Topic: John Nash created bitcoin - page 17. (Read 22259 times)

Dorky keep digging more into your Dunning-Kruger facepalm.

There will plenty more coming for you because you seem to feel it is necessary to try to prove something against me.

Seriously dude, you are not competent. So much so, that you can't distinguish competence. Sorry if you are butthurt. I am simply stating facts.

The difference between the uninformed and the stupid, is the stupid insist even after they've been informed.

The best advice I can give you is to read more, and type much less.

Maybe iamnotback is not suffering from the same (Dunning-Kruger effect), that he is really superior and somewhat legendary.





You know, sometimes it can be fun "praising" the truly foolish, and watch in glee the fool nodding in agreement.

You are suffering from the Dunning-Kruger effect.


@dinofelis will acknowledge the correctness of my rebuttal, unless he is disingenuous. And I don't think he is.

@dinofelis's mistake was thinking that something that is intractable is worth worrying about. Cryptanalysis attempts to reduce the intractable bitlength security to a tractable attack. But I explained the staging of the SHA256 before the input of the RIPE160, in theory makes cryptanalysis attacks on the collision equivalent to attacking the 256-bitlength collision security of SHA256. Cryptanalysis attacks don't collapse to 160-bits. I possess more knowledge about hash function security than @dinofelis.

I am thoroughly convinced that iamnotback is a total moron.

Readers I am not admonishing @dinofelis. I respect him very much. Please read all the way to the end of this post.


Correct the intractable brute force collision attack is reduced to 2^160 bits.

And that is you're mistake. Shocked?   I had thought of that of course and was waiting for you to make this mistake.

Here we aren't concerned about an intractable brute force attack. We are concerned about cryptanalysis breakage. And non-brute force, cryptanalysis collision attacks require attacking the input (and output relationship) of the RIPE160, not attacking the input of the SHA256 whose output in the input of the RIPE160. Such as for distinguishers, boomerang attacks, etc.

I have studied hash functions and their cryptanalysis some, so I became aware of this.


Although you try to make that big number of potential duplicates sound like a big deal, it is in fact intractable to find one because of the 2^160 bits of collision space in the brute force attack case.


As I had originally pointed out you are conflating two entirely different systems of security and each can benefit orthogonally from increased bit lengths when we are not concerned about an intractable brute force enumeration attack and instead concerned with math theoretic cryptanalysis breakage.


That is why we need the 256 bitlength security for the ECDSA. That has been my point. Don't conflate hash function attacks with ECC attacks.


You're thinking about it entirely incorrectly per my points above.


Incorrect. Think about it.


You presume we are simpletons, because you have made a Dunning-Kruger mistake.


Please don't lecture me. I understand all that. But you got lost in the trees and didn't see the big picture point.


Nope. Your analysis was clumsy.

Please stop thinking Satoshi made mistakes. He was more clever and exacting than you. You really want to believe the global elite didn't create Bitcoin. And you really want to believe Bitcoin is going to fail. But your beliefs do not align with objective reality.

I am not trying to insult or demean you. I know you are very smart and I have appreciated all your very high-quality analysis. As well you turned me more on to the concept that PoW is a crab mentality immutability game theory.

I am just noting that your confirmation biases for wanting Bitcoin to fail, are I think causing you to be overconfident and not skeptical enough on your analysis.

Given that that thread is closed, I won't reply there of course.  But your rebuttal is wrong, most probably because you didn't see the point I was making.

Here is your rebuttal:

There are different forms of attack on a bitcoin UTXO, some more theoretical than others, but here it goes.

In order to spend an UTXO in an attack, you have to provide a digital signature and a public key that allows to verify that signature, in such a way that:
1) that signature corresponds to the transaction as verified with the given public key
2) the hash of that public key corresponds to the given address.

Of course, 1) is not difficult by itself: just any key pair (P,S) will allow you to use S to generate a valid signature, that can be verified by P.  The hard part is 2), the fact that the public key has to hash to the given address.

Essentially, we need to find a P such that
1) P corresponds to an S that can generate a signature to be verified by P
2) P ultimately hashes to A, the address.

In this problem, A is the only given.  ANY P that hashes to A and that has a corresponding S, will do.

The cryptographic assumptions are that we have an easy elliptic function ell(S) = P, and an easy hash function hash(P) = A.  Note that the fact that hash() is a compound hash function of two standards, SHA-256 and RIPE160, doesn't matter in the theoretical description.

ell() is a 256 -> 256 bit function
hash is a 256 -> 160 bit function.

In the end, the only thing that we need, is to find an S, such that hash(ell(S)) = A.

As hash o ell = full is a 256 -> 160 bit function, to brute-force this, your security is essentially 160 bit.  After on average 2^160 trials, you will have found an S.   It will not be the owner's S, but that doesn't matter.
This particular S will:
1) provide a P that will be able to verify the signature generated by S
2) have the P hash to A

and that's all that is needed.

In fact, 2^(256 - 160) = 2^96 different (S,P) key pairs will satisfy the needs to spend the transaction output.  Only one of those is the true owner's key pair, but the whole point is that that doesn't matter.  The transaction can be satisfied by 2^96 different key pairs, because the only thing that is needed for such a key pair, is for its public key to be hashed to the address.

So the effective security of bitcoin's signature scheme, is 160 bit on the condition that all cryptography is perfectly safe.   There's no point in going to 256 bit for the key pair, because 96 bits of that are lost, given that 2^96 key pairs hash to the same address, and are interchangeable.

Now, ONCE the public key is exposed (which is normally, if no address re-utilisation, only when the payment is broadcast), the security of a 256 public key scheme with full cryptographic security is 128 bits (all schemes are vulnerable to Pollard's rho attack which halves the number of bits).  As such, it seems at first sight that a 160 bit hash doesn't seem to decrease the security of the key pair, a 256 bit key is in any case not more secure than 128 bits.  I'm even not sure that you really maintain the 128 bit security if 2^96 key pairs are possible, even though for most general attacks I know about, you need to know the explicit public key and not just a hash test of it.

However, such security is not needed.  The public key only needs to be secure from the moment of broadcast until the moment of integration in the block chain, that is, about 10 minutes.  There is no need for 128 bit security in that case.

If you would have taken 80 bits of security, that is, an elliptic curve crypto system with 160 bit keys, then there would be only a single key pair that corresponds to the address. You wouldn't have wasted 96 bits for each input.  The long time security would still be 160 bits, because of the security of the (combined) hash function.  And 80 bits of security would be more than sufficient to keep the secret the time between broadcasting the signature and the key, and its inclusion in a block.

The error you (and probably Satoshi) make is to think that because at a certain point we have 256 bits, that this level of security is "locked in".  This error comes from thinking that one has to crack the scheme "backward" one by one: first one has to crack RIPEM160, then one has to crack SHA-256, then one has to crack elliptic curve discrete logs on 256 bits.  But that is not necessary.  You can see the system as a whole, and you shouldn't see it as reversing several individual steps.   You can easily see the problem with that notion.   Suppose that passwords are protected with a 20-bit hash.  That is, an idiot programmed a log-in system such that, for reasons of security, your password is hashed with a 20-bit output hash, and only this hash is stored.  (that's like bitcoin's address).  Now, to log on, you provide your password, the hash is calculated, and if it fits with the 20-bit hash, you are allowed to log on.  You remember that one should use long pass phrases.  So you type a sentence of 60 characters, nobody can guess.  You think that you have ~300 bit security if we take 5 bits of entropy on average for a typed character.  However, the hash of that long phrase is only 20 bit.
If I want to brute-force your log on, I only need to try about a million passwords.  I will NOT guess your password.  I don't need to.  I will find a password (a different one) that will hash to the same hash as yours.  And I will be able to log on.

By limiting the hash of the public key to 160 bits, Satoshi has limited the security of that key to 160 bits in any case.  Providing 256 bits is not meaningful, not any more than your long pass phrase was meaningful security.  You could have taken a password of only 4 characters, you would have had about the same security.  Satoshi could have taken a public key of 160 bits, that would have given the same security ; apart from the small time lapse between rendering the key public (broadcasting the transaction) and its inclusion in the chain.
And one would have saved 96 bits per input on each transaction.

What is even more, if for one or other reason, Satoshi was of the opinion that the key needed its security by itself, then it is even stranger to have a key with 128 bit security, and an address with 160 bits of security.  If Satoshi considered 128 bits sufficiently secure, there was no reason to keep 160 bits of the hash in the address. 128 bits on the address would have been good enough.

In other words, the word length choices make not much sense, security wise.

A) Satoshi wanted 160 bits of security only for addresses --> a 160 bit (80 bit security) elliptic curve signature would have been good enough, and 96 bits of saved room per input

B) Satoshi wanted 128 bits of key security overall, also with public key --> the 160 bit hash of the address is too long, he could have won 32 bits per output with addresses of only 128 bits

C) Satoshi wanted 160 bits of key security overall -> his 256 bit elliptic curve signature is not good enough, it has only 128 bits of security, and maybe even less.

==> clumsy crypto.

From the wiki and general articles related to bitcoin understood that more of the bitcoin legendary cryptograph developers claim themselves to be Satoshi.

I have refuted you in another thread. You had some really dumb errors in your analysis such as claiming that RIPE160 reducing security. No it only reduces the space of addresses increases potential collisions but only astronomically small probability yet saves a lot of scaling space.


The game theory of Bitcoin is a crab bucket mentality Schelling point and nobody can change the protocol, they can only block changes to the protocol. Which is exactly what is happening.

Chinese cartel doesn't control Bitcoin, the protocol controls itself. The Chinese are protecting the protocol precisely as the game theory expects they would.

It is difficult for me to have a discussion with the idiots here in these forums. You guys don't assimilate everything I write.


Thirty idiots who can't assimilate detailed technological research are basically just noise.

I have already explained that Nash was obviously (but likely unwittingly) involved and explained why.

Idiots are not worth my time.

Let this guy go. He has no proof and obviosuly gets zero pussy. You mad bro? LOL

If John Nash was so smart and he invented bitcoin then why didnt he foresee that a chinese cartel would arise and centralize his entire project? this doesn't make sense to me.

Lol this guy, TRAIN: stop with the personal attacks. Its absolute insanity to think that all the people here have not read the material and have each come to the same conclusion.

If 30 people are telling you that your evidence is circumstancial at best and proves nothing, it doesn't mean we don't know the english language, it doesn't mean we don't see the clues you are trying to tie into, or that we're idiots that haven't read your material. It means that we are taking in the SAME INFORMATION that you are, but we are not coming to the SAME CONCLUSIONS as you. I'm sorry dude, but I think it is YOU that is being the close minded retard at the moment.

Why are you so emotionally invested in this? You think that makes us want to listen to you?

It makes me laugh at every comment you say because you literally say the same shit over and over about how no one is reading the material, despite the fact that people are literally quoting text from said material.

You might THINK you got Satoshi pegged, but so does 100 other people. That's the thing about circumstantial evidence, it's circumstancial... lol.

Stop being such a whiney lil douche. You will never prove whom Satoshi is unless you can get a Satoshi sig on a relevant block, and because of this, no one will ever give you the recognition you oh-so-desperately desire, no matter how EARTH SHATTERING (that's debatable) your circumstancial evidence is.

Sure Nash does look like a great candidate, fuckin' prove it though, idiot lol you never will.

You might as well be looking for big foot and calling anyone that is a skeptic an idiot. Is it the skeptic or the person whose spending his precious time searching for big foot thats the idiot, hmm?


Until you can prove it (which is an impossible task), you are just as big of an "idiot" as anyone that is skeptical about this because you are full heartedly believing in circumstantial evidence (evidence that would be thrown out so quickly in court its not even funny) which is completely unproven and honestly pretty fringe-theory at best.

Sorry to rain on your ego parade.

Maybe you are right in moving this topic in speculation but I think it is still OK that it is here in the discussion, there are really many allegations regarding who Satoshi is, and many in this forum are very curious and would like to really know the true identity of satoshi.

This is exactly why Satoshi cannot be Nash.  Satoshi's creation contains too many blunders (mathematical, cryptographic, economical, game-theoretical and programmatic) to be made by a genius like Nash.  Contrary to what many in the bitcoin world believe, Satoshi wasn't a genius at all (or he was a very evil one hiding what he was really up to).  Satoshi DID have some bright ideas.  And he also did mess up quite a bit, and as such, he did demonstrate he didn't deeply understand certain aspects of what he was doing.  Nash can't be that silly.  Or his high age had deteriorated his genius.

I already indicated several of these silly errors in bitcoin.  One more: the true protection of a bitcoin signature is NOT the elliptic signature scheme, but rather the hash function that transforms the public key into an address.  If a bitcoin address is only used once, the cryptographic security of the digital signature scheme doesn't need to be strong at all.  There's no need to go to 256 bit elliptic curve signatures: in fact the signature scheme only needs to withstand attacks during the time the transaction is broadcast, and is included in the block chain: so at most an hour or so (unless full blocks ) and even 10 minutes is good enough.

The reason is that the public key is only made public when signing a transaction.  Even a very cheap signature scheme would be good enough: it will withstand 10 minutes to an hour.  The public key is invisible as long as the hash function is secure.  I said somewhere else that it was totally utterly stupid to have 256 bit signatures but only a 160 bit hash.  But the complexity of the elliptic curve signature scheme was total overkill.  A genius like Nash would not even be capable of thinking of such a blunder.

Satoshi did have bright insights, he wasn't an idiot.  But he wasn't a genius (I see a genius as someone with very profound, deep insight in matters that nobody was understanding at that point).  

This is often a confusion: people think that "successful" people are genius.  Genius is rarely successful, because the deep insight also shows the genius all the limitations of a possible creation, refraining him from going ahead.  A successful person has a bright idea with limited understanding, over-estimates his view on things, and hence doesn't realize that his creation has serious flaws.  This allows him to focus all his energy on his half-failed idea, which, with sufficient luck, becomes a temporary success.

This is also why the elite is not very bright, but has had some successful ideas and mainly a lot of luck.  It is why they are arrogant, and mess up things: because of their limited understanding of things, and their confusion between the fact that they were just lucky to be successful, thinking erroneously that it is caused by their "genius" they are in fact totally lacking.

The successful elite are lottery winners that think that they know better than anyone else how to win at lotteries.  True genius is not like that.  Satoshi has made a successful invention with a lot of profound errors (like most successful things), because he had some bright ideas and was totally lacking the profound insight of the system he had created - lack of insight which allowed him to persevere in his creation of bitcoin.

Ya, he died 2013, have you googled David Kleiman?

But it had happened by mid 2015 but we were searching Satoshi Nakamotto from late 2010 itself. (I am not going to say he would have been active till his end of days).

Here is more info on John Nash: https://en.wikipedia.org/wiki/John_Forbes_Nash_Jr.

I am not finding much interest on chasing a man who is no more. I want Satoshi to be unveiled and he needs to be active here in this forum for some guidelines through which I believe bitcoin will get wide spread to new people.  

satoshi was allready busted
https://www.wired.com/2015/12/bitcoins-creator-satoshi-nakamoto-is-probably-this-unknown-australian-genius/

I'm surprised this topic was not moved to the speculation sub 

Yes he is a great man and even if Nash is keeping pushing that kind of ideal it doesn't mean that he is truly Satoshi, even if they have many evidence that he is truly him many people would not believe it or buy anything like this, it sounded like they are pushing him to be satoshi, I think Nash is a remarkable guy and done a lot of thing to the community but we can really never know who is satoshi, and I think do we have to know the truth bitcoin is doing well even if he is not around.

I got puzzled when I saw Graig signing a message to Gavin ... why he added more characters on Gavin's original msg?