it would only cost 43.2million in electricity to fill a whole days worth of empty blocks.

I haven't been able to find any resource that explains how the order of Spec256k1 is found or for any other elliptic curve cryptography functions. The only hint Ive read is that the order (n) is usually somewhere near the prime field (p)

   p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F
   n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

the order and price field are around 2^128 away from each other. This means if you were to brute force search for n using the p as a starting point it would take 2^64 iterations to hit n. Did they brute force n or is there a simpler solution to this?

do any of your guys have concerns with microstrategy trying to own 5% of the bitcoins supply? Seems that this whole thing is antithetical to the original idea of bitcoin. microstrategy is trying to become a centralized source of bitcoin much like a bank. what happened to not your keys not your crypto?

I agree bitcoin seems to have become a ponzi scheme. Majority of people I meet in bitcoin view it as a get rich quick scheme. They'll never say that directly but all of them believe that if they hold onto their bitcoin some day they will be rich, even to the point they will go into credit card debt to buy more bitcoin. They have very little knowledge of how it works and most don't self custody which defeats the whole purpose of owning bitcoin.

Bitcoin makes more sense for countries and people that don't have a stable store of value but the vast majority of all bitcoin holders are from developed countries where they have alternative store of value assets like gold, real-estate, and stocks. The moment bitcoin stops out performing the S&P500 everyone will sell out.

I do believe in bitcoin. The tech is great but people seem to have turned it into something it isn't. Its become more of a religious cult making bold claims that bitcoin would solve all our problems. With people like micheal saylor going billions into debt because they "just believe" it will always go up. These people will deny any vulnerabilities of bitcoin and call it a perfect money when nothing in the real world is perfect. things are only perfect in theory. everything has trade offs.


I don't believe any large countries/central banks will have a strategic reserve. Maybe a small reserve but not a large amount. theres too many vulnerabilities for a country such as the USA to hold bitcoin. If for example USA did have a reserve but then world war 3 breaks out. China has plenty of resources to building enough miners and get enough energy to cripple bitcoins network. making the USA bitcoin useless.

Take for example if the USA kept gold as a reserve. China would have to go through the USA military which has an annual budget of 800billion and invade 100s of miles into the USA and bust into fort knoxs and steal the gold. Which would be much harder to pull off then spinning up 10GW of power for some miners in their own country.

It might be easier to pull off a sybil attack rather than miner attack but I haven't done enough research on sybil.

I still don't understand XRP. All nodes are controlled by ripple labs. Ripple labs can change the protocol when ever they want. They could block transactions, create new XRP, or even steal directly from your wallet. With this setup why does ripple even bother making it a blockchain? it could be easier and faster to have a centralized database with address and XRP value entries. The whole point of a blockchain is to have a consensus mechanism for a decentralized network but XRP is centralized. Ripple controls consensus.

If switch H to G and reduce the original equation we get this

C = (y + b)*G

using this it seems like everything should still work just fine. we still have the pseudo random mask y and shouldn't be able to calculate b from C. where would the vulnerability be if we could reduce the original equation like this?

I've been reading zero to monero and just learned about Pedersen commitments. Im not sure if they use different equations or not but the one i learned is

C = yG + bH

y is the mask and b is the amount. H is some know generator point µG where µ is unknown.

Is µ truly unknown and if its not unknown is this a security vulnerability? Also whats the purpose of H? why cant G be used in its place?

Is it better for the monero network to run a node over clearnet or tor? I've heard running over tor increases chances of a sybil attack

if the anon set is low on that coordinator and blacklisted UTXO's are allowed into the coinjoin could that potentially flag my non-blacklisted coins as blacklisted?

Sorry to interrupt the conversation but I had a questions about the wasabi coordinators protocol.

So from my understanding how it works is wasabi clients post UTXO's they want to coinjoin to the coordinator through tor. Then once the coordinator has a large enough set of UTXO's it will then request output addresses and amounts from each client. After that the cooridnator puts together the transaction and requests each client to sign their corresponding transaction.

Im sure Im missing something but my concern is with tor. Does tor use the same exit node when sending the input UTXO's and output addresses to the coordinator? If so wouldn't that mean the coordinator can deduce that the input UTXO's and output address coming from a specific exit node belong to the same wallet?

Im assuming its a 24 word seed so should only need 18 words if the first 6 are in order. So you would need test 20!/2! combinations. Which is around 2^60 and should be possible since the bitcoin puzzles have been solved up to 2^65. Also the seeds have checksum bits which could reduce the total combinations to test down to 2^52. 24 words out of a list of 2^11 words is in total 2^264 of entropy and 8 bits of that is a checksum. and If you have the public key you might be able to use pollard's kangaroo algorithm to solve it in 2^30 time but I don't think that algorithm would be possible in this instance.

Monero is much less secure. Given the best CPU on the market you can get around 0.5KH/J. The total hashrate of monero is 2.32GH. So an attacker would need 4.0x10^11J of energy per day. With a cost of energy of $0.05 per KWH that comes out to $25k per day to 51% attack monero. This is a rough estimate but look at https://bitinfocharts.com/monero/ you'll see total miner reward is around $70K so not far off.

Since its pretty easy for anyone to rent CPU power given the large number of data centers in the world the only cost would be power plus a premium to the data center so at worst case scenario monero would only cost 50k/per day to shut down. This is easily done by wealth individuals or a small countries. And given how much centralized powers hate monero I wouldn't be surprised if the US or EU did this to stop terrorist organization or what ever they dem an enemy.

I've been studying the bitcoin soft forks like segwit and i dont understand why we needed to add vBytes. Is this because we dont want to Hard Fork? From my understanding segwit leaves a blink section in the transaction where the scriptsig was in order to keep backwards compatibility. Which would cause the new segwit transactions to be more bytes than the P2PKH so to make users use the new segwit transaction type they made vBytes? So segwit transactions dont count the scriptsig in the transaction size. It makes segwit seem smaller but its actually slightly larger than P2PKH in terms of actual block space.

I don't understand why people complain about transaction fees being too high. Its a decentralized network that using a couple basis points of the global energy supply. Of course its going to be expensive. You have to pay a price to secure a decentralized network weather its inflation or transaction fees. If a coin has low fees its a strong indicator of low security or centralization or a indicator of rapid inflation.

Have they tested the cost to running a 51% attack on monero? From my understanding it should be pretty easy given the large number of server clusters in the world. One of the biggest hurdles to attack bitcoins network is the cost of hardware. Also a lot of governments don't like monero. Who's to say one day a wealthy enough government somewhere doesn't pay for a server cluster to attack monero for a few days to destroy its credibility?

I agree with this I think tail emissions plus fees are the best option long term. Transactions fees would need to be much higher to sustain current levels of mining hashrate which would scare people away from using the network. But also I fear the variability of transaction fees would destabilize the network. Tadge Dryja makes some good points about this in this MIT lecture https://www.youtube.com/watch?v=wXWbdiOBW5w at 58 minutes in. During large fee periods miners could end up fighting to reorg high fee blocks instead of mining new blocks.


One possibility is if mining fees are low enough to be vulnerable to attack large bitcoin holders could have mining power on stand by to turn on in case of an attack but that might just be wishful thinking. If I was Michael Saylor id probably have some rigs on stand by.

I understand that an attacker wouldn't gain any bitcoin from attacking the network. But bitcoin having a larger market cap should make it a larger target. one persons lose can be another persons gain. Maybe the relationship is not 1 to 1 but market cap and security should scale together.

The mining hardware has improved by 8x since 2018. Back then miners were using S9 which was able to produce 14Th/s with 1373W of power. Now with the S21 XP HYD you can get 473Th/s with 5676W of power. S9 = ~0.01 Th/J and S21 XP = ~0.08Th/J. So effectively, 50-70Eh/s hashrate now a days is actually equal to 8-10Eh/s in 2018. Also the market cap of Bitcoin is 4x higher than in 2018. So to have the same market cap to security ratio you would need 4x the hashrate/power consumption of 2018 hashrate. So if the hashrate did fall to 50-70 Eh/s then the security of the network in relation to the market cap would drop 24x

Im having a hard time understanding how distinguished points (DP) work. From what i know you only save the start point, trail length, and DP per a trail and start a new trail when a DP is found. You repeat this until you find a collision DP and some how find the "actual" collision of the pubkey.

I don't understand how finding and only storing DP would lead to finding the pubkey collision. I fully understand how the kangaroo method works by creating 2 maps to find a collision using the birthday paradox. but I'm not sure how you can do this without storing the whole set a points.

Controlling the network wouldn't yield any profit but if your enemy uses it as a reserve currency taking control would be catastrophic to them. If NATO or USA adopted bitcoin like el salvador then China would have a reason to take down bitcoin.