Topic: NFTs in the Bitcoin blockchain - Ordinal Theory - page 29. (Read 9195 times)

While Monero indeed lacks scripts, 2 doesn't hold for Monero as I noted before:


Monero has no time locks, so 3 is irrelevant. Monero does have bulletproofs, so you could store a few bytes there, but unlike Grin, Monero keeps the bulletproofs ordered with the transaction, so it doesn't pose the challenge that Grin does to recover them.

The biggest spam threat to Monero is embedding data in fake addresses of many outputs while aggregating the corresponding rangeproofs into one. That would allow over 90% spam...

tromp wrote something about in their own forum. I believe point 1 and 2 both hold true for Monero as well, not sure about #3 and 4.

I see. I'd agree with the 'I do not even know it exists' since before Ordinals. Embedding data in transactions, addresses, whatever, was always considered a rare, hacky solution that only few users could and would pull off & there was no incentive for doing so. Now, things changed.
I'm not advocating for censorship, but generally restricting the ability to upload arbitrary data, without interfering (censoring) with payments at all.

To be honest, switching to scriptless or a heavily restricted scripting language, seems unrealistic for Bitcoin. So I'm not sure how to implement it; just saying that it is technically possible, because others are already doing it.

That's true. So attacking Bitcoin through NFTs is much more probable and much riskier than through the attack I presented. Which makes it much more important to protect against it...? Or not?

That's possible, but it doesn't change such attack won't make you any money. Although it's different case if that billionaire got paid or think running Bitcoin image would make people move to their centralized coin or their service.


That's true, but it'd discourage some people since it'll be more expensive and take more time (e.g. only some pool offer such service and copy-paste raw signed transaction to miner's website).


But on other hand, including non-standard transaction would bring additional complexity to their software which might not be worth it. For example, there's very few pool willing to include transaction created with uncompressed segwit address.


My point is there are far less people willing do that. As for protection against such attack, one possible option is dynamic blocksize and neutral fee which implemented on Monero[1]. Another option is modifying behavior on old version of Bitcoin-Qt which determine free transaction based on coin age, expect it's implemented on protocol level.

[1] https://monero.stackexchange.com/a/4567
[2] https://en.bitcoin.it/wiki/Miner_fees#Priority_transactions

Correct, but if someone wants a non-standard transaction to get confirmed, and pays for it, I'm quite sure the miner will not think of the future soft forks. Maybe he should, maybe he shouldn't. I'm only saying he should prioritize profit.

Yes, but it depends on what manner you'll prevent the abuse.

Sure. What do Monero and Grin do to mitigate this attack?

I can make a stand morally. Just as I'm not liable for the economic activity of the rest of the users, some of which is illegal, I don't feel guilty of incidentally distributing illegal content as well. I don't consider myself responsible for that. I don't sell it, I don't stream it, I don't even know it exists. I'm also of the opinion that when you're trying to do good things by means of censorship, the bad moral value of censorship triumphs the good intentions.

That's not a moral concern, but a legal. And I'm still curious how you can prevent the inclusion of illegal content without preventing the inclusion of any content that is valid but just non-standard.

It's not just "we can't" blame the miners, it's very stupid to suggest that they are "blamable". Everything that's making everything stick together stems from the miners being continued to be incentiviized by the network. As long as the block rewards are enough, as long as there are users willing to over-pay in network fees, the miners will be there to include ANY transaction into the blocks. If a miner decides not to include a transaction, it's another miner's gain. That's good for the network, but what it's also doing is it's neutering Bitcoin from a network for Hard Money that could weaken political strongholds, to a network cloud storage of dick pics and fart sounds.

That should never be a concern, definitely not enough to discourage such an upgrade because anybody who goes out of their way to create such outputs should already be well aware of the consequences of doing so (anyone can spend before soft-fork and nobody may spend after it).

Again, the same question: if something bad has been done, should we continue allowing it? In this context: should the protocol change to prevent abuse of the system?

I like to solve problems with science & technology, if I can. In this case, we can look at what Monero or Grin are doing and maybe learn something from them.

It is also a moral question, though. If you believe it is not trivial to legally determine whether storing and distributing illegal digital material, maybe ask yourself if you are fine storing and distributing it. You know what we are talking about.
Also: why should I commit a crime for someone else just because they pay me? (if we can agree that there is data that is 1000% guaranteed to be criminal to store & distribute)

So? Sure, I would waste my money doing that, but render Bitcoin basically useless. There are certainly people with such a goal in mind with enough money to do it. I suggest that we look into protecting against attacks, instead of shrugging them off, just because they follow Bitcoin protocol.

Currently, if you have "OP_2 " as a Segwit address, it can be spent in any way you want. So, you can have that output, and use anything as your input, it will be non-standard, but valid in a block. For example, there is bc1zqyqs3juw9m address. It has "52020101" Script.

Imagine that it will be widely used, so users will create "OP_2 " outputs, and then spend it with any witness they want, for example they include a huge witness with some NFT. What then?

Then, imagine that some proposal will be discussed. For example, there could be some FutureScript, where after "OP_2", there will be the number, representing some index in some extension tree. What then? Then it would mean that the owner of bc1zqyqs3juw9m can no longer spend those coins under new soft-forked rules, it has to be a valid input for 257th output of the extension tree.

The same was true in Taproot: if you had "OP_1 " before activation, you could use any input, and move those coins. But now, after "OP_1", it is required to put a valid 256-bit x-value for a public key, and create a Schnorr signature, or reveal another public key, and push matching TapScript data.

And now, if you allow any non-standard scripts, then it will effectively stop such upgrades, because then it will be a choice between activating some new soft-fork, and potentially invalidating a lot of existing outputs, or looking for a more complex way to introduce new features. Then, you cannot simply assume that non-standard scripts are not used. If many nodes will allow those transactions, then you have to assume that someone could make a timelocked transaction with such output. Or, there could be a pair of transactions, one creating this output, and another one spending it, and by invalidating this in a new soft-fork, you will invalidate those off-chain transactions, that are currently valid.

Because each soft-fork is about making currently valid things invalid in a new version. As long as you know what is standard, you can pick something non-standard, and standardize it. If everything is standard, then there is nothing you can standardize, because there is a huge risk that it is currently used by someone, and after network upgrade, that person will lose those coins.

Could you please elaborate further? I don't understand with a first sight how can this be a problem.

Ignoring standardness can break upgradeability. For example, if miners will start including Segwit v2 spending transactions, even if the meaning is not defined, then it will be impossible to reliably introduce those addresses if needed, because they will be massively used in the wild, and then creating a soft-fork with some strict definition of what is spendable, and what is not, could invalidate timelocked transactions.

Address them, not me.

Debatable. Some billionaire could execute this attack by the impression that it'll ruin Bitcoin's image.

Sure, you can configure your node to accept whatever it wants, but that won't stop you from Ordinal fans who'll pay miners include their transactions that pay more. I'm questioning if it even does anything if there's real demand for it. Miners shouldn't follow non-standardness, but pure profit.

But unlike creating an NFT/Inscription, loop of sending Bitcoin between 2 address won't make you any money.


They would disagree if they want their own data become immutable or hearing people making profit by selling Ordinal's NFT. Another method to mitigate such attack is making TX which push data (using Taproot OP_FALSE OP_IF OP_PUSH) higher than X bytes become non-standard. It's already discussed by some Bitcoin Core contributor on early February[1].

[1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-February/021435.html

Why there is a need to make those mistakes on the mainnet, and not on some testnet, or a separate chain, designed specifically for that purpose? If someone need NFTs on-chain, then a separate chain can handle it. If there is a need for Proof of Work protection, then it could be Merge Mined with Bitcoin, and then transactions from separate chain could use SPV proofs into Bitcoin transaction.

My point is that if protocol defines "legitimacy", Ordinals and millions-in-fees transactions are legitimate. If someone pays for the damage, it's acceptable.

What's the best method we have to mitigate from these attacks? My best guess is to educate and convince users that Ordinals are nonsense. We definitely can't prevent an attacker from executing this, though.

As I said, I don't have much to provide in the legislative part.

"Freedom is not worth having if it does not include the freedom to make mistakes." — Mahatma Gandhi.  

Sure; then I will correct myself: possible, but much less data per tx is possible, making it less suited as a means of data storage and discouraging abuse of a P2P electronic cash system as cloud storage.

Good to hear that Grin is suited even worse for Ordinals! That again proves how you often get (more or less) 'transactions only' for free when you work on on-chain privacy ^[1], which I also stated in this or the other thread, earlier. And that it is possible to discourage misuse of a cryptocurrency without censoring individual transactions.

[1] https://bitcointalksearch.org/topic/megathread-bitcoin-layer-1-privacy-concepts-ideas-research-discussion-5410526

I don't think we have a protection against that, either. Much harder problem than here, since those would be 'legitimate' regular transactions.
Just saying that there are ways to attack Bitcoin and if there are easy mitigations that still allow us to have full freedom in its usage as a payment system, they should be considered.

My main issue is storing and distributing other people's data, to be honest. If a random person hands me a hard drive with copyrighted movies and asks me to put that data on my webserver, I will kindly decline.

That's like blowing up your car engine, removing it and putting a few dogs in the front to pull the car. It may get you to your destination, but it's sure as hell not the best nor the intended way. And you still damaged the car in the process.

Freedom payment network. Small syntactic difference, big semantic difference. I don't think I need to elaborate why.

Monero allows embedding of arbitrary data (aka spam), though only a small fraction of transaction size.

Besides the 32-byte tx_extra field you can also put arbitrary data into each output stealth address (making it unspendable as a side effect).
Since each output must be accompanied by a rangeproof of 416 bytes for Bulletproof++, this amounts to about 7% of spam, but this percentage would increase by a lot if you aggregate all the rangeproofs of many outputs into one that's only logarithmically bigger.

The most spam resistant chain is probably Grin, allowing only a few bytes of spam [1].

[1] https://forum.grin.mw/t/ordinals-on-grin/10336/2

I neither recognize reasons to tossing coins to fountains, paying astronomical amounts in fees, using legacy etc., but I'm not going to force them do it in my way. If someone's dumb, I'm going to respect that.  

What do you suggest to happen in that scenario? Censor those?

They don't harm it objectively. They just take up space and some argue that doesn't help on adoption (which I don't completely agree with, as they do portrait bitcoin in some dumb manner). But in the end, they do pay for those transactions, and since they're completely valid, they deserve a place there.

And, apparently, some use NFTs for payments[1], which I agree is a dumb method, but there it is. NFT is money; for dumb people, but it is.

Satoshi is no God, though, no matter how some see Bitcoin as a religion. Free market defines Bitcoin, not Satoshi. I think it's pretty obvious that it's a freedom network.

[1] https://oveit.com/blog/2022/10/28/using-nfts-as-payment-tools/

I just don't see why they can't buy themselves a landfill and store their trash there (or a garden, if they insist on storing trash in the wrong location), instead of paying someone to store it in that person's back yard.

What if I decide to write a script and spend a few BTC to just send transactions between 2 wallets of mine at 1000sat/vB and render Bitcoin unusable (without paying more than 1000sat/vB to send a transaction)?
I think we should try to secure Bitcoin against attacks of any kind, if they are objectively harming the blockchain and potentially put it at risk legally (arbitrary data storage...).

It's actually not. The purpose is p2p electronic payments.

It shows you can technically have a cryptocurrency that only allows payments.

We can ask in Legal section maybe. To reduce emotional responses, we could focus on copyrighted material. Not NFTs, but legitimately protected digital materials like certain movies or pictures. What if someone pays an astronomical amount of money to store a full movie on the Blockchain using Ordinals or some other system. We will all become illegal owners and distributors of the movie. I'd assume that laws are quite clear about that.

But my opinion isn't in favor of "absolute freedom" in which there is freedom to intervene into other people's freedom.

What's trash for you isn't necessarily for everyone else. As long as they pay for their "trash", I don't have a problem. The network can handle any amount of trash as long as the sender pays for it. Again, I'm not in favor of absolute freedom, but of the freedom to spend your money in whatever manner you want.

The original purpose is, in my opinion, subjective, and so is this Ordinal thing. Someone might argue those NFTs are part of the Bitcoin economy, and they'll be right in some way. However, what's unquestionably true is that one principle of the Bitcoin network; censorship resistance, which is in question if you start preventing these transactions.

I don't understand what's this. Monero documentation? How's that related?

---

---

As for the storing and distribution of illegal data: I'm not a lawyer, so I can't make a point.

We can't and shouldn't demand for miners to control the type of data stored on-chain / to censor anything. It is their job to just mine blocks and nothing more or less than that.
Also, blaming anyone doesn't help us right now. We should think about solutions, instead.

Interesting opinion. I personally believe people should be allowed to spend their money on whatever they like, too, as long as they are not spending their money to (figuratively) throw trash into my back yard.
This principle also makes more sense if you broaden it to 'freedom'. Absolute freedom, where everyone is allowed to do anything they want, is a pretty bad idea, because they will be allowed to kill you without repercussions. Freedom should stop wherever it inhibits someone else's freedom. Likewise, I think the 'freedom to use the Bitcoin blockchain / script' should stop wherever it starts inhibiting the original purpose and usability of Bitcoin.

Is that so? https://monerodocs.org/ Only monetary transactions are possible. Technically possible.

That's not the point, though. As soon as you possess and distribute illegal content, you can and should be liable for that. No matter if your node actually part of an awesome decentralized digital currency. It's not about the node or the network, it's about the fact that those bytes are on your disk and you are even distributing them to others.

That's different. In Tor, you never see the cleartext data (it is encrypted in at least one, usually more, layers of encryption), and you don't store it permanently, either. You could be liable for aiding in the distribution of certain materials, but that can be definitely debated in court since you shouldn't be punished (at least not to the full scale) if you don't know about the file contents.

Since the data is not encrypted and decoding software ('Ordinals project') exists and is freely accessible, it is not compared to the encrypted Tor data. In most countries, 'Ignorantia legis non excusat' is part of the law. 'Unaware' of the data is very much different to 'unable' to know the transmitted data. And, again, data storage.

That's correct. This is what makes NFTs so useless. Not only don't they stop anyone from downloading your NFT picture, you will also have a very hard time trying to use that NFT as a legal document in court, if you try to sue that person.