Search content
Sort by
Showing 13 of 13 results by OneGoLuck
Main question, what would be the result of finding such points on secp256k1?
Absolutely nothing because one Generator in not different from another in term of security
If you could find one "weak" generator, the security of the whole bitcoin would be broken
That is why it's assumed there are no weak generators, as none has been found. And to be honest, I cant imagine why one would be weaker than all the others
Re: Best way to store bitcoins safely without a hardware wallet(ledger,etc)
Shopping List: A form of sheet metal, (galvanised steel etc) an engraver a pencil and ruler and an hour or so.
Transfer your coins to a paper wallet that you have rolled offline, engrave the private key onto the sheet metal (store in a safe place until needed). Destroy the paper wallet once you have verified what you engraved is what you intended to have engraved.
Transfer your coins to a paper wallet that you have rolled offline, engrave the private key onto the sheet metal (store in a safe place until needed). Destroy the paper wallet once you have verified what you engraved is what you intended to have engraved.
Even better, easier and cheaper, is to buy a piece of normal cheap PVC pipe used in waste water systems.
Carve your private key or seed words to that, and bury it somewhere where no-one will be building new buildings or anything in the future. Preferable to your own land or your relatives land
PVC pipe is easy to carve and lasts forever in the ground. Metal detectors wont find it and house fires are not a problem, because the layer of ground will protect it from heat.
One way to quickly and easily dig it to the ground is to have a battery operated drill and one of those cheap 1m drill bits. Drill a hole to ground, and then push the piece of pipe (if you selected one of those 3cm diameter pvc pipes or a small piece of a bigger pipe.) to the hole, and then just fill the small hole.
Bitcoin has 2 weaknesses.
1. The bitcoin encryption could be broken. Be it QC or a clever algorithm or whatever. That would make bitcoin almost worthless overnight.
2. The blockchain grows every day. Unless something is done, eventually it will become too big. And then one by one the nodes will quit supporting the network.
1. Technically true, without a doubt. But let's take note that Bitcoin's encryption being broken is going to be the least of our problems if the encryption was actually broken.1. The bitcoin encryption could be broken. Be it QC or a clever algorithm or whatever. That would make bitcoin almost worthless overnight.
2. The blockchain grows every day. Unless something is done, eventually it will become too big. And then one by one the nodes will quit supporting the network.
Compared to gold, bitcoin is unsecure. Gold can't lose all of its value overnight.
Not sure how you even compare Bitcoin's security to a piece of metal to be honest. Also, remember that gold can a lot more easily be faked. To be completely sure if the gold you're receiving is actually legit, you'd have to do some chemistry or some applying of pressure or go ask some business to verify it for you....while extreme fanatics believe that Bitcoin is far better than gold. Bitcoin was born in the wake of the 2008 financial crash as a libertarian currency and as an instrument that could help cushion the event of a future financial crisis.
Why is gold a safe-haven to begin with? What makes gold have a price? The mining cost is irrelevant to the extreme valuation of this asset.There is a limited number of bitcoins than can ever exist. On the other had there is a lot of gold in the solar system.
Bitcoin has 2 weaknesses.
1. The bitcoin encryption could be broken. Be it QC or a clever algorithm or whatever. That would make bitcoin almost worthless overnight.
2. The blockchain grows every day. Unless something is done, eventually it will become too big. And then one by one the nodes will quit supporting the network.
Compared to gold, bitcoin is unsecure. Gold can't lose all of its value overnight.
Bitcoins security strength is at 128 bit.
With ECDSA on secp256k1 and a key size of 256 bit, the strength is at 128 bit.
2512 bit is an absurdly large number and completely off. But i guess you meant 512 bit.
ECDSA's security is dependend on the key size. With a key length of 2n bit, the bit strength (security) is at 2n-1 bit.
Of course I meant 512 bit With ECDSA on secp256k1 and a key size of 256 bit, the strength is at 128 bit.
2512 bit is an absurdly large number and completely off. But i guess you meant 512 bit.
ECDSA's security is dependend on the key size. With a key length of 2n bit, the bit strength (security) is at 2n-1 bit.
Sorry I was thinking 2^512 possibilities not bits. And about the 256 bits vs 128 bits, bitcoin security is 256 bit (originally), but as we currently have algorithms that can solve it using just 128 bit search space you can also say that the strength is (currently) 128 bits. Maybe tomorrow it is just 100 bits? Who knows. That is why (in my opinion) it is easier to speak of 256 bits, because it is a number that wont change.
But I disagree with that.
No. That's nothing one can agree or disagree with.
You can either decide to accept or to deny it.
I agree that with the current way of trying to solve the problem, which is just brute forcing (or pollard rho), the search space is what you say.
BUT
IF you want to try to develop smarter algorithms for solving the problem, then you will have to convert the problem to something else first. And in that conversion the difficulty (unfortunately) does change. Because of the mod operator.
Bitcoin curve is secure. The values [0,7] are extremely well chosen. There is a weakness in some curves that was not known when the parameters were chosen, but I guess bitcoin got lucky (yet again).
While researching how can it be possible that they succeeded in choosing so good parameters, (when they could not have known) I was reading how the parameters for bitcoin curve were selected from this old thread:
https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
And it seems that the curve equation y2=x3+ax+b (a=0 and b=7) was selected, by first selecting an "easy" value for P, which will make some calculations faster.
P=2256-232-29-28-27-26-24-1 or
P=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
And then searching for the smallest value for b, (while keeping a=0), that would make the resulting curve have a prime order.
So the value b=7 was not even consciously chosen, as it was a result of just choosing an "easy" value for P. They could have selected another "easy" value for P and then b could have been something else.
And that is where bitcoin got lucky, because if b would have been 5 or 9 (or one of several possibilities) there would have been a weakness in the curve that would have made it a lot easier to break the encryption. I do not know if it would be possible to actually break it even then, but it would be 1/1000 times easier nevertheless.
This just shows that we always need a bit of luck, whatever we do.
PS: can you guess what is the weakness if b=5 or 9 or one of several other values? My lips are sealed
While researching how can it be possible that they succeeded in choosing so good parameters, (when they could not have known) I was reading how the parameters for bitcoin curve were selected from this old thread:
https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
And it seems that the curve equation y2=x3+ax+b (a=0 and b=7) was selected, by first selecting an "easy" value for P, which will make some calculations faster.
P=2256-232-29-28-27-26-24-1 or
P=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
And then searching for the smallest value for b, (while keeping a=0), that would make the resulting curve have a prime order.
So the value b=7 was not even consciously chosen, as it was a result of just choosing an "easy" value for P. They could have selected another "easy" value for P and then b could have been something else.
And that is where bitcoin got lucky, because if b would have been 5 or 9 (or one of several possibilities) there would have been a weakness in the curve that would have made it a lot easier to break the encryption. I do not know if it would be possible to actually break it even then, but it would be 1/1000 times easier nevertheless.
This just shows that we always need a bit of luck, whatever we do.
PS: can you guess what is the weakness if b=5 or 9 or one of several other values? My lips are sealed
It is generally thought that bitcoin has 2^256 bit security and with the best algorithms (Pollard rho, Kangaroo) the search space can be lowered to about 2^128 bit.
But I disagree with that.
We have 2^256 bit security WITH a mod operator, and if we want to get rid of the mess and complexity of mod, then we are looking at 2^512 bit security level.
Getting rid of mod operator enables us to develop algorithms that are not based on brute force or statistics (like Pollard rho).
The best algorithm I can come up with starts with 2^512 bit security (without mod) which can be lowered all the way to about 2^128 bit with a clever algorithm. It is quite a big reduction but unfortunately still at the same level than with just using regular Pollard rho.
What I think makes bitcoin secure is not the curve itself, but the (damn) mod operator. Does anyone know how to get rid of the mod while still remaining at the 2^256 bit level?
But I disagree with that.
We have 2^256 bit security WITH a mod operator, and if we want to get rid of the mess and complexity of mod, then we are looking at 2^512 bit security level.
Getting rid of mod operator enables us to develop algorithms that are not based on brute force or statistics (like Pollard rho).
The best algorithm I can come up with starts with 2^512 bit security (without mod) which can be lowered all the way to about 2^128 bit with a clever algorithm. It is quite a big reduction but unfortunately still at the same level than with just using regular Pollard rho.
What I think makes bitcoin secure is not the curve itself, but the (damn) mod operator. Does anyone know how to get rid of the mod while still remaining at the 2^256 bit level?
Re: How do we really know how many bitcoins does satoshi have?
⭐ Merited by o_e_l_e_o (2)
The patoshi pattern, that o_e_l_e_o referred to, is a "proof" that Satoshi mined at least about 1M bitcoins with the same machine.
Probably he mined more with other machines, who knows. What we do know, is that he has not touched any of the million coins, and probably newer will.
My guess is that he/she destroyed the private keys to those addresses, because he wanted to distribute the bitcoins fairly among people, and he probably thought that if he takes million coins to himself, people would think it "unfair" and it could work against bitcoin in the long run.
Or prevent bitcoin becoming popular.
Probably he mined more with other machines, who knows. What we do know, is that he has not touched any of the million coins, and probably newer will.
My guess is that he/she destroyed the private keys to those addresses, because he wanted to distribute the bitcoins fairly among people, and he probably thought that if he takes million coins to himself, people would think it "unfair" and it could work against bitcoin in the long run.
Or prevent bitcoin becoming popular.
The bitcoin network adjusts its difficulty. If there is no other miners, then my old laptop is all that is needed to keep the bitcoin network alive, still finding blocks on average every 10 minutes. And there will always be at least one old machine mining.
There is a problem with having a very low difficulty though, and it is low security. Someone with more hashing power could do a 51% attack and steal coins.
But do not worry. As long as bitcoin has any value, the mining will continue.
There is a problem with having a very low difficulty though, and it is low security. Someone with more hashing power could do a 51% attack and steal coins.
But do not worry. As long as bitcoin has any value, the mining will continue.
Re: How come that quantum computers supposedly can't hack non used wallet addresses
The reason is because moving from private key to public key uses asymmetric cryptography, while moving from public key to address uses SHA256. These differ in how much easier they would be to "break" using quantum computing.
Using Shor's algorithm, a quantum computer could reduce the number of operations required to find the private key for a specific public key by many orders of magnitude. This would allow a sufficiently powerful quantum computer to find the private key to any address which had exposed its public key, which is done whenever coins are spent from that address.
Conversely, using Grover's algorithm, the smallest number of operations needed with a quantum computer to convert a bitcoin address back to its public key is still 2128. This number of operations is so large as to essentially be impossible.
Using Shor's algorithm, a quantum computer could reduce the number of operations required to find the private key for a specific public key by many orders of magnitude. This would allow a sufficiently powerful quantum computer to find the private key to any address which had exposed its public key, which is done whenever coins are spent from that address.
Conversely, using Grover's algorithm, the smallest number of operations needed with a quantum computer to convert a bitcoin address back to its public key is still 2128. This number of operations is so large as to essentially be impossible.
And add to that, that quantum computers would be much slower in going through 2128 operations than a "traditional" computer.
Quantum computer's magic lies elsewhere. With Shor's algorithm QC can "see" the right private key from public key without going through all the possibilities. But with SHA256 it can't do the same.
what do you do when the weather is very hot?
if it is cold it will be very easy to make it warm, but if it's hot it is a little difficult to make it cold. So, what do you usually do?
if it is cold it will be very easy to make it warm, but if it's hot it is a little difficult to make it cold. So, what do you usually do?
I will enjoy the heat!
The hotter it is the better it is
You need to have the conviction to be able to stay away from smoking, so if you do not have the conviction and the will, you will not be able to get away from it and you can use some medications that help to get away from it.
I agree. If you want it enough, you can do it yourself.
IF you don't want it enough, then you can't do it anywhere.
I know one person, who quit smoking because of love.
To be honest, with regard to the number of lost bitcoins, no one can be sure, it can really be lost or it can appear suddenly.
Debates like this will make us tired and useless to debate.
That's possible, chances that those so called lost btc are just secretly holds by certain individuals or groups and just appearDebates like this will make us tired and useless to debate.
inside the market one day.
That is possible. Many coins that were thought of being "lost" have already resurfaced.
Just a few weeks ago someone signed a message with 100 addresses each containing 50BTC.
I was surprised that the bitcoin market did not react to it in any way. That was 5000BTC that were thought lost until that moment.