Bitcoin Forum
December 08, 2016, 04:19:54 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: The Truth behind BIP 16 and 17 (important read)  (Read 7692 times)
Atheros
Sr. Member
****
Offline Offline

Activity: 249



View Profile WWW
February 03, 2012, 12:15:46 AM
 #81

RE: 2_Thumbs_Up

That new 'genesis block' would be just as big as the current pruned blockchain, so there is no point in doing it that way. Luckily there is no need: clean and simple P2SH would be easy to do with the current blockchain and transactions. The only challenge would be, apparently, the network-wide upgrade process.

BM-GteJMPqvHRUdUHHa1u7dtYnfDaH5ogeY
Bitmessage.org - Decentralized, trustless, encrypted, authenticated messaging protocol and client.
1481170794
Hero Member
*
Offline Offline

Posts: 1481170794

View Profile Personal Message (Offline)

Ignore
1481170794
Reply with quote  #2

1481170794
Report to moderator
1481170794
Hero Member
*
Offline Offline

Posts: 1481170794

View Profile Personal Message (Offline)

Ignore
1481170794
Reply with quote  #2

1481170794
Report to moderator
1481170794
Hero Member
*
Offline Offline

Posts: 1481170794

View Profile Personal Message (Offline)

Ignore
1481170794
Reply with quote  #2

1481170794
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481170794
Hero Member
*
Offline Offline

Posts: 1481170794

View Profile Personal Message (Offline)

Ignore
1481170794
Reply with quote  #2

1481170794
Report to moderator
westkybitcoins
Legendary
*
Offline Offline

Activity: 980

Firstbits: Compromised. Thanks, Android!


View Profile
February 03, 2012, 06:52:13 PM
 #82

At the risk of rehashing a settled issue, I have a stupid question:

It is already cryptographically possible to have two or more devices each have access to a portion of a private key, and be able to combine these portions to spend funds in such a way that no device gains access to any more of the private key than it already had, correct?

If this is the case, I'm wondering why it's considered mission-critical to implement scripting for multisig and for extra security measures in general by altering the protocol, rather than letting the owners of the private keys take responsibility for securing them and preventing unauthorized spending.

Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
...
...
In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber
...
...
ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)
...
...
The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
Luke-Jr
Legendary
*
Offline Offline

Activity: 2086



View Profile
February 03, 2012, 07:02:33 PM
 #83

It is already cryptographically possible to have two or more devices each have access to a portion of a private key, and be able to combine these portions to spend funds in such a way that no device gains access to any more of the private key than it already had, correct?
AIUI, no.

fivemileshigh
Full Member
***
Offline Offline

Activity: 136


View Profile
February 03, 2012, 07:55:04 PM
 #84

* Disclaimer: I don't think that BIP17 is better than BIP16. Both are ugly hacks. I will support one only if most other miners will.

Tycho, I mean this with all the kindness and respect I can possibly muster:

If you think both are ugly, make your case and stand by it. "Just doing what everybody else is doing" is groupthink. Don't be a sheep. Nothing good or worth having lies that way.


ByteCoin
Sr. Member
****
Offline Offline

Activity: 416


View Profile
February 04, 2012, 12:45:20 AM
 #85

It is already cryptographically possible to have two or more devices each have access to a portion of a private key, and be able to combine these portions to spend funds in such a way that no device gains access to any more of the private key than it already had, correct?
AIUI, no.
Yes it's possible. As far as I can recall, you need to use the additive homomorphic property of the Pallier scheme. It has been discussed on the forum before but I can't find the reference.

ByteCoin
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 04, 2012, 12:57:03 AM
 #86

RE: 2_Thumbs_Up

That new 'genesis block' would be just as big as the current pruned blockchain, so there is no point in doing it that way. Luckily there is no need: clean and simple P2SH would be easy to do with the current blockchain and transactions. The only challenge would be, apparently, the network-wide upgrade process.

This may belong in another thread, but I have heard this point made, and I am not sure I agree with it, just doing a mental estimation in my head.

A new genesis block would be the same size as the current pruned blockchain, minus all of the following VERY BIG wastes of space:
  • Transaction inputs (these are HUGE: 130+ bytes each, compared to outputs around 30 bytes each) - and are worthless information except for their verification value... when multisig arrives, typical inputs will be double and triple this per transaction.
  • Stubs left behind when you prune merkle trees (since you need the full hash of the branches you pruned to be able to verify the hash of what's left of tree, which in many cases these hashes are a decent fraction in size of the transactions they replace)
  • Spent outputs of multi-output transactions (which can't be pruned if ANY unspent outputs remain - especially bloatful when you consider, for example, that pools like P2Pool generate huge transactions with numerous penny-sized outputs to pay off miners, of which most but not all get spent... which directly means that most of the space they take up is a waste).

Remove all of this fluff from a pruned block chain, make a "regenesis" block consisting of nothing but unspent outputs, and I bet it's less than a third the size of even a pruned block chain, and less than a tenth or twentieth the size of our current chain (a disparity that increases toward infinity as bitcoin is used - by 2013, this disparity might quadruple).

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
February 04, 2012, 03:47:13 PM
 #87

Gonna read this long post someday.

Atheros
Sr. Member
****
Offline Offline

Activity: 249



View Profile WWW
February 05, 2012, 06:10:17 PM
 #88

Remove all of this fluff from a pruned block chain, make a "regenesis" block consisting of nothing but unspent outputs, and I bet it's less than a third the size of even a pruned block chain, and less than a tenth or twentieth the size of our current chain (a disparity that increases toward infinity as bitcoin is used - by 2013, this disparity might quadruple).

Ok, I definitely concede that it would be smaller. All of those things individual miners can do on their own. The chain wouldn't be verifiable anymore but we basically threw that condition out of the window when we made a re-genesis block. I'm sure miners will be doing this before long as long as the full block chain is still available in a distributed manner.

BM-GteJMPqvHRUdUHHa1u7dtYnfDaH5ogeY
Bitmessage.org - Decentralized, trustless, encrypted, authenticated messaging protocol and client.
Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!