Topic: Why have Satoshi's early mined coins an unusual nonce value distribution? (Read 623 times)

Thanks for the explanation Danny

Thanks DannyHamilton for the explanation.

If all participants in the early days of Bitcoin used the distributed wallet software we wouldn't have these unusual spikes for the values 0 - 58 and the graph would look like this: https://ibb.co/b3GnBQb

And why doesn't the graph look like this?

When we take DannyHamilton's post and change Step 2, so the graph would look like the original graph:

• Step 1: Build block
• Step 2: Add nonce to header but set the LSB (1 btyte of the nonce) as a fixed value
• Step 3: Hash header
• Step 4: ...
  

If you have a fixed value for the LSB, so you have 3 bytes (256^3 = 16,777,216) that you can change to find a valid hash value.

No. This has nothing to do with addresses at all.

When mining a block, the miner adds a 4-byte value called a "nonce" to the block header before hashing it. This allows them to quickly change the block header (by changing the nonce) without needing to change which transactions they've included in the block or the order of those transactions.  As such, they are able to compute LOTS of hashes VERY quickly:

• Step 1: Build block
• Step 2: Add nonce to header
• Step 3: Hash header
• Step 4: Is hash value lower than difficulty target?
• Step 5: If yes, block is "solved", broadcast block. Otherwise continue.
• Step 6: Block is NOT solved. Have ALL possible nonce values been tried yet?
• Step 7: If not, increment nonce, go back to Step 3. Otherwise continue
• Step 8: Block is not solved, all nonce values attempted. Build a new block.
• Step 9: Goto Step 2

A byte value can be represented in hexadecimal with 2 characters and is typically written in documentation with a 0x in front of it to indicate to the reader that the value is a hex value and not a base 10 integer value:
Hex value = base 10 integer value
0x00 = 0
0x01 = 1
0x02 = 2
0x03 = 3
...
0x09 = 9
0x0A = 10
0x0B = 11
0x0C = 12
0x0D = 13
0x0E = 14
0x0F = 15
0x10 = 16
0x11 = 17
and so on.

When you have a 4 byte integer the LSB (least significant byte) is the byte that changes the fastest as you count up (think of the digit on the far right side of the way you usually right numbers).

The graph that was posted is the quantity of blocks that have that particular value (converted to be displayed as a base 10 integer) in the LSB between the block range indicated.

So, when the graph looked like this:


It is indicating, for example that there were approximately 70 blocks between block height 23400 and 26400 that had a nonce where the LSB rerpresented a base 10 integer value of 20 (0x14).
The vertical axis is the quantity of blocks matching the condition.
The horizontal axis is the base 10 integer value of the LSB.
The title at the top of the graph is the block range that the data represents.

What exactly is this chart showing that the addresses/keys could be in a set range?

It might not be unreasonable for someone to make a similar statement to you.

It has been explained to you that the nonce values of satoshi's blocks were distributed in such a way that allowed satoshi to use multiple computers to mine, and to prevent any of his computers from doing work already performed by another of his computers.

Several people have explained that you are chasing something that does not exist.

Kano did a great job of explaining why artifacts like this can occur in otherwise random data.

If you choose not to accept reasonable explanations and reality, then there is nothing that anyone will say that will dissuade you from your quest.


Maybe more.  Maybe less. There is no way to know for certain. Many people have made attempts to guess which blocks have a high probability of having been mined by Satoshi.  Some of those guesses are clearly invalid. Other's are likely mistaken.

You seem to have a lot of confidence in things that are not well supported by evidence, and very little confidence in things that are well supported by evidence.  If that's how your thoughts and decisions are informed, then any further conversation is useless and a waste of time.

If you look at this gif image (least significant byte LSB values for the blocks mined 2009 - mid 2010)

source: https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/
then you can see that there are several ranges where the LSB values are not distributed uniformly. The whole picture should look like the values 60 - 255, then we could say that it is random. But what was done here can't be there for some programming necessity or bug, and why should Satoshi mine these values onto the blockchain?

Btw. Satoshi's blocks contain 1.1 million BTC and not 800,000.

... and someone chimes in who has written quite a few miner drivers and ... ... lotsa other stuff ...

Back in 2010 mining was quite slow ... as is obvious by the block difficulty though that was also a side effect of the number of people doing mining.

However, if you fast forward to 2011 you find CPUs doing about 30MH/s
So at 30MH/s how long does it take to do a full nonce range?
2^32 / 30e6 = 143 seconds
What's the expected time of a block ignoring diff changes? 600 seconds
So mining a whole nonce range at 30MH/s is very roughly 1/4 of the average time of a block

What % of blocks will be less than 143 seconds after the previous?
CDF(143/600) gives a bit more than 20%

So already if he was just using one computer, he would have certain nonce values that would appear, very obviously, less often.
Ooooh a pattern? Nope that's just not understanding what's going on

There's other reasons why certain nonce values might be skewed.

e.g. in early 2013 when xiangfu and I worked on the icarus FPGA driver, you had to decide at what point to stop mining a work item and overwrite it with a new work item (due to how the fpga was designed) so that it wasn't idle, i.e. before it completed the nonce range.
Of course this isn't the same as CPU mining, however, the concept may well have been similar when deciding to change work for mining in 2010.

Another idea: like updating the time in the block header while mining?
Yes the time in the block header is NOT when the block was mined. It is set in the work before it is mined ...
If he was doing that once a minute, then a single CPU would never finish a nonce range.

A current necessary one is adding in more expensive transactions into the work.
While this certainly wasn't a necessity for the earliest blocks, there was certainly some turning point where updating the work, before a block was found, became necessary, and who knows, maybe even satoshi thought of this before it was necessary and tried that?

All in all, people WANT to find magic patterns so they can discern order out of randomness.
Alas it is pointless. Random is as random does. Any patterns found will be there for some programming necessity (or bug), not some secret illuminati code to allow you to find those 800,000 BTC - bad luck to you

Have you ever thought of the scenario where Satoshi doesn't want from the users to know they're burning the coins? That they just wanted to leave them untouched, due to that head start, or even move them in case they really needed them? They may didn't want to get rid of them in spite of themselves.

The fact that no one has moved them so far shouldn't decrease the odds for your conspiracy to be true? How can you still consider your scenario more probable than the rest?

Even if we assume they used predictable keys, how can you start searching for a person no one knows? Even if they had announce they used such keys, to ensure I'm not searching for nothing, I wouldn't even take the time.

Also the bitcoin wiki about the Genesis block https://en.bitcoin.it/wiki/Genesis_block mentions this:

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
This was probably intended as proof that the block was created on or after January 3, 2009, as well as a comment on the instability caused by fractional-reserve banking.

Public keys don't have to be outside the elliptic curve. They could as well be created like this:
And then, they can be hidden, for example just by adding base point:
But I doubt there was something like that, because getting non-random keys with OpenSSL was not easy. It was not like in tools you use today where you can set any private key you want. Importing keys required correct DER encoding and placing curve parameters, the private key and the public key in the imported file. You would need some ECDSA calculator to do that. Satoshi didn't know even about compressed keys, just used what was there in OpenSSL in a black box way.

We exactly know what blocks Satoshi mined. https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b

The reason is the ''thread question'': Satoshi's blocks have unusual nonce values, why?


I think that Satoshi knew that we would have this situation: a lot of blocks in the early days of Bitcoin, which they had mined. Because they had to mine these blocks to let the Bitcoin network run. They had enough time to test it (1 - 2 years) and knew the results.
Satoshi had a plan for Bitcoin. So I think Satoshi also had a plan for these early mined coins. And he marked them, that we can separate them.

Unfair? Let's Satoshi decide this. I don't think that Satoshi would create something, that rewarded participants without competition.

I think that Satoshi would have sent them to such burn addresses if he had wanted it. Yes, firstly mine them and then send them to P2PKH addresses. The first of such a transaction was done 2 weeks after the release in 2009. Block 728 https://btc.com/btc/transaction/6f7cf9580f1c2dfb3c4d5d043cdbb128c640e3f20161245aa7372e9666168516. We wouldn't have this thread, if Satoshi did this.

You can also do that. Not only you can see blocks that exist in the chain, you can also change them and try to mine alternative valid blocks with different extraNonce, different nonce or different time. By doing that you can check if someone used the officially released version or something else. For example, if there is a client when the nonce is incremented, you can check if there are any valid blocks with higher nonce. If you check many blocks and see that the real block has always the lowest nonce, then you can safely assume that miner is incrementing the nonce.

Of course, re-mining is not easy, because if some miner can produce blocks with N difficulty, on average you have to mine with N*M difficulty to mine M blocks and compare them. For CPU-mined blocks with difficulty 1 you can do that quite easily, but for later blocks it may turn out that mining on top of the chain is more profitable than exploring the past. Also, you will not find any private keys for re-mined block in this way, because you need to know the public key before starting mining, it is the same kind of problem as with self-signed message, where your signature cannot sign itself.

It's amazing to read out this thread in the hopes of knowing what blocks satoshi has mined but is there any reason why you want to know it? It's not like it can be recreated or something or it's just purely educational for you?

You could simply deduct that by reason. If you want to proof something didn't exist before a certain date nowadays you would name something like the hash of a block. You can be pretty sure if you see the correct hash of block 701000 mentioned in a message that message couldn't have been constructed before the block was mined. Satoshi proofed this by quoting the headline of a newspaper. So this genesis block couldn't be mined before the newspaper came out.

A quick google search for "Satoshi pre-mine" turned on some results like https://danhedl.medium.com/bitcoins-distribution-was-fair-e2ef7bbbc892. But then again I don't know the definition you have for relevant source

I wonder, though; don't you have enough doubt to consider this a probable scenario? Don't you consider it a time waste to start searching for what could Satoshi have put as private keys in the improbable scenario they wanted to make this unfair reward?

Don't you have enough counter-arguments? What else will make you convinced?

But, Satoshi's public keys are known. Back in 2009, the coinbase transaction was P2PK, not P2PKH. So, they couldn't mine to a burning-looking address. They had to firstly mine them and then send them to such address.

Yes, it's possible. Now we have this unsolved situation because Satoshi changed his Software so, that we can separate his mined blocks and the coins from others. Some Bitcoin participants want to know why and that also leads to: https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/. And that is not impossible.

Thanks, I updated my post.

I was originally mistaken about how satoshi was ensuring he was not duplicating work. It doesn’t appear that he used the extraNonce field in the Coinbase transaction, he used the nonce value in the block header, specifically the last digit. The potential values of the last digit of the nonce value are between 0 and 255 (inclusive). Satoshi mines using the last digit of nonce values between 0 and 58, without the values of 10 through 18.

It appears that the default behavior of the extraNonce value in the Coinbase transaction will increase by one once the nonce value overflows, at which point the nonce value will reset. So the extraNonce value, if default behavior is used, will be a function of how many block candidates you have checked (I don’t believe either value resets after a block is found). I believe it will reset if you stop mining. This means the extraNonce value is ultimately a function of how much hashrate you are using (and how long it has been since you stopped mining). There are patterns of the extraNonce value being much higher than the rest of the blocks found around the same time. The extraNonce value maximum would be exaggerated by a factor of about 5 if one were to estimate the amount of hashrate that satoshi had (assuming no blocks were found but not broadcast and luck of 1).

No reason to dictate what he should do with his coins, to burn them or not. He is free to use the coins as and when he likes, the fact that it hasn't moved yet doesn't necessarily means that he intends for it to be burned regardless.