Topic: Segregated witness - The solution to Scalability (short term)? - page 9. (Read 23170 times)

First of all, signatures are separated only for transactions that are spending from new SW-compatible outputs. As Gavin explains it, the scriptPubKey will be like this:
Old transactions will still employ the current mechanism. This 'old' mechanism will be preserved, and there's no real chance spending from old outputs will be made obsolete (there's a chance sending to 'old' addresses will be made non-standard though, but I also doubt that, given the implications).

I do not understand what an attack vector you are discribing here. Old versions will have decreased security because they will have to assume (w/r/t to those transactions they won't be able to fully check) that the longest chain is the valid one. This kind of an assumption is already here for SPV wallets, which, to my knowledge, are an overwhelming majority these days. But thanks to fraud proofs, the SW will be able to strenghten their security.

Anyway, it's always been that full nodes provide the highest security possible. The full node verifies that the coins you receive are valid. Full nodes act as a check against dishonest miners. It will stay this way.

i dont think 3 would work ;-)
why should exchanges and merchants accept such a bitcoin version?

In this order:

1. Some large miners start to run a new version that can spend satoshi's coin without signature (in new version you can redefine what is a valid transaction)
2. These miners promote the new version to be widely accepted by exchanges and merchants
3. These large miners moved satoshi's coin to their own address in the new version
4. They sell those 1 million coins and gone

Since no one else except Satoshi will notice the difference, and in this case majority of the miners already get Satoshi's coins and be satisfied with the new version. Even Satoshi comes out and protest, it does not make any sense any more

IMHO thats only the case if:
 - majority of miners runs new version
 - satoshi moves his coins to a new address
 - majority of miners decide to roll back to old version

or did i miss something?

This thing is pretty genius to be honest, even Andreas dedicated a post to sigwit and described it as a turning point in Bitcoin. This is exactly what we needed before Lightning Network which disipates all doubts of Bitcoin being able to wait until LN is operative, with sigwit we will be able to deal with any extra traffic of new people jumping in in the next year or so.

Also I noticed you are still not Legendary, pretty bad luck considering it starts randomly at 775 activity+ randomly I think :p

In fact, this possible change in bitcoin architecture raised a question: Are your bitcoin safe in a cold storage?

I used to believe that it is protected by the public-private key cryptography, e.g. without the signature generated from private key, the coin at certain address can not be spent

But now I realized that this really depends on the client running on the nodes

If a group of nodes are running a new version which does not need the signature to spend coins, then that version can spend anyone's coin without their signature (The new version can use a new signature scheme to protect their new address). Of course this transaction would not be known to the old client since that is not part of the old protocol, so in the old client coins are still there but in the new client the coins have already been spent. After the old client upgraded to new, the coins are gone

And there is really motivation in doing this: Since by the time when over 99% of the client is running new software, the old client essentially becomes minority thus have to upgrade to the new version because almost no node is using the old version anymore. So, by successfully rolling out a new version you can steal other's coins, especially Satoshi's 1 million coins, doesn't that sounds like a good idea?

I'm not talking about developer's ethics here, it is just a technical possibility that will attract lots of criminals, and criminals really does not care about bitcoin's long term success, they just need to cash out the stolen coins at exchanges and they are done. In a word, if nodes could not prevent the protocol from being changed to something malicious, then you essentially can not protect your bitcoin at all. And the more complex the code is, the easier to hide malicious implementations

thank you.. here are a few thoughts (if segwit is implemented):

• in case of a bigger chain-split and merge it might not be possible for a miner to include tx from the wrong chain into the correct one because of the missing proof
• segwit fixes tx malleability for P2SH transactions which we dont have a solution for today (bip62 dont work - and its relevant for LN)...nice
• easier script changes: neat... soft-forks for script updates. and to easily support other crypt-algos seems good too in case current ones get broken we have an upgrade path (ofc schnorr as a possibility is nice too).
  i dont understand (yet) why P2SH does not work for this. AFAIK it is a a hash of a script placed in the block which also resolves to ANYCANSPEND. isnt it possible to use this method for further script-changes?
• fraud-proof: IMHO unneeded as only nodes which has storage/bandwidth problems would benefit (and we did agree this is not a big problem anyway)

please correct me where i am wrong ;-)

Pushing hard? I don't think so. You're the guys who are mostly leading the discussion. Look at how many posts I've made (percentage wise) of the total posts here. I like this idea; test-net is going to be out this month (IIRC). You can then do your own tests. Would I mind a simple block size increase to 2 or 4 MB right now? No, I would not. I don't think those "20 ways" could work else some developer would have already proposed it/coded it. Simpler script upgrades and a malleability fix is really good, without those the added complexity/potential attack vectors would not be worth it at all.

so you admit its not the ultimate solution and never was... ok, but i still wonder why your trying to push people soo hard..

and yea i seen the image 20 times.. its not showing how..to me, i dont read a cerial box of ingrediants.. id rather do my own tests
and yea i read the article 5 times. and its solutions seem flimsy at best and i can see 20 other ways the same benefits in the image can be met without messing with the real blockchain.

i do believe bitcoin needs a new opcode for the scripting/malle stuff.. but the whole splitting signatures part.. no way should that happen, lite clients can ignore signatures themselves or reduce data saved like i explained on a long past on the other page.. but no way should bitcoin-core be altered just for liteclients lazy sake of 15 lines of code in their lite client software

If you look at the picture in the OP, you are going to notice those benefits. Here's a transcript of the original presentation and more information can be found on reddit.

No. The title was changed a few days ago. The initial title was misleading; I think it fits better now.

---

---

Off-topic: Milestone reached.

you original title on december 7th was
Segregated witness - The solution to Scalability
and now
Segregated witness - The solution to Scalability (short term)?

so just admit that even you have lost the faith seeing as you edited the title

Ok, I'll assume you're actually trying to help. Please see the edit on my last post.

i missed: simpler script updates and fraud proof
do you have a link?
i thought i had read this thread carefully together with gavins blog entry...are there other sources?

1. i personally am all in.. my bank account has not seen any deposit in years. i get paid in bitcoin and i move a majority to cold store and a few fractions of bitcoin to a hotwallet (treating it like bank note spending)

2. yes i have lost a few 'bank note spending' fractions of bitcoin due to many reasons. but my cold store has been filling up quite nicely since 2012.

3. then think of the cold store as a bank and the hot wallet as bank notes.. and just dont walk round town with more then your ready to lose

4. segwit pretends to be a hard fork, but how data is saved is not benefiting true bitcoin core nodes.. and most of the benefits can be done by liteclients already.
i can think of 20 different solutions to bloat/malle. all of which are less offensive to bitcoin-core and less security risking for the network.

yes segwit has features.. but the benefits and issues it will cause are not as worthy, and other solutions can do a better job

Malleability fix, simpler script upgrades, fraud proof.. those are not 'valid benefits' ? The least important benefit here is reduced storage. Most people don't run nodes so they don't even care about that.

i am still undecided on segwit.
i just know that added complexity always leads to more problems. bitcoin is simple atm. i'd prefer to keep it that way (if possible)

so we have to look at the benefits to make an educated decision.

the only valid benefit i see is reduced storage - which is not bad but is it important? i dont think so. AFAIK nodes running on home-intrnet-lines are adding a burden on the network anyway.

so...still undecided ;-) but i like to learn more...

This is incorrect. Did you notice the question mark in the thread title? There is no "ultimate solution" and there never will be.

Transaction malleability aside (because I'm not sure I believe the millions of dollars were actually lost from this), I still know that Bitcoin isn't secure enough for anyone to "go all in" as they say. Not only because the protocol isn't well refined yet but because there aren't systems in place to secure users from the inevitable teenaged hacker. I have had fraudulent transactions on one of my bank accounts. You know how much I lost? Nothing! You need to make your own choice how much you are willing to use and possibly lose. Your right, of course, if you're willing to have all your keys unusable on a paper wallet then Bitcoin is a fortress. The rest of us have our money constantly in play.

This Segwit solution is a change that can help, at least in the short run. I'm really unclear why you are so opposed to it. It seems like a solution that will give the developers a little breathing room to come up with a permanent solution to blocksize while solving the malleability problem without even the need for a hard fork. What's wrong with that?

Edit: If you have real concerns and are trying to save us all then please go here and make them known. https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

i know.. im just poking at Lauda because he seems to really want to push segwit, as if its the ultimate solution.. and the only solution..
yet many other people know there are better solutions that dont mess up the main bitcoin chain..

tx malle can be fixed easily with a softfork without segwit.
just let all miners and nodes reject one kind of tx (be it the positive or the negative one - doesnt matter)
if you have the biggest miners on board it wont take long and its done ;-) to help with the transition miners may help users by "mallating" the tx themselves to the new correct format (some people [forgot the name..sorry] already do that).