For technical background see https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

My bad. Of course it is free market. It is not preferable type of market for miners though, since their profit from tx fee tends to 0. This in the future, as previously noted by @jonny1000, won't allow to sustain large amount of mining power, decrease Bitcoin network value and create death spiral.

From miner perspective, in the short run, it is most profitable to include tx with fee that is grater than penalty from broadcasting this transaction. As I understand, as soon as block O(1) propagation is included this penalty is greatly reduced and amounts to almost 0. Therefore if miner is greedy it is best to include almost all transactions with non-zero fee as soon as possible. This however will destroy fee market -> fees will collapse to 0. This is not free market. Good well known analogy is situation when there is an unexpected surplus of some goods eg. food in the wake of some international sanctions. It is then not possible to sell all goods in the domestic market as the demand is not enough even if the wholesale price is 0. Therefore artificial limitation (destroying crops) is crucial for securing farmer revenues.  

From miners perspective the best limitation is the one that brings miners the biggest revenue. That is probably when the fee is competitive with the other means of payment for small to medium types of transactions as those types of transactions are the most common ones. Therefore the ideal tx fee should probably be somewhere between $.1-$1.

If miners cooperate they have the power to limit soft maxblocksize by simply not mining larger blocks. But is this kind of cooperation possible in the view of the fact that greedy miner would mine all non-zero txs and have higher revenue? I think Gavin thinks it is possible so the hard maxblocksize role should be different. It should be just an upper limit of soft maxblocksize that miners can  impose and that would guarantee network decentralization.

Remember that the block hash must be quickly verifiable. This means that calculating single hash should be as fast as possible on CPU. Otherwise only miners would be able to verify blocks.

Who helped creating and created such centralized system which bitcoin is. So that now it must be fixed by people like Mike, who want to make it more decentralized.

It would be best if you use your anger as a motivation to carefully read what devs propose, consider all cons and pros of a given solution, compare it with your solution and then criticize it.

So far all dev's solutions mentioned in this topic in no way limit bitcoin. They just expand its usage cases. They don't have to be perfect to be implemented. It's enough if they are better than what we currently have, and don't limit further improvements.

These are just some proposed solutions to the known problems (he is not pushing anything). If you know better solutions, please share, so that we will be able to choose the best solution available.

Well, proof-of-stake as it is implemented in other cryptocurrencies is based on the annual inflation. Which means that PoS miner will gain on average x% yearly for keeping coins on active full node. To circumvent the effect of inflation, the tx fees are no longer paid to the miner - they are destroyed.  

It could. But it would undermine the basics of bitcoin economy. Also the capital tends to be very unequally distributed - big banks (now exchanges), satoshi and so on. It solves the problem of full nodes number though, as everyone has some incentive to maintain one.

No, that is not possible. Every such a mean can be easily circumvented. Especially if you can make use of virtually every single participating miner's PC. Centralization of mining pools which gain a slight advantage in terms of latency is something we need to prevent. I think the best method right now is just to educate the miners how potentially dangerous such centralization is.

You need to multiply blocksize b as well.

How about splitting the reward equally among all blocks at level h? The exact tx paying the miners would be just included x levels later.

dice hack http://www.youtube.com/watch?v=Wq-MDBFolXs

Of course further obfuscation is possible, making it more difficult to remember.


(If I understand you correctly) If you assume that cx-xxxx gives you 75bit then cy-yyyy doesn't add another 75bits since it is the same strategy and the same championships. So you only get entropy from repeating procedure: 2bits + 5 almost random numbers (14bits) + bip38 (20)  = 36bits.


Nowadays cracking techniques are becoming very sophisticated. Very huge computers are equipped with databases of human generated passwords revealed in many website leaks. As a result it is possible to uncover most popular obfuscation strategies, words, numbers used to generate password. It is very easy to underestimate current, and most importantly future AI capabilities in this area. Using non standard method is just another way to add entropy, and sth to remember. But it is very misleading to assume that computers wont try to break those non standard methods. And it is very easy to overestimate human generated password entropy. 

My point is that while it is possible to create safe brainwallet with human generated obfuscation method, it is very difficult thing to do so. It may be slightly easier to remember, but they require a lot of time to be created. Also, while people can't calculate entropy properly they will never be sure if they created enough of it. Even if you come up with clever and provably safe instructions, most people would just not follow them properly (and the method will no longer be non standard).

That is not possible. You have to remember something. Either these are words, symbols, functions, method of obfuscation - you still need to remember them. As a result you get passphrase with some entropy. But calculating this entropy is not that easy as just calculating length of the passphrase. You need to calculate entropy of obtaining that passphrase. And that entropy may depend on the information the attacker has about his target. 


So let's assume that attacker somehow get the information about you. Now we will estimate the enropy:
topic: chess matches - one of ~32 most likely topics - 5 bits of entropy
some popular game: one of ~128 most notable ones - 7 bits
shortcut of above 2 steps "c1" - one of ~16 most likely - 4 bits
common separator "-" - 2 bits
method of further obfuscation - one of ~64 most likely ones - 6 bits
first digit 0 or 1 - 1bit
three random digits - 10bits
bip38 - i don't know exactly but perhaps ~20 bits

So to sum up we get ~55 bits of entropy of brain wallet if the attacker know sth about you. If not, add ~5 bits and you get brainwallet with ~60bits. While it may be enough today, it is much lower than recommended standard of 128 bits. And I wouldn't recommend to choose anything below 80bits.

While above calculation may seem to overestimate the attacker capabilities, you need to remember that passwords are being broken by highly intelligent AI which is aware of all common human password choosing strategies.

You also have to take into consideration that when humans are told to follow your procedure, they would probably choose sth like: take first 20 words of bible, choose every 2nd, and add some 2 digit nr to get <40bit brainwallet entropy, which is a disaster.

That is way it is recommended just to create 12 random word (128bit) seed. Then you can bip38 it (~20) with 4 random words from seed(~40) and hide it physically (~20) to get total ~80bits (in case you forget the whole 12 initial words).

If you want to be safe I suggest to multiplicate wallet.dat file into many copies to fill the mass storage (m-disc) to the limit. Then even if say >90% (depends on the storage size and luck) is corrupted, it's still possible to recover data.

If you prefer to have one solid copy use this: http://www.youtube.com/watch?v=qpOV6r2vy9Y
though I don't know if the 'printer' stores anything in the memory.

United States Government Accountability Office
Virtual Economies and Currencies:
Additional IRS Guidance Could Reduce Tax Compliance Risks
GAO-13-516, May 15, 2013
released on Jun 17, 2013
http://gao.gov/products/GAO-13-516
Direct link:
http://gao.gov/assets/660/654620.pdf
txt version:
http://gao.gov/assets/660/655226.txt

Audio interview by GAO staff with Jim White, Director,
Strategic Issues on Related GAO Work: GAO-13-516
http://www.gao.gov/assets/660/654443.txt

Let me remind you of @kjj idea, which I find interesting:


Though I would consider adding some high hard limit too (100MB-1GB)