Topic: Satoshi's Fortune lower bound is 100M USD(DEBATE GOING ON, DO NOT TWEET!) - page 2. (Read 127943 times)

https://bitcointalksearch.org/topic/tor-incentive-mechanisms-har-2009-191362 

If you escalate to that amount of scrutiny, yes it is far, far from perfect. It is also rather well known that cryptographic objects don't really behave the way theoreticians (and Satoshi) would like them to. I won't be surprised that any hash function or PRNG would behave suboptimally under some kind of test, maybe even a strikingly simple one. Even something like SHA-2147483648 wrapped a thousand times could possibly fail to an almost trivial statistical test. A related quote is "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin", by von Neumann

In this model SHA-256 is basically assumed to behave like a random oracle, a black box that gives us numbers that are uniformly random. But random oracles are a theoretical impossibility. On the other hand, the security of SHA-256 as the main POW algorithm in the Bitcoin protocol does not really rely on it being a random oracle. Here's a post on StackExchange that briefly tells us a few things: http://crypto.stackexchange.com/questions/879/what-is-the-random-oracle-model-and-why-is-it-controversial

Intuitively, the multiplicative difference between 2^12 and (say) 2^16 should outweigh many other factors, although indeed it's hard to be very sure. At least, it definitely outweighs most factors you brought up. It's too big a difference even for the link you gave us.

For #1, while I agree the estimation done by Sergio_Demian_Lerner isn't very good, the conclusion isn't very far off either. Basically you don't need to have a lot of blocks, mined at a difficulty that requires 56 zeros, to demonstrate statistical insignificance of that block with a 67 zeroes. Still assuming the stinky random oracle model, even if you only look at 2^10(=1024) blocks with 56 zeros, well smaller than the number of blocks at a single difficulty, it is a rather large probability (~40%) that one of them has at least 67 zeros.

I think this model has a number of flawed assumptions... but please correct me if I'm wrong:

1.  The difficulty is not constant.  For the first 32,255 blocks the difficulty remained at 1. That's roughly 2^15 of your "crosses".  You'd have to retroactively count which "blocks" of 10 coins had 3 leading "heads", which would reduce the "current number of blocks solved" (or crosses) significantly.  OP based his claim on current blocks solved of all difficulties.

2. SHA256 is a deterministic function - does not produce random output.  Given an infinite set of inputs, it will reduce each to one of 2^256 values.  Over an infinite set of inputs, one might assume the outputs are evenly distributed, but...

3.  There is not an infinite set of inputs.  Based on the block hashing algorithm, there are 80 bytes x 8 = 640 "bits" of coin "inputs" possible.  40 bytes (half) are almost guaranteed to be the same for all miners, and at the same positions.  That leaves 2^320 bits to be toggled "randomly" before being fed into the SHA256 function.  Because half the total input bits are static, the inputs themselves are not evenly distributed.

4.  SHA256 isn't as "fair" as one might assume.  http://www.femto-second.com/papers/SHA256LimitedStatisticalAnalysis.pdf.  I'll admit this paper is above my head... so feel free to take advantage of that and tell me this paper doesn't say what I think it says 

5.  The original SHA256 output is again hashed with SHA256.  Therefore the maximum inputs for the final iteration is 2^256, as a best case scenario.  The input was skewed once due to the structure of the block header, skewed again by the imperfect nature of the SHA256 algorithm, and now skewed yet again by a second iteration of SHA256.

6.  Has anyone proven mathematically that each and every value from 0 to 2^256- 1  is actually possible as an output of SHA256?

7.  Has it also been proven that SHA256 can produce all 2^256-1 outputs given only the inputs from 0 to 2^256 - 1?

To me, the OP's claim failed right at #1.  As I said:


"Number of blocks found" != "number of blocks found at X difficulty".  OP was claiming the former, you're claiming the later, which at least makes sense.

For what it's worth, there will always be 2106 blocks solved at a given difficulty before the next is chosen.  That's roughly 2^11.  Within those 2016 blocks, someone found an answer with 12 extra leading 0's.    Assuming completely random inputs (which they aren't) and assuming SHA256 is fair (it isn't) and that a 2nd iteration of SHA256 can still produce all 2^256 outputs (who knows?), it still seems that block 125552 was statistically significant.  And you can't really count very many blocks after those 2106, because the difficulty has been changed again... you're now requiring 4 heads in a row for a cross, but still only 7 for circles, which doubles the probability of a "circle".

Thoughts?

Let's say you flip a coin 10 times.
You mark a cross on paper if the first 3 flips gives you heads; in this case, if up to the 7th flip you still get heads, you put a circle around the cross you just marked.
Now do this for several billion times, divide the number of circles by the number of crosses. It should be rather close to 1/16. That's the idea.
If you don't want to do this by hand, simulate this with the best PRNG you can find. It should be fairly quick.

If you still don't understand, go ask your math teacher. Or I can show you the ropes if you would pay me some BTC for the effort.

The generation of random numbers is too important to be left to chance.

Also trivially derived from rectal extraction theory.  We'll need PoW to determine which was applied.

That's a result trivially derived from probability theory.

A: 231828 is short of 2^18 by 30,316.  Not really a "small" difference.
B: Why would you look at how many blocks have been solved "to date"?  At the time that block was solved, there were...  125,552 blocks solved.  That's a lot closer to 2^17.  (Short by 5,520).
C: What is this magical theorem that says "the log base 2 of the number of blocks found is the number of leading 0's that might be found exceeding the network difficulty in a double sha256 hash of an essentially random input"?  I don't think it exists.

You mean it's just luck? Okay, then.

This thread is retarded... but the fact that those coins have not been exchanged is a matter of public record... like *all* Bitcoin transactions.  They could be lost forever.. but they most certainly were not "sold".

+1


also i don't care about anyone else's bitcoins.  nor could i prove ownership.  these satoshi speculation threads are asinine.

you people are retarded

you think he still owns his bitcoins?

he would've sold them all along on the way up, prob was out by the time they hit $30

There has been 231828 blocks solved (without counting orphans) which is roughly equal to 2^18. So we can statistically expect a block with 18 more prefixed zeros than the expected difficultly. Block 125552 has only 12 more prefix zeros than the expected (67 vs 56) so statistically it has no meaning at all.

 That's why I'm not hysterically warning you.

Whenever I edit a published post, I add the word "Edit:" or I strike the words that must be removed.

Could you stop this fruitless competition ?

Then why are you not hysterically warning about the miner who mined http://blockexplorer.com/block/00000000000000001e8d6829a8a21adc5d38d0a473b144b6765798e61f98bd1d having enough hashpower to replace the entire history of Bitcoin in an hour?

It's worth pointing out for posterity that you've gone and edited your claims in this thread to back them off from their previously falsified forms. This is somewhat discourteous to the other participants here, because it makes it look like you didn't take the positions that they've argued with.  I'm glad to see more accurate claims being made, but I'm wondering when you're going to go revise them further to point out that you were completely wrong and that your extranonce data strongly supports the position that there were multiple people mining the whole time.

Yup. Exactly. But that kind of view doesn't let you generate ALL CAPS headlines.

Please check the new thread https://bitcointalksearch.org/topic/the-well-deserved-fortune-of-satoshi-nakamoto-visionary-and-genious-178629 where I present new evidence (never shown before) to the discussion.

What if he's gone? That's 1 million bitcoins that will never be spent. It will forever be in the blockchain. That also means no one can ever buy all the coins in existence.

TOR latency is rarely more than a second or two.  Especially if you were one of the few miners in operation, the odds of a block coming in at the same time would be negligible.  The odds would be slightly increased by the low difficulty, but it may have never happened even once in the early days.

Besides mining Satoshi might have bought new coins up to this moment. So there really is no upper boundary. 

The Bitcoin client would have a local copy of the blockchain, and the hashing is obviously done completely locally... How exactly would Tor affect his generation rate in any way at all?

I really can't understand your message. Either you cannot explain yourself or we speak different languages.

Can anybody explain in plain English deepceleron sentence?

Have you understood my message?

I'm not taking about the hash digest itself, just the work done to find it. Obviously the hash digest has not statistical information be can feasibly extracted.