I'm willing to participate in some multisig solution. Rather than a 2 of 3 scheme, maybe a 5 of 10 scheme. Hand out 20 keys to well known members (with 10 real, 10 fakes). Don't announce who holds any keys. This prevents collusion, as if forum members start asking around if they hold a key, alarm bells may go off and report back to theymos.
If something were to happen to theymos, everyone can turn in their keys to whatever authority is present at the time.
A bigger setup like 5-of-10 (different numbers maybe) is just what I was going to suggest. But the placebo thing, while sounding good at first, kind of defeats the point. If theymos generates the keys himself and hands them out, the whole security rests on whether there were any vulnerabilities in how he generated them. Each trustee using his own key is much more secure. Announcing the trustees might facilitate collusion but is good for accountability. This is an odd request.
I have no idea why you think it's odd. He's sitting on a large pile of coins (which are not even his own) and is worried something might happen to them. Maybe he also wants to remove the appearance of a risk that he will take all of it for himself. Distributing the funds between multiple trusted parties greatly softens the worst case scenario. Also, with a multisig arrangement the probability of a problem greatly decreases. |
|
|
|
On Monday I will be giving a talk about Bitcoin in the Haifa Linux Club at the Technion. For this occasion I have written a greatly expanded version of the presentation: https://bitcoil.co.il/Bitcoin%20Haifux.pdf |
|
|
|
That paper is about the exact opposite of >50% attacks - trying to double-spend unconfirmed transactions. |
|
|
|
I understood this. What I mean is that if you store your private key exclusively on paper, storing it with 2-of-3 secret sharing still leaves a vulnerability when the shares are imported and combined (mitigated by combining in an offline clean computer, but still). If you have a 2-of-3 multisig address, and store the keys for that on 3 distinct pieces of paper, you get more security.
@Meni, I think you're getting stuck on the idea that I have in some way proposed this idea as a replacement for multi-sig wallets. This is not intended to replace multi-sig. I'm not comparing it to multi-sig. It's nothing to do with multi-sig, at all. 0% related. It's simply an alternative for backing up your regular single-sig wallet. Your single-sig paper-backup has all the security risks you describe, but it's still an important use-case that many users (and maybe even organizations) will use even when multi-sig is available. Multi-sig is completely unrelated to this, and is still my number one goal for the new wallets. Though, I guess you could technically create a 2-of-3 multi-sig wallet between multiple devices or parties, and each party could back up their own wallet using a M-of-N split-backup... sounds complicated. In fact, I might try to discourage fragmenting multi-sig-wallet backups because of it being complicated (but there's no reason it couldn't still be done)... Alan, I'm not sure why you keep misunderstanding my comment, despite my effort to clarify it. Actually, I think my mistake is that I didn't notice we're in the Armory subforum, and my comments were more general. From the OP: I've been playing around a lot with Armory as an offline wallet, and the one thing that would make me sleep better would be a 2-of-3 series of paper wallets.
To sleep better, the OP wants to have 3 pieces of paper where any 2 of them are needed to access his funds. One way for this arrangement is to have a single-sig address where the private key is split into 2-of-3 secret-sharing pieces, and printing each piece on a different piece of paper. A second way for this arrangement is to have a 2-of-3 multisig address, and print each of the associated private keys on a different piece of paper. As you said, the first method is now available in Armory. That has its use cases (and is what the OP had in mind) and as I said, it's cool. The second method is not yet supported by Armory or the larger Bitcoin ecosystem. It is a more secure way to use 3 pieces of paper than the first method, and because of this, it will be even cooler when this method is available. That's all I'm saying. Of course there are many more use cases for multisig and all sorts of crazy combinations you can do. I am not implying one feature is supposed to be at the expense of the other. But using a 2-of-3 address for long-term bitcoin savings is the most important use case for multisig IMO, and I'm looking forward to its availability. |
|
|
|
I had formerly had in my mind that a 51% attack would always be a visible tussle between the forces of good and evil, and also that it would re-write just a few blocks, not hundreds.
Attacker blocks don't have the "evil" bit set. If it was easy to know which blocks belong to an attacker it would be easy to ignore them. The crux of the problem is that it is not, in general, possible to know which chain is the real one. Satoshi's paper shows that it's geometrically harder to re-write the past blockchain. What he doesn't point out is that a suitably equipped agency can gradually build up a competing chain (from the present going forward) and then suddenly deliver this. The length of this alternative chain can go back to the last checkpoint.
Not exactly. Satoshi's paper shows that if the attacker has less than 50% hashrate, the probability of double-spending success decreases geometrically with the number of confirmations. In this situation rewriting a large number of blocks is virtually impossible. With sustained >50% hashrate, the attacker always has 100% chance of eventual success in rewriting as many blocks as he wants, and this is addressed in the paper (even if implicitly). |
|
|
|
I can stay on difficulty 1 far longer than mainnet, then towards the end quadruple the difficulty each 2016 blocks. Also every time mainnet goes down in difficulty, a second chain actually doesn't have to follow that bump and can gladly ignore it.
Just calculate "bitcoin time" with 2016 blocks = exactly 2 weeks since genesis and then calculate how far ahead the bitcoin clock is - that's the difficulty you have to beat.
Anyways, it might forever stay academic, since satoshi fixed this issue already in 2010 by including checkpoints of the then current chain into the main (and back then: only) client. It might be possible to attack other cryptocurrencies or weaker Bitcoin implementations though.
Branch selection is based on total difficulty, not number of blocks. Making the difficulty artificially low does not help in building a longer branch. What is wrong with the following :
An entity acquires say 150% of the existing hashing power, but rather than use this to mine blocks in the current chain, starts a forked chain.
This forked chain is not announced however until say 500 blocks have passed in the original chain, and roughly 750 blocks will have passed in the fork.
The fork is then announced -- causing mayhem as the last 500 blocks are now no longer valid, and replaced by the 750 new.
Nothing "wrong" with it, this is the >50% attack. There's plenty of discussion about what can be done with such an attack, how likely it is, how to prevent it, etc. Note that people need to clearly distinguish "percentage of honest network" and "percentage of total network". An attacker with 150% of the honest network has 60% of the total network. To carry out an effective attack, you need >50% of the total network, which is >100% of the honest network. |
|
|
|
No dividends this week?
Since I made a payment in the middle of last week it didn't seem critical to make a payment in the beginning of this one, but at your request I've now sent the payment for blocks 217727-218399. |
|
|
|
@etotheipi: That's cool. Eventually though, multi-sig would be much cooler and safer than just secret-sharing a single private key.
This is not a replacement for multi-sig. It is to provide an alternative, flexible way to create and store paper backups. Multi-factor auth wallets (linked wallets) are still coming... with the new wallet files... if I ever finish them... EDIT: I see what I wasn't clear about -- this is for paper backups, not multi-sig wallet chains. I understood this. What I mean is that if you store your private key exclusively on paper, storing it with 2-of-3 secret sharing still leaves a vulnerability when the shares are imported and combined (mitigated by combining in an offline clean computer, but still). If you have a 2-of-3 multisig address, and store the keys for that on 3 distinct pieces of paper, you get more security. |
|
|
|
|
@etotheipi: That's cool. Eventually though, multi-sig would be much cooler and safer than just secret-sharing a single private key.
|
|
|
|
I hear that there used to be some sort of online exchange for these Magic the Gathering cards, but the platform ended up being used to trade something else... not sure what exactly.
You heard wrong. The domain mtgox.com was registered with the intention to use it for a M:tG exchange, but it never was. So why didn't they just dump the domain and register something like btcox.com? You'll have to ask them. My guess is Jed either liked the name or wanted to spare the cost of another domain. Anyway, the same question would apply if there were in fact a M:tG exchange; clearly a Bitcoin exchange is completely different, Jed could have just registered a new domain and reuse whatever parts of the code were relevant. |
|
|
|
Religion is like a penis.
It's nice to have one, and you can be proud of it. But don't whip it out in public and start waving it around.
[sarcasm] But atheist fanatics can of course wave their atheism around and zealously attack the religious infidels. [/sarcasm] The hypocrisy here is simply unbelievable. Anyway, a short line about a preferred way to do business is not "waving it around". I did duly note that the community can't tolerate openness and transparency, and will try to hide more things in the future. |
|
|
|
@Herodes - I wrote a post about a private deal I would like to do, and included an innocent line describing one of the desired terms. You turned it into a witch hunt trying to force your opinions on me and telling me how I should live my life and how I should do business, and with whom. So which one of us has a problem, really? ...logical rules...
Clearly you've never spent any time studying Gemara. Gemara study is all about making logical deductions. My brother who does this regularly has x10 my own ability to store the different pieces of an argument in his working memory and follow them to their conclusion. And I'm a mathematician so myself I have a better-than average ability to do that. that has no relevance or place in modern society.
False, it (whatever "it" is) certainly has both relevance and place, regardless of the truth value of the underlying beliefs. Many religions have good values to live by, but pointing to old books and certain passages to make a point clear, that's just going to make you look like a fool to educated people.
To bigoted closed-minded educated people, yes. But in reality, not taking interest for a loan given to a jew from a jew, but take interest from everyone else, could in this time and age be considered a kind of different treatment that's should not be approved at all.
I have a right to choose my business partners and the nature of my private agreement with them. You can be a very good human being, even if you don't adhere to any of the main religions, in fact you can be a good human being if you don't adhere to any religion at all.
And you can be a very good human being with adhering to a religion, so why the crusade? If you're religious, keep it for yourself, in your own home, don't bring it with you on the street or in business. People simply don't care. It only brings troubble.
I'm not religious. See above about my right to choose how to do business and with whom. The kind of people who are so closed-minded and self-centered that they are troubled by this, are people I probably wouldn't want to do business with anyway. People need to start thinking, and stop accepting blindly whatever information their fed by their parents, their schools, their universites and their governments.
Frankly you have no idea what I think and what information I was fed. Feel free to dismount from your high horse. Would you be happy if you were on a road trip, and my gas station was the last one before a long stretch of dessert, but I wouldn't serve you for whatever reason because my religion forbid it because you were x or you wore n or you spoke y ?
If it is reasonably expected that the gas station operator should serve everyone, he would be wrong to deny anyone, regardless of his reasons. But if it's a private deal for which I am expected to be selective about my counterparty, I can refuse to do business for whatever reason I want. |
|
|
|
http://betsofbitco.in/ and bitbet.us are not prediction markets. In a real prediction market, your profit from betting and holding depends only on current price and the event outcome, not on future bets.
|
|
|
|
Meni,
Whe do you bother responding to these idiots.
Buy the way. Thanks for that recent, short simple presentation on mining. Very clear and helpful for the uninitiated.
Looking forward to meeting you at the conference. (are you presenting??).
yes, i liked the mining presentation as well. learned another applicable word to Bitcoin to help describe it: "Synchronization".Yeah. The crux of the matter is that to prevent double-spending, all we need is to set an ordering on the transactions - only the first of a conflicting pair would be valid. With multiple peers the transactions are inherently asynchronous. A central server can easily put an ordering on the transactions based on the order it received them, and all nodes submit to its authority. With Bitcoin, PoW acts as a synchronization signal all nodes can observe, setting an ordered history they can agree on. |
|
|
|
Whe do you bother responding to these idiots.
Duty calls. Seriously though I prefer to give people a chance and wait a bit before disengaging. Buy the way. Thanks for that recent, short simple presentation on mining. Very clear and helpful for the uninitiated.
Thanks. I've been meaning to give such a presentation for a while, eventually I wrote it for the occasion of the Tel Aviv Bitcoin Meetup January 2013. Looking forward to meeting you at the conference. (are you presenting??).
I hope so. |
|
|
|
I registered!
I have no idea what activities and speakers I paid $250 for, or why they asked me about dietary restrictions, but this is the first bitcoin conference in the U.S., and I wouldn't miss it!
Well more like the third in the US. I wish I could go though! This is quite obviously the 2nd international conference in the US. |
|
|
|
1. If I'm a normal bitcoin user I'm not going to the conference to get PRESS COVERAGE. Keep in mind it's not all about the big players in bitcoin....or is it? lol (if so, my point is proven). These conferences as Max Keiser kind of put it is to garner new users, not for the bitcoin ELITE to jerk each other off. We all know how that went with Nefario for example eh? lol (Pay $300+ for a conference to listen to a jackass talk who doesn't know what the word "Arbitrage" means all the while touting his leet skillz with GLBSE).
Read what I wrote. The organization/material is a way to: 1. Get individual people to meet each other. 2. Get press coverage for Bitcoin. I didn't say anything about getting press coverage for individual people (that too plays a role for some people). Once again, the $250 fee is insignificant compared to the ~$3000 many people will have to pay for flights, hotels and time. The conference is for people who are willing to pay the latter, call it elitism if you want. 2. In order to successfully network with others one does not NEED to meet someone in person. That's why we have technology. I mean if that was the case that we overlooked technology why not just snail mail your wallet.dat file on a flash drive to the furthest most point from you in the world to transfer bitcoins? lol
And yet snail mail still exists, and it's not going away any time soon. Some things you can send over email, some you can't. Of course you can do stuff without meeting people, but you can do more and better with meeting them. It's another tool in your arsenal which complements the others. While there was a huge troll war about the NYC convention, that appeared to have the greatest turnout
That's factually incorrect, NYC had the smallest turnout by a large gap. |
|
|
|
|
נראה לי שזה מקרה פרטי של תרומות בכלל ומיקרו-תרומות עבור תוכן בפרט.
אני כמובן בעד, ביטקוין מאד מתאים לזה.
|
|
|
|
“You shall not charge interest on loans to your brother, interest on money, interest on food, interest on anything that is lent for interest. You may charge a foreigner interest, but you may not charge your brother interest, that the Lord your God may bless you in all that you undertake in the land that you are entering to take possession of it." Deuteronomy 23:19-20
"If, however, the charge is true and no proof of the girl’s virginity can be found, she shall be brought to the door of her father’s house and there the men of her town shall stone her to death. She has done a disgraceful thing in Israel by being promiscuous while still in her father’s house. " Deuteronomy 22:20-1 Crazy that people are still influenced by these ancient "teachings". Let's hope Meni doesn't have any daughters!  Not yet and I don't plan on stoning anyone. I just asked for a loan. Sheesh. I can only offer interest if you are not Jewish.
Under Jewish law, you are not allowed to charge another Jew interest. But here, you are rendering interest upon another Jew. I don't see why this is forbidden. AFAIK it's not forbidden in the written Torah, but in the Mishna (Bava Metzia 75b) we have: These violate a negative commandment: the one who loans, the one who borrows, the guarantor, the witnesses, and the Sages say even the scribe who writes the document.
|
|
|
|
|
Show Posts
