Bitcoin Forum
December 09, 2018, 11:11:43 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: « 1 ... 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 [68] 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 ... 166 »
  Print  
Author Topic: MasterCoin: New Protocol Layer Starting From “The Exodus Address”  (Read 447543 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
HammerFist
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
October 20, 2013, 06:36:12 AM
 #1341

I have alot of spare time lately but not alot of money and I'm looking for a project to pour my energy and expertise into.
Don't worry about the money, you'll have plenty if you hang out here for long.  But, I've got to warn you the competition is good.  You'll have to program some slick stuff if you want to take an MSC bounty.  The last contest just ended - a new is about to begin.  Mastercoin project has over $800,000 in the bank so plenty to give away. 
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1544397103
Hero Member
*
Offline Offline

Posts: 1544397103

View Profile Personal Message (Offline)

Ignore
1544397103
Reply with quote  #2

1544397103
Report to moderator
1544397103
Hero Member
*
Offline Offline

Posts: 1544397103

View Profile Personal Message (Offline)

Ignore
1544397103
Reply with quote  #2

1544397103
Report to moderator
1544397103
Hero Member
*
Offline Offline

Posts: 1544397103

View Profile Personal Message (Offline)

Ignore
1544397103
Reply with quote  #2

1544397103
Report to moderator
Paleus
Full Member
***
Offline Offline

Activity: 235
Merit: 100


www.diginomics.com


View Profile WWW
October 20, 2013, 09:18:14 AM
 #1342

I have alot of spare time lately but not alot of money and I'm looking for a project to pour my energy and expertise into.
Don't worry about the money, you'll have plenty if you hang out here for long.  But, I've got to warn you the competition is good.  You'll have to program some slick stuff if you want to take an MSC bounty.  The last contest just ended - a new is about to begin.  Mastercoin project has over $800,000 in the bank so plenty to give away. 

Hammer, are you part of the team developing Mastercoin or are you working on Colored Coins?

Do you have a link to the new contest or is it not open to the public yet?


maxmint
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
October 20, 2013, 09:36:28 AM
 #1343

Do you have a link to the new contest or is it not open to the public yet?

J.R. (the Mastermind behind Mastercoin) posted a rough sketch of the next coding contest here: https://bitcointalk.org/index.php?topic=265488.msg3358444#msg3358444

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
Paleus
Full Member
***
Offline Offline

Activity: 235
Merit: 100


www.diginomics.com


View Profile WWW
October 20, 2013, 11:17:18 AM
 #1344

Do you have a link to the new contest or is it not open to the public yet?

J.R. (the Mastermind behind Mastercoin) posted a rough sketch of the next coding contest here: https://bitcointalk.org/index.php?topic=265488.msg3358444#msg3358444

Thanks Max, I'll check it out!

PS, I enjoyed your song. Perhaps in time you'll get the chance to make a sequel, this time on Mastercoin.

prophetx
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


he who has the gold makes the rules


View Profile WWW
October 20, 2013, 11:44:27 AM
 #1345

I'd use the word symbiotic rather than parasitic, since I believe we'll be good for bitcoin in the long run.
I had a similar thought as I read it.  "epiphytic" - is more accurate in my view.  See: http://en.wikipedia.org/wiki/Epiphyte  Mastercoin doesn't take nutrients from or otherwise 'feed' off the blockchain - it merely hangs thereon and takes nothing away therefrom.   A true 'parasite' feeds off its host and takes essence therefrom.  

But this cannot be a surprise.  Both Peter and Meni jump at every chance to play Mastercoin into poor light - even when that includes using terms which are not accurate.

Indeed it is symbiotic at the network level.  Because while msc tx are made up of btc tx which use resources, the btc network needs more tx to build maintain a monopoly/leader position in the market which is the true goal of any economic  organism in a free market.  Thus msc by bringing tx to the btc network is exchanging one thing of value (btc network security) for another thing of value (more users, more tx).

On a side not I have notcied I the btc tx per block record that it has not increased lately.  If we can move at least some stocks over to MSC, the number of tx per block will increase dramatically and you can bet that you will be a 10x or more growth I  the price of btc.  Msc as well, but I dont understand it's capitalization dynamics enough to make an educated guess yet.

WINGS Beta is live - list your project for only 200 WINGS (erc20 coin) at https://wings.ai - over $750 Million raised by ICOs with WINGS
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
October 20, 2013, 12:07:14 PM
 #1346

Some questions that may help close the distance between the forks:

If this hostile fork is treated as, well, hostile; could the bitcoin network impose a minimum charge for carrying a Msc tx that be acceptable to everyone?  Or alternatively not accept Msc transactions if it were not?  (with the cost of choice being an imposed cost to the network)

Is developing the facility to recognize Msc transactions and account for them a cost imposed on the Bitcoin network for which it is compensated to their satisfaction?  

Is that cost freely negotiated or simply imposed and the compensation chosen by msc?

Msc may be a net benefit for the Bitcoin network, but how knowable/agreeable is this at this time?

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
October 20, 2013, 12:14:19 PM
 #1347

I don't think we should use invalid ECDSA points if at all possible though as we'd be making it blindingly easy to censor mastercoin; the bitcoin devs could simply enforce ECDSA point validity checking on multisig pubkeys and we'd be in trouble.

This is already being implemented, in fact.  Nothing to do with mastercoin.


Why wouldn't making it "blindingly easy" to discriminate between transactions considered a feature?  If msc is a net benefit for the Bitcoin network, this feature would assist in verifying that, yes?

Not arguing for this method, just suggesting that this reason for avoiding it doesn't speak well of msc.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
prophetx
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


he who has the gold makes the rules


View Profile WWW
October 20, 2013, 12:45:07 PM
 #1348

I don't think we should use invalid ECDSA points if at all possible though as we'd be making it blindingly easy to censor mastercoin; the bitcoin devs could simply enforce ECDSA point validity checking on multisig pubkeys and we'd be in trouble.

This is already being implemented, in fact.  Nothing to do with mastercoin.


Why wouldn't making it "blindingly easy" to discriminate between transactions considered a feature?  If msc is a net benefit for the Bitcoin network, this feature would assist in verifying that, yes?

Not arguing for this method, just suggesting that this reason for avoiding it doesn't speak well of msc.

I dont get it.

What you are saying is...

yes lets not conform to the standard and if people think our message is valuable enough they also will break away from the standard to accommodate us...

WINGS Beta is live - list your project for only 200 WINGS (erc20 coin) at https://wings.ai - over $750 Million raised by ICOs with WINGS
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
October 20, 2013, 12:49:21 PM
 #1349

I don't think we should use invalid ECDSA points if at all possible though as we'd be making it blindingly easy to censor mastercoin; the bitcoin devs could simply enforce ECDSA point validity checking on multisig pubkeys and we'd be in trouble.

This is already being implemented, in fact.  Nothing to do with mastercoin.


Why wouldn't making it "blindingly easy" to discriminate between transactions considered a feature?  If msc is a net benefit for the Bitcoin network, this feature would assist in verifying that, yes?

Not arguing for this method, just suggesting that this reason for avoiding it doesn't speak well of msc.

I dont get it.

What you are saying is...

yes lets not conform to the standard and if people think our message is valuable enough they also will break away from the standard to accommodate us...

You misread. Or perhaps I was unclear.
I am not arguing for this method.  I am suggesting this reason stated for avoiding it is not a good reason.
The method may be bad for many other reasons as you rightly point out.

It was offered as an example of how msc can do better at "playing well with others" and be better accepted.  It ought not have to hide or avoid censorship.  Smiley It ought be welcomed and celebrated and invited.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
really
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
October 20, 2013, 12:57:16 PM
 #1350

Reward MasterCoins
For every 10 MasterCoins sold, an additional “reward MasterCoin” will also be created, which will be
awarded to the Exodus Address slowly over the following years.

As you have said above,the Reward MasterCoins distribution is Centralized. every 10 MasterCoins sold the Reward MasterCoins will be awarded to the Exodus Address,that means  Reward MasterCoins will all be yours. Why not consider Reward the traders in a reasonable percent?

prophetx
Legendary
*
Offline Offline

Activity: 1442
Merit: 1000


he who has the gold makes the rules


View Profile WWW
October 20, 2013, 01:42:46 PM
 #1351

Reward MasterCoins
For every 10 MasterCoins sold, an additional “reward MasterCoin” will also be created, which will be
awarded to the Exodus Address slowly over the following years.

As you have said above,the Reward MasterCoins distribution is Centralized. every 10 MasterCoins sold the Reward MasterCoins will be awarded to the Exodus Address,that means  Reward MasterCoins will all be yours. Why not consider Reward the traders in a reasonable percent?


As I understand it the reward goes to the Mastercoin Foundation and can be used for further accelerating MSC development.

Trading is economically rewarding in and of itself, if one is rational and lucky, therefore it should not require a subsidy.  Such a subsidy would reward unnecessary trading.

WINGS Beta is live - list your project for only 200 WINGS (erc20 coin) at https://wings.ai - over $750 Million raised by ICOs with WINGS
HammerFist
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
October 20, 2013, 02:47:32 PM
 #1352

Reward MasterCoins
For every 10 MasterCoins sold, an additional “reward MasterCoin” will also be created, which will be
awarded to the Exodus Address slowly over the following years.

As you have said above,the Reward MasterCoins distribution is Centralized. every 10 MasterCoins sold the Reward MasterCoins will be awarded to the Exodus Address,that means  Reward MasterCoins will all be yours. Why not consider Reward the traders in a reasonable percent?
Apparently, Silk Road's closure has done little to reduce the consumption of drugs.
ASICSRUS
Member
**
Offline Offline

Activity: 70
Merit: 10


Expert Computer Geek


View Profile
October 20, 2013, 05:40:37 PM
 #1353

I have alot of spare time lately but not alot of money and I'm looking for a project to pour my energy and expertise into.
Don't worry about the money, you'll have plenty if you hang out here for long.  But, I've got to warn you the competition is good.  You'll have to program some slick stuff if you want to take an MSC bounty.  The last contest just ended - a new is about to begin.  Mastercoin project has over $800,000 in the bank so plenty to give away.  

wow nice is there anything I could do to promote for you guys i've been dropping hints on the options desk!  Cool thank you! looking good/\

✰ If You Risk Nothing, You Risk Everything | PrimeDice.com | The New Way To Roll | *Thread*

<3<3:::LOVE^YOUR^NEIGHBOR!!!:::|+i|_33+(((PLEASE)))====>Donate if you like me!~> 157YEcD4WQ9UbhZ7NSC2FpuaYfxHe3JgF2
dillpicklechips
Hero Member
*****
Offline Offline

Activity: 896
Merit: 502



View Profile
October 20, 2013, 09:49:02 PM
 #1354

I'm cross posting a question here for more visibility and further discussion. I like Mastercoins and colored coins and think they are the next frontier for crypto-currencies. I hope they both succeed. My main confusion seems to be one of value. Colored coins are essentially priced to be lowest BTC value that the network will confirm. They are just clever movements of BTC. Mastercoins on the other hand have scarcity built in from the exodus address and are traded.

Alt-mastercoins are a real possibility. Traditional alt-currencies needed miner support to thrive. The larger the miner support, the stronger the security. Coins like Mastercoins get their security for free from the BTC network. Because the project is open source anyone can alter the project and create alt-mastercoins. They don't need any miner support at all and instantly will get the same security and features.

Could an Alt-Mastercoin exist that doesn't doesn't need scarcity? One that uses a "generation address" and to enter the alt-mastercoin ecosystem you just send BTC to it? It would make using all of Mastercoin's features dirt cheap with all the advantages of a tradition Mastercoin. Almost a colored coin/mastercoin hybrid.

I'm just wondering if the scarcity is unenforceable as a more free alternative will just take away market share after all the development is done? Although the exodus address was useful for funding development, I'm skeptical it will behave like a traditional crypto-currency and grow to extreme values.


Luckybit
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500



View Profile
October 20, 2013, 11:53:06 PM
 #1355

I'm cross posting a question here for more visibility and further discussion. I like Mastercoins and colored coins and think they are the next frontier for crypto-currencies. I hope they both succeed. My main confusion seems to be one of value. Colored coins are essentially priced to be lowest BTC value that the network will confirm. They are just clever movements of BTC. Mastercoins on the other hand have scarcity built in from the exodus address and are traded.

Alt-mastercoins are a real possibility. Traditional alt-currencies needed miner support to thrive. The larger the miner support, the stronger the security. Coins like Mastercoins get their security for free from the BTC network. Because the project is open source anyone can alter the project and create alt-mastercoins. They don't need any miner support at all and instantly will get the same security and features.

Could an Alt-Mastercoin exist that doesn't doesn't need scarcity? One that uses a "generation address" and to enter the alt-mastercoin ecosystem you just send BTC to it? It would make using all of Mastercoin's features dirt cheap with all the advantages of a tradition Mastercoin. Almost a colored coin/mastercoin hybrid.

I'm just wondering if the scarcity is unenforceable as a more free alternative will just take away market share after all the development is done? Although the exodus address was useful for funding development, I'm skeptical it will behave like a traditional crypto-currency and grow to extreme values.



The important thing to note about Mastercoin is momentum. It has the momentum. It has around half a million dollars from crowd funding to provide incentives for developers to actually build it. Owning the coins is like owning stock in Mastercoin and that provides incentive for developers and anyone else to prefer it over Colored Coin.

That is the mistake of Colored Coin. Colored Coin is like GNU Hurd which was the basis for Linux but most people don't know about it because it never had the same kind of developer support, marketing, or incentives to draw people to it.

When all is said and done speculators require incentives to do things. Mastercoin is being designed to attract speculation. Colored Coin is being designed by technical programmer types but since there wont be anything to trade initially and no crowd funding, and no momentum, in my opinion it's going to be left in the dust.

What would you choose as a developer or investor? Would you choose Colored Coin which by design will never be as powerful as Mastercoin? Which does not have momentum? But which I suppose could produce a simple solution to solve a simple technical problem? Or would you go with the momentum? If Colored Coin can capture the momentum and actually do a good job explaining what Colored Coin is then people will use it but it still isn't going to catch on fire like Mastercoin will.

Mastercoin will allow people to make bets and that feature alone will attract a very dedicated following. For example if Mastercoin works as intended we could bet on anything from which team will win the superbowl, to whether or not difficulty will double, to whether or not AsicMiner will be able to achieve 10% of the hash rate and we'd be able to do it in a completely decentralized manner. On top of that anyone who owns Mastercoins now is going to prefer using Mastercoin over Colored Coin because their Mastercoins gain value over time while Colored Coin is at best a platform which no one really has a stake in so who would care about it if everyone were a rational actor?

I know people are not rational and there will be plenty of people who like Colored Coin for ideological reasons. I can even think of some reasons why I might prefer Colored Coin and I own Mastercoins. One reason is that Colored Coin works on altcoin blockchains and Mastercoin works only with Bitcoin. There would be no real benefit to building an alternative fork of Mastercoin on top of Bitcoin if the original Mastercoin works as it should. There will definitely be demand for Colored Coin and perhaps Bitshares and Hops, and the market is going to be big enough where all of them will succeed on different blockchains but on the Bitcoin blockchain we will see Mastercoin dominate because it's basically build into it the blockchain and you cannot really beat that. Colored Coin is not built into the blockchain and that is both it's strength and weakness.

It's a strength because for Litecoin we'd have to use Colored Coin so perhaps they can create a niche around Litecoin and other altcoins. For Bitcoin it's going to either be Mastercoin ,  Bitshares,  or both but I don't think Colored Coin will be able to compete when both Mastercoin and Bitshares have lots of cash to build with and attract speculators with interest, dividends, and other kinds of incentive mechanisms which Colored Coin lacks.

I don't even see how you could build something like Mastercoin without some kind of coin which people would have to buy with Bitcoins. How would you get people to buy something with Bitcoins? People buy Mastercoins because they can be used to create new currencies. Those new currencies require backing in the form of escrow so that the supply can be controlled.

It's not just that Mastercoins are scarce, it's that they are incredibly valuable because they can allow so many possibilities but I suppose you could do some of it with Colored Coin or with some alternative to Mastercoin but it's all about speculation and liquidity,  once Mastercoin gets established its not going to be so simple to just clone it. If it were that simple then Bitcoin would have a difficult time competing with Litecoin because Litecoins are cheaper.

Peter Todd
Legendary
*
Offline Offline

Activity: 1106
Merit: 1001


View Profile
October 21, 2013, 01:11:42 AM
 #1356

I ran up 20,000 compressed pubkeys from random, then used the last byte rotation method to try and make them valid ECDSA points.  

Seems to have worked for all 20,000 - but my ECDSA point validity testing is being done with code from the Casascius Bitcoin Address Utility and there is a line in there that is making me wonder whether the validatePoint() and other check functions are giving me the whole picture on whether the keys are valid:

Code:
// todo: ensure X and Y are on the curve

You can find the results here.  Tachikoma, when you're back and have a bit of time would you mind taking the '*RAW' file and running some of those pubkeys through your Mastercoin::Util.valid_ecdsa_point? function and see what results you get?  They are the corrected keys with the last byte rotated and all 20,000 are supposed to be valid.

You're on the right track, although be warned that the assumption that modifying a single byte until the X point is on the ECDSA curve is always possible may be invalid; my understanding is that there's no upper-bound known on the gaps between valid points on the curve. Having said that, a decent assumption is, as you've already figured out, they are randomly distributed and about half of all randomly chosen 256-bit integers are valid X points.

Stepping back for a moment, keep in mind that censorship isn't as simple as just "block invalid X points" - censoring any data that looks like it isn't random is quite possible too. I've been told that some pools are already implementing this with rules that block transactions where the data encoded in them is too "compressible" or has too many ASCII characters. What you need to be doing, at minimum, is encrypting the data you are embedding too. As I suggested in the Bitmsg thread a good way to do this is to use a cipher, taking the first CTxIn's prevout.hash + prevout.n + nSequence + nLockTime, hashing all them together to create an initialization vector, and then using that IV with some type of cipher. The resulting encrypted data is just as likely as passing randomness tests as any other pubkey, and doing so doesn't have any real performance impact. (encryption is fast!) Of course, for Mastercoin, this isn't really encryption as encryption, more encryption for the purpose of steganography, but for that purpose it's still effective.

Once we've settled on using encryption we can then make use of it to give a very robust way of ensuring the data in question looks like valid public keys. Essentially what you want is a chained block cipher mode, but one where each PUSHDATA corresponds to one block; another equally valid version is to have a stream cipher where the cipher is re-keyed on every PUSHDATA.

Now lets say we've split our Mastercoin message into a series of PUSHDATA's, forming plaintext P_0 to P_n. We also have our steam cipher E_k for key k, where the k is well known. (could be SHA256('MasterCoin Rocks!'); it's not a secret) We compute the cipher text as C_i = E_k(P_i XOR C_{i-1}), C_0 = IV. (AKA CBC mode)

Now, what what we do is for every C_i we test if it's a valid pubkey, if not we modify P_i until it is, just like you were doing above. Given that ~50% of all X points are valid pubkeys the probability of not being able to find a valid one is 2^-256, essentially impossible, and because the IV is different for every message there's no danger of an attacker finding a specific one that doesn't work for everybody. (by finding some region where a large number of X points are invalid and constructing some kind of asset or something where trading in it is likely to result in messages hitting that case)

AES works on 128-bit blocks, while a compressed pubkey makes for a 256-bit block, so you'll have to make the iterator being modified be at the beginning rather than end of a block. You'll also need a crypto library that can save state, allowing you to back-up two blocks whenever you need to modify the iterator. That said if you put the iterator in the second block, you only need to back-up a single block, and it's rather unlikely for a 128-bit prefix to have no 128-suffixes that are valid pubkeys; you'll probably get away with it, but be warned that I'm not a cryptographer.

A more general "stuff-data-in-the-blockchain" solution would also allow for stuffing in any PUSHDATA, specifying which PUSHDATAs happened to be valid with, say, the low-order bits of the nValue in each CTxOut. In this case you'd want a rule that handles 33-byte PUSHDATA's specially, dropping the first byte and the iterator byte from the plaintext output. I've actually got code that does most of this; I might go publish it as a general purpose library for censorship-resistant embedding of data in the blockchain.

Also in case you guys aren't already aware, currently the IsStandard() rules consider any PUSHDATA from 33 bytes to 120 bytes as standard, and there is nothing checking that pubkeys are valid at all. (including the first byte that determines compressed/uncompressed) For instance my OpenTimestamps timestamper stuffed timestamps into bare CHECKMULTISIG scriptPubKeys by setting the first byte of the pubkey to zero to be sure it could never be spent.(1)

1) Note that because the IV is constructed from a one-way-function, and CBC-mode encryption is also a one-way-function, we can be sure that no attacker could ever come up with a way to get you to create a pubkey for which they knew the secret key for. In theory an XOR stream cipher mode doesn't have this guarantee.


Disclosure: Someone contacted me privately and offered to pay me to help you guys out, although they didn't realize at first how far along you guys were in understanding the problem. I assume they were a Mastercoin investor, but I don't know and they asked to remain anonymous. All the same, I hope this helps.

dillpicklechips
Hero Member
*****
Offline Offline

Activity: 896
Merit: 502



View Profile
October 21, 2013, 03:06:27 AM
 #1357

There would be no real benefit to building an alternative fork of Mastercoin on top of Bitcoin if the original Mastercoin works as it should.
Once the project is mature, someone just has to clone it and people can have all the features of Mastercoin without having to purchase expensive Mastercoins. It would be a cheaper alternative. That's what I'm getting at. It's not like the BTC vs LTC wars. A competitor immediately has the same security. It's not exactly a whole new crypto-currency like the originals. You are essentially betting on people being loyal to Mastercoin. And why would someone who is about to do an IPO care? Offer shares on the original Mastercoin or use the cheaper alt-mastercoin where the fees are pretty much as cheap as BTC transactions will allow? They should be loyal to a certain software package or website? If a company decides to use the alt-mastercoin, they just direct the investors to another download site so they can begin right away. This alt-mastercoin would probably even have compatibility to manage old mastercoin transactions as well. Wouldn't users flock to the package that manages both? And wouldn't businesses and users use the one that's cheapest?

The more expensive Mastercoin gets the more there is an incentive for a cheaper alternative. This cheaper alternative would be best to wait until Mastercoin is mature. After people have invested time and money. It would totally destroy investors who are heavily invested in Mastercoin as an investment as apposed to an actual tool for trade. That's what worries me. People promising wealth on a tool. That's what it is. It's moving BTC around. The BTC is here to stay. The tools on top will change.


Quote
There will definitely be demand for Colored Coin and perhaps Bitshares and Hops, and the market is going to be big enough where all of them will succeed on different blockchains but on the Bitcoin blockchain we will see Mastercoin dominate because it's basically build into it the blockchain and you cannot really beat that. Colored Coin is not built into the blockchain and that is both it's strength and weakness.
Colored coins are built into the blockchain! Just like Mastercoin.


Quote
I don't even see how you could build something like Mastercoin without some kind of coin which people would have to buy with Bitcoins. How would you get people to buy something with Bitcoins? People buy Mastercoins because they can be used to create new currencies. Those new currencies require backing in the form of escrow so that the supply can be controlled.
Exact same thing can be done with colored coins. Just define the new currency as 1 satoshi = 100 units new currency residing in address x. Define that no new BTC sent to that address are valid. All completely done without Mastercoin.

Quote
once Mastercoin gets established its not going to be so simple to just clone it. If it were that simple then Bitcoin would have a difficult time competing with Litecoin because Litecoins are cheaper.
Miners are a HUGE form of momentum. That's what keeps us on BTC. If we could invent a currency with the same security as BTC instantly, BTC would be threatened. With mastercoin or colored coins that scenario is not only possible but likely. That's why a huge valuation for mastercoins makes no sense.

zathras
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
October 21, 2013, 07:35:17 AM
 #1358

I don't think we should use invalid ECDSA points if at all possible though as we'd be making it blindingly easy to censor mastercoin; the bitcoin devs could simply enforce ECDSA point validity checking on multisig pubkeys and we'd be in trouble.

This is already being implemented, in fact.  Nothing to do with mastercoin.


Thanks Jeff, this is very helpful to know Smiley

I ran up 20,000 compressed pubkeys from random, then used the last byte rotation method to try and make them valid ECDSA points.  

Seems to have worked for all 20,000 - but my ECDSA point validity testing is being done with code from the Casascius Bitcoin Address Utility and there is a line in there that is making me wonder whether the validatePoint() and other check functions are giving me the whole picture on whether the keys are valid:

Code:
// todo: ensure X and Y are on the curve

You can find the results here.  Tachikoma, when you're back and have a bit of time would you mind taking the '*RAW' file and running some of those pubkeys through your Mastercoin::Util.valid_ecdsa_point? function and see what results you get?  They are the corrected keys with the last byte rotated and all 20,000 are supposed to be valid.

You're on the right track, although be warned that the assumption that modifying a single byte until the X point is on the ECDSA curve is always possible may be invalid; my understanding is that there's no upper-bound known on the gaps between valid points on the curve. Having said that, a decent assumption is, as you've already figured out, they are randomly distributed and about half of all randomly chosen 256-bit integers are valid X points.

Stepping back for a moment, keep in mind that censorship isn't as simple as just "block invalid X points" - censoring any data that looks like it isn't random is quite possible too. I've been told that some pools are already implementing this with rules that block transactions where the data encoded in them is too "compressible" or has too many ASCII characters. What you need to be doing, at minimum, is encrypting the data you are embedding too. As I suggested in the Bitmsg thread a good way to do this is to use a cipher, taking the first CTxIn's prevout.hash + prevout.n + nSequence + nLockTime, hashing all them together to create an initialization vector, and then using that IV with some type of cipher. The resulting encrypted data is just as likely as passing randomness tests as any other pubkey, and doing so doesn't have any real performance impact. (encryption is fast!) Of course, for Mastercoin, this isn't really encryption as encryption, more encryption for the purpose of steganography, but for that purpose it's still effective.

Once we've settled on using encryption we can then make use of it to give a very robust way of ensuring the data in question looks like valid public keys. Essentially what you want is a chained block cipher mode, but one where each PUSHDATA corresponds to one block; another equally valid version is to have a stream cipher where the cipher is re-keyed on every PUSHDATA.

Now lets say we've split our Mastercoin message into a series of PUSHDATA's, forming plaintext P_0 to P_n. We also have our steam cipher E_k for key k, where the k is well known. (could be SHA256('MasterCoin Rocks!'); it's not a secret) We compute the cipher text as C_i = E_k(P_i XOR C_{i-1}), C_0 = IV. (AKA CBC mode)

Now, what what we do is for every C_i we test if it's a valid pubkey, if not we modify P_i until it is, just like you were doing above. Given that ~50% of all X points are valid pubkeys the probability of not being able to find a valid one is 2^-256, essentially impossible, and because the IV is different for every message there's no danger of an attacker finding a specific one that doesn't work for everybody. (by finding some region where a large number of X points are invalid and constructing some kind of asset or something where trading in it is likely to result in messages hitting that case)

AES works on 128-bit blocks, while a compressed pubkey makes for a 256-bit block, so you'll have to make the iterator being modified be at the beginning rather than end of a block. You'll also need a crypto library that can save state, allowing you to back-up two blocks whenever you need to modify the iterator. That said if you put the iterator in the second block, you only need to back-up a single block, and it's rather unlikely for a 128-bit prefix to have no 128-suffixes that are valid pubkeys; you'll probably get away with it, but be warned that I'm not a cryptographer.

A more general "stuff-data-in-the-blockchain" solution would also allow for stuffing in any PUSHDATA, specifying which PUSHDATAs happened to be valid with, say, the low-order bits of the nValue in each CTxOut. In this case you'd want a rule that handles 33-byte PUSHDATA's specially, dropping the first byte and the iterator byte from the plaintext output. I've actually got code that does most of this; I might go publish it as a general purpose library for censorship-resistant embedding of data in the blockchain.

Also in case you guys aren't already aware, currently the IsStandard() rules consider any PUSHDATA from 33 bytes to 120 bytes as standard, and there is nothing checking that pubkeys are valid at all. (including the first byte that determines compressed/uncompressed) For instance my OpenTimestamps timestamper stuffed timestamps into bare CHECKMULTISIG scriptPubKeys by setting the first byte of the pubkey to zero to be sure it could never be spent.(1)

1) Note that because the IV is constructed from a one-way-function, and CBC-mode encryption is also a one-way-function, we can be sure that no attacker could ever come up with a way to get you to create a pubkey for which they knew the secret key for. In theory an XOR stream cipher mode doesn't have this guarantee.


Disclosure: Someone contacted me privately and offered to pay me to help you guys out, although they didn't realize at first how far along you guys were in understanding the problem. I assume they were a Mastercoin investor, but I don't know and they asked to remain anonymous. All the same, I hope this helps.

Paid or not Peter this is extremely helpful, thank you (though it will take multiple readings for me to even remotely try to understand it all!). 

JR, without wanting to be badgering I feel this is the most critical issue for mastercoin right now.  How we store data in the blockchain is fundamental and should be locked away as early as possible (and ideally written into the spec).  As you made that the number one goal of the first coding contest I'm guessing you feel the same Smiley  Tachikoma's work is great but perhaps we could refine it somewhat - in development we're spitting out invalid ECDSA points in multi-sigs some of the time and as Jeff has raised above, pubkey checking is on the way regardless of mastercoin.

As I've mentioned before I view the miners as our critical issue and if some of the major pools are doing things like looking for obvious compressable/text data as Peter notes, perhaps some further investigation into steganography (an apt analogy I think) would be in order - obfuscating the data we're storing in the pubkey (IMO) seems quite achievable and spotting our padding ("000000000" etc) isn't going to be hard.

Thoughts?


Smart Property & Distributed Exchange: Master Protocol for Bitcoin
maxmint
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
October 21, 2013, 07:39:19 AM
 #1359

Masterchest.info seems to be missing the 2 most recent Mastercoin transactions (each 50 MSC).
Both mastercoin-explorer.com and masterchain.info are showing these transactions.

I guess that's just a delay with masterchest.info and not a problem with the actual transactions, right?

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
Bitoy
Sr. Member
****
Offline Offline

Activity: 449
Merit: 250


View Profile
October 21, 2013, 07:45:43 AM
 #1360

Maybe we can just do random padding (instead of all 0 paddings).  Then just test if its valid.

Another option is to ask bitcoin foundation to allow msc data transaction.   ( like telcos buying cell phone frequency from the government.)


Pages: « 1 ... 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 [68] 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 ... 166 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!