No...the hash must be arbitrarily determined by the user requesting proof, or else an intercepted or purchased sig could be presented as ones own.  BTC sigs include all relevant tx components, amount, time, rec add as well as the sha256 tx hash included in a valid msg sig.  Attacker would have to derive a hash that produces the same sig as a valid tx w/o the privkey (probably harder than outright key forgery).

More likely some one would figure out a way to increment the arbitrary data in such a way the curve parameters are eventually revealed, which brings us back the question of whether or not lots of sigs can be used to weaken a privkey secrecy.

To blunt that possibility:

The server could just rehash the arbitrary user hash w/random salt and transmit that...user informed of server's salt and algo rounds and thus verifies that response msg was generated by holder of privkeys containing crypto proof that sig incorporates user's challenge hash msg.

I know that satoshi had change by default sent to a new receiving address which the network therefore had no pubkey or signed msg to.  Was this out of 'overly protective' motherly concern for a poor RNG being used to generate sigs and possibly reducing the space of potential K values ala the Sony cockup...

Kind of a junior crypto question here, but does a the strength of a pub/private ecdsa key pair weaken if the privkey is used to sign a significant number of msgs.

I know that reusing the K value is instant death, but assuming the msgs were generated correctly should one be concerned never using a new receiving address?

I ask bc if one were to create a bitcoin service that wanted to provide an instant proof to a user of funds under administrator control, the user could send an arbitrary hash value to the server, which could then be signed by all the privkeys corresponding to all publicly controlled pubkeys.  

would the creator of such a service have to worry about a user DDOSing the service in order to scrape a large number of sigs generated by all his privkeys for all the loot he controls, as a way to make it easier for the attacker to derive the privkeys?

That is to say, imagine if an exchange operator did this.  Should he be worried about using the privkeys securing user funds to send perhaps millions or billions of sigs to an adversary trying to derive the privkeys?

Without bad investment good investment is impossible.   These are the same fallacious arguments made by defenders of the credit-bubble blowing schemes of central banks.   Without the cheap dumb money, good ideas would never come about.  

It is a complete fallacy.  By diverting money into get rich quickism bs schemes like pets.com many good ideas were never funded.  You fall into the trap of believing that credit bubble ACTUALLY expand resources.  That ponzi's draw in new investment dollars and make things happen.

Its all wrong.  Bad ideas and ponzi's shread and destroy good things.  The Winkle-cock twins see another angle to play to suck value from the productive without innovating or creating a dam thing.  Just like they did with facebook.  Love or hate the company, zuck built a product people like and use and benefit from in some way.  The Winkle-cocks cried foul b/c they thought the value was in the idea.  It wasn't, plenty of losers have good ideas.  They just don't have the creativity, work ethic, management skill and ability to martial the wherewithal to achieve the dream of the idea.  

Then there are the leaches like the Winkle-cocks, who use the courts and the scamish infrastructure of society to suck out value without producing a god dam thing.

Listen to what they say, they are open about it.  They don't really talk about what they will do to make  Bitcoin succeed as a system that will benefit their users.  They are talking about overcoming a regulatory challenge to shuffle paper and let people speculate on its future as oppose to helping to actually shape and contribute to that future.  They literally say they are looking to sell the idea of Bitcoin only, and make it easier for people to "buy-in" to the idea.

That make them leaches, not inventors or innovators, but why would you expect an old dog to learn new tricks?  First with Facebook, now with Bitcoin.  A leach is a leach.

Going to the store and to get me some pepperoni and chicken chips...too bad i can't pay with bitcoin!

Hope they bring back cory and trevor....even if its two different actors.... Just call them cory and trevor, and give them the same role as if they are the same losers.  Those guys were great.

The crazy drunk and high happy time or something...  I saw 10 minutes of it, vomited and then decided to opt for root canal.

Case in point are newbies like compwindsor...talking about it like its a stock, talking about profit and investment.  Delusionally telling you that its better if the price never stabilizes...   


Getting in late?  This thing is still an infant.  Again talking about it like its a penny stock that might shoot to the moon only.


Glad this guy is adding to the community day trading btc and ltc.  I mean, you know, who needs commerce when you can just "make profits on crypto within VERY small periods of time."


Two completely different things dude.  The USD has a lot more price stability because it is used mostly for commerce.  The fact that it is controlled and printed by some one else is evidence of it being and inferior exchange mechanism and store of value.  BTC is supposed to be better and therefore should be stable and used for savings and commerce.  the USD should be the speculative asset.

But his thinking is common of the bitcoin crowd.

It wont.  Most of the holders of btc are buying and selling speculatively, and there are trying to convince their friends and family to just buy it as a speculation.

We have really good folks like DPR, Erik Vorhees, etc working to try to create commerce with bitcoin.  everyone else, a speculator.

Popcorn time.

A LOT of people had the facebook idea.  Friendster, Bebo, Myspace...so many others.  Fact is, Zuckerberg figured out how to build the community and attract users better than the rest.  The Winkle-cock jerks think they deserved a cut of the dough because they talked the idea over with Zuck, and maybe designed a layout or two. 

These guys are punching well above their weight.  I hope they buckle and dump this fucker down to $2.  Maybe then we can work on a better crypto currency, after we flush out the get rich quick folks.

Winklevoss Twins are running a pump and dump.   In the interview they said its so much easier to get some one interested in bitcoin than it is to explain to them how to use it.   They see that as a flaw they are fixing with the etf.  They want to make btc like gold.  THEIR WORDs.  Keep in mind now one uses gold for commerce.  Clearly they don't care about the true goal of the project of creating an alternate currency/payment system that is superior and controlled directly by the community of users as opposed to the government and powerful banking cartels.  Thats what makes the blockchain not only worth TRILLIONs, but also improves humanity with a free people's money the Government & Friends can't use to exploit us.  The etf, make it like gold route will only make the blockchain worth some Billions.

The don't care about creating a reliable currency and unit of account for people living in oppressive 3rd world regimes, so that people and work and trade and feed their families without the terror of having their national currency constantly becoming worthless in their hands.  See Zimbabwe...iran...venuzuela

Now thats fine for you if you are in the camp that bot a few grand under 100 and when it goes to 10,000 and now you quit your job and retire.  But its not what i'm here for.

I pray this etf thing flops and never gets approved.

More and more I am starting to understand why satoshi got PO'd and left this community.   Most of you folks here are just buying up BTC hoping for it to shoot up so you can get rich.  Well good for you.  But what if this incessant focus on making btc work is blinding us away from building something better.

All the alt currency attempts (with maybe namecoin as an exception) are really low grade forks, designed as pump and dumps.  Shame on us.  By now we should have launched a 2.0 cryptocurrency that solved the blockchain bloat problem, and moved to a better more efficient record keeping system.

If i had the technical chops, I'd do it, but i don't.  A while ago I posted a few ideas for a better cryto, and got very little interest.  Every one is hell bent on taking bitcoin all the way regardless of whether its the best we can come up with.   I think even satoshi is surprised people are still pushing this system so aggressively whilst no one is genuinely doing a 2.0...

I've cashed out completely.  I guess i just woke up to the idea that there is a better way to do this, and will wait for the better system to invest in this concept again.

SHHH....Don't talk about that.  No one is allowed!  Rule #1 of Bitcoin is that you don't talk about the blockchain size.  Rule #2 of Bitcoin...

Oh now its over 10 gb now, btw...  But I just broke rules there..

18PSkFA4sBL9Ro7Z4PyVQkxWWZvViShdwq

https://www.adamvstheman.com/invest/

When I was a boy in sunday school, we were learning the commandments.  When we went over the one "thou shalt not kill" I asked a question.   I asked if it was a Sin to kill in war.  My teacher told me something along the lines that its also a sin not to do ones duty and fight for country.  

I scratched my head on that one.  I had read nothing about country and doing the bidding of man in the bible.  i was like 10 or so, but even then i knew the truth.  War is killing and killing is a sin.  

Today I know that my teacher was some how brainwashed out of the truth.  That something about country and patriotism was some how more important than a religion she not only professed to believe but was volunteering to teach.  

To this day i wonder why she couldn't just say that killing is killing and that killing in war is wrong.

Thanks!  That makes total sense now.

The typical way to spend btc is to lock them to a receiving address which is a 160-bit representation of a 256 bit ECDSA script.  In theory, couldn't an attacker present a different pubkey and  a signed message to redeem coins on an address which happens to hash to the same address as the legit owner?  Wouldn't the odds of this collision be 2^160  (yes yes thats A LOT of keys to generate) but its not 2^256 now is it?

Additionally, lets assume there are 65k addresses worth stealing from, i'll steal from any of these (2^16).  Doesn't that now reduce the number of hashes i'd have to go through to 2^144?

Its still a poopload of key pairs to generate, my guess is only a few hundred or few thousand could be iterated/sec on a standard pc.

But this raises the question:  why didn't satoshi use sept160k1 which would have pubkeys of only 40+ digit hex (corresponding to the strength of ripemd160), instead of 64+ digit hex for sepc256? 

Again, in theory we can reduces the 2^256 sets of key pairs to just 2^160, cuz as I get it, to spend a balance you only have to show a pubkey which ripemd160 hashes to the receiving address.

Did i miss something or is the ECDSA really just 160 (or 144) bit strong?

yeah, people are also forgetting that the tx could just always appear in a later block.  there is no way to cancel a bitcoin tx.  bitcoin tx's are not tied to one block.  if your counter-party heard it off hte network, fairly safe bet most of the miners heard it.  so go ahead and generate your txless block.  your tx will just get dumped into a later block.  money = spent

Solved block = 25 BTC reward * $120/BTC ~ $3,000

An attacker must go back and rework the block that just posted and remove the transaction he's trying to double spend. he must get lucky beating the rest of the network which is ahead and working on a block solution on top of the old block.

Chances are attacker never catches up and any blocks he did find become orphaned (never adopted b/c he's just too slow).  That compute power could have been used to score a real block by building on the valid block.  Cost is 25 btc per fake block you waste time trying to build.  Satoshi figured if you have 10% of the network hash power (which is A LOT) there is a less that 0.1% you could do this if you tried going back 5 blocks.  That is use 10% of the has power to score 6 blocks before the other 90% could score just 1.

in laymans terms, what he is saying is that if you built the most energy efficient computer possible, you could not generate all the possible public keys that the ECDSA curve has to offer, using all the energy of the sun.

Now the number of addresses is a somewhat smaller number, so there are multiple possible pubkeys for each address. But pay that no mind as there are still a poopload of available addresses.  58^33 to be exact.  How big is that number?

170,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

I may have hit 1 too many/few zeros...

Your current computer could probably only generate a few thousand of those key pairs a second.

All the computers on earth, if running just this generation would probably fail to get there before the proton decays.  And when the proton decays, we're all fucked, regardless of your bitcoin balance.

Hi all, running linux mint.  Went to synaptic package manger and a added ppa:bitcoin/bitcoin.

Synaptic--->Settings--->Repositories
Clicked "other software" tab than add button. 
ppa: bitcoin/bitcoin

The new ppa address that was added was:
http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu nadia main

Clicked reload and got message:
Failed to fetch http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu/dists/nadia/main/source/Sources  404  Not Found
Failed to fetch http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu/dists/nadia/main/binary-i386/Packages  404  Not Found
Some index files failed to download. They have been ignored, or old ones used instead.

Whats the reason for the linux fail?  No nadia client?  Is the launchpad link deprecated?  Am I?

Want that neat package manager installation.  Also, does it pull in the pubkey from the link?  and is that a safe way to get updates?  who controls that key?  Gavin?  Satoshi?

Seriously dude?  Thats mondo easy.  take all the adjust values for unspent outputs and write them into the genesis block to the address they belong as coinbase txs.