Satoshi's Fortune lower bound is 100M USD(DEBATE GOING ON, DO NOT TWEET!)

[AlphaWolf]

3. Was satoshi mining through tor? That would have slowed down his generation rate.

The Bitcoin client would have a local copy of the blockchain, and the hashing is obviously done completely locally... How exactly would Tor affect his generation rate in any way at all?

[Gordonium]

Besides mining Satoshi might have bought new coins up to this moment. So there really is no upper boundary. 

[darkmule]

How exactly would Tor affect his generation rate in any way at all?

Obviously tor wouldn't affect Satoshi's hashing rate, but it might affect the number of blocks that he successfully mined.

If Satoshi generated a block at the same time as someone else, I presume the delays caused by broadcasting blocks through tor would mean that the rest of the network would be likely to see the other person's block before Satoshi's block.

The effect is presumably small, but I don't see why it would be zero.

TOR latency is rarely more than a second or two.  Especially if you were one of the few miners in operation, the odds of a block coming in at the same time would be negligible.  The odds would be slightly increased by the low difficulty, but it may have never happened even once in the early days.

[Dabs]

What if he's gone? That's 1 million bitcoins that will never be spent. It will forever be in the blockchain. That also means no one can ever buy all the coins in existence.

[Sergio_Demian_Lerner]

Please check the new thread https://bitcointalk.org/index.php?topic=178629.0 where I present new evidence (never shown before) to the discussion.

[gmaxwell]

I don't believe in luck. I can't believe in luck, since I have some cryptography background.

Then why are you not hysterically warning about the miner who mined http://blockexplorer.com/block/00000000000000001e8d6829a8a21adc5d38d0a473b144b6765798e61f98bd1d having enough hashpower to replace the entire history of Bitcoin in an hour?

It's worth pointing out for posterity that you've gone and edited your claims in this thread to back them off from their previously falsified forms. This is somewhat discourteous to the other participants here, because it makes it look like you didn't take the positions that they've argued with.  I'm glad to see more accurate claims being made, but I'm wondering when you're going to go revise them further to point out that you were completely wrong and that your extranonce data strongly supports the position that there were multiple people mining the whole time.

I'm not even particularly computer savvy compared to many guys, just stumbled across as a proposed replacement to torbank, so surely many others did the same to a bigger degree.

However I would be surprised if guys who were mining in 2009 not only continued mining, but had the foresight

Yup. Exactly. But that kind of view doesn't let you generate ALL CAPS headlines.

[Sergio_Demian_Lerner]

It's worth pointing out for posterity that you've gone and edited your claims in this thread to back them off from their previously falsified forms. This is somewhat discourteous to the other participants here, because it makes it look like you didn't take the positions that they've argued with. 

Whenever I edit a published post, I add the word "Edit:" or I strike the words that must be removed.

Could you stop this fruitless competition ?

[Sergio_Demian_Lerner]

Then why are you not hysterically warning about the miner who mined http://blockexplorer.com/block/00000000000000001e8d6829a8a21adc5d38d0a473b144b6765798e61f98bd1d having enough hashpower to replace the entire history of Bitcoin in an hour?

There has been 231828 blocks solved (without counting orphans) which is roughly equal to 2^18. So we can statistically expect a block with 18 more prefixed zeros than the expected difficultly. Block 125552 has only 12 more prefix zeros than the expected (67 vs 56) so statistically it has no meaning at all.

 That's why I'm not hysterically warning you.

[johnblaze]

you people are retarded

you think he still owns his bitcoins?

he would've sold them all along on the way up, prob was out by the time they hit $30

[deadweasel]

you people are retarded

you think he still owns his bitcoins?

he would've sold them all along on the way up, prob was out by the time they hit $30

+1


also i don't care about anyone else's bitcoins.  nor could i prove ownership.  these satoshi speculation threads are asinine.

[AlphaWolf]

you people are retarded

you think he still owns his bitcoins?

he would've sold them all along on the way up, prob was out by the time they hit $30

This thread is retarded... but the fact that those coins have not been exchanged is a matter of public record... like *all* Bitcoin transactions.  They could be lost forever.. but they most certainly were not "sold".

[deepceleron]

The relation between 6 minutes and 6 days is 11 bits.
The relation between 32 zero bits and 43 zeros bits is 11 bits.
...People tend to explain PoW in the genesis block as "just luck".
...
I don't believe in luck. I can't believe in luck, since I have some cryptography background.

Then why are you not hysterically warning about the miner who mined http://blockexplorer.com/block/00000000000000001e8d6829a8a21adc5d38d0a473b144b6765798e61f98bd1d having enough hashpower to replace the entire history of Bitcoin in an hour?

There has been 231828 blocks solved (without counting orphans) which is roughly equal to 2^18. So we can statistically expect a block with 18 more prefixed zeros than the expected difficultly. Block 125552 has only 12 more prefix zeros than the expected (67 vs 56) so statistically it has no meaning at all.

You mean it's just luck? Okay, then.

[AlphaWolf]

Then why are you not hysterically warning about the miner who mined http://blockexplorer.com/block/00000000000000001e8d6829a8a21adc5d38d0a473b144b6765798e61f98bd1d having enough hashpower to replace the entire history of Bitcoin in an hour?

There has been 231828 blocks solved (without counting orphans) which is roughly equal to 2^18. So we can statistically expect a block with 18 more prefixed zeros than the expected difficultly. Block 125552 has only 12 more prefix zeros than the expected (67 vs 56) so statistically it has no meaning at all.

 That's why I'm not hysterically warning you.

A: 231828 is short of 2^18 by 30,316.  Not really a "small" difference.
B: Why would you look at how many blocks have been solved "to date"?  At the time that block was solved, there were...  125,552 blocks solved.  That's a lot closer to 2^17.  (Short by 5,520).
C: What is this magical theorem that says "the log base 2 of the number of blocks found is the number of leading 0's that might be found exceeding the network difficulty in a double sha256 hash of an essentially random input"?  I don't think it exists.

[maaku]

C: What is this magical theorem that says "the log base 2 of the number of blocks found is the number of leading 0's that might be found exceeding the network difficulty in a double sha256 hash of an essentially random input"?  I don't think it exists.

That's a result trivially derived from probability theory.

[AlphaWolf]

C: What is this magical theorem that says "the log base 2 of the number of blocks found is the number of leading 0's that might be found exceeding the network difficulty in a double sha256 hash of an essentially random input"?  I don't think it exists.

That's a result trivially derived from probability theory.

Also trivially derived from rectal extraction theory.  We'll need PoW to determine which was applied.

[richard_dein]

Let's say you flip a coin 10 times.
You mark a cross on paper if the first 3 flips gives you heads; in this case, if up to the 7th flip you still get heads, you put a circle around the cross you just marked.
Now do this for several billion times, divide the number of circles by the number of crosses. It should be rather close to 1/16. That's the idea.
If you don't want to do this by hand, simulate this with the best PRNG you can find. It should be fairly quick.

If you still don't understand, go ask your math teacher. Or I can show you the ropes if you would pay me some BTC for the effort.

The generation of random numbers is too important to be left to chance.

[AlphaWolf]

Let's say you flip a coin 10 times.
You mark a cross on paper if the first 3 flips gives you heads; in this case, if up to the 7th flip you still get heads, you put a circle around the cross you just marked.
Now do this for several billion times, divide the number of circles by the number of crosses. It should be rather close to 1/16. That's the idea.

I think this model has a number of flawed assumptions... but please correct me if I'm wrong:

1.  The difficulty is not constant.  For the first 32,255 blocks the difficulty remained at 1. That's roughly 2^15 of your "crosses".  You'd have to retroactively count which "blocks" of 10 coins had 3 leading "heads", which would reduce the "current number of blocks solved" (or crosses) significantly.  OP based his claim on current blocks solved of all difficulties.

2. SHA256 is a deterministic function - does not produce random output.  Given an infinite set of inputs, it will reduce each to one of 2^256 values.  Over an infinite set of inputs, one might assume the outputs are evenly distributed, but...

3.  There is not an infinite set of inputs.  Based on the block hashing algorithm, there are 80 bytes x 8 = 640 "bits" of coin "inputs" possible.  40 bytes (half) are almost guaranteed to be the same for all miners, and at the same positions.  That leaves 2^320 bits to be toggled "randomly" before being fed into the SHA256 function.  Because half the total input bits are static, the inputs themselves are not evenly distributed.

4.  SHA256 isn't as "fair" as one might assume.  http://www.femto-second.com/papers/SHA256LimitedStatisticalAnalysis.pdf.  I'll admit this paper is above my head... so feel free to take advantage of that and tell me this paper doesn't say what I think it says 

5.  The original SHA256 output is again hashed with SHA256.  Therefore the maximum inputs for the final iteration is 2^256, as a best case scenario.  The input was skewed once due to the structure of the block header, skewed again by the imperfect nature of the SHA256 algorithm, and now skewed yet again by a second iteration of SHA256.

6.  Has anyone proven mathematically that each and every value from 0 to 2^256- 1  is actually possible as an output of SHA256?

7.  Has it also been proven that SHA256 can produce all 2^256-1 outputs given only the inputs from 0 to 2^256 - 1?

To me, the OP's claim failed right at #1.  As I said:

C: What is this magical theorem that says "the log base 2 of the number of blocks found is the number of leading 0's that might be found exceeding the network difficulty in a double sha256 hash of an essentially random input"?  I don't think it exists.

"Number of blocks found" != "number of blocks found at X difficulty".  OP was claiming the former, you're claiming the later, which at least makes sense.

For what it's worth, there will always be 2106 blocks solved at a given difficulty before the next is chosen.  That's roughly 2^11.  Within those 2016 blocks, someone found an answer with 12 extra leading 0's.    Assuming completely random inputs (which they aren't) and assuming SHA256 is fair (it isn't) and that a 2nd iteration of SHA256 can still produce all 2^256 outputs (who knows?), it still seems that block 125552 was statistically significant.  And you can't really count very many blocks after those 2106, because the difficulty has been changed again... you're now requiring 4 heads in a row for a cross, but still only 7 for circles, which doubles the probability of a "circle".

Thoughts?

[richard_dein]

If you escalate to that amount of scrutiny, yes it is far, far from perfect. It is also rather well known that cryptographic objects don't really behave the way theoreticians (and Satoshi) would like them to. I won't be surprised that any hash function or PRNG would behave suboptimally under some kind of test, maybe even a strikingly simple one. Even something like SHA-2147483648 wrapped a thousand times could possibly fail to an almost trivial statistical test. A related quote is "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin", by von Neumann

In this model SHA-256 is basically assumed to behave like a random oracle, a black box that gives us numbers that are uniformly random. But random oracles are a theoretical impossibility. On the other hand, the security of SHA-256 as the main POW algorithm in the Bitcoin protocol does not really rely on it being a random oracle. Here's a post on StackExchange that briefly tells us a few things: http://crypto.stackexchange.com/questions/879/what-is-the-random-oracle-model-and-why-is-it-controversial

Intuitively, the multiplicative difference between 2^12 and (say) 2^16 should outweigh many other factors, although indeed it's hard to be very sure. At least, it definitely outweighs most factors you brought up. It's too big a difference even for the link you gave us.

For #1, while I agree the estimation done by Sergio_Demian_Lerner isn't very good, the conclusion isn't very far off either. Basically you don't need to have a lot of blocks, mined at a difficulty that requires 56 zeros, to demonstrate statistical insignificance of that block with a 67 zeroes. Still assuming the stinky random oracle model, even if you only look at 2^10(=1024) blocks with 56 zeros, well smaller than the number of blocks at a single difficulty, it is a rather large probability (~40%) that one of them has at least 67 zeros.

[BitcoinFX]

https://bitcointalk.org/index.php?topic=191362.0 

[crazy_rabbit]

Seems that Bitcoin is a premine scam if true.

I would like to know if any of those premined blocks where touched in front of major crashes. How can I find an answer for this question?

Damn right it's a premine scam! The right thing to do would have been to give everyone a equally fair chance to mine by announcing it far in advance on bitcointalk. Oh, wait a minute........