Topic: [ANN][CLAM] CLAMs, Proof-Of-Chain, Proof-Of-Working-Stake, a.k.a. "Clamcoin" - page 123. (Read 1151252 times)

It's the Clamunity that makes us special, the distribution and the fact that coins mine coins.

Hi CLAMs community. I am new to CLAMs and trying to understand this coin and it's (future) value. Could someone explain me (and other CLAMs newbies reading this) why people should own this coin? What make CLAMs for example unique to DeCred or BTC itself. What does the near development future look like? Hope to read some interesting views. Thanks!

How about this to see if it's worth spending any further time on CLAMs:

1. Sync the CLAM client on an internet connected computer which doesn't contain your private keys. This can be done within a VM, or a fresh OS install, or even a remote VPS.

2. Copy, via sneakernet, the client executable and blockchain data to a NON internet connected computer. Start client. Import wallet.dat, or individual private keys.

3. If balance is zero, stop here.

 Absolutly right, I don't recommend the use Re-use of btc addresses or use the same address as a change address, but I did it went I was new to bitcoin and more focused on getting the satoshis than reading about how it works, for example my first address can't be empty, because it contains dust that "now" will cost me more in fee that the value that they have, but i don't know if in the future will be anything that allows that dust to be used, also to proof ownership of address that was active since year X month Y, and is not consider a leaked or cracked address. In relation with the "look-alike" like address another good point because for vanity and non-vanity is relative easy, doesn't even need gpu power just proper knowledge to create something that will fool a fast visual inspection, so be aware from where you retrieve your public addresses and full visual inspection letter by letter must be recommended if from where you copied your public key is not trusted.

 I must clarify that I don't have any reasons to doubt about Clamclient's source code, It have been reviewed by dooglus and many others in the community and has enough time around for someone to point anything that doesn't looks right, anyone that has the ability can review it. The decision that I have take may not have sense and not necessary is what the others should do and in the future I can change opinion and decide to dug it.

One of the ways in which such btc addresses are important is as a signal to others that these addresses are considered “special” by the owner and worth close attention, such as generating a “look-alikey” vanity address that is designed, in the right circumstances, to sneak under the user's perceptual filters.

Re-use of btc addresses (either “vanity” or “favoured”) leaks information and opens up the attack surface so is not consonant with a “total opacity” approach.

Just sayin'.

Cheers

Graham

 The way you explain things is very well and you speak with the authority of being able to understand the code, I try to explain but is more harder because I'm not 100% sure about what I'm talking about because i do guessing in some cases about how something is supposed to work, your opinion is very appreciated doog.

 He have a case very similar to me, I have a couple of addresses that i don't want to empty, my options were clear, check the code by myself (required knowledge is still on 101), try to follow the best security practices to minimize risk and trust the clam client with my private keys or never claim those clams. I opted for the third one, sometimes an address like your first btc address or a vanity one that you like can be very important in some way, if you don't gonna feel comfortable with a certain action is better to try find another way to get those Clams.

Yes, I saw. I just thought I'd tell him too.

The CLAM client signs its transactions in the same way as Bitcoin clients do, with minor changes - the version byte is different, there's an optional 'clam speech' field, etc.

It's not too big a job to review the code and see how the signing is done if you have the required knowledge. But if someone doesn't want to put in the effort and isn't willing to trust the signing code without reviewing it then they don't have to claim their coins.

No, that only affects where the newly created coins are sent.

Can I use the "setstaketo" command to let my Raspberry Pi do the staking while keeping my precious Clams secure?

 I suggested that to him, but he said that he doesn't want "clamd" to access his Private Keys


 At least the way that I see it, he wants to sign a the clam transaction that will allow him to dig his Clams, but he doesn't want to do it with Clamclient because he is worry about the possibility that the software will add to the signature some "theorical" trace of his Private Key encoded in the way of comments or a 'hidden message' so he told that even an airgapped offline Clamclient is not trusted for him.

 As far I can see he trust Electrum to do signing for unsigned transaction or raw transactions on an offline airgapped environment but even if he creates a raw transaction with a Clamclient, he's won't be able to sign that transaction with his Bitcoin client that he use to sign Bitcoin transactions and he feel will not add anything "extra" to the transaction, because like was pointed before many altcoins including Clam use a different 'version byte' than Bitcoin. Some type of modification to the source code should be needed to allow for example his Electrum wallet to sign the Clam raw transaction and that open the question 'would you trust your bitcoin client after been modified?' because if you don't make the changes to the code by yourself knowing what the new added feature does, you end up in the same situation as trusting the Clamclient just that is even worse because if the new feature is not public available as open source other peers won't be able to review and warn you about something suspicious in the code.

 I think the best way to solve a case like this will be (if it's possible) to explain in a easy way the differences between how does the Bitcoin Client and Clam Client creates the signature for a transaction, that way maybe, someone could see well that the process is almost equal to how Bitcoin do it and the parts were is not equal is because of for example 'version byte' and how that doesn't compromised or add anything extra. Of course that will require the ability to read the code and understand how it works, because it probably won't be something too easy to be explain.

You can do the same with the CLAM client. Create the raw transaction on an online machine and sign it on an airgapped offline machine:

$ clamd help createrawtransaction | head -1
createrawtransaction [{"txid":txid,"vout":n},...] {address:amount,...} [tx-comment]

$ clamd help signrawtransaction | head -1
signrawtransaction [{"txid":txid,"vout":n,"scriptPubKey":hex,"redeemScript":hex},...] [,...] [sighashtype="ALL"]

Well, okay, I give it to a software, namely one on the airgapped system.

I was referring to the vanity address in my signature. If I'd use some website which claims clams by using my private key, that address would essentially be dead. And I want to actually keep it because it's well published.

With Electrum, you can have two wallets, one with the private keys on an airgapped machine, and one with watch-only addresses on a connected one that does not contain any private key.
You can create a raw transaction which you can transfer to your secure machine, sign it there, copy the signed transaction back and broadcast it. That way, the private key was never exposed to the potentially insecure machine.
You can even copy that signed tx to a pushtx website, like at blockchain.info.

Do not discard Bitcoin private keys.


https://bitcointalksearch.org/topic/m.15136


I'm hoping that we can add a Clamcoin mining pool on FreeBitcoins that will allow people to join our pool by this method as well.  We have a lot of people who want to claim their free bitcoins, but aren't a fan of coughing up a private key.  This should hopefully lead to helping CLAM decentralize.

We still have to allow user balances and a few other things before that, but it is in the works and I think a good way to get "free bitcoins" long term.


I'm sure you already know this, but your address is already public on the Blockchain... just no name.

Same same but different... BUT still same same.

Yes, but the message has to be in a particular format. It has to be in the same format as a regular transaction. For the inputs, list the CLAM utxo's you're spending. For the outputs, list the address and amount you are claiming. Then sign the whole thing using your Bitcoin private key.

There is a reference implementation that can do this for you in the CLAM github - it's part of the CLAM wallet - but you are free to rewrite it if you like.


How are you going to sign a message if you're not willing to use a website or some software?


Maybe this is the part you're not understanding. What do you mean about "giving up my sig address"? Do you think that when you sign a message with an address you aren't making the address known? Because you are. Every time you publish a signature you are publishing the public key along with it.


Signed proof is how every transaction works in every crypto. If you're looking for a way of signing a message without revealing the address used to do the signing I don't think you're going to find it. If you don't want to trust the free open source code provided by the CLAM project and used by thousands for years without claims of a single theft resulting from its use, you are free to audit the code or even rewrite it from scratch. And of course you're free to never claim your free CLAMs too.

 I understand your point in this, but like I quoted before the key point in this is


 I don't know if  you're familiar with how the "version byte" can change the first letter of a given altcoin, it's mostly shown in things like vanitygen for altcoins address generation.

 In theory i guess that if it is the same Private Key as for example your BTC address, but the 'version byte' is the only thing that is different, the process to generate a signature for a transaction must be the same, the only change should be the 'version byte' that way if you have programming knowledge you could in theory  be able to modify or create a program to make it able to sign your Clam transaction and that way you know that the signature generated doesn't contain any external data that could help "someone" to guess or obtain your Private Key, that in theory will allow you to sign your clam unsigned transaction with for example a modded 'version byte' sign transaction command added to your Electrum btc wallet.

 But you may noticed that I mentioned a lot the in "Theory" here, this is because Clam doesn't have a typical 'version byte' at least for the case of vanitygen, the way that is used for that program for obtain the 'version byte' of a give altcoin for example Dogecoin is not the same as for Clam, even Dooglus needed to do make a custom version of vanitygen just to generate the addresses correctly, I don't know if it that is a minor tweak to the code make it work properly, but at least you need to know that changing the 'version byte' may not be enough to modify or create your own clam transaction signature generator.

 Getting back in reality, maybe you won't be able to claim your Clams because the coin was designed, to claim ownership of your Clams with signed transaction, I doubt that a signed message will do it. Of course only a programmer that know about how the signing process goes can tell what is right or wrong in all my blah blah blah.

Thanks for the thought you put into it, but it would still mean that I give eg clamd access to my keys (in a truly paranoid way I could argue that they might be added into the transaction as eg comments). Ideally, Clam would allow me to export an unsigned transaction which I can sign for example with Electrum or signrawtransaction, save and re-import in Clam to broadcast. I'm looking for a method where I don't need to give Clam any access to any private key.

Not to mention that it would also imply to change all addresses in use for payouts with other services. To get some clams, I'd have to update each and every account where I have a btc address configured. That's not a solution.

I think there is a simpler solution.

1) Move all BTC off the addresses that had BTC on the distribution day to new addresses on your Trezor hardware wallet.
2) Import the private keys of all these addresses into the clam client
3) Get the clams [!]
4) Discard the Bitcoin private keys used to get clams and never use them again.

That way you do not have to be as careful as is described above.

 I was looking for an answer for your question and found this and I think is related to the topic, after that quote, I will write my suggested option for your case.


 Disclaimer: the following steps are supposing that clam client allows to create signed transactions able to be push by other clam client, also this not intended to be a full guide that you should follow, is just few ideas about how you can approach to get your clams.

 My suggestion is that maybe is possible for you to set up a clean OS where you can install the Clamclient and let it fully sync with the clam blockchain, maybe a full sync won't be needed because I think since the undug clams were assigned prior the Clam blockchain started running, those clams must be at the beginning of the Clam blockchain (but at least you will need a few blocks in your clam blockchain), then you can unplug/block/disconnect it from the Internet from your freshly installed OS, import your btc/ltc/doge wallet, check how many Clams you got and them create a transaction and sign it with you Private Keys, you will need to create a receiving address and properly make a backup of it, so you don't send your Clams into oblivion.

 All this done without Internet connection should protect you from the possibility of your Private Keys being sent by the software to the Internet, then with the transaction saved in a file you can find a way to decode the transaction, there you can see if there is something wrong with the code or signature, then you can push the transaction to the clam blockchain and your transaction should be mined and validated, usually you'll have few option with clam to push your transaction, you can make another Clean OS and this time I think you should have to fully sync it, so you can push your transaction or you can ask a friend with a sync clam client to push it for you (coz as far I know there no risk for your Clams to be stole by being push by other person).

 After all that, you need to properly delete your clean OS (the one were you put you btc/ltc/doge wallet) so you don't let any possibility of your Private Keys being compromised, Probably occupy the Entire disk with new data and proper format should do it.

With so many replies I might have missed the answer to the following:

Is it possible to claim clams by signing a message with your privkey?

Giving the privkey to some website, or some other software (even if it might be legit) is not a valid option.
I'm aware that you can first empty the BTC address to a new one, but that's not an option in some cases (like, giving up my sig address).
If signed proof isn't possible/planned, then I'll just ignore my clams to be on the safe side.

If you have BTC, LTC or DOGE keys from 2014 you sure can!

You can earn a little over .1 CLAM each address you help FreeBitcoins.com dig and earn 100% of CLAM faucet use from your affiliates.