BLS signatures (better than Schnorr)

[Carlton Banks]

there are no 0.5 nodes at all on the Bitcoin network, that's zero precisely.  

I wouldn't be so sure about that part.  I distinctly recall some of MP's fervent disciples openly encouraging client spoofing as a means to derail support for XT.  It's unlikely they're displaying their actual software version.  It's not difficult to change.  And it makes sense if you're an extremist who wants to stay under the radar.  I'd agree there probably aren't many "0.5.4." nodes running, but I suspect it's more than zero.

Well, if you want to continue along these lines, consider something else.

Bitcoin version 0.5 would take a very, very long time to download & verify the full Bitcoin blockchain in 2018, probably several months (0.5 didn't even use a UTXO set, every block would need to have every transaction validated by seeking back to the block that every output was spent from). Anyone trying to switch to 0.5.4 using their current blockdata would find it doesn't work, unless all the latest un-Satoshisms have been backported to it (which would make the whole concept that little bit more ridiculous), this vaunted hard fork attack couldn't take place using 0.5 era software even if someone wanted to do it (no takers so far on all the "vulnerable" P2SH addresses, which only contain BTC 4.3 MILLION at this point in time, but of course the Schelling point hasn't been reached yet, 4.3 million BTC isn't worth it, lol)  

If it's completely impractical to sync a "Satoshi immutable" node, how many people could really be a part of this regressionist hard fork movement that's the Bitcoin equivalent of a 19th century steam driven car? It's a very bad joke


So, I am "so sure about that part". What reason have you got to believe any of this nonsense?

[Last of the V8s]

every block would need to have every transaction validated by seeking back to the block that every output was spent from

That's bitcoin. It's the only way to be sure.

If it's completely impractical to sync a "Satoshi immutable" node

It isn't.
They fixed that bug
http://therealbitcoin.org/ml/btc-dev/attachments/20171225/ben_vulpes_increase_aggression_levels.vpatch?sha1=998650bc516061a0b756e402608cb2b34bd0e620

http://btcbase.org/log/2018-06-25#1829413

[Carlton Banks]

every block would need to have every transaction validated by seeking back to the block that every output was spent from

That's bitcoin. It's the only way to be sure.

You can make a list of every unspent output as the blockchain progresses, this is new technology called "UTXO set" (fresh from 2011 )

If it's completely impractical to sync a "Satoshi immutable" node

It isn't.
They fixed that bug
http://therealbitcoin.org/ml/btc-dev/attachments/20171225/ben_vulpes_increase_aggression_levels.vpatch?sha1=998650bc516061a0b756e402608cb2b34bd0e620

http://btcbase.org/log/2018-06-25#1829413

Did they implement the anti-Satoshi UTXO set tech? How long does it take to sync now, less than a year maybe?

[DooMAD]

So, I am "so sure about that part". What reason have you got to believe any of this nonsense?

Don't get me wrong here, I don't believe there's any chance at all they'd be successful in such a ludicrous "attack".  I just wouldn't rule out the possibility of them having the groundwork already in place due to the sheer level of egomania they're prone to.  It's simply not wise to underestimate those who may be mentally unhinged.  As Last of the V8s pointed out, there are 10 TRB nodes openly disclosing their version.  Apparently they've managed to synchronise and download the full blockchain just fine.  And it's impossible to tell if any others might be out there that are masking the version they run.  

It may not be the simplest thing to do, it might be a load of belligerent, regressionist, hardliner groupthink, but damned if they aren't delusional enough to do it anyway.  I don't question their belief or determination, just their common sense and grasp of reality.  The fact that such an attack isn't remotely practical in the real world doesn't preclude them from running outdated nodes simply because that's what they see as "right".

It is nonsense, clearly, but that alone wouldn't stop them even if they recognised the fact.  You're expecting them to behave rationally.  Consider they might not be doing that.  It seems they have their own definition of "rational" and it isn't remotely the same as ours.

They literally believe they're the New World Order.  Your new Kings.  Gods amongst men.  That sort of self-aggrandising lunacy.

[Carlton Banks]

You're simply believing any words written by questionable people on the internet if you think that small changes to the 0.5 codebase can actually perform the initial block download, someone with some kind of reputation to defend would have to corroborate that by compiling the code and trying. You said it yourself: one can compile any code for a Bitcoin node with any version string they want, and recent versions of Bitcoin allow the user to simply add a command line argument to edit the version string without recompiling.

How do you know that the supposed 10 nodes aren't simply regular version 14 nodes using the uacomment argument to falsely advertise some different version? Of course there are ways to test based on whether modern network messages generate expected responses, but that tells you only a limited amount about what code any given node is running, it wouldn't be a lot of work to selectively disable some message types to spoof a 0.5 era node.


And I prefer to think that this is rational behaviour, and that all of this is a highly orchestrated act. The only possible benefit for Popescu to behave like this is to spread FUD, and the present timing of the reappearance of his "supporters" (all 1 of them) is a curious correlation with the present market cycle stage & sentiment. Maybe he's got some big bids below $6000 he wants fulfilled? That sounds like a much more likely scenario than "rich intelligent eccentric believes he's The 2nd Coming of Alexander the Great" or whatever

[DooMAD]

And I prefer to think that this is rational behaviour, and that all of this is a highly orchestrated act. The only possible benefit for Popescu to behave like this is to spread FUD, and the present timing of the reappearance of his "supporters" (all 1 of them) is a curious correlation with the present market cycle stage & sentiment. Maybe he's got some big bids below $6000 he wants fulfilled? That sounds like a much more likely scenario than "rich intelligent eccentric believes he's The 2nd Coming of Alexander the Great" or whatever

Equally possible, I suppose.  Crazies gonna crazy.

I love that even on the rare occasion we're on the same side, we still somehow manage to find a difference of opinion to argue over, heh.  As long as we agree that Anonymint is delusional, that's good enough for me.  The "how" and "why" are largely immaterial on this one.

[cellard]

At this stage, I'd recommend posting a brand new, self-moderated, topic to discuss this elsewhere.  Then you can nuke anything off-topic.  I don't think we're going to salvage this one.

I don't personally mind if the thread is derrailed to discuss the SegWit issue, but I would appreciate if the discussion is about BLS and the SegWit issue is continued on any of the other numerous SegWit threads such as:

https://bitcointalk.org/index.php?topic=3670474.40
https://bitcointalk.org/index.php?topic=4433000.80

In fact someone should create a thread for this issue specifically to not confuse readers. And as far as the matter goes, Carlton Banks claims it's nonsense and SegWit funds are safe forever, it's possible, but it's also possible you are wrong, and why would I bet against MP when I can just leave my coins in legacy addresses and avoid the problem if/when it happens? The theory is there, now someone needs to put it in practice, and I don't want to find out if it was actually viable or not with my own coins.

[Carlton Banks]

And as far as the matter goes, Carlton Banks claims it's nonsense and SegWit funds are safe forever, it's possible, but it's also possible you are wrong, and why would I bet against MP when I can just leave my coins in legacy addresses and avoid the problem if/when it happens? The theory is there, now someone needs to put it in practice, and I don't want to find out if it was actually viable or not with my own coins.

The same logic applies to P2SH addresses (Popescu's "army" subscribes to this). BTC 4.3 million currently in P2SH addresses. No attack is forthcoming. BTC 4.3 million is not enough?

The same logic applies to P2PKH addresses (i.e. supposedly "safe" legacy addresses beginning with 1). There's around 11 million BTC in P2PKH addresses.


Miners could use this logic for re-appropriating (stealing, "donating to self", whatever) BTC 11 million in P2PKH addresses + BTC 4.3 million in P2SH addresses + BTC 150 thousand segwit addresses.

Can you explain why the attack isn't happening now? Why not, it's only 15 million BTC! They could take it all, couldn't they?

[goddog]

I would like to know more about BLS signature.
Can someone delete all these segwit bs? I will try reporting all to moderator. Hope this can help.

[Last of the V8s]

https://twitter.com/nopara73/status/949007859341197312
At Stanford, I overheard a conversation between @pwuille and @benediktbuenz (Bulletproofs). The level was above me, what I heard was: BB: "BLS, BLS, BLS!" PW: "Schnorr, Schnorr, Schnorr!" Is there anything to read about the pros and cons on BLS vs Schnorr signatures for Bitcoin?
thread

[Traxo]

Every post from @anunymint apparently was deleted. The thread is now very difficult to understand the offtopic discussion because a significant portion of the discussion is missing.

Some of this thread was archived here.