Author

Topic: Why have Satoshi's early mined coins an unusual nonce value distribution? (Read 640 times)

jr. member
Activity: 32
Merit: 1
Thanks for the explanation Danny
full member
Activity: 233
Merit: 253
...
Thanks DannyHamilton for the explanation.

If all participants in the early days of Bitcoin used the distributed wallet software we wouldn't have these unusual spikes for the values 0 - 58 and the graph would look like this: https://ibb.co/b3GnBQb

And why doesn't the graph look like this?

When we take DannyHamilton's post and change Step 2, so the graph would look like the original graph:

  • Step 1: Build block
  • Step 2: Add nonce to header but set the LSB (1 btyte of the nonce) as a fixed value
  • Step 3: Hash header
  • Step 4: ...
If you have a fixed value for the LSB, so you have 3 bytes (256^3 = 16,777,216) that you can change to find a valid hash value.
legendary
Activity: 3528
Merit: 4945
If you look at this gif image (least significant byte LSB values for the blocks mined 2009 - mid 2010)

What exactly is this chart showing that the addresses/keys could be in a set range?

No. This has nothing to do with addresses at all.

When mining a block, the miner adds a 4-byte value called a "nonce" to the block header before hashing it. This allows them to quickly change the block header (by changing the nonce) without needing to change which transactions they've included in the block or the order of those transactions.  As such, they are able to compute LOTS of hashes VERY quickly:
  • Step 1: Build block
  • Step 2: Add nonce to header
  • Step 3: Hash header
  • Step 4: Is hash value lower than difficulty target?
  • Step 5: If yes, block is "solved", broadcast block. Otherwise continue.
  • Step 6: Block is NOT solved. Have ALL possible nonce values been tried yet?
  • Step 7: If not, increment nonce, go back to Step 3. Otherwise continue
  • Step 8: Block is not solved, all nonce values attempted. Build a new block.
  • Step 9: Goto Step 2

A byte value can be represented in hexadecimal with 2 characters and is typically written in documentation with a 0x in front of it to indicate to the reader that the value is a hex value and not a base 10 integer value:
Hex value = base 10 integer value
0x00 = 0
0x01 = 1
0x02 = 2
0x03 = 3
...
0x09 = 9
0x0A = 10
0x0B = 11
0x0C = 12
0x0D = 13
0x0E = 14
0x0F = 15
0x10 = 16
0x11 = 17
and so on.

When you have a 4 byte integer the LSB (least significant byte) is the byte that changes the fastest as you count up (think of the digit on the far right side of the way you usually right numbers).

The graph that was posted is the quantity of blocks that have that particular value (converted to be displayed as a base 10 integer) in the LSB between the block range indicated.

So, when the graph looked like this:


It is indicating, for example that there were approximately 70 blocks between block height 23400 and 26400 that had a nonce where the LSB rerpresented a base 10 integer value of 20 (0x14).
The vertical axis is the quantity of blocks matching the condition.
The horizontal axis is the base 10 integer value of the LSB.
The title at the top of the graph is the block range that the data represents.
jr. member
Activity: 32
Merit: 1
...
All in all, people WANT to find magic patterns so they can discern order out of randomness.
Alas it is pointless. Random is as random does. Any patterns found will be there for some programming necessity (or bug), not some secret illuminati code to allow you to find those 800,000 BTC - bad luck to you Smiley

If you look at this gif image (least significant byte LSB values for the blocks mined 2009 - mid 2010)

source: https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/
then you can see that there are several ranges where the LSB values are not distributed uniformly. The whole picture should look like the values 60 - 255, then we could say that it is random. But what was done here can't be there for some programming necessity or bug, and why should Satoshi mine these values onto the blockchain?

Btw. Satoshi's blocks contain 1.1 million BTC and not 800,000.

What exactly is this chart showing that the addresses/keys could be in a set range?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
... useless and a waste of time.

Satoshi would now come in and answer me:
If you don't believe me or don't get it, I don't have time to try to convince you, sorry.

 Smiley
It might not be unreasonable for someone to make a similar statement to you.

It has been explained to you that the nonce values of satoshi's blocks were distributed in such a way that allowed satoshi to use multiple computers to mine, and to prevent any of his computers from doing work already performed by another of his computers.
legendary
Activity: 3528
Merit: 4945
If you look at this gif image (least significant byte LSB values for the blocks mined 2009 - mid 2010)
-image removed-
then you can see that there are several ranges where the LSB values are not distributed uniformly. The whole picture should look like the values 60 - 255, then we could say that it is random. But what was done here can't be there for some programming necessity or bug, and why should Satoshi mine these values onto the blockchain?

Several people have explained that you are chasing something that does not exist.

Kano did a great job of explaining why artifacts like this can occur in otherwise random data.

If you choose not to accept reasonable explanations and reality, then there is nothing that anyone will say that will dissuade you from your quest.

Btw. Satoshi's blocks contain 1.1 million BTC and not 800,000.

Maybe more.  Maybe less. There is no way to know for certain. Many people have made attempts to guess which blocks have a high probability of having been mined by Satoshi.  Some of those guesses are clearly invalid. Other's are likely mistaken.

You seem to have a lot of confidence in things that are not well supported by evidence, and very little confidence in things that are well supported by evidence.  If that's how your thoughts and decisions are informed, then any further conversation is useless and a waste of time.
full member
Activity: 233
Merit: 253
...
All in all, people WANT to find magic patterns so they can discern order out of randomness.
Alas it is pointless. Random is as random does. Any patterns found will be there for some programming necessity (or bug), not some secret illuminati code to allow you to find those 800,000 BTC - bad luck to you Smiley

If you look at this gif image (least significant byte LSB values for the blocks mined 2009 - mid 2010)

source: https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/
then you can see that there are several ranges where the LSB values are not distributed uniformly. The whole picture should look like the values 60 - 255, then we could say that it is random. But what was done here can't be there for some programming necessity or bug, and why should Satoshi mine these values onto the blockchain?

Btw. Satoshi's blocks contain 1.1 million BTC and not 800,000.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
It's amazing to read out this thread in the hopes of knowing what blocks satoshi has mined but is there any reason why you want to know it?
We exactly know what blocks Satoshi mined. https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b

The reason is the ''thread question'': Satoshi's blocks have unusual nonce values, why?
...
... and someone chimes in who has written quite a few miner drivers and ... ... lotsa other stuff ... Smiley

Back in 2010 mining was quite slow ... as is obvious by the block difficulty though that was also a side effect of the number of people doing mining.

However, if you fast forward to 2011 you find CPUs doing about 30MH/s
So at 30MH/s how long does it take to do a full nonce range?
2^32 / 30e6 = 143 seconds
What's the expected time of a block ignoring diff changes? 600 seconds
So mining a whole nonce range at 30MH/s is very roughly 1/4 of the average time of a block

What % of blocks will be less than 143 seconds after the previous?
CDF(143/600) gives a bit more than 20%

So already if he was just using one computer, he would have certain nonce values that would appear, very obviously, less often.
Ooooh a pattern? Nope that's just not understanding what's going on Smiley

There's other reasons why certain nonce values might be skewed.

e.g. in early 2013 when xiangfu and I worked on the icarus FPGA driver, you had to decide at what point to stop mining a work item and overwrite it with a new work item (due to how the fpga was designed) so that it wasn't idle, i.e. before it completed the nonce range.
Of course this isn't the same as CPU mining, however, the concept may well have been similar when deciding to change work for mining in 2010.

Another idea: like updating the time in the block header while mining?
Yes the time in the block header is NOT when the block was mined. It is set in the work before it is mined ...
If he was doing that once a minute, then a single CPU would never finish a nonce range.

A current necessary one is adding in more expensive transactions into the work.
While this certainly wasn't a necessity for the earliest blocks, there was certainly some turning point where updating the work, before a block was found, became necessary, and who knows, maybe even satoshi thought of this before it was necessary and tried that?

All in all, people WANT to find magic patterns so they can discern order out of randomness.
Alas it is pointless. Random is as random does. Any patterns found will be there for some programming necessity (or bug), not some secret illuminati code to allow you to find those 800,000 BTC - bad luck to you Smiley
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Have you ever thought of the scenario where Satoshi doesn't want from the users to know they're burning the coins? That they just wanted to leave them untouched, due to that head start, or even move them in case they really needed them? They may didn't want to get rid of them in spite of themselves.

The fact that no one has moved them so far shouldn't decrease the odds for your conspiracy to be true? How can you still consider your scenario more probable than the rest?

Even if we assume they used predictable keys, how can you start searching for a person no one knows? Even if they had announce they used such keys, to ensure I'm not searching for nothing, I wouldn't even take the time.
sr. member
Activity: 310
Merit: 727
---------> 1231006505
By "relevant source", i meant what Satoshi said publicly or what Satoshi said to other people in private. Nevertheless, your deduction and mentioned source makes sense and i find it's plausible.
Also the bitcoin wiki about the Genesis block https://en.bitcoin.it/wiki/Genesis_block mentions this:

The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
This was probably intended as proof that the block was created on or after January 3, 2009, as well as a comment on the instability caused by fractional-reserve banking.
copper member
Activity: 909
Merit: 2301
Quote
Code:
Block 0, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

Block 1, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002

Block 2, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003
etc..
Public keys don't have to be outside the elliptic curve. They could as well be created like this:
Code:
Block 0, payout to:
0400000000000000000000000000000000000000000000000000000000000000014218F20AE6C646B363DB68605822FB14264CA8D2587FDD6FBC750D587E76A7EE

Block 1, payout to:
04000000000000000000000000000000000000000000000000000000000000000266FBE727B2BA09E09F5A98D70A5EFCE8424C5FA425BBDA1C511F860657B8535E

Block 2, payout to:
040000000000000000000000000000000000000000000000000000000000000003D0DCCC6A374F85C7CB5F1A6425BC6BB4A20C877AD1A9F143F0DD788060B640E4

Block 3, payout to:
040000000000000000000000000000000000000000000000000000000000000004A6713BAC8D71F001F51D0A1E8BDBC30A70D5C0D37C2DBA84BCFC9249974EEB9C

Block 4, payout to: (x=5 does not exist on curve)
0400000000000000000000000000000000000000000000000000000000000000062A410A830399BCCCD3F8B867BBADB95CB5A17786B4E7A0250DFF50B7873A9A40
etc..
And then, they can be hidden, for example just by adding base point:
Code:
Block 0, payout to:
0457D783579D03D9AB67A8AA7AD9B75A66EBCA4EBCE1B5BE71442DB1307F9146A8CB8C57E165F15F29F01C75ECE82067F4C143DBF34B10EC35BF26EA094DE1C600

Block 1, payout to:
0440C6AC81D93252040DC4761693B52ED6AF786B81AD4B41DBB2A6BD209D36E45EDC7F8FF953626D0C5E921CF765E5B013C80C5B7406D4861CCB9BDF9B0EA9E3F4

Block 2, payout to:
043F33176503054C6E5291D21114F40AD995AA374DA68237BB5A7C89D6C1AEB864734015A6890D5064185F5FE8AFEBC7C0062A3FF7575CF942C1FA76B8530CF5C5

Block 3, payout to:
04A192641C455EC66ECC77B4A20F8E67CD3C703E406D57BD15472E1BB68FC470505598659906369CB49EF245ACE5783980810F96F52707B184A43ADDEC2C80C5CC

Block 4, payout to: (x=5 does not exist on curve)
04092D22A985A9C8BD831B83164C0A786FFA41FAF2E911A8A75EA9B43C223BBF10049B3FD6F2537BE62FBCA1921887107EB79B37DC4DAA44B4C5F6A829E82E31BE
etc..
But I doubt there was something like that, because getting non-random keys with OpenSSL was not easy. It was not like in tools you use today where you can set any private key you want. Importing keys required correct DER encoding and placing curve parameters, the private key and the public key in the imported file. You would need some ECDSA calculator to do that. Satoshi didn't know even about compressed keys, just used what was there in OpenSSL in a black box way.
sr. member
Activity: 310
Merit: 727
---------> 1231006505
But, Satoshi's public keys are known. Back in 2009, the coinbase transaction was P2PK, not P2PKH. So, they couldn't mine to a burning-looking address. They had to firstly mine them and then send them to such address.
Why the two steps? If Satoshi really would he could just mine to a public key and then raise the value of that by 1. So something like:

Code:
Block 0, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001

Block 1, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002

Block 2, payout to:
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003
etc..
In that case the blocks would have been clearly marked and they would be unspendable because they are like the P2PK-version of a burner address since there is no way the private key is known matching those public keys.

So if Satoshoi's goal was to clearly mark the blocks he mined he could have used such a solution instead of messing around with the LSB of a nonce. But like I said before, Satoshi really cared about privacy so there is no way he intentionally marked the blocks he mined. I believe it's probably the other way around, his plan was to never spent the coins he mined but he wouldn't clearly mark them as unspendable since this would give away those coins were mined by him in the first place.
full member
Activity: 233
Merit: 253
It's amazing to read out this thread in the hopes of knowing what blocks satoshi has mined but is there any reason why you want to know it?
We exactly know what blocks Satoshi mined. https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b

The reason is the ''thread question'': Satoshi's blocks have unusual nonce values, why?


I wonder, though; don't you have enough doubt to consider this a probable scenario? Don't you consider it a time waste to start searching for what could Satoshi have put as private keys in the improbable scenario they wanted to make this unfair reward?
I think that Satoshi knew that we would have this situation: a lot of blocks in the early days of Bitcoin, which they had mined. Because they had to mine these blocks to let the Bitcoin network run. They had enough time to test it (1 - 2 years) and knew the results.
How long have you been working on this design Satoshi?  It seems very well thought out, not the kind of thing you just sit down and code up without doing a lot of brainstorming and discussion on it first.  Everyone has the obvious questions looking for holes in it but it is holding up well Smiley
Since 2007.  At some point I became convinced there was a way to do this without any trust required at all and couldn't resist to keep thinking about it.  Much more of the work was designing than coding.
Fortunately, so far all the issues raised have been things I previously considered and planned for.
Satoshi had a plan for Bitcoin. So I think Satoshi also had a plan for these early mined coins. And he marked them, that we can separate them.

Unfair? Let's Satoshi decide this. I don't think that Satoshi would create something, that rewarded participants without competition.

He could easily mine to a burn address like 1111111111111111111114oLvT2 or 1BitcoinEaterAddressDontSendf59kuE and we knew that these coins won't be used anymore.
But, Satoshi's public keys are known. Back in 2009, the coinbase transaction was P2PK, not P2PKH. So, they couldn't mine to a burning-looking address. They had to firstly mine them and then send them to such address.
I think that Satoshi would have sent them to such burn addresses if he had wanted it. Yes, firstly mine them and then send them to P2PKH addresses. The first of such a transaction was done 2 weeks after the release in 2009. Block 728 https://btc.com/btc/transaction/6f7cf9580f1c2dfb3c4d5d043cdbb128c640e3f20161245aa7372e9666168516. We wouldn't have this thread, if Satoshi did this.
copper member
Activity: 821
Merit: 1992
Quote
It's not like it can be recreated or something
You can also do that. Not only you can see blocks that exist in the chain, you can also change them and try to mine alternative valid blocks with different extraNonce, different nonce or different time. By doing that you can check if someone used the officially released version or something else. For example, if there is a client when the nonce is incremented, you can check if there are any valid blocks with higher nonce. If you check many blocks and see that the real block has always the lowest nonce, then you can safely assume that miner is incrementing the nonce.

Of course, re-mining is not easy, because if some miner can produce blocks with N difficulty, on average you have to mine with N*M difficulty to mine M blocks and compare them. For CPU-mined blocks with difficulty 1 you can do that quite easily, but for later blocks it may turn out that mining on top of the chain is more profitable than exploring the past. Also, you will not find any private keys for re-mined block in this way, because you need to know the public key before starting mining, it is the same kind of problem as with self-signed message, where your signature cannot sign itself.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
It's amazing to read out this thread in the hopes of knowing what blocks satoshi has mined but is there any reason why you want to know it? It's not like it can be recreated or something or it's just purely educational for you?
sr. member
Activity: 310
Merit: 727
---------> 1231006505
Another thing is that Satoshi included a hidden message referencing The Times newspaper on the genesis block's coinbase timestamp parameter (The Times 03/Jan/2009 Chancellor on brink of second bailout for banks) and never mentioned it.
That message was put in there to give prove no mining was done before that date. So it was there for a purpose. Since Satoshi was very strict about privacy it wouldn't make sense he intentionally created a way to distinguish blocks mined by himself.

I never hear/don't remember about this, can you show relevant source about it?
You could simply deduct that by reason. If you want to proof something didn't exist before a certain date nowadays you would name something like the hash of a block. You can be pretty sure if you see the correct hash of block 701000 mentioned in a message that message couldn't have been constructed before the block was mined. Satoshi proofed this by quoting the headline of a newspaper. So this genesis block couldn't be mined before the newspaper came out.

A quick google search for "Satoshi pre-mine" turned on some results like https://danhedl.medium.com/bitcoins-distribution-was-fair-e2ef7bbbc892. But then again I don't know the definition you have for relevant source Smiley
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I wonder, though; don't you have enough doubt to consider this a probable scenario? Don't you consider it a time waste to start searching for what could Satoshi have put as private keys in the improbable scenario they wanted to make this unfair reward?

Don't you have enough counter-arguments? What else will make you convinced?

He could easily mine to a burn address like 1111111111111111111114oLvT2 or 1BitcoinEaterAddressDontSendf59kuE and we knew that these coins won't be used anymore.
But, Satoshi's public keys are known. Back in 2009, the coinbase transaction was P2PK, not P2PKH. So, they couldn't mine to a burning-looking address. They had to firstly mine them and then send them to such address.
full member
Activity: 233
Merit: 253
... and it is unlikely that the remainder will ever be spent, although the question remains why Satoshi didn’t simply burn them in this case.

Take note it's not impossible Satoshi get random 256-bit binary as public key and use it to generate burn address.

Yes, it's possible. Now we have this unsolved situation because Satoshi changed his Software so, that we can separate his mined blocks and the coins from others. Some Bitcoin participants want to know why and that also leads to: https://news.bitcoin.com/online-sleuths-believe-satoshi-nakamotos-bitcoin-stash-is-a-blockchain-treasure-hunt-meant-to-be-found/. And that is not impossible.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
One piece of information that is in the block header is the extraNonce field

Great explanation, but you got this one part wrong.

The extraNonce is not in the header. It's in the input of the Coinbase transaction (the same place where Satoshi put the famous newspaper headline). As a matter of fact, extraNonce isn't even a required thing according to the protocol. The only thing that is required in that input is the block height (see BIP 34) to fix an issue with transaction collisions.

Thanks, I updated my post.

I was originally mistaken about how satoshi was ensuring he was not duplicating work. It doesn’t appear that he used the extraNonce field in the Coinbase transaction, he used the nonce value in the block header, specifically the last digit. The potential values of the last digit of the nonce value are between 0 and 255 (inclusive). Satoshi mines using the last digit of nonce values between 0 and 58, without the values of 10 through 18.

It appears that the default behavior of the extraNonce value in the Coinbase transaction will increase by one once the nonce value overflows, at which point the nonce value will reset. So the extraNonce value, if default behavior is used, will be a function of how many block candidates you have checked (I don’t believe either value resets after a block is found). I believe it will reset if you stop mining. This means the extraNonce value is ultimately a function of how much hashrate you are using (and how long it has been since you stopped mining). There are patterns of the extraNonce value being much higher than the rest of the blocks found around the same time. The extraNonce value maximum would be exaggerated by a factor of about 5 if one were to estimate the amount of hashrate that satoshi had (assuming no blocks were found but not broadcast and luck of 1).
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
He could easily mine to a burn address like 1111111111111111111114oLvT2 or 1BitcoinEaterAddressDontSendf59kuE and we knew that these coins won't be used anymore.
No reason to dictate what he should do with his coins, to burn them or not. He is free to use the coins as and when he likes, the fact that it hasn't moved yet doesn't necessarily means that he intends for it to be burned regardless.
full member
Activity: 233
Merit: 253
I still strongly believe that Patoshi = Satoshi

Whale Alert:
We know for certain that Patoshi was operated by Satoshi

https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b
Line 33

...

... and it is unlikely that the remainder will ever be spent, although the question remains why Satoshi didn’t simply burn them in this case.

He could easily mine to a burn address like 1111111111111111111114oLvT2 or 1BitcoinEaterAddressDontSendf59kuE and we knew that these coins won't be used anymore.
legendary
Activity: 3528
Merit: 4945
One piece of information that is in the block header is the extraNonce field

Great explanation, but you got this one part wrong.

The extraNonce is not in the header. It's in the input of the Coinbase transaction (the same place where Satoshi put the famous newspaper headline). As a matter of fact, extraNonce isn't even a required thing according to the protocol. The only thing that is required in that input is the block height (see BIP 34) to fix an issue with transaction collisions.



... and it is unlikely that the remainder will ever be spent, although the question remains why Satoshi didn’t simply burn them in this case.

I suspect he probably died.
full member
Activity: 233
Merit: 253
I still strongly believe that Patoshi = Satoshi

Whale Alert:
We know for certain that Patoshi was operated by Satoshi

https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b
Line 33

...

... and it is unlikely that the remainder will ever be spent, although the question remains why Satoshi didn’t simply burn them in this case.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7

Obviously, it is not clear these blocks were actually mined by satoshi, although I think it is more likely than not to be the case.
It doesn't matter who mined these blocks (I still strongly believe that Patoshi = Satoshi) but this thread is not about who mined these coins. It is about the nonces of these. Why are they unusual? Is there an intention?

When a miner is mining for a block, they will create a block header that contains certain information. One piece of information that is in the block header is the extraNonce field (via being optionally part of the coinbase transaction [that can be a null value], and changing the extraNonce field will cause the merkle root to change). Other information in the block header includes a nonce (this is separate and distinct from the extraNonce part of the block header). Once the block header is built, it will be passed through a hash function called SHA256, and if the output of this hash function is lower than a target number as determined by the current difficulty, (assuming all transactions in the block are valid, and the block otherwise follows consensus rules), the block will be valid.

Block headers also include a timestamp, a derivative of the transactions in the block (called the merkle root), the previous block's hash, and a version number.

If you were to pass through a block header through a hash function on one computer, and pass through the same block header on a second computer, the resulting output would be same same on both computers. However, if you pass a block header through a hash function on one computer, and pass a block header that is the same, except that it contains a different extraNonce value, through a hash function on a second computer, the resulting output would be different. So if you are mining on two different computers, you need to do something in order to ensure both computers do not check the same block header, because if they do, they would be completing the same work.

The last value of the nonce can be between 0 and 255. This is something that one would expect to be random. If you remove the blocks that are believed to belong to satoshi, the remaining last values of nonces are more or less randomly distributed.
full member
Activity: 233
Merit: 253
...  Good luck with your search. ...
Sergio discovered it in 2013. Others did their own research with Sergio's findings:

''At Whale Alert we analyze and report interesting blockchain transactions and for Bitcoin there is no subject more interesting and mysterious than the founder known by the alias Satoshi Nakamoto. We were able to make the most accurate estimate of the number of blocks mined and bitcoins owned by Satoshi ...''
https://whale-alert.medium.com/the-satoshi-fortune-e49cf73f9a9b from https://whale-alert.io/media


Obviously, it is not clear these blocks were actually mined by satoshi, although I think it is more likely than not to be the case.
It doesn't matter who mined these blocks (I still strongly believe that Patoshi = Satoshi) but this thread is not about who mined these coins. It is about the nonces of these. Why are they unusual? Is there an intention?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
I don't think that Satoshi mined with 58 machines.
I think it is unlikely that Satoshi mined with 58 computers.

The last values of nonces were 0 through 58 appeared in blocks more frequently than the rest possible last value of the nonces (the range of possibilities are from 0 through 255), so the range of nonces is 59, not 58. However nonce values 10 through 18 have a "normal" frequency. This might lead someone to expect that satoshi might have 50 computers mining in bitcoin's early days.

I think it is probably more likely that satoshi was intending to use 6 computers, the second computer broke (or otherwise was unable to mine), so he ended up using 5 computers to mine. If this is true, he may have configured 6th of the remaining computers to mine on nonce values 19 instead of 59 before realizing that the specific nonce values do not matter, and wont have an impact on the chances of any computer finding a block. He was using either 50 or 5 computers, not 58.

There is evidence that satoshi may have not mined for as much as 5 minutes following when a block was broadcast, and if true, he may have not immediately started utilizing all of his mining equipment immediately after the 5-minute timer expired.

Obviously, it is not clear these blocks were actually mined by satoshi, although I think it is more likely than not to be the case.
legendary
Activity: 3528
Merit: 4945
There is a pattern in the nonce. Not because Sergio says it, it's because one can recalculate that. Sergio discovered it in 2013. https://bitcointalksearch.org/topic/satoshis-fortune-lower-bound-is-100m-usddebate-going-on-do-not-tweet-175996

Did you even read the thread you linked to???

I've assumed:

1. Satoshi mined almost alone from 1/3/2009 to 1/25/2010 (block 0 to block 36288).

This assumption is at least partly wrong based on what Hal Finney says in this thread:
When Satoshi announced the first release of the software, I grabbed it right away. I think I was the first person besides Satoshi to run bitcoin. I mined block 70-something

He did not. I mined during that time— so did many other people I've talked to.

Do I get to be Satoshi too? I was off by only a few days... https://i.imgur.com/w57rtbs.png

I know first-hand that there were several different people who mined before January 2010. It's kind of funny that history I've lived through is being questioned...

Sergio was posting a bunch of speculation based on false beliefs, and yet you choose to believe that, but when he comes up with a realistic explanation for what he thinks he sees, you decide that it didn't happen.

Sounds like you're about as confused as Sergio.  Good luck with your search.  You're tilting at windmills.
full member
Activity: 233
Merit: 253
I don't think that Satoshi mined with 58 machines.
So you believe Sergio when he says that he sees a pattern in the nonce, but you don't believe him when he says it's because Satoshi used 58 computers?

There is a pattern in the nonce. Not because Sergio says it, it's because one can recalculate that. Sergio discovered it in 2013. https://bitcointalksearch.org/topic/satoshis-fortune-lower-bound-is-100m-usddebate-going-on-do-not-tweet-175996, so one doesn't need to believe him, make your own research.

What Satoshi has done, is possible with 1 computer, one can recalculate or simulate it too. If I have the possibility, I will ask Sergio whether he still believes that Satoshi used 58 computers.
legendary
Activity: 3528
Merit: 4945
The nonces have a structure,
More like a pattern that can be caused by several different things.

but it's very unusual.
It really isn't.

through this behaviour of the nonces we can exactly say which blocks are Satoshi's.
We can not.  We can guess that these blocks MIGHT be Satoshi's.  We can't know for sure.

Another thing is that Satoshi included a hidden message referencing The Times newspaper on the genesis block's coinbase timestamp parameter (The Times 03/Jan/2009 Chancellor on brink of second bailout for banks)
Not really hidden.  It's there plain as day for any programmer to see. Doesn't take any effort or conspiracy theories to support its existence.

some people want to know, if Satoshi left a message fingerprinted in the nonces.
I'm pretty confident he didn't.

My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?

First of all, it's all speculation.  We don't actually know which bitcoins are Satoshi's and which aren't.  As Gavin says in the quotes you have above:
"he found some patterns that are plausible that might be associated with Satoshi's mined Bitcoins"

Second, did you even read what Seregio wrote at the link you provided.  He answers your question there:
"Satoshi had access to 58 machines for mining, so to avoid checking the same nonce twice he gave each machine a different id, which was stamped in the LSB of the nonce."

In other words:
Satoshi's(= Patoshi's) nonce values CAN be produced with the distributed original wallet software.

I don't think that Satoshi mined with 58 machines.

So you believe Sergio when he says that he sees a pattern in the nonce, but you don't believe him when he says it's because Satoshi used 58 computers?

That would be too complex for that time period. (~1.5 years - 24/7)

It really wouldn't.
full member
Activity: 233
Merit: 253
Another thing is that Satoshi included a hidden message referencing The Times newspaper on the genesis block's coinbase timestamp parameter (The Times 03/Jan/2009 Chancellor on brink of second bailout for banks) and never mentioned it.
That message was put in there to give prove no mining was done before that date. So it was there for a purpose. Since Satoshi was very strict about privay it wouldn't make sense he intentionally created a way to distinguish blocks mined by himself.

That's exactly what led us to explore Satoshi's blocks. If he wanted his blocks to remain private, he wouldn't change the nonces this way. What's the reason to mark them? He would have known which blocks he mined, so there was no reason to do that. One reason could be: he wanted us to see these blocks.
sr. member
Activity: 310
Merit: 727
---------> 1231006505
Another thing is that Satoshi included a hidden message referencing The Times newspaper on the genesis block's coinbase timestamp parameter (The Times 03/Jan/2009 Chancellor on brink of second bailout for banks) and never mentioned it.
That message was put in there to give prove no mining was done before that date. So it was there for a purpose. Since Satoshi was very strict about privacy it wouldn't make sense he intentionally created a way to distinguish blocks mined by himself.
full member
Activity: 233
Merit: 253
Also, what makes you think that due to the nonce's reuse, they chose predictable entropies for their private keys? This shows me the exact opposite: Due to the reuse of the nonce, which is constantly changing to satisfy the PoW, they had to change the rewarding address.
The nonces have a structure, I don't know if it was done intentionally or not, but it's very unusual. The nonce consists of 4 bytes and Satoshi is playing only with 1 of them (with the least significant byte), so there are enough possibilities (256^3 x time) to satisfy the PoW. You are right with your conclusion, I would think the same that he had to change the rewarding address, if he reused (or played with) all 4 bytes of the nonce. And through this behaviour of the nonces we can exactly say which blocks are Satoshi's.

Another thing is that Satoshi included a hidden message referencing The Times newspaper on the genesis block's coinbase timestamp parameter (The Times 03/Jan/2009 Chancellor on brink of second bailout for banks) and never mentioned it. That's why some people want to know, if Satoshi left a message fingerprinted in the nonces.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?
That they were testing things in the environment they were building. Again, simple explanation.



Also, what makes you think that due to the nonce's reuse, they chose predictable entropies for their private keys? This shows me the exact opposite: Due to the reuse of the nonce, which is constantly changing to satisfy the PoW, they had to change the rewarding address.

There isn't anything else you can change in the block header to calculate millions of hashes. You either have to change the nonce, which is the purpose of it (number used once), or the receiving address from the coinbase transaction.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Or because it was early beta software and Satoshi was playing with things, testing things, tweaking things and so on.

It was not like it was done in a sterile lab environment that was then wiped down. Full on public blockchain, so as he did stuff it was all out there for the world to see and keep track of forever.

I have done some things in that on the surface looked odd, but one I explained what I was testing and why, it was obvious. Since we can't ask Satoshi we can only guess.

-Dave
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
I don't think that Satoshi mined with 58 machines. That would be too complex for that time period. (~1.5 years - 24/7)

You don't think? Well, I don't think that Patoshi = Satoshi. Since neither of us can prove any of these claims, why are we having this discussion at all?


Maybe they talk about fuckoshi ?
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
I don't think that Satoshi mined with 58 machines. That would be too complex for that time period. (~1.5 years - 24/7)

You don't think? Well, I don't think that Patoshi = Satoshi. Since neither of us can prove any of these claims, why are we having this discussion at all?
full member
Activity: 233
Merit: 253
My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?

First of all, it's all speculation.  We don't actually know which bitcoins are Satoshi's and which aren't.  As Gavin says in the quotes you have above:
"he found some patterns that are plausible that might be associated with Satoshi's mined Bitcoins"

Second, did you even read what Seregio wrote at the link you provided.  He answers your question there:
"Satoshi had access to 58 machines for mining, so to avoid checking the same nonce twice he gave each machine a different id, which was stamped in the LSB of the nonce."

In other words:
Satoshi's(= Patoshi's) nonce values CAN be produced with the distributed original wallet software.

I don't think that Satoshi mined with 58 machines. That would be too complex for that time period. (~1.5 years - 24/7)


... he gave each machine a different id, which was stamped in the LSB of the nonce."

The distributed original wallet software doesn't have that feature.
legendary
Activity: 3528
Merit: 4945
My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?

First of all, it's all speculation.  We don't actually know which bitcoins are Satoshi's and which aren't.  As Gavin says in the quotes you have above:
"he found some patterns that are plausible that might be associated with Satoshi's mined Bitcoins"

Second, did you even read what Seregio wrote at the link you provided.  He answers your question there:
"Satoshi had access to 58 machines for mining, so to avoid checking the same nonce twice he gave each machine a different id, which was stamped in the LSB of the nonce."

In other words:
Satoshi's(= Patoshi's) nonce values CAN be produced with the distributed original wallet software.
legendary
Activity: 1022
Merit: 1043
αLPʜα αɴd ΩMeGa
Before asking the question, I want to mention that even US courts are interested in this:

Gavin Andresen's deposition (For those who don't know him: Andresen was the lead developer for a part of the bitcoin digital currency project ... Andresen discovered bitcoin in 2010 ...  After joining the developers contributing to Bitcoin along with Satoshi Nakamoto, he went on to become lead developer of the client software for the bitcoin network. https://en.wikipedia.org/wiki/Gavin_Andresen)

https://storage.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.589.3.pdf (page 31)
...
Question: Are you aware of any patterns within the blockchain that would reveal which blocks were mined by Satoshi?
Andresen: There is a very interesting blog post by Sergio, Sergio Demian Lerner, where he found some patterns that are plausible that might be associated with Satoshi's mined Bitcoins.
Question: This is the Patoshi research? I think he calls it the Patoshi research?
Andresen: Maybe. I'm not familiar with that.
Question: They call it the Patoshi --
Andresen: I'm not familiar with that term.
Question: Is it -- is it based on the Nonce value?
Andresen: Yes, it's based on the Nonce values. And I have -- I have no direct knowledge of that, but his research seems plausible to me.
Question: Okay. Is there any reason you can think of that a miner would try to create a coinbase transaction that did not hash to within a specific range of values?
Question: Do you understand the question?
Andresen: I'm not sure I understand the question.
Question: Okay. Strike the question.
...
Sergio Demian Lerner's findings: https://bitslog.com/2013/09/03/new-mystery-about-satoshi/
Adding this quote, which is relatable;
Quote from: Occam s Razor
The simplest explanation is usually the right one
My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?

But you don't just have to look at the software, I think.
In 2009, computers were still at a different level.
At that time, it was still normal to mine with a simple CPU.

Nobody knows how Satoshi's hardware setup was configured back then, but we're back to the same point as always... we can only speculate!
full member
Activity: 233
Merit: 253
Before asking the question, I want to mention that even US courts are interested in this:

Gavin Andresen's deposition (For those who don't know him: Andresen was the lead developer for a part of the bitcoin digital currency project ... Andresen discovered bitcoin in 2010 ...  After joining the developers contributing to Bitcoin along with Satoshi Nakamoto, he went on to become lead developer of the client software for the bitcoin network. https://en.wikipedia.org/wiki/Gavin_Andresen)

https://storage.courtlistener.com/recap/gov.uscourts.flsd.521536/gov.uscourts.flsd.521536.589.3.pdf (page 31)
...
Question: Are you aware of any patterns within the blockchain that would reveal which blocks were mined by Satoshi?
Andresen: There is a very interesting blog post by Sergio, Sergio Demian Lerner, where he found some patterns that are plausible that might be associated with Satoshi's mined Bitcoins.
Question: This is the Patoshi research? I think he calls it the Patoshi research?
Andresen: Maybe. I'm not familiar with that.
Question: They call it the Patoshi --
Andresen: I'm not familiar with that term.
Question: Is it -- is it based on the Nonce value?
Andresen: Yes, it's based on the Nonce values. And I have -- I have no direct knowledge of that, but his research seems plausible to me.
Question: Okay. Is there any reason you can think of that a miner would try to create a coinbase transaction that did not hash to within a specific range of values?
Question: Do you understand the question?
Andresen: I'm not sure I understand the question.
Question: Okay. Strike the question.
...

Sergio Demian Lerner's findings: https://bitslog.com/2013/09/03/new-mystery-about-satoshi/

Adding this quote, which is relatable;
Quote from: Occam s Razor
The simplest explanation is usually the right one

My question: What is the simplest explanation for Satoshi's(= Patoshi's) nonce values, that can't be produced with the distributed original wallet software?


Jump to: