1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
|
Return-Path: <dscotese@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id EFCEE15FD
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 May 2018 20:03:42 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f54.google.com (mail-lf0-f54.google.com
[209.85.215.54])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 56E48180
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 May 2018 20:03:40 +0000 (UTC)
Received: by mail-lf0-f54.google.com with SMTP id j193-v6so25672060lfg.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 21 May 2018 13:03:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=j2PKtyCiDEvU7OYeNYmWvQTdlx0BXhHQZ93gU3nH8+o=;
b=dhRA6NSr3m0faLW4zDSn8jHm8OVLMy+ZVb9YBkXNEyCg1P352S2IuK+vDjAJ4COfTb
arw28dt/8SiReM7HheTuIWgM/tnfr46CsIiLpDfea6b0z3DQ6F8uaMjw+P1UM7uzaX1u
dMBpplDJZ07bkwaDxIWy3nMp7yGJbTA6IndbpC8wRmmrtScaRlaiT7KiEwzrQS8rOtgk
Skb++X8yB4r00NyzcVx471/mvT5HoLtMoOJGCvSHNcrpxEx5uvh1ndV8lMjI4Ik0ti8A
hOHb7yNANUV2aWtvo6sBMdGSqm6BYqnuiV7gXvffT5R2uAko3RaMf99Isam9M4EyH+o2
ZoNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=j2PKtyCiDEvU7OYeNYmWvQTdlx0BXhHQZ93gU3nH8+o=;
b=CUxKRhtx1R91xyqOqfUL5Z/btyplNh/nLDvv4MQLEMzreMSzr4DeOqjt17wBsK3kS1
TgnZuVnJTAkq62MRzy4DDpt8A6FQKn6abVKOqAmZrBxOgJ4fVgW+KDKM7kQRbBaYS9Dd
ETN9SbKEA4PljwblhPVbHLGPSC+3ktyBYz+H2zpfIahlAc5z1+jJpYAjNBERkocFoDci
owoNzqO6NCWaqsHnUFcLX3RAvIP6emGciGjPWEUpvvZl6SarmtkwM1xmg7Fu3K939DTC
9F4tbd/pLA8bEQryE3plI4iK88ATK10ps3S6Cb8HB1FPTAWNr5RZsvyVMk1U5EmdYFZs
c34A==
X-Gm-Message-State: ALKqPweQp0dwuO1WmJph9xI3nBFbM4gyJNRbv/F0L7pUTtggG8QI/87U
Ce2vqBBXZfvSvOPEcZDY3vLnULmle2tC8p8nC8o=
X-Google-Smtp-Source: AB8JxZpidwGfbuXqpx8onjxn1nmobEhH8vUkPkQW+NfNUOIii3OzQBksfnmf1U8lJaDkFXSyQNey0qDowU1c7KIhv+A=
X-Received: by 2002:a19:1b90:: with SMTP id
b138-v6mr4113819lfb.17.1526933018578;
Mon, 21 May 2018 13:03:38 -0700 (PDT)
MIME-Version: 1.0
Sender: dscotese@gmail.com
Received: by 2002:a19:d40c:0:0:0:0:0 with HTTP; Mon, 21 May 2018 13:03:37
-0700 (PDT)
In-Reply-To: <PS2P216MB01792E0070D82D4E155EDC139D960@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
References: <CAGLBAhc6KoRNj-UB+Zo6D6NL-DcL++MM-qMMarTCOKjYLB_bPg@mail.gmail.com>
<CADtTMvnNTkWWwGw7_u5cvTf28LEKhxcRHb_n5qctf3oLidh=ng@mail.gmail.com>
<CAGLBAhfzrv5CD+ohEcQGXC=WzGs58+_UwaHup-e-rs-1WaFxug@mail.gmail.com>
<CADtTMv=tjQiaSDu5zMzHpmt_EX5Ku+RSrQAGOywA3S16sj78yQ@mail.gmail.com>
<CAGLBAhcBPJFEidtNA0UDva-=_0e5Zn0400O9i2nwV3W4HkWnfg@mail.gmail.com>
<PS2P216MB01792E0070D82D4E155EDC139D960@PS2P216MB0179.KORP216.PROD.OUTLOOK.COM>
From: Dave Scotese <dscotese@litmocracy.com>
Date: Mon, 21 May 2018 13:03:37 -0700
X-Google-Sender-Auth: ofn3jk41i71dppeb6PZ9KlmG3_4
Message-ID: <CAGLBAhcJLavbU+HVi2T+42xEAMGRfoMBJH_sU52YLzmJrn+iTw@mail.gmail.com>
To: Damian Williamson <willtech@live.com.au>
Content-Type: multipart/alternative; boundary="0000000000002b13c4056cbccca5"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [bitcoin-discuss] Checkpoints in the Blockchain.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2018 20:03:43 -0000
--0000000000002b13c4056cbccca5
Content-Type: text/plain; charset="UTF-8"
Our wetware memory is faulty at details, but a rendering that provides
features at which it isn't faulty makes it a decent backup in situations
where technology has been used to hide important differences from us. Some
of us may recall being in a situation where something seems off, and we
start to investigate, and then we discover that something was off. April
Fools jokes are good examples, as well as satire and news reports from The
Onion.
The point of storing the entire blockchain history is to prevent any of
that history being changed in a way that illicitly alters the UTXO Set.
Whenever a memorable enough rendering of the UTXO Set is produced (which
has happened exactly once - when Bitcoin started, it was empty, and after
that, it just looks like a bunch of random computer data), the risk of
altering the history before it goes up, even if you have the computing
power to make subsequent block headers follow all the rules (and even to
successfully execute a 51% attack!). In this announcement
<http://lists.mindrot.org/pipermail/openssh-unix-dev/2008-July/026693.html>,
the first item under "new features" has this, which follows the same
principle as my idea:
Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and
> ssh-keygen(1). Visual fingerprinnt display is controlled by a new
> ssh_config(5) option "VisualHostKey". The intent is to render SSH host keys
> in a visual form that is amenable to easy recall and rejection of changed
> host keys. This technique inspired by the graphical hash visualisation
> schemes known as "random art[*]", and by Dan Kaminsky's musings at 23C3 in
> Berlin.
>
On Sat, May 19, 2018 at 10:12 PM, Damian Williamson <willtech@live.com.au>
wrote:
> I do understand your point, however, 'something like stuxnet' cannot be
> used to create valid data without re-doing all the PoW. Provided some valid
> copies of the blockchain continue to exist, the network can re-synchronise.
>
>
> Unrelated, it would seem useful to have some kind of deep blockchain
> corruption recovery mechanism if it does not exist; where blocks are
> altered at a depth exceeding the re-scan on init, efficient recovery is
> possible *on detection*. Presumably, it would be possible for some
> stuxnet like thing to modify blocks by modifying the table data making
> blocks invalid but without causing a table corruption. I would also suppose
> that if the node is delving deep into the blockchain for transaction data,
> that is would also validate the block at least that it has a valid hash
> (apart from Merkle tree validation for the individual transaction?) and
> that the hash of its immediate ancestor is also valid.
>
>
> Regards,
>
> Damian Williamson
>
>
> ------------------------------
> *From:* bitcoin-discuss-bounces@lists.linuxfoundation.org <
> bitcoin-discuss-bounces@lists.linuxfoundation.org> on behalf of Dave
> Scotese via bitcoin-discuss <bitcoin-discuss@lists.linuxfoundation.org>
> *Sent:* Sunday, 20 May 2018 11:58 AM
> *To:* Scott Roberts
> *Cc:* Bitcoin Discuss
> *Subject:* Re: [bitcoin-discuss] Checkpoints in the Blockchain.
>
> I wouldn't limit my rendering to words, but that is a decent starting
> point. The richer the rendering, the harder it will be to forget, but it
> needn't all be developed at once. My goal here is to inspire the creation
> of art that is, at the same time, highly useful and based on randomness.
>
> Anyway, I asked what "premise that this is needed" you meant and I still
> don't know the answer.
>
> "The archive is a shared memory" - yes, a shared *computer* memory, and
> growing larger (ie more cumbersome) every day. If something like stuxnet is
> used to change a lot of the copies of it at some point, it seems likely
> that people will notice a change, but which history is correct won't be so
> obvious because for the *humans* whose memories are not so easily
> overwritten, computer data is remarkably non-memorable in it's normal form
> (0-9,a-f, whatever). If we ever want to abandon the historical transaction
> data, having a shared memory of the state of a recent UTXO Set will help to
> obviate the need for it. Yes, of course the blockchain is the perfect
> solution, as long as there is *exactly one* and everyone can see that
> it's the same one that everyone else sees. Any other number of archives
> presents a great difficulty.
>
> In that scenario, there's no other way to prove that the starting point is
> valid. Bitcoin has included a hardcoded-checkpoint in the code which
> served the same purpose, but this ignores the possibility that two versions
> of the code could be created, one with a fake checkpoint that is useful to
> a powerful attacker. If the checkpoint were rendered into something
> memorable at the first opportunity, there would be little question about
> which one is correct when the difference is discovered.
>
> On Sat, May 19, 2018 at 5:22 PM, Scott Roberts <wordsgalore@gmail.com>
> wrote:
>
> I just don't see the point of needing to know it any different from the
> hex value. Or maybe I should say I can't imagine it being useful because I
> can't imagine what you're after is possible. There might be a theoretical
> proof that what you're after is impossible. Hard to forget is almost the
> opposite of many options and what we're trying to do is decide between many
> options. I'll assume English because it's the only starting point I have
> that's even in the ballpark of being possible. You might need to constrain
> the word selection and the structure in which you put it. I can only
> imagine that you are talking about putting the words into some sort of
> story. The only kind of story that would be hard to forget is one that
> fits into an overall structure that we are familiar with but those types of
> structures are few compared to the possibilities that we're trying to
> encode. "Hard to deny" is a type of "hard to forget". Besides trying to
> connect it to external reality or history that we can all agree on there is
> also an internal consistency that could be used like a checksum such as the
> structure I mentioned. The only thing that seems to fit the bill is the
> blockchain itself. It's on everyone's computer so it's impossible to forget
> and it has internal consistency. Is the only shared memory we have that
> can't be subject to a Sybil attack or other hijacking of our memory of the
> true history. Our translation of the hash into words and a story could
> potentially be subject to hijacking if it's not done perfectly correct. It
> just seems best to me to use the hash itself. They archived existence of
> the prior parts of the blockchain are what make that particular hash hard
> to forget. Supposedly it can't be forged to reference a fake history. The
> archive is a shared memory that fits the encoding rules.
>
> On Sat, May 19, 2018, 4:30 PM Dave Scotese <dscotese@litmocracy.com>
> wrote:
>
> Did you mean the premise that we have "the need to retain the full
> blockchain in order to validate the UTXO Set"?
>
> I hadn't thought of just making it *easier* to remember, as your
> suggestion does (12-13 words), and that's a great idea. I have passphrases
> of that kind, but I noticed a kind of mandela effect
> <https://www.snopes.com/news/2016/07/24/the-mandela-effect/> just with
> myself. For example, I one of the words I chose was like "olfactory" but
> after a few months, what I remembered was like "ontology". The solution I
> came up with is to couple the data with far more items than we normally
> do. Every ten minutes, we get a new set of 256 bits that can be used to
> create something potential *very difficult* to forget, and that's what
> I'm after.
>
> An algorithm could be used to do this with the Bip39 word list. If we
> categorized the words according to parts of speech, the bits could be used
> to determine which word goes next in a kind of ad-lib, but this creates a
> phrase that is only memorable in the language for which the algorithm is
> developed. As a thought experiment, I'll try adjective noun verb(as past
> tense) noun preposition adjective adjective noun: Stuff would come out like
> "Able abstract abused accident across actual adult affair." not memorable
> at all, but sense can be made of it and sometimes the sense will be
> remarkable. As it is, I will have forgotten it in an hour or two.
>
> On Thu, May 17, 2018 at 4:29 PM, Scott Roberts <wordsgalore@gmail.com>
> wrote:
>
> I disagree with your premise that this is needed, I like the question.
> Humans are experts at language and I don't think we have another repository
> at hand that we can categorize for memory that is better than words. Using
> words is a common way of doing what you're thinking about. If the
> checkpoint could be a hash that meets a difficulty target the possibilities
> are 2^182 at the current hashrate instead of 2^256. So we need only 12 or
> 13 common words with their various possible endings (30,000). I would find
> it easier to insert a letter and 3 numbers after every 2 words so there
> would be only 8 words used. There are probably other tricks people have
> figured out but there can't be any kind of advanced encoding because it
> wouldn't benefit more than one word. There might be a way to convert the
> words into something that almost sounds like English sentences but it would
> probably come out a cost of at least doubling the number of words.
>
> On Thu, May 17, 2018, 12:13 PM Dave Scotese via bitcoin-discuss <
> bitcoin-discuss@lists.linuxfoundation.org> wrote:
>
> I got the idea that a SHA256 hash could be rendered into something
> difficult to forget. The rendering would involve using each of the 256
> bits to specify something important about the rendering - important in an
> instinctive human-memory way.
>
> Let's assume such a rendering is possible, and that at any time, any
> person can execute the rendering against the SHA256 hash of a consistent
> representation of the UTXO Set. Sometimes, someone will execute the
> rendering and discover that it is remarkable in some way (making it even
> more memorable), and therefore will publish it.
>
> The published, memorable rendering now becomes a kind of protection
> against any possible re-writing of the blockchain from any point prior to
> that UTXO Set. When everyone involved in Bitcoin recognizes this
> protection, it relieves us of the need to retain the full blockchain in
> order to validate the UTXO Set at that point, because enough people will
> recognize it, and it can be validated without reference to any kind of
> prior computer record.
>
> This does leave open the possibility that an attacker could create a more
> favorable UTXO Set that happens to have a rendering similar enough to fool
> people, or one that has exactly the same SHA256-hash, but that possibility
> is remote enough to ignore (just as we all ignore the possibility that
> whatever creates the master seed for our HD wallet will create a unique
> master seed).
>
> I've been working on how such a rendering could happen. It could describe
> music, characters, colors, plot points, memorable elements of characters,
> etc.
>
> Dave Scotese
>
> _______________________________________________
> bitcoin-discuss mailing list
> bitcoin-discuss@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-discuss
>
>
>
>
> --
> I like to provide some work at no charge to prove my value. Do you need a
> techie?
> I own Litmocracy <http://www.litmocracy.com> and Meme Racing
> <http://www.memeracing.net> (in alpha).
> I'm the webmaster for The Voluntaryist <http://www.voluntaryist.com>
> which now accepts Bitcoin.
> I also code for The Dollar Vigilante <http://dollarvigilante.com/>.
> "He ought to find it more profitable to play by the rules" - Satoshi
> Nakamoto
>
>
>
>
> --
> I like to provide some work at no charge to prove my value. Do you need a
> techie?
> I own Litmocracy <http://www.litmocracy.com> and Meme Racing
> <http://www.memeracing.net> (in alpha).
> I'm the webmaster for The Voluntaryist <http://www.voluntaryist.com>
> which now accepts Bitcoin.
> I also code for The Dollar Vigilante <http://dollarvigilante.com/>.
> "He ought to find it more profitable to play by the rules" - Satoshi
> Nakamoto
>
--
I like to provide some work at no charge to prove my value. Do you need a
techie?
I own Litmocracy <http://www.litmocracy.com> and Meme Racing
<http://www.memeracing.net> (in alpha).
I'm the webmaster for The Voluntaryist <http://www.voluntaryist.com> which
now accepts Bitcoin.
I also code for The Dollar Vigilante <http://dollarvigilante.com/>.
"He ought to find it more profitable to play by the rules" - Satoshi
Nakamoto
--0000000000002b13c4056cbccca5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">
<div>Our wetware memory is faulty at details, but a rendering that provides=
features at which it isn't faulty makes it a decent backup in situatio=
ns where technology has been used to hide important differences from us. So=
me of us may recall being in a situation where something seems off, and we =
start to investigate, and then we discover that something was off.=C2=A0 Ap=
ril Fools jokes are good examples, as well as satire and news reports from =
The Onion.</div><div><br></div><div>The point of storing the entire blockch=
ain history is to prevent any of that history being changed in a way that i=
llicitly alters the UTXO Set.=C2=A0 Whenever a memorable enough rendering o=
f the UTXO Set is produced (which has happened exactly once - when Bitcoin =
started, it was empty, and after that, it just looks like a bunch of random=
computer data), the risk of altering the history before it goes up, even i=
f you have the computing power to make subsequent block headers follow all =
the rules (and even to successfully execute a 51% attack!).=C2=A0=20
In <a href=3D"http://lists.mindrot.org/pipermail/openssh-unix-dev/2008-July=
/026693.html">this announcement</a>, the first item under "new feature=
s" has this, which follows the same principle as my idea:</div><div><b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex">
Introduce experimental SSH Fingerprint
ASCII Visualisation to ssh(1) and
ssh-keygen(1). Visual fingerprinnt
display is controlled by a new
ssh_config(5) option "VisualHostKey".
The intent is to render SSH host keys
in a visual form that is amenable to
easy recall and rejection of changed
host keys. This technique inspired by
the graphical hash visualisation
schemes known as "random art[*]", and
by Dan Kaminsky's musings at 23C3 in
Berlin.
<br></blockquote><div><br></div><div>=C2=A0<br></div></div><div class=3D"gm=
ail_extra"><br><div class=3D"gmail_quote">On Sat, May 19, 2018 at 10:12 PM,=
Damian Williamson <span dir=3D"ltr"><<a href=3D"mailto:willtech@live.co=
m.au" target=3D"_blank">willtech@live.com.au</a>></span> wrote:<br><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex">
<div dir=3D"ltr">
<div id=3D"m_-4458935732121320258divtagdefaultwrapper" style=3D"font-size:1=
2pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans-serif,"EmojiFo=
nt","Apple Color Emoji","Segoe UI Emoji",NotoColor=
Emoji,"Segoe UI Symbol","Android Emoji",EmojiSymbols" d=
ir=3D"ltr">
<p style=3D"margin-top:0;margin-bottom:0">I do understand your point, howev=
er, 'something like stuxnet' cannot be used to create valid data wi=
thout re-doing all the PoW. Provided some valid copies of the blockchain co=
ntinue to exist, the network can re-synchronise.</p>
<p style=3D"margin-top:0;margin-bottom:0"><br>
</p>
<p style=3D"margin-top:0;margin-bottom:0">Unrelated, it would seem useful t=
o have some kind of deep blockchain corruption recovery mechanism if it doe=
s not exist; where blocks are altered at a depth exceeding the re-scan on i=
nit, efficient recovery is possible
<u>on detection</u>. Presumably, it would be possible for some stuxnet like=
thing to modify blocks by modifying the table data making blocks invalid b=
ut without causing a table corruption. I would also suppose that if the nod=
e is delving deep into the blockchain
for transaction data, that is would also validate the block at least that =
it has a valid hash (apart from Merkle tree validation for the individual t=
ransaction?) and that the hash of its immediate ancestor is also valid.</p>
<p style=3D"margin-top:0;margin-bottom:0"><br>
</p>
<p style=3D"margin-top:0;margin-bottom:0">Regards,</p>
<p style=3D"margin-top:0;margin-bottom:0">Damian Williamson<br>
</p>
<br>
<br>
<div style=3D"color:rgb(0,0,0)">
<hr style=3D"display:inline-block;width:98%">
<div id=3D"m_-4458935732121320258divRplyFwdMsg" dir=3D"ltr"><font style=3D"=
font-size:11pt" face=3D"Calibri, sans-serif" color=3D"#000000"><b>From:</b>=
<a href=3D"mailto:bitcoin-discuss-bounces@lists.linuxfoundation.org" targe=
t=3D"_blank">bitcoin-discuss-bounces@lists.<wbr>linuxfoundation.org</a> <=
;<a href=3D"mailto:bitcoin-discuss-bounces@lists.linuxfoundation.org" targe=
t=3D"_blank">bitcoin-discuss-bounces@<wbr>lists.linuxfoundation.org</a>>=
on behalf of Dave Scotese via bitcoin-discuss
<<a href=3D"mailto:bitcoin-discuss@lists.linuxfoundation.org" target=3D=
"_blank">bitcoin-discuss@lists.<wbr>linuxfoundation.org</a>><br>
<b>Sent:</b> Sunday, 20 May 2018 11:58 AM<br>
<b>To:</b> Scott Roberts<br>
<b>Cc:</b> Bitcoin Discuss<br>
<b>Subject:</b> Re: [bitcoin-discuss] Checkpoints in the Blockchain.</font>
<div>=C2=A0</div>
</div><div><div class=3D"h5">
<div>
<div dir=3D"ltr">
<div>I wouldn't limit my rendering to words, but that is a decent start=
ing point.=C2=A0 The richer the rendering, the harder it will be to forget,=
but it needn't all be developed at once. My goal here is to inspire th=
e creation of art that is, at the same time,
highly useful and based on randomness.</div>
<div><br>
</div>
<div>Anyway, I asked what "premise that this is needed" you meant=
and I still don't know the answer.</div>
<div><br>
</div>
<div>"The archive is a shared memory" - yes, a shared <b>computer=
</b> memory, and growing larger (ie more cumbersome) every day. If somethin=
g like stuxnet is used to change a lot of the copies of it at some point, i=
t seems likely that people will notice a change,
but which history is correct won't be so obvious because for the <i>hu=
mans</i> whose memories are not so easily overwritten, computer data is rem=
arkably non-memorable in it's normal form (0-9,a-f, whatever).=C2=A0 If=
we ever want to abandon the historical transaction
data, having a shared memory of the state of a recent UTXO Set will help t=
o obviate the need for it.=C2=A0 Yes, of course the blockchain is the perfe=
ct solution, as long as there is
<b>exactly one</b> and everyone can see that it's the same one that eve=
ryone else sees.=C2=A0 Any other number of archives presents a great diffic=
ulty.<br>
</div>
<div><br>
</div>
<div>In that scenario, there's no other way to prove that the starting =
point is valid.=C2=A0 Bitcoin has included a hardcoded-checkpoint in the co=
de which served the same purpose, but this ignores the possibility that two=
versions of the code could be created, one
with a fake checkpoint that is useful to a powerful attacker.=C2=A0 If the=
checkpoint were rendered into something memorable at the first opportunity=
, there would be little question about which one is correct when the differ=
ence is discovered.<br>
</div>
</div>
<div class=3D"m_-4458935732121320258x_gmail_extra"><br>
<div class=3D"m_-4458935732121320258x_gmail_quote">On Sat, May 19, 2018 at =
5:22 PM, Scott Roberts <span dir=3D"ltr">
<<a href=3D"mailto:wordsgalore@gmail.com" id=3D"m_-4458935732121320258LP=
lnk194674" class=3D"m_-4458935732121320258OWAAutoLink" target=3D"_blank">wo=
rdsgalore@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"m_-4458935732121320258x_gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"auto">I just don't see the point of needing to know it any =
different from the hex value. Or maybe I should say I can't imagine it =
being useful because I can't imagine what you're after is possible.=
There might be a theoretical proof that what you're
after is impossible. Hard to forget is almost the opposite of many options=
and what we're trying to do is decide between many options. I'll a=
ssume English because=C2=A0 it's the only starting point I have that=
9;s even in the ballpark of being possible. You might
need to constrain the word selection and the structure in which you put it=
. I can only imagine that you are talking about putting the words into some=
sort of story. The only kind of story that would be hard to forget=C2=A0 i=
s one that=C2=A0 fits into an overall structure
that we are familiar with but those types of structures are few=C2=A0 comp=
ared to the possibilities that we're trying to encode. "Hard to de=
ny" is a type of "hard to forget". Besides trying to connect=
it to external reality or history that we can all agree on there
is also an internal consistency that could be used like a checksum such as=
the structure I mentioned. The only thing that seems to fit the bill is th=
e blockchain itself. It's on everyone's computer so it's imposs=
ible to forget and it has internal consistency.
Is the only shared memory we have that can't be subject to a Sybil att=
ack or other hijacking of our memory of the true history. Our translation o=
f the hash into words and a story could potentially be subject to hijacking=
if it's not done perfectly correct.
It just seems best to me to use the hash itself. They archived existence o=
f the prior parts of the blockchain are what make that particular hash hard=
to forget. Supposedly it can't be forged to reference=C2=A0 a fake his=
tory. The archive is a shared memory that
fits the encoding rules.</div>
<div class=3D"m_-4458935732121320258x_HOEnZb">
<div class=3D"m_-4458935732121320258x_h5"><br>
<div class=3D"m_-4458935732121320258x_gmail_quote">
<div dir=3D"ltr">On Sat, May 19, 2018, 4:30 PM Dave Scotese <<a href=3D"=
mailto:dscotese@litmocracy.com" id=3D"m_-4458935732121320258LPlnk529846" cl=
ass=3D"m_-4458935732121320258OWAAutoLink" target=3D"_blank">dscotese@litmoc=
racy.com</a>> wrote:<br>
</div>
<blockquote class=3D"m_-4458935732121320258x_gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr">
<div>Did you mean the premise that we have "the need to retain the ful=
l blockchain in order to validate the UTXO Set"?<br>
</div>
<div><br>
</div>
<div>I hadn't thought of just making it <i>easier</i> to remember, as y=
our suggestion does (12-13 words), and that's a great idea.=C2=A0 I hav=
e passphrases of that kind, but I noticed a kind of
<a href=3D"https://www.snopes.com/news/2016/07/24/the-mandela-effect/" rel=
=3D"noreferrer" id=3D"m_-4458935732121320258LPlnk311474" class=3D"m_-445893=
5732121320258OWAAutoLink" target=3D"_blank">
mandela effect</a> just with myself.=C2=A0 For example, I one of the words =
I chose was like "olfactory" but after a few months, what I remem=
bered was like "ontology". The solution I came up with is to coup=
le the data with far more items than we normally do.=C2=A0 Every
ten minutes, we get a new set of 256 bits that can be used to create somet=
hing potential
<i>very difficult</i> to forget, and that's what I'm after.</div>
<div><br>
</div>
<div>An algorithm could be used to do this with the Bip39 word list.=C2=A0 =
If we categorized the words according to parts of speech, the bits could be=
used to determine which word goes next in a kind of ad-lib, but this creat=
es a phrase that is only memorable in
the language for which the algorithm is developed.=C2=A0 As a thought expe=
riment, I'll try adjective noun verb(as past tense) noun preposition ad=
jective adjective noun: Stuff would come out like "Able abstract abuse=
d accident across actual adult affair."=C2=A0 not memorable
at all, but sense can be made of it and sometimes the sense will be remark=
able.=C2=A0 As it is, I will have forgotten it in an hour or two.<br>
</div>
</div>
<div class=3D"m_-4458935732121320258x_gmail_extra"><br>
<div class=3D"m_-4458935732121320258x_gmail_quote">On Thu, May 17, 2018 at =
4:29 PM, Scott Roberts <span dir=3D"ltr">
<<a href=3D"mailto:wordsgalore@gmail.com" rel=3D"noreferrer" id=3D"m_-44=
58935732121320258LPlnk734576" class=3D"m_-4458935732121320258OWAAutoLink" t=
arget=3D"_blank">wordsgalore@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"m_-4458935732121320258x_gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"auto">I disagree with your premise that this is needed, I like =
the question. Humans are experts at language and I don't think we have =
another repository at hand that we can categorize for memory that is better=
than words. Using words is a common way
of doing what you're thinking about. If the checkpoint could be a hash=
that meets a difficulty target the possibilities are 2^182 at the current =
hashrate instead of 2^256. So we need only 12 or 13 common words with their=
various possible endings (30,000).=C2=A0
I would find it easier to insert=C2=A0 a letter and 3 numbers after every =
2 words so there would be only 8 words used. There are probably other trick=
s people have figured out but there can't be any kind of advanced encod=
ing because it wouldn't benefit more than
one word. There might be a way to convert the words into something that al=
most sounds like English sentences but it would probably come out a cost of=
at least doubling the number of words.</div>
<br>
<div class=3D"m_-4458935732121320258x_gmail_quote">
<div>
<div class=3D"m_-4458935732121320258x_m_3687701302981427351m_46014162843322=
51381h5">
<div dir=3D"ltr">On Thu, May 17, 2018, 12:13 PM Dave Scotese via bitcoin-di=
scuss <<a href=3D"mailto:bitcoin-discuss@lists.linuxfoundation.org" rel=
=3D"noreferrer" id=3D"m_-4458935732121320258LPlnk791085" class=3D"m_-445893=
5732121320258OWAAutoLink" target=3D"_blank">bitcoin-discuss@lists.linuxfo<w=
br>undation.org</a>>
wrote:<br>
</div>
</div>
</div>
<blockquote class=3D"m_-4458935732121320258x_gmail_quote" style=3D"margin:0=
0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class=3D"m_-4458935732121320258x_m_3687701302981427351m_46014162843322=
51381h5">
<div dir=3D"ltr">
<div>I got the idea that a SHA256 hash could be rendered into something dif=
ficult to forget.=C2=A0 The rendering would involve using each of the 256 b=
its to specify something important about the rendering - important in an in=
stinctive human-memory way.</div>
<div><br>
</div>
<div>Let's assume such a rendering is possible, and that at any time, a=
ny person can execute the rendering against the SHA256 hash of a consistent=
representation of the UTXO Set.=C2=A0 Sometimes, someone will execute the =
rendering and discover that it is remarkable
in some way (making it even more memorable), and therefore will publish it=
.<br>
</div>
<div><br>
</div>
<div>The published, memorable rendering now becomes a kind of protection ag=
ainst any possible re-writing of the blockchain from any point prior to tha=
t UTXO Set.=C2=A0 When everyone involved in Bitcoin recognizes this protect=
ion, it relieves us of the need to retain
the full blockchain in order to validate the UTXO Set at that point, becau=
se enough people will recognize it, and it can be validated without referen=
ce to any kind of prior computer record.<br>
</div>
<div><br>
</div>
<div>This does leave open the possibility that an attacker could create a m=
ore favorable UTXO Set that happens to have a rendering similar enough to f=
ool people, or one that has exactly the same SHA256-hash, but that possibil=
ity is remote enough to ignore (just
as we all ignore the possibility that whatever creates the master seed for=
our HD wallet will create a unique master seed).</div>
<div><br>
</div>
<div>I've been working on how such a rendering could happen.=C2=A0 It c=
ould describe music, characters, colors, plot points, memorable elements of=
characters, etc.</div>
<div><br>
</div>
<div>Dave Scotese<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
______________________________<wbr>_________________<br>
bitcoin-discuss mailing list<br>
<a href=3D"mailto:bitcoin-discuss@lists.linuxfoundation.org" rel=3D"norefer=
rer noreferrer" id=3D"m_-4458935732121320258LPlnk668661" class=3D"m_-445893=
5732121320258OWAAutoLink" target=3D"_blank">bitcoin-discuss@lists.linuxfou<=
wbr>ndation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-discu=
ss" rel=3D"noreferrer noreferrer noreferrer" id=3D"m_-4458935732121320258LP=
lnk666715" class=3D"m_-4458935732121320258OWAAutoLink" target=3D"_blank">ht=
tps://lists.linuxfoundation.<wbr>org/mailman/listinfo/bitcoin-d<wbr>iscuss<=
/a><br>
</blockquote>
</div>
</blockquote>
</div>
<br>
<br clear=3D"all">
<br>
-- <br>
<div class=3D"m_-4458935732121320258x_m_3687701302981427351m_46014162843322=
51381gmail_signature">
<div dir=3D"ltr">I like to provide some work at no charge to prove my value=
. Do you need a techie?=C2=A0
<br>
I own <a href=3D"http://www.litmocracy.com" rel=3D"noreferrer" id=3D"m_-445=
8935732121320258LPlnk280464" class=3D"m_-4458935732121320258OWAAutoLink" ta=
rget=3D"_blank">
Litmocracy</a> and <a href=3D"http://www.memeracing.net" rel=3D"noreferrer"=
id=3D"m_-4458935732121320258LPlnk811111" class=3D"m_-4458935732121320258OW=
AAutoLink" target=3D"_blank">
Meme Racing</a> (in alpha). <br>
I'm the webmaster for <a href=3D"http://www.voluntaryist.com" rel=3D"no=
referrer" id=3D"m_-4458935732121320258LPlnk171451" class=3D"m_-445893573212=
1320258OWAAutoLink" target=3D"_blank">
The Voluntaryist</a> which now accepts Bitcoin.<br>
I also code for <a href=3D"http://dollarvigilante.com/" rel=3D"noreferrer" =
id=3D"m_-4458935732121320258LPlnk753958" class=3D"m_-4458935732121320258OWA=
AutoLink" target=3D"_blank">
The Dollar Vigilante</a>.<br>
"He ought to find it more profitable to play by the rules" - Sato=
shi Nakamoto</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear=3D"all">
<br>
-- <br>
<div class=3D"m_-4458935732121320258x_gmail_signature">
<div dir=3D"ltr">I like to provide some work at no charge to prove my value=
. Do you need a techie?=C2=A0
<br>
I own <a href=3D"http://www.litmocracy.com" id=3D"m_-4458935732121320258LPl=
nk448217" class=3D"m_-4458935732121320258OWAAutoLink" target=3D"_blank">
Litmocracy</a> and <a href=3D"http://www.memeracing.net" id=3D"m_-445893573=
2121320258LPlnk20419" class=3D"m_-4458935732121320258OWAAutoLink" target=3D=
"_blank">
Meme Racing</a> (in alpha). <br>
I'm the webmaster for <a href=3D"http://www.voluntaryist.com" id=3D"m_-=
4458935732121320258LPlnk762533" class=3D"m_-4458935732121320258OWAAutoLink"=
target=3D"_blank">
The Voluntaryist</a> which now accepts Bitcoin.<br>
I also code for <a href=3D"http://dollarvigilante.com/" id=3D"m_-4458935732=
121320258LPlnk136274" class=3D"m_-4458935732121320258OWAAutoLink" target=3D=
"_blank">
The Dollar Vigilante</a>.<br>
"He ought to find it more profitable to play by the rules" - Sato=
shi Nakamoto</div>
</div>
</div>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br><br clear=3D"all"><br>-- <br><div class=3D"gmail_sig=
nature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">I like to provi=
de some work at no charge to prove my value. Do you need a techie?=C2=A0 <b=
r>I own <a href=3D"http://www.litmocracy.com" target=3D"_blank">Litmocracy<=
/a> and <a href=3D"http://www.memeracing.net" target=3D"_blank">Meme Racing=
</a> (in alpha). <br>I'm the webmaster for <a href=3D"http://www.volunt=
aryist.com" target=3D"_blank">The Voluntaryist</a> which now accepts Bitcoi=
n.<br>I also code for <a href=3D"http://dollarvigilante.com/" target=3D"_bl=
ank">The Dollar Vigilante</a>.<br>"He ought to find it more profitable=
to play by the rules" - Satoshi Nakamoto</div></div>
</div>
--0000000000002b13c4056cbccca5--
|