Pages:
Author

Topic: Coin Validation misunderstands fungibility and could destroy bitcoin - page 4. (Read 29395 times)

legendary
Activity: 3430
Merit: 3080
Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

Don't get depressed by events such as coin validation / redlist censorship proposals. This is all part of the Gandhi ignore/laugh/fight/you-win paradigm.

The solution is a formal community funded bounty for CoinJoin and Zerocoin enhancements to the btc protocol.

Most bitcoiners are against address censorship. Software solutions are the defense and need to be built.

I have plenty of time for optimistic plans and determined action. But I don't think CoinJoin and ZeroCoin come without their problems.


CoinJoin use with clean addresses can get you kicked out of the scheme, your addresses and your CoinJoin anonymous buddies may end up on Mike Hearn's red/black list.

ZeroCoin isn't implemented, and therefore untested. And has a problem in that the Genesis Block requires trust that the progenitor does not record the value of the accumulator, and use that to steal or track funds.

WE CAN FIGHT THIS, though. With the miners. Miners must be encouraged to reject clean addresses from the blockchain, it's the only way to kill this.
hero member
Activity: 529
Merit: 527
Reusing an address allows for a possible security breach in the ECDSA algorithm. Many random number generators are not truly random. If the same number is used twice while sending money from an address, then the private key can be calculated as per this paragraph from the wikipedia article on ECDSA:

Quote
When computing s, the string z resulting from \textrm{HASH}(m) shall be converted to an integer. Note that z can be greater than n but not longer.

As the standard notes, it is crucial to select different k for different signatures, otherwise the equation in step 6 can be solved for d_A, the private key: Given two signatures (r,s) and (r,s'), employing the same unknown k for different known messages m and m', an attacker can calculate z and z', and since s-s' = k^{-1}(z-z') (all operations in this paragraph are done modulo n) the attacker can find k = \frac{z-z'}{s-s'}. Since s = k^{-1}(z + r d_A), the attacker can now calculate the private key d_A = \frac{s k - z}{r}. This implementation failure was used, for example, to extract the signing key used in the PlayStation 3 gaming console.

The odds of using the same random number from a faulty RNG goes up as y=x!/2 (as long as x>1, otherwise y=0), where x is the number of transactions sent from the address. I feel safe reusing an address after swiping it once, even though it is only protected by the strength of irreversibility of the ECDSA algorithm. However, I will not reuse an address after pulling funds out of it a second time.

For people who trust their RNG algorithm, this may seem to be mute issue. But I am sure that people using the SecureRandom() call in Java on their Android phones felt pretty safe. As we all know, they weren't.
legendary
Activity: 861
Merit: 1010
legendary
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.

Don't get depressed by events such as coin validation / redlist censorship proposals. This is all part of the Gandhi ignore/laugh/fight/you-win paradigm.

The solution is a formal community funded bounty for CoinJoin and Zerocoin enhancements to the btc protocol.

Most bitcoiners are against address censorship. Software solutions are the defense and need to be built.
legendary
Activity: 3430
Merit: 3080
Even this uncertainty has made one decision for me.

I've been thinking over getting new mining equipment. This confirms to me that it's definitely, definitely too much risk. Until we have a clear way forward, I cannot commit to something that could be a dead loss in 6-12 months.

If a movement amongst miners started to use mining to ban clean addresses from the blockchain, I would step up and even swallow a loss, but only if it had a good chance to break the usability of the clean list.
sr. member
Activity: 404
Merit: 362
in bitcoin we trust
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

All previous addresses that received the coin are listed on the public blockchain ledger.  From what was said I believe Coin Validation plans to look at the history of the addresses associated with coins.  If your coin was used 10 transactions ago by a silk road user, (eg seen entering the silk road address) then likely implications are you will not be able to spend your coin on any site using their system.

They hope it will be viral, ie because you dont want to hold coins you cant spend, you may also refuse to accept coins they do not white list.  Having them validate your coins will not be free and the uncertainty arising from not knowing if your coins will suddenly become less spendable will create fungibility problems.

There are costs associated with the fraud tracing validation, blacklisting and payment revocation.  eg its bad for merchants too, they cant rely on receiving money they can spend themselves.  This is why credit cards are expensive for merchants (3-5% + 30c).  This is one thing that makes bitcoin attractive for merchants and users - the fees are close to zero in comparison.  Coin blacklist/whitelistng (just different names for the same trend) damage the underlying  irrevocability which enables low cost transactions, and pulls bitcoins transaction cost up towards credit cards and paypal.

The problem is when fungibility degrades because everyone is mutually scared of accepting blacklisted coins the utility of the coin goes down, the cost of using the currency goes up and so its price falls.  It might literally collapse if the feedback loop picks up momentum as people sell non-white listed coins at steeper discounts in a race to the door.

This makes as much sense as a $100 note in your pocket disabling itself because 10 previous holders ago, someone stole it from a convenience store.

Someone posted on reddit about a 17th centur scottish court case (cant find the link now), where a bank was able to prevent legislation that would've had that implication - if you're left holding a stolen note, you lose it.  The court rejected the case based on the argument that doing so would be unfair and also destroy the fungibility and value of the currency.  Coin Validation want to reopen that 17th century mistaken (but defeated) court case.

Adam
legendary
Activity: 3430
Merit: 3080
It attacks the property of one Bitcoin being as good as any other. If you can't understand why, well, I can't turn the cogs of logic in your head for myself.
legendary
Activity: 861
Merit: 1010
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.
Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.

Read it again.

They say that Avalon mining devices will not be available to people that don't use identified addresses. This is a way of destroying the concept of using multiple addresses at all, and it also compromises the security of the address. The more you re-use addresses, the easier some criminal will find it to synthesize a valid signature for that address, and steal any money sent to it. This is one of the reasons why address re-use is discouraged.
I understand how this is a privacy and security issues but I don't get why this is a fongibility issue ?
legendary
Activity: 3430
Merit: 3080
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.
Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.

Read it again.

They say that Avalon mining devices will not be available to people that don't use identified addresses. This is a way of destroying the concept of using multiple addresses at all, and it also compromises the security of the address. The more you re-use addresses, the easier some criminal will find it to synthesize a valid signature for that address, and steal any money sent to it. This is one of the reasons why address re-use is discouraged.
legendary
Activity: 861
Merit: 1010
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.
Reading the Forbes article I think it's pretty clear it's only what they are talking: a base of adresses link to a real world identity.

So I don't see where is the huge problem, like you said sending coin to a new adress destroy the identity link.
legendary
Activity: 3430
Merit: 3080
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.

This assumes clean addresses will be the only list. Dirty addresses are being touted by Mike Hearn, when the real solution to theft and ransomware should be technical. And it's not like technical solutions don't exist, Mikes very own face and spiel are advertising the Trezor hardware wallet on it's front page.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?

if sending coins to a new address makes them all clean again then this idea is beyond retarded and we need not care about anymore.
legendary
Activity: 861
Merit: 1010
But isn't the purpose of CoinValidation to label adresses and not coins?

I don't get why the fungibility of coins is destroyed if only adresses are impacted?
legendary
Activity: 1400
Merit: 1013
Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.
He's hiding in the shadows of the private Bitcoin Foundation forums, where he doesn't need to answer inconvenient questions posed by the hoi polloi.
legendary
Activity: 3430
Merit: 3080
Yep, and Mike Hearn really does not understand all this, despite his capabilities as a software engineer and systems designer. Show yourself, Mike. It's trial by fire time, you're gonna have to get this out of the way.

This violates funds security (exceptionally ironic), privacy and fungibility.

We must institute some new behaviour of the block construction functions in the main client, such that miners can reject transactions from a list of their choosing. This is fraught with danger, as it could be used to enforce a blacklist instead of disparaging a whitelist. But I do not see how anonymising can help in the long term, it's characterisitics can be recognised in the anonymised transcations, and so there will be little point to trying to send these transaction to sanitised addresses. You will be banned from sanitary address schemes, and added to blacklist addresses, along with your anonymising buddies that make up the "suspicious" transactions.
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
it would do wonders for confidence if this the dev of the project would say something like " after hearing the communities concerns, we have decided to change are our plans for a black-list,  thank you for you input."

something to that effect, please.
legendary
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
sr. member
Activity: 336
Merit: 250
♫ the AM bear who cares ♫
legendary
Activity: 1400
Merit: 1013
Its based on significant misunderstanding about bitcoins value proposition - destroy its fungibility and the costs float up to meet credit cards and paypal.
I don't think there's enough evidence to assume that it's based on a misunderstanding.

Credit cards, PayPal, and many other existing players have a lot of investment at risk in the long term if Bitcoin manages to keep its value proposition. They have a very strong financial incentive to understand exactly how to bring Bitcoin down to their level.

Reality,

Boycotting won't stop them.  We need to put our thinking caps on, as Adam said, and figure out a better solution.  It seems the dark wallet and mixes is the best option.  If we figure out now what will fix the problem, we can popularize it while the coin is still young.
Give up on traditional business that have VC investors, physical offices, and bank accounts, and replace them with censorship-resistant organizations.
legendary
Activity: 1806
Merit: 1024
In every superhero movie there's also a scumbag traitor who sabotages a noble cause for personal gain.  These guys are it.  They know perfectly well the full implications of what they propose.  To assume they are just stupid or careless or misunderstanding, is to let them off lightly. They should be shunned and berated and boycotted to the point of never wanting to show their face again in any context related to Bitcoin.

The many thieves and scammers in this community are an unpleasant reality, but these guys are an even lower life form. Traitors and collaborators were rightly assigned by Dante to the very deepest circle of hell.


This!


Feel free to add information on these guys:

https://bitcointalksearch.org/topic/boycott-all-businesses-associated-to-alex-waters-matt-mellon-and-yifu-guo-332918


ya.ya.yo!
Pages:
Jump to: