[Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Adam Back
So in a previous mail I described a simple, extremely efficient and easy to implement symmetric key commitment that is unlinkable until reveal time (at bottom). I think this can help improve the byzantine generals problem, that bitcoin only defends to simple majority (with one vote per CPU

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Peter Todd
On Wed, May 15, 2013 at 12:25:09PM +0200, Adam Back wrote: Protocols aren't set in stone - any attacker that controls enough hashing power to pose a 51% attack can simply demand that you use a Bitcoin client modified to provide the attack with the full transactions from the beginning. Any blocks

[Bitcoin-development] 2BTC reward for making probabalistic double-spending via conflicting transactions easy

2013-05-15 Thread Peter Todd
Now that I have the replace-by-fee reward, I might as well spread the wealth a bit. So for all this discussion about replace-by-fee and the supposed security of zero-conf transactions, no-one seems to think much about how in practice very few vendors have a setup to detect if conflicting

Re: [Bitcoin-development] 2BTC reward for making probabalistic double-spending via conflicting transactions easy

2013-05-15 Thread Peter Todd
On Wed, May 15, 2013 at 07:38:27AM -0400, Peter Todd wrote: So I'm offering 2BTC for anyone who comes up with a nice and easy to use command line tool that lets you automagically create one version of the transaction sending the coins to the desired recipient, and another version sending all

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Caleb James DeLisle
I can't see this working, if 51% of the mining power doesn't like your coins, when you create the commitment they will reject it. If the commitment is opaque at the time of inclusion in the block then I will create multiple commitments and then after revealing the commitment and spend to you I

Re: [Bitcoin-development] 2BTC reward for making probabalistic double-spending via conflicting transactions easy

2013-05-15 Thread Melvin Carvalho
On 15 May 2013 13:38, Peter Todd p...@petertodd.org wrote: Now that I have the replace-by-fee reward, I might as well spread the wealth a bit. So for all this discussion about replace-by-fee and the supposed security of zero-conf transactions, no-one seems to think much about how in

[Bitcoin-development] double-spend deletes (or converts to fees) (Re: reward for making probabalistic double-spending via conflicting transactions easy)

2013-05-15 Thread Adam Back
On Wed, May 15, 2013 at 07:38:27AM -0400, Peter Todd wrote: no-one seems to think much about how in practice very few vendors have a setup to detect if conflicting transactions were broadcast on the network simultaneously - after all if that is the case which transaction gets mined is up to

Re: [Bitcoin-development] 2BTC reward for making probabalistic double-spending via conflicting transactions easy

2013-05-15 Thread Alan Reiner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You can do this right now, with Armory. If you switch Armory to Expert usermode, you can combine coin-control with unsigned transactions to do exactly this. It's because Armory doesn't lock coins used in previous unsigned transactions, until

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Adam Back
On Wed, May 15, 2013 at 08:40:59AM -0400, Caleb James DeLisle wrote: If the commitment is opaque at the time of inclusion in the block then I will create multiple commitments and then after revealing the commitment and spend to you I will reveal the earlier commitment which commits the coins to an

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Caleb James DeLisle
On 05/15/2013 12:21 PM, Adam Back wrote: On Wed, May 15, 2013 at 08:40:59AM -0400, Caleb James DeLisle wrote: If the commitment is opaque at the time of inclusion in the block then I will create multiple commitments and then after revealing the commitment and spend to you I will reveal the

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Adam Back
btw I posted some of this thread on the dev forum: https://bitcointalk.org/index.php?topic=206303.msg2157994#msg2157994 A related idea is occuring to me that maybe these committed transactions could actually as a side effect make bitcoin scale slightly better by reducing the p2p flood filled

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Gregory Maxwell
On Wed, May 15, 2013 at 6:24 PM, Gavin gavinandre...@gmail.com wrote: Busy with pre-conference stuff, not following details of this conversation... ... but it sounds a lot like the guy fawkes protocol Zooko was thinking about a year or so ago. Sort of, but in a guy fawkes signature you use

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Mike Hearn
Conceptually it sounds a lot like ZeroCoin (not in implementation)? I'm not really convinced miner cartels that try to exclude transactions are likely to be a big deal, but such schemes could I suppose be kept in a back pocket in case one day I'm proven wrong. On Wed, May 15, 2013 at 6:39 PM,

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Gregory Maxwell
On Wed, May 15, 2013 at 7:22 PM, Mike Hearn m...@plan99.net wrote: Conceptually it sounds a lot like ZeroCoin (not in implementation)? Zerocoin conceals the connection from everyone forever, assuming the underlying trapdoor problem is computational infeasible, but at great cost. Adamcoin,

Re: [Bitcoin-development] blind symmetric commitment for stronger byzantine voting resilience (Re: bitcoin taint unilateral revocability)

2013-05-15 Thread Caleb James DeLisle
Not only does the size of the proof grow endlessly as the coin is passed around, the size of the UTXO set grows endlessly as more and more of the already spent coins cannot be proven to have been spent because the proofs are passed out-of-band. I never said the idea was good, just interesting :)