Bitcoin private key BASE58 problem

[DannyHamilton]

If Satoshi signed a message with the Block 0 output address, that 'they won't move the 1.1 million coins', even then these coins were moveable.

I understand that this doesn't change the point you're trying to make, but the Block 0 coins are not spendable, regardless of whether the private key is available or not.  Just wanted to point this out for anyone that might think that they are.

Your statement would be more accurate if you stated:
"If Satoshi signed a message with the Block 1 output address, that 'they won't move the 1.1 million coins', even then these coins were moveable."

[mynonce]

If Satoshi signed a message with the Block 0 output address, that 'they won't move the 1.1 million coins', even then these coins were moveable.

I understand that this doesn't change the point you're trying to make, but the Block 0 coins are not spendable, regardless of whether the private key is available or not.  Just wanted to point this out for anyone that might think that they are.

Your statement would be more accurate if you stated:
"If Satoshi signed a message with the Block 1 output address, that 'they won't move the 1.1 million coins', even then these coins were moveable."

'with the Block 0' is correct. Because in this statement, Satoshi would use the private key of Block 0 output address to sign the message.

We know that Block 0 coins are not spendable, maybe you missed it here. (see the pre-previous post)

[pooya87]

'they won't move the 1.1 million coins',

Satoshi owning 1.1 million bitcoins is a weak guess, I don't understand why people keep repeating it as if it is a proven thing!

By the way why are you even focusing on P2PK outputs that each contain a small amount of bitcoin compared to reused addresses that do contain thousands of bitcoin and are the same as far as "knowing public key" goes?

[garlonicon]

and are the same as far as "knowing public key" goes?

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

[BlackHatCoiner]

It won't be  20,999,999.9769, neither 20,999,949.9769 which is the precise number.

Genesis block's reward isn't included in the circulating supply. It's block number 0, which takes place in no halving epoch. Counting starts from block 1.

But not impossible. Bitcoin which have simply not moved in a long time are not provably lost. The difference in your analogy is these bitcoin are already accounted for in the max supply. Capturing an asteroid filled with gold will inflate the supply of gold significantly.

And those abandoned coins will inflate the currency if they suddenly appear into the market. Similarly with gold, there's obviously a specific supply within this universe, but a minority of the ounces are in the market.

It's not impossible, but I consider it highly improbable for hundreds of thousands.

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

So?

[mynonce]

'they won't move the 1.1 million coins',

Satoshi owning 1.1 million bitcoins is a weak guess, I don't understand why people keep repeating it as if it is a proven thing!

Whale Alert: We were able to make the most accurate estimate of the number of blocks mined and bitcoins owned by Satoshi
https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b
And I say, that is not weak and not a guess. It is a perfect calculation, because Satoshi marked these blocks not only with the Nonce values but also with several other characteristics like timestamp, timedelta (between own blocks), ExtraNonce, ...
Yes, we can't say '100%' Satoshi mined them, but if you do your own research and understand what Satoshi has done, then one can say '99.9999999999%'.

...
By the way why are you even focusing on P2PK outputs that each contain a small amount of bitcoin compared to reused addresses that do contain thousands of bitcoin and are the same as far as "knowing public key" goes?

Because after all the research, I know that Satoshi is the owner of these coins. And if there is a possibility to move the coins, someone will do it. What will happen? Nothing. Satoshi will let us move the coins. You don't believe it? Then we have to wait until someone will do it. (And we will see the reaction of the market, but it will be temporary.)
What will happen if someone moves the coins of the mentioned reused addresses that do contain thousands of bitcoin? A lot! I would not try it.

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

So?

ECDSA: Revealing the private key, from four signed messages, two keys and shared nonces (SECP256k1)
https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1d

https://www.youtube.com/watch?v=6ssTlSSIJQE

[pooya87]

Yes, we can't say '100%' Satoshi mined them, but if you do your own research and understand what Satoshi has done, then one can say '99.9999999999%'.

More like 0.1%.

What will happen if someone moves the coins of the mentioned reused addresses that do contain thousands of bitcoin? A lot! I would not try it.

Theft is theft, you can sugar coat it however you like but it is stealing someone else's money. Not to mention that from a cryptography point of view if a single P2PK output could be stolen, all bitcoins outputs are in danger regardless of their type because there is a short step from there to speeding up the process that lets anyone steal the coins in a transaction while it waits to be confirmed. That makes bitcoin obsolete overnight.

[mynonce]

What will happen if someone moves the coins of the mentioned reused addresses that do contain thousands of bitcoin? A lot! I would not try it.

Theft is theft, you can sugar coat it however you like but it is stealing someone else's money. Not to mention that from a cryptography point of view if a single P2PK output could be stolen, all bitcoins outputs are in danger regardless of their type because there is a short step from there to speeding up the process that lets anyone steal the coins in a transaction while it waits to be confirmed. That makes bitcoin obsolete overnight.

With your argumentation, governments could say this:

Money printing is money printing and is a criminal act. What the Bitcoin community is doing, is money printing, or money creation, or money issuance. You can sugar coat it however you like but it is stealing government's money and distributing that money without the permission of the government.


Governments allowed Satoshi to 'print' Bitcoin.
Satoshi will allow 'whoever is able to do it' to transfer these coins.
Governments will allow it.
Yes, you don't believe it. Then we have to wait until it happens.

[BlackHatCoiner]

My friendly, but sarcastic, at the same time, comment to @mynonce is that... Shake it again!

Yes, we can't say '100%' Satoshi mined them, but if you do your own research and understand what Satoshi has done, then one can say '99.9999999999%'.

I disagree that based on few, insignificant facts like reuses of nonce, you can consider it highly likely to be Satoshi's. Let alone, for the private keys to be generated in a predictable way.

Money printing is money printing and is a criminal act. What the Bitcoin community is doing, is money printing, or money creation, or money issuance.

Money printing is what's illegal; to start printing dollars. But, it's not illegal to form another type of money. If some agreed to transact using salt, the government of a democratic regime couldn't consider that illegal unless the people didn't want it either. It could regulate it, though.

There's a difference between creating another currency and cheating the government's monetary system by inflating it.

Governments allowed Satoshi to 'print' Bitcoin.

Or rather couldn't stop Satoshi from inventing Bitcoin.

Satoshi will allow 'whoever is able to do it' to transfer these coins.

Or rather, they won't.

Governments will allow it.

Or maybe they'll have to accept they cannot forbid it.

[mynonce]

...
...

Governments will allow it.

Or maybe they'll have to accept they cannot forbid it.

That will happen.

[BlackHatCoiner]

That will happen.

The acceptance of the inevitable or the allowance?

[mynonce]

That will happen.

The acceptance of the inevitable or the allowance?

Let me answer this so:

Governments allowed Satoshi to 'print' Bitcoin.

Or rather couldn't stop Satoshi from inventing Bitcoin.

If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.
If they really wanted to know who Satoshi is ... (My opinion: They know who Satoshi is and Satoshi knows it.)

[BlackHatCoiner]

If they really wanted to stop it. They would have stopped it. We wouldn't have Bitcoin.

Devil's advocate speaking: And if the people really wanted to rebel we would have it. They wouldn't have stopped Bitcoin.

If they really wanted to know who Satoshi is ...

You must be really afraid of the government, but let me tell you that they are humans just like you and me.

[o_e_l_e_o]

Whale Alert

Think what you like about the Patoshi data, but Whale Alert are one of the stupidest and click baity organizations in the whole of crypto. They tweet complete trash without doing even the most basic of research or investigation. If you are going to read about the Patoshi data, I suggest you read the original research directly. I wouldn't read a single word associated with Whale Alert.

That makes bitcoin obsolete overnight.

I wouldn't call it a "short step". Look at things like CPUs, GPUs, or even ASICs, as comparison. It will take years between the first quantum computer which can solve the ECDLP, and the first quantum computer which can solve it in <10 minutes.

Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.

[pooya87]

Still, I agree it is obviously theft, but I still don't think we should take any steps to prevent it. If coins have been abandoned or lost or the owners are ignoring them, and they end up being stolen, then so be it. The last thing we want is for nodes/miners/devs/the community to unilaterally decide to make some coins unspendable or remove them from circulation.

You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.
The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

[o_e_l_e_o]

You forgot that we aren't talking about some abandoned coins in a P2PK output. We are also talking about a much bigger amount of bitcoin (in total) in reused addresses, like a lot of the addresses in the bitcoin rich-list.

And in those cases, where addresses are being constantly reused, then almost all of those users will be able to move their coins to whatever quantum resistant algorithm we end up with, which will probably be in place years before the coins on reused addresses are at any meaningful risk.

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.

[ABCbits]

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

So?

ECDSA: Revealing the private key, from four signed messages, two keys and shared nonces (SECP256k1)
https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1d

https://www.youtube.com/watch?v=6ssTlSSIJQE

True, but it requires user to use vulnerable software. Reusing k value (also called nonce) is well-known problem, so it's unlikely you could someone private key that way.

The decision also won't be unilateral, whatever the decision may be. It will be a fork that like any other fork requires support from the majority.

I meant unilateral in respect to the owner of the coins. The majority shouldn't get to decide what to do with the coins belonging to someone else, even if we think those coins have been lost or abandoned.

Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.

[o_e_l_e_o]

Unfortunately people have different opinion on this matter. For example, few people think it's better to freeze vulnerable UTXO rather than letting thief stole it and potentially manipulate Bitcoin price.

I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins. As soon as a small group of users start deciding who is and is not allowed to access certain coins, then we have turned bitcoin in to something it isn't. I would much rather the market takes the hit from a few million coins re-entering active circulation and ultimately recovers from the hit with the principles of bitcoin still intact, than we change the principles of bitcoin (that no third parties have any say over your money) to avoid such a hit.

The only way I would be ok with coins being locked or frozen would be if there was some method for the true owner to prove their ownership and reclaim them. The only way I can think of doing this would be by showing that the relevant private keys were derived from a seed phrase in their possession, but obviously this does not help with all the P2PK addresses or any non-HD reused addresses.

I'm hopeful that someone much smarter than me comes up with a better solution before it is necessary.

[pooya87]

I completely disagree with that approach and think it makes use little better than a coin like Ethereum, which forked itself to make sure the "wrong" people didn't have access to certain coins.

That's an entirely different situation. Ethereum forked to roll back blocks so that they can get their money back that was lost in a buggy smart contract which didn't get fixed either (If they had fixed the bugs of their protocol then it would at least make a little sense!).

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.

[o_e_l_e_o]

That's an entirely different situation.

But the outcome was the same - the majority decided what to do to someone else's coins, which violates one of the main tenets of bitcoin.

In any ways, I have argued before that if there is a vulnerability it should be removed instead of us letting it exist and hope nobody uses it. In this case if ECC were broken it must be removed completely which would effectively lock any coin that is not moved to new algorithm before a certain deadline.

It's not a case of hoping no one exploits the vulnerability. ECC will almost certainly be broken at some point in the future, and any coins protected by it will definitely eventually be stolen. We will absolutely move to a new algorithm, but it should not be the decision of the majority to lock coins which we do not own with no say from the true owner. I would much rather those coins are stolen than we set a precedent that the community can decide to lock your coins and there is nothing you can do about it.