Pages:
Author

Topic: please delete - page 6. (Read 2165 times)

sr. member
Activity: 1190
Merit: 469
September 13, 2021, 07:14:33 AM
#35
Quote
I'm just suggesting the "or else" after the advanced warning to be more extra fee because it will be fetched from secondary storage, instead of being those UTXOS r  just trimmed with any coins in them simply vanished

I'm not advocating they "vanish" just that they be redistributed to active bitcoin participants. That's all. If an address has no activity for a certain amount of time, it's pretty sure that it can't participate in bitcoin anymore. And that it won't be.

Now as far as secondary storage to me that seems like a very slippery slope. Where they can segregate utxos based on some type of metrics and charge them extra fees to use bitcoin. So what ends up happening is that bitcoin is not really fungible and certain kinds of utxos will be discriminated against. I wouldn't be interested in that at all.

But if someone is not going to use their bitoin for their entire lifetime and another lifetime after that then a case could be made that they dont need it.
full member
Activity: 228
Merit: 156
September 13, 2021, 01:57:40 AM
#34
oh and i'm not hugely concerned about the utxo set size but then again, if you're talking about moving older utxos to a secondary storage and charge people fees to use them then i'm against that. but I'm not against the idea of chipping away at peoples stale utxos so that instead of taking the entire thing all at once, you just take parts of it so that over time it goes to zero. that way they get a advanced warning to do something or else.
I'm just suggesting the "or else" after the advanced warning to be more extra fee because it will be fetched from secondary storage, instead of being those UTXOS r  just trimmed with any coins in them simply vanished
sr. member
Activity: 1190
Merit: 469
September 13, 2021, 12:32:16 AM
#33

You are talking about stealing or destroying people's money here, what if they're just HODLing???

If they "they" you mean a single person then don't worry. 200 years is plenty of time for them to make a transaction. if they haven't done it by then they aint gonna do it.

here's a question for you though. how do you stop someone from setting up automated transactions that would occur every 199 years? because we need to make sure that people are doing these transactions and not computer programs. that might be a big problem, no? Huh

oh and i'm not hugely concerned about the utxo set size but then again, if you're talking about moving older utxos to a secondary storage and charge people fees to use them then i'm against that. but I'm not against the idea of chipping away at peoples stale utxos so that instead of taking the entire thing all at once, you just take parts of it so that over time it goes to zero. that way they get a advanced warning to do something or else.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 12, 2021, 05:50:43 AM
#32
There's possibility the owner doesn't have privacy awareness. For example, the owner would simply download Electrum, then move all coins in single transaction. Electrum's server would know his IP/UTXO set and any blockchain analyzer will make conclusion that those old UTXO belong to same person.
I agree, but if the old wallet wasn't linked to their identity, the new one won't either. Sure, they'll be linked amongst them, but what's the issue?

But you're assuming all old UTXOs isn't linked to their identity. Their privacy is broken if they move all of their UTXOs in single transaction. Even if none of the UTXOs linked to their identity, it still has privacy concern. For example,
1. Blockchain analyzer will know certain someone have X Bitcoin since they move few UTXO in single transaction.
2. If the owner decide to spend his Bitcoin, the receiver might know how much Bitcoin he have.
Riiight, makes sense, thanks! Would there be a concern in sending all utxo's at once to chipmixer and receiving it on multiple addresses in the new wallet?
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 12, 2021, 05:18:26 AM
#31
Also, if u force a referesh, u will be forcing them to reveal their identity which I think is against Bitcoin main feature of Anonymity
Why so? I myself one day decided to transfer funds from my legacy addresses to bech32 addresses and did it to save on transaction fees in the long run. The old addresses were not tied to my identity, the new ones aren't either. I don't see how anonymity was compromised in the process. This is how migration to new wallets with a new cryptographic scheme could work.

There's possibility the owner doesn't have privacy awareness. For example, the owner would simply download Electrum, then move all coins in single transaction. Electrum's server would know his IP/UTXO set and any blockchain analyzer will make conclusion that those old UTXO belong to same person.
I agree, but if the old wallet wasn't linked to their identity, the new one won't either. Sure, they'll be linked amongst them, but what's the issue?

That's what we've written in our wiki. It is also written in this pdf.
Someone more knowledgeable than I should comment on that.

Looking at wiki history, looks like @theymos is the one who add statement about it. Maybe he can give some information.

Also, unlike the popular NIST curves, secp256k1's constants were selected in a predictable way, which significantly reduces the possibility that the curve's creator inserted any sort of backdoor into the curve.
Interesting. I found this paper online that compares the koblitz and random versions: http://ijeecs.iaescore.com/index.php/IJEECS/article/view/15610
Apparently, secp256k1 is up to 30% faster than secp256r1 and slightly (but not significantly) less secure. In section 4, they also argue that secp256r1 has some weird constants of itself as well:
However, secp256r1 uses the very suspicious seed "c49d360886e704936a6 678e1139d26b7819f7e90" which is strangely similar to the backdoor in Dual_EC_DRBG [18].
full member
Activity: 228
Merit: 156
September 12, 2021, 04:47:56 AM
#30
Helpful about hard forks/ soft forks & combined here
https://youtu.be/U2yAcsj7P_E
She discusses in min 1:9-15 I think how sometimes people using SPV loses money if wallets wasn't careful about the update (they just see block headers & the Merkle paths they care about)

& interesting in this one u'll see he says Schnorr was known to be better from the beginning, but had a 20yrs copyright that prevented it's use
https://youtu.be/0Q5IimX-AAc
.
Sorry, if this is considered out of scope of this topic.
legendary
Activity: 3472
Merit: 10611
September 11, 2021, 10:16:14 PM
#29
That's what we've written in our wiki. It is also written in this pdf.
Someone more knowledgeable than I should comment on that.

Quote
You don't have to predict the future. I'm not asking you to tell me the exact steps we'll follow to secure the system after the specific public-key cryptographic algorithm we're using is broken.
Well the exact steps depends on what happens. For example SHA-0 was replaced by SHA-1 almost as fast as NIST published the standard for it because it had a weakness and it was found quickly. Same with SHA-1 but it took a long time (20 years) to break that one.
With the current ECDLP solutions it would take more than our lifetime to break anything but I can't predict what's going to change.

Quote
I'm just telling you that at some point in the future, whether we want it or not, we'll have to demand from “our” users to migrate.
Needless to mention the problems that're created once we touch people's money.
That's the nature of any hard fork and nothing can be done about it! And we aren't touching anyone's money, they would do it themselves.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 11, 2021, 05:20:48 AM
#28
whether we want it or not, we'll have to demand from “our” users to migrate.
I mean, it will be in 'their' interest, because else they'll lose all funds.
Contrary to random hacked / stolen / leaked Netflix accounts for example, there is a big financial incentive to crack public Bitcoin keys.

Also, if u force a referesh, u will be forcing them to reveal their identity which I think is against Bitcoin main feature of Anonymity
Why so? I myself one day decided to transfer funds from my legacy addresses to bech32 addresses and did it to save on transaction fees in the long run. The old addresses were not tied to my identity, the new ones aren't either. I don't see how anonymity was compromised in the process. This is how migration to new wallets with a new cryptographic scheme could work.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
September 11, 2021, 04:41:53 AM
#27
Were they?
That's what we've written in our wiki. It is also written in this pdf.

I can't predict the future but
You don't have to predict the future. I'm not asking you to tell me the exact steps we'll follow to secure the system after the specific public-key cryptographic algorithm we're using is broken. I'm just telling you that at some point in the future, whether we want it or not, we'll have to demand from “our” users to migrate.

Needless to mention the problems that're created once we touch people's money.
full member
Activity: 228
Merit: 156
September 11, 2021, 03:46:24 AM
#26
Quote
I had been thinking about this issue and instead of creating a new thread, I decided to just add my proposal to the OP's since he and I have similar ideas. Hopefully satoshi if he is reading this would not only reward the OP but me as well.

Quote
Sweeping stale bitcoin utxos and putting them back into circulation

UTXOs older than a certain number of blocks are allowed to be mined by a miner and put into a block which will then delete the utxo and transfer a certain percentage of it's value to the miner that mined it. The other part will be distributed in a somewhat unpredictable/random fashion to some known active bitcoin addresses.

The UTXO set contains unspendable outputs. It also contains outputs that are theoretically spendable but can't be spent due to various reasons. Both of these problems could be resolved by adopting this practice of getting rid of stale utxos

You are talking about stealing or destroying people's money here, what if they're just HODLing???
I definitely do not agree.
Also, if u force a referesh, u will be forcing them to reveal their identity which I think is against Bitcoin main feature of Anonymity

If u worry about UTXOS set size, u could modify the idea in the paper we were discussing here
https://bitcointalksearch.org/topic/is-there-a-fee-utxo-in-every-transaction-5357803

To make an age threshold which  after it UTXOS are kept in secondary storage, and can only be spent with an extra fee like min charge since they will require a disk access to verify.

The min charge fee could be announced before being applied. Although in fact the sudden movement of all old UTXOS could cause some mess in programs that handle the UTXOS Merkle based on the heuristic of old UTXOS r less likely to being spent than newer ones, and in the market metrics data scientist use to predict price & advice their customers so may affect the price not sure how
legendary
Activity: 3472
Merit: 10611
September 11, 2021, 03:41:57 AM
#25
~ as the constants were picked in a predictable way
Were they? I don't think NIST has ever released how they chose any of the domain parameters of any of their curves. Their "r" (random) curves such as secp256r1 have a random seed but that doesn't apply to "k" (Koblitz) curves.

Quote
The last thing we'd want is to force everyone hastily to change their keys.
I can't predict the future but most probably there will be a long interval (like a year or two) for people to migrate.
BTW Tarproot (P2TR) uses the public key in pubkey scripts similar to (but more complicated than) P2PK.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
September 11, 2021, 02:40:27 AM
#24
It depends on what is broken, and some other details which you'll need an expert.

The whole point of Bitcoin works if the public key used in the scriptSig cannot be reversed. That's where we'll start. Vulnerabilities in secp256k1 haven't be found and probably will never be as the constants were picked in a predictable way which reduces the odds of having inserted a hidden backdoor into the curve.

This leaves us to acknowledge that your third bullet point could be the only realistic possibility sometime in the future. The question remains: What will happen in case the existing keys become unusable at some point in the future? Shouldn't we take some sort of precautions? The last thing we'd want is to force everyone hastily to change their keys.
legendary
Activity: 3472
Merit: 10611
September 11, 2021, 02:05:57 AM
#23
Yes, but I think the question is:  How can we migrate to a stronger algorithm by retaining the private keys of the current ECDSA?
It depends on what is broken, and some other details which you'll need an expert.
- If it were the signature algorithm (ECDSA) then choosing a different signature algorithm could solve the issue while still using the same curve (hence the same key pairs). Basically we can only change how OP_Check(Multi)Sig(Verify) OP codes (4 OPs) work.
- If the vulnerability were with the secp256k1 curve, changing curve would be a solution but the same keys may not be on the new curve anymore. I also doubt this can happen on this curve alone and not all 256-bit curves (ie the next bullet point).
- If Elliptic Curve Cryptography itself were broken (eg. private to public key were reversible) it has to be completely replaced by another asymmetric cryptography algorithm which may or may not make the existing keys unusable.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
September 11, 2021, 01:18:33 AM
#22
Think of it as what happened to SHA1. At some point it was considered weak, then there was a very long transitional period where all browsers started migrating to SHA2 certificates and then at a certain date they stopped accepting any SHA1 certificate altogether.

Yes, but I think the question is:  How can we migrate to a stronger algorithm by retaining the private keys of the current ECDSA? In your example, the browsers had to just start using a different hash algorithm, but they weren't concerned on “converting” the old hashes to new ones. In this case, someone who owns money on a P2PK address has to be able to spend them with the same ECDSA private key it was given to him, but switch to a stronger algorithm at the same time.
legendary
Activity: 3472
Merit: 10611
September 10, 2021, 10:28:30 PM
#21
Whether ECC is broken or not, the concern is the public keys of those early addresses (P2PK) are known and exposed.
We don't want reclaiming coins (and a lot do not want that), but I think unspent coins in P2PK addresses that have remained unspent for 20 years ought to become unspendable in the future.
First of all it does matter if ECC is broken or not. Without ECC being broken it doesn't matter at all if the public keys of those outputs (or any other output such as the case with address-reuse) are known, public keys are meant to be public, that's the whole point of asymmetric cryptography.
So for it to be a concern, ECC or at least 256-bit curve has to be broken and considered weak.

Secondly there shouldn't be any kind of "coin age" involved. If ECC is broken and someone can compute private key from it (or break ECDSA, etc.) in reasonable time then there is nothing stopping them from investing more effort into it so that they can also reverse your transaction from an only once used P2PKH output while it sits in the mempool waiting to be confirmed (you have to reveal the public key then).
As I said before you can no longer say "bitcoin is safe" if ECC is broken. So it has to be replaced completely in the protocol (affecting all coins).

Think of it as what happened to SHA1. At some point it was considered weak, then there was a very long transitional period where all browsers started migrating to SHA2 certificates and then at a certain date they stopped accepting any SHA1 certificate altogether. Today if a website has a SHA1 certificate your browser will block it. Then after all that time, someone (Google) found a collision by spending a lot of computing power.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 10, 2021, 09:04:12 AM
#20
Guys, I'm not talking about an altcoin, or if a fork is made and it turns out to be an altcoin that no one uses. We stick to bitcoin and if no one likes the idea, and no consensus is reached, then there are no changes. I don't agree with everything the OP said, except the part where unspent coins will remain unspendable.

Currently, they are unspent because they have not been spent, but can one day be spent. Whether ECC is broken or not, the concern is the public keys of those early addresses (P2PK) are known and exposed.

It also doubles as a Canary ... because then everyone will see that those coins get spent one day and we all suspect it's probably not Satoshi who moved them.

My idea was just building up on the OP, who said, if it's not been spent, let's make sure it never gets spent.

I have no issues leaving it the way it is, and this idea is not new, it has been brought up before by other people. We don't want reclaiming coins (and a lot do not want that), but I think unspent coins in P2PK addresses that have remained unspent for 20 years ought to become unspendable in the future.

By the way, does anyone have an idea how much BTC there are in P2PK addresses that have not moved since maybe 2011? (or when did we start not using P2PK addresses?). I read some estimates of about 2 million bitcoin in P2PK addresses that have not moved.

Relevant link: https://bitcoinist.com/bitcoin-worth-usd-40-billion-vulnerable-to-quantum-attacks/
sr. member
Activity: 1190
Merit: 469
September 09, 2021, 10:48:59 PM
#19
10 years might be too short.

Much too short.  There are a variety of very good reasons someone might not touch their bitcoins for more than a decade.

YOu are actually right. The correct timeframe could be more like 200 years.

I had been thinking about this issue and instead of creating a new thread, I decided to just add my proposal to the OP's since he and I have similar ideas. Hopefully satoshi if he is reading this would not only reward the OP but me as well.

Quote
Sweeping stale bitcoin utxos and putting them back into circulation

UTXOs older than a certain number of blocks are allowed to be mined by a miner and put into a block which will then delete the utxo and transfer a certain percentage of it's value to the miner that mined it. The other part will be distributed in a somewhat unpredictable/random fashion to some known active bitcoin addresses.

The UTXO set contains unspendable outputs. It also contains outputs that are theoretically spendable but can't be spent due to various reasons. Both of these problems could be resolved by adopting this practice of getting rid of stale utxos.
legendary
Activity: 3472
Merit: 10611
September 09, 2021, 09:51:45 PM
#18
Not an altcoin.
It would be an altcoin.

Quote
There are some early addresses
They are using P2PK scripts where the output contains the public key instead of the hash of it and there is no "address" defined for these scripts, they are just outputs without a corresponding human readable string (aka an address).

Quote
so those coins can be stolen if enough computing power is put to them.
If by enough you mean a million+ years worth of computing power, then you are right.
Also your argument do not justify your idea simply because if ECC could be broken and bitcoin were still using it, then it would become obsolete as a whole.
sr. member
Activity: 1190
Merit: 469
September 09, 2021, 09:32:45 PM
#17


I don't see why we should care at all what "Satoshi's Vision" was.

How can you say something like that? Of course we should care what his vision was. Now about that little quotations you provided. All I can about that is "my bad".  Shocked

hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
September 09, 2021, 04:33:44 PM
#16
However, I think it might be interesting to explore the idea of 'empty blocks' in the sense that if all utxos are spent, you don't have to keep them in the Blockchain.

I've probably misunderstood what you said, but:  If you don't keep the spent transaction outputs, but rather dump them later instead, how will you maintain the chain? The PoW was done with these included.
No you're right, I didn't think this through at all so far, I don't think OP's idea would work without the 'deleting old utxos' part, I was just thinking maybe it could be possible but it's indeed not going to happen.. Smiley
Pages:
Jump to: