Game theory involving Quantum Resistance protocol

[aliashraf]

Keeping bitcoin promise as far as it is possible and pushing to the limits, it is the point.
Disabling OP_CHECKSIG means destroying wallets that do not follow our orders, It wasn't part of the code, the contract bitcoin has "signed" with the user. You can't just show up with a new address scheme ordering people to migrate. They have a right not to follow, it is constitutional.

there is a dilemma here. firstly, this scheme of yours involves too much trust---in miners to privately mine transactions without stealing and in p2pkh holders to properly secure their coins. they are theoretically a threat to us all.

In the real world, trust works fine for many use-cases, it is one of them. It is the penalty a lazy or careless wallet owner or a paranoid one has to pay, her decision, not the community. We have already provided her with a free alternative approach (migrating to the new scheme) and she has refused or missed it and now she should pay costs to secure her funds but the good news is that she has not lost everything.

secondly, bitcoin's economic design implies what satoshi said explicitly---"Lost coins only make everyone else's coins worth slightly more.  Think of it as a donation to everyone."

so it becomes a point of contention. whose interests are more important---
a. people who want to keep their outputs in vulnerable format for eternity (despite safe alternatives) and who will require trusted/centralized solutions to spend them, or
b. the rest of the bitcoin economy?

even if we table the discussion about needless complexity, bitcoin holders will not be interested in your way. they will prefer a predictable outcome that more reliably ensures that bitcoin's value remains intact.

The way you formulate it is not fair  

The coins are not lost, they are deliberately destroyed by the majority (by a UASF for instance), it is not part of the deal and reminds me of Ethereum and its centralized ecosystem. Bitcoin is not about majorities neither whales nor celebrities, on the contrary, its strength is in the maximum protection of minorities.

[1713584493]

1713584493

[areyousatooshi]

We think that the early mined coins of Satoshi are created as a prize competition (Re: Maybe Satoshi created the greatest prize competition https://bitcointalk.org/index.php?topic=5150688.0) and that Satoshi is waiting this coins to be moved. We also think that he will not respond when somebody moves the first coins but it will be a message to the Bitcoin community that the private keys are somehow on the blockchain. Satoshi could move the coins (2009/2010) to P2PKH addresses but did not.

and there is also zero evidence of any of that

not sure, but maybe:

Look at these 19 public keys:

Code:

0434f3e8e75ec56591490b558a6f31211f0f5c92345addee268418af70e8c4b38e69843aa0139d3a393b7353388dcb3e809f28d2f61f998c0299abd5ed3eb3165b
041fb2bee6523163f21f6f7f2918b3c674f5ea1d68abb753537d1eb2d4256bfa632f175e47bf0cea7bc0ad9d4caf158ae7a8a82de70587535922ed7fe94f131459
048743aa38b310b19a9fb5066d82df970c1925503b9e0e8c71099c4a6ec95959de6edf701c94df1e92b04959426fd7b9e5f1875b574400a6778e898a4ae1e09e4d
045015405eb7650997d571ccdf5d9667b6452af2446aa6f39443d6631ccde8cf2f817d3e8713f22fa4f0c066275608db54e1ae2e4b85b9ce0e33fc7de72176d917
041c34b55dbe9793aa023733fddfb0caefbae5b0fdf44dfb28505794ee2e30640a880da077f97733a164ec248bffef94d2104579a989e64c4fa9962807fdf5013c
048583734a32ed0f19c8fb4ef1d53f907eae51b051c946d92160be837dcd8d33dccdbb5d25c9008b8244fc6031b28140520dcc6e34a0aacbd73ab89c38e8aa0c85
044ed97015499143d2945601dcb1539c00fd143c9880fd8086dd609f27d7e6ee720f5557eb1c1104b2d7cf6257221bd332f452a1874475946aaf22a860f1f90960
04cd0e16ec7aabea7c35bf230a59631e38a15c7a491c62f3d9e2d0398bbd48e13c1bfabe822458f8d45cc90c4e06b9c3f220f0c0744f25b81d213c1a28e6d42215
040d38158d879b1da30951cf39f2b31f105601a5c7fdf30442573e9a84b8c00c8ca95f712e76647b54a87db08489c7f76a958dc87278e8311f4c04ae0ac6613ca2
04b61c2d88ad4b579bb4b2193e0e6ec4b9c3b393a34545a0eb7686b02205385133f2179e450da372f9f810b6415835b5121a2ea822820c31ab1f5dc6655f1ae97a
0431ed84b6a2615c121eee1837da2353a4b39c7e176f32d2792d8384e0a7f658871d9d2c2e955b5f9f83d35ecac6c4bec52d02e76d14f85ad74536ac51e38df986
046a54d74528db63cd2164dc7483a7a479bb82dc62aa4e40cf5bcff7871ba839025a0476aa9a1258b657019a4f281a78eb56b6f841c6a363c98ac8713109bdcc7c
04b18527cf6f53ad751f90faad335b094fe5129ca6133a24b901af545bb1b067189574c52a5c8ce0be292e1304a96b77cde70ccf16324717c218c89ef7bc03e5c9
04ac115090af184a8463f16e09bb8225e8c5c9e420646aa3e5327c1bc44d325cd7d180157f02e9d50a056d2d2b84356f9cc7398f0c95e25b6ba68f04f0172166de
04ef7dfdb71a90cf896642c498a7fe702e3d87b3600b4b57c632d2d28cd0ae4b66ca668dc0eb8d1f66cb9ed56167d311953eefb5ed511bba78627eca697cb935ca
046ea9c3ad7b850b085f2c96b5fc8774086514dd297cf2765ad4930a63c0d860cd21302b93cf991d0b711435d0c6ec62ce863450abe6492ead7fd145045daf827f
049d6993e6a9a312f16db0f0b60781472ec5ff9e4a343e2a6a1b2008db9bb5aea018dd838ff572b0bcaf2ada7661b8172960b6846b1e366bb9e9a8f04614608be3
04e76b0e053769e7b213d067f3b5f82b428cec48d3a217a7623d56b69ad4428618185f2d59c3263a50a7887364dbc3dfc60b5f461cbeb57af3cd0121c0e59617da
048b74872254d33cf08cd695c29580b541c4732d30730fa541078ef2d9d0e542132ce0963cb765eb94320d2a2c704b52e41f65536ef53acd8e09c886fd808fd2f0

They correspond to uncompressed addresses with the first transactions in 2011 year, and fund release only in September 2019. The amounts for every address are 100-500BTC. For example the first 3 addresses (released 147BTC, 122BTC and 147BTC) are:
13GUJutC6GKgJQTcGzCtznDDYFQKVJFVwp
13Sa73PU9Ar5sE4SdFcBdbg9ntbNcMQhaA
14k4GhqA1svNZPbssdAjgdnfzWTpAigZVH

Is this Satoshi releasing his early mined funds? This could not be a luck, so huge luck.

I'm not the author of these pubkeys collection. I found it here: https://bitcointalk.org/index.php?topic=1306983.msg52879592#msg52879592

This puzzle is very strange. If it's for measuring the world's brute forcing capacity, 161-256 are just a waste (RIPEMD160 entropy is filled by 160, and by all of P2PKH Bitcoin). The puzzle creator could improve the puzzle's utility without bringing in any extra funds from outside - just spend 161-256 across to the unsolved portion 51-160, and roughly treble the puzzle's content density.

If on the other hand there's a pattern to find... well... that's awfully open-ended... can we have a hint or two?

I am the creator.

You are quite right, 161-256 are silly.  I honestly just did not think of this.  What is especially embarrassing, is this did not occur to me once, in two years.  By way of excuse, I was not really thinking much about the puzzle at all.

I will make up for two years of stupidity.  I will spend from 161-256 to the unsolved parts, as you suggest.  In addition, I intend to add further funds.  My aim is to boost the density by a factor of 10, from 0.001*length(key) to 0.01*length(key).  Probably in the next few weeks.  At any rate, when I next have an extended period of quiet and calm, to construct the new transaction carefully.

A few words about the puzzle.  There is no pattern.  It is just consecutive keys from a deterministic wallet (masked with leading 000...0001 to set difficulty).  It is simply a crude measuring instrument, of the cracking strength of the community.

Finally, I wish to express appreciation of the efforts of all developers of new cracking tools and technology.  The "large bitcoin collider" is especially innovative and interesting!

saatoshi_rising, are you satoshi? If you don't want to tell something, we respect your privacy! Maybe you could support us here:

Maybe Satoshi created the greatest prize competition https://bitcointalk.org/index.php?topic=5150688.0
Open letter/question to Satoshi https://bitcointalk.org/index.php?topic=5159185.0

[figmentofmyass]

there is a dilemma here. firstly, this scheme of yours involves too much trust---in miners to privately mine transactions without stealing and in p2pkh holders to properly secure their coins. they are theoretically a threat to us all.

In the real world, trust works fine for many use-cases, it is one of them. It is the penalty a lazy or careless wallet owner or a paranoid one has to pay, her decision, not the community.

you're missing the point. i've emphasized the relevant sentence in bold. we---the rest of the bitcoin economy---could theoretically pay for their carelessness. i find that unacceptable.

as a bitcoin holder, their interests are directly in conflict with mine. how do you plan to reconcile this? this network operates on the basis of economic rationality. you seem to expect us to embrace irrational behavior that threatens our financial interests. why?

The coins are not lost, they are deliberately destroyed by the majority (by a UASF for instance), it is not part of the deal and reminds me of Ethereum and its centralized ecosystem.

what "deal"? what are you referring to as if some scripture exists re our duty of care obligations? at what point is putting the entire bitcoin economy's well being at stake not acceptable to you?

i don't believe duty of care implies the necessity to protect specifically irresponsible and unsafe behavior that can/will harm other people. it seems like you'd rather see bitcoin burned to the ground before budging on this. is that the case?

[aliashraf]

what "deal"? what are you referring to as if some scripture exists re our duty of care obligations? at what point is putting the entire bitcoin economy's well being at stake not acceptable to you?

i don't believe duty of care implies the necessity to protect specifically irresponsible and unsafe behavior that can/will harm other people. it seems like you'd rather see bitcoin burned to the ground before budging on this. is that the case?

The protocol I suggested above, is safe and secure and a very good compromise saving everybody without taking rough measures against people who miss deadlines. You need to take another look at and sleep on it, imo.

I don't believe in antagonistic conflicts of interests between users but we all need to respect the code and destroying coins is not part of the code. I understand for exposed public keys there is no choice and should put the safety of the whole ecosystem first, but for unexposed ones, I see no justification for taking rough actions just because they are easier to implement.

[pooya87]

The protocol I suggested above, is safe and secure and a very good compromise saving everybody without taking rough measures against people who miss deadlines. You need to take another look at and sleep on it, imo.

if something were broken it must be removed right away. you can't compromise the entire multi billion dollar worth of system just because some people might be lazy!
when people enter bitcoin world the first thing they learn is that they are now responsible and in full control of their own money. that includes keeping an eye on development of bitcoin and changing directions if needed.

[aliashraf]

The protocol I suggested above, is safe and secure and a very good compromise saving everybody without taking rough measures against people who miss deadlines. You need to take another look at and sleep on it, imo.

if something were broken it must be removed right away. you can't compromise the entire multi billion dollar worth of system just because some people might be lazy!
when people enter bitcoin world the first thing they learn is that they are now responsible and in full control of their own money. that includes keeping an eye on development of bitcoin and changing directions if needed.

Firstly, it is a good compromise, not a bad one! Being rough and harsh against people because they have missed some deadline is neither a good practice nor a part of bitcoin culture.

Removing OP_CHECKSIGHASH is too harsh. Unlike what you say, people have no obligation to keep an eye on what pool operators and devs dictate. It is not part of the code, I've bought some coins as an eternally safe asset without signing any contract to be online or keeping an eye on anything. It is basic.

I think even talking about such a hypothetical fork hurts bitcoin and should be immediately stopped! No matter who first put it this way and in what condition such nonsense ideas have been formed in his mind (or probably he has been drunk or high?) but it is not what bitcoin is.
What if pools and wallet companies and devs decided (for the interests of their multi-billion business) to block terrorist wallets, e.g. because of US authorities threatening the whole community?  

[pooya87]

What if pools and wallet companies and devs decided (for the interests of their multi-billion business) to block terrorist wallets, e.g. because of US authorities threatening the whole community? 

you are comparing apples and oranges!

your other arguments are like saying our browsers must not have stopped rejecting SHA1 SSL certificates because some people might be lazy in upgrading their certificate to a more secure hash algorithm even though there was a transition period given to everyone to move to new algorithms! instead they should have given the "lazy server" a workaround to push their SHA1 certificates as valid!!!

[aliashraf]

What if pools and wallet companies and devs decided (for the interests of their multi-billion business) to block terrorist wallets, e.g. because of US authorities threatening the whole community? 

you are comparing apples and oranges!

your other arguments are like saying our browsers must not have stopped rejecting SHA1 SSL certificates because some people might be lazy in upgrading their certificate to a more secure hash algorithm even though there was a transition period given to everyone to move to new algorithms! instead they should have given the "lazy server" a workaround to push their SHA1 certificates as valid!!!

It is the true apples and oranges comparison, what you are doing. A digital asset, especially a cryptocurrency deposit is absolutely different artifact. I'm done rehashing the same argument over and over, it is the code, a constitutional right, for users not to be worried about developments and forks, their assets should be kept immune. period.

And it is not all about laziness (which is absolutely a right), people may be away for a long period of time from tech news, maybe they are paranoid about tracking/surveillance systems being watching them and trying to locate them, whales may feel uncomfortable with moving their strategic wallets, some may possibly lose their keys temporarily, others may have deposited their keys in a safe box to be handed to the heirs in a special occasion, ...

Plus, if missing a deadline should have a penalty it is not necessarily losing all funds. In my proposal users that you are calling them lazy have tp pay for it but in a reasonable way.

[pereira4]

What if pools and wallet companies and devs decided (for the interests of their multi-billion business) to block terrorist wallets, e.g. because of US authorities threatening the whole community? 

you are comparing apples and oranges!

your other arguments are like saying our browsers must not have stopped rejecting SHA1 SSL certificates because some people might be lazy in upgrading their certificate to a more secure hash algorithm even though there was a transition period given to everyone to move to new algorithms! instead they should have given the "lazy server" a workaround to push their SHA1 certificates as valid!!!

It is the true apples and oranges comparison, what you are doing. A digital asset, especially a cryptocurrency deposit is absolutely different artifact. I'm done rehashing the same argument over and over, it is the code, a constitutional right, for users not to be worried about developments and forks, their assets should be kept immune. period.

And it is not all about laziness (which is absolutely a right), people may be away for a long period of time from tech news, maybe they are paranoid about tracking/surveillance systems being watching them and trying to locate them, whales may feel uncomfortable with moving their strategic wallets, some may possibly lose their keys temporarily, others may have deposited their keys in a safe box to be handed to the heirs in a special occasion, ...

Plus, if missing a deadline should have a penalty it is not necessarily losing all funds. In my proposal users that you are calling them lazy have tp pay for it but in a reasonable way.

If Bitcoin wants to be digital gold, you can't be having arbitrary countdowns in which you are going to lose all of your affected funds unless you move them from A to B. That is what has been my point for a while.

However, what do you really and concisely propose? I have not seen convincing arguments, when it comes to avoiding the need for funds being moved in case of an exploit on the algorithm (QC attack or otherwise).

Perhaps it's something we can't avoid, and every generation or so, you will need to do this, at least once in your lifetime.
With gold, the analogy could be that you may need to reallocate all of your holdings... the place in which they are sitting isn't supposedly safe forever.

[gogxmagog]

Hi all guys and girls speaking in this exciting thread (finally someone speaking of QC!?!)

I will not actively step in to say more of what has been said but I would like to point you to https://faqq.info/

There you can find the Frequently Asked Quantum Questions, very informative

And last but not least an XMSS signature based cryptocurrency & blockchain exists and its running smoothly on mainnet for over 1 year now: www.theqrl.org

Cheers and keep this great discussion up, I will enjoy keeping read it.