Calling Gavin Andresen and others, possibility of restoring MtGox's coins.

[coinft]

There is no such thing as "fixing private keys".   Private keys are simply random 256 bit numbers.  You either have them or you don't.

If MtGox either
a) doesn't have the private keys for the coins in their wallet
or
b) they have the private keys but the coins have been moved (given to attackers, stolen years ago in prior hacks, embezzled)

there is nothing short of a hard fork to mint new coins for MtGox that anyone can do.

Please read:

http://www.reddit.com/r/Bitcoin/comments/1z8fmc/mtgox_private_key_related_coin_loss_a_explanation/

Yeah I read it an it is utter nonsense written by someone who doesn't understand that private keys are random and addresses are derived from those private keys.  

Private key a is a random 256 bit number.  Using ECDSA and priv_key a produces pubkey A which is hashed and cheksumed to form address AA.  A proper wallet would record "a" and "AA".  If MtGox's custom wallet was broken such that after randomly generating "a" instead of producing address "AA" it produced address "BB" then contrary to the linked post, there is no way to find private key "b" from address "BB".  The coins are now at "BB" which has an unknown key and they were never sent to "AA" which is the address for the key MtGox has.

The linked post is just a theory and if right (MtGox doesn't have the private keys from the addresses containing 800,000 BTC) then those coins are "gone" forever*.  If you could "recover" those coins then it wouldn't really matter because Bitcoin is completely broken and worthless.

Furthermore I would add nobody even knows if this is the case.  Mark (and his lawyers) have been very vague on the exact status of the "lost/stolen/missing/unavailable" coins and the reason for that status.   


* Well at least until the cryptographic primitives are weakened by cryptanalysis to make a brute force attack possible which could be 0 to infinite years from now.

Well as far as I understand, there could be a homomorphic function f for which f(AA) = BB, and then there'd be an f' for which f'(aa) = bb. But I think that's extremely unlikely. Also I dimly remember MtGox had a problem with broken tx scripts, which I very much doubt falls into this homomorphic function class.

[1715246579]

1715246579

[1715246579]

1715246579

[Stammer]

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

[dserrano5]

Let's say that some cryptographic breakthroughs during the next few years allow us to figure out a private key from a bitcoin address in a reasonable amount of time (ie both SHA256 and RIPEMD160 become vulnerable).

By then, the bitcoin software will have been upgraded to work with a different set of hashes and everybody will have sent all their balance from the old, potentially compromised addresses to the new ones. This scenario would mean two things:

- We would be able to know the exact amount of lost coins. All balance that remains in the old addresses could be safely assumed to have been previously lost.
- All those lost coins could be reintroduced back into the system by cracking their private keys (I'll leave aside the subject of how to distribute them among users).

Now, if mtgox hasn't been robbed and the root cause of this situation is that MK lost the private key(s) to the cold wallet(s), we would have a chance to return the coins to their rightful owners without forking the network or minting new coins. We would just rescue those lost coins and put them in circulation again.

Full disclosure: I'm one affected mtgox user.

[zyk]

The Foundation has enough money to assemble a task force to fly to Japan and assist Mark Karpeles.

Where did you read that Mark Karpeles asked for a help? You can't help someone who doesn't want your help.

I agree with Biomech on his thoughts.

As for the input from itod: I think a task force should be sent there anyway, and they should be very persistent in trying to help MtGox/Mark. If he refuses help, that points even more to him being guilty of misdoings.

I would think there's at least someone on the Foundation or otherwise (Roger Ver?), that could sit down with Mark, have a conversation, and convince him that it is in everybody's interest to work together to find a solution.

Thats not going to happen...these poeple were on the other side of the trade and in on the cover - up ( Roger seemingly bidding for Goxcoins,remember? ) ....they collected

your wealth on the way up , your money went offshore already....and now your stolen coins are even dumped on you until wallstreet picks em up for 50 bucks a piece...

if you don´t believe me...just watch the show

[cr1776]

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

The current bitcoin model can't stop people from doing stupid things.  Like dealing with a group that has had issue with reliability for years. Like storing bitcoins on an exchange, pool or somewhere else where you don't have the private keys. Like designing software  that allows one to withdraw the same funds many times.

This isn't about the bitcoin model, this is about gox being stupid, uninformed, or criminal depending on who you believe and people not seeing (or ignoring) the repeated issues all through 2013 and before.

[ShadowOfHarbringer]

Ok, well the private keys are probably not restorable, but something should be done to pay back people who have suffered because of this.

So MtGox is too big to fail and there should be "super users" who have the ability to generate hundreds of thousands of new coins by decree?  You have just reinvented the existing banking system.  Bitcoin was suppose to be digital gold.  If a ship carrying 750,000 ounces of gold for a depository sunk in irrecoverably deep water and the depository was uninsured you couldn't just magic up another 750,000 ounces of gold.

Any hard fork or alteration of the core bitcoin rules essentially has no chance of consensus and if it did it would undermine all the touted benefits of Bitcoin.

Yep.

If a hard fork was done to print more coins, i would definately leave Bitcoin...

Some rules are meant *not* to be changed. You can't just print gold out of thin air. Bitcoin is the new gold. An action like this would literally destroy Bitcoin.

[porcupine87]

There is no such thing as "fixing private keys".   Private keys are simply random 256 bit numbers.  You either have them or you don't.

If MtGox either
a) doesn't have the private keys for the coins in their wallet
or
b) they have the private keys but the coins have been moved (given to attackers, stolen years ago in prior hacks, embezzled)

there is nothing short of a hard fork to mint new coins for MtGox that anyone can do.

I have a question:
I do understand that private keys are random numbers, but at same point they have to be created on deterministic factors like time etc. So when the private key would be let's say a hash of the "magic_number"+timestamp, then there is a chance to rebuild the private key, if you have the magic number and the timestamp. For the sake of simplicity let's assume the bug is that a letter x got added to the private key. So no private key would work anymore.
-> So in this case there would be a feasible way to compute the private keys.

But I have no idea how MtGox created the private key. Maybe they took something that can't be found like Marc used 500 random characters (just pushed his hands on the keyboard).

So based on what private keys get created in the qt wallet?

[ShadowOfHarbringer]

There is no such thing as "fixing private keys".   Private keys are simply random 256 bit numbers.  You either have them or you don't.

If MtGox either
a) doesn't have the private keys for the coins in their wallet
or
b) they have the private keys but the coins have been moved (given to attackers, stolen years ago in prior hacks, embezzled)

there is nothing short of a hard fork to mint new coins for MtGox that anyone can do.

I have a question:
I do understand that private keys are random numbers, but at same point they have to be created on deterministic factors like time etc. So when the private key would be let's say a hash of the "magic_number"+timestamp, then there is a chance to rebuild the private key, if you have the magic number and the timestamp. For the sake of simplicity let's assume the bug is that a letter x got added to the private key. So no private key would work anymore.
-> So in this case there would be a feasible way to compute the private keys.

If there existed such an easy way to compute private keys, then Bitcoin was doomed from the start. Well, actually - maybe the whole Internet would be doomed, as no SSL or SSH session would ever be safe.

Luckily, that's rather improbable.

[DeathAndTaxes]

There is no such thing as "fixing private keys".   Private keys are simply random 256 bit numbers.  You either have them or you don't.

If MtGox either
a) doesn't have the private keys for the coins in their wallet
or
b) they have the private keys but the coins have been moved (given to attackers, stolen years ago in prior hacks, embezzled)

there is nothing short of a hard fork to mint new coins for MtGox that anyone can do.

I have a question:
I do understand that private keys are random numbers, but at same point they have to be created on deterministic factors like time etc. So when the private key would be let's say a hash of the "magic_number"+timestamp, then there is a chance to rebuild the private key, if you have the magic number and the timestamp. For the sake of simplicity let's assume the bug is that a letter x got added to the private key. So no private key would work anymore.
-> So in this case there would be a feasible way to compute the private keys.

But I have no idea how MtGox created the private key. Maybe they took something that can't be found like Marc used 500 random characters (just pushed his hands on the keyboard).

So based on what private keys get created in the qt wallet?

The QT client uses the OS level random number generator to generate private keys.  If values of PRNG could be recomputed, then anyone could recompute any other persons private keys.  Bitcoin would fail and so would essentially all other crypto.  PRNG while not truly random are designed to make such recomputation infeasible.  They don't just use a timestamp, they pull data from an entropy pool which is filled with sources like # of disk I/O failures in last x seconds,  random noise from sound card DAC, temperature of processor, the timing (in milliseconds) between keystrokes on the keyboard, the mouse movement data, the latency recorded on IDE calls.

To recompute a PRNG value would require not just the timestamp of the value but recreating the system in the exact same configuration as it was at the time the random value was requested.  This is nearly impossible unless there is some flaw in the PRNG and even then you would need some extensive cryptanalysis and a lot of computing power (i.e may take quadrillions of attempts to recompute the target value).

Of course it is also possible to generate private keys using a true hardware random number generator (quantum random number generator is one example).  For those there is no method, not even theoretical to recompute the generated number.

[bitserve]

- All those lost coins could be reintroduced back into the system by cracking their private keys (I'll leave aside the subject of how to distribute them among users).

That subject is an easy one: Whomever cracks them, gets them. It couldnt be any other way, unless we start talking about "tainted coins" again.

[analytics]

See this post on ways for tracking who has the coins.
https://bitcointalk.org/index.php?topic=494761.0

[itod]

Now, if mtgox hasn't been robbed and the root cause of this situation is that MK lost the private key(s) to the cold wallet(s), we would have a chance to return the coins to their rightful owners without forking the network or minting new coins. We would just rescue those lost coins and put them in circulation again.

Full disclosure: I'm one affected mtgox user.

I'm sorry about your loss, but the only owners of those BTC are the ones who presently hold them. There is not a shred of evidence that those coins are "lost", meaning those private keys are destroyed by MtGox. I know this sounds harsh, but any attempt to try to return those coins to previous owners by some technical method would totally destroy Bitcoin. It's the exact opposite of everything Bitcoin stands for. There are legal paths that affected people can turn to, trying to use any other means would bring the end of Bitcoin. It's not fair (as life often isn't), but those coins are someone else's now.

Speaking of legal means, it's unclear to me that it's so hard to find people who allegedly stole them through malleability. There are server logs with IP addresses, there are ton of personal data including email accounts, all those data can be accessed with court orders in almost any country of the world. I don't believe those criminals were that good they didn't leave a single piece of evidence behind them. That's your biggest hope to return those coins IMHO. I refuse to believe that all of them were stolen, someone calculated that in order to steal 750.000 BTC from june 2011 till now you have to steal them at a rate of 1000 BTC a day. There's almost 0 chance fraud of that size can possibly go unnoticed.

[jl2012]

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

If the current fiat currency model allows you to destroy money by burning banknotes, then there's something wrong in the current fiat currency model. 

[jl2012]

Let's say that some cryptographic breakthroughs during the next few years allow us to figure out a private key from a bitcoin address in a reasonable amount of time (ie both SHA256 and RIPEMD160 become vulnerable).

By then, the bitcoin software will have been upgraded to work with a different set of hashes and everybody will have sent all their balance from the old, potentially compromised addresses to the new ones. This scenario would mean two things:

- We would be able to know the exact amount of lost coins. All balance that remains in the old addresses could be safely assumed to have been previously lost.
- All those lost coins could be reintroduced back into the system by cracking their private keys (I'll leave aside the subject of how to distribute them among users).

Now, if mtgox hasn't been robbed and the root cause of this situation is that MK lost the private key(s) to the cold wallet(s), we would have a chance to return the coins to their rightful owners without forking the network or minting new coins. We would just rescue those lost coins and put them in circulation again.

Full disclosure: I'm one affected mtgox user.

In such case one can also rob Satoshi's coins. Yes, you will get your bitcoins back, but they will be totally worthless.

[Stammer]

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

If the current fiat currency model allows you to destroy money by burning banknotes, then there's something wrong in the current fiat currency model.  

Haha. Very funny.

"With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party."

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

[justusranvier]

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

Bitcoin works fine without a trusted third party.

Bitcoin users who refrained from trusting any third parties lost exactly zero bitcoins.

Bitcoin promises to let your "be your own bank". If you decide to be your own daytrader then you're on your own.

[DeathAndTaxes]

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

Bitcoin does work without the need for a trusted third party.   That being said you can't by technology prohibit people from using a third party.  Satoshi never outlined a system which would prohibit voluntary association.  Sadly many people opts out of the trusted third party model by using MtGox.  Not just using them as a temporary exchange service (and yes even in a model which has no trusted third party there is a level of trust needed between consumer and merchant/service provider), but using them as a long term storage of coins.  In essence using them as a bank without insurance or oversight.   

MtGox is dead.  Bitcoin still functions.  I made transactions all week long and none of them failed or were delayed because of MtGox.  Bitcoin is a revolutionary technology and for many concepts like

If you do not have the private key for "your" bitcoins, then you have no bitcoins.

until now have seemed like quaint phrases.  Many people will never see the risk until after the catastrophic event.   It has now happened.  Hopefully people (collectively) will learn from this and use Bitcoin as Satoshi intended.  Keep control of your own wealth and don't hand that responsibility over to an untrusted third party.

[cr1776]

If the current Bitcoin model allows a guy like MK to wreak such havoc, then there's something wrong in the current Bitcoin model.

If the current fiat currency model allows you to destroy money by burning banknotes, then there's something wrong in the current fiat currency model.  

Haha. Very funny.

"With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party."

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

Bitcoin works perfectly without a trusted third party.  People chose to ignore that bitcoin does not need a trusted third party, and put their trust in a untrustworthy third party - MtGox. 

It has been said many, many times, but if you do not have your private keys, you do not own bitcoin. At best you have a ledger entry on someone's books saying that they owe you X BTC.  It is the difference between owning gold or owning GLD; or holding cash in your hand or holding an IOU for cash from someone.  This is not a bitcoin protocol problem, but a problem with an exchanges interface with bitcoin which they eff'd up royally.

[Stammer]

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

Bitcoin works fine without a trusted third party.

Bitcoin users who refrained from trusting any third parties lost exactly zero bitcoins.

Bitcoin promises to let your "be your own bank". If you decide to be your own daytrader then you're on your own.

I agree. However it's a fact that an inordinately large number of people chose to entrust their bitcoins to an unreliable third party such as Mt.Gox. The resulting disaster and those that may follow along the same lines can be tackled either

a) by pointing out , not without reason, that this is a non-issue, since in the bitcoin world it's every man for himself. That's fine , but it may scare off the naive adopter, i.e. the vast majority of people, compromising bitcoin's success.

or

b)  by introducing regulation for exchanges, i.e. turning them into banks, transforming the current bitcoin model into something quite different.

[jl2012]

Bitcoin is supposed to work without the need for a trusted third party. If that were true, we wouldn't be here discussing MK's evil deeds.

Bitcoin works fine without a trusted third party.

Bitcoin users who refrained from trusting any third parties lost exactly zero bitcoins.

Bitcoin promises to let your "be your own bank". If you decide to be your own daytrader then you're on your own.

I agree. However it's a fact that an inordinately large number of people chose to entrust their bitcoins to an unreliable third party such as Mt.Gox. The resulting disaster and those that may follow along the same lines can be tackled either

a) by pointing out , not without reason, that this is a non-issue, since in the bitcoin world it's every man for himself. That's fine , but it may scare off the naive adopter, i.e. the vast majority of people, compromising bitcoin's success.

or

b)  by introducing regulation for exchanges, i.e. turning them into banks, transforming the current bitcoin model into something quite different.

Many people have withdrawn their money since last June. The red flag was there for months. People staying there were either playing with fire, lazy, or simply ignorant.

Although that might be a good idea to regulate bitcoin exchange, that is irrelevant to the bitcoin as a currency or protocol. You don't need an exchange to spend or receive bitcoin.