Gold collapsing. Bitcoin UP.

[justusranvier]

Both Alice's and Bob's payment codes are known since they are public and in addition the time frame of the notification transaction is also known. Couldn't such an agency then look for all transactions in that specific time frame that might be a notification transaction and try them until finding one that matches? Does such an attack gain information for Eve, or are there reasons this isn't possible or useful?

If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much. The attacker won't be able to connect the notification transaction with the actual payments.

See: https://www.reddit.com/r/Bitcoin/comments/34prd6/i_made_a_3d_printed_stainless_steel_bitcoin/cqy16lr

If an attacker knows that certain UTXOs are associated with a particular individual (Bob), and if the attacker then sees those outputs used as inputs to a transaction which creates an output at a known notification address (Alice's), then the attacker can assume a probability that the Bob will send some bitcoins to Alice at some point in the future.

Bob might have sent a decoy notification to Alice, so the attacker can never be sure. All the attacker knows that Bob will sent Alice somewhere between 0 and 2³² payments to Alice between the time of the notification transaction and forever.

The attacker might assume that any payments appearing in the mempool immediately following the notification transaction are a payment between Bob and Alice, but that's a problem that tends to solve itself as the transaction rate increases and can be addressed by intelligent clients which make sure to put a random amount of temporal separation between the notification transaction and the first payment.

[1713933588]

1713933588

[1713933588]

1713933588

[1713933588]

1713933588

[cypherdoc]

notice the MACD turning up strongly.  remember that bear mkts turn on bad news.  bad in the sense of extreme controversy over Gavin's proposal and seeming chaos of opinion in the Bitcoin community:

[cypherdoc]

on a more general level, this is great news:

While the court didn’t reach the crucial question of whether the program violates the Fourth Amendment, the ruling gives civil libertarians good reason to hope that a massive and egregious violation of every American’s privacy will finally come to an end.

http://www.cato.org/blog/second-circuit-declares-nsas-telephone-dragnet-unlawful

[cypherdoc]

there is no doubt in my mind that THIS is the very chart, $DJT, some very powerful players are watching and seeking to stick save. or, yes, they could also just be powerful dip buyers of the weakest index around but my pt stands.  this is the chart to watch.  i count no less than 8 tests of the support line as drawn with someone intervening every single time to prevent a plunge (or dip buy).  their problem is, each bounce keeps getting weaker and weaker and we have a non-confirmation on the board:

[rocks]

Both Alice's and Bob's payment codes are known since they are public and in addition the time frame of the notification transaction is also known. Couldn't such an agency then look for all transactions in that specific time frame that might be a notification transaction and try them until finding one that matches? Does such an attack gain information for Eve, or are there reasons this isn't possible or useful?

If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much. The attacker won't be able to connect the notification transaction with the actual payments.

See: https://www.reddit.com/r/Bitcoin/comments/34prd6/i_made_a_3d_printed_stainless_steel_bitcoin/cqy16lr

If an attacker knows that certain UTXOs are associated with a particular individual (Bob), and if the attacker then sees those outputs used as inputs to a transaction which creates an output at a known notification address (Alice's), then the attacker can assume a probability that the Bob will send some bitcoins to Alice at some point in the future.

Bob might have sent a decoy notification to Alice, so the attacker can never be sure. All the attacker knows that Bob will sent Alice somewhere between 0 and 2³² payments to Alice between the time of the notification transaction and forever.

The attacker might assume that any payments appearing in the mempool immediately following the notification transaction are a payment between Bob and Alice, but that's a problem that tends to solve itself as the transaction rate increases and can be addressed by intelligent clients which make sure to put a random amount of temporal separation between the notification transaction and the first payment.

OK, thanks that helps. So this is saying that the only knowledge gained is that Bob and Alice setup a payment connection, but even with that an attacker couldn't identify what payments happened in the future (or even if any payments happened at all for that matter). So if Bob inadvertently used the notification payments incorrectly, the only information lost is that a payment channel was established between Alice and Bob. Is that right?

If an attacker already expects Alice and Bob to transact, then seeing a notification transaction doesn't tell them much.

I'm not 100% sure on this.

Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments).

I understand this situation is a bit of a reach, just trying to understand it though.

[justusranvier]

Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments).

I understand this situation is a bit of a reach, just trying to understand it though.

An observer will see that Snowden received a payment code, but they won't be able to read whose payment code it is.

The only way they learn it was you who set up the channel is if they have some other way to trace the coins you used to do it. A good client would be sure to use mixed coins for notification transactions.

[cypherdoc]

When asked if that behavior was typical of OTC IPOs he stated that it was, but only for successful offerings.

    “Yeah, new successful offerings. Many simply go down after the first day. Compare it to the first three days of any recent tech IPOs and you should see a similar pattern.”

http://www.miningpool.co.uk/gbtc-trading-explodes-order-book-gap-narrowing/

[rocks]

Let's say for example I am a Snowden sympathizer and the government has outlawed payments to Snowden and the government also suspects that I might want to illegally give Snowden payments. In such an environment identifying the creation of a payment channel to Snowden might be enough for the government to determine guilt, regardless of whether or not they identified the actual payments. So if they knew my payment code and Snowden's payment code, could scanning the blockchain history result in identifying the payment channel (not the actual payments).

I understand this situation is a bit of a reach, just trying to understand it though.

An observer will see that Snowden received a payment code, but they won't be able to read whose payment code it is.

The only way they learn it was you who set up the channel is if they have some other way to trace the coins you used to do it. A good client would be sure to use mixed coins for notification transactions.

OK I think I got it.

So both parties can individually control their anonymity then. If Alice only uses mixed coins for a notification transaction she can be confident that she can not be tied to the payment channel. Similarly if Bob correctly handles the received notification transactions he can be confident that he can not be tied to the payment channel.

Thanks for the explaination

[justusranvier]

Similarly if Bob correctly handles the received notification transactions he can be confident that he can not be tied to the payment channel.

Everybody should dispose of their notification transactions via dust-be-gone, but regardless the number of transactions that have been sent to a notification address is publicly visible.

What's not visible is who sent them, and whether they are real or not.

[cypherdoc]

looks like BitPay agrees with Gavin:

https://twitter.com/spair/status/596504169973944320

[solex]

wow, thanks so much for this.  there are no other Bitcoin devs i trust more than Alan & Gavin.  he's helped me immensely over the years as i was one of the only two to donate $500 (top level) to his initial Armory crowdfunding campaign what, 3-4 yrs ago now?  for that, i got an Armory USB stick, a teeshirt, a coupla bitcoins (i think), & most importantly his old laptop with a sticker on the back with his name and phone #'s, lol.  i'm quite sure he forgot to remove them and i've only ever used the # twice  he's taught me alot about crypto.  i've tried to tailor back my contact with him in the last year or so as i know he is way busier than ever and has grown in stature so it didn't even occur to me to ask his opinion on this matter.  best thing about him is he's a great guy.  i'm so glad you did and hearing his response is reassuring to me that i am pushing the right direction.  thanks again.

A pleasure, and snap! I donated $500 to Armory dev as well, but it was easier with BTC at $800+ :-)
BTW. the quote is from sourceforge, not a personal communication...

[fairlay]

Hi, we started a market on the question wether or not the block size will be increased by 2016.

https://www.fairlay.com/event/category/bitcoin/blockchain/all/

Currently the likelihood is only around 10%. Thant means on the other side that you get about 10 times your money back if you predict on the increase and it actually happens.

[molecular]

Do you guys think March 2016 is a bit late? I do.

Maybe we could divert the discussion to 'when should the 20 mb fork be done', like it sometimes works with children: "Do you want daddy to brush your teeth or would you rather want mommy to do it?"

[molecular]

after reading Mike Hearn - Crash Landing,

I'm thinking: what would it take to achieve this bad situation right now?

An additional 5 tps injected into the network with minimal fee would do it, no?

so why not...

• go short
• open bitcoin transaction spam floodgates (at cost)
• watch hysteria on internetz
• wait for price to crash
• close part of short
• watch 20 mb block limit implemented in a hurry
• close rest of short
• profit

[Odalv]

can one of you tech guys comment on Peter Todds claim that there was an entire book embedded in the BC a month ago?  how is it done?

https://www.reddit.com/r/Bitcoin/comments/34uu02/why_increasing_the_max_block_size_is_urgent_gavin/cqystoo?context=3

Single transaction can contain 10 kB of script  => 10 kB of data

[Zangelbert Bingledack]

I'm not too worried about the blocksize debate now that I know even Peter Todd supports an increase "eventually." To me this says the first sign of actual delays and price impact will see all these guys change their tune.

[afbitcoins]

I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling

[Odalv]

I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling

Increasing block size limits is not solution. It is "brute force" ... we are only buying time.  1B people will require 4 GB block size limit.

[inca]

I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling

Increasing block size limits is not solution. It is "brute force" ... we are only buying time.  1B people will require 4 GB block size limit.

Buying time allows alternate solutions to be properly reviewed and tested. Downtime and network issues are not conducive to the adoption wave we know is coming with the next price hump.

[Spaceman_Spiff]

I don't know enough about the block size limits really but is increasing it just kicking the can down the road. Can we just keep doing that? A bit like how USA used to keep increasing the debt ceiling

Increasing block size limits is not solution. It is "brute force" ... we are only buying time.  1B people will require 4 GB block size limit.

Maybe 'buying some time' is quite crucial for coming up with and developing the necessary solutions, and it's not 'kicking the can down the road' knowing the issue will never be properly addressed.
Although I don't fully understand the lightning network and its risks/tradeoffs, the presentation slides suggest 133MB blocks would be sufficient for unlimited transactions for 7 billion users. That would be freaking awesome, and solve the scaling problem imho (but again, I don't understand it deeply enough).

EDIT: Inca beat me to it    .