Re: [Bitcoin-development] Message Signing based authentication

> But where are the private keys stored? Crypto in the browser with help, but although they will expose ECC via the NSS, I dont think bitcoin's particular curve will be supported, because it's not NIST approved. If the use case was presented though, they may add it. Trezor, my friend. Slush Sent

[Bitcoin-development] [ANN] High-speed Bitcoin Relay Network

Recently, there has been a reasonable amount of discussion about the continued fragility of the public Bitcoin network on IRC and elsewhere (1). To this extent, I'm organizing a system of peering between nodes in the network by creating a system of high-speed relay nodes for miners and merchants/ex

[Bitcoin-development] we can all relax now

One of the things that really gets me going is when someone devises a model, tests it against itself, and then pretends that they've learned something about the real world. Naturally, the Selfish Mining paper is exactly this sort of nonsense. Their model is one with no latency, and one where t

Re: [Bitcoin-development] Message Signing based authentication

On 2 November 2013 22:14, Johnathan Corgan wrote: > On 11/01/2013 10:01 PM, bitcoingr...@gmx.com wrote: > > > Server provides a token for the client to sign. > > Anyone else concerned about signing an arbitrary string? Could be a > hash of $EVIL_DOCUMENT, no? I'd want to XOR the string with my

Re: [Bitcoin-development] Message Signing based authentication

On 2 November 2013 22:57, slush wrote: > Glad to see that there are more and more people wanting to replace > passwords with digital signatures. > > Although such method has been already used on other websites like Eligius > or bitcoin-otc, I dont think theres any standard way to doing so yet. >

Re: [Bitcoin-development] Possible Solution To SM Attack

> The Problem: > Say Alice built a block, A1, from previous block 0. She doesn't let > other miners know about it. She then works on A2 with previous block > A1. Bob on the other hand is still working on B1 with previous block > 0. Bob now finds a block and he broadcasts it. The assumption here is

Re: [Bitcoin-development] Possible Solution To SM Attack

On 11/05/2013 08:03 PM, Drak wrote: On 5 November 2013 22:07, Quinn Harris > wrote: I don't think choosing the block with the lowest hash is the best option. The good and bad miners have an equal probability of finding a lower hash. But after Alice

Re: [Bitcoin-development] Possible Solution To SM Attack

> What do you think? > I would like to be convinced that there is, actually, a real-world problem before thinking about potential solutions. I'd like to see more analysis of the proposed selfish-mining algorithm at a particular share-of-network and gamma=0 (assume second-broadcast blocks always l

Re: [Bitcoin-development] Possible Solution To SM Attack

On 5 November 2013 23:06, Gregory Maxwell wrote: > On Tue, Nov 5, 2013 at 2:15 PM, Drak wrote: > > If I understand the issue properly, this seems like a pretty elegant > > solution: if two blocks are broadcast within a certain period of > eachother, > > chose the lower target. That's a provable

Re: [Bitcoin-development] Possible Solution To SM Attack

On Tue, Nov 5, 2013 at 2:15 PM, Drak wrote: > If I understand the issue properly, this seems like a pretty elegant > solution: if two blocks are broadcast within a certain period of eachother, > chose the lower target. That's a provable fair way of randomly choosing the > winning block and would s

Re: [Bitcoin-development] Possible Solution To SM Attack

On 5 November 2013 22:07, Quinn Harris wrote: > I don't think choosing the block with the lowest hash is the best > option. The good and bad miners have an equal probability of finding a > lower hash. But after Alice finds a block she can easily determine the > probability that someone else wil

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 5, 2013 at 1:57 PM, Jeremy Spilman wrote: > I think it's a stretch to say 'y' is 0 with good connectivity. Even the > best connected mining pools today are concerned with this 'y' factor. > Check out the following paper for the effect a single node can have on propagation, and on th

Re: [Bitcoin-development] Possible Solution To SM Attack

On 5 November 2013 20:51, wrote: > Possible Solution: > If N amount of blocks built of the same previous block are received within > a time frame of T mine on the block with the lowest hash. > > Logic: > In order for Alice to pull of this attack she not only has to propagate > her blocks first sh

Re: [Bitcoin-development] Possible Solution To SM Attack

I don't think choosing the block with the lowest hash is the best option. The good and bad miners have an equal probability of finding a lower hash. But after Alice finds a block she can easily determine the probability that someone else will find a lower hash value that meets the difficulty

[Bitcoin-development] Possible Solution To SM Attack

Preliminary: Alice has the ability to hear of a block before all other miners do. The Problem: Say Alice built a block, A1, from previous block 0. She doesn't let other miners know about it. She then works on A2 with previous block A1. Bob on the other hand is still working on B1 with previous b

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 05, 2013 at 12:43:15PM -0500, Ittay wrote: > On Tue, Nov 5, 2013 at 12:14 PM, Peter Todd wrote: > > > On Tue, Nov 05, 2013 at 12:05:41PM -0500, Peter Todd wrote: > > > On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote: > > > > Oh, and I don't want to give the wrong impression: the

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

The conversations that spawned from this paper have been fascinating to read, but I have a problem with the conclusions. To quote the paper: "The Bitcoin ecosystem is open to manipulation, and potential takeover, by miners seeking to maximize their rewards. This paper presented Selfish-Mine, a

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

Great paper Ittay, thanks for all your work on this.  Today the threshold is 0% with good connectivity. Fig. 2 captures this well, the threshold is only zero if 'y' is 1. In Section 6 and 6.1 you argue y -> 1 but the sybil attack you describe, isn't that more like how *all* sophisticated miners w

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 5, 2013 at 1:55 PM, Alessandro Parisi wrote: > this means that anytime a bug is found in Bitcoin protocol, chances are that > it would take a lot more time to get fixed Correct. There is significant potential that a fix can create other problems... and any major mistake could insta

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

Thank you very much for your fair response, Sir; this means that anytime a bug is found in Bitcoin protocol, chances are that it would take a lot more time to get fixed 2013/11/5 Jeff Garzik > On Tue, Nov 5, 2013 at 1:07 PM, Alessandro Parisi > wrote: > > I agree with Ittay: when bugs are foun

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 5, 2013 at 1:07 PM, Alessandro Parisi wrote: > I agree with Ittay: when bugs are found, they must be fixed ASAP, expecially > when they affect a sensitive sw such as Bitcon; in IT security, every flaw > that is exploitable in abstract, is going to be exploited in real, sooner or > late

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

Patrick, could you please explain us why the solution proposed by Ittay would drop the actual honest miners ratio, becoming so backfire? Thanks a lot 2013/11/5 Patrick > The ratio of honest miners that mine the first block they see is > 0.5 > > Your proposed solution would reduce that ratio to

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

I agree with Ittay: when bugs are found, they must be fixed ASAP, expecially when they affect a sensitive sw such as Bitcon; in IT security, every flaw that is exploitable in abstract, is going to be exploited in real, sooner or later, also taking into account the increasing parallel computing powe

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

The ratio of honest miners that mine the first block they see is > 0.5 Your proposed solution would reduce that ratio to 0.5 In other words your proposed change would make the attack you describe easier not harder. On 11/05/2013 09:26 AM, Ittay wrote: > That sounds like selfish mining, and the m

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 5, 2013 at 6:43 PM, Ittay wrote: > The attack can be easily hidden. And be sure that before today, today, > and after today, very smart people are at their computer planning attacks > on Bitcoin. Exploits must be published and fixed FAST. > I think it would be helpful if you actually

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 5, 2013 at 12:14 PM, Peter Todd wrote: > On Tue, Nov 05, 2013 at 12:05:41PM -0500, Peter Todd wrote: > > On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote: > > Oh, and I don't want to give the wrong impression: there's no need to > rush to get this problem fixed. Even if someone w

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

That sounds like selfish mining, and the magic number is 25%. That's the minimal pool size. Today the threshold is 0% with good connectivity. If I misunderstood your point, please elaborate. Ittay On Tue, Nov 5, 2013 at 12:05 PM, Peter Todd wrote: > On Tue, Nov 05, 2013 at 11:56:53AM -0500,

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 05, 2013 at 12:05:41PM -0500, Peter Todd wrote: > On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote: > > Hello, > > > > Please see below our BIP for raising the selfish mining threshold. > > Looking forward to your comments. > > > > > 2. No new vulnerabilities introduced: > > Cu

Re: [Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

On Tue, Nov 05, 2013 at 11:56:53AM -0500, Ittay wrote: > Hello, > > Please see below our BIP for raising the selfish mining threshold. > Looking forward to your comments. > 2. No new vulnerabilities introduced: > Currently the choice among equal-length chains is done arbitrarily, > depending on

[Bitcoin-development] BIP proposal - patch to raise selfish mining threshold.

Hello, Please see below our BIP for raising the selfish mining threshold. Looking forward to your comments. Best, Ittay --- Bitcoin Improvement Proposal Owners: Ittay Eyal and Emin Gun Sirer We suggest a change in the propagation and mining algorithm for chains of the same difficulty, to rais