1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
|
Return-Path: <criley@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 452D589E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Aug 2017 18:55:57 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-it0-f46.google.com (mail-it0-f46.google.com
[209.85.214.46])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 150B146B
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Aug 2017 18:55:56 +0000 (UTC)
Received: by mail-it0-f46.google.com with SMTP id o19so171686ito.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 22 Aug 2017 11:55:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=PVDvu0Iqtpszk3ZOhp/qC9O1ZekZ+wtiLy2kasz6ltA=;
b=sTJ2n475Z10PrfeN3BnRQfJWGBB6/k6hSNSSLLTzJ3yWxWDo8RYXRWGmPSS+PRHlpb
LcDUUzo2tNxOVZ+CQ41RHpqlILtJqSCk7Cg4A1N0BwdbCabgusE8pktbagkaQMEiIb4P
p5eii6lSUZ+RDcgpeQLOzFX+EOd0dhe75isYHh6r0crKIBAuX95gObu2dBKGEOgrIYnw
/AzWaAcM5lNVX6l0xaUeHJEnwMG583FzS6ozJqUe+59opOzTCZQ+DUmEJCgMtQ3vrr9z
YBktij9fdAjGBdQKq2ANE5VCHETqngXsDa9RY4G3NSRYxEurKtEaEi1ysBt9Lk0RiiQV
Nohw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=PVDvu0Iqtpszk3ZOhp/qC9O1ZekZ+wtiLy2kasz6ltA=;
b=QItbB+gIkuKlQc+k0PEr0x1NlwJELK7m9LmRcOBkNJmaDXYkw3JLqsEimDjrMWH/DK
fiEa0tt9DMYopUUdYggD6YzS+5+hf7jHGcFiCwLEXIpPABJeH7uPa3/Ij295BZYCS4b0
efB765xnQnMSagQRKGyHS5nqqv00v7t0wHz5+bsyyTYWZXjprs6fh8SNJBiFtvKoAxJ5
96MSVY+yDS02fqhGpG0F1Q9ORb2iSXGtWY6rqspdthyrSQizmsXgbTtQTjKMxCUYcleN
D2s9pPlTbNECZL0nTDVJR/F3qfK5PwzOK9e/D7tNPiHZK1AiaJCC9b76MV/c0O9jOad6
kJUw==
X-Gm-Message-State: AHYfb5il++U0m4t2ytBIwmgfvRtAScR6PaSKfZLwPtp9tPhqrCsOXg2T
MACaCycwA9yYEHrA8g0yvsaPi539rw==
X-Received: by 10.36.196.139 with SMTP id v133mr755021itf.161.1503428156342;
Tue, 22 Aug 2017 11:55:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.102.194 with HTTP; Tue, 22 Aug 2017 11:55:15 -0700 (PDT)
In-Reply-To: <CALKSEdrQoQkW7gQF5k=HFqzq6txfXwPpw8ui5um9bp+gZKNonw@mail.gmail.com>
References: <CALKSEdq0CUKPY2u+WfAaWtg5nXYKCJzRnDbU2iMs8PQQSpPDGA@mail.gmail.com>
<CAL5BAw2GoQb3-R1Ybe581MbOQvx8wvT0bLoEQ29caNVJTFShmA@mail.gmail.com>
<CAJowKgJhN=Se=kqrFR_B4zJQGf3iBpM6hU+xeUN9eANsmVuwXQ@mail.gmail.com>
<4c39bee6-f419-2e36-62a8-d38171b15558@aei.ca>
<CALKSEdrQoQkW7gQF5k=HFqzq6txfXwPpw8ui5um9bp+gZKNonw@mail.gmail.com>
From: Chris Riley <criley@gmail.com>
Date: Tue, 22 Aug 2017 14:55:15 -0400
Message-ID: <CAL5BAw2Tv-=_j7nPL5a+M0zaPQEKBEP9U_oCLL1J6Gefmrrh=g@mail.gmail.com>
To: Matthew Beton <matthew.beton@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c05a70434473405575c258c"
X-Mailman-Approved-At: Tue, 22 Aug 2017 18:59:04 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] UTXO growth scaling solution proposal
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2017 18:55:57 -0000
--94eb2c05a70434473405575c258c
Content-Type: text/plain; charset="UTF-8"
The initial message I replied to stated in part, "Okay so I quite like this
idea. If we start removing at height 630000 or 840000 (gives us 4-8 years
to develop this solution), it stays nice and neat with the halving
interval...."
That is less than 3 years or less than 7 years away. Much sooner than it
is believed QC or Moore's law could impact bitcoin. Changing bitcoin so as
to require that early coins start getting "scavenged" at that date seems
unneeded and irresponsible. Besides, your ECDSA is only revealed when you
spend the coins which does provide some quantum resistance. Hal was just
an example of people putting their coins away expecting them to be there at
X years in the future, whether it is for himself or for his kids and wife.
:-)
On Tue, Aug 22, 2017 at 1:33 PM, Matthew Beton <matthew.beton@gmail.com>
wrote:
> Very true, if Moore's law is still functional in 200 years, computers will
> be 2^100 times faster (possibly more if quantum computing becomes
> commonplace), and so old wallets may be easily cracked.
>
> We will need a way to force people to use newer, higher security wallets,
> and turning coins to mining rewards is better solution than them just being
> hacked.
>
> On Tue, 22 Aug 2017, 7:24 pm Thomas Guyot-Sionnest <dermoth@aei.ca> wrote:
>
>> In any case when Hal Finney do not wake up from his 200years
>> cryo-preservation (because unfortunately for him 200 years earlier they did
>> not know how to preserve a body well enough to resurrect it) he would find
>> that advance in computer technology made it trivial for anyone to steal his
>> coins using the long-obsolete secp256k1 ec curve (which was done long
>> before, as soon as it became profitable to crack down the huge stash of
>> coins stale in the early blocks)
>>
>> I just don't get that argument that you can't be "your own bank". The
>> only requirement coming from this would be to move your coins about once
>> every 10 years or so, which you should be able to do if you have your
>> private keys (you should!). You say it may be something to consider when
>> computer breakthroughs makes old outputs vulnerable, but I say it's not
>> "if" but "when" it happens, and by telling firsthand people that their
>> coins requires moving every once in a long while you ensure they won't do
>> stupid things or come back 50 years from now and complain their addresses
>> have been scavenged.
>>
>> --
>> Thomas
>>
>>
>> On 22/08/17 10:29 AM, Erik Aronesty via bitcoin-dev wrote:
>>
>> I agree, it is only a good idea in the event of a quantum computing
>> threat to the security of Bitcoin.
>>
>> On Tue, Aug 22, 2017 at 9:45 AM, Chris Riley via bitcoin-dev <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> This seems to be drifting off into alt-coin discussion. The idea that
>>> we can change the rules and steal coins at a later date because they are
>>> "stale" or someone is "hoarding" is antithetical to one of the points of
>>> bitcoin in that you can no longer control your own money ("be your own
>>> bank") because someone can at a later date take your coins for some reason
>>> that is outside your control and solely based on some rationalization by a
>>> third party. Once the rule is established that there are valid reasons why
>>> someone should not have control of their own bitcoins, what other reasons
>>> will then be determined to be valid?
>>>
>>> I can imagine Hal Finney being revived (he was cryo-preserved at Alcor
>>> if you aren't aware) after 100 or 200 years expecting his coins to be there
>>> only to find out that his coins were deemed "stale" so were "reclaimed" (in
>>> the current doublespeak - e.g. stolen or confiscated). Or perhaps he
>>> locked some for his children and they are found to be "stale" before they
>>> are available. He said in March 2013, "I think they're safe enough" stored
>>> in a paper wallet. Perhaps any remaining coins are no longer "safe enough."
>>>
>>> Again, this seems (a) more about an alt-coin/bitcoin fork or (b) better
>>> in bitcoin-discuss at best vs bitcoin-dev. I've seen it discussed many
>>> times since 2010 and still do not agree with the rational that embracing
>>> allowing someone to steal someone else's coins for any reason is a useful
>>> change to bitcoin.
>>>
>>>
>>>
>>>
>>> On Tue, Aug 22, 2017 at 4:19 AM, Matthew Beton via bitcoin-dev <
>>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>>
>>>> Okay so I quite like this idea. If we start removing at height 630000
>>>> or 840000 (gives us 4-8 years to develop this solution), it stays nice and
>>>> neat with the halving interval. We can look at this like so:
>>>>
>>>> B - the current block number
>>>> P - how many blocks behind current the coin burning block is. (630000,
>>>> 840000, or otherwise.)
>>>>
>>>> Every time we mine a new block, we go to block (B-P), and check for
>>>> stale coins. These coins get burnt up and pooled into block B's miner fees.
>>>> This keeps the mining rewards up in the long term, people are less likely
>>>> to stop mining due to too low fees. It also encourages people to keep
>>>> moving their money around the enconomy instead of just hording and leaving
>>>> it.
>>>>
>>>
>>
--94eb2c05a70434473405575c258c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">The initial message I replied to stated in part, "Oka=
y so I quite like this idea. If we start removing at height 630000 or 84000=
0 (gives us 4-8 years to develop this solution), it stays nice and neat wit=
h the halving interval...."<div><br></div><div>That is less than 3 yea=
rs or less than 7 years =C2=A0away. Much sooner than it is believed QC or M=
oore's law could impact bitcoin.=C2=A0 Changing bitcoin so as to requir=
e that early coins start getting "scavenged" at that date seems u=
nneeded and irresponsible.=C2=A0 Besides, your ECDSA is only revealed when =
you spend the coins which does provide some quantum resistance.=C2=A0 Hal w=
as just an example of people putting their coins away expecting them to be =
there at X years in the future, whether it is for himself or for his kids a=
nd wife. =C2=A0</div><div><br></div><div>:-)</div><div><br></div><div><div>=
<br></div><div><br><div class=3D"gmail_extra"><div class=3D"gmail_quote">On=
Tue, Aug 22, 2017 at 1:33 PM, Matthew Beton <span dir=3D"ltr"><<a href=
=3D"mailto:matthew.beton@gmail.com" target=3D"_blank">matthew.beton@gmail.c=
om</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"marg=
in:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir=3D"ltr">V=
ery true, if Moore's law is still functional in 200 years, computers wi=
ll be 2^100 times faster (possibly more if quantum computing becomes common=
place), and so old wallets may be easily cracked.</p>
<p dir=3D"ltr">We will need a way to force people to use newer, higher secu=
rity wallets, and turning coins to mining rewards is better solution than t=
hem just being hacked.</p><div class=3D"HOEnZb"><div class=3D"h5">
<br><div class=3D"gmail_quote"><div dir=3D"ltr">On Tue, 22 Aug 2017, 7:24 p=
m Thomas Guyot-Sionnest <<a href=3D"mailto:dermoth@aei.ca" target=3D"_bl=
ank">dermoth@aei.ca</a>> wrote:<br></div><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=20
=20
=20
<div bgcolor=3D"#FFFFFF" text=3D"#000000">
In any case when Hal Finney do not wake up from his 200years
cryo-preservation (because unfortunately for him 200 years earlier
they did not know how to preserve a body well enough to resurrect
it) he would find that advance in computer technology made it
trivial for anyone to steal his coins using the long-obsolete
secp256k1 ec curve (which was done long before, as soon as it became
profitable to crack down the huge stash of coins stale in the early
blocks)<br>
<br>
I just don't get that argument that you can't be "your own=
bank".
The only requirement coming from this would be to move your coins
about once every 10 years or so, which you should be able to do if
you have your private keys (you should!). You say it may be
something to consider when computer breakthroughs makes old outputs
vulnerable, but I say it's not "if" but "when" =
it happens, and by
telling firsthand people that their coins requires moving every once
in a long while you ensure they won't do stupid things or come back
50 years from now and complain their addresses have been scavenged.<br>
<br>
--<br>
Thomas</div><div bgcolor=3D"#FFFFFF" text=3D"#000000"><br>
<br>
<div class=3D"m_3177413587481095407m_5030585918581810662moz-cite-prefix=
">On 22/08/17 10:29 AM, Erik Aronesty via
bitcoin-dev wrote:<br>
</div>
<blockquote type=3D"cite">
<div dir=3D"ltr">I agree, it is only a good idea in the event of a
quantum computing threat to the security of Bitcoin.=C2=A0=C2=A0 <b=
r>
</div>
<div class=3D"gmail_extra"><br>
<div class=3D"gmail_quote">On Tue, Aug 22, 2017 at 9:45 AM, Chris
Riley via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mailto:bit=
coin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.<wb=
r>linuxfoundation.org</a>></span>
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex">
<div dir=3D"ltr">This seems to be drifting off into alt-coin
discussion.=C2=A0 The idea that we can change the rules and
steal coins at a later date because they are "stale"=
; or
someone is "hoarding" is=C2=A0antithetical to one o=
f the points
of bitcoin in that you can no longer control your own
money ("be your own bank") because someone can at a=
later
date take your coins for some reason that is outside your
control and solely based on some rationalization by a
third party.=C2=A0 Once the rule is established that there ar=
e
valid reasons why someone should not have control of their
own bitcoins, what other reasons will then be determined
to be valid?
<div><br>
</div>
<div>I can imagine Hal Finney being revived (he was
cryo-preserved at Alcor if you aren't aware) after 100
or 200 years expecting his coins to be there only to
find out that his coins were deemed "stale" so we=
re
"reclaimed" (in the current doublespeak - e.g. st=
olen or
confiscated).=C2=A0 Or perhaps he locked some for his
children and they are found to be "stale" before =
they
are available.=C2=A0 He said in March 2013, "I think t=
hey're
safe enough" stored in a paper wallet.=C2=A0 Perhaps a=
ny
remaining coins are no longer "safe enough."<br>
<div><br>
</div>
<div>Again, this seems (a) more about an
alt-coin/bitcoin fork or (b) better in bitcoin-discuss
at best vs bitcoin-dev. I've seen it discussed many
times since 2010 and still do not agree with the
rational that embracing allowing someone to steal
someone else's coins for any reason is a useful chang=
e
to bitcoin.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
<div class=3D"gmail_extra"><br>
<div class=3D"gmail_quote">
<div>
<div class=3D"m_3177413587481095407m_5030585918581810662h=
5">On Tue, Aug 22, 2017 at 4:19 AM,
Matthew Beton via bitcoin-dev <span dir=3D"ltr"><<a =
href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bit=
coin-dev@lists.<wbr>linuxfoundation.org</a>></span>
wrote:<br>
</div>
</div>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8e=
x;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class=3D"m_3177413587481095407m_503058591858181066=
2h5"><span>Okay so I quite like this
idea. If we start removing at height 630000 or
840000 (gives us 4-8 years to develop this
solution), it stays nice and neat with the
halving interval. We can look at this like so:</spa=
n><br>
<br>
<span>B - the current block number</span><br>
<span>P - how many blocks behind current the coin
burning block is. (630000, 840000, or
otherwise.)</span><br>
<br>
<span>Every time we mine a new block, we go to
block (B-P), and check for stale coins. These
coins get burnt up and pooled into block B's
miner fees. This keeps the mining rewards up in
the long term, people are less likely to stop
mining due to too low fees. It also encourages
people to keep moving their money around the
enconomy instead of just hording and leaving it.</s=
pan>
<br>
</div>
</div>
<span></span></blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
</div></blockquote></div>
</div></div></blockquote></div><br></div></div></div></div>
--94eb2c05a70434473405575c258c--
|
