Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 94C99728 for ; Tue, 22 Aug 2017 17:26:59 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail001.aei.ca (mail001.aei.ca [206.123.6.130]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1A2B71F9 for ; Tue, 22 Aug 2017 17:24:37 +0000 (UTC) Received: (qmail 17382 invoked by uid 89); 22 Aug 2017 17:24:13 -0000 Received: by simscan 1.2.0 ppid: 17369, pid: 17376, t: 0.0124s scanners: regex: 1.2.0 attach: 1.2.0 Received: from mail002.aei.ca (HELO mail002.contact.net) (206.123.6.132) by mail001.aei.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 22 Aug 2017 17:24:13 -0000 Received: (qmail 12705 invoked by uid 89); 22 Aug 2017 17:24:12 -0000 Received: by simscan 1.2.0 ppid: 12674, pid: 12677, t: 7.0201s scanners: regex: 1.2.0 attach: 1.2.0 clamav: 0.97.8/m: spam: 3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE, RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD autolearn=unavailable version=3.3.1 Received: from dsl-66-36-135-64.mtl.aei.ca (HELO ?192.168.67.200?) (dermoth@66.36.135.64) by mail.aei.ca with ESMTPA; 22 Aug 2017 17:24:05 -0000 To: Erik Aronesty , Bitcoin Protocol Discussion , Chris Riley References: From: Thomas Guyot-Sionnest Message-ID: <4c39bee6-f419-2e36-62a8-d38171b15558@aei.ca> Date: Tue, 22 Aug 2017 13:24:05 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------41083E743324EA1092F15B2A" X-Mailman-Approved-At: Tue, 22 Aug 2017 17:29:22 +0000 Cc: Matthew Beton Subject: Re: [bitcoin-dev] UTXO growth scaling solution proposal X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Aug 2017 17:26:59 -0000 This is a multi-part message in MIME format. --------------41083E743324EA1092F15B2A Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable In any case when Hal Finney do not wake up from his 200years cryo-preservation (because unfortunately for him 200 years earlier they did not know how to preserve a body well enough to resurrect it) he would find that advance in computer technology made it trivial for anyone to steal his coins using the long-obsolete secp256k1 ec curve (which was done long before, as soon as it became profitable to crack down the huge stash of coins stale in the early blocks) I just don't get that argument that you can't be "your own bank". The only requirement coming from this would be to move your coins about once every 10 years or so, which you should be able to do if you have your private keys (you should!). You say it may be something to consider when computer breakthroughs makes old outputs vulnerable, but I say it's not "if" but "when" it happens, and by telling firsthand people that their coins requires moving every once in a long while you ensure they won't do stupid things or come back 50 years from now and complain their addresses have been scavenged. -- Thomas On 22/08/17 10:29 AM, Erik Aronesty via bitcoin-dev wrote: > I agree, it is only a good idea in the event of a quantum computing > threat to the security of Bitcoin. =20 > > On Tue, Aug 22, 2017 at 9:45 AM, Chris Riley via bitcoin-dev > > wrote: > > This seems to be drifting off into alt-coin discussion. The idea > that we can change the rules and steal coins at a later date > because they are "stale" or someone is "hoarding" is antithetical > to one of the points of bitcoin in that you can no longer control > your own money ("be your own bank") because someone can at a later > date take your coins for some reason that is outside your control > and solely based on some rationalization by a third party. Once > the rule is established that there are valid reasons why someone > should not have control of their own bitcoins, what other reasons > will then be determined to be valid? > > I can imagine Hal Finney being revived (he was cryo-preserved at > Alcor if you aren't aware) after 100 or 200 years expecting his > coins to be there only to find out that his coins were deemed > "stale" so were "reclaimed" (in the current doublespeak - e.g. > stolen or confiscated). Or perhaps he locked some for his > children and they are found to be "stale" before they are > available. He said in March 2013, "I think they're safe enough" > stored in a paper wallet. Perhaps any remaining coins are no > longer "safe enough." > > Again, this seems (a) more about an alt-coin/bitcoin fork or (b) > better in bitcoin-discuss at best vs bitcoin-dev. I've seen it > discussed many times since 2010 and still do not agree with the > rational that embracing allowing someone to steal someone else's > coins for any reason is a useful change to bitcoin. > > > > > On Tue, Aug 22, 2017 at 4:19 AM, Matthew Beton via bitcoin-dev > > wrote: > > Okay so I quite like this idea. If we start removing at height > 630000 or 840000 (gives us 4-8 years to develop this > solution), it stays nice and neat with the halving interval. > We can look at this like so: > > B - the current block number > P - how many blocks behind current the coin burning block is. > (630000, 840000, or otherwise.) > > Every time we mine a new block, we go to block (B-P), and > check for stale coins. These coins get burnt up and pooled > into block B's miner fees. This keeps the mining rewards up in > the long term, people are less likely to stop mining due to > too low fees. It also encourages people to keep moving their > money around the enconomy instead of just hording and leaving i= t. > --------------41083E743324EA1092F15B2A Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit In any case when Hal Finney do not wake up from his 200years cryo-preservation (because unfortunately for him 200 years earlier they did not know how to preserve a body well enough to resurrect it) he would find that advance in computer technology made it trivial for anyone to steal his coins using the long-obsolete secp256k1 ec curve (which was done long before, as soon as it became profitable to crack down the huge stash of coins stale in the early blocks)

I just don't get that argument that you can't be "your own bank". The only requirement coming from this would be to move your coins about once every 10 years or so, which you should be able to do if you have your private keys (you should!). You say it may be something to consider when computer breakthroughs makes old outputs vulnerable, but I say it's not "if" but "when" it happens, and by telling firsthand people that their coins requires moving every once in a long while you ensure they won't do stupid things or come back 50 years from now and complain their addresses have been scavenged.

--
Thomas

On 22/08/17 10:29 AM, Erik Aronesty via bitcoin-dev wrote:
I agree, it is only a good idea in the event of a quantum computing threat to the security of Bitcoin.  

On Tue, Aug 22, 2017 at 9:45 AM, Chris Riley via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
This seems to be drifting off into alt-coin discussion.  The idea that we can change the rules and steal coins at a later date because they are "stale" or someone is "hoarding" is antithetical to one of the points of bitcoin in that you can no longer control your own money ("be your own bank") because someone can at a later date take your coins for some reason that is outside your control and solely based on some rationalization by a third party.  Once the rule is established that there are valid reasons why someone should not have control of their own bitcoins, what other reasons will then be determined to be valid?

I can imagine Hal Finney being revived (he was cryo-preserved at Alcor if you aren't aware) after 100 or 200 years expecting his coins to be there only to find out that his coins were deemed "stale" so were "reclaimed" (in the current doublespeak - e.g. stolen or confiscated).  Or perhaps he locked some for his children and they are found to be "stale" before they are available.  He said in March 2013, "I think they're safe enough" stored in a paper wallet.  Perhaps any remaining coins are no longer "safe enough."

Again, this seems (a) more about an alt-coin/bitcoin fork or (b) better in bitcoin-discuss at best vs bitcoin-dev. I've seen it discussed many times since 2010 and still do not agree with the rational that embracing allowing someone to steal someone else's coins for any reason is a useful change to bitcoin.




On Tue, Aug 22, 2017 at 4:19 AM, Matthew Beton via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Okay so I quite like this idea. If we start removing at height 630000 or 840000 (gives us 4-8 years to develop this solution), it stays nice and neat with the halving interval. We can look at this like so:

B - the current block number
P - how many blocks behind current the coin burning block is. (630000, 840000, or otherwise.)

Every time we mine a new block, we go to block (B-P), and check for stale coins. These coins get burnt up and pooled into block B's miner fees. This keeps the mining rewards up in the long term, people are less likely to stop mining due to too low fees. It also encourages people to keep moving their money around the enconomy instead of just hording and leaving it.

--------------41083E743324EA1092F15B2A--