Search content
Sort by
Showing 20 of 24 results by JFC
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
Personally, I think the OP is definitely thinking on the right lines. Whether this particular proposal is appropriate matters less than the fact that people are thinking about these issues. I think any rational observer would agree that the usability and user-friendliness of the Bitcoin eco-system in general is woeful and anything that improves it will be welcome.
Hi tertius993,
thank you for your comments. I totally agree with that.
The particular format I am proposing is not the important thing here. Improving the usability and user-friendliness of Bitcoin is.
It is nice to know there are other people in this forum that recognize this problem and will welcome improvements in these areas.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
In Europe we have IBAN numbers for EUR account and it is not rememberable at all by avg. person same as bitcoin address you just copy paste it and check visually it is the same (to check for clipboard modifying viruses. Replacing long bitcoin address with shorter one which is still non memorable is useless.
If you want to make something like paypal with sending to email you should think about blockchain solution in which you could voluntarily publish email address xzy@xyz.com belongs to bitcoin address ABC. Sort of named bitcoin address.
If you want to make something like paypal with sending to email you should think about blockchain solution in which you could voluntarily publish email address xzy@xyz.com belongs to bitcoin address ABC. Sort of named bitcoin address.
underhood, thanks for your comments.
Bank accounts are not rememberable. And yet they are used by millions of persons every day. They are still IMHO much more user friendly than a long series of case-sensitive characters. The purpose here is not creating a payment address you can remember but having something that a general population can use without fear.
Regarding the email-as-an-address it is an interesting idea. I think something could be done by using the OP_RETURN scripting operation. But you would need more than a single payment destination to avoid privacy and security problems. Also, some sort of checksum is also a necessity. But I definitely concur that something along those lines is worth studying.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
Opening new levels of discussion to improve bitcoin is a great thing but I kind of like the address format and I'm not that a tech-savvy type of girl, I just got used to it 
Hi Mandy,
it is great that you feel comfortable with the traditional bitcoin address format. But I bet that you are more tech-savvy than you think! (What are you doing in this forum if you are not?)
Regards
P.S.: Don't worry, I am not planning on deprecating the Base58Check format (not that I could even if I wanted...). I could call it 'legacy' though if I wanted to be pretentious and mean, but I will not
Ty for replying
I don't feel tech savvy at all, I'm here to learn about bitcoin as I feel it's getting serious. Regarding the address format I find it easy to proof check addresses when I want to send or receive only by checking the first and last 2 digits of the address, I bet you can't do that with your format since the numbers are variable and not fixed from what I understood
But that method is far from certain - *many* addresses could have the first and last two characters the same.
Personally, I think the OP is definitely thinking on the right lines. Whether this particular proposal is appropriate matters less than the fact that people are thinking about these issues. I think any rational observer would agree that the usability and user-friendliness of the Bitcoin eco-system in general is woeful and anything that improves it will be welcome.
I couldn't agree more with you, more people thinking about how to improve bitcoin is excellent news
Just expressed my opinion, Op keep it up
On the other hand tertius993 is right. Just checking 4 digits of the Base58address is better than nothing, but very insecure nonetheless. It is very easy to generate another address with the same 2 starting and ending digits (For comparison a vanity address with 4 characters is free in this service.)
Quote
I find it easy to proof check addresses when I want to send or receive only by checking the first and last 2 digits of the address, I bet you can't do that with your format since the numbers are variable and not fixed from what I understood
Aside from being a poor checking, the answer is yes, you could that if you wanted. Once you have 'published' your address on the blockchain, those numbers are fixed forever (as long as your transaction isn't removed from the blockchain; that is the reason you should wait for a fair number of confirmations).
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
In the future we will hopefully have confidential transactions as proposed by gmaxwell and then it will not be possible to know what amount of BTC is being moved around, also we will have coinjoin and other privacy stuff. Wouldn't this make your format incompatible with those transactions? or you can still get the information needed?
Confidential transactions are a feature of sidechains not of Bitcoin. The Bitcoin protocol will probably not change in any significant way ever, just as the UDP protocol on which the internet is based on is essentially frozen. You can build layers on top of it (TCP/IP, http, ...) but the basics of routing packets in a best effort manner haven't changed and won't change. So, this addressing scheme should be safe from the kind of changes we can expect. On the other hand, mixing services such as coinjoin are no problem. They are just a way to make transaction linking harder, but the bitcoins end up in traditional addresses.
Also I think in the future we will have some sort of "email" format where you can give to people and when they send you coins it automatically receives them in newly generated addresses for better privacy easily instead of the complex long addresses. I think Bitcoin should have this "email of money" instead of trying to look like an annoying bank account (I hate when I have to share bank account details because the numbers are so long and one mistake and you are fucked)
I also said in my original post that paypal has a very user friendly kind of payment address. However, I don't see how you could easily integrate that kind of payment in the Bitcoin protocol. They are also not very safe. A single typing mistake and you are sending your gazillions to the wrong place. I think some sort of checksum needs to be an integral part of any address scheme, even at the cost of some loss of user friendliness.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
Opening new levels of discussion to improve bitcoin is a great thing but I kind of like the address format and I'm not that a tech-savvy type of girl, I just got used to it
Hi Mandy,
it is great that you feel comfortable with the traditional bitcoin address format. But I bet that you are more tech-savvy than you think! (What are you doing in this forum if you are not?)
Regards
P.S.: Don't worry, I am not planning on deprecating the Base58Check format (not that I could even if I wanted...). I could call it 'legacy' though if I wanted to be pretentious and mean, but I will not
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
⭐ Merited by ETFbitcoin (1)
Hi Danny,
first let me give you triple thanks for your comments.
First, because it is obvious you have taken time and consideration to read and reply my long post.
Second, because it is clear you understand the issues at stake here and have written a well articulated answer stating your point of view.
Third, because it is also obvious you hate the idea, which I totally respect. And yet you managed to write a long post without any personal attacks.
It doesn't matter IMHO if we deeply disagree on any technical matter as long as we can have a polite exchange of ideas. Most of the people in the community have a vested interest in improving the bitcoin ecosystem. I am deeply sorry when I see people offending other people to advance their cause. The block size debate is a sad example of that. Losing giants like Mike Hearn because of those personal attacks is a tragedy and it is totally unfair.
Having said that, let's go to the battle...
Just like TCP/IP and UDP and HTTPS and FTP and routers and switches and gateways and firewalls need to be much more user friendly for the internet to achieve the kind of reach we all expect it to?
The solution is to add layers on top of the technology, not to change the underlying technology or expect the average user to understand the underlying technology. I realize that your suggestion IS a layer on top of the existing technology, it's just a bad layer that discourages best practices. Again, I have to disagree that THIS restricted reuse of addresses is not a best practice. Even if you still disagree with my disagreement, at least, you'll have to concede that part of the beauty of bitcoin is its permissionless nature. I am not forcing anyone to use this system. I am just proposing an alternative that I believe useful -for certain use cases, not as a general rule-.
As an added bonus, I am going to cite another disadvantage I previously forgot to mention (I'm trying to be honest here, no matter how much I love my own idea...). Using this scheme of payments requires the receiver of the funds to pay an additional fee. I understand this is buying extra security. But again, isn't it nice that you have the freedom to trade easy of use security over cost? The way I see it, if you don't like this addressing scheme, or don't think your transaction deserves an extra fee, by any means, use the Base58 payment.
Then I guess we don't need to change anything, because it is already succeeding as a payment platform. Given your statement, I guess that must be proof that we've already "improved its non-technical deficits".
I can't possibly agree on that. I don't know your expectations for bitcoin. I expect nothing but total world domination... I can't possibly know what percentage of the transaction every block contains is used for a payment. Let's say it is 100%. That would mean about 3 transactions per second with full blocks. According to this Visa handles about 2000 per second. There is much to be done in every front before we can proclaim sucess.
And we will. But not with this proposal.
Who knows? The beauty of Layer 2 proposals is that they are unstoppable it somebody is willing to implement them and some users want to use them. That permissionless property of bitcoin is a great asset of the ecosystem. Let a hundred flowers blossom...
Again, thank you very much for sharing your wisdom and tone!
Final note: Excuse me for ending the post citing Mao. Probably not the best person to quote from a libertarian like myself, but I like to say that you can learn something even from the most obnoxious person you know.
first let me give you triple thanks for your comments.
First, because it is obvious you have taken time and consideration to read and reply my long post.
Second, because it is clear you understand the issues at stake here and have written a well articulated answer stating your point of view.
Third, because it is also obvious you hate the idea, which I totally respect. And yet you managed to write a long post without any personal attacks.
It doesn't matter IMHO if we deeply disagree on any technical matter as long as we can have a polite exchange of ideas. Most of the people in the community have a vested interest in improving the bitcoin ecosystem. I am deeply sorry when I see people offending other people to advance their cause. The block size debate is a sad example of that. Losing giants like Mike Hearn because of those personal attacks is a tragedy and it is totally unfair.
Having said that, let's go to the battle
...The way I see it, using this way to transfer (a decent amount of) money has the following benefits:
a) Way less scary I disagree. I don't find bitcoin addresses scary at all.Ok Danny, you have a "Legendary" badge in this forum. I bet you aren't easily scared by anything bitcoin related. But try the mother of your neighbor
b) Compact (15 decimal digits in the example vs 34 case sensitive alphanumeric positions) See? We can agree on something!
c) Possible to be dictated and typed easily (only needs the numerical keypad) Bitcoin addresses can also be dictated and typed easily.Ok. I'll give you this point if you concede that writing a shorter address made up of decimal digits and dots is EASIER and faster than writing a longer series of case sensitive alphanumeric characters.This is particularly true if you are using a soft keyboard on a cell phone (Ever tried to type a long random Wifi password?).
d) Secure (mostly but not only, because of the checksum) Bitcoin addresses also have a checksum. Never said they haven't. In fact -the way I am presenting this idea- Base58 addresses have a stronger checksum (32 bits vs -let's say- 20 bits). Point for you but... If we use the amount transferred to the UTXO anchoring the address as an added verification step -could be optional- then I believe we are very close or even have a significant edge.
e) Familiar; very similar to what regular people use to transfer money
f) Doesn't need any external database or service, it just makes use of the blockchain For most, the blockchain IS an external database. Bitcoin addresses on the otherhand do NOT need an external database. Ok, but if we were to reject any improvement because it needs access to the bitcoin blockchain then our hands would really be tied. It is hard to think about any meaningful addition to the bitcoin ecosystem that does not rely on querying the blockchain. What I meant in this point is that you don't have to rely on any database other than bitcoin's own.
g) The implementation in a wallet is ridiculously easy Lite (SPV) wallets don't store the entire blockchain. Bitcoin addresses are MUCH easier to implement in a wallet.Maybe, but those are already implemented. I only mean they are easy to implement. SPV clients could use any of the several APIs available (I'd use more than one, to be safer though)
h) Doesn't require major testing, since it doesn't change the bitcoin protocol in any way Anything handling people's wealth should be tested. Bitcoin addresses are already tested for more than 8 years.Fair enough. But this pointer addresses are ALSO bitcoin addresses. They inherit all of that security because they are really the same. I said any major testing. Of course they need testing, just not the kind of testing you can expect from some big change like SegWit of LN
i) It is completely optional. You can use if you need it and when you need it. Bitcoin addresses are already optional. Your solution isn't optional if the other party hasn't implemented your solution, or if the other party refuses to accept traditional addresses.I don't see this as an either or situation. If I am requesting you a payment using this pointer addressing scheme, I would send you BOTH the tradicional address in a Base58Check format AND the pointer address. That way, you have an additional way of checking that you are sending funds to the proper destination. So, even if your wallet hasn't implemented the pointer address scheme yet, you can still complete the transaction.
g) You can even use it without a software implementation (Just use the blockchain.info website) I find blockchain.info's website to be VERY unreliable.I don't have the same experience with blockchain.info; I am pretty happy with it myself. However, there are several webs that offer similar services.
It has also the following challenges:
a) Not implemented anywhere. Just an idea (yet)
b) Not valid for every transaction (it doesn't intend to, anyway)
c) It could have some security risks I am not capable of seeing (that's the top reason I posted this, btw)
d) Needs a standard (Anyone would like to help me writing a BIP for it?)
e) Best practice is to NEVER re-use a bitcoin address. This "solution" is useless for everyone except those that are already choosing to ignore this advice. While I understand and mostly agree with the general concept that reusing addresses is a bad idea, I don't think it is fair to say that it is NEVER a good idea. Both major concerns of address reuse (loss of privacy and smaller security) do not apply in this case, if you use this scheme the way I explained, each address should only be used twice for a payment (three at most if you want to sent a partial transaction first, for added security) , and they can be all spent at once, thus preserving both safety and privacy.
b) Compact (15 decimal digits in the example vs 34 case sensitive alphanumeric positions) See? We can agree on something!
but... If we use the amount transferred to the UTXO anchoring the address as an added verification step -could be optional- then I believe we are very close or even have a significant edge.e) Familiar; very similar to what regular people use to transfer money
It has also the following challenges:
a) Not implemented anywhere. Just an idea (yet)
b) Not valid for every transaction (it doesn't intend to, anyway)
c) It could have some security risks I am not capable of seeing (that's the top reason I posted this, btw)
d) Needs a standard (Anyone would like to help me writing a BIP for it?)
e) Best practice is to NEVER re-use a bitcoin address. This "solution" is useless for everyone except those that are already choosing to ignore this advice. While I understand and mostly agree with the general concept that reusing addresses is a bad idea, I don't think it is fair to say that it is NEVER a good idea. Both major concerns of address reuse (loss of privacy and smaller security) do not apply in this case, if you use this scheme the way I explained, each address should only be used twice for a payment (three at most if you want to sent a partial transaction first, for added security) , and they can be all spent at once, thus preserving both safety and privacy.
Bitcoin will have to become much more user friendly to achieve the kind of reach we all expect it to.
Just like TCP/IP and UDP and HTTPS and FTP and routers and switches and gateways and firewalls need to be much more user friendly for the internet to achieve the kind of reach we all expect it to?
The solution is to add layers on top of the technology, not to change the underlying technology or expect the average user to understand the underlying technology. I realize that your suggestion IS a layer on top of the existing technology, it's just a bad layer that discourages best practices. Again, I have to disagree that THIS restricted reuse of addresses is not a best practice. Even if you still disagree with my disagreement
, at least, you'll have to concede that part of the beauty of bitcoin is its permissionless nature. I am not forcing anyone to use this system. I am just proposing an alternative that I believe useful -for certain use cases, not as a general rule-.As an added bonus, I am going to cite another disadvantage I previously forgot to mention (I'm trying to be honest here, no matter how much I love my own idea...). Using this scheme of payments requires the receiver of the funds to pay an additional fee. I understand this is buying extra security. But again, isn't it nice that you have the freedom to trade easy of use security over cost? The way I see it, if you don't like this addressing scheme, or don't think your transaction deserves an extra fee, by any means, use the Base58 payment.
If we neglect the social aspects of bitcoin, by not improving also its non-technical deficits, it won't succeed as a payment platform.
Then I guess we don't need to change anything, because it is already succeeding as a payment platform. Given your statement, I guess that must be proof that we've already "improved its non-technical deficits".
I can't possibly agree on that. I don't know your expectations for bitcoin. I expect nothing but total world domination...
I can't possibly know what percentage of the transaction every block contains is used for a payment. Let's say it is 100%. That would mean about 3 transactions per second with full blocks. According to this Visa handles about 2000 per second. There is much to be done in every front before we can proclaim sucess.Maybe what we have is enough for it to succeed as a settlement network for an investor to be happy, but I think we can do much better.
And we will. But not with this proposal.
Who knows? The beauty of Layer 2 proposals is that they are unstoppable it somebody is willing to implement them and some users want to use them. That permissionless property of bitcoin is a great asset of the ecosystem. Let a hundred flowers blossom...
Again, thank you very much for sharing your wisdom and tone!
Final note: Excuse me for ending the post citing Mao. Probably not the best person to quote from a libertarian like myself, but I like to say that you can learn something even from the most obnoxious person you know.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
No, in my opinion that address can create collision address some day and can be manipulated easily
Kray, thanks for your comments.
I am very interested in the two points you raise here.
Could you please:
a) Give an example of a possible collision that would be undetected by the Checksum?
b) (Since you say that it "can be manipulated easily") Give me an example of an easy manipulation?
Thanks again for your time.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
⭐ Merited by ETFbitcoin (1)
Not a good idea.I could go into technical stuff but let's save it for another day.The idea has been discussed before,not exactly this but much smaller range of integers like maximum 5 digits.That was a turn down too.In your case,it's equally difficult to remember.Until and unless we associate bitcoin addresses with something that is far easier to remember,example,human brains forget the text but pictorial memories live for longer time in brain.Maybe if we can associate a bitcoin address to a picture and human has to just remember the picture.
Joel,
sorry but I can't see your point. I have never intended this format to be "remembered".
It is however a format that can be typed relatively easily and doesn't (IMHO) scare an user the way a traditional bitcoin address does.
I am not sure this forum is the best place to appreciate this. We are technical people and are comfortable with hashes, Base64 encoding, hex representations...
For a normal person, an address like 19xuKwgfphk3mMaN7TEYYYULLou671KxfC is scary.
Just compare it with BTC.443860.3.0.8803362
The way I see it, using this way to transfer (a decent amount of) money has the following benefits:
a) Way less scary
b) Compact (15 decimal digits in the example vs 34 case sensitive alphanumeric positions)
c) Possible to be dictated and typed easily (only needs the numerical keypad)
d) Secure (mostly but not only, because of the checksum)
e) Familiar; very similar to what regular people use to transfer money
f) Doesn't need any external database or service, it just makes use of the blockchain
g) The implementation in a wallet is ridiculously easy
h) Doesn't require major testing, since it doesn't change the bitcoin protocol in any way
i) It is completely optional. You can use if you need it and when you need it.
g) You can even use it without a software implementation (Just use the blockchain.info website)
h) Could be a good match for LN payments (not absolutely sure of this, however, see my previous post)
It has also the following challenges:
a) Not implemented anywhere. Just an idea (yet)
b) Not valid for every transaction (it doesn't intend to, anyway)
c) It could have some security risks I am not capable of seeing (that's the top reason I posted this, btw)
d) Needs a standard (Anyone would like to help me writing a BIP for it?)
Bitcoin will have to become much more user friendly to achieve the kind of reach we all expect it to.
Bitcoin is clearly a ginormous technical achievement. However, money is not just a technology but also a social construct. Most of the people I know, couldn't care less about the trustless consensus nature of bitcoin, its mathematical properties, ...
When they hear about 'Miners' and 'Exchanges' instead of banks, 'Wallets' and 'Addresses' instead of bank accounts, 'Digital signatures', 'Elliptical curves',... they really get confused and scared. (And there are really many reasons to be scared. I would be terrified if I were the person responsible to make this 194,993 BTC transaction). I believe we would be fooling ourselves if we think the bitcoin user interface (addresses, units of measure, confusion in the name of the network, the protocol, etc.) doesn't need a radical overhaul.
If we neglect the social aspects of bitcoin, by not improving also its non-technical deficits, it won't succeed as a payment platform. Maybe what we have is enough for it to succeed as a settlement network for an investor to be happy, but I think we can do much better.
Note: For the less technical people reading this -> let me repeat again that I am not proposing any change at all in the bitcoin protocol. This would only be an additional feature for a wallet that would not prevent you from using QRs or whatever method you are more comfortable with. Also, it doesn't need any kind of soft fork, hard fork, or fish fork
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
There would be duplicates
Could you please elaborate?
In two ways. First, there are bound to be more than one Bitcoin address bound to certain keys. Easy to fix this one by increasing the amount of number slots. Second, by using a smaller pool of characters, you are more likely to generate the same address multiple times. This is why Bitcoin uses base58. If characters that look similar to you are not a problem, you could expand it to base64, increasing the address possibilities significantly. Taking it a step further, which would add 0, O, I, l you could add other characters like !@#$%)^()& to add even more
Hi, thanks for your extended comments.
I think you are missing a key element of this system to express an address.
As a precondition, the intended address must exist already in the blockchain. You can't use this scheme to represent a new address that you have generated but no one has seen yet.
So, you are counting the addressing capacity of this scheme the wrong way.
This address scheme is not a way of shortening any arbitrary bitcoin address by expressing it with only decimal digits.
Any such schemes are obviously destined to fail since you can't express the 2160 addresses with a few decimal characters. (You'd need up to 49 decimal digits, to be more precise; that is 0 .. 1461501637330902918203684832716283019655932542975 ).
But, given the precondition stated above, we don't need to be able to represent every possible address. We only have to be able to express an address that is already recorded in the bitcoin blockchain.
So, this address scheme is simply a secure and human friendly way to represent a pointer to an existing address.
As a result, we only need enough digits to express the pointer, like this (I am showing here the more complex case, where you can have different outputs in a transaction):
Quote
Pointer to the block . Pointer to the transaction . Pointer to the output . Checksum
How many decimal digits do we need to express any bitcoin address already recorded in the blockchain as a transaction output then?
Let's count them :
Pointer to the block -> 6 digits.
We are around block 444.000 nowadays, after 9 years of constantly producing blocks. At this speed (1 block every 10 minutes) we won't need more than 6 digits for ten more years.
Pointer to the transaction -> 4 digits (máx) Depends on the block size. Nowaways 4 digits. I don't think we'll need more than 5 digits for a long time.
Pointer to the output (within the transaction) -> 4 digit (máx) .
According to Gavin Andresen transactions larger than 100K won't be relayed. That means fewer than 2000 outputs per transaction.
Checksum -> 7 digits (max) (I am counting on using the last 5 hex digits of a SHA256 hash to have a risk of an undetected error smaller than one in a million).
So, you need 6 + 4 + 4 + 7 = 21 decimal digits in a worst case scenario nowadays (not counting decimal separators and the BTC prefix). Most of the time, you'll need around 6 + 3 + 2 + 5 = 16 or 17 decimal digits.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
Not gonna work, after blockchain reorganization (in the course of short chain forks) the money will suddenly end up with someone else lol.
Hi,
In my original post, I said:
Quote
(Precondition: Your address exists as a single output in a transaction that has ben cemented in the bitcoin blockchain)
Maybe cemented is not the most precise word here. A block with more than 6 confirmations is generally considered safe enough so your money isn't going anywhere you don't intend. As long as the implementation doesn't let you refer to a block with fewer than 6 confirmations, you should be safe (https://en.bitcoin.it/wiki/Confirmation).
But you can easily wait -let's say 12- confirmations or more to get additional safety. Waiting for 24 hours will give you around 144 blocks on top of yours. One has to be really paranoid to go any further; but it is your money. Wait as long as you want to feel safe.
In addition to that, the CRC-16 part of the easy address format (the last number) means that you have a probability of a collision of 1/2^16 (0.0000152587890625). And this is just a rough idea. Instead of using CRC-16 you could take the last n-bits of a Hash, thus getting a higher protection (20 bits gives you a chance of about 1 in a million of a collision, and can be expressed with <=5 decimal digits most of the time). So even if you mistype the address or there is a fork, there is very little chance of losing any money. Using the amount transferred to the 'anchor' transaction (see my example of the house sale in a previous answer) will grant you an even higher degree of confidence that you are sending your money to the right destination.
On the other hand, upon a second reading of your comment I think maybe we have a bit of a missunderstanding here.
When you say:
Quote
the money will suddenly end up with someone else lol "
maybe you are in the belief that I am proposing recording addresses on the blockchain in this format, which I am absolutely not.I am just proposing an additional way to express a payment destination, that is easier and safer for certain payments.
In the end, your wallet will retrieve and use the underlying bitcoin address (that is the Hash-160 of your public key). There is NO change at all in the bitcoin blockchain.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
There would be duplicates
Could you please elaborate?
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
⭐ Merited by ETFbitcoin (2)
The biggest problem IMO is that you can't use this format with an empty address. And also SPV clients can not do this on their own.
Also for this:
Also why not use QR code?
They are simple, easily generated, and have error correction built in.
Also for this:
Quote
(Precondition: Your address exists as a single output in a transaction that has ben cemented in the bitcoin blockchain)
Also why not use QR code?
They are simple, easily generated, and have error correction built in.
Warning:
I may extend myself a little bit over here. Also, this comment will be less of a technical nature and more about easy of use and safety. If you aren't interested in these matters, please skip this post.
Quote
The biggest problem IMO is that you can't use this format with an empty address
I am in no way proposing this alternate way of generating and expressing bitcoin addresses as a replacement for the generic case. It would make absolutely no sense for many reasons we probably don't even need to explain here.
However, I think there are a few use cases where this kind of address communication can be a significant improvement over the normal Base58Check format.
But first, let's talk a little bit about some of the problems of the current way of generating payment addresses for some scenarios:
- The Base58Check format is, IMHO, barely an improvement (if any) over the HEX representation of an address from the point of the user interface. It is intimidating, weird looking and very error prone if you had to type it.
- QR Codes are non human readable. You really have no idea where you are transferring your money to when you are relying on a QR
- Generating a new address each time you want to receive a new payment is safe -since you don't expose your public key- and adds privacy. But it is also very opaque. Those paying you don't really know who they are paying to, and that can be a big problem, sometimes.
The fact that many, many investors in bitcoin are holding their funds at a exchange is proof enough of the complexity of handling bitcoin.
Let me present a scenario where I don't think standard bitcoin payments are the best answers.
Imagine you are going to pay for your shining new house. Let's say the price is 3 million USD. The year is 2020, so you have to pay around 3 BTC
You are presented with a QR code and asked to transfer those 3.14 BTC.
Will you really feel confident doing such a transaction? The destination address is, from the point of view of the payer, totally indistinguishable from any other. She has absolutely no way of verifying that the recipient of the money is the realty company. Maybe the clerk is showing her a QR of an address she generated for herself. Or somehow a hacker managed to generate a QR pointing to a similar, but different address. In this scenario, the pseudonymous nature of bitcoin payments is something more negative than positive.
What would be an alternative way of making this payment?
a) The company sends a small amount of BTC (e.g.: 73 satoshis, which won't be dust by then) to an address and prints a letter with the instructions to pay in the easy format. Something like "Please, pay BTC 3.14 to this address BTC.443860.3.56318 (c.c.c.: 73)".
b) The customer opens her wallet, types the address in the easy format and verifies that the destination address has the 73 satoshis in that output. (Previously, her wallet verified the checksum provided by the last part of the address, 56318).
c) Confident that she is paying to the proper destination (the letter came sealed and so on...), she hits send and transfer that ginormous amount of BTC.
This procedure may be overkill if you are paying for a coffee but it is not (IMHO) when you have to transfer any meaningful amount of money.
In fact, I believe the proper way of making this payment would be to pay in two transactions, both destined to the same address. Once you complete the first one (Let's say for 146 satoshis), the recipient confirms you that the payment was OK and you can proceed sending the rest of the money.
The way I see it, using the same address repeatedly, makes this transaction much safer, not less.
Since none of the outputs having this address are spent -for now-, the public key isn't exposed during the process. By generating a new payto: address for each house sale, privacy is also not a concern for the buyer.
So, I believe for this use case, this method of payment is clearly superior to the normal QR payment.
Also, although I don't fully understand the LN draft yet (who does?
), from my current understanding I believe that you are forced to open a funding transaction to create a channel. Then you make an indefinite amount of payments (and, hopefully, money transfers in your direction) over the course of a potentially long time.So, this could be an ideal case for this easy address format, since: a) You have to create the funding transaction anyway and b) You have to reuse the address anyway.
Comments?
Note: Paypal already does something similar (at least in my country) when you open a bank-backed account. Upon completing the application process, they send you a small amount of money (let's say 0.13 ) to your bank account. To finish the process, you have to tell them the exact amount you received, thus proving that you are in control of that bank account.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
Quote
(Precondition: Your address exists as a single output in a transaction that has ben cemented in the bitcoin blockchain)
The transaction can have multiple outputs too, you can just add a new number after that "3" representing the index (refHi,
You are right. I talked about the possibility of adding another indirection level when mentioning the drawbacks (please mind the 25 after the 3). I didn't want however to present it as the general case as it introduces more complexity.
Quote
"Using a second level of indirection would help here, by pointing to a transaction with multiple outputs E.g: BTC.443860.3.25.56318"
I will address your other points in a separate post.
Re: Is this address format (e.g.: BTC.443860.3.56318) a good idea?
However, I suppose the fact that you have to get a transaction in the blockchain before you can use an address, as well as the implied mandatory address reuse, could be a killer
Won't address reuse be much less of a problem when using LN?
⭐ Merited by ETFbitcoin (9)
From the perspective of the user interface, the bitcoin address format is IMHO one of the big problems bitcoin faces to be widely accepted as a global payment system.
A typical bitcoin address looks like 19xuKwgfphk3mMaN7TEYYYULLou671KxfC. This must be spooky for a regular person.
Other payment systems have a WAY more user friendly address. Paypal, for instance uses your email address as the payment address.
So jdoe.452@hotmail.com is a valid payment address for Paypal users.
Bank accounts in many countries follow the IBAN format. A sample account id for Switzerland would be CH93 0076 2011 6238 5295 7 (http://www.xe.com/ibancalculator/sample/?ibancountry=switzerland).
A bit more complicated, but also more robust against mistakes than the Paypal format.
After a little bit of googling on the subject, I've been unable to find any good alternatives for expressing a bitcoin address in a more user friendly manner. (I'd welcome any information about similar or better proposals).
So (at the risk of infuriating #youknowwho# for not having done an extensive research of the prior state of the art) I'd like to share an idea for, what I believe, could be a robust and user friendly address format:
Let's present it with an example (taken from this block https://blockexplorer.com/block/0000000000000000004e389113ddc1334eaf18ce5ea944ecc6042e17a6ebb80b):
The address:
19xuKwgfphk3mMaN7TEYYYULLou671KxfC
could be represented as :
BTC.443860.3.56318
(Precondition: Your address exists as a single output in a transaction that has ben cemented in the bitcoin blockchain)
The format would be something like this:
...
Where:
Currency code, fixed in the case of Bitcoin.
Block number of a transaction committed in the blockchain that has the desired address as its single output. In our example, 443860.
Ordinal number (within the block) of the transaction whose only output is the address we want to represent. In our example, 3 (zero_based)
Checksum in CRC-16 format of the bitcoin address we want to represent. In our example, CRC-16(19xuKwgfphk3mMaN7TEYYYULLou671KxfC)=56318
I see these benefits to this format:
a) Compact, with < 25 characters (18 in the example). Many years from now, the block number will be nearly same length. As for the transaction_number, it is around 4 digits currently, probably below 6 digits for a long time.
b) User friendly, as it is not only compact, but mostly composed of decimal numbers, easy to transmit even by voice and much less intimidating than the current format.
c) Robust, the CRC-16 (just an example, other checksum algorithm could be used instead) provides safety against transcription mistakes.
e) Independent of the address format. If new address formats are introduced, the system is still valid since it is only a pointer to the address itself.
The biggest drawback I can see is the address reuse it may introduce. Using a second level of indirection would help here, by pointing to a transaction with multiple outputs E.g: BTC.443860.3.25.56318. And you can always point to a new address as soon as you have another transaction committed to the chain.
Another problem is that you can not use this address format to receive payments until you have committed an anchor transaction.
Do you see any other major problems, improvement suggestions or any other alternatives? If there are other, better ideas to improve the address format, what is hampering them?
A typical bitcoin address looks like 19xuKwgfphk3mMaN7TEYYYULLou671KxfC. This must be spooky for a regular person.
Other payment systems have a WAY more user friendly address. Paypal, for instance uses your email address as the payment address.
So jdoe.452@hotmail.com is a valid payment address for Paypal users.
Bank accounts in many countries follow the IBAN format. A sample account id for Switzerland would be CH93 0076 2011 6238 5295 7 (http://www.xe.com/ibancalculator/sample/?ibancountry=switzerland).
A bit more complicated, but also more robust against mistakes than the Paypal format.
After a little bit of googling on the subject, I've been unable to find any good alternatives for expressing a bitcoin address in a more user friendly manner. (I'd welcome any information about similar or better proposals).
So (at the risk of infuriating #youknowwho# for not having done an extensive research of the prior state of the art) I'd like to share an idea for, what I believe, could be a robust and user friendly address format:
Let's present it with an example (taken from this block https://blockexplorer.com/block/0000000000000000004e389113ddc1334eaf18ce5ea944ecc6042e17a6ebb80b):
The address:
19xuKwgfphk3mMaN7TEYYYULLou671KxfC
could be represented as :
BTC.443860.3.56318
(Precondition: Your address exists as a single output in a transaction that has ben cemented in the bitcoin blockchain)
The format would be something like this:
...
Where:
Currency code, fixed in the case of Bitcoin.
Block number of a transaction committed in the blockchain that has the desired address as its single output. In our example, 443860.
Ordinal number (within the block) of the transaction whose only output is the address we want to represent. In our example, 3 (zero_based)
Checksum in CRC-16 format of the bitcoin address we want to represent. In our example, CRC-16(19xuKwgfphk3mMaN7TEYYYULLou671KxfC)=56318
I see these benefits to this format:
a) Compact, with < 25 characters (18 in the example). Many years from now, the block number will be nearly same length. As for the transaction_number, it is around 4 digits currently, probably below 6 digits for a long time.
b) User friendly, as it is not only compact, but mostly composed of decimal numbers, easy to transmit even by voice and much less intimidating than the current format.
c) Robust, the CRC-16 (just an example, other checksum algorithm could be used instead) provides safety against transcription mistakes.
e) Independent of the address format. If new address formats are introduced, the system is still valid since it is only a pointer to the address itself.
The biggest drawback I can see is the address reuse it may introduce. Using a second level of indirection would help here, by pointing to a transaction with multiple outputs E.g: BTC.443860.3.25.56318. And you can always point to a new address as soon as you have another transaction committed to the chain.
Another problem is that you can not use this address format to receive payments until you have committed an anchor transaction.
Do you see any other major problems, improvement suggestions or any other alternatives? If there are other, better ideas to improve the address format, what is hampering them?
Re: What block size will be needed to support LN transactions at Visa volumes?
Quote
Sure, such user will need to open new channels quite often. But another, more regular, user who spends and earns more or less the same amount, will be able to use one channel much longer.
Most of the people I know tend to save some money every month (if not so dramatically), so I am afraid that's the typical case. And one can envision many more similar cases where the funding transaction is depleted.
A successful implementation of LN will surely place a much greater pressure on the blockchain even if a quite large portion of the transactions happen off-chain, so I am afraid the scalability problem of bitcoin still needs some more answers. Anyway, LN is an incredibly exciting technology with so much potential. No wonder the price of bitcoin is trending upwards with the news of SegWit and LN approaching.
Re: What block size will be needed to support LN transactions at Visa volumes?
More specifically: What kind of transactions would have to happen obligatorily in the blockchain? Monthly salary payments to fund the channel, for instance? What else?
That doesn't have to happen onchain. Nothing prevents salary payments from happening over LN.Hi,
I must be missing something here.
Imagine we are living in LN Land in the near future and then a somewhat typical scenario (give or take a few bitcoins)...
Adam is a good web designer and earns 10 BTC every month.
He lives with mom and dad and he is a thrifty guy, so he only spends 3 BTC each month and saves the rest.
Let's say he receives and spends all of his money over the LN. He routes all of this money transfers through LN-Pay, a popular bitcoin routing services company.
If he is receiving 10 BTC every month and he only sends back 3 BTC, so he is accumulating 7 BTC/month.
Won't that quickly deplete any reasonable funding transaction that LN-Pay was willing to fund when he became a client?
⭐ Merited by ETFbitcoin (1)
I'll make this a Christmas-themed thread
Vorksholk, thanks for your insightful comments. My answers below.
Interesting. To start off with, a few questions:
1. What happens with P2Pool blocks?
P2Pool blocks (ex: https://blockchain.info/block/000000000000000001a1a36ada43fb03b4eb05f30cbe94a206a4a457fb4d71e5) pay out the coinbase + transaction fees to a bunch of addresses, proportional to each's contribution to mining the block. If a P2Pool block was included in the Tic phase, would all of those miners be signing new blocks in the system?
There should be a signature per block to avoid bloating the chain.
Alright, so P2Pool is probably incompatible with this system, correct?
Not necessarily. As long as they find a way to have a single signature for the block, maybe using the highest paid contributor?
2. Does the Bitcoin network enforce proper payouts to the miners of the 144-block Tic phase as a hard consensus rule?
It appears from your post ("The new block is considered valid if: ... 2. It transmits the newly generated coins and any fees due in a fair manner") that this is the case, but I wanted to make sure that this wasn't just the validity check that other miners do before signing the block.
It should be part of the block validation, although mining pools would not sign an unfair block for obvious reasons.]
Alright, cool.
3. Who initially assembles the block for the network to approve?
Whoever assembles the block gets an advantage (get authority over transaction inclusion, can choose to include their own zero-fee transactions). If you create a system where block n in the Tac phase is assembled by the miner who mined block (n mod 144) from the Tic phase, what happens if that miner is offline? If there isn't a particular miner/signer responsible for creating any particular block, how do nodes resolve which block to sign?
Miners should take turns. If the current one responsible fails to deliver a new block, the next one will take his place and so on.
How would that type of failover work? Would the network need a stricter timestamp?
If the miner responsible doesn't show up on time and produces a new block (let' say 10 minutes + 10%) the next in turn can sign and present another block for signing to the rest of the miners. After that the next has its chance and so on.
4. How is the 10-minute timing enforced?
Do peers on the network simply not accept a blockn+1 if the timestamp from the blockn plus 600 seconds isn't the same as the timestamp in blockn+1, and the timestamp of the new block is within a margin of error of their current (local) clock? What would prevent 'whiplash' where miners/signers see it in their best interest to sign the new block as soon as it is proposed (regardless of whether it has actually been 10 real minutes since the last block), which causes them to be creating blocks that, based on their embedded timestamp, appear as if they were made in the future? As they approach the (fairly unknown) maximum allowable clock drift that the large majority of the network will support, they slow down (or even halt) block creation for a while. Even worse, if they overstep the allowable clock drift such that some peers on the network see a new block as barely-in-range compared to their local timestamp, but other peers see the block as barely-out-of-range, is there a desynchronization problem? The cost of performing PoW generally mitigates this problem, since a miner's primary goal is getting the network to accept their block, but in this model (where producing multiple valid blocks has a cost of nearly zero, and a block that gets rejected could have the timestamp adjusted, or could just be re-broadcast later to the network again), these limits could be continually pushed without any significant cost to the miners/signers.
There is an incentive to keep mining blocks within a reasonable time delta. Generating blocks too quickly would leave fees for the next competition phase. Stalling the block generation would keep the miners from getting new rewards from the next Tic phase
As long as the block subsidy is significantly higher than the transaction fees, I could see miners generating blocks quicker than desired to get to the next Tic phase sooner (and more total coins per unit of time during Tac).
That is a good point. I am not sure of an easy solution for that. Maybe forcing a difficulty recalculation every time the system enters a new Tic phase will suffice. If miners produce the blocks too quickly all of them will be penalized with an increase in difficulty of the next phase, proportional to their sin.
5. What happens when the last block of a Tic phase is contested, with two equally-valid blocks proposed by different miners?
Is strong subjectivity lost? If the two miners who created competing blocks for the last block of the Tic phase both had significant mining power in the entire Tic phase, they would actively not vote for blocks that resolve the fork against their favor, which weakens the strength of the Tac blocks against reorganizations.
Once one of the two blocks is signed by the majority of the mining pools, the conflict is resolved. Some margin for collusion exists though.
6. If no block at height n reaches 51% mining approval, what happens?
A possible solution would be to accept a block with hash proof instead, but sharing the rewards in a similar manner. However a situation like this would imply most likely a cataclysm in the network since it is in the best interest of all of them keeping signing blocks
Even though it is likely in the best interest of all miners to keep signing blocks, I think it's reasonable that there would be times when, say, three blocks all split approval, particularly if some somewhat-adversarial party were to carefully introduce different blocks to different parts of the network simultaneously. How would the hash proof work?
I am not sure I understand the problem.. Any such attacks from within the miners would be obvious and have a great reputational cost for little if any benefit. Miners are nowadays anonymous but mining pools are not. I would only expect the miners failing to sign blocks in an orderly manner in case of a large attack. In that case the system would use the hashing proof as a fall back but with a penalty for the winner to discourage a miner attacking other pools (hacking their signing computers, for instance)
7. What about the opportunity cost for miners/signers to create deep reorganizations during the Tac period?
The opportunity cost of performing a deep reorganization is drastically lower and much easier to perform during the Tac period, as a majority signature power could collude to create a deep reorganization which they sign together. They could also get unfair leverage on their signature power, because they would not sign blocks for the entire period they intended to fork later, so that they don't compete against themselves. Miners might not be particularly opposed to signing onto a reorganization, because they don't forfeit their reward by doing so (the reorganization would still pay them the same amount as before).
Scenario: 25% of block signers all agree to, during the first few Tac blocks, send 1000 BTC total to an exchange and sell it. They wait for confirmations on the exchange, sell the BTC, withdraw the value in alt-coins. They then create new transactions which pay out those 1000 BTC differently (back to themselves, and some sent to the block signers who aren't part of the collusion), and create a new fork with these transactions instead. The non-colluding miners are enticed to accept the fork by signing it, because they get paid additional Bitcoin which they don't own under the current valid chain, and they don't lose their block rewards for doing so, because the new chain will still pay out the coinbase + fees proportionally to the miners. The miners also can't simply embed that spend transaction they benefit from in the current chain at a higher height, because it spends a transaction (or transactions) which were already spent in the legitimate chain.
This level of collusion and crooked behavior you imagine means that the miners are destroying the underlying value of the bitcoin from which they profit, so I would not expect this situation.
This might particularly be a problem if Bitcoin mining becomes unprofitable, and miners are desperate to cash out. I suppose the concern here is largely that a fork can be proposed which all miners benefit from particularly easily.
That is correct, I think. But if that is the situation, can really miners cash out by destroying the confidence in the system? Also, maybe the exchanges can refuse to admit such a fork since their value will also be destroyed with those shenanigans. I think exchanges will need to bear an important role in the future to counter balance the power of miners.
8. What happens if miners/signers sign multiple competing blocks simultaneously?
A punitive system which punishes miners who submit multiple competing signatures could be implemented (see the Slasher proposal for PoS), but then the punishment of those accounts would be embedded in some way in a future block, which the miner(s) being punished would not vote for, further antagonizing the mining/signing power.
I don't see the advantage of signing multiple blocks at once since the reward would be the same
Generally, signing multiple blocks wouldn't disadvantage a miner, so if a miner is offered a small extra payout, they might happily sign the new block too.
Every different block would need re-signing of enough participants to form a stronger majority. If 51% of the miners are willing to collude to promote a double spend we are doomed anyway, aren't we?
9. What encourages miners/signers to sign at all, rather than go offline and hope other miners/signers don't?
If a miner doesn't have to be online to get their deserved reward from each block, why would they bother validating blocks and signing? If they don't get their deserved reward from each block if they don't sign the block, then it encourages miners/signers to selectively not broadcast other miners' signatures (either so that they can get a higher reward, or to undermine other miners' profitability and get a leg up).
The miners would get the reward anyway. Signing is an almost zero cost operation. Being good citizens should be enough to motivate the miners to sign.
In light of the previous discussion about incentivized reorganizations, a miner electing to not participate might make the chance of such a fork (which they would benefit from) higher, without incurring any risk. In my opinion, this point/question is mostly relevant if those incentivized reorganizations are a legitimate concern.
I doubt we would see that kind of behavior. A possible solution would be that those not signing a block can't redeem their output until n-blocks have passed.
10. What would this change do to blockchains merge-mined with Bitcoin?
Since for the Tac period, they can't use regular PoW mining, would the miner responsible for creating a particular block be the one who gets to merge-mine other chains? In the event that there isn't one delegated miner of each block, miners would all propose blocks in which they receive the merge-mining rewards from merge-mined chains, and wouldn't vote on anyone else's.
I haven't considered merge mining at all, so I can't really say anything meaningful about this point.
1. What happens with P2Pool blocks?
P2Pool blocks (ex: https://blockchain.info/block/000000000000000001a1a36ada43fb03b4eb05f30cbe94a206a4a457fb4d71e5) pay out the coinbase + transaction fees to a bunch of addresses, proportional to each's contribution to mining the block. If a P2Pool block was included in the Tic phase, would all of those miners be signing new blocks in the system?
There should be a signature per block to avoid bloating the chain.
Alright, so P2Pool is probably incompatible with this system, correct?
Not necessarily. As long as they find a way to have a single signature for the block, maybe using the highest paid contributor?
2. Does the Bitcoin network enforce proper payouts to the miners of the 144-block Tic phase as a hard consensus rule?
It appears from your post ("The new block is considered valid if: ... 2. It transmits the newly generated coins and any fees due in a fair manner") that this is the case, but I wanted to make sure that this wasn't just the validity check that other miners do before signing the block.
It should be part of the block validation, although mining pools would not sign an unfair block for obvious reasons.]
Alright, cool.
3. Who initially assembles the block for the network to approve?
Whoever assembles the block gets an advantage (get authority over transaction inclusion, can choose to include their own zero-fee transactions). If you create a system where block n in the Tac phase is assembled by the miner who mined block (n mod 144) from the Tic phase, what happens if that miner is offline? If there isn't a particular miner/signer responsible for creating any particular block, how do nodes resolve which block to sign?
Miners should take turns. If the current one responsible fails to deliver a new block, the next one will take his place and so on.
How would that type of failover work? Would the network need a stricter timestamp?
If the miner responsible doesn't show up on time and produces a new block (let' say 10 minutes + 10%) the next in turn can sign and present another block for signing to the rest of the miners. After that the next has its chance and so on.
4. How is the 10-minute timing enforced?
Do peers on the network simply not accept a blockn+1 if the timestamp from the blockn plus 600 seconds isn't the same as the timestamp in blockn+1, and the timestamp of the new block is within a margin of error of their current (local) clock? What would prevent 'whiplash' where miners/signers see it in their best interest to sign the new block as soon as it is proposed (regardless of whether it has actually been 10 real minutes since the last block), which causes them to be creating blocks that, based on their embedded timestamp, appear as if they were made in the future? As they approach the (fairly unknown) maximum allowable clock drift that the large majority of the network will support, they slow down (or even halt) block creation for a while. Even worse, if they overstep the allowable clock drift such that some peers on the network see a new block as barely-in-range compared to their local timestamp, but other peers see the block as barely-out-of-range, is there a desynchronization problem? The cost of performing PoW generally mitigates this problem, since a miner's primary goal is getting the network to accept their block, but in this model (where producing multiple valid blocks has a cost of nearly zero, and a block that gets rejected could have the timestamp adjusted, or could just be re-broadcast later to the network again), these limits could be continually pushed without any significant cost to the miners/signers.
There is an incentive to keep mining blocks within a reasonable time delta. Generating blocks too quickly would leave fees for the next competition phase. Stalling the block generation would keep the miners from getting new rewards from the next Tic phase
As long as the block subsidy is significantly higher than the transaction fees, I could see miners generating blocks quicker than desired to get to the next Tic phase sooner (and more total coins per unit of time during Tac).
That is a good point. I am not sure of an easy solution for that. Maybe forcing a difficulty recalculation every time the system enters a new Tic phase will suffice. If miners produce the blocks too quickly all of them will be penalized with an increase in difficulty of the next phase, proportional to their sin.
5. What happens when the last block of a Tic phase is contested, with two equally-valid blocks proposed by different miners?
Is strong subjectivity lost? If the two miners who created competing blocks for the last block of the Tic phase both had significant mining power in the entire Tic phase, they would actively not vote for blocks that resolve the fork against their favor, which weakens the strength of the Tac blocks against reorganizations.
Once one of the two blocks is signed by the majority of the mining pools, the conflict is resolved. Some margin for collusion exists though.
6. If no block at height n reaches 51% mining approval, what happens?
In case of conflict, the block with more valid signatures is considered the valid one.
What if two blocks are proposed, and one gets 40% approval, one gets 45% approval, and there is 15% (current) non-participation. The network decides, somehow, to accept the one with 45% approval. Then, 6 of the previously-non-participatory 15% comes online and signs the block that previously only had 40% approval (making it now 46% to the accepted block's 45%). Does the network then switch to the 46% block? What if another block has already been stacked on the 45% block; do we have any strong subjectivity to convince bootstrapping nodes of the invalidity of the rejected block despite its' higher approval? A possible solution would be to accept a block with hash proof instead, but sharing the rewards in a similar manner. However a situation like this would imply most likely a cataclysm in the network since it is in the best interest of all of them keeping signing blocks
Even though it is likely in the best interest of all miners to keep signing blocks, I think it's reasonable that there would be times when, say, three blocks all split approval, particularly if some somewhat-adversarial party were to carefully introduce different blocks to different parts of the network simultaneously. How would the hash proof work?
I am not sure I understand the problem.. Any such attacks from within the miners would be obvious and have a great reputational cost for little if any benefit. Miners are nowadays anonymous but mining pools are not. I would only expect the miners failing to sign blocks in an orderly manner in case of a large attack. In that case the system would use the hashing proof as a fall back but with a penalty for the winner to discourage a miner attacking other pools (hacking their signing computers, for instance)
7. What about the opportunity cost for miners/signers to create deep reorganizations during the Tac period?
The opportunity cost of performing a deep reorganization is drastically lower and much easier to perform during the Tac period, as a majority signature power could collude to create a deep reorganization which they sign together. They could also get unfair leverage on their signature power, because they would not sign blocks for the entire period they intended to fork later, so that they don't compete against themselves. Miners might not be particularly opposed to signing onto a reorganization, because they don't forfeit their reward by doing so (the reorganization would still pay them the same amount as before).
Scenario: 25% of block signers all agree to, during the first few Tac blocks, send 1000 BTC total to an exchange and sell it. They wait for confirmations on the exchange, sell the BTC, withdraw the value in alt-coins. They then create new transactions which pay out those 1000 BTC differently (back to themselves, and some sent to the block signers who aren't part of the collusion), and create a new fork with these transactions instead. The non-colluding miners are enticed to accept the fork by signing it, because they get paid additional Bitcoin which they don't own under the current valid chain, and they don't lose their block rewards for doing so, because the new chain will still pay out the coinbase + fees proportionally to the miners. The miners also can't simply embed that spend transaction they benefit from in the current chain at a higher height, because it spends a transaction (or transactions) which were already spent in the legitimate chain.
This level of collusion and crooked behavior you imagine means that the miners are destroying the underlying value of the bitcoin from which they profit, so I would not expect this situation.
This might particularly be a problem if Bitcoin mining becomes unprofitable, and miners are desperate to cash out. I suppose the concern here is largely that a fork can be proposed which all miners benefit from particularly easily.
That is correct, I think. But if that is the situation, can really miners cash out by destroying the confidence in the system? Also, maybe the exchanges can refuse to admit such a fork since their value will also be destroyed with those shenanigans. I think exchanges will need to bear an important role in the future to counter balance the power of miners.
8. What happens if miners/signers sign multiple competing blocks simultaneously?
A punitive system which punishes miners who submit multiple competing signatures could be implemented (see the Slasher proposal for PoS), but then the punishment of those accounts would be embedded in some way in a future block, which the miner(s) being punished would not vote for, further antagonizing the mining/signing power.
I don't see the advantage of signing multiple blocks at once since the reward would be the same
Generally, signing multiple blocks wouldn't disadvantage a miner, so if a miner is offered a small extra payout, they might happily sign the new block too.
Every different block would need re-signing of enough participants to form a stronger majority. If 51% of the miners are willing to collude to promote a double spend we are doomed anyway, aren't we?
9. What encourages miners/signers to sign at all, rather than go offline and hope other miners/signers don't?
If a miner doesn't have to be online to get their deserved reward from each block, why would they bother validating blocks and signing? If they don't get their deserved reward from each block if they don't sign the block, then it encourages miners/signers to selectively not broadcast other miners' signatures (either so that they can get a higher reward, or to undermine other miners' profitability and get a leg up).
The miners would get the reward anyway. Signing is an almost zero cost operation. Being good citizens should be enough to motivate the miners to sign.
In light of the previous discussion about incentivized reorganizations, a miner electing to not participate might make the chance of such a fork (which they would benefit from) higher, without incurring any risk. In my opinion, this point/question is mostly relevant if those incentivized reorganizations are a legitimate concern.
I doubt we would see that kind of behavior. A possible solution would be that those not signing a block can't redeem their output until n-blocks have passed.
10. What would this change do to blockchains merge-mined with Bitcoin?
Since for the Tac period, they can't use regular PoW mining, would the miner responsible for creating a particular block be the one who gets to merge-mine other chains? In the event that there isn't one delegated miner of each block, miners would all propose blocks in which they receive the merge-mining rewards from merge-mined chains, and wouldn't vote on anyone else's.
I haven't considered merge mining at all, so I can't really say anything meaningful about this point.
What block size will be needed to support LN transactions at Visa volumes?
⭐ Merited by ETFbitcoin (1)
According to https://en.bitcoin.it/wiki/Scalability "VISA handles on average around 2,000 transactions per second (tps), so call it a daily peak rate of 4,000 tps. It has a peak capacity of around 56,000 transactions per second".
Supposing SegWit is operational, and all the OP_CODES needed for a full implementation of Lightning Network are also operational, what would be a good estimate for how large a block has to be in order to support as many transactions as Visa?
More specifically: What kind of transactions would have to happen obligatorily in the blockchain? Monthly salary payments to fund the channel, for instance? What else?
What about VISA + all other major credit cards combined + 90% of cash payments world wide?
Bonus question: If the block size required for all of these becomes too large to become desirable, what is the next trick we can use in addition of LN? Sidechains?
Supposing SegWit is operational, and all the OP_CODES needed for a full implementation of Lightning Network are also operational, what would be a good estimate for how large a block has to be in order to support as many transactions as Visa?
More specifically: What kind of transactions would have to happen obligatorily in the blockchain? Monthly salary payments to fund the channel, for instance? What else?
What about VISA + all other major credit cards combined + 90% of cash payments world wide?
Bonus question: If the block size required for all of these becomes too large to become desirable, what is the next trick we can use in addition of LN? Sidechains?
The rewards during this cooperation phase (fees and new coins) will be fairly distributed among the winners of the previous competition phase. Fairly should be interpreted as proportional. That means that a mining pool that solved 7% of the blocks during the competition phase will get 7% of the total proceedings from every block mined during the competition phase.
Congrats, you've just reinvented essentially Byzcoin, which is incentives incompatible:
https://bitcointalk.org/index.php?topic=1319681.msg16861492#msg16861492
https://github.com/cosmos/cosmos/issues/46#issuecomment-266235696
Who will invent the next NAOD?
NAOD = nonsense algorithm of the day which repeats mistakes already in the prior art, because the author is too uninformed to cite the prior art.
Dear Iamnotback,
Thank you very much for your tone and sarcasm.
This is exactly the kind of spirit that promotes open discussion and sharing of ideas.
On the other hand, you are right; there are many similarities between this idea and the Byzcoin algorithm (I didn't know about it previously) and there is a problem with incentives regarding the fees.
I am not sure the matter is settled however. The under-the-table fees problem both proposals present does not imply there is no merit in the system at all, IMHO.
Fees could be given in full to the miner responsible for creating the next block. This would further incentivize said miner not to dissappear during his turn(s). This could encourage a market for fees between the miner and the user, since the mining turns would be deterministic.
Or fees could be removed completely from the Tac phase de facto if all the miners decide to cheat.
All the fees could be negotiated out of band. So what?
Or maybe other possibilities (like enforcing a fair insertion rule of transactions in full blocks).
Or maybe someone will come up with a bright idea.
It is comforting to know that you will be here, encouraging people to share it with us with your nice tone and praise.
Keep up the good work!
Regards.