Bitcoin Forum
February 28, 2015, 05:22:04 AM *
News: Latest stable version of Bitcoin Core: 0.10.0 [Torrent] (New!)
 
  Home Help Search Donate Login Register  
  Show Posts
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 [48] 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 ... 796 »
941  Bitcoin / Bitcoin Discussion / Re: Do you think this is what bitcoin is? on: May 18, 2014, 02:42:52 PM
That is a very verbose explanation but there are actually three "bitcoins".  Bitcoin is a protocol that governs the behavior for a decentralized peer to peer network, it is also the software running on the does of that network which implement that protocol, and it is a virtual currency or the unit of account used in the protocol.
942  Bitcoin / Development & Technical Discussion / Re: Understanding Basic Transaction Structure on: May 18, 2014, 02:39:57 PM
There are two types of multisig.  There is "native" multisig where the script and pubkeyhashes are in the vout however that makes for very large addresses.   P2SH was added later.  With P2SH the output is a hash of the script and that makes the address compact.

With native multisig there would be multiple pubkeyhashes in the output.  With P2SH there is just a single scripthash in the output. 

While bitcoin may show addresses understand that addresses are encoded hashes (either PubKeyHashes or ScriptHashes) and they don't exist in the protocol itself.  When you provide an address to a client it decodes the address to the reslting hashtype and the Hash is what is actually placed in the output of the transaction.
943  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 18, 2014, 09:32:00 AM
I believe Ethereum is backing off from that claim and it will not be Turing complete.   Generally the higher the complexity of the environment the higher the chance of undetected flaws, bugs, and exploits.   The idea that one would want a complex Turing complete (or quasi turing complete) scripting language, combined with the overhead of a decentralized network, to process the transfer of money seems a very dubious proposition.   I want my financial processing engine to be as lightweight and simple as possible.  Higher level functionality can be built on top of the network.
944  Alternate cryptocurrencies / Altcoin Discussion / Re: The Bitcoin scripting system is purposefully not Turing-complete - why? on: May 18, 2014, 09:00:43 AM
Can somebody explain to me why the Bitcoin scripting system is purposefully not Turing-complete? To make malicious programs difficult to develop (I guess)? Or because it was difficult to make it Turing-complete?

Bitcoin uses a scripting system for transactions. Forth-like, Script is simple, stack-based, and processed from left to right. It is purposefully not Turing-complete, with no loops. (https://en.bitcoin.it/wiki/Script)

Attack prevention.  With loops and recursion it becomes more difficult to limit the resources required by a script.  It would be possible to create scripts which crash nodes, scripts which take hours to validate, scripts which consume the host memory.   Any looped code can be unrolled.  The execution time of unrolled code is easy to control by limiting the length of the script.
945  Economy / Economics / Re: IRS says mining is "income" (40% tax) instead of cap. gains (20% tax) on: May 18, 2014, 08:40:20 AM
OK... so none of the Bitcoin miners in the US will be paying any taxes to the IRS. I don't think that Bitcoin mining is profitable anywhere in the world. So the net income is in negative.

I am pretty sure many miners are profitable but for those who produce a loss there is no income tax and the net loss will reduce the overall income reducing overall taxes.
946  Economy / Economics / Re: Gavin Andresen: Rising Transaction Fees Could Price Poor Out of Bitcoin on: May 18, 2014, 08:35:53 AM
People who collect very small amounts of Bitcoin, mostly from faucets are disproportionately affected by the rise in the transaction fees. I have seen people paying as much as BTC0.05 in transaction fees, for transferring just BTC0.1. Their transaction size (in KB) is quite large, therefore they will have to pay a higher transaction fee.  

Imagine how much worse it was if the dust limit hadn't been put in place.  Prior to the dust limit most "free coins" sites were paying out even smaller values sometimes as little as 100 sat.   

It is always better to opt for larger payments if possible.  In pool mining, to reduce fees paid, you should set the payout threshold as high as possible but no higher than an amount you would be willing to lose if the pool fails or defrauds you.   So if you are willing to risk a max loss of 0.05 BTC then payout in 0.05 BTC increments because a single 0.05 BTC output will require less fees to spend than fifty 0.001 BTC outputs.
947  Economy / Economics / Re: If transaction per second increased dramaticaly does it solve miner crisis? on: May 18, 2014, 07:14:26 AM

True, Doge will be the interresting thing to watch fairly soon. Payout wise they will the in a situation that BTC will be in in several decades. Basicly all options are plausible, from total failure and price dropping close to zero to becoming the dominant cryptocurrency.

That isn't plausible and it is reckless to pretend it is.   When it only cost $50 or so to reverse a block the network will have no security.  It will either fail or have yet another hard fork to fix the never ending list of mistakes the developer made.   That is what happens when people take the bitcoin source code and start randomly changing parameters without seeing the implications.
948  Economy / Economics / Re: If transaction per second increased dramaticaly does it solve miner crisis? on: May 18, 2014, 07:10:23 AM
There is no crisis.  Satoshi designed the system well and with four years between halvings it gives the network decades to build up the necessary transaction and fee volume.
949  Other / Beginners & Help / Re: Cold Storage + Fork = ??? on: May 18, 2014, 04:12:36 AM
It is actually somewhat of a challenge to spend pre fork coins on one fork only.  A fork is caused by some of the network using an alternate chain (of blocks).  Transaction which are not yet in a block would be relayed by nodes on each fork unless the tx is invalid on that fork.

One way to make a tx invalid on one fork is to include newly minted coins which can only exist on one side of the fork (because the other side has a different block and thus different coins).
950  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 17, 2014, 11:08:18 PM
If c2 is using the peercoin PoW/PoS hybrid, you are right and I am wrong.

Looking at diffs of the two source codes it is pretty clear that c2 is a shallow copy of peercoin.
951  Economy / Economics / Re: Gavin Andresen: Rising Transaction Fees Could Price Poor Out of Bitcoin on: May 17, 2014, 10:51:06 PM
Code:
[quote author=curlyginger link=topic=612652.msg6781840#msg6781840 date=1400336909]
One of 2 things will happen long-term, either:
1) The blockchain and miners evolve to more easily support many high volume micro-transactions. The effect will be the cost to miners of managing micro-transaction will be lowered, and this will be passed on in the form of lower fees.
[/quote]

It depends on what you mean by micro transactions.  Transactions of less than 1 US cent (circa 2014)?  Probably not going to happen.  This isn't just a miner issue.   The blockchain is a public record.  The cost of a transaction is borne by all nodes while the cost by be relatively low on a per tx basis it isn't zero.   The other thing to consider is the critical resource is space so tx are always going to be priced on a per tx (well per kb but the tx size for most txs is a relatively small range) not as a % basis.  This means the effective cost of smaller tx as a % of the value transferred is going to be higher.

 That being said Bitcoin doesn't need to have to support txs which are a thousandth of a US penny and have fees of less that are a billionth of a penny.  It just needs to be cheaper, faster, and more secure than the alternatives.   The most successful digital currency in Africa is mPesa which enforces a min tx value of $0.10 and at that level fees are $0.03 per tx (30% of value).  Can Bitcoin beat that?  Yes.

[code]
mPesa fee tariffs (values converted to USD)
Min Transfer:   $0.10  fee $0.03 (30%)
Max Transfer: $700.00  fee $1.10 (1.6%)

Min Agent Withdraw:   $0.50 fee $0.10 (20%)
Max Agent Withdraw: $700.00 fee $3.30 (4.7%)

Min ATM Withdraw:   $2.00   fee $0.33 (17%)
Max ATM Withdraw: $200.00   fee $1.93 (1.0%)

http://www.hapakenya.com/new-mpesa-tariffs-released/

Bitcoin already beats mPesa on tx fees.  However mPesa has a superior on the ground network when it comes to "cashing in and out".  With fees as low as 1% when withdrawing from an ATM exchangers would really need to cut fees to be competitive.

So it really comes down to what you mean by micropayments?  Do poor users really benefit from the ability to transaction in subcent values?  Even in Kenya with median income being about $800 annually a centralized network without the cost of blockchain imposed a min tx amount of $0.10 (and with a staggering 30% fee) and it became the most successful virtual currency outside of Bitcoin.[/code]
952  Bitcoin / Project Development / Re: [ANN] Bither - Say goodbye to Hardware Wallets. on: May 17, 2014, 10:43:35 PM
Basic problem is that a phone can die from one second to the next. I had it. Woke up with phone alarm. Went to bus station and wanted to look what time it is. No reaction at all. Mainboard died and i had to wait 2 weeks to get the phone with text: we where not able to restore the data. It was a Note 2 from Samsung. So i would never trust a phone! I had some bitcoins in my phonewallet but i had a complete backup of everything. So no loss.

All electronics can die without warning.   You should always have backup/seed for any device.
953  Economy / Gambling / Re: Does martingale really works? on: May 17, 2014, 10:23:10 PM
As everyone else has mentioned, Martingale doesn't work infinitely. Stop as soon as you get a small amount ahead.

There is no guarantee you will get a "small amount" ahead.  There is no guarantee you will ever be ahead at all. 
954  Bitcoin / Development & Technical Discussion / Re: Question about base58 encoding on: May 17, 2014, 10:06:16 PM
It's the way it's done, but whether it was the most reasonable way to do it, I'd have argued about it. Smiley

Exactly.  It is another "Satoshism".  It makes things more complex for no obvious benefit/reason.  Each one by itself isn't that hard to workthrough but collectively they add up to reduce the transparency of the code.

This does mean that some Bitcoin addresses are shorter however each digit shorter is progressively less likely.  Most (99.7%) addresses are 34 or 35 digits long.   I can't see that being a good reason for all the complexity.  It actually makes it slightly more confusing because you can't say "All Bitcoin addresses are X digits long", you can't even say 34 or 35 digits because in theory they can be as short as 20 digits (version 0x0 + payload/hash of all zeroes + checksum).   No idea why Satoshi didn't just do something like prepend the version byte (where valid version byte is any value other than 0x00) and then convert to base58.  No need for any weird leading 0x00 = "1" check.  By using a version byte of 0x01 or greater the leading zeroes of the hash would be preserved.

It isn't ever going to change now but it does make you scratch your head and it makes it harder to understand the code because there is no obvious benefit (which helps when trying to figure out what a chunk of code is doing).
955  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 17, 2014, 09:19:20 PM
so we would expect our attacker to be able to create a blockchain capable of double spending bter aproximetly 1 in every 10 billion instences of a 100 block long chain being created.

I believe your math is incorrect there is no probability of failure (the attack chain isn't published until it is longer and the next block solved by the attacker will always extend his chain).  It is only a question (based on variance) of how many blocks it will take before the attacker is ahead.  

Still that is the minor point so I will accept your assumption.  I don't think you realize how trivial it would be to make 10 billion attempts.  6 digit vanity addresses take an average of 38 billion attempts each and they exist.  10 billion sounds like a large number until you consider the rate at which modern hardware can compute hashes.

Quote
tl;dr, yes, but mostly hell no, more confirms make a HUGE difference, mintpal fucked up.

That is a fundamental error in thinking.  An increased number of confirmations improves security under the scenario where the attacker has less than a majority of the hashrate/stake.  If the attacker has a majority of the hashrate/stake then it is a certainty he can produce a longer chain.  No amount of confirmations can provide you with a level of assurance.   I don't really care if you disagree but I would hate for some noob to believe you and then wonder how an attacker did the "impossible" and performed a 100 block or even 1,000 block reorg because he had a majority of the stake.
956  Alternate cryptocurrencies / Altcoin Discussion / Re: Proof of stake instead of proof of work on: May 17, 2014, 08:54:30 PM
From an abstract point of view, it makes no difference if the block height is 0 or if it is X when currently being at X+T and T is huge.

Of course it does.  The hash of block 0 will never change.  I can print it out, put it in my safe and verify that network starts from the same genesis block a century from now.  The hash of X will change periodically and may not be consistent among all nodes.  For NXT it changes twice a day.   If you can't see the difference in the level of verification of a single universal static value which is hardcoded into the client (and if the client is insecure/flawed/noncompliant you have already broken a basic security assumption of all cryptocurrencies) and a locally computed value which is continually changing and may not be consistent for all nodes then well then you just don't want to see.

Quote
One could use client using 0 as a checkpoint (for whatever reason) and be on a fork.

The "for whatever reason" makes it a true but pointless statement.  If your node is secure and compliant then you verify the best chain independently UNLESS the protocol has local checkpoints as that behavior is non deterministic.  With a network which needs local checkpoints, you can never independently verify that you are on the best chain. That is a huge problem for a network which is designed for facilitate commerce without a trusted third party.

So to replace it with a meaningful distinction:
Given a secure and compliant node, and a protocol that uses does not local checkpoint rules, then your node can independently verify the best chain.
Given a secure and compliant node, and a protocol that uses does local checkpoint rules, then your node can not independently verify the best chain.

That will be my last post because honestly at this point if you don't see it, then it simply means you don't want to see it.
957  Alternate cryptocurrencies / Altcoin Discussion / Re: Proof of stake instead of proof of work on: May 17, 2014, 08:37:15 PM
A Blockchain Network User needs to verify or trust the software he uses anyway no matter if PoW or PoS.

That is true.  It is an assumption in the security model.  Of course you are stuck on the idea that the genesis block can be forged (because you are trying to support a logical fallacy) that you ignore far obvious examples of why this is true.   If the attacker has compromised your node (hardware, operating system, node software) then you have no assurance you are part of the network at all.  The attacker could steal your private keys, the attacker could have you generate weak private keys, the attacker could feed you false information ("yes block 123 is valid and contains your payment" when no such block or transaction even exists), the attacker could simply wait until you obtain a desired amount of wealth and then transfer it to an address he controls.  You can't assume any level of security.  If your node is compromised then you have no security at all.

So yes the security model assumes that the node (not just the client software, but hardware, operating system, and connectivity to the network at large) is secure.  
It also assumes the cryptographic primitives used are cryptographically strong.
It also assumes the implementation makes no errors which weaken that security (duplicate k values in signing as an example).
It also assumes that no malicious entity have >50% of the critical resource (computing power and/or stake).

None of those assumptions are different for Pos vs PoW so they are irrelevant for a topic called "Proof of stake instead of proof of work".  The one notable difference between PoS & PoW is that an attacker can use something he had at one time but no longer has to attack the network.   This is commonly called the "PoS problem" but I think "history attack" is more descriptive.   Taking a step back this is possible for PoS (and possibly other as of yet developed systems) due to the fact that what is being secured is also what is being used to secure it.  The irreversibility of blockchain is being secured by records of the same blockchain*.  In other words we are assuming the blockchain can't be modified because based on records in the blockchain not being modified.  This property allows an attacker to reduce the cost and risk of an attack by selling off the stake and using the prior record of it to perform the attack.

Saying that one can simply disregard the longest chain by knowing which chain is correct by "code review" or "opinion of friends" is a logical fallacy.  If you can disregard the longest chain, and pick a chain because it is "better" despite being equally valid, different, and shorter then you don't need PoS or PoW to begin with.  You can just use your "code review" and "opinion of your friends" to determine the best chain at any point in time.   Of course "opinion of friends" expanded to a global scale would be to connect to all known peers and ask them which chain is best.  The issue is that the security model is weak and subject to sybill attack.   The very reason PoW of PoS is used is because reaching a consensus based on what a majority of nodes think is weak.  Can't you see the logical fallacy?

1) Chains may contain equally valid but different sets of transactions.
2) We can't just have nodes vote on the best chain as this is subject to a sybill attack and in a decentralized trustless network there is no known solution.
3) The solution is to have miners force a consensus using a critical resource (stake of computing power).
4) When a node has two competing chains that are both equally valid the chain which is the longest* is the best chain.

now here comes your fallacy
5) When the longest chain is "bad" we can just disregard it by asking our peers which one is the best which is a contradiction of #2.  

If it were true the security model would simply be
1) Chains may contain equally valid but different sets of transactions.
2) When a node has two competing equally valid chains it asks its peers which one is the "best".

If you believe #5 is valid then the proof of work/stake is utterly pointless.  You only follow it when it otherwise is in agreement on what you believe is best but when it disagrees with that you consult your peers.  If that was a valid solution then just skip the pointless interim steps and just consult with your peers.



* Side note when writing this an idea occurred to me of using the stake in a PoW blockchain to secure a different an alternate blockchain.  I have no idea if this has any merit but when writing this, it occurred to me that this might not have have the "PoW" problem.
958  Alternate cryptocurrencies / Altcoin Discussion / Re: Proof of stake instead of proof of work on: May 17, 2014, 07:58:56 PM
With TF, we can push the limit to ~90%. Well, as we know that is just a nice number. 100% is the theory but the world is not perfect => 90%.

You know this how?  Correct me if I am wrong but the source code for TF have not been publicly released or peer reviewed.

Quote
With more than 51%, well you know the answer.
It is also important to keep in mind that it is not 51% of the money supply, it is 51% of the coins actively used as the network stake which for NXT and PPC right now is ~30% and there is no guarantee that the 30% all belongs to honest actors.  

As a complete hypothetical (not intended to represent any specific coin or implementation) lets consider a virtual currency, xCoin which has 100M xCoins outstanding and is secured by PoS.  The naive assumption (and often repeated by proponents) is that it would take >50M xCoins to attack the network but that is never the case.  Lets assume the network stake is 25M xCoins and that means at most it would require an attacker to have >25M xCoins.  Still even that is unrealistic because it assumes all 25M xCoins currently used as stake are "good" minters.  It would be effective for an attacker as he acquires the coins necessary to attack the network to contribute to the security of the network, and thus raise difficulty, lower the relative reward for staking and discourage additional contributions to network stake.  So lets assume that the attacker actually has 10M of the 25M xCoins in the current network stake.  This means the security of the network is only 15M xCoins.  To 51% the network would require not >50M xCoins, or even >25M xCoins but only >15M xCoins (and this hypothetical attacker already has 10M xCoins). 

Most PoS coins to date have had ~20% of 30% of the money supply used for the network stake however none of them have any significant economic activity.  As economic activity rises it is probable the percentage of the money supply remaining in high age hot wallets in order to contribute to the stake will decline not increase.  So if the example xCoin ever become an economic success the stake might only be 15% of the oustanding coins and even that may include the stake of bad actors.
959  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 17, 2014, 07:57:03 PM
This didn't happen on BTER because they wait for 100 confirmations before any deposit.

This is not true when the attacker has 51% of the resource (either computing power for PoW or stake for PoS).  With >50% of the critical resource it is a mathematical certainty the attacker will eventually build the longest chain.  10 confirms, 100 confirms, 20,000 confirms isn't sufficient to guarantee the attack can't double spend.  This is the basic security assumption which forms the foundation for all decentralized crypto currencies.

The attacker picked the weaker of the two exchanges however if both mintpal and bter used 100 confirmations the attacker could have double spend both by building an parallel chain containing the double spends that resulting in a 101+ block reorg.  At block X the attacker has >50% of the network stake.  At block X+1 the transactions depositing funds to both exchanges are confirmed.  At block X+101 the funds are available for trading.  Attacker sells for another crypto currency, and withdraws.   Meanwhile the attacker has been building an alternate chain which double spends the deposits in block X+1.  At some point after block X+101 and once the traded coins have cleared and the attacker has the longer chain he publishes this alternate chain and the network reorgs to to the new longer chain and the deposit transactions to both exchanges become orphaned and invalid.
960  Alternate cryptocurrencies / Announcements (Altcoins) / Re: Coin2.0 [C2.0] - The forward thinking POS (FPS GAME DEV. UNDER WAY). on: May 17, 2014, 06:46:08 PM
I was once told, over spending 51% hack in PoS coins only hurt the perpetuator but not affected others.
Could someone please explain this to me why Coin2 isn't the case

Who told you that?  A double spend always hurts the receiver.  The coins they thought they "had" are reversed.  In this case mintpal lost 22M coins.  Anyone telling you different is lying or lacks the basic knowledge of crypto currencies to be giving advice.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 [48] 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 ... 796 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!