John Nash created bitcoin

[dinofelis]

Why hashing a public key could have been brilliant, and how bitcoin's design totally missed it.
=========================================================

I outlined before that hashing the public key as a bitcoin address was a faux good idea, but now I realize that it could have been a good idea.

The reasons I stated that it was a faux good idea were:
1) if you need the hash to protect a broken crypto system (elliptic curve crypto), you are making a fundamental mistake.  In as much as hashes can protect better against quantum computers and elliptic crypto is essentially TOTALLY DEAD, you can't use your private key any more because one can change your transaction on the fly if one has a quantum computer.  So instead of "protecting a broken system", one should have used one that isn't broken ; and in as much as one thinks that elliptic curve crypto isn't broken, there's no need to protect it.

2) I indicated that introducing the hash was wasting room on the chain, because if you hash the public key in the output (the address), you have to provide the key in spending input (as is the case today) ; while if you provided directly the public key in the output, you didn't need to copy it again in the spending input.

--> now it turns out that this argument is wrong.  So YES, introducing the hashed key IS winning room on the block chain.  However, this feature IS NOT USED.
 
In ECDS, with a key of N bits (and a security of N/2 bits classically), the signature contains 2N bits.  Essentially, the first N bits are related to a chosen random number, and the second N bits are the actual signature.  However, it is possible to derive the public key (actually a small set of public keys) most of the time from the signed message and the signature.

As such, the publication of the public key is not necessary !

The verifier can derive it (up to a few candidates) from the signature and the message.  In fact, for the curve that Satoshi chose, with cofactor 1, there are only two candidate public keys.

It is explained here.
https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-work

In this very case, there is no need, EVER, to publish the public key on the block chain: the signature gives you two candidates, and if one of them hashes to the public key hash, that's a proof that the signature came from that address owner.
And then you WIN by hashing the public key, because the hash can be half as short as the public key (given that the hash security is the length of the hash output - we are after pre-image security ; and the public key security is half of the key length classically).

So, yes, it is a good idea to hash the public key after all, if you don't publish the public key in the spending input !  But in bitcoin, one does, so one has totally wasted this advantage.  Moreover, there's no point in making the hash bigger than 128 bits.

--> this indicates that the bitcoin designer wasn't aware of this economy of bits and hence, cannot have designed the crypto for that reason, given that he didn't use its potential.

So, the most economical design in bitcoin would:

1) have used a 128 bit hash of the public key in the output (instead of 160 bits), saving 32 bits
2) have imposed a single address usage in the protocol (eliminating the need for transaction references, saving  288 bits)
3) having used only the signature in the spending input, not the public key (saving 256 bits)

A transaction would hence have saved 576 bits, or 72 bytes, would have had consistent 128 bit security level, wouldn't have had the hassle of transaction hashes and malleability, and would not have exposed same address UTXO to different levels of security (once the first signature is out, the 160 bit long term hash security drops in any case to 128 bit key security).

Now, a full transaction in bitcoin (one output and one corresponding input) consist of the order of 24 + 8 = 32 bytes (output) and 32 + 4 + 36 + 36 + 4 =  112 bytes (input), so in total 144 bytes.

If we can save 72 bytes, we can reduce the volume of the block chain BY HALF, if we were using crypto correctly and consistently in the idea of optimizing consistent security (128 bit level) and maximum economy of room.

In fact, the original design even published the (x,y) coordinates in full of the public key, doubling the room used, but that was a total waste: you can recover y from x (and a single extra bit).  This is done now.

[1715096417]

1715096417

[IadixDev]

But to be sure, would need to do the maths lol need to find someone good with proba and algebra and market economy to put the equation together to see if some prectible behavior is supposed to emerge through some factor who is made to be kept constant in the equation, even if it's seemingly random and clumpsy.

I think one is reading too much in what isn't there. 

Well the only way to be sure it isnt there is still to admit the possibility it's a mark of open mind to consider all theory equally unless proven right or wrong. The opposite is mark of indoctrination and there are plenty of non religious form of indoctrination

2) he then realized that he needed to solve a consensus problem, because of the finite propagation delays on the network: what if some participants received valid transaction A, and other participants received valid transaction B, and A and B are spending the same tokens ?  How to come to a consensus ?

=> he needed a kind of decision game so that at any moment, only one decider was going to decide upon the consensus, that is, the full list of accepted past valid transactions.  As he didn't want (at first) a central authority, he needed a LOTTERY BETWEEN PARTICIPANTS.  However, in order to avoid a sybil attack, he proposed to do the lottery with Proof Of CPU work.  --> a lottery every 10 minutes.

But it's where I want to get at is that in this particular context, the pow is totally over kill to solve this problem, and if the goal is only to reach consencus in the simplest / more efficient manner, it's not the good solution.

In the context, it's like the byzantine general all know the criteria for what is considered good attack time, and can just rely on this know when to attack.

The criteria to sélect good block and transaction are not that hard-core to require this giant pow lotery.

[dinofelis]

But it's where I want to get at is that in this particular context, the pow is totally over kill to solve this problem, and if the goal is only to reach consencus in the simplest / more efficient manner, it's not the good solution.

I entirely agree.  PoW is a total disaster.  Thanks to a lot of discussions with @iamnotback I realized HOW MUCH it is a disaster.

The criteria to sélect good block and transaction are not that hard-core to require this giant pow lotery.

Indeed.  Moreover, as I recently saw, Satoshi even foresaw that this mining would become totally centralized, defeating the purpose !  It is totally ridiculous to introduce PoW to avoid a sybil attack, and then come to the conclusion that only a few big players will decide on the consensus as a consequence of his "solution".

This is why I think that Satoshi, after he finished the outline of his invention, accepted to modify the design criteria he put forward himself, because his design didn't fit it, but now that he made it, he didn't want to discard it.

That is like wanting to make an airplane, finding out it will not fly, but it will float very well, and declare in the end that your were actually designing a boat !

In the same way, Satoshi wanted "money for everyone to use" and then put in a 1 MB block limit, making it impossible for this to be used as money for more than a few geeks on a few obscure trading places.

Of course, all this can be the work of an evil genius.  But Occam's razor makes me believe that this is just a guy in his basement, doing the best he could, and the best he could, he realized, wasn't good enough for what he set out to do, but that wouldn't stop him.  Don't put on the shoulders of conspiracy, what can be explained by ignorance.

[Dorky]

Scenario A: Fee rises along with bitcoin price within a fixed percentage. So if the percentage is 0.1% and bitcoin price is at $100,000, then the fee will be $100. And if bitcoin price is at $1,000,000, then the fee will be $1,000.

Scenario B: Fee rises regardless of bitcoin price. So if fee is fixed at $1,000 minimum, it will remain at $1,000 (minimum) regardless of whether bitcoin price is at $100,000 or $1,000,000 (or even at $10,000, effectively meaning to say the fee is 10% of transaction value).

Which scenario (do you think) will play out?
Or will there be scenario C?

[dinofelis]

Scenario A: Fee rises along with bitcoin price within a fixed percentage. So if the percentage is 0.1% and bitcoin price is at $100,000, then the fee will be $100. And if bitcoin price is at $1,000,000, then the fee will be $1,000.

Scenario B: Fee rises regardless of bitcoin price. So if fee is fixed at $1,000 minimum, it will remain at $1,000 (minimum) regardless of whether bitcoin price is at $100,000 or $1,000,000 (or even at $10,000, effectively meaning to say the fee is 10% of transaction value).

Which scenario (do you think) will play out?
Or will there be scenario C?

Miners care about the absolute fee, not about a percentage.  If for one reason or another, a miner can take transaction A OR transaction B, but not both (for instance, limited block size, or other technical aspects that make that him taking on another transaction generates a cost: cost of missing a block, cost of infrastructure, cost of I don't know what), then that miner will pick the transaction with the highest ABSOLUTE fee. 

The fee market is about "transaction room" ; it doesn't care about what amount is transacted.  This is like driving a truck: the cost, and the fee of hiring a truck, depends on the load to be transported, not upon the value of the load.

So in an on-chain fee market, scenario B seems plausible.

However, in a lightning network banking, I guess it will be more like scenario A.  Because the "cost" of transacting on a LN (namely, the cost of having to settle on chain) depends on the amount transacted.  If that amount is small, it will easily go over many channels that have still provisions to do so.  If that amount is big, chances are bigger that it stresses the reserves in the channels used.

On the other hand, the bigger are the LN hubs, the more they can put into their channels, and the lower the fees they can ask for the same amount of transmitted value.  So a LN with limited block size will converge to very expensive block transactions between major LN hubs to settle their things, and a limited oligarchy of big LN hubs, being your bank, to which everybody is attached with a single expensive settlement on-chain (making it essentially impossible to "change bank") of your unique channel, which is entirely controlled by your bank, and which charges you proportionally to the transactions you want to make.
Like fiat banking, but without legal protection, and being bound to sleazy obscure bankers on the internet, without any recourse and to whose mercy you are delivered.  Unless you are wealthy enough to permit settling your channel on chain yourself, and go see one of their competitors (if they don't collude).

[Dorky]

Miners care about the absolute fee, not about a percentage.

So if we take away power of the miners, will the possible scenario change?

[IadixDev]

But it's where I want to get at is that in this particular context, the pow is totally over kill to solve this problem, and if the goal is only to reach consencus in the simplest / more efficient manner, it's not the good solution.

I entirely agree.  PoW is a total disaster.  Thanks to a lot of discussions with @iamnotback I realized HOW MUCH it is a disaster.

The criteria to sélect good block and transaction are not that hard-core to require this giant pow lotery.

Indeed.  Moreover, as I recently saw, Satoshi even foresaw that this mining would become totally centralized, defeating the purpose !  It is totally ridiculous to introduce PoW to avoid a sybil attack, and then come to the conclusion that only a few big players will decide on the consensus as a consequence of his "solution".

This is why I think that Satoshi, after he finished the outline of his invention, accepted to modify the design criteria he put forward himself, because his design didn't fit it, but now that he made it, he didn't want to discard it.

That is like wanting to make an airplane, finding out it will not fly, but it will float very well, and declare in the end that your were actually designing a boat !

In the same way, Satoshi wanted "money for everyone to use" and then put in a 1 MB block limit, making it impossible for this to be used as money for more than a few geeks on a few obscure trading places.

Of course, all this can be the work of an evil genius.  But Occam's razor makes me believe that this is just a guy in his basement, doing the best he could, and the best he could, he realized, wasn't good enough for what he set out to do, but that wouldn't stop him.  Don't put on the shoulders of conspiracy, what can be explained by ignorance.
 

But you see it's here I see something that still is weird.

If you are a guy in your basement, and that you want to find a solution to keep the chain coherent, and you choice between à simple well proven determinstic solution , or a solution that is completely off chart, super costly, and risky, why he would choose the second ? Why going through all this bother with pow and block reward who introduce huge complexity ? Why ?

Cause if it's too sélect between block header A and B, it doesnt even matter, any can be chosen arbitrarily as long as everyone agree.

Between tx A and B, same, anyway there is one that is a fraud, so any can be picked up.

That could be just be as simple as selecting block and tx based on which have the lowest hash. Period. No pow, no reward, no mining craze.

Why in the name of ocam razor to insert this  whole pow in the system ?

If it's not to introduce some kind of un certainty on purpose to encourage speculation. Toss a coin and watch the fools making bets.


If we had to deal with a stream of chaotic random data that make no sense in itself, ok for the pow. Because it need strong power to establish the good stream.

But in the case it doesnt make much sense in this perspective of consensus.  

The rule to make the decision could be 100% hard coded in the protocol and basta. The few case where there can be ambiguity are not really that hard to solve.

[thejaytiesto]

All the $billionaires and $trillionaires will be doing their settlement in BTC.

It will be $500,000 per BTC.

That is obvious.

You don't seem to understand money very well. And I am not going to write a treatise here. It isn't my responsibility to fix your ignorance about money. I say this forcefully because it behooves you to do some learning so you stop spouting off incorrect judgments.

You said this in that other thread where the first Snapchat investor said it's going $500,000 by 2030, that you agree with that prediction.

2030 is 13 years from now

Current price: $1200

That's $498,800 to go in 13 years, which according to my third grade math means BTC should raise around $38369 per year if your theory is correct.

Isn't this a bit nuts? How can BTC grow so much in 13 years? It would need to go parabolic in an unprecedented way. It would redefine the meaning of going parabolic. Nothing ever has grown this much, not even Berkshire Hathaway Class A stock. We are looking at insane levels of growth in a parabolic way in the last 3 years before 2030 is hit and by the time the curve of coin release starts being flat:



So if this is of any guidance, by about 2025 we would need to start seeing some serious shit, like legit insanity of price growth. And I say parabolic, because I don't see anything near $38369 per year happening any time soon if the growth was more or less linear, so it must be next-level parabolic. We would need to be seeing gold whales, stock whales, fiat whales, everything, moving money onto bitcoin to hodl there (or transact within the blockchain but never leaving BTC).

We are talking about 5 figures of growth per day in the last period... this is insane and would cause heart attacks left and right from hodlers that become rich in such a extreme way.

We are looking at current mega whales (considering they don't sell along the way) becoming the richest men on earth, maybe surpassing Rotchilds? I don't know how many BTC the mega rpietila and MP tier whales have, but at $500,000 per BTC they would become stupid rich, maybe first trillionaires ever (as a single guy owning +trillion).

I don't know, the growth required for $500,000 in 13 years seems too much. It would be something never seen before, books would be written about it, kids would learn about it in schools. It would be all over the planet, minds would explode, people that didn't buy at $1000 would hang themselves with a belt.

[Katewind]

Scenario A: Fee rises along with bitcoin price within a fixed percentage. So if the percentage is 0.1% and bitcoin price is at $100,000, then the fee will be $100. And if bitcoin price is at $1,000,000, then the fee will be $1,000.

Scenario B: Fee rises regardless of bitcoin price. So if fee is fixed at $1,000 minimum, it will remain at $1,000 (minimum) regardless of whether bitcoin price is at $100,000 or $1,000,000 (or even at $10,000, effectively meaning to say the fee is 10% of transaction value).

Which scenario (do you think) will play out?
Or will there be scenario C?

If there are only 2 choices as said above. I will choose Plan A with an appropriate fee for this price but if there is a plan 3 which is  more suitable for fee and I will choose it.

[dinofelis]

If you are a guy in your basement, and that you want to find a solution to keep the chain coherent, and you choice between à simple well proven determinstic solution , or a solution that is completely off chart, super costly, and risky, why he would choose the second ? Why going through all this bother with pow and block reward who introduce huge complexity ? Why ?

What deterministic solution ?  There isn't any that isn't centralized or permitted.  Proof of Stake was a possibility, but Satoshi was facing the problem that he was the only stake holder in the beginning.  He would have had to sign all blocks by himself, and unless someone actually GOT COINS FROM HIM, there was no way to get a second stake holder.

That could be just be as simple as selecting block and tx based on which have the lowest hash. Period. No pow, no reward, no mining craze.

The problem is, WHEN do you consider that transaction A is the valid one ?  How LATE can transaction B be propagated and WIN from transaction A ?

Suppose I pay you 100 BTC.  You observe transaction A on the network paying you.  How long do you wait before you consider that this payment is secure ?  Suppose I buy a car with that.  How long do you wait until you let me have the car ?

Suppose that the next day, I make a new double spend payment to myself.  I can modify my receiver addresses until I find a payment that has a smaller hash than transaction A.  I call that transaction: B.  I now transmit B on the network.  As B has a smaller hash than A, the consensus tells us one should take B over A, and finally, your transaction is eliminated.

Ok, but one day later, we don't accept this any more.  Ok, but how long do we have to wait ?  At what point do you consider that A is definitively the accepted transaction ?  After 30 minutes ?  But what if B comes in after 29 minutes for Joe and after 31 minutes for Jack ?  Joe and Jack will now disagree FOREVER over what was the right transaction ?  If you connect to Joe, you see your transaction reversed, while if you connect to Jack, you see your transaction not reversed ?

--> this is the consensus problem.  It is already difficult if most players want to play honestly.  It becomes very hard if you get a sybil possibility of 90% of the nodes conspiring to game the system (90% of nodes in the hands of one entity).

Suppose that I transmit transaction B almost immediately after transaction A, but I fire up 90% of nodes that "ignore" transaction B.  You will probably not see transaction B, and you think that after half an hour, you are safe.  Then I switch off my sybil nodes.  The rest of the network has preferred transaction B.  When you try to spend your coins a few months later, your right to spend doesn't exist on most nodes, because they had rejected A, and chosen B, and forgot about A.  You are the only one remembering A, thinking it was right.

Satoshi found a kind of solution with PoW.  It is a clunky solution, but he needed one.

[dinofelis]

Miners care about the absolute fee, not about a percentage.

So if we take away power of the miners, will the possible scenario change?

Of course, but the consensus in bitcoin is determined by miners.  You'd have to make a fork of bitcoin (make a new coin) to get rid of the miners FROM THAT COIN, but you cannot stop them from continuing bitcoin as it is.  Will your new coin be "bitcoin" or will the coin they continue to handle, be "bitcoin" and you just made a measly altcoin ?

[IadixDev]

If you are a guy in your basement, and that you want to find a solution to keep the chain coherent, and you choice between à simple well proven determinstic solution , or a solution that is completely off chart, super costly, and risky, why he would choose the second ? Why going through all this bother with pow and block reward who introduce huge complexity ? Why ?

What deterministic solution ?  There isn't any that isn't centralized or permitted.  Proof of Stake was a possibility, but Satoshi was facing the problem that he was the only stake holder in the beginning.  He would have had to sign all blocks by himself, and unless someone actually GOT COINS FROM HIM, there was no way to get a second stake holder.

That could be just be as simple as selecting block and tx based on which have the lowest hash. Period. No pow, no reward, no mining craze.

The problem is, WHEN do you consider that transaction A is the valid one ?  How LATE can transaction B be propagated and WIN from transaction A ?

Suppose I pay you 100 BTC.  You observe transaction A on the network paying you.  How long do you wait before you consider that this payment is secure ?  Suppose I buy a car with that.  How long do you wait until you let me have the car ?

Suppose that the next day, I make a new double spend payment to myself.  I can modify my receiver addresses until I find a payment that has a smaller hash than transaction A.  I call that transaction: B.  I now transmit B on the network.  As B has a smaller hash than A, the consensus tells us one should take B over A, and finally, your transaction is eliminated.

Ok, but one day later, we don't accept this any more.  Ok, but how long do we have to wait ?  At what point do you consider that A is definitively the accepted transaction ?  After 30 minutes ?  But what if B comes in after 29 minutes for Joe and after 31 minutes for Jack ?  Joe and Jack will now disagree FOREVER over what was the right transaction ?  If you connect to Joe, you see your transaction reversed, while if you connect to Jack, you see your transaction not reversed ?

--> this is the consensus problem.  It is already difficult if most players want to play honestly.  It becomes very hard if you get a sybil possibility of 90% of the nodes conspiring to game the system (90% of nodes in the hands of one entity).

Suppose that I transmit transaction B almost immediately after transaction A, but I fire up 90% of nodes that "ignore" transaction B.  You will probably not see transaction B, and you think that after half an hour, you are safe.  Then I switch off my sybil nodes.  The rest of the network has preferred transaction B.  When you try to spend your coins a few months later, your right to spend doesn't exist on most nodes, because they had rejected A, and chosen B, and forgot about A.  You are the only one remembering A, thinking it was right.

Satoshi found a kind of solution with PoW.  It is a clunky solution, but he needed one.

You could just remove the reward, any one can mine new block out of the mem pool, if two blocks or tx are in common, a determinstic algorithm could be used to select between the two.

With the hash of previous block in the header including timestamp for me it's enough to prevent sybil attack. Checkpoint could be made every 100 blocks and hashed in the chain.

And selecting conflicting blocks/tx within a timeframe with deterministic algorithm.

You can only emit a new block based on the last good one, including a timestamp and still need to keep checking other nodes for better blocks based on deterministic algoritgm.

Well would need to cut some corner there with the timestamp of valid chain to avoid sybil attack.


Other than this, all remain the same without the whole competition for the reward.

In other words, the amount of computational resource required to solve double spent is much < to cost of mining the proof.

Same for the complexity and time of solving the problem of double spent with classic deterministic solution, and putting the whole pow in place.

Because blockchain are a very specific case of byzantine general, and a lot can be assumed from other nodes due to the protocol , there is lot of things that can be assumed about the valid chain, and it's not like just any data can fit and there is no way to say which one is good or wrong at all.

It's like all the generals know each other thinking from before the battle. And the plan cannot be just anything.

If 90% of node want to collude on a chain, then it's the good chain, cant really prevent it anyway lol if 90% of users are against the protocol, why would they use it to begin with ?


The thing is in most case , all the chains will still contain sensibly the same txs in an order or another, so there is nothing to loose or win in choosing one or the other, it's just reordering the tx to fit the block header hash, outside of double spent that are fraud and should be removed anyway.  And all non double spent tx made on a chain is also valid on the other.

So in the end, why twist it so much with the pow and reward, for me it's still someone who know well the world of investment start up and trading, and it's not too far stretched either to think there is some kind of financial plan with it, and it's never really clear what those plans are, and there are many shady area surrounding it's thinking and deployment.

Either it was planed as a boat, a space ship, a submarine, hard to even say.

But it's hard to think there no plan with it all, or that it was studied with good knowledge of economic theories, and the world of IT, and he knew at least a minimum where he wanted to get at.

But his idea seem quite oriented with free market and still thinking with buisness in mind , with some kind of philosophy or plan.

[Dorky]

I don't know, the growth required for $500,000 in 13 years seems too much. It would be something never seen before, books would be written about it, kids would learn about it in schools. It would be all over the planet, minds would explode, people that didn't buy at $1000 would hang themselves with a belt.

Your chart is convex.
I believe the move will be concave.

Edit:
Sorry, I think is opposite.

[Dorky]

Of course, but the consensus in bitcoin is determined by miners.  You'd have to make a fork of bitcoin (make a new coin) to get rid of the miners FROM THAT COIN, but you cannot stop them from continuing bitcoin as it is.  Will your new coin be "bitcoin" or will the coin they continue to handle, be "bitcoin" and you just made a measly altcoin ?

Segwit is taking power away from miner, right?

[IadixDev]

The more i think about it, the more it's sure it's someone who has good knowledge of it ( for the distributed ledger/p2p), of game theory for the reward/proba pow, and of financial world with the inflation rate, and of startup because of coming out from the shadow with a whitepapper and a fully working portable app in binary, and how fast it went with exchange etc, hard to think it was not planned.

And if you take all those part flat out alone or study only one aspect it doesnt make that much sense.

Hard to think it's made by a single guy in his basement.

But you know even when I talked about this with a guy who is head of software company who works with AMF, he told me for him bitcoin comes from goldman sachs, it's something to "disrupt" and destroy government institutions, that it's very liberal at hearth, even if he didn't understand much in blockchain themselves, he knew it was something anti establishment, based on liberal view and from goldman sachs.

Not saying he is necessarily right, but many people still see it this way, and it's hard to think there is not some deep planning behind.

Or that some forces didn't use it or create it for that purpose of destabilizing certain establishment or trigger some kind of new UBER model for currency itself. And someone wanting to do this must have something in mind. Especially considering all the different aspect that are involved to have something that even fly a bit. Not even saying topping #1 after 8 years at +1000$.

[libertad]

[/quote]

All the $billionaires and $trillionaires will be doing their settlement in BTC.

It will be $500,000 per BTC.

That is obvious.


[/quote]


Why would the elite want to create thousands of new trillionairs?

Why would trillionares need BTC when they own offshore banks?

[iamnotback]

I think one is reading too much in what isn't there.  This is how people invent religions, by seeing purpose when there wasn't any.

Unless you've proved there could be no purpose, then your analogy is argumentation by saying nothing logical.

This is handwaving noise.

You'd be better served to stick to facts and stop trying to obfuscate that you're just handwaving.

You're filibustering, which is not what I expect from a scientist.

Write fewer (useless) words and more facts.

[iamnotback]

=> he needed a kind of decision game so that at any moment, only one decider was going to decide upon the consensus, that is, the full list of accepted past valid transactions.  As he didn't want (at first) a central authority, he needed a LOTTERY BETWEEN PARTICIPANTS.

Please stop trying to pretend you know anything.

We can attain consensus without relying on only one decider. One decider happens to work well for the system Satoshi designed, but it isn't the only way to design a consensus system with probabilistic finality.

You are just making up handwaving noise to obfuscate that you haven't added anything substantive to my rebuttals.

That's more or less it.  I don't think Satoshi's insight went beyond that, but that was already quite something.

Incorrect.

He would also need to deeply understand FLP impossibility theorem and the difference between probabilistic finality and the deterministic finality of Byzantine agreement.

Additionally the game theory economics and Nash equilibrium analysis is essential for understanding if the system will be stable or be a tragedy-of-the-commons. Also for understanding that the failure mode of the system is that it becomes completely centralized in one entity over the very long-term, if it becomes the paramount reserve currency in the world.

Also once you understand that, monetary systems, and finance, he would then understand how Bitcoin is ideal money until it becomes monopoly, then it shifts to 666 totalitarian.

You're not going to totally understand what I am writing because you haven't done the research and you are ignorant about blockchains. Really.

One of the things Satoshi was religious about, visibly, was the fact that there should only be a finite amount of coins in circulation.  He must have been influenced by the Austrian school and gold bugs.

Nash's ideal money also qualifies. And Nash's ideal money fits better because Bitcoin is far superior to gold and thus is an ideal money.

In fact, if he could have put them into circulation right away, most probably he would have preferred that, but as he now needed to emit them by people finding consensus

No he needed a way to market the thing, as this was the first thing of its kind, which means no one would have a reason to invest in it, i.e. the hen and egg dilemma. The genius of distribution via PoW is it invests people and industries into Bitcoin, which creates network effects and who then evangelize it.

You're analysis is inadequate due to your tunnel vision.

In order to obtain a finite amount of coins at the end of the universe, he needed to diminish rewards ---> simple solution of block reward halvings.  In order to reward them in the long term, he needed transaction fees.  

In order to limit the coin emission, he needed the lottery to take place only once every 10 minutes, and because he didn't want to rely on real time (in the end, he did!) he invented the scheme of increasing difficulty.

The logical consequence of this was that the economic cost of the PoW at the 10 minute reward was going to rise to be about equal to the market value of the emitted coins.  This would lead to totally crazy amounts of PoW, the rise of specialized hardware, and the killing of the original idea of just "a lottery between participants to decide who was going to decide upon consensus next with Sybil mitigation".

Satoshi's idea of having most payments done with bitcoin led him to understand that the block chain as he designed it, would have to grow at 100 GB a day.

You're trying to argue that these facts are contradictory or somehow clunky, but in fact they are a perfect design for what the global elite want from Bitcoin.

You keep trying to frame your argument under the assumption that Satoshi wanted Bitcoin to scale transactions for the masses and that he wanted it to remain decentralized for small miners. But in fact, that is not what the global elite want from Bitcoin.

If you have the wrong perspective, then you can't judge the facts.

Satoshi was paying lip service to things that the idealistic useful idiots and SJWs wanted to hear, so that Bitcoin could be virally launched into the world. But of course Satoshi doesn't give a fuck about these useful idiots in the long-run. The modus operandi fingerprints of the elite are right smack in front of your face and you can't even see it.

[iamnotback]

All the $billionaires and $trillionaires will be doing their settlement in BTC.

It will be $500,000 per BTC.

That is obvious.

Of course not.  People are maybe buying bitcoin at $1000 because they think it may go up to, say, $10 000,-.  But who is going to buy a bitcoin at $500 000,- ?  You're not expecting it to reach $5 000 000,- do you ?  So if you buy at $500 000,- you must be buying near the all-time high for ever.  Who's going to do so ?  So bitcoin will still grow a while, until buyers realize that there's more downside than upside, not only in the short term, but also in the long term.  And then, the greater-fool game stops.  And we get the supernova, or the slow deflation of the bubble.  I have no idea if it will be in 5 years, 15 years, or 30 years.

Billionaires are more concerned about stability (veracity) of their unit-of-account than the ROI. Billionaires have monopolistic businesses for making gains. For billionaires, money is a settlement and liquidity tool, not a speculative investment.

You do not understand (power) money. For your edification, read this.

When everything else is collapsing and unreliable due to the $quadrillion in derivatives in the fiat monetary system, the billionaires will only have one stable (incorruptible, no 3rd party liability, privacy, etc) money available to them. Bitcoin.

It isn't intended to be used by the masses. It is intended to be used by the $billionaires and they have the most wealth.

So those billionaires are going to put their fortunes in some funny crypto thing running by a few Chinese maffioso instead of owning companies, real estate, intellectual property and much more ?  Wake up.  Yes, sleazy business will.  Porn, hookers, drugs, gambling, arms deals, espionage, hackers, tax evaders and so on will.  But not really big billionaires.  They buy state power, not bitcoins.

If you want to throw (or kick) a football to a wide receiver, you need to aim several meters in front of where he is directed, because he will travel some meters before the ball will arrive at its destination.

Analogously if you want to know what Bitcoin will be, you must look forward and understand how Bitcoin's ecosystem is changing, maturing, and growing.

The Chinese ASIC manufacturers are totally at the mercy of the only two fabs that can manufacture 14/16mn ASICs, one in Hong Kong and the other in New York.

The whales of Bitcoin (who are already $billionaires btw) control the miners, not vice versa. I had already explained to you how that economics works, when I refuted your nonsense about hashrate growing unbounded or even as a percentage of transaction value.


@dinofelis, your entire world is going to get turned upside-down and you will be entirely unprepared because of your cognitive dissonance.

Because you don't understand money and what time it is. You don't even understand that your own EU is collapsing into abject totalitarianism.

Stating that I don't understand something is not an argument, I already told you.

Yes it is, because all the refutations are in my archives. You're just lazy to read. You're stuck in your cognitive dissonance mode and lazy assumptions.

I am not going to repeat all the information in my archives just for you. It is your problem, not mine. It takes far too much time to debate with you, because you don't pay attention. Things I've stated, you fail to assimilate. It is a huge waste of time. And it is your problem.

is that I have good reasons to think that bitcoin's design has too many clunky crypto design features to be the product of a mind like Nash.

You've been refuted upthread but you continue to repeat your errors instead of studying what I taught you and contemplating more deeply on the permutations of what I taught you.

No, you didn't.  You gave some arguments that I debunked, and then you only repeated that I was wrong, or that I didn't understand, or that I was suffering from cognitive dissonance, but these are not arguments that demonstrate anything.

You did not debunk. You were incorrect. I explained why. You are unable to comprehend. So you continue on making a Dunning-Kruger asshat for yourself.

What else can I say to when you either can't or won't read (and fully assimilate) what I wrote and comprehend your mistakes?

Of course you will continue to ignorantly insist that you are correct, and of course you will continue to be incorrect. And of course you will continue to reply and claim my reply does not constitute a logical argument. And I will continue to understand you are refusing to learn and you are filibustering instead of just admitting that you don't comprehend how I refuted you.

The points I made about the technical clunkiness not only stand, you haven't even been able to find a single argument against it.

Continue lying and you will go on my permanent Ignore.

I never thought you would be disingenuous but I guess ignorance can do that even to someone who I used to think was rational. Sigh.

1) it is truly genial, so genial that we don't understand it but it must be genial because it was designed by a genius, and if we think it is clunky, that's because we aren't smart enough (circular proof of genius)
2) it is indeed clunky, but on purpose, only to mislead you to make you not see the design was done by a real genius (unfalsifiable argument: if it was brilliant, it was a genius, and if it was clunky, a genius wanted to make you think he wasn't a genius)

These two logical errors won't convince me.

I am not trying to convince you. I am going to enjoy watching you eat your asshat as all obstinate idiots eventually do. That is the only way you will ever learn, because you refuse to be rational in this case.

I am providing information for readers who don't want to be misled by your failure to assimilate the information which has been provided to you.

1) You don't understand the design (and at least not in the correct context of its goal, but also you make other egregious technical blunders which indicate you are not expert enough in blockchains). I do understand it holistically (don't expect me to write it all!).
2) It is not clunky. The design is genius. Your circular logic rebuttal is indicative of your tunnel vision. That is your incorrect assumption because you attribute a design goal (mass scaling, etc.) which is not the design goal that Bitcoin meets perfectly (power money system for the global elite, launched virally by employing useful idiots so that resistance would not form in the nascent stages). John Nash's Ideal Money stated that to bring about ideal money it would have to be done evolutionarily in an incremental and naturally viral fashion. If you understand game theory, you would understand why the elite can't just announce a new monetary system and expect to not be attacked and undermined. Your entire thought process is so tunnel vision and simpleton. You don't assimilate and incorporate all the possibilities to arrive at the conclusion which makes the most sense. You instead lazily jump to the most convenient assumptions which fit your subjective and personal wishes. The design is genius on many different levels. For example for the n00bs who have no technical comprehension, the mass scaling and idealism lies are motivation. For those with some technical comprehension such as yourself, you become arrogant and see it as clunky, because you assume those mass scaling lies were sincere. Lol. Satoshi (the elite) brilliantly turned all different possible attackers into useful idiot assistants. You talk Bitcoin down while it continues to grow its tentacles virally, which is perfect and what the global elite want you to do. The more naysayers the better. Because viral things don't stop growing due to naysayers. The more naysayers, the more a viral thing spreads.

[iamnotback]

There is a serious inconsistency in how UTXO are referred.
On one hand, there is all the work of having a totally ordered consensus of transactions: the block chain.  It would have been extremely simple to refer to a transaction output in a block chain: the block number, the transaction number in the block, and the output number in the transaction uniquely specify the UTXO.  No need for a hash, no need for 256 bit !

Seriously you need to stop pretending you know anything about blockchain design.

This is beginners' egregious error.

Lol you just flunked the most fundamental issue of decentralized systems, which is there is no total order.

Well deep down blockchain are still a decentralized database, who preserve total order

Even if the way the chain will be constructed is not ordered, the system make in sort to garantee total order consistent across the network.

Incorrect. Chain reorganizations can happen at any time. PoW is probabilistically (i.e. never) final, not deterministically final.

Thus referencing by specific chains instead of by hash as @dinofelis suggested would be a DDoS security vulnerability at least and other cascading issues.

@IadixDev, that is why you leave the blockchain design work to me. I am expert. You are not.