Bitcoin Forum
October 15, 2019, 08:06:09 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Game theory involving Quantum Resistance protocol  (Read 183 times)
aliashraf
Hero Member
*****
Offline Offline

Activity: 924
Merit: 664


View Profile WWW
October 09, 2019, 07:08:15 PM
 #21

Most of them, wallets with exposed public keys, will migrate to the new scheme before the catastrophe and after the QC resistant fork. At the End of the day, we are left with a (tiny, IMHO) fraction of bitcoin wallets being abandoned by their owners for some reason, which I suppose less than 10% of them would have exposed keys and P2PKH addresses. My estimation is based on their current 25% ratio and the fact that such wallets are used to be more active compared to untouched wallets that are more suspicious to be abandoned.

Those numbers are completely invented. If my time in this space has taught me anything, it's that most people are overwhelmingly careless about their security and don't keep up with Bitcoin development.
No! 25% is not invented:

https://medium.com/@sashagnip/how-many-bitcoins-are-vulnerable-to-a-hypothetical-quantum-attack-3e59e4172e8
Quote
As of 2018 June 4, 19% addresses (4,204,148 of 22,275,753) that hold 25% bitcoins (4,319,806 of 17,072,361) reveal their public keys
This analysis is done using two almost simple scripts and one should run the scripts for the current date but I'm sure the numbers are getting better through time not worse.

The second number (10%) is a reasonable estimation because it is very likely that abandoned wallets are ways rarer compared to active wallets as long as we are talking about money.

This problem is compounded by the fact that quantum resistant signatures Like Lamport are extremely heavy, so we have incentive to delay a fork as long as possible:
Quote
The size of Lamport public key and signature together is 231 times (106 bytes vs 24KB) more than the ECDSA public key and signature.

I'm not sure what alternatives there are.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571126769
Hero Member
*
Offline Offline

Posts: 1571126769

View Profile Personal Message (Offline)

Ignore
1571126769
Reply with quote  #2

1571126769
Report to moderator
1571126769
Hero Member
*
Offline Offline

Posts: 1571126769

View Profile Personal Message (Offline)

Ignore
1571126769
Reply with quote  #2

1571126769
Report to moderator
AverageGlabella
Sr. Member
****
Offline Offline

Activity: 419
Merit: 601


CryptoTalk.Org - Get Paid for every Post!


View Profile
October 09, 2019, 07:15:12 PM
 #22

  • Second deadline(m>n blocks after the fork):
    • p2pkh wallets should migrate, otherwise, after m blocks, anybody who has access to public keys corresponding to such a UtXO has a right to nulify it with a fixed satoshi/Byte fee rate by means of generating and relaying a transaction.

What you are proposing is the most popular option I would say at this moment and I think its the only logistical one that I have heard of but I don't understand why you are pushing for it to be done so soon. The second deadline does not need to be months after and could instead be a couple of years to allow those that are less security conscious. The elitist attitude of "that is their problem for not listening" is invalid if we wish for mass adoption of Bitcoin. The decisions made for Bitcoin should appeal to the majority of members and not blame it on them if they are not up to date as we are. Quantum computers capable of threatening Bitcoins algorithm will be around the year 2025 at the earliest. This means we have several years to implement the first stage and then several years to allow for people to change on the second deadline. Moving this along to quickly is not an effective way of making a big change like this.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.
If this is true like we are both predicting then the second stage can be rolled out over a couple of years and not a few months.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
CryptoTalk.org| 
MAKE POSTS AND EARN BTC!
🏆
aliashraf
Hero Member
*****
Offline Offline

Activity: 924
Merit: 664


View Profile WWW
October 09, 2019, 07:32:25 PM
 #23

  • Second deadline(m>n blocks after the fork):
    • p2pkh wallets should migrate, otherwise, after m blocks, anybody who has access to public keys corresponding to such a UtXO has a right to nulify it with a fixed satoshi/Byte fee rate by means of generating and relaying a transaction.


... I don't understand why you are pushing for it to be done so soon. The second deadline does not need to be months after and could instead be a couple of years to allow those that are less security conscious.

QC resistance cryptography is new just like QC itself and it is already ahead of the enemy by any measures, I think long before QC is ready to attack we will be ready to fork.
If this is true like we are both predicting then the second stage can be rolled out over a couple of years and not a few months.
I'm not pushing. Just trying to show that we are ahead of QC threat and there is a lot of possibilities to keep the risks involved very low in the next couple of decades  Wink
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2051

Use SegWit and enjoy lower fees.


View Profile WWW
October 09, 2019, 07:40:13 PM
 #24

I totally agree with your concerns about how bad the QC issue is treated by the community, it is not the only issue that is open in bitcoin to be fair.
But for now, let's forget about governance problems for the time being and be optimistic about some sort of consensus being reached to handle QC problem, the question would be whether we could do anything serious about it?

My answer is definitively YES:
1- Implement a QC resistant digital signature algorithm in bitcoin with a soft fork.

--snip--

I strongly agree with this part, implement Quantum resistant cryptography without deciding what to do with vulnerable UTXO is the only way to see Quantum resistant cryptography implemented quickly.

The consensus problem is inevitable, but there'll be more time for migration and there'll be less people who become victim of laziness of not upgrading or didn't listen.

3- Let people with abandoned p2pkh UTXOs with an uncompromised public key that are still active after the second deadline to mine their transactions privately by leasing/installing hash power or by buying private service from known responsible miners/pools.

I don't understand you suggest this part. There aren't many pools/solo miners and you'd create big dependency towards them (pools and solo miners).

aliashraf
Hero Member
*****
Offline Offline

Activity: 924
Merit: 664


View Profile WWW
October 09, 2019, 08:43:58 PM
Last edit: October 09, 2019, 08:54:29 PM by aliashraf
 #25

...
3- Let people with abandoned p2pkh UTXOs with an uncompromised public key that are still active after the second deadline to mine their transactions privately by leasing/installing hash power or by buying private service from known responsible miners/pools.

I don't understand you suggest this part. There aren't many pools/solo miners and you'd create big dependency towards them (pools and solo miners).
I'm not proposing anything, just reminding a possibility.

A few decades later, probably, when QC is no longer sci-fi and bitcoin has successfully implemented QC resistance and most wallets have migrated to the new scheme, there will be a hopefully small fraction of p2pkh UTXOs still untouched. In such a situation, commercially cheap QCs lurking around in shadows, if an owner of such a wallet tries to access his funds by publishing a transaction, the funds are being put in risk in the unconfirmed minutes of the transaction lifecycle. Hence they are practically lost already.

What I'm suggesting is that in such a marginal situation, the poor owner of the wallet who secretly has access to both public and private keys matching the wallet's unused RIPEMD-160 address, still has this option, privately mining her txn, either directly or by buying third party services. Sure it is not ideal but it works and is much more preferred than risking public disclosure of his unconfirmed txn and putting not only his funds but also the ecosystem in danger. Bitcoin will suffer from any kind of robbery as well as lost funds; we all know.
franky1
Legendary
*
Online Online

Activity: 2548
Merit: 1496



View Profile
October 10, 2019, 07:34:45 PM
 #26

destroying coins?? (facepalm)

not only does that break the rules of the whole 21m coin 'there will be 21m coins in the future .. oh wait we meant 15mill, now 14m'

not only does that break the 'trust math' theology. because now devs decide they want to go against the rules, so people cant trust that they will always have coins if they just locked their only copy of a private key in a time capsule. they have to trust and hope devs dont go barbaric on code rules

not only does destroying coins destroy many aspects of bitcoin.but the social drama impact of such an act would effect the markets more so than just letting a theif sell coins

think about it once brute forced coins are sold or moved out of insecure keys. drama is over.
its far better to let someone waste their life brute forcing a private key for 50btc and sell them, then repeat 20,000 times until 'satoshi stash' is no longer on insecure addresses... than it is to let devs manipulate the rules to declare more than 1m coined defunct and destroyed in on go. whats next if p2pk keys need destroying, do devs wait a month and declare war on p2pkh p2sh. then when they find an issue with segwit declare a war on p2wpkh. would it ever end

people would prefer to know if they leave their coins its their fault for not loking after them, if they care and there is a output format that is genuinely more secure they can move them. if they dont then they are at risk of someone else spending them.. but never ever should devs ever consider destroying coins..

in business terms. imagine thre is a company in the middle of a merger/liquidation buyout/hostile takeover. is it more beneficial to just let it happen as you know its only a 15minute news item that passes as fast as a price dip would.. or would you call in the military and nuke the facility and shout 'ha ha ha no one gets it' and then go on a mission where nuking businesses is standard practice

the price drama of a user selling 50btc a day is small if they brute forcd a satoshi stash address each day. and it would take 20,000 of thos days to do it to 1m coins.
just think about how little effect on the price 50btc is in comparison to average daily volume.
just think about how little drama it would realistically create compared to breaking some of bitcoins fundemental rules.

more people would be more concerned that devs are coming to dstroy their coins next compared to the worry of someone spending 50btc of satoshi stash a day

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2051

Use SegWit and enjoy lower fees.


View Profile WWW
October 10, 2019, 07:47:12 PM
 #27

more people would be more concerned that devs are coming to dstroy their coins next compared to the worry of someone spending 50btc of satoshi stash a day

If Quantum Computer only makes 50 BTC at risks, i'm sure almost no one would agree with the idea of invalidating all P2PK UTXO and other UTXO which public key is known.

Just confirming, do you prefer someone with QC stole Bitcoin from vulnerable UTXO rather than makes no one can spend their Bitcoin from vulnerable UTXO?
Or perhaps do you have another idea, such as distribute it as mining rewards or distribute it to all Bitcoin address where it's public key isn't known or uses address format based on quantum resistant cryptography?

figmentofmyass
Hero Member
*****
Offline Offline

Activity: 1176
Merit: 914



View Profile
October 10, 2019, 10:17:12 PM
 #28

destroying coins?? (facepalm)

not only does that break the rules of the whole 21m coin 'there will be 21m coins in the future .. oh wait we meant 15mill, now 14m'

it doesn't. the rule is there can't be more than 21 million coins.

due to the nature of private keys, there was always an implicit assumption that lost coins deplete the supply. i've been operating under that assumption since i arrived 7 years ago. in fact, satoshi explicitly said as much in 2010.

you're telling me that entire monetary philosophy just goes in the trash bin now? lost coins aren't a donation to holders, but rather those with quantum computers?

think about it once brute forced coins are sold or moved out of insecure keys. drama is over.

if QC can break ECDSA, then ECDSA secured outputs should not exist, period. "people should be free to have their coins stolen!!!11!!1!" is not a compelling answer. it's completely against the interest of all bitcoin holders.

mda
Member
**
Offline Offline

Activity: 123
Merit: 10


View Profile
October 11, 2019, 07:37:39 AM
 #29

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.
squatter
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 930


STOP SNITCHIN'


View Profile
October 11, 2019, 08:04:58 AM
 #30

A possible trade-off would be to limit transaction amounts from unhashed public keys to few million USD per day.

That sounds like a real kludge. The idea probably wouldn't gain traction. Theoretically it's also not just unhashed public keys that are vulnerable, but all public keys as they currently exist.

The solution seems rather binary to me. We either lock/destroy vulnerable outputs or we let them wreak havoc on the market. Whether the first option is ethical seems like an issue of time -- how long is long enough?

We have some duty of care not to deprive people of their money, but does that entail going down with the ship?

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!