Satoshi Nakamoto's stack

[Yutikas_11920]

satoshi i think is alive though. he just want to live life privately.

hei may have purposely forget all the logins of these wallet addresses as its like burning these coins. but it leaves a hacker a chance to solve a puzzle for a fortune. its almost impossible to hack those address but if someone can, coins are all his.

Hmm, it could have happened. for there are some scientists who do not want to be famous but they have a soul that is very good in helping emerging problems in the world, one of them is satoshi. Maybe he just was a scientists or smart people who simply want to provide assistance without the need to be known. But do not close the possibility that satoshi just want to hide away from the media in order not happen something that threatens his own self or family
 

[Haladay]

Hahahah, did you really expect him to store thousands of bitcoins in one wallet? This never happens. The best way to keep them secure is to split the total amount into smaller pieces so multiple wallets are needed.

[mindrust]

What if satoshi did like this, what if satoshi done that...

If you want to find out satoshi's identity, ask the core devs. Find the bitcointalk.org domain's owner and ask him. Nobody can stay as a ghost after creating a billion dollar company.

Either his account were being used by numerous people (core devs), or his identity is being protected the secret service. There is simply not a third option.

"He is dead that's why he is not showing up." > bullshit

[dinofelis]

A quantum attack on a hash is not very easy, compared to a quantum attack on public key crypto (RSA, Diffie-Hellman, or EC style).  A quantum attack on a hashed value still takes 2^(n/2) quantum iterations (so 2^80 for one single address).  As a quantum computer is a very delicate *analogue* machine, there's no reason to think that 2^80 iterations on a quantum machine will be faster than 2^80 iterations on a classical cluster (on the contrary).

On the other hand, a quantum attack on a public key takes about 3n iterations, so all elliptic curve, or factoring stuff is essentially dead.

put simply
sha is a very binary heavy puzzle
ECDSA if very vector heavy puzzle

Maybe you can see it that way, but essentially, what kills discrete log and factoring problems with a quantum machine is Shor's algorithm, which is nothing else but a fancy version of a Fourier analysis, and the fact that a quantum computer can do a Fourier-like transformation (using the public key) in about 3 n steps on a *quantum state*, which is the superposition of all possible initial states (potential secret keys).  As the mathematical properties are such that only the right secret key gives rise to a peak in the Fourier spectrum, and all the others smear out in about uniform noise, the right secret key stands out immediately.

It is the "simple" mathematical property of exponentiation, or of factorisation, which makes this nice Fourier-transformation-like thing happening.  With arbitrary binary jiggling, such as in AES-256 or SHA-2 or the likes, there's no such simple mathematical property.  As such, the best one can do is to do "reverse searching" with a quantum state being the superposition of all possible keys.  However, the provable best general algorithm that exists is Grover's, which needs 2^(N/2) steps on the quantum machine.
Symmetric crypto is hence much more robust against quantum machines than asymmetric crypto based upon factorisation or discrete logs.

[cellard]

There's the risk of the quantum attack on old addresses that never moved, as pointed by theymos which proposed getting rid of those coins, which I think it's insane even if it sucks that the government may steal satoshi's coins in the future (or whoever is first able to crack those). Well, good for them, it will just mean they are bigger investors in bitcoin. Whoever is paying attention and cares will have their bitcoin safe against any cryptographic attacks. There will always be people taking care of the development of bitcoin so we will always have it protected and up to date against any exploits. You can trust bitcoin more than banks getting cracked.

A quantum attack on a hash is not very easy, compared to a quantum attack on public key crypto (RSA, Diffie-Hellman, or EC style).  A quantum attack on a hashed value still takes 2^(n/2) quantum iterations (so 2^80 for one single address).  As a quantum computer is a very delicate *analogue* machine, there's no reason to think that 2^80 iterations on a quantum machine will be faster than 2^80 iterations on a classical cluster (on the contrary).

On the other hand, a quantum attack on a public key takes about 3n iterations, so all elliptic curve, or factoring stuff is essentially dead.

There's a way, way way bigger risk for addresses that don't move: a soft fork fading them out.  In fact, if segwit were activated, and later, one would decide that non-segwit addresses are invalid beyond block NN, Satoshi would have no choice but to move them, or lose them.
I fact, that's one of the reasons to be favourable for segwit: that this Satoshi's stash burden is finally cleared out.  There's a still bigger risk, of course: that is that bitcoin goes like black tulips.  The cryptographic issues with bitcoin are not on the top list of its potential failures.

Good point, didn't think about it. Segwit could get rid of satoshi's coins finally. I hate this constant fear of waking up to "fuck! satoshi just moved 100 million dollars worth of BTC!! SELL SELL SELL!!"

So we are going to get segwit, all the great features that segwit deliver, and we get rid of the satoshi coins.

There's also the argument of it not being fair because BTC should be able to protect your coins forever even if you don't move them, but we have to face reality here. His coins will get hacked eventually.

in any case; If you don't move your BTC for 8 years you either don't give a fuck about them, you lost them or you are dead.

[monsanto]

not sure, according to this http://historyofbitcoin.org/ Hal was minign with satoshi very early, so you have already a competitor with satoshi

basically for all the 2009 there at least two mining, but no sign of other mining, if they really mined for an entire year before other joined then yes, he mined much mroe than 1M even accounting Hal there

within a couple weeks of genesis there were atleast 5 people mining.

within 6 months a couple dozen atleast.
figures get more murkier after that.

yep even theymos was around early on (using sirius-m username)

if you want proof others were working on bitcoin in january 2009
Nicholas Bohm- http://satoshinakamoto.me/2009/01/25/re-bitcoin-list-problems/
hal finney - http://satoshinakamoto.me/2009/01/25/re-bitcoin-v0-1-released-2/

theres other names too. should anyone want to research it.
google is your friend

Someone would have to be pretty damn clever to invent bitcoin.  Seems like they'd be clever enough to anticipate that mining a lot of coins undercover, to sell later covertly, would be the prudent thing to do.  

So we are going to get segwit, all the great features that segwit deliver, and we get rid of the satoshi coins.

Ironically, trying to fork out Satoshi's coins might be the only thing that would get him to move them.

[johnwest]

Assume if you have a 100k BTC, you will store it in one wallet and let the world know that you exist?? I dont think the creator of Bitcoin is that stupid.

As many of the forum members said, it is divided into small amounts and stored in lots of addresses.

[dinofelis]

There's the risk of the quantum attack on old addresses that never moved, as pointed by theymos which proposed getting rid of those coins, which I think it's insane even if it sucks that the government may steal satoshi's coins in the future (or whoever is first able to crack those). Well, good for them, it will just mean they are bigger investors in bitcoin. Whoever is paying attention and cares will have their bitcoin safe against any cryptographic attacks. There will always be people taking care of the development of bitcoin so we will always have it protected and up to date against any exploits. You can trust bitcoin more than banks getting cracked.

A quantum attack on a hash is not very easy, compared to a quantum attack on public key crypto (RSA, Diffie-Hellman, or EC style).  A quantum attack on a hashed value still takes 2^(n/2) quantum iterations (so 2^80 for one single address).  As a quantum computer is a very delicate *analogue* machine, there's no reason to think that 2^80 iterations on a quantum machine will be faster than 2^80 iterations on a classical cluster (on the contrary).

On the other hand, a quantum attack on a public key takes about 3n iterations, so all elliptic curve, or factoring stuff is essentially dead.

There's a way, way way bigger risk for addresses that don't move: a soft fork fading them out.  In fact, if segwit were activated, and later, one would decide that non-segwit addresses are invalid beyond block NN, Satoshi would have no choice but to move them, or lose them.
I fact, that's one of the reasons to be favourable for segwit: that this Satoshi's stash burden is finally cleared out.  There's a still bigger risk, of course: that is that bitcoin goes like black tulips.  The cryptographic issues with bitcoin are not on the top list of its potential failures.

Good point, didn't think about it. Segwit could get rid of satoshi's coins finally. I hate this constant fear of waking up to "fuck! satoshi just moved 100 million dollars worth of BTC!! SELL SELL SELL!!"

So we are going to get segwit, all the great features that segwit deliver, and we get rid of the satoshi coins.

This is also most probably why segwit will not happen on bitcoin as long as it is the leading crypto.

The reason is the following: bitcoin's value is bitcoin's belief in eternity.  If any action on it can "wipe out Satoshi's stash", then this proves that whatever mechanism that is, it can change in principle anything (which is true, but which is against bitcoin's eternity belief).  It could change the Holy 21 million coins, it could erase Donald Trump's addresses, it could create a million new coins in the hands of the Chinese government from scratch...  All those invested heavily in bitcoin's belief system will resist such a thing.

Ironically, ethereum got rid of that sanctity, by doing a vulgar hard fork to get the money of the DAO back in the hands of its favorite speculators. So nobody has any sacred belief in the immutability and the eternity of ethereum: it has no principles left.  And as such, it can move on.  Bitcoin, however, has this sacred belief system that your coins will still be there 400 years from now and your great-grand children will be billionaires.  If anything could wipe out Holy Satoshi's coins, that's a blasphemy that is unheard of.  So anything that even comes close to potentially do that, will be resisted with all the forces of heaven and earth.

[cellard]

There's the risk of the quantum attack on old addresses that never moved, as pointed by theymos which proposed getting rid of those coins, which I think it's insane even if it sucks that the government may steal satoshi's coins in the future (or whoever is first able to crack those). Well, good for them, it will just mean they are bigger investors in bitcoin. Whoever is paying attention and cares will have their bitcoin safe against any cryptographic attacks. There will always be people taking care of the development of bitcoin so we will always have it protected and up to date against any exploits. You can trust bitcoin more than banks getting cracked.

A quantum attack on a hash is not very easy, compared to a quantum attack on public key crypto (RSA, Diffie-Hellman, or EC style).  A quantum attack on a hashed value still takes 2^(n/2) quantum iterations (so 2^80 for one single address).  As a quantum computer is a very delicate *analogue* machine, there's no reason to think that 2^80 iterations on a quantum machine will be faster than 2^80 iterations on a classical cluster (on the contrary).

On the other hand, a quantum attack on a public key takes about 3n iterations, so all elliptic curve, or factoring stuff is essentially dead.

There's a way, way way bigger risk for addresses that don't move: a soft fork fading them out.  In fact, if segwit were activated, and later, one would decide that non-segwit addresses are invalid beyond block NN, Satoshi would have no choice but to move them, or lose them.
I fact, that's one of the reasons to be favourable for segwit: that this Satoshi's stash burden is finally cleared out.  There's a still bigger risk, of course: that is that bitcoin goes like black tulips.  The cryptographic issues with bitcoin are not on the top list of its potential failures.

Good point, didn't think about it. Segwit could get rid of satoshi's coins finally. I hate this constant fear of waking up to "fuck! satoshi just moved 100 million dollars worth of BTC!! SELL SELL SELL!!"

So we are going to get segwit, all the great features that segwit deliver, and we get rid of the satoshi coins.

This is also most probably why segwit will not happen on bitcoin as long as it is the leading crypto.

The reason is the following: bitcoin's value is bitcoin's belief in eternity.  If any action on it can "wipe out Satoshi's stash", then this proves that whatever mechanism that is, it can change in principle anything (which is true, but which is against bitcoin's eternity belief).  It could change the Holy 21 million coins, it could erase Donald Trump's addresses, it could create a million new coins in the hands of the Chinese government from scratch...  All those invested heavily in bitcoin's belief system will resist such a thing.

Ironically, ethereum got rid of that sanctity, by doing a vulgar hard fork to get the money of the DAO back in the hands of its favorite speculators. So nobody has any sacred belief in the immutability and the eternity of ethereum: it has no principles left.  And as such, it can move on.  Bitcoin, however, has this sacred belief system that your coins will still be there 400 years from now and your great-grand children will be billionaires.  If anything could wipe out Holy Satoshi's coins, that's a blasphemy that is unheard of.  So anything that even comes close to potentially do that, will be resisted with all the forces of heaven and earth.

Well, who is resisting that change? Only Jihan Wu and a couple other actors. Everyone else is pretty much on board about it.

The 21 million limit is a very different thing compared to what we are talking about. Nobody supports that. Satoshi's coins are going to get hacked sooner or later, they are a burden. I would like to find a solution to that, but it's either waiting for the coins to get hacked or solving it while deploying a much needed update.

We need segwit. Bitcoin will need to keep getting updates as new treats are found, nothing is eternal, you can't sit back and expect BTC to function as it is for 1000 years, that is idealistic nonsense, except 21 million limit because I don't think that will get enough consensus to get changed ever.

If you don't check if bitcoin has had any updates for 10 years and you have money invested in bitcoin you are dead.

[dinofelis]

Well, who is resisting that change? Only Jihan Wu and a couple other actors. Everyone else is pretty much on board about it.

Well, if "a few guys" can stop the whole network from doing what "everyone else wants", then the claim of decentralization is long out of the window, no ?  So there are only two possible conclusions from that:
1) bitcoin is totally centralized in the hands of these few guys
2) bitcoin IS decentralized, and contrary to what you think there is no consensus on the change - maybe partially BECAUSE one could consider that if it even were possible to force people to transact or abandon, bitcoin is not the secure vault "for eternity" it claims to be.

The 21 million limit is a very different thing compared to what we are talking about. Nobody supports that.

Nevertheless, that is bitcoin's biggest stupidity (even though it is its biggest propaganda factor).  It is what makes that crypto didn't turn into e-cash, and won't.

Satoshi's coins are going to get hacked sooner or later, they are a burden. I would like to find a solution to that, but it's either waiting for the coins to get hacked or solving it while deploying a much needed update.

If ever they get hacked, then no bitcoin address is safe (unless you mean, they are going to find his USB key with the secret keys on it).
Each of his coins are in a 50 BTC containing address, and if ever one can crack most of them, it means that one can crack just any address on the chain.  But they are cryptographically really quite safe.  In fact, they are safer than if he has to move them.

We need segwit. Bitcoin will need to keep getting updates as new treats are found, nothing is eternal, you can't sit back and expect BTC to function as it is for 1000 years, that is idealistic nonsense, except 21 million limit because I don't think that will get enough consensus to get changed ever.

Well, the point is that if you can change *anything* (and if "just a few guys can change just anything") it means that, say, the Chinese government can change that too, and that change could be that your coins are declared non-existing, that they decide to print more bitcoin for themselves, or whatever.  

If you can change something as drastically that Satoshi needs to transact or lose his coins, it means that bitcoin is not that sacred vault of value it pretended to be ; and if "a few guys can decide on change" it means that any powerful structure can change ANYTHING.

If you don't check if bitcoin has had any updates for 10 years and you have money invested in bitcoin you are dead.

Well, bitcoin's "gold" was supposed to be secure for centuries.  If your vault is confiscated after 10 years, even a Swiss bank is better.

You see, we are touching on the very foundations of the belief system of bitcoin.  It was supposed to be eternal, cryptographically totally secure for centuries, and the bitcoin that were yours, were yours FOR EVER as long as YOU kept your wallet.  You could leave your wallet to your great-grand children, like you could have burried a gold tresury on an island in the Pacific, and leave a secret map to them.

Now, it turns out that people can just change things, and confiscate or declare invalid your holdings after 10 years or so.  That's a show stopper.

[cellard]

Nevertheless, that is bitcoin's biggest stupidity (even though it is its biggest propaganda factor).  It is what makes that crypto didn't turn into e-cash, and won't.

As long as bitcoin is the reserve crypto/digital gold im good. The concept of e-cash is as in a stable currency is stupid since it would need to be manually adjusted, so it wouldn't be a free market.

Anyway, once governments remove cash, people will use bitcoin as a substitute, since they will be forced to (they will not trust working for other currencies that may get delisted from exchanges, or their software crashing etc)

If ever they get hacked, then no bitcoin address is safe (unless you mean, they are going to find his USB key with the secret keys on it).
Each of his coins are in a 50 BTC containing address, and if ever one can crack most of them, it means that one can crack just any address on the chain.  But they are cryptographically really quite safe.  In fact, they are safer than if he has to move them.

Not really. There is a technical difference between these old 1-input-only addresses that never moved and other addresses. Theymos explained this in detail in other thread. The rest of coins are safe against that hypothetical quantum attack. Anyway no such thing as "eternally safe", only reasonably long term safe. But with minimal mainteinance (keeping your software update etc) you should be good to go to not get your bitcoins hacked in your lifetime.

Well, the point is that if you can change *anything* (and if "just a few guys can change just anything") it means that, say, the Chinese government can change that too, and that change could be that your coins are declared non-existing, that they decide to print more bitcoin for themselves, or whatever.  

If you can change something as drastically that Satoshi needs to transact or lose his coins, it means that bitcoin is not that sacred vault of value it pretended to be ; and if "a few guys can decide on change" it means that any powerful structure can change ANYTHING.

To change something you would need massive consensus as we see. And users are ultimately what dictate what bitcoin is. If 90% of users reject what the mining monopoly are doing, they can change PoW, fork etc. There are options. I would like to reach a consensus with miners tho, since that's a bumpy road to take.

Currently like 90%+ of nodes are supporting Core software, 75% of big players like merchants etc are supporting segwit, 70% are actively rejecting BUcoin.

Well, bitcoin's "gold" was supposed to be secure for centuries.  If your vault is confiscated after 10 years, even a Swiss bank is better.

You see, we are touching on the very foundations of the belief system of bitcoin.  It was supposed to be eternal, cryptographically totally secure for centuries, and the bitcoin that were yours, were yours FOR EVER as long as YOU kept your wallet.  You could leave your wallet to your great-grand children, like you could have burried a gold tresury on an island in the Pacific, and leave a secret map to them.

Now, it turns out that people can just change things, and confiscate or declare invalid your holdings after 10 years or so.  That's a show stopper.

Yes, I wouldn't like to see satoshi's coins invalidated, but we have learned so much since then. I suspect this will not be the case again. Coins nowadays will be safer than those ancient coins that never moved that will be the ones prone to a quantum attack.

More here:

https://www.reddit.com/r/Bitcoin/comments/4isxjr/petition_to_protect_satoshis_coins/d30we6f/

It is a thought decision.

We have 2 options:

1) Leave the coins as they are, so 1 million coins get potentially stolen by the NSA or whoever has access first to the computer capable of the quantum attack, and that means they could control the market at will. This is not an if, those coins will sooner or later get hacked.

2) The coins in danger get taken out so a malicious attacker cannot ruin the entire thing for the rest of holders.

[dinofelis]

Nevertheless, that is bitcoin's biggest stupidity (even though it is its biggest propaganda factor).  It is what makes that crypto didn't turn into e-cash, and won't.

As long as bitcoin is the reserve crypto/digital gold im good. The concept of e-cash is as in a stable currency is stupid since it would need to be manually adjusted, so it wouldn't be a free market.

There are many ways in which this can be automated ; the most trivial would be to have the difficulty of proof of work as a fixed curve (say, following Moore's law, or somewhat steeper).  This would put an upper bound to the value of a coin and have automatic emission of new coins when the value tends to rise above this upper bound.  Indeed, if ever the value of the coin would be above the PoW economic cost to make a new one, people wouldn't provide so much value for it,  but would make the coins with PoW.  This debasement would bring the price of the coin down to the price of mining with the given difficulty-cost.

More complicated systems can use a governance model with voting to use oracles measuring the price ; many things can be done that way.

Anyway, once governments remove cash, people will use bitcoin as a substitute, since they will be forced to (they will not trust working for other currencies that may get delisted from exchanges, or their software crashing etc)

In as much as people are going to do so, I rather think they would use something else, that is not going to deflate so much.  After all, in as much as it could make sense to *obtain* coins, one wouldn't have a strong incentive to *spend* them if they rise in value.  And the maximalist vision that only bitcoin is going to have correctly running software is a bit strange.  In any case, if governments remove cash, it would be an extremely bad idea to use centralized fiat/crypto exchanges, as they will be controlled like banks and will have to report all crypto-fiat conversions to authorities.  You will have to explain where your coins came from - just as well use a bank account.   In fact, if the idea is to hide from government (which I think is the sole true application niche of crypto, apart from speculation), all transparent-ledger technology is to be avoided.  I'd only use monero or zcash or another cryptographically obscured coin for such.

If ever they get hacked, then no bitcoin address is safe (unless you mean, they are going to find his USB key with the secret keys on it).
Each of his coins are in a 50 BTC containing address, and if ever one can crack most of them, it means that one can crack just any address on the chain.  But they are cryptographically really quite safe.  In fact, they are safer than if he has to move them.

Not really. There is a technical difference between these old 1-input-only addresses that never moved and other addresses. Theymos explained this in detail in other thread. The rest of coins are safe against that hypothetical quantum attack.

That's not correct.  These addresses are hashes, and hashes are relatively well protected from quantum attacks, contrary to public key signatures.  In fact, ALL addresses as of now on the chain are on equal footing, and have a 160 bit strength which is reduced to 80 bit strength in the case of a powerful quantum computer.

Well, the point is that if you can change *anything* (and if "just a few guys can change just anything") it means that, say, the Chinese government can change that too, and that change could be that your coins are declared non-existing, that they decide to print more bitcoin for themselves, or whatever.  

If you can change something as drastically that Satoshi needs to transact or lose his coins, it means that bitcoin is not that sacred vault of value it pretended to be ; and if "a few guys can decide on change" it means that any powerful structure can change ANYTHING.

To change something you would need massive consensus as we see. And users are ultimately what dictate what bitcoin is. If 90% of users reject what the mining monopoly are doing, they can change PoW, fork etc. There are options. I would like to reach a consensus with miners tho, since that's a bumpy road to take.

This consensus thing is totally misunderstood.  The idea that a "strong majority vote" can do something without a centralized power, is suffering from the same fallacies as the "tragedy of the commons", illustrated by that biblical parable: the wedding and the wine.  All guests agreed (consensus!) to bring wine and mix it in the common barrel.   But everyone thought: "if I just add water, I make a benefit".  In the end, the barrel was full of water.  This is totally normal.
If a majority decides to fork and make an altcoin with a different PoW, there may be an individual incentive to use also one's coins on the old chain, which is, after all, the "real old bitcoin".   Even if you are favourable to fork off to a new PoW algorithm (and hence have coins on both chains), there's no reason not to consider your coins on the "original" chain - after all, you never know whether this is not the valuable coin 10 years from now, as it is the vintage one with Satoshi's original coins on !

This is exactly the reason why bitcoin cannot "upgrade".  It will only be possible to upgrade, when the bitcoin brand name doesn't mean much any more and there's no real hope for "true original vintage" recovery.  Because the undeniable problem is that the original chain will always have a natural claim on being "the original, true" bitcoin as long as it lives on ; and people are not going to risk to sell their "true bitcoins" for peanuts, as they can hodl them for free even if they "vote" for a new chain.

Currently like 90%+ of nodes are supporting Core software, 75% of big players like merchants etc are supporting segwit, 70% are actively rejecting BUcoin.

The choice is not "segwit or bucoin" ; the true choice is "bitcoin as it is, or modified bitcoin or both".   If the brand name doesn't matter so much (like with ethereum or litecoin), there's no incentive to keep the old chain alive.   But if the old chain can claim "true bitcoin", that's another story.

Yes, I wouldn't like to see satoshi's coins invalidated, but we have learned so much since then. I suspect this will not be the case again. Coins nowadays will be safer than those ancient coins that never moved that will be the ones prone to a quantum attack.

I don't know where you got that story about this quantum attack.  It is cryptographically totally wrong.  ALL addresses, since day 1, are 160 bit hashes, which are not so vulnerable to a quantum attack, and are in any case on the same footing.

The ONLY argument that could make some sense, is that actually, some entity *is already having a quantum computer* and *is running an attack* on these keys since years, so they have some years of advance on these addresses as compared to other addresses.   But if that is the case, then they have the means to crack MUCH MUCH more ; if I had a sufficiently powerful quantum computer running in my basement, the LAST of things I would do would be to crack Satoshi's 50 BTC keys with a very inefficient algorithm: I would be cracking ALL PUBLIC KEY stuff on the internet in a few seconds, and penetrate essentially all fiat banking applications, know all https data flows, get all the passwords everywhere sent over https links....  Bitcoin would be the least of my occupations, as I would already be the master of this world.

If this erroneous concept is (yet another time (*) ) a basis for a fundamental decision, then bitcoin's decisions are more and more based upon false statements.

(*) the other erroneous concept is that non-mining full nodes "keep the block chain honest" and is the true decentralization of the network, which is an argument to keep the chain small.  I've explained several times why this is wrong, and that bitcoin's decentralization is truly measured by the distribution of the hash rates of the mining pools.

[cellard]

There are many ways in which this can be automated ; the most trivial would be to have the difficulty of proof of work as a fixed curve (say, following Moore's law, or somewhat steeper).  This would put an upper bound to the value of a coin and have automatic emission of new coins when the value tends to rise above this upper bound.  Indeed, if ever the value of the coin would be above the PoW economic cost to make a new one, people wouldn't provide so much value for it,  but would make the coins with PoW.  This debasement would bring the price of the coin down to the price of mining with the given difficulty-cost.

More complicated systems can use a governance model with voting to use oracles measuring the price ; many things can be done that way.

Is there any coin that does this already? why don't you release your own coin?

In as much as people are going to do so, I rather think they would use something else, that is not going to deflate so much.  After all, in as much as it could make sense to *obtain* coins, one wouldn't have a strong incentive to *spend* them if they rise in value.  And the maximalist vision that only bitcoin is going to have correctly running software is a bit strange.  In any case, if governments remove cash, it would be an extremely bad idea to use centralized fiat/crypto exchanges, as they will be controlled like banks and will have to report all crypto-fiat conversions to authorities.  You will have to explain where your coins came from - just as well use a bank account.   In fact, if the idea is to hide from government (which I think is the sole true application niche of crypto, apart from speculation), all transparent-ledger technology is to be avoided.  I'd only use monero or zcash or another cryptographically obscured coin for such.

If we could get segwit, then with Coinjoin + CT we would have an anonymous coin that actually scales. I think people would use that above the alternatives.

That's not correct.  These addresses are hashes, and hashes are relatively well protected from quantum attacks, contrary to public key signatures.  In fact, ALL addresses as of now on the chain are on equal footing, and have a 160 bit strength which is reduced to 80 bit strength in the case of a powerful quantum computer.

I don't know the details. I just remember reading about it, i think it was theymos that said it.

This consensus thing is totally misunderstood.  The idea that a "strong majority vote" can do something without a centralized power, is suffering from the same fallacies as the "tragedy of the commons", illustrated by that biblical parable: the wedding and the wine.  All guests agreed (consensus!) to bring wine and mix it in the common barrel.   But everyone thought: "if I just add water, I make a benefit".  In the end, the barrel was full of water.  This is totally normal.
If a majority decides to fork and make an altcoin with a different PoW, there may be an individual incentive to use also one's coins on the old chain, which is, after all, the "real old bitcoin".   Even if you are favourable to fork off to a new PoW algorithm (and hence have coins on both chains), there's no reason not to consider your coins on the "original" chain - after all, you never know whether this is not the valuable coin 10 years from now, as it is the vintage one with Satoshi's original coins on !

This is exactly the reason why bitcoin cannot "upgrade".  It will only be possible to upgrade, when the bitcoin brand name doesn't mean much any more and there's no real hope for "true original vintage" recovery.  Because the undeniable problem is that the original chain will always have a natural claim on being "the original, true" bitcoin as long as it lives on ; and people are not going to risk to sell their "true bitcoins" for peanuts, as they can hodl them for free even if they "vote" for a new chain.

The centralized chinese chain with no segwit would end up a marginal coin like ETC. What I don't know is who would get to keep the BTC token. How was decided that ETH would be the new chain and ETC the original chain?


Anyway sooner or later we'll get segwit somehow. I think Jihan and Roger will give up eventually, once they have made enough money manipulating the altcoin markets.

[piebeyb]

Please check this

https://github.com/solinger10/hw5/blob/master/data/tenthousandblocks.txt

[dinofelis]

Is there any coin that does this already? why don't you release your own coin?

Because nobody is really interested in having genuine crypto money.  Most people want to speculate.  That's what I learned.  So in the end, Satoshi was right in making a speculative asset, selling it as a currency, knowing very well that it wouldn't become that.  The story was nice, it got some crypto anarchist naive souls marching for it, but there's no real demand for it.  If I would make such a coin, as it would be a coin with which one cannot get rich quickly, nobody would use it.

For those few people that really need to pay something that they cannot pay with cash, the current crypto eco system is good enough ; and we haven't yet discovered a good technology that doesn't suffer from the fact that decentralized systems, when they grow, always become more expensive to use than equivalent centralized systems (hence the bitcoin wars).

Now, for fun, I might give it a try one day

If we could get segwit, then with Coinjoin + CT we would have an anonymous coin that actually scales. I think people would use that above the alternatives.

Why all those "ifs" when there's monero around that does the same and is up and running ?  Or ZEC (even though there are several aspects of ZEC I don't like, such as the fact that anon tech is optional) ?

Because there's one thing that should be clear: if you really use a crypto as a *currency*, you care much, much less about its longevity, its absolute long term security, and all that, so the "barrier" to go from sacred "bitcoin" to "measly altcoin" is even less important than it is right now.  A crypto that will serve as a currency just needs to be sufficiently reliable, and stable, during the time of acquiring it, and spending it, with no regrets that you have spent something that was going to make you a billionaire, and no fears that between acquiring it and spending it, a "whale decided to cash in profits" and the price crashed.  You don't need "currency" to be steady and reliable for decades.  You only need it for a few weeks or months.
The only long-term issue you might care about, is its sufficient privacy, because even if you don't use it any more, all your 10-year old spendings are still graved in stone somewhere, so you might hope that sufficiently strong crypto is protecting it if you don't want people to find out.

That's not correct.  These addresses are hashes, and hashes are relatively well protected from quantum attacks, contrary to public key signatures.  In fact, ALL addresses as of now on the chain are on equal footing, and have a 160 bit strength which is reduced to 80 bit strength in the case of a powerful quantum computer.

I don't know the details. I just remember reading about it, i think it was theymos that said it.

I can really, really assure you that quantum computers are not of much use against hashes (contrary to public key crypto), and that all current bitcoin addresses are of exactly the same cryptographic security as those of Satoshi.

It is true that Segwit intends to increase the security, at least for those people converting their stash in to segwit-bitcoin.  But for the moment, that's not active.

The centralized chinese chain with no segwit would end up a marginal coin like ETC. What I don't know is who would get to keep the BTC token. How was decided that ETH would be the new chain and ETC the original chain?

I guess the ethereum foundation possesses the name "ethereum" but I'm not sure.

Anyway sooner or later we'll get segwit somehow. I think Jihan and Roger will give up eventually, once they have made enough money manipulating the altcoin markets.

I think bitcoin will get segwit indeed, once it is not the dominating crypto any more and its brand name is not so much worth any more, and/or if it becomes fully centralized, so that the few people commanding bitcoin can sit in a room and come to an agreement, like they did with litecoin (which, by doing so, proved it was centralized).  Until then, bitcoin should remain immutable.

[cellard]

Is there any coin that does this already? why don't you release your own coin?

Because nobody is really interested in having genuine crypto money.  Most people want to speculate.  That's what I learned.  So in the end, Satoshi was right in making a speculative asset, selling it as a currency, knowing very well that it wouldn't become that.  The story was nice, it got some crypto anarchist naive souls marching for it, but there's no real demand for it.  If I would make such a coin, as it would be a coin with which one cannot get rich quickly, nobody would use it.

For those few people that really need to pay something that they cannot pay with cash, the current crypto eco system is good enough ; and we haven't yet discovered a good technology that doesn't suffer from the fact that decentralized systems, when they grow, always become more expensive to use than equivalent centralized systems (hence the bitcoin wars).

Now, for fun, I might give it a try one day

If we could get segwit, then with Coinjoin + CT we would have an anonymous coin that actually scales. I think people would use that above the alternatives.

Why all those "ifs" when there's monero around that does the same and is up and running ?  Or ZEC (even though there are several aspects of ZEC I don't like, such as the fact that anon tech is optional) ?

Because there's one thing that should be clear: if you really use a crypto as a *currency*, you care much, much less about its longevity, its absolute long term security, and all that, so the "barrier" to go from sacred "bitcoin" to "measly altcoin" is even less important than it is right now.  A crypto that will serve as a currency just needs to be sufficiently reliable, and stable, during the time of acquiring it, and spending it, with no regrets that you have spent something that was going to make you a billionaire, and no fears that between acquiring it and spending it, a "whale decided to cash in profits" and the price crashed.  You don't need "currency" to be steady and reliable for decades.  You only need it for a few weeks or months.
The only long-term issue you might care about, is its sufficient privacy, because even if you don't use it any more, all your 10-year old spendings are still graved in stone somewhere, so you might hope that sufficiently strong crypto is protecting it if you don't want people to find out.

That's not correct.  These addresses are hashes, and hashes are relatively well protected from quantum attacks, contrary to public key signatures.  In fact, ALL addresses as of now on the chain are on equal footing, and have a 160 bit strength which is reduced to 80 bit strength in the case of a powerful quantum computer.

I don't know the details. I just remember reading about it, i think it was theymos that said it.

I can really, really assure you that quantum computers are not of much use against hashes (contrary to public key crypto), and that all current bitcoin addresses are of exactly the same cryptographic security as those of Satoshi.

It is true that Segwit intends to increase the security, at least for those people converting their stash in to segwit-bitcoin.  But for the moment, that's not active.

The centralized chinese chain with no segwit would end up a marginal coin like ETC. What I don't know is who would get to keep the BTC token. How was decided that ETH would be the new chain and ETC the original chain?

I guess the ethereum foundation possesses the name "ethereum" but I'm not sure.

Anyway sooner or later we'll get segwit somehow. I think Jihan and Roger will give up eventually, once they have made enough money manipulating the altcoin markets.

I think bitcoin will get segwit indeed, once it is not the dominating crypto any more and its brand name is not so much worth any more, and/or if it becomes fully centralized, so that the few people commanding bitcoin can sit in a room and come to an agreement, like they did with litecoin (which, by doing so, proved it was centralized).  Until then, bitcoin should remain immutable.

What decides what is and isn't currency? For me currency is something you can use to buy goods and services. Doesn't bitcoin meet this criteria? You can use it to buy stuff, and you can use it to hold it long term.

Again, the big demand for crypto will come once governments ban all physical cash. But you can't say there's no demand, there's already demand, people use it to hedge against fiat currencies, and stuff that brings uncertainty (like Trump, Lepen, banking crisis in general etc)

People also use it to buy stuff on the darknet.

There's a certain demand, and we needed something like bitcoin. A coin that somehow has the same price always wouldn't cut it, we needed a digital gold to store wealth. You happen to be able to move it too and use it as currency with bitcoin. Who cares how satoshi marketed it, let's focus on what we have and how to make it better.

[Andre_Goldman]

his tokens reminds me

Satoshi’s Genius: Unexpected Ways in which Bitcoin Dodged Some Cryptographic Bullets
https://bitcoinmagazine.com/articles/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet-1382996984/

[dinofelis]

What decides what is and isn't currency? For me currency is something you can use to buy goods and services. Doesn't bitcoin meet this criteria? You can use it to buy stuff, and you can use it to hold it long term.

Wine is then a currency too.  I could exchange a certain number of famous wine bottles for, say, a sportscar.  Collector stamps too.  Silver.  Iridium.  Famous paintings.  Anything that has value and can be bartered for something else, can then be seen as a "currency".  True.   

But to be called a currency, it normally also has to be able to act as a "unit of account".  Now, people pretend that bitcoin is a unit of account, and express relative prices in BTC (like other crypto).  But in reality, BTC is not a unit of account.  From beginning of 2014 to 2015, it fell a factor of 6 in value.  The last year, it rose a factor of 5 or so.   You can't write a contract in such a "unit of account".  In another thread, I gave the example of a cleaning company, and an another company, the other company making a contract to clean their offices for the next 5 years with the cleaning company, for a price of $5000,- a month, say.   This contract cannot be signed when the price is said to be 3 BTC a month.  Because nobody knows what value BTC will have during these 5 years.  If it rises like crazy, the company will have its offices cleaned for the highest amount in town.  If BTC crashes, the cleaning company will clean the other office for near to nothing.

BTC is not a unit of account, because there is no mechanism that tries to keep the inflation/deflation of its price within reasonable boundaries (on the contrary: BTC is designed to be extremely deflationary).

However, it for sure is a mobile value that can be transacted relatively easily, subdivided in fractions, and is relatively fungible for the moment.  So it does display certain monetary aspects.  But it is not a genuine currency, because you cannot express prices in it without referring to a real unit of account (such as $).

Again, the big demand for crypto will come once governments ban all physical cash. But you can't say there's no demand, there's already demand, people use it to hedge against fiat currencies, and stuff that brings uncertainty (like Trump, Lepen, banking crisis in general etc)

Nope.  You shouldn't confound a greater-fool game with "hedging against fiat currencies".   And using crypto to replace physical cash is going to be much more difficult than you think, because you will still need to go through exchanges and the banking system ; and whenever "legal" companies accept crypto, they will have to report your crypto transaction, and you will potentially be asked to explain where your crypto came from.   In other words, to replace cash with crypto, you will have to have a closed economic cycle, entirely based upon dark commerce.   If you will go to a legal shop that accepts crypto, and you want, say, to buy an i-phone with bitcoin, you will be requested to give all your ID information, linked to that transaction.  Whenever you do your tax declaration, authorities will know that you spent such a bitcoin, and so you will have to have explained how you got it in a previous declaration.  If ever you pay with a bitcoin that you didn't declare as an income before, you will have to explain and pay a fine.

The only thing that you truly can do with crypto, is to buy stuff on dark markets, and sell stuff on dark markets.  For instance, maybe you want to buy drugs, and maybe you are willing to sell the service of homicide.  If for a killing, you can get, say, 100 BTC, then you can use those to buy drugs on dark markets.  Because then, the dark economy is entirely closed.  But once you will use it in the "white circuit", you're just as screwed with crypto than you are with a bank account.
And anon coins won't help, because it is not the chain that will be analysed: it is the act of buying that will automatically be linked to you (AML/KYC), and you will have to explain how you got it, which is necessarily a form of income.

People also use it to buy stuff on the darknet.

This, to me, is the ONLY TRUE crypto currency application that makes sense.

There's a certain demand, and we needed something like bitcoin. A coin that somehow has the same price always wouldn't cut it, we needed a digital gold to store wealth. You happen to be able to move it too and use it as currency with bitcoin. Who cares how satoshi marketed it, let's focus on what we have and how to make it better.

A currency has to be a unit of account in the short term ; a store of value needs to be a unit of account in the long term.  BTC is neither.  It is a highly speculative asset where the hope of the participants is that it is going to be eternally deflationary.  This is known as a greater-fools game.  But that game can take a very long time, and in the mean time, it is a very beneficial speculative asset.

But the thing it has been doing well since many years, is exactly that: a highly speculative asset.

[dinofelis]

his tokens reminds me

Satoshi’s Genius: Unexpected Ways in which Bitcoin Dodged Some Cryptographic Bullets
https://bitcoinmagazine.com/articles/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet-1382996984/

Yes, except no.   As many aspects of the bitcoin cryptographic design, there are inconsistencies in the explanations of cryptographic choices, even though the system works, overall, very well.  But the "reasons" one invokes often as a "genius move", are contradicted by other elements where the "genius move" is not applied.

Here, one seems to claim that the choice of secp256k1 was a stroke of genius, because the secp256r1 curve could have been tampered with.  Well, this logic doesn't hold water, for the following reason.

1) two kinds of curves are published, the "random" ones, and the "Koblitz" ones.  In general, the fear with elliptic curve crypto (apart from the development of quantum computers which *totally* kills it) is that one has chosen a *particular* curve that has *extra* mathematical properties so that the difficult discrete log problem it formulates, has mathematical tricks to it that make it simpler.  Many such "weak" families of curves have been discovered, and one doesn't know if there will not be more of these curves.  Now, Koblitz curves are a very special kind of elliptic curve, but one hasn't yet (publicly) found any way to use their properties to break them.  But as they are special, people think that chances are higher that one day, Koblitz curves can be cracked, than "randomly" chosen curves.

This is why the standard published two sets of curves: Koblitz curves, and potentially safer random curves.  In fact, for the highest degrees of security, no Koblitz curves were published.   So NORMALLY, random curves would have been a potentially safer choice in the long run --> but bitcoin uses a Koblitz curve and hence, didn't use the argument for the "safer" random curve.  

2) however, in order for random curves to be truly random, the randomness of the curve should be checkable.  And the nasty thing with the SEC curves is that the "random number" comes from the hash of another "random number".... of which never an explanation was given.  So people then invented the possibility that these "random" numbers were in fact not so random, and give us, after hashing, a very specific mathematical curve of which nobody knows that they are weak, except for a few secret mathematicians at the NSA or something: a back door !  

Now, that's a good reason, if you're paranoid, to avoid these curves.  But is one then obliged to use the Koblitz curve variant ?

Answer: no.  Because that worry (that dates from end of the 1990-ies) of the ill-explained random curves was known, and other standard bodies DID publish good random curves, which have *provable* random properties, and are hence superior to the Koblitz curves as a matter of "potentially flawed".  For instance, the Bernstein curves, or the Brainpool curves.  These curves were published in 2006 or so, hence, before bitcoin's protocol was set up.

So, in as much as Satoshi had doubts about a back door in the secp256r1 curve (a worry that was published since years), instead of using the secp256k1 curve from the same guys, he could have used the brainpool random curves, which do not have this potential back door, because provably random.

Most probably, Satoshi chose secp256k1, because they allow for a *very efficient implementation* in the calculations needed.

[audaciousbeing]

Hi Bitcoiners! i heard that Satoshi Nakamoto has more than 1M Bitcoins, and i became really curious to see the wallet with all those bitcoins! so i did some research and i couldn't find any info on which are the wallet adresses that hold such bitcoins, in fact i found out that the most bitcoins held in a wallet right now is about 300k bitcoins held by the FBI or some shit... so i would like to ask the community where is the address that holds such amount of bitcoins and what info we've got about what satoshi did with his coins, did he sold them? does he still have them? where are they? thanks for your help!
Love from Colombia <3

Guy you probably didnt hear anything because no one can share such. You would have read what majority have equally read about Satoshi at one time or the other that we tried to find more about the genius behind the project in which the whole world is currently rallying behind. But my question is even if you happen to find it, what will you do about it and more so, if Satoshi could keep that for himself when it even worth nothing, then he deserves our commendation because if he had known this will be the outcome as at today, he would have kept more.