Topic: Do miners really think destroying Bitcoin will make them rich? - page 2. (Read 7491 times)

You don't get it absolutely

But the fact that you don't see the point here itself tells a lot. Essentially, it tells that you know neither mathematics nor cryptography (apart from a few basic concepts which you don't understand either), and that you are not seriously involved in any science in general. Otherwise, you would have known that if you have a deeper understanding of anything than someone else, you can always, and I repeat it, always explain however intricate or fundamental problem or idea in terms which your company understands. But as I said, you should first fully understand the problem yourself (to correctly scale down). That's basically how any scientific discipline is taught. If you are a university professor or a school teacher, you always proceed from the lower scope all the way up to your own limits or limits required by the curriculum. I can't explain the measurement problem in quantum theory because I don't understand it myself, but whatever I understand I can always (I repeat again, always) explain it in a few sentences within the scope of understanding of whoever may get interested. As an aside, that's basically what makes an interesting read

Value is a subjective notion, and it may very well be that to most readers, my verbiage is not worth anything.  If their attention span is limited to "a few lines" and "no formulae please", then indeed, even Newton's Principia wouldn't be worth the paper on which it is written to them.


That is a ridiculous statement when you're talking about notions like mathematics and cryptography, and science in general.  Can you explain to me the measurement problem in quantum theory in a few sentences, if it is clear that I don't know what linear superposition is ?  Can you explain the validity of the theorem that the gravity of a sphere can be replaced by a point mass in its centre for every test mass outside of the sphere in a few lines if I don't know what a vector is ?  Can you explain Goedel's theorem in a few lines to someone that doesn't know what an L1 formal language is ?  Hell, can you prove Fermat's last theorem in a few lines to someone who doesn't know what an elliptic group is ?

Open any scientific journal.  Do most articles limit themselves to a few sentences ?  Are all those authors nutcrackers over estimating themselves because these fools took more than 8 pages explaining their stuff to their high-level peer audience ? (the article that proved Fermat's last theorem was about 150 pages, for your information: according to you, that author didn't really understand what he was talking about either).

You were confusing two elementary concepts in cryptography: the distinction between "entropy of a secret key" and "brute forcing a hash function".  I tried several times to explain that to you, but if your attention span cannot go beyond a few lines, indeed, my explanations are worthless to you.  But then, your replies are not very valuable to me too.

I could indeed have answered in one sentence:

"you're confused about entropy of password and proof of work by brute-forcing hash functions".  There.  That's a valuable statement, 100% true.  Would you have accepted it ?

I'm here to learn, but I am beyond the stage where I can still learn from people with limited attention span and visibly confused on elementary notions.  Most probably, they have nothing of value to say for my learning.  That said, me trying to explain stuff to you helps ME to be even clearer on these notions.  So my verbiage does have value, to me.  The fact of writing it up clarifies somewhat more the notions I explain, and so that is interesting for me (although much more limited than someone that discusses on the same or higher level).

Have you ever wondered that your verbiage may just not be worth reading?

It kinda looks that you are heavily overvaluing yourself ("on a scale of one to ten, you probably think you're a seven, and you wouldn't be alone"). If you can't lay down your thought in a few concise sentences, most likely you don't quite understand yourself what you are talking about. More specifically, if you define a subset of a bigger set that a hashing function can be reversed to, you still basically have an infinite set. But for all practical intents and purposes, it is all six of one and half a dozen of the other since you would still be dealing with an infinite number of possible combinations that would hash to a given value (good luck to you reversing an MD5 hash). That's why the reversing of a hash function is meaningless, and there cannot possibly be a shortcut or loophole. And note that I don't need any mathematical formulas to explain this simple idea. Now you can evaluate how much your time and effort may be worth in dollar terms

If developing arguments in the form of a course is called trolling, I can understand why so many people have no clue about how things work.
Mathematical arguments of cryptographic nature, when the common knowledge is seemingly missing on which to build, need more than a few lines to be explained.  I wonder if you got your course on cryptography on a quarter of a page, and if you called the teacher a troll because he gave a text that was more than 20 lines.

In the exchange above, I tried to explain the need for the hash function not to be totally cracked in order for a special hash to be a proof of work.   That should be totally obvious to anyone knowing sufficient cryptography, but visibly the poster I was talking to didn't have that common base of knowledge - no offence.  He confused another notion in cryptography, namely key/password entropy of a secret key (which can indeed only be brute-forced if it is pure entropy) with the proof of work of brute-forcing a hash function, where no entropy is involved.

For anyone fluid in cryptography, what I say above is common knowledge, and easily understandable.  But not everyone here is a knowledgeable cryptographer.  So I made a small course on purpose to teach the difference between both notions.  Yes, it was a free course that I didn't polish.  If you want one, you'll need to pay me.

If the answer by the student is "professor, your course is more than 3 lines, I didn't read it" I stop teaching.

If the shared point of view is that anyone teaching with more than 3 lines is a troll, it is no surprise not many around are understanding crypto.  One needs more attention span than that to understand these matters.  It involves more than just spinal reflexes.   The frontal cortex needs to get involved too.

Right at this moment, I'm reviewing a scientific paper of about 26 pages full of calculations and arguments, 10 times more complex than what I wrote above.  I do this for free too.  I will not answer to the authors "Your paper was more than 5 lines, I didn't read it".

Bitcoin miners help keep the Bitcoin network secure by approving transactions. Mining is an important and integral part of Bitcoin that ensures fairness while keeping the Bitcoin network stable, safe and secure. I dont really think bitcoin miners will deliberately want to sabotage the bitcoin technology, even if some of their actions puts bitcoin in a risk, I believe in the sustainability of bitcoin.

If your attention span is too short to read a one-page argument, I can't help.  One should make things as simple as possible, but not simpler.  But to make it as simple as possible, you'd have to pay me, because that's a lot of work for little interesting return.

You are considering only a small range of possibilities

You implicitly assume that miners wouldn't be killing a goose laying golden eggs. That's not a wrong assumption in and of itself, but it is surely not the only possibility why they may actually want to kill it (or not want to kill it). For example, if they knew in advance that this golden goose is going to die tomorrow on its own, they would be better off overall to slaughter it today to sell its meat for a profit. More specifically, they may understand that they won't be able to withhold future Bitcoin updates any longer, which would bring their power (as well as fees) essentially to nothing. In other words, to betray in time is to foresee

How come miners will think in such a manner, because it's the one that gives them a reliable earning. If you consider altcoins at the place of bitcoin long back itself mining could have come to an end. The reason is that, what all issues that bitcoin faced cannot be faced by altcoins and withstand moving on the growing path. Decrease in fee might be little disturbing for the miners but they never think of destroying.

This is the modus operandi of this particular brand of trolling summed up perfectly.


"Super-smart stream-of-consciousness uber-mensch brerates the 'little-people' for not being able to come up with over-long and over-wrought confabulated arguments". I risk sounding too much like them with that description, but that's how I'm seeing it. Maybe shorten it to just plain "intellectual trolling"

Could you provide a simple answer to my post above?

I'm not reading past a few sentences of your posts (I'm curious if anyone does). At first you claimed that my question was "non sequitur" and I got confused (since I lost my own point and got led away by your verbiage), but now you are just evading a direct question. Namely, does hashing lowers security in my example or not (due to a possibility of a shortcut or a backdoor)? If it doesn't, then your whole point is null and void. Or you just can't accept being wrong since it was you who first claimed that this example is unbreakable (apart from brute-forcing, of course). I'm not interested in that, anyway. It is your problems with your ego, I don't care

But the PoW security in bitcoin is not about guessing passwords.  It is in proving that you have done gazillion hashes, to have a funny outcome of the hash.  This is why your example, although correct, has nothing to do with my argument.

If you can reverse the hash function, you don't need to perform gazillion hashes to obtain a funny hash result.  You start with the funny hash result, and you calculate backwards what you needed to put in to find the funny hash.  Given that you have not *total choice* of what you put in, but only special fields, you need also to be able to search quickly in the solution space, so you really have to crack the hash problem entirely.   But the PoW security has nothing to do with guessing passwords.  It is finding inputs that produce funny hash results, and for that, the assumption is that you have to TRY RANDOMLY.  If you can reverse the hash function, you don't have to try randomly to find the hash result you started from, because it is the result of a calculation.
Look again at my toy example, it illustrates perfectly in a simplistic setting what I'm saying here.

The "proof of work" in bitcoin is: providing such a block header, that its hash is a funny result starting with a lot of zeros.
In that block header, you have to have the hash of the previous block (cannot change it), the version number (cannot change it) and the date (cannot change it).  You can change the nonce, and the merkel tree hash.

So if you can resolve the inverse hash function so that it has many zeros (or ALL zeros), and you can search in the solution space for those headers that have the right previous block hash and the right version number, you find one or several possible results for hte merkel tree hash and the nonce.

With that given merkel tree hash, again, you inverse to find the "free parameter" hash of the coinbase, and all imposed hashes of all transactions.  If you can search the solutions in this solution space that satisfy the conditions on the other hashes, you find the free value of the coinbase transaction hash.

You invert again: you now have the coinbase transaction itself, in which you have to fix a lot of bytes, but you leave free the "coinbase comment section".  Searching in the solution space, again, will give you one or multiple solutions satisfying the boundary conditions of the transaction (the fixed pieces) and will give you the comment section.

Filling in this comment section gives you the right coinbase transaction that will then produce the hash that, combined with the other transaction hashes, gives the right merkel tree hash, that, when filled into the block header with the right previous hash and the right version number and nonce, will give a hash of ZERO !  The highest possible PoW, much more than the whole existing block chain !

But this is the crux of the matter

Since it doesn't lower security (which it should, to make your claims valid), you would still have to do the same amount of work as if there were no hash function in the first place at all (i.e. some direct encryption in place which could be cracked only through brute-forcing exclusively). Your argument that you could somehow break hash function (let's assume that for a moment) in respect to my example should necessarily give you a hint as to what this password might look like, and thus you would have less work to do to crack it (i.e. do less brute-forcing). But that would in its turn mean that hashing password actually lowers security. I guess we have arrived at a point where you should make up your mind, i.e. whether hash function (potentially) lowers security or always retains it, no matter what

Yes, so ?


No, of course not, it conserves entropy as long as the input is smaller than the output.  But that was not the point.  In other words, your example is right, but non sequitur for what I said earlier.


Nope. That's your error.

Providing a "hash with conditions" is a proof of work *because of the assumed irreversibility of the hash function* ; because you have no other way of satisfying the condition on the hash output, but to try randomly at the input.

However, if you crack the hash function, that is, if you can find EASILY all input solutions that give a given output hash, then providing a hash that satisfies a given condition is NOT a proof of work any more.

This has nothing to do with your example of transforming entropy, because proof of work is not a matter of entropy.

Let us take a very simple example.  Suppose my silly hash function is again:
f(n) = (K.n + C) mod M, with K,M and C fixed parameters of the hash function.  I'm a naive guy thinking that my hash function is a good, irreversible function.

Essentially, my hash function takes on ANY number n, and produces a number between 0 and M-1.  Let us say that M is a big prime number, with 256 bits, and K is of that order too and C too.  If you put arbitrary numbers into this function, you get arbitrary-looking numbers out.

Now, if I want you to give me some proof of work, I give you a number A, and I want you to find a number N so that:

f ( f(N) XOR A) < Z

If my hash function is irreversible, the only thing you can do is to try this function so many times as needed, which must be on average 2^256 / Z times.

However, if f is reversible (and it is !), I pick a number, say, Z/2.  I calculate (easily) an inverse value U such that f(U) = Z/2.  I calculate easily V = A xor U, and I calculate just as easily W such that f(W) = V.

W satisfies the condition I asked, but I didn't have to provide for any work of the order of calculating 2^256 / Z hashes.  Hell, I could put in Z = 0, and with the same effort, I calculate U' such that f(U') = 0 (even before you gave me A!) ; I calculate V' = U' xor A ; I calculate W' such that f(W') = V'.  Done.

You confused me since I wasn't thinking quite clearly yesterday

Indeed, this approach doesn't add to security, but that was not my point initially which I somehow lost during this conversation with you myself. My point is that if you are reversing the hash function you will still have to brute force all passwords as you would do if there was no hash function at all. In this way, hash function doesn't lower the security which you seem to accept yourself, and this was exactly my point. In other words, you would anyway do the same amount of work, and there is no shortcut or backdoor which could give you a clue what a password might be, for example, its length or which symbols should be excluded

Maybe, because they might have no other option left for them specifically?

What I mean to say is that they feel that their days are numbered anyway. The future of payment processing seems to be lying with instant transactions and with SegWit activated and Lightning Network just around the corner miners are inexorably set to lose their influence and power (read money). So they don't have to particularly care about Bitcoin with themselves no longer around, that's pretty obvious. And if they have been offered multimillion "severance payouts" to finally destroy Bitcoin, they (basically, a few mining barons) might agree to accept such offers after all

I guess you can more or less consider hash rate distribution as the same as that of fee distribution, given that all blocks are more or less equally full.  Maybe some pools are smarter than others in putting the best-paying transactions in their blocks, but I don't think so.

So, essentially, half of that amount (175 000 dollars per day) goes to 5 pools, so essentially 35 000 dollars a day per pool.  The other half goes essentially to 10 other pools.

If this is true what Trace Mayer say that daily fees are 350 000 dollars that is a lot, but how many miners needs to split that amount? Is there any info about that? I could`t find any answer on that in this thread, and in search over internet, almost all is just about hash power.


That is logical assumption, and in all this argues in the forum about bitcoin next step I believe that miners will come up wish some good solution in the end. Like you said millions of dollars are in the game, and why would they ruin all that, and all future potential that bitcoin have.

Miners have invested millions in bitcoin, do you really think they're so stupid to destroy it?

If you are opposed to the miners, you should think twice about your opinions, because miners only want 1 thing.    

Miners want bitcoin to be successful, because otherwise they lose millions.

Investors can just sell their bitcoin and they'll be fine, even if they invested millions into bitcoin. Miners can't sell their hardware and recover their investment. So miners will be the one who suffer most when bitcoin crashes.   
They will do everything in their power to keep bitcoin healthy.

+1

That's what all the "sudden" seismic political movements around the world these days are probably all about. There's no proper proof, of course, but it fits the long term pattern of history: when the old monetary system begins to lose control and break down, tyrants begin the biggest wars they can summon up.

Are we heading for big changes to the monetary system, an economic depression, and huge wars? It's not impossible, but let's not wish for it by over-interpreting the current situation. At the same time, diligent behaviour is necessary, just in case.

Above all, cryptocurrency could really help cut off the money that today's politicians need to wage major wars. We need to cut them off from cryptocurrency, and fortunately, Satoshi designed Bitcoin that way from the outset. Maybe, (dare I say it) this time will be different

There is always some force behind anyone doing anything

But just knowing this doesn't tell us anything in particular. If they want to simply make more bitcoins (in this subtle way bypassing the fixed limit of 21M bitcoins to be mined), why are there rumors that they are preparing a 51% attack against Bitcoin? Somehow this doesn't add up well to your theory. Given how many bugs the BU code contains, they don't seem to be particularly interested to actually bring BU to life. That says that they might in fact be looking to destroy Bitcoin, not just mine more bitcoins in search of profits


Okay, I see you point. As I said, I'm not very familiar with Bitcoin cryptography to continue this discussion in depth