Search content
Sort by
Showing 17 of 17 results by poiuytr4
Re: The precise status of the relevant number theoretic problems for SHA-256
Wow, razorfishsi, you should have taken more time to read this post as Altoidnerd was asking some valid questions and you might have missed some points and Altoidnerd you should not react so quickly and defensively. 
Anyway, Altoidnerd, I think that often, the whole point of these maths/science things is asking what are the questions and not just what are the answers. If you can break these things down into what are the number theoretic questions that need to be answered then that is just as much of the work as providing the answer.
Some of the most interesting/difficult mathematics is about providing the questions that need to be answered. So I don't think that what you're asking for is so straightforward.
Hypotheses are just questions and Riemann, for example, is famous for asking a question, and not for providing an answer to it.
Anyway, Altoidnerd, I think that often, the whole point of these maths/science things is asking what are the questions and not just what are the answers. If you can break these things down into what are the number theoretic questions that need to be answered then that is just as much of the work as providing the answer.
Some of the most interesting/difficult mathematics is about providing the questions that need to be answered. So I don't think that what you're asking for is so straightforward.
Hypotheses are just questions and Riemann, for example, is famous for asking a question, and not for providing an answer to it.
Re: A question on ECDSA signing (more efficient tx signing)?
No problem. I am sure it can be done. It is used for deterministic wallets for example and it for verifiable secure vanity address generation. It is an interesting property of ECC keys. I just wanted to know if any crypto experts saw any potential reduction in security as I have limited knowledge in the field of ECC. Unless I was drunk I don't recall it even being covered in college.
Yes, you are right. But the private keys are scalar quantities so you just use add these using normal addition and, technically you should reduce mod n, where n is the order.
The public keys are EC points so you add these using point addition.
I think the vanity address programs often do the same sort of thing but multiply all of the private addresses, which in this case are partial keys (so that the vanity address calculator doesn't end up knowing your private key). This is computationally more efficient.
The result is just as secure.
Re: A question on ECDSA signing (more efficient tx signing)?
Given:
private keys a & b
Public keys A & B
Data to be signed d
Is it possible to create a signature S such that it can be verified given only A, B, and d?
Why not sign the data d with private key a and then sign the result with private key b to give you S.
Use public key B then public key A on S to result in data d.
Would this solve the original problem?
Even though, as pointed out, there are distinct items of data so it wouldn't work in practice anyway.
This would be for a new (incompatible) transaction format. There would be no distinct items. Transactions would simply ONLY be signed at the tx level.
I don't believe it is possible to verify a double signature the way you described. Remember is verification the entity with the public key isn't recreating the signature and comparing it to the original (if they could do that they could counterfeit the signature on any data). They entity doing the verification can only validate if the signature is valid or not (i.e. true or false).
I'm pretty sure that this would work to do what you originally described. Basically a private key is used with a random number to encrypt (sign) some data and the public key is used to decrypt (check signature). All I was suggesting was sign (encrypt) the data with private key A then sign (encrypt) the result with private key B.
To check just decrypt with public key B then decrypt with public key A. They are really just one way functions.
I'm not sure that you can do what you described above. i.e. you can't just add a lot of private keys, sign a message and then add up the corresponding public keys and use this to check the signature (if that is what you meant) even if you are using EC point addition. I'll have to have a look when I'm more awake (sober)
Re: A question on ECDSA signing (more efficient tx signing)?
Given:
private keys a & b
Public keys A & B
Data to be signed d
Is it possible to create a signature S such that it can be verified given only A, B, and d?
Why not sign the data d with private key a and then sign the result with private key b to give you S.
Use public key B then public key A on S to result in data d.
Would this solve the original problem?
Even though, as pointed out, there are distinct items of data so it wouldn't work in practice anyway.
Re: [ANNOUNCE] Micro-payment channels implementation now in bitcoinj
As it's a fair deal, you sign it and send it to the merchant.
Now the merchant is compensated and grants you the 10ct. service.
Now you feel betrayed by the merchant and publish the very first full reimbursement but the merchant has time until the timeout of A expires to publish any lower reimbursement that you signed and that overrules all prior Bs.
Now the merchant is compensated and grants you the 10ct. service.
Now you feel betrayed by the merchant and publish the very first full reimbursement but the merchant has time until the timeout of A expires to publish any lower reimbursement that you signed and that overrules all prior Bs.
Because bitcoin is a non refundable transaction there is still a question of trust. If there is no escrow between you and the merchant then which transaction takes place first. In your case the merchant is paid before he grants you the 10c service. Or should he grant you the service before he is paid the 10c?
It probably won't be an issue in reality because the transactions are small and somebody will be willing to take the first step.
Exactly. For the 10ct. you need trust and always will need trust for things you can't pack into the blockchain.
Imagine you buy some digital good. The merchant could send you the encrypted version and forge a transaction that would only be valid if it contained the key for your copy of the digital good. You sign the transaction, granting the merchant the price. Now the merchant could either sign it, too, granting you access to the blob of data he claimed was the digital good, or not sign. At least in this scenario you are damn close to having proof that the merchant did not deliver. I doubt that it's theoretically possible to get much closer to trust-free than that.
(Well, colored bitcoins would be an example though. If there is a legally binding contract that states that this car belongs to whoever controls this satoshi, you could pass ownership of this satoshi and a payment for it in one transaction both parties sign and publish. Maybe this is still a bit esoteric.)
It's all about levels of trust. The micro payment system reduces this. It doesn't matter about legally binding contracts because people will still rip you off. Credit card companies calculate how much they will be taken from them each year by people they have entered in to legally binding contracts with and calculate their interest rates so that they still profit. Put your money in a bank account or a government bond or coloured coin guarantor that you trust and you can still lose.
No system is perfect but reducing the level of trust required is very efficient because with trust there is also reputation and even on the Internet this can count for something, even if it's just the hassle of opening a new account with a new e-mail. So if you reduce the level of trust sufficiently it can be counter acted by the loss of reputation.
I like the idea of micro escrow where the escrow agent only holds a small amount from each exchange participant and the exchanges happen in increments. This can be automated and the level of trust is reduced between everybody.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
Thanks SunnyKing. You have made crypto currencies a lot more interesting. Most of these posts are about how to optimise the client but the fundamentals are to do with prime numbers and number theory and hopefully the real benefit of your coin will be more interest in these areas. I like this stuff but I've already learnt more from looking at the ideas behind your currency.
I am sure that there are real number theory experts that have a lot of expertise in generating and analysing primes who have probably haven't heard of prime coin yet. Instead of doing strange abstract pure mathematics for no reason they could now do it to generate a strange virtual currency.
I think that there will a whole generation of ways of improving and optimising your client and block generation speeds but I think this will be closer to mathematical research than speeding up hashing. One of the things I don't understand is why the verification techniques are not a more optimal method to generate the chains?
I also am slightly concerned that the integral of the difficulty factor will not change very often and so the difficulty factor will be dependent on the remainder of the Fermat test which is not very well explained and apparently not linear. This might make the difficulty levels a bit wobbly but none of this will necessarily be a major problem.
I'm looking forward to following the progress of prime coin. Good luck.
I am sure that there are real number theory experts that have a lot of expertise in generating and analysing primes who have probably haven't heard of prime coin yet. Instead of doing strange abstract pure mathematics for no reason
they could now do it to generate a strange virtual currency. I think that there will a whole generation of ways of improving and optimising your client and block generation speeds but I think this will be closer to mathematical research than speeding up hashing. One of the things I don't understand is why the verification techniques are not a more optimal method to generate the chains?
I also am slightly concerned that the integral of the difficulty factor will not change very often and so the difficulty factor will be dependent on the remainder of the Fermat test which is not very well explained and apparently not linear. This might make the difficulty levels a bit wobbly but none of this will necessarily be a major problem.
I'm looking forward to following the progress of prime coin. Good luck.
Re: [ANNOUNCE] Micro-payment channels implementation now in bitcoinj
As it's a fair deal, you sign it and send it to the merchant.
Now the merchant is compensated and grants you the 10ct. service.
Now you feel betrayed by the merchant and publish the very first full reimbursement but the merchant has time until the timeout of A expires to publish any lower reimbursement that you signed and that overrules all prior Bs.
Now the merchant is compensated and grants you the 10ct. service.
Now you feel betrayed by the merchant and publish the very first full reimbursement but the merchant has time until the timeout of A expires to publish any lower reimbursement that you signed and that overrules all prior Bs.
Because bitcoin is a non refundable transaction there is still a question of trust. If there is no escrow between you and the merchant then which transaction takes place first. In your case the merchant is paid before he grants you the 10c service. Or should he grant you the service before he is paid the 10c?
It probably won't be an issue in reality because the transactions are small and somebody will be willing to take the first step.
What about a micro payment exchange?
The low trust payment processor idea seems to me to be less useful idea than a normal payment processor because they usually have to have a higher level of trust with the merchant and the buyer than they have between themselves and often are needed to turn a non refundable transaction into a refundable transaction.
I'm not sure if this is what is suggested.
I like the idea of paying to not see adverts. Where will the publishers loyalties lie? Do you place really annoying adverts on your site so that everybody pays not to see them or place great adverts on your site so that you get lots of ppc or commission. Will publishers be tempted to place more and more adverts in order to win both ways? In the end the customer can choose to pay the premium fee to see no adverts or just a small fee and see the adverts that would have been shown normally before the system was introduced.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
The client is using some sort of sieve to mine for primes. Is this so that you can check for chains starting at multiples of the origin using the same sieve?
When you hash to produce your origin why not just check for the chains using the verification tests ie the Fermat and Euler-Lagrange-Lifchitz tests? If the chain length is only seven then you would only have to perform the tests eight times for each origin or multiple of origin.
Then you could double the origin and use the verification tests again or you could hash again for a different origin and use the verification tests again.
Would this just simply be a slower method?
Or have I misunderstood something?
When you hash to produce your origin why not just check for the chains using the verification tests ie the Fermat and Euler-Lagrange-Lifchitz tests? If the chain length is only seven then you would only have to perform the tests eight times for each origin or multiple of origin.
Then you could double the origin and use the verification tests again or you could hash again for a different origin and use the verification tests again.
Would this just simply be a slower method?
Or have I misunderstood something?
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
The prime chain of each block is built starting from its hash (in a way) so you cannot simply compute any chain in advance.
Onkel Paul
Onkel Paul
I see, thanks.
Just noticed that there is a lot of info on this that I missed.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
I have a very strong academic mathematics background. 'scientific value' is a subjective statement. Most mathematicians would regard anything new or original as advancing mathematics. Do you think patterns in integers have scientific value? Depends on the pattern to an extent and if there are any clear consequences but you'll get varied answers to that question. Some mathematicians and especially scientists such as physicists are snobbish and only regard maths that has a 'real world' application as being useful. It's not clear to me whether this project is finding new prime chain sequences within the known prime numbers or actually trying to determine new, unknown prime numbers using the prime chains as a proof of work. Either way, it has value since it will add new data which will either disprove conjectures or strengthen the likelihood of them being true... plus the analysis of the discovered data could in theory lead to new conjectures (note I know next to nothing about these chains and how much data of them is out there, I'm just writing this reply of the top of my head).
You can also look at this another way. This project could provide a financial incentive for individuals to develop more optimised GPU prime finding algorithms, the theory of which could lead to a greater understanding of prime number distribution e.g. a new sieve or similar construct.
Sunny, can you please clarify whether this project is finding new prime chain sequences within the known prime numbers or actually trying to determine new, unknown prime numbers using the prime chains as a proof of work.
You can also look at this another way. This project could provide a financial incentive for individuals to develop more optimised GPU prime finding algorithms, the theory of which could lead to a greater understanding of prime number distribution e.g. a new sieve or similar construct.
Sunny, can you please clarify whether this project is finding new prime chain sequences within the known prime numbers or actually trying to determine new, unknown prime numbers using the prime chains as a proof of work.
Of course these primes are all 'new'. Finding 'new' primes is not the point, and primes are super-abundant there is no database can store them, it's always trivial to find one not stored in any database.
The point of GIMP is to find the largest known (Mersenne) prime, while the point of primecoin is to find longest chain of reasonable size limit (256 bits to 2000 bits as currently designed). Which one of the two projects is more useful is highly debatable actually. Mersenne has a very long history of study, its infinite existence is not known and they are scarce (only about 50 of them known). While for prime chains, as pointed out by my design paper, these prime chains are connected to the distribution of primes, their infinite existence and distribution is among the top wonders of arithmetic, you know how much mathematician value twin prime conjecture right? At right now I think some mathematicians consider the distribution of these longer chains hopelessly untouchable, and maybe will stay another millenium
I am still having difficulty understanding this pow. If your proof of work is done by generating these prime chains, how is this related to your blockchain?
How am I prevented from producing lots of prime chains in my own time and then using them all at once for a double spend?
I am sure that you have thought of all this but I can't find enough details in your design papers to satisfy my curiosity. Maybe I'm just not looking hard enough. Can you give me the links to all your technical stuff in case I've missed something.
It's a really interesting idea - I'm just trying to get a full understanding of exactly what the pow does.
Thanks.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
Those primes are large, not astronomically large as Mersenne primes of course, but there is no such thing as a 'prime table' that you can look it up at this scale, as primes are abundant.
Yes, but clearly it takes less computing power to 'look up' a prime than to use the client software to create it then to check if it is part of a chain.
If you have created a client that can manufacture primes then it is easy to use the client to manufacture them and then store them in a database for analysis.
I am pretty sure that there is such a thing as a 'prime table'. It is a database of known primes.
Ok. Thinking about it there probably isn't a complete database of all known primes but that doesn't mean that there isn't a weakness in your pow scheme.
Is your client software the most efficient way of computing these primes and prime chains and verifying them or can a more efficient mathematical way be produced? I bet you can't show me a mathematical proof of this. Maybe you can??
Whereas the SHA 256 hashing function used in bitcoin has undergone a pretty thorough mathematical analysis by some very clever people over the years.
I'm just being the devil's advocate but these questions need to be asked.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
Those primes are large, not astronomically large as Mersenne primes of course, but there is no such thing as a 'prime table' that you can look it up at this scale, as primes are abundant.
Yes, but clearly it takes less computing power to 'look up' a prime than to use the client software to create it then to check if it is part of a chain.
If you have created a client that can manufacture primes then it is easy to use the client to manufacture them and then store them in a database for analysis.
I am pretty sure that there is such a thing as a 'prime table'. It is a database of known primes.
Re: [XPM] [ANN] Primecoin Release - First Scientific Computing Cryptocurrency
I've noticed that most of the posts are concerning the technical difficulties of getting the client up and running.
I had a look at your white paper and see that your proof of work is based on the idea of prime chains.
Is there any way that the pow could be manufactured by analysis of tables of existing primes or pseudo primes? (i.e. running verification tests against tables of known primes/ pseudo primes) If so your pow problem would be reduced to the manufacturing of large primes.
I know the bitcoin SHA 256 is very well researched but I don't know about this prime chain stuff.
Is your maths expertise good enough to guarantee the security of this?
I like the idea, hope it works, just have to ask.
I had a look at your white paper and see that your proof of work is based on the idea of prime chains.
Is there any way that the pow could be manufactured by analysis of tables of existing primes or pseudo primes? (i.e. running verification tests against tables of known primes/ pseudo primes) If so your pow problem would be reduced to the manufacturing of large primes.
I know the bitcoin SHA 256 is very well researched but I don't know about this prime chain stuff.
Is your maths expertise good enough to guarantee the security of this?
I like the idea, hope it works, just have to ask.
You deposit, say one bitcoin with the server hosting the exchange, and then put in your bid or offer.
When the bids and offers are matched and both parties agree the exchange begins directly between the clients multi crypto currency wallets but only one bitcoin (or equivalent in lite coins) at a time alternating between clients. After each one bitcoin transaction in one direction is confirmed the equivalent litecoin transaction in the opposite direction is initiated. This is done automatically by the client wallets.
If either client stops the transaction at any point the exchange holds the deposit to even things up if necessary.
If you want to increase the increment of exchange you can put a higher deposit but apart from the deposits all currency exchange is directly between the clients.
This is only suitable for crypto currencies not fiat.
When the bids and offers are matched and both parties agree the exchange begins directly between the clients multi crypto currency wallets but only one bitcoin (or equivalent in lite coins) at a time alternating between clients. After each one bitcoin transaction in one direction is confirmed the equivalent litecoin transaction in the opposite direction is initiated. This is done automatically by the client wallets.
If either client stops the transaction at any point the exchange holds the deposit to even things up if necessary.
If you want to increase the increment of exchange you can put a higher deposit but apart from the deposits all currency exchange is directly between the clients.
This is only suitable for crypto currencies not fiat.
I suppose you could earn content space in the same way that miners earn bitcoins and the web browsers could provide pow and donate to sites they want to support. It wouldn't be needed by every website but might be useful for anything more subversive.
Would it be possible to use a version of the bitcoin blockchain for decentralized web publishing. Rather than host my site on a server it would be broadcast on a 'webchain' and the publishers instead of paying hosting charges would provide pow to verify the webchain in a similar way to bitcoin miners. The published material and edits would be digitally signed. It would be decentralised and resistant to ddos and more difficult for any government to take down. Would this work?