Pages:
Author

Topic: Segregated witness - The solution to Scalability (short term)? - page 9. (Read 23195 times)

legendary
Activity: 1386
Merit: 1009
In fact, this possible change in bitcoin architecture raised a question: Are your bitcoin safe in a cold storage?

I used to believe that it is protected by the public-private key cryptography, e.g. without the signature generated from private key, the coin at certain address can not be spent

But now I realized that this really depends on the client running on the nodes

If a group of nodes are running a new version which does not need the signature to spend coins, then that version can spend anyone's coin without their signature (The new version can use a new signature scheme to protect their new address). Of course this transaction would not be known to the old client since that is not part of the old protocol, so in the old client coins are still there but in the new client the coins have already been spent. After the old client upgraded to new, the coins are gone

And there is really motivation in doing this: Since by the time when over 99% of the client is running new software, the old client essentially becomes minority thus have to upgrade to the new version because almost no node is using the old version anymore. So, by successfully rolling out a new version you can steal other's coins, especially Satoshi's 1 million coins, doesn't that sounds like a good idea?

I'm not talking about developer's ethics here, it is just a technical possibility that will attract lots of criminals, and criminals really does not care about bitcoin's long term success, they just need to cash out the stolen coins at exchanges and they are done. In a word, if nodes could not prevent the protocol from being changed to something malicious, then you essentially can not protect your bitcoin at all. And the more complex the code is, the easier to hide malicious implementations
First of all, signatures are separated only for transactions that are spending from new SW-compatible outputs. As Gavin explains it, the scriptPubKey will be like this:
Code:
PUSHDATA [version_byte + validation_script]
Old transactions will still employ the current mechanism. This 'old' mechanism will be preserved, and there's no real chance spending from old outputs will be made obsolete (there's a chance sending to 'old' addresses will be made non-standard though, but I also doubt that, given the implications).

I do not understand what an attack vector you are discribing here. Old versions will have decreased security because they will have to assume (w/r/t to those transactions they won't be able to fully check) that the longest chain is the valid one. This kind of an assumption is already here for SPV wallets, which, to my knowledge, are an overwhelming majority these days. But thanks to fraud proofs, the SW will be able to strenghten their security.

Anyway, it's always been that full nodes provide the highest security possible. The full node verifies that the coins you receive are valid. Full nodes act as a check against dishonest miners. It will stay this way.
sr. member
Activity: 252
Merit: 251

IMHO thats only the case if:
 - majority of miners runs new version
 - satoshi moves his coins to a new address
 - majority of miners decide to roll back to old version

or did i miss something?

In this order:

1. Some large miners start to run a new version that can spend satoshi's coin without signature (in new version you can redefine what is a valid transaction)
2. These large miners moved satoshi's coin to their own address in the new version
3. These miners promote the new version to be widely accepted by exchanges and merchants
4. They sell the 1 million coins and gone

Since no one else except Satoshi will notice the difference, and in this case majority of the miners already get Satoshi's coins and be satisfied with the new version. Even Satoshi comes out and protest, it does not make any sense any more

i dont think 3 would work ;-)
why should exchanges and merchants accept such a bitcoin version?
legendary
Activity: 1988
Merit: 1012
Beyond Imagination

IMHO thats only the case if:
 - majority of miners runs new version
 - satoshi moves his coins to a new address
 - majority of miners decide to roll back to old version

or did i miss something?

In this order:

1. Some large miners start to run a new version that can spend satoshi's coin without signature (in new version you can redefine what is a valid transaction)
2. These miners promote the new version to be widely accepted by exchanges and merchants
3. These large miners moved satoshi's coin to their own address in the new version
4. They sell those 1 million coins and gone

Since no one else except Satoshi will notice the difference, and in this case majority of the miners already get Satoshi's coins and be satisfied with the new version. Even Satoshi comes out and protest, it does not make any sense any more
sr. member
Activity: 252
Merit: 251
In fact, this possible change in bitcoin architecture raised a question: Are your bitcoin safe in a cold storage?

I used to believe that it is protected by the public-private key cryptography, e.g. without the signature generated from private key, the coin at certain address can not be spent

But now I realized that this really depends on the client running on the nodes

If a group of nodes are running a new version which does not need the signature to spend coins, then that version can spend anyone's coin without their signature (The new version can use a new signature scheme to protect their new address). Of course this transaction would not be known to the old client since that is not part of the old protocol, so in the old client coins are still there but in the new client the coins have already been spent. After the old client upgraded to new, the coins are gone

And there is really motivation in doing this: Since by the time when over 99% of the client is running new software, the old client essentially becomes minority thus have to upgrade to the new version because almost no node is using the old version anymore. So, by successfully rolling out a new version you can steal other's coins, especially Satoshi's 1 million coins, doesn't that sounds like a good idea?

I'm not talking about developer's ethics here, it is just a technical possibility that will attract lots of people. In a word, if nodes could not prevent the protocol from being changed to something malicious, then you essentially can not protect your bitcoin at all. And the more complex the code is, the easier to hide malicious implementations

IMHO thats only the case if:
 - majority of miners runs new version
 - satoshi moves his coins to a new address
 - majority of miners decide to roll back to old version

or did i miss something?
legendary
Activity: 1610
Merit: 1183
the only valid benefit i see is reduced storage - which is not bad but is it important? i dont think so. AFAIK nodes running on home-intrnet-lines are adding a burden on the network anyway.

so...still undecided ;-) but i like to learn more...
Malleability fix, simpler script upgrades, fraud proof.. those are not 'valid benefits' ? The least important benefit here is reduced storage. Most people don't run nodes so they don't even care about that.
This thing is pretty genius to be honest, even Andreas dedicated a post to sigwit and described it as a turning point in Bitcoin. This is exactly what we needed before Lightning Network which disipates all doubts of Bitcoin being able to wait until LN is operative, with sigwit we will be able to deal with any extra traffic of new people jumping in in the next year or so.

Also I noticed you are still not Legendary, pretty bad luck considering it starts randomly at 775 activity+ randomly I think :p
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
In fact, this possible change in bitcoin architecture raised a question: Are your bitcoin safe in a cold storage?

I used to believe that it is protected by the public-private key cryptography, e.g. without the signature generated from private key, the coin at certain address can not be spent

But now I realized that this really depends on the client running on the nodes

If a group of nodes are running a new version which does not need the signature to spend coins, then that version can spend anyone's coin without their signature (The new version can use a new signature scheme to protect their new address). Of course this transaction would not be known to the old client since that is not part of the old protocol, so in the old client coins are still there but in the new client the coins have already been spent. After the old client upgraded to new, the coins are gone

And there is really motivation in doing this: Since by the time when over 99% of the client is running new software, the old client essentially becomes minority thus have to upgrade to the new version because almost no node is using the old version anymore. So, by successfully rolling out a new version you can steal other's coins, especially Satoshi's 1 million coins, doesn't that sounds like a good idea?

I'm not talking about developer's ethics here, it is just a technical possibility that will attract lots of criminals, and criminals really does not care about bitcoin's long term success, they just need to cash out the stolen coins at exchanges and they are done. In a word, if nodes could not prevent the protocol from being changed to something malicious, then you essentially can not protect your bitcoin at all. And the more complex the code is, the easier to hide malicious implementations
sr. member
Activity: 252
Merit: 251
i missed: simpler script updates and fraud proof
do you have a link?
i thought i had read this thread carefully together with gavins blog entry...are there other sources?
If you look at the picture in the OP, you are going to notice those benefits. Here's a transcript of the original presentation and more information can be found on reddit.

you original title on december 7th was
Segregated witness - The solution to Scalability
and now
Segregated witness - The solution to Scalability (short term)?

so just admit that even you have lost the faith seeing as you edited the title
No. The title was changed a few days ago. The initial title was misleading; I think it fits better now.


Off-topic: Milestone reached.


thank you.. here are a few thoughts (if segwit is implemented):
  • in case of a bigger chain-split and merge it might not be possible for a miner to include tx from the wrong chain into the correct one because of the missing proof
  • segwit fixes tx malleability for P2SH transactions which we dont have a solution for today (bip62 dont work - and its relevant for LN)...nice
  • easier script changes: neat... soft-forks for script updates. and to easily support other crypt-algos seems good too in case current ones get broken we have an upgrade path (ofc schnorr as a possibility is nice too).
    i dont understand (yet) why P2SH does not work for this. AFAIK it is a a hash of a script placed in the block which also resolves to ANYCANSPEND. isnt it possible to use this method for further script-changes?
  • fraud-proof: IMHO unneeded as only nodes which has storage/bandwidth problems would benefit (and we did agree this is not a big problem anyway)

please correct me where i am wrong ;-)
legendary
Activity: 2674
Merit: 3000
Terminated.
so you admit its not the ultimate solution and never was... ok, but i still wonder why your trying to push people soo hard..

and yea i seen the image 20 times.. its not showing how..to me, i dont read a cerial box of ingrediants.. id rather do my own tests
and yea i read the article 5 times. and its solutions seem flimsy at best and i can see 20 other ways the same benefits in the image can be met without messing with the real blockchain.

i do believe bitcoin needs a new opcode for the scripting/malle stuff.. but the whole splitting signatures part.. no way should that happen, lite clients can ignore signatures themselves or reduce data saved like i explained on a long past on the other page.. but no way should bitcoin-core be altered just for liteclients lazy sake of 15 lines of code in their lite client software
Pushing hard? I don't think so. You're the guys who are mostly leading the discussion. Look at how many posts I've made (percentage wise) of the total posts here. I like this idea; test-net is going to be out this month (IIRC). You can then do your own tests. Would I mind a simple block size increase to 2 or 4 MB right now? No, I would not. I don't think those "20 ways" could work else some developer would have already proposed it/coded it. Simpler script upgrades and a malleability fix is really good, without those the added complexity/potential attack vectors would not be worth it at all.
legendary
Activity: 4424
Merit: 4794
No. The title was changed a few days ago. The initial title was misleading; I think it fits better now.

so you admit its not the ultimate solution and never was... ok, but i still wonder why your trying to push people soo hard..

and yea i seen the image 20 times.. its not showing how..to me, i dont read a cerial box of ingrediants.. id rather do my own tests
and yea i read the article 5 times. and its solutions seem flimsy at best and i can see 20 other ways the same benefits in the image can be met without messing with the real blockchain.

i do believe bitcoin needs a new opcode for the scripting/malle stuff.. but the whole splitting signatures part.. no way should that happen, lite clients can ignore signatures themselves or reduce data saved like i explained on a long past on the other page.. but no way should bitcoin-core be altered just for liteclients lazy sake of 15 lines of code in their lite client software
legendary
Activity: 2674
Merit: 3000
Terminated.
i missed: simpler script updates and fraud proof
do you have a link?
i thought i had read this thread carefully together with gavins blog entry...are there other sources?
If you look at the picture in the OP, you are going to notice those benefits. Here's a transcript of the original presentation and more information can be found on reddit.

you original title on december 7th was
Segregated witness - The solution to Scalability
and now
Segregated witness - The solution to Scalability (short term)?

so just admit that even you have lost the faith seeing as you edited the title
No. The title was changed a few days ago. The initial title was misleading; I think it fits better now.


Off-topic: Milestone reached.
legendary
Activity: 4424
Merit: 4794
i know.. im just poking at Lauda because he seems to really want to push segwit, as if its the ultimate solution.. and the only solution..
yet many other people know there are better solutions that dont mess up the main bitcoin chain..
This is incorrect. Did you notice the question mark in the thread title? There is no "ultimate solution" and there never will be.
you original title on december 7th was
Segregated witness - The solution to Scalability
and now
Segregated witness - The solution to Scalability (short term)?

so just admit that even you have lost the faith seeing as you edited the title
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.

Transaction malleability aside (because I'm not sure I believe the millions of dollars were actually lost from this), I still know that Bitcoin isn't secure enough for anyone to "go all in" as they say.1. Not only because the protocol isn't well refined yet but because there aren't systems in place to secure users from the inevitable teenaged hacker.2 I have had fraudulent transactions on one of my bank accounts. You know how much I lost? Nothing! You need to make your own choice how much you are willing to use and possibly lose. Your right, of course, if you're willing to have all your keys unusable on a paper wallet then Bitcoin is a fortress. The rest of us have our money constantly in play.3

This Segwit solution is a change that can help4, at least in the short run. I'm really unclear why you are so opposed to it. It seems like a solution that will give the developers a little breathing room to come up with a permanent solution to blocksize while solving the malleability problem without even the need for a hard fork. What's wrong with that?

1. i personally am all in.. my bank account has not seen any deposit in years. i get paid in bitcoin and i move a majority to cold store and a few fractions of bitcoin to a hotwallet (treating it like bank note spending)

2. yes i have lost a few 'bank note spending' fractions of bitcoin due to many reasons. but my cold store has been filling up quite nicely since 2012.

3. then think of the cold store as a bank and the hot wallet as bank notes.. and just dont walk round town with more then your ready to lose

4. segwit pretends to be a hard fork, but how data is saved is not benefiting true bitcoin core nodes.. and most of the benefits can be done by liteclients already.
i can think of 20 different solutions to bloat/malle. all of which are less offensive to bitcoin-core and less security risking for the network.

yes segwit has features.. but the benefits and issues it will cause are not as worthy, and other solutions can do a better job

Ok, I'll assume you're actually trying to help. Please see the edit on my last post.
sr. member
Activity: 252
Merit: 251
the only valid benefit i see is reduced storage - which is not bad but is it important? i dont think so. AFAIK nodes running on home-intrnet-lines are adding a burden on the network anyway.

so...still undecided ;-) but i like to learn more...
Malleability fix, simpler script upgrades, fraud proof.. those are not 'valid benefits' ? The least important benefit here is reduced storage. Most people don't run nodes so they don't even care about that.

i missed: simpler script updates and fraud proof
do you have a link?
i thought i had read this thread carefully together with gavins blog entry...are there other sources?
legendary
Activity: 4424
Merit: 4794

Transaction malleability aside (because I'm not sure I believe the millions of dollars were actually lost from this), I still know that Bitcoin isn't secure enough for anyone to "go all in" as they say.1. Not only because the protocol isn't well refined yet but because there aren't systems in place to secure users from the inevitable teenaged hacker.2 I have had fraudulent transactions on one of my bank accounts. You know how much I lost? Nothing! You need to make your own choice how much you are willing to use and possibly lose. Your right, of course, if you're willing to have all your keys unusable on a paper wallet then Bitcoin is a fortress. The rest of us have our money constantly in play.3

This Segwit solution is a change that can help4, at least in the short run. I'm really unclear why you are so opposed to it. It seems like a solution that will give the developers a little breathing room to come up with a permanent solution to blocksize while solving the malleability problem without even the need for a hard fork. What's wrong with that?

1. i personally am all in.. my bank account has not seen any deposit in years. i get paid in bitcoin and i move a majority to cold store and a few fractions of bitcoin to a hotwallet (treating it like bank note spending)

2. yes i have lost a few 'bank note spending' fractions of bitcoin due to many reasons. but my cold store has been filling up quite nicely since 2012.

3. then think of the cold store as a bank and the hot wallet as bank notes.. and just dont walk round town with more then your ready to lose

4. segwit pretends to be a hard fork, but how data is saved is not benefiting true bitcoin core nodes.. and most of the benefits can be done by liteclients already.
i can think of 20 different solutions to bloat/malle. all of which are less offensive to bitcoin-core and less security risking for the network.

yes segwit has features.. but the benefits and issues it will cause are not as worthy, and other solutions can do a better job
legendary
Activity: 2674
Merit: 3000
Terminated.
the only valid benefit i see is reduced storage - which is not bad but is it important? i dont think so. AFAIK nodes running on home-intrnet-lines are adding a burden on the network anyway.

so...still undecided ;-) but i like to learn more...
Malleability fix, simpler script upgrades, fraud proof.. those are not 'valid benefits' ? The least important benefit here is reduced storage. Most people don't run nodes so they don't even care about that.
sr. member
Activity: 252
Merit: 251
i know.. im just poking at Lauda because he seems to really want to push segwit, as if its the ultimate solution.. and the only solution..
yet many other people know there are better solutions that dont mess up the main bitcoin chain..
This is incorrect. Did you notice the question mark in the thread title? There is no "ultimate solution" and there never will be.

i am still undecided on segwit.
i just know that added complexity always leads to more problems. bitcoin is simple atm. i'd prefer to keep it that way (if possible)

so we have to look at the benefits to make an educated decision.

the only valid benefit i see is reduced storage - which is not bad but is it important? i dont think so. AFAIK nodes running on home-intrnet-lines are adding a burden on the network anyway.

so...still undecided ;-) but i like to learn more...
legendary
Activity: 2674
Merit: 3000
Terminated.
i know.. im just poking at Lauda because he seems to really want to push segwit, as if its the ultimate solution.. and the only solution..
yet many other people know there are better solutions that dont mess up the main bitcoin chain..
This is incorrect. Did you notice the question mark in the thread title? There is no "ultimate solution" and there never will be.
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
There can't be a mega crash in Bitcoin compared to a world wide economy because Bitcoin is a flea compared to an elephant. There can't be a housing market crash in Bitcoin because there are no home loans denominated in Bitcoin. Bla bla bla....  I've used fiat banks for 50 years and never lost a dime. But I've lost thousands of dollars with Bitcoin.

You so desperately want to be right and defend your beloved Bitcoin that you're missing my point completely. I use Bitcoin. I'm willing to take the risk because I don't like the current system either. Bitcoin use is a personal choice. Use your own best judgement and trust it or not. But please don't pretend to have any influence on what's happening. If you want to influence what's happening start posting your own changes on Git and join the debate there. Be prepared though, they know what they're talking about. This is mostly a users forum. You can't help here.

im not saying it is fool proof.. im just saying its not as bad a risk as you think..
and how have you lost thousands of bitcoins.. if there on your keys there on your keys.. it wont matter if they are on keys from 2009 or 2015, they are stil on the keys..
lets say you are a business and you were delivering products in exchange for bitcoins.. you havnt lost bitcoins.. you just never got paid because of a scammer handing you a counterfeit.. which is the same as the real world..

lets say you put funds into dodgy exchanges.. well i can tell you millions of dodgy fiat boiler room scammers. how many "nigerian prince" scams cost people..

scams are not bitcoin protocols problem.. they are problems of human judgement. which no code can sort out.. if your going to throw funds at a nigerian prince, it doesnt matter if its bitcoin or fiat.. your going to lose..

but if you have and keep the coins on your private keys.. there is no way for a nigerian prince to run off.. there is no way a bank can go bankrupt and take your money..

im sorry but i do realise that bitcoin is not perfect. but nigerian princes setting up dodgy boiler room bitcoin exchanges has nothing o do with the bitcoin protocol

Transaction malleability aside (because I'm not sure I believe the millions of dollars were actually lost from this), I still know that Bitcoin isn't secure enough for anyone to "go all in" as they say. Not only because the protocol isn't well refined yet but because there aren't systems in place to secure users from the inevitable teenaged hacker. I have had fraudulent transactions on one of my bank accounts. You know how much I lost? Nothing! You need to make your own choice how much you are willing to use and possibly lose. Your right, of course, if you're willing to have all your keys unusable on a paper wallet then Bitcoin is a fortress. The rest of us have our money constantly in play.

This Segwit solution is a change that can help, at least in the short run. I'm really unclear why you are so opposed to it. It seems like a solution that will give the developers a little breathing room to come up with a permanent solution to blocksize while solving the malleability problem without even the need for a hard fork. What's wrong with that?

Edit: If you have real concerns and are trying to save us all then please go here and make them known. https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
legendary
Activity: 4424
Merit: 4794
LN needs two things to work properly:
 - free blockspace
 - fixed transaction malleability

the first one is not really solved (in my opinion at least) but the second one is.
You mean, the second one will be after segwit gets implemented? Otherwise the statement is incorrect because right now malleability is still a problem. The other complex solutions need time to develop.

lauda, you keep emphasising the malle proof..
but have you actually read HOW

come on paste in the exert that explains it. and tell me how it cannot be done without splitting the blockchain.. and how only wuille can do this,

tx malle can be fixed easily with a softfork without segwit.
just let all miners and nodes reject one kind of tx (be it the positive or the negative one - doesnt matter)
if you have the biggest miners on board it wont take long and its done ;-) to help with the transition miners may help users by "mallating" the tx themselves to the new correct format (some people [forgot the name..sorry] already do that).

i know.. im just poking at Lauda because he seems to really want to push segwit, as if its the ultimate solution.. and the only solution..
yet many other people know there are better solutions that dont mess up the main bitcoin chain..
sr. member
Activity: 252
Merit: 251
LN needs two things to work properly:
 - free blockspace
 - fixed transaction malleability

the first one is not really solved (in my opinion at least) but the second one is.
You mean, the second one will be after segwit gets implemented? Otherwise the statement is incorrect because right now malleability is still a problem. The other complex solutions need time to develop.

lauda, you keep emphasising the malle proof..
but have you actually read HOW

come on paste in the exert that explains it. and tell me how it cannot be done without splitting the blockchain.. and how only wuille can do this,

tx malle can be fixed easily with a softfork without segwit.
just let all miners and nodes reject one kind of tx (be it the positive or the negative one - doesnt matter)
if you have the biggest miners on board it wont take long and its done ;-) to help with the transition miners may help users by "mallating" the tx themselves to the new correct format (some people [forgot the name..sorry] already do that).
Pages:
Jump to: