols as they think of all kinds of idiotic schemes to separate people from their coins. 

Burned through $43.5M in VC funding and shutting down.  It is utterly insane the kinds of money VC dump into the stupidest projects imaginable.  lockerz.  First time I heard about it and they are shutting down.  I guess that means I am getting old.

BFL has multiple price points even as low as $150.  Avalon's has just a single unit but $1,500 is hardly "rich man" territory.  Honestly there is enough demand that both companies could have made the smallest unit 250 GH/s for $8K or so.  That would have been more of a barrier to entry for smaller miners.

I hate to break it to you but the days of making massive amounts of coins off low end computers ended about four years ago.  Today even without ASICs to make any significant amount of coins requires a significant hardware investment, a single computer with one or two GPU doesn't make much.  

After ASICs a small hardware investment means a small amount of coins, a large hardware investment means a larger amount of coins. Nothing really changes ... except GPU mining is dead just like GPU mining killed CPU mining.

To answer you original question.  If you have 5 computers you make 5 workers in your account at the pool.  You then setup your miner on each computer to use one of the five workers.  All the hashes (and profits) will flow into a single pool account.

Wow.  I like that.  The double blind key sharing.  Even if theymos doesn't use it I will have to remember that one.

The same way you "make" Dollars, Euros or Yen.

There is no such thing as "fast and easy".  If it was fast and easy it wouldn't be worth anything.  30 BTC ~= $600 USD.  
It is no harder or easier to earn 30 BTC then it is to earn $600.  

Want 30 BTC fast ... work real fast.

Amazon is just following in a long line of other companies.  Microsoft, Sony, Nintendo, Zynga, etc.  Really this is just a sympton of broken credit card model.  Lower cost and more user friendly to make one payment gets a bunch of tokens and then buy on site.  I mean an physical arcade might accept credit cards for a bulk purchase of tokens but they aren't going to install a credit card reader on every game and charge the card $0.50 a swipe.  Casino's do the same thing.  You can buy chips for a CC cash advance at the cage but you can't hand the blackjack dealer your card to swipe for every hand.

Credit cards are a pain in the butt and these in house tokens are a way to make them a little less of a pain (for both consumer and merchant).  This neither helps nor hurts Bitcoin in the slightest. 

Appeared in block 1?  You sure someone isn't pulling your leg.  You do understand that output address was a coinbase reward to Satoshi over four years ago.  

Also zipzap doesn't handle Bitcoin sales or transactions.  They are a cash deposit serviced used by a couple of Bitcoin exchanges.  You sure it was ZipZap?  http://www.zipzapinc.com/

Something isn't adding up.

Thanks for the clarification on how protocol handles both key forms.

When you said "no it isn't" that didn't refer to the key size did it?  My understanding is that compressed keys are 33 bytes. 32 bytes for y-value plus another byte to indicate which "side" of the curve the point is located on.

On edit:

More info on compressed keys (including wrong answer about compressed keys being incompatible with the protocol)
http://bitcoin.stackexchange.com/questions/3059/what-is-a-compressed-bitcoin-key

As Danny pointed out there is always 100 "next" addresses in the address pool.  If you make a backup today it cointains all your used address plus the next 100 address you will use.  If you make a backup next week it will contain all your used address plus the next 100.  The pool continually refills so a backup will always have all used address plus your next 100.


A couple of things.
1) You can change the size of the keypool with the command (from command prompt in windows) bitcoin -keypool=[size of keypool].  For example bitcoind -keypool=250 will increase your keypool to 250.  Note when you run this command the client will create all the new keys and then open the client so there may be a delay.  Also understand very large wallets can be slow on some systems.  Our company wallet uses a keypool of 2000 keys but that likely is overkill.

2)A noob should just make regular backups.  Once a week is likely fine, once a day if you are paranoid.  If your tx is volume is higher than 100tx per day you likely should increase the keypool size.  If the wallet is encrypted with a strong password using a backup to cloud service like dropbox is a good idea.  It is a good idea to use a backup service that allows keeping older version in case the wallet becomes corrupt and the corrupt version is also backed up.  Note: Waula supports encrypted backups and accepts Bitcoins.

3) Random wallets are likely on their way out.  Deterministic wallets generate keys in a reproducible manner so the only thing that needs to be backed up is a seed value.  This could even be backed up as a paper printout.  The reference client doesn't yet support deterministic wallets but I believe it is only a matter of time.   As you pointed out there are "gotchas" with random key wallets which means they probably will never be user friendly.  A random key wallet (where wallet is just a collection of random 256bit private keys) is simpler to develop but there are limits on how "user proof" it can be made.   Fast forward a couple years and I would imagine almost nobody will use random private keys (outside of some niche applications by experienced users who understand the limitations).  Even eWallets like blockchain.info could be made more user friendly by using deterministic wallets (make a single encrypted backup and/or printout) and if the site ever goes down you can always reconstruction your wallet.

Yes but if a miner knew that no other block would be found in the next x seconds they wouldn't care.  Since that can never be known the longer the propagation delay the higher the probability that a competing block will be found before propagating completes and potentially win the race.


Yes although it is more like the smaller block has a higher probability of winning the race.  A miner can never know if he will be in a race condition or which races he will lose but over the long run everything else being equal a miner with a longer propogating delay will suffer a higher rate of orphaned blocks.


Not that I know of.  I do know pools have looked into this and to improve their orphan rates to remain competitive.  My guess is any analysis is crude because it would be difficult to model so testing needs to be done with real blocks = real earnings. A pool at least wants to ensure its orphan rate isn't significantly higher than its peers (or global average).



True but if it became a large enough problem, a mining network would allow for direct transmission to other miners.  A block notification superhighway of sorts.  Blocks could be digitally signed by a miner and if that miner is trusted by other miners (based on prior submitted work) those miners could start mining the next block immediately.  This of it as WOT for miners but instead of rating financial transactions miners are trusting other miners based on prior "good work".

The propogation delay on large blocks is a combination of the relay -> verify -> relay nature of the bitcoin network, combined with relatively slow block verification (large fraction of a second), and the potential need for multiple hops.  All combined this can result in a delay of multiple seconds before a majority of miners start work on this block.

A single hop, trust enough to start work on next block, and verify after the fact would make the "cost" of a larger block negligible.   It is just an idea.  I care less about mining these days so that is something for major miners to work out.    Even if this network never became "official" I would imagine some sort of private high speed data network to emerge.  It would allow participating miners to gain a small but real competitive advantage on other miners.  Less orphans, ability to include more tx (and thus higher fees) = more net revenue for miners.


Any system which relies on trivial input can be gamed.  I (and other merchants) could buy/rent enough hashing power to solve 1% of blocks and fill them with tx containing massive fees (which come right back to us) and inflate the average fee per block.

I would point out that a fixed money supply and static inflation curve is non-optimal. In theory a central bank should be able to do a better job.  By matching the growth of the money supply to economic growth (or contraction) prices never need to rise or fall (in aggregate).  A can of soup which costs $0.05 in 1905 would cost $0.05 today.  At least the inflation aspect.  The actual price may vary for non-inflationary reasons such as improved productivity or true scarcity of resources.  

The problem with central banks isn't the theory ... it is the humans.  The models of monetary policy rely on flawed humans making perfect decisions and that is why they are doomed to failure.  Flawed humans choosing the benefit for the many (the value of price stability) over the increased benefit for the few (direct profit from manipulation of the money supply).  Maybe someday when we create a utopian such ideas will work but until then they will be manipulated for personal benefit.

The value of Bitcoin comes from the inability to manipulate the money supply.  Sure many times a fixed money supply and static inflation curve is non-optimal but it can't be manipulated and thus this non-optimal system has the potential to outperform systems which in theory are superior but have the flaw of needing perfect humans to run them.

On edit:
On rereading I noticed you proposed using median block reward not average.  That is harder to manipulate.  It probably is better than a fixed block size but I would expect 50 BTC per block isn't necessary on a very large tx volume so it may result in higher than needed fees (although still not as bad as 1MB fixed).  It is worth considering.  Not sure if a consensus for a hard fork can ever be reached though.


Likewise a fixed subsidy reduction schedule is non-optimal.  What if tx fees don't cover the drop in subsidy value in 2016.  Network security will be reduced.  Should we also make the money supply adjustable?  (Kidding but I hope it illustrates the point).

TL/DR: Fixed but non-optimal vs adjustable but manipulable? Your choice.

Typos typos typos.  Your right Danny.  Although the compressed key is more than just the y value (32 bytes).  It also includes a byte to indicate which side of the curve the point lies on (ECDSA curve is like a U so a single y value can represent two points).

The protocol itself isn't aware of compressed keys and to make it aware would require a hard fork.  All that potential bandwidth and storage savings wasted.  Even if a compressed key is used in the client it is converted to a full key when creating a transaction on the network. - Incorrect.

Yes there is a propagation delay for larger blocks when two blocks are produced by different miners at roughly the same time larger blocks are more likely to be orphaned. The subsidy distorts the market effect.  Say you know that by making the block 4x as large you can gain 20% more fees.  If this increases the risk of an oprhan by 20% then the larger block is break even.  However the subsidy distorts the revenue to size ratio.  20% more fees may only mean 0.4% more total revenue if fees make up only 2% of revenue (i.e. 25 BTC subsidy + 0.5 BTC fees).  As a result a 20% increase in oprhan rates isn't worth a 0.4% increase in total revenue.

As the subsidy become a smaller % of miner total compensation the effect of the distortion will be less.  There has been some some brainstorming on methods to remove the "large block penalty".  It likely would require a separate mining overlay.

Sadly any attempt to find an "optimal" block size is likely doomed because it can be gamed and "optimal" is hard to quantity.

Optimal for the short thinking non-miner - block size large enough that fees are driven down to zero or close to it.

Optimal for the network - block size large enough to create sufficient competition that fees can support the network relative to true economic value.

Optimal for the short term looking miner - never rising larger than 1MB to maximize fee revenue.

However I would point out that the blockchain may eventually become the equivalent of bank wire transactions.  FedWire for example transferred ~$663 trillion USD in 2011 using 127 million transactions.  If FedWire used a 10 minute block it would be ~2,500 transactions per block.  For Bitcoin that would be roughly 400 bytes per tx.  So it shows that Bitcoin can support a pretty massive fund transfer network even with a 1MB block limit.

Some would dismiss this as too centralized but I would point out that direct access to FedWire is impossible for anyone without a banking charter.  Direct access to the blockchain simply requires payment of fee and computing resources capable of running a node.  This means the blockchain will always remain far more open. 

I think one modest change (which is unlikely to make anyone happy but would allow higher tx volume) would be to take it out of the hands of everyone.  The block subsidy follows a specific exact path for a reason.  If it was open to human control Bitcoin would likely be hyperinflated and nearly worthless today.  A proposal could be made for a hard fork to double (or increase by some other factor) the max size of a block on every subsidy cut. 

This would allow for example (assuming avg tx is 400 bytes):
2012 - 1MB block =~ 360K daily transactions (131M annually)
2016 - 2MB block =~ 720K daily transactions (262M annually)
2020 - 4MB block =~ 1.44M daily transactions (525M annually)
2024 - 8MB block =~ 2.88M daily transactions (1B annually)
2028 - 16MB block =~5.76M daily transactions (2B annually)
2030 - 32MB block =~11.52M daily transactions (4B annually)

Moore's law should ensure that processing a 32MB block in 2030 is computationally less of a challenge than doing so with a 1MB block today.

Are there any docs on how the bloom filter works?

You could also die tomorrow getting eaten by a shark while struck by lightning in a desert.  The odds of that are probably higher than a 160 bit collision.  You could also buy one ticket, win the powerball lottery jackpot, next day buy a ticket win that powerball lottery jackpot, next day buy another ticket win that powerball lottery jackpot, next day buy a ticket, win that jackpot, next day buy a ticket, buy that jackpot, next day buy a ticket, win that jackpot, next day buy a ticket, win that jackpot.  The odds of doing that is more probably than generating a 160bit collision.


Well not exactly. The address isn't the public key.  The address is a checksummed hash of the public key.

So in Bitcoin you have:
* private key - 256 bit number
* public key - 512 bit ECDSA (x,y pair) -essentially a number
* public address - 200 bits (8 bit version identifier) + (160 bit hash of public key) + (32 bit checksum - to prevent sending funds to invalid addresses)

Public addresses are simply 200 bit numbers.  We put them into Base58 format to make them human readable but they are just numbers to the network.  

All three of the following numbers are the same and represent a bitcoin address, they are just in different formats.

00010966776006953D5567439E5E39F86A0D273BEED61967F6 (in hexadecimal)

0110011101110110000000000110100101010100000000000000000000000000
0110101000001101001001110000000000000000000000000000000000000000 (in binary)

16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM (in Base58 format)

The Base58 is the most human readable (and compact) but all three formats have the same value.

Someone made this awesome graphic to show the details


More details:
https://en.bitcoin.it/wiki/Technical_background_of_Bitcoin_addresses

I would be willing to hold a partial key.  Honestly I think this is almost a textbook perfect example of where either on protocol multi-sig or off protocol key sharing should be used. 

Which wasn't your initial claim:
"quantum computer can solve a block in time normal computer computes a single hash. as it simply tries all the "nonce"s in parallel."

that would indicate that regardless of difficulty a QC could solve a block in a billionth of second.   An obvious false claim.  On another thread you used the word "instant".  That a QC could instantly solve all blocks.  An impossibility from a thermodynamics standpoint.

Can QC solve some complex problems more efficiently (which may not mean faster for all problems) than classical computers?  Sure.  Are they this "insta-win" auto break all cryptography instantly doomsday device you keep ranting on about?  No.

True however it sets up a prisoner's dilema type situation.  Also I would point out there is no "majority rule" while a Democracy is one method of achieving a consensus the anonymous nature of Bitcoin makes any democratic method to select the best blockchain doomed.  Also an active attack likely wouldn't be just a binary decision but rather a series of double spends on various forks creating new forks and a chaotic mess of conflicting priorities and viewpoints.

There is a reason that the blockchain was designed to be deterministic.  All nodes everywhere in the world regardless of being online or offline can via communication with other nodes reach a single consensus view of the blockchain.  Once you introduce the need for humans to "pick the winner" it becomes very easy to both game the system and crush any resistance by creating dissent.  The users who believe blockchain A is the "correct" one have no mechanism to prevent those who believe blockchain B is "correct" from continuing that fork.  An attacker just has to continually fork the forks over and over to divide and conquer.  Also the attacker wouldn't be foolish to always put "good tx" on one side of the fork and "double spends" on the other side of the fork.  Remember this is a non-economic attacker.  Far better to continually and randomly place the spend and double spend so that no matter which fork is chosen there is always a victim.

I think most 51% attack "solutions" niavely assume that the "attacker" will do something as stupid as just make a single obvious attack.  Something like fork the blockchain back 500+ blocks and then continue on that game plan blindly without reacting to the actions of defenders.  The reality is any entity which has the millions of dollars to acquire that amount of hashing power isn't going to use it like a club.  It would be far more effective to hire some smart minds to devise a continually adjusting attack pattern.  Any "solution" which requires humans to determine in real time the "correct" blockchain AND always do the right thing for the public even at personal consequence to him/herself is not a solution.

What if the attack is to create incompatible forks each with its own double spend and thus no consensus can be reached as nobody is going to agree the fork they are double spent on is the "correct" one.   That is the risk of a non-deterministic method of choosing the longest chain.