Bitcoin Forum
October 17, 2017, 03:30:03 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
Author Topic: Adi Shamir's paper on bitcoin  (Read 30814 times)
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
October 18, 2012, 12:00:37 PM
 #61


Quote
[...]it is easier to explain why someone would send bitcoinshamir to itself rather than send bitcoinshamir to many unrelated addresses [...]


What the hell?

Relax, it's probably just another autocorrect failure.

http://www.autocorrectfail.org/


Hmmmmm, so we have his username. Now to find his password.

ITT: Trying to crack the user account of the father of cryptography. Muahahahaha!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2366



View Profile
October 18, 2012, 01:00:46 PM
 #62


Quote
[...]it is easier to explain why someone would send bitcoinshamir to itself rather than send bitcoinshamir to many unrelated addresses [...]


What the hell?

Relax, it's probably just another autocorrect failure.

http://www.autocorrectfail.org/


Hmmmmm, so we have his username. Now to find his password.

ITT: Trying to crack the user account of the father of cryptography. Muahahahaha!

lol! Probably "RSA123"

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
October 18, 2012, 01:31:45 PM
 #63

Quote
[...]it is easier to explain why someone would send bitcoinshamir to itself rather than send bitcoinshamir to many unrelated addresses [...]
What the hell?
Relax, it's probably just another autocorrect failure.
http://www.autocorrectfail.org/
Hmmmmm, so we have his username. Now to find his password.
ITT: Trying to crack the user account of the father of cryptography. Muahahahaha!
lol! Probably "RSA123"
Shamir's security cannot be destroyed by any craft that we here possess. He is a fan of differential fault analysis, and only using it can it be unmade. A $5 wrench is the method of choice for inducing faults in humans.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
October 18, 2012, 02:08:00 PM
 #64

The biggest flaw on the paper is the webscraping of blockchain data.
Right there they destroyed any assurance they could have of working with validated data.
How do they know they were fed the correct data by blockchain.info or blockexplorer.com?
The only way to be sure you have the correct blockchain data is to let your bitcoin client download it from the network and verify it. You may also download a blockchain snapshot, but you still need to let the client verify it to be sure what you have is real data and not some decoy.

Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
October 18, 2012, 03:43:32 PM
 #65

But I wonder how they managed to determine the exact number of unique address owners:

Read the gist link (above).

Their paper includes assumptions about addresses that are obviously wrong:

Quote
A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses, as it is demanded by the Bitcoin system that "Whoever sent this transaction owns all of these addresses". This legal requirement is also technically ensured by the fact that each received amount must have a cryptographic digital signature that unlocks it from the prior transaction.

Nonetheless, clients that have an automatic mixing that is enabled by default would be very desirable.  If the vast majority of clients operate in the standard way, the small amount that don't is negligible for the purpose of reverse engineering someone's economic activity.  It would be hard to imagine a company finding it acceptable that their competitors can get a fairly good picture of their activity so easily.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
October 18, 2012, 03:53:19 PM
 #66

But I wonder how they managed to determine the exact number of unique address owners:

Read the gist link (above).

Their paper includes assumptions about addresses that are obviously wrong:

Quote
A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses, as it is demanded by the Bitcoin system that "Whoever sent this transaction owns all of these addresses". This legal requirement is also technically ensured by the fact that each received amount must have a cryptographic digital signature that unlocks it from the prior transaction.

Nonetheless, clients that have an automatic mixing that is enabled by default would be very desirable.  If the vast majority of clients operate in the standard way, the small amount that don't is negligible for the purpose of reverse engineering someone's economic activity.  It would be hard to imagine a company finding it acceptable that their competitors can get a fairly good picture of their activity so easily.

You mean, like when their payment processor sends out a press-release and makes countless forum posts saying how much money was processed for a given merchant?
It didn't seem to be a problem when Bitpay did it. lol

hathmill
Full Member
***
Offline Offline

Activity: 186



View Profile
October 18, 2012, 05:11:03 PM
 #67

When those 7 million BTC are spent, they will just as likely be spent on goods and services, as on USD exchanges.

Theres no reason to believe these coins will be sold for fiat and "crash the market".

There's no proof that they'll be used for goods and services.

When one person (small cabal of people) owns 30% of the worlds wealth, it is more powerful to yield that wealth in modifying society for your whims then it is to use it on goods and services.

If you look at the major finical players (soros, buffett, gross, etc (they combined control less then 1% of the economy)) they operate on another level.  They are found influencing government to enhance they're financial power (look at soros's hand in the eu).  They don't make stock bets, they make phone calls to presidents and talk policy.  They don't spend their wealth on goods and services (that won't grow their power/influence) they use their wealth to modify political structures which change society in making themselves largess.

When you own 30% you are THE political structure.

My simple fear is that I spend all of this time helping build btc out (on the bet my btc will be worth more), and it ends up being that the holders of the 30% are some quasi napoleonic dictators who think the world is best when they sit on top of it.... dictating it.

People would say, "why the f weren't you concerned about this lopsided wealth holding on something you were betting on, it was so obvious."

Nicely put, I agree with everything you wrote. Also, when thinking about the owners of those botnets you read about, the thieves and the ponzi stuff that goes own, it makes me wonder what kinf of persons our new world masters will be.
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
October 18, 2012, 05:11:17 PM
 #68

What journal was this paper published?

Introducing constraints to the economy only serves to limit what can be economical.
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
October 18, 2012, 06:18:50 PM
 #69

What journal was this paper published?

No journal per se. It's an IACR eprint as of now. So no peer-review yet.
evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
October 18, 2012, 06:35:20 PM
 #70

Been following this paper and the press resulting from it with interest...

And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.

Am I missing something or is this an absurd fatal flaw in their reasoning?
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
October 18, 2012, 06:49:07 PM
 #71

Been following this paper and the press resulting from it with interest...

And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.

Am I missing something or is this an absurd fatal flaw in their reasoning?
I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.

FWIW, I contacted them saying this (trimming opening and closing words):

Quote
1. The paper does not mention the concept of "change" (https://en.bitcoin.it/wiki/Change), and some of the comments imply the authors do not recognize its role in the transaction graph. When outputs are spent in a transaction they must be spent entirely; if there is more value in the output than the amount one wishes to send, if he wants to keep the rest he must send it to an address of his, known as a change address. The widely used clients use a newly generated address for change as an anonymity feature; but for the typical user it is not a deliberate attempt to do anything, it is just what happens by default. This clearly explains the "long chains" behavior.

2. The paper seems to conflate the blockchain, a database replicated on every node on the network by broadcasting blocks to peers on the network, and individual efforts to make the data easily accessible, such as blockexplorer.com and blockchain.info. The blockchain itself does not of course have HTML pages or what can be considered "hyperlinks". It may be the case that scraping those public service sites is easier than parsing the arcane database format of the blockchain, but this needs to be specified explicitly, otherwise the focus on HTML looks bizarre.

3. It is generally accepted that currency amounts in Bitcoin aren't capitalized, just like "dollar" isn't. The creator of Bitcoin is Satoshi, but the smallest Bitcoin denomination is a satoshi; I can have bitcoins or send 3.7 bitcoins, and the value of a bitcoin is $12; this happens in the Bitcoin system following the Bitcoin protocol with Bitcoin software, and Bitcoin is invaluable. This mistake occurs several times in the paper.

4. You state that 7M bitcoins are in savings account, but it is not completely clear what you characterize as such. It looks like an address which has never sent coins is considered savings; that is a poor characterization, for if everyone follows the guideline of not reusing addresses, 100% of coins at all times will be in address which have never sent, regardless of how widely bitcoins are circulated. A better candidate would be an address which has never sent and has received some coins as early as, say, 2 months ago.

5. The infamous statement that "A very important feature of the Bitcoin network is that a transaction involving multiple sending addresses can only be carried out by the common owner of all those addresses".
a. You mention quoting an official policy to that effect. I would like to ask for a reference, as I know of no such policy and cannot imagine one.
b. Technically, for an input to be valid its script needs to be satisfied, usually by providing a signature for the transaction which matches the public key referenced by the input. Regardless of any current implementation details, the signatures can be independent, there is no need for the owners to be one or to share their keys.
c. The Bitcoin protocol supports more than just "moving coins from point A to point B" transactions. A glimpse of some of the potential applications can be seen at https://en.bitcoin.it/wiki/Contracts. Some of them crucially rely on this ability to have multiple owners constructing a transaction together. In this sense, it actually is a very important feature of the Bitcoin network that multiple inputs do not need to share an owner.
d. In fact, one such application is p2p mixing, of the kind I discussed at https://bitcointalk.org/index.php?topic=54266.0. These intentionally make it harder to use the transaction graph to deanonymize users.
e. In practice, most transactions on the network are simple transactions where multiple outputs of the same owner are merged, and advanced applications are not in wide use (if at all). Deducing that co-used addresses have a mutual owner is a reasonable assumption to make; but it is an assumption, it needs to be specified explicitly, and references to it being necessitated should be removed. Furthermore, this assumption - and any analysis dependent on it - will become increasingly less reasonable as advanced application find wider use.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
jbreher
Legendary
*
Offline Offline

Activity: 1806


lose: unfind ... loose: untight


View Profile
October 18, 2012, 06:52:30 PM
 #72

Emailed them, got a nice response :
Quote
1. We quoted from an official policy statement that this should be the case when transactions have multiple sending addresses.
Adi Shamir and Dorit Ron

Official policy statement? Whose statement, of what policy, and what makes it official?

Anyone with a campaign ad in their signature -- for an organization with which they are not otherwise affiliated -- is automatically deducted credibility points.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
October 18, 2012, 06:55:37 PM
 #73

Emailed them, got a nice response :
Quote
1. We quoted from an official policy statement that this should be the case when transactions have multiple sending addresses.
Adi Shamir and Dorit Ron

Official policy statement? Whose statement, of what policy, and what makes it official?

The Bitcoin Foundation? Grin

Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
October 18, 2012, 06:56:45 PM
 #74

Been following this paper and the press resulting from it with interest...

And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.

Am I missing something or is this an absurd fatal flaw in their reasoning?
I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.
I also wonder how that compares with people's typical savings in fiat.  Dollars don't have specific transactions associated with them, but I'm sure many people keep a reserve of dollars month over month that aren't spent.  These aren't necessarily in a separate account designated as savings, but rather just a minimum balance that people and businesses try to maintain.  In any case, it's hardly a surprising figure.  Hoarding bitcoin is a very rational thing to do.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
October 18, 2012, 07:02:16 PM
 #75


Since when did "not spending all of one's income" change from the noble and encouraged act of "saving" into the ignoble and condemned act of "hoarding"?

It seems thrift is not only absent in modern society, but actively frowned upon.  Huh
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
October 18, 2012, 07:09:38 PM
 #76

Been following this paper and the press resulting from it with interest...

And yet, am I incorrect in thinking the central thrust of the study is incorrect for the simple fact that most change goes to new addresses which are, by definition, unspent? This means that at any time, most coins will sit in "unspent" accounts, thereby appearing as though they are savings, when in reality they are just sitting there until they are spent normally.

Am I missing something or is this an absurd fatal flaw in their reasoning?
I believe you are correct, but I don't think it matters much. They say 60% of coins haven't moved in 3 months; those can safely be considered some kind of savings. So the actual amount of savings would be somewhere between 60% and 78%.

FWIW, I contacted them saying this (trimming opening and closing words):

Nice letter!

I think the issue of change and the issue of shared coin pools (web wallets) impact their fundamental analysis.  The rest of the stuff they got wrong is laughable but probably statistically insignificant.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
molecular
Donator
Legendary
*
Offline Offline

Activity: 2366



View Profile
October 18, 2012, 07:11:49 PM
 #77

FWIW, I contacted them saying this (trimming opening and closing words):

Meni, thanks for pointing the authors to the problems with the paper in such a friendly and concise manner.

I hope (and it seems this might be true) they are open to this kind of criticism.

Please keep us informed about any replies you might receive if possible.


PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
molecular
Donator
Legendary
*
Offline Offline

Activity: 2366



View Profile
October 18, 2012, 07:13:15 PM
 #78


Since when did "not spending all of one's income" change from the noble and encouraged act of "saving" into the ignoble and condemned act of "hoarding"?

It seems thrift is not only absent in modern society, but actively frowned upon.  Huh

I've been having the same thought. I think usually "saving" implies the capital is being made available for investment, while "hoarding" doesn't?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Benatar
Jr. Member
*
Offline Offline

Activity: 38


View Profile
October 19, 2012, 07:11:03 AM
 #79


Since when did "not spending all of one's income" change from the noble and encouraged act of "saving" into the ignoble and condemned act of "hoarding"?

It seems thrift is not only absent in modern society, but actively frowned upon.  Huh

I've been having the same thought. I think usually "saving" implies the capital is being made available for investment, while "hoarding" doesn't?

Yeah, it's this.  Saving the money with banks that make loans to businesses/other people or investing directly with businesses keeps the money in circulation, with every time it exchanges hands generally being an instance of goods created or services rendered.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
October 19, 2012, 08:39:07 AM
 #80

Quote
It has just been discovered that research causes cancer in rats.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: « 1 2 3 [4] 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!