Topic: Bitcoin private key BASE58 problem - page 2. (Read 766 times)

My friendly, but sarcastic, at the same time, comment to @mynonce is that... Shake it again!


I disagree that based on few, insignificant facts like reuses of nonce, you can consider it highly likely to be Satoshi's. Let alone, for the private keys to be generated in a predictable way.

Money printing is what's illegal; to start printing dollars. But, it's not illegal to form another type of money. If some agreed to transact using salt, the government of a democratic regime couldn't consider that illegal unless the people didn't want it either. It could regulate it, though.

There's a difference between creating another currency and cheating the government's monetary system by inflating it.

Or rather couldn't stop Satoshi from inventing Bitcoin.

Or rather, they won't.

Or maybe they'll have to accept they cannot forbid it.

With your argumentation, governments could say this:

Money printing is money printing and is a criminal act. What the Bitcoin community is doing, is money printing, or money creation, or money issuance. You can sugar coat it however you like but it is stealing government's money and distributing that money without the permission of the government.


Governments allowed Satoshi to 'print' Bitcoin.
Satoshi will allow 'whoever is able to do it' to transfer these coins.
Governments will allow it.
Yes, you don't believe it. Then we have to wait until it happens.

More like 0.1%.

Theft is theft, you can sugar coat it however you like but it is stealing someone else's money. Not to mention that from a cryptography point of view if a single P2PK output could be stolen, all bitcoins outputs are in danger regardless of their type because there is a short step from there to speeding up the process that lets anyone steal the coins in a transaction while it waits to be confirmed. That makes bitcoin obsolete overnight.

Whale Alert: We were able to make the most accurate estimate of the number of blocks mined and bitcoins owned by Satoshi
https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b
And I say, that is not weak and not a guess. It is a perfect calculation, because Satoshi marked these blocks not only with the Nonce values but also with several other characteristics like timestamp, timedelta (between own blocks), ExtraNonce, ...
Yes, we can't say '100%' Satoshi mined them, but if you do your own research and understand what Satoshi has done, then one can say '99.9999999999%'.

Because after all the research, I know that Satoshi is the owner of these coins. And if there is a possibility to move the coins, someone will do it. What will happen? Nothing. Satoshi will let us move the coins. You don't believe it? Then we have to wait until someone will do it. (And we will see the reaction of the market, but it will be temporary.)
What will happen if someone moves the coins of the mentioned reused addresses that do contain thousands of bitcoin? A lot! I would not try it.


ECDSA: Revealing the private key, from four signed messages, two keys and shared nonces (SECP256k1)
https://billatnapier.medium.com/ecdsa-revealing-the-private-key-from-four-signed-message-two-keys-and-shared-nonces-secp256k1-5758f1258b1d

https://www.youtube.com/watch?v=6ssTlSSIJQE

Genesis block's reward isn't included in the circulating supply. It's block number 0, which takes place in no halving epoch. Counting starts from block 1.

And those abandoned coins will inflate the currency if they suddenly appear into the market. Similarly with gold, there's obviously a specific supply within this universe, but a minority of the ounces are in the market.

It's not impossible, but I consider it highly improbable for hundreds of thousands.

So?

They are even less secure, because instead of just "knowing public key", you also know a lot of correct signatures, where d-value is the same. That means you have a lot of "d=(s/r)k-(z/r)" equations, so a lot of "d=number*k-number2" expressions.

Satoshi owning 1.1 million bitcoins is a weak guess, I don't understand why people keep repeating it as if it is a proven thing!

By the way why are you even focusing on P2PK outputs that each contain a small amount of bitcoin compared to reused addresses that do contain thousands of bitcoin and are the same as far as "knowing public key" goes?

'with the Block 0' is correct. Because in this statement, Satoshi would use the private key of Block 0 output address to sign the message.

We know that Block 0 coins are not spendable, maybe you missed it here. (see the pre-previous post)

I understand that this doesn't change the point you're trying to make, but the Block 0 coins are not spendable, regardless of whether the private key is available or not.  Just wanted to point this out for anyone that might think that they are.

Your statement would be more accurate if you stated:
"If Satoshi signed a message with the Block 1 output address, that 'they won't move the 1.1 million coins', even then these coins were moveable."

Yes, I know that. These coins are not the majority of the unmoved coins. What I mean are coins, where it is possible to move them. That means, if a valid signature would lead to a transaction.

These coins aren't a far away medal asteroid that you have to bring down to Earth. They are here, and the distance is a signature. Therefore, those coins can and should be considered part of the supply.

If Satoshi signed a message with the Block 0 output address, that 'they won't move the 1.1 million coins', even then these coins were movable.

But not impossible. Bitcoin which have simply not moved in a long time are not provably lost. The difference in your analogy is these bitcoin are already accounted for in the max supply. Capturing an asteroid filled with gold will inflate the supply of gold significantly.

No, all others cannot.

The block rewards from block 91,722 and 91,812 were overwritten by the block rewards from blocks 91,880 and 91,842 respectively, due to a bug which was fixed in BIP 30. Those 100 BTC are irretrievable.

There have been numerous blocks which have failed to claim the full block reward they were allowed to. These unclaimed coins are also irretrievable. Notable examples include block 501,726 which destroyed 12.5 BTC and block 526,591 which destroyed 6.25 BTC, but there are hundreds of other blocks totaling several dozen more permanently lost BTC.

It won't be  20,999,999.9769, neither 20,999,949.9769 which is the precise number. Block 0's output can't be used. All others can and will.

edit: (OP_RETURN) excluded

About 244,000 metric tons of gold have been discovered as of 2021 and around 10% of that is owned by the governments of US, Germany, Italy, France, Russia, China, Switzerland and Japan. NASA's telescope captured a rare medal asteroid whose gold if brought down to Earth, would make the ounce's worth much much less.

So is the circulation ~244,000 metric tons of gold? No, but much more than that. Is it realistically effectively possible to reach that asteroid and start moving huge, golden rocks? No. So, why should you assume they are part of the supply?

I know that you can't make heads or tails of which bitcoins are lost. However, you can assume that possibly hundreds of thousands won't come into the market due to the same reason the asteroid won't come down to Earth. It's highly unlikely.

And yet, we cannot for a minute say that the other 50 BTC outputs which haven't been moved since they were mined are lost, since we have absolutely no evidence to support that claim.

That was the main one I was referring to, yes.

It is less than that for a number of reasons. There are coins which have been provably burnt due to sending to unspendable outputs. There have been times miners have not claimed the full block reward, and those coins will be lost forever. There have also been a couple of bugs which have resulted in coins being lost forever. The total number of coins provably lost isn't huge, somewhere in the range of a few thousand. But just because a coin has not been moved in a long time does not mean it lost, and certainly not provably lost.

But we have absolutely no way to quantify the number of coins lost in this way, nor do we have any way to confirm that the owner really has lost access like they say they have, nor do we have any way to confirm that access will not be recovered in the future. Therefore, those coins can and should be considered part of the supply.

No, it doesn't. If you throw away your seed phrase and delete your wallet, your balance will remain the same, but the coins will never be moved again. You can't consider those into circulation.

What about the provably burnt coins (OP_RETURN) or the unclaimed reward from some miners? It won't be 21 million, neither 20,999,999.9769 which is the precise number.

The fact that they can be moved shows that they will be moved. Bitcoin supply is 21 million and not more than that but also not less than that.

And yet, very few have recovered the 50 BTC. Being able to reverse the ECDLP means you'll get all the rest 90-95% that are considered gone for good. This will definitely upset the market. I don't know for how long or how much, but it'll definitely have an impact on your wealth. The fact that they haven't moved since the day they were mined shows that they're excluded from the ones into the actual, realistically assumed circulation.

The “90-95%” is pure speculation.

For which incident does that go to? The one that says Craig Wright is a liar?

Whole crypto industry?  No.

Individuals that don't understand cryptography or don't understand quantum computing will often mistakenly believe that "quantum" is a magical word that means "able to instantly break ALL forms of cryptographic functions with as little as 1 qubit".  These people tend to be very vocal and like to hear themselves talk, so you see a lot of nonsense from them.


As has been pointed out by others, not all bitcoin addresses or transactions are the same.  There are P2PK transactions where the public key is in the transaction (and there is no address).  There are addresses that are hashes of complex scripts that may not use ANY public key at all.

Additionally, in most cases, the public keys associated with the address are broadcast when the bitcoins are spent. This is why it is a best-practice to never use an address more than once to receive bitcoins. Instead, generate a new address for every transaction.


In many cases bitcoins have been lost due to users trusting some third party to secure their private keys for them.


Unless you fail to secure your private keys yourself.  Malware can capture private keys stored on your own computer. Thieves can gain access to any physical storage or trick people into revealing passwords. If you do not have exclusive access to all the private keys associated with a bitcoin address, then you do not have the bitcoins associated with that address.

That could happen at any time that Satoshi or some other early miner with a large stack of dormant coins decides they wants to spend their coins. Assuming that coins which have not moved in 5 or 10 years are permanently lost is incorrect, as we regularly see coins like this move, or occasionally even sign messages.

It will be decades before we have a quantum computer powerful enough to reverse the ECDLP. It will be significantly longer than that until we have one which can solve it in <1 hour, or even <10 minutes. I suspect we will move to a quantum resistant algorithm before the former of those two events happen, which will be long before the latter is even within the realms of possibilities.

It will affect them, though, one way or another. Yes, if they take the necessary precautions then their private key isn't going to ever be calculated that way by an attacker. However, the ones who do have exposed their public key and do not take those precautions will affect them. The market will be disrupted once an attacker finds out the first ever rewarded addresses' private keys. Imagine being able to include a million of bitcoins into circulation.

Then, you need to ensure that the attacker can't make the calculations quickly. If they do and specifically faster than the time that takes your transaction to be confirmed, then they can even spend your own money.

Nonetheless, it's considered an improbable scenario, currently.